Skip to content

chore(deps-dev): bump the development-dependencies group with 3 updates #280

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 6, 2025
Merged

chore(deps-dev): bump the development-dependencies group with 3 updates #280

merged 1 commit into from
Oct 6, 2025
+797 −1,026

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 3, 2025

Bumps the development-dependencies group with 3 updates: firebase-tools, lerna and lint-staged.

Updates firebase-tools from 14.17.0 to 14.18.0

Release notes

Sourced from firebase-tools's releases.

v14.18.0

  • Fixed an issue with deploying indexes to Firestore Enterprise edition databases where explicit __name__ fields could be incorrectly handled.
  • Graduated the MCP server from experiemental, and renamed the experimental:mcp command to mcp. The old name is now an alias.
  • Consolidated some MCP tools to reduce the total number presented to LLMs.
  • Renamed some MCP tools for clarity.
  • Renamed the deploy MCP prompt to firebase_deploy for consistency.
  • Added a firebase_read_resources MCP tool which can be used by LLMs to fetch guides or docs via firebase:// links.
  • Added a new /firebase:init MCP prompt which can guide you through setting up backend services or Firebase AI logic for your app.
  • firebase_update_environment MCP tool supports accepting Gemini in Firebase Terms of Service.
  • Fixed a bug when firebase init dataconnect failed to create a React app when launched from VS Code extension (#9171).
  • Added seed_data.gql to Data Connect's initial movie template (#9232).
  • firebase dataconnect:sql:migrate now supports Cloud SQL instances with only private IPs. The command must be run in the same VPC of the instance to work. (##9200)
  • CloudSQL instances created with firebase deploy now default to Postgres 17.
  • Improved the clarity of the firebase apptesting:execute command when you have zero or multiple apps.
  • Fixed an issue where firebase deploy --only firestore would fail with 403 errors on projects that never had a database created.
  • Fixed an issue where deploying multiple Hosting sites with Functions could encounter a race condition (#9235).
  • Updated the Data Connect local dev toolkit to 2.14.0, which includes the following changes:
    • Fixed a bug where @​default(value) and @​default(expr) is not validated on enum fields.
    • JS/Kotlin codegen: Issue where if no response type was generated, generation would crash.
    • Dart codegen: Fixed issue where if field name doesn't match name of enum, compilation breaks
    • Dart codegen: Override == to allow for equality between data classes.
Commits

Updates lerna from 8.2.3 to 9.0.0

Release notes

Sourced from lerna's releases.

v9.0.0

9.0.0 (2025-09-23)

Bug Fixes

  • publish: ensure README file names are populated on package.json (#4211) (362875d)

Features

  • support OIDC trusted publishing (d51e344)

OIDC trusted publishing is now supported by Lerna with no specification configuration required.

BREAKING CHANGES

After updating we strongly recommend running lerna repair in your project. This will migrate your lerna.json to the latest and greatest and remove any outdated options.

As this is a major release there are a few breaking changes to be aware of, which may or may not affect your lerna repos, depending on how you are using the tool.

  • node v18 support is dropped because it is end of life

When a node version becomes end of life (EOL) it means that it does not receive any updates or maintenance whatsoever, even if critical security vulnerabilities have been uncovered.

We strongly encourage all folks here to keep up with the maintenance LTS version of Node at an absolute minimum:

https://github.com/nodejs/release#release-schedule

The versions of node supported by lerna are now ^20.19.0 || ^22.12.0 || >=24.0.0.

  • The @​lerna/legacy-package-management package has been formally removed after 2 years of deprecation.

If you are still using lerna add, lerna bootstrap or lerna link commands, please migrate to using your package manager's long-supported workspaces feature. The updated guide should help with this https://lerna.js.org/docs/legacy-package-management**

v8.2.4

8.2.4 (2025-07-27)

Bug Fixes

Features

  • version: update workspace specifiers in peerDependencies (#4203) (45e00ce)
Changelog

Sourced from lerna's changelog.

9.0.0 (2025-09-23)

Bug Fixes

  • publish: ensure README file names are populated on package.json (#4211) (362875d)

Features

  • support OIDC trusted publishing (d51e344)

OIDC trusted publishing is now supported by Lerna with no specification configuration required.

BREAKING CHANGES

After updating we strongly recommend running lerna repair in your project. This will migrate your lerna.json to the latest and greatest and remove any outdated options.

As this is a major release there are a few breaking changes to be aware of, which may or may not affect your lerna repos, depending on how you are using the tool.

  • node v18 support is dropped because it is end of life

When a node version becomes end of life (EOL) it means that it does not receive any updates or maintenance whatsoever, even if critical security vulnerabilities have been uncovered.

We strongly encourage all folks here to keep up with the maintenance LTS version of Node at an absolute minimum:

https://github.com/nodejs/release#release-schedule

The versions of node supported by lerna are now ^20.19.0 || ^22.12.0 || >=24.0.0.

  • The @​lerna/legacy-package-management package has been formally removed after 2 years of deprecation.

If you are still using lerna add, lerna bootstrap or lerna link commands, please migrate to using your package manager's long-supported workspaces feature. The updated guide should help with this https://lerna.js.org/docs/legacy-package-management**

8.2.4 (2025-07-27)

Bug Fixes

Commits
  • 4c547b7 chore: publish v9.0.0
  • d51e344 feat: support OIDC trusted publishing
  • 96095e2 feat!: drop EOL node 18, modernize dependencies, node now "^20.19.0 || ^22.12...
  • cf0f8e0 feat!: remove @​lerna/legacy-package-management after 2 years of deprecation
  • a53a6dd refactor: use native object spreading (#4216)
  • d2ced36 chore: update uuid to v11 (#4213)
  • 61e4bc2 chore(misc): publish 8.2.4
  • 8211512 fix: remove all remaining lodash usage (#4207)
  • See full diff in compare view

Updates lint-staged from 15.5.0 to 16.2.3

Release notes

Sourced from lint-staged's releases.

v16.2.3

Patch Changes

  • #1669 27cd541 Thanks @​iiroj! - When using --fail-on-changes, automatically hidden (partially) unstaged changes are no longer counted to make lint-staged fail.

v16.2.2

Patch Changes

  • #1667 699f95d Thanks @​iiroj! - The backup stash will not be dropped when using --fail-on-changes and there are errors. When reverting to original state is disabled (via --no-revert or --fail-on-changes), hidden (partially) unstaged changes are still restored automatically so that it's easier to resolve the situation manually.

    Additionally, the example for using the backup stash manually now uses the correct backup hash, if available:

    % npx lint-staged --fail-on-changes
✔ Backed up original state in git stash (c18d55a3)
✔ Running tasks for staged files...
✖ Tasks modified files and --fail-on-changes was used!
↓ Cleaning up temporary files...
✖ lint-staged failed because --fail-on-changes was used.
Any lost modifications can be restored from a git stash:
> git stash list --format="%h %s"
c18d55a3 On main: lint-staged automatic backup
> git apply --index c18d55a3

v16.2.1

Patch Changes

  • #1664 8277b3b Thanks @​iiroj! - The built-in TypeScript types have been updated to more closely match the implementation. Notably, the list of staged files supplied to task functions is readonly string[] and can't be mutated. Thanks @​outslept!

    export default {
---  "*": (files: string[]) => void console.log('staged files', files)
+++  "*": (files: readonly string[]) => void console.log('staged files', files)
}

  • #1654 70b9af3 Thanks @​iiroj! - This version has been published from GitHub Actions using Trusted Publishing for npm packages.

  • #1659 4996817 Thanks @​iiroj! - Fix searching configuration files when the working directory is a subdirectory of a git repository, and there are package.json files in the working directory. This situation might happen when running lint-staged for a single package in a monorepo.

  • #1654 7021f0a Thanks @​iiroj! - Return the caret semver range (^) to direct dependencies so that future patch and minor versions are allowed. This enables projects to better maintain and deduplicate their own transitive dependencies while not requiring direct updates to lint-staged. This was changed in 16.2.0 after the vulnerability issues with chalk and debug, which were also removed in the same version.

    Given the recent vulnerabilities in the npm ecosystem, it's best to be very careful when updating dependencies.

v16.2.0

Minor Changes

... (truncated)

Changelog

Sourced from lint-staged's changelog.

16.2.3

Patch Changes

  • #1669 27cd541 Thanks @​iiroj! - When using --fail-on-changes, automatically hidden (partially) unstaged changes are no longer counted to make lint-staged fail.

16.2.2

Patch Changes

  • #1667 699f95d Thanks @​iiroj! - The backup stash will not be dropped when using --fail-on-changes and there are errors. When reverting to original state is disabled (via --no-revert or --fail-on-changes), hidden (partially) unstaged changes are still restored automatically so that it's easier to resolve the situation manually.

    Additionally, the example for using the backup stash manually now uses the correct backup hash, if available:

    % npx lint-staged --fail-on-changes
✔ Backed up original state in git stash (c18d55a3)
✔ Running tasks for staged files...
✖ Tasks modified files and --fail-on-changes was used!
↓ Cleaning up temporary files...
✖ lint-staged failed because --fail-on-changes was used.
Any lost modifications can be restored from a git stash:
> git stash list --format="%h %s"
c18d55a3 On main: lint-staged automatic backup
> git apply --index c18d55a3

16.2.1

Patch Changes

  • #1664 8277b3b Thanks @​iiroj! - The built-in TypeScript types have been updated to more closely match the implementation. Notably, the list of staged files supplied to task functions is readonly string[] and can't be mutated. Thanks @​outslept!

    export default {
---  "*": (files: string[]) => void console.log('staged files', files)
+++  "*": (files: readonly string[]) => void console.log('staged files', files)
}

  • #1654 70b9af3 Thanks @​iiroj! - This version has been published from GitHub Actions using Trusted Publishing for npm packages.

  • #1659 4996817 Thanks @​iiroj! - Fix searching configuration files when the working directory is a subdirectory of a git repository, and there are package.json files in the working directory. This situation might happen when running lint-staged for a single package in a monorepo.

  • #1654 7021f0a Thanks @​iiroj! - Return the caret semver range (^) to direct dependencies so that future patch and minor versions are allowed. This enables projects to better maintain and deduplicate their own transitive dependencies while not requiring direct updates to lint-staged. This was changed in 16.2.0 after the vulnerability issues with chalk and debug, which were also removed in the same version.

    Given the recent vulnerabilities in the npm ecosystem, it's best to be very careful when updating dependencies.

... (truncated)

Commits
  • bdcd03a chore(changeset): release
  • 27cd541 fix: do not count hidden (partially) unstaged changes when using `--fail-on-c...
  • ab2f42e fix: emit correct value to debug logs
  • 3fc5832 refactor: make general error messages more clear they originate from lint-staged
  • 409d79a chore(changeset): release
  • 7edaee9 docs: fix typo in changeset
  • 699f95d fix: backup stash example uses real hash if available
  • 47d01a9 fix: print backup stash example when failing to --fail-on-changes
  • 325dc03 fix: restore unstaged changes on errors when --fail-on-errors or `--no-reve...
  • 53bb27b fix: do not drop backup stash when errors and --fail-on-changes was used
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for lint-staged since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps-dev): bump the development-dependencies group with 3 updates
ea4af15 
Bumps the development-dependencies group with 3 updates: [firebase-tools](https://github.com/firebase/firebase-tools), [lerna](https://github.com/lerna/lerna/tree/HEAD/packages/lerna) and [lint-staged](https://github.com/lint-staged/lint-staged).


Updates `firebase-tools` from 14.17.0 to 14.18.0
- [Release notes](https://github.com/firebase/firebase-tools/releases)
- [Changelog](https://github.com/firebase/firebase-tools/blob/master/CHANGELOG.md)
- [Commits](firebase/firebase-tools@v14.17.0...v14.18.0)

Updates `lerna` from 8.2.3 to 9.0.0
- [Release notes](https://github.com/lerna/lerna/releases)
- [Changelog](https://github.com/lerna/lerna/blob/main/packages/lerna/CHANGELOG.md)
- [Commits](https://github.com/lerna/lerna/commits/v9.0.0/packages/lerna)

Updates `lint-staged` from 15.5.0 to 16.2.3
- [Release notes](https://github.com/lint-staged/lint-staged/releases)
- [Changelog](https://github.com/lint-staged/lint-staged/blob/main/CHANGELOG.md)
- [Commits](lint-staged/lint-staged@v15.5.0...v16.2.3)

---
updated-dependencies:
- dependency-name: firebase-tools
  dependency-version: 14.18.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: development-dependencies
- dependency-name: lerna
  dependency-version: 9.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: development-dependencies
- dependency-name: lint-staged
  dependency-version: 16.2.3
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: development-dependencies
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Oct 3, 2025
@dependabot dependabot bot requested a review from 0xTheProDev as a code owner October 3, 2025 12:04
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Oct 3, 2025
@0xTheProDev 0xTheProDev merged commit a3151ca into main Oct 6, 2025
4 of 5 checks passed
@0xTheProDev 0xTheProDev deleted the dependabot/npm_and_yarn/development-dependencies-3e165361b8 branch October 6, 2025 08:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@0xTheProDev 0xTheProDev 0xTheProDev approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@0xTheProDev