chore(deps): bump the npm_and_yarn group across 2 directories with 27 updates

[dependabot]

Bumps the npm_and_yarn group with 13 updates in the / directory:

Package	From	To
@angular/core	9.0.5	10.2.5
firebase	7.8.0	10.9.0
firebase-tools	7.12.1	13.6.0
@babel/traverse	7.8.4	7.26.8
browserify-sign	4.0.4	4.2.3
decode-uri-component	0.2.0	0.2.2
elliptic	6.5.2	6.6.1
es5-ext	0.10.53	0.10.64
eventsource	1.0.7	1.1.2
express	4.17.1	4.21.2
follow-redirects	1.10.0	1.15.9
jquery	3.4.1	3.7.1
moment	2.24.0	2.30.1

Bumps the npm_and_yarn group with 9 updates in the /sample directory:

Package	From	To
@angular/core	9.0.5	10.2.5
firebase	7.10.0	10.9.0
firebase-tools	7.14.0	13.6.0
@babel/traverse	7.8.6	7.26.8
browserify-sign	4.0.4	4.2.3
decode-uri-component	0.2.0	0.2.2
elliptic	6.5.2	6.6.1
eventsource	1.0.7	1.1.2
express	4.17.1	4.21.2

Updates @angular/core from 9.0.5 to 10.2.5

Changelog

Sourced from @​angular/core's changelog.

10.2.5 (2021-04-14)

Bug Fixes

• compiler-cli: show a more specific error for Ivy NgModules (#41534) (#41598) (f630f33)
• core: fix possible XSS attack in development through SSR (#40525) (ba8da74)

10.2.4 (2020-12-17)

Bug Fixes

• core: fix possible XSS attack in development through SSR. (#40152) (0b8e3d5)
• core: set ngDevMode to false when calling enableProdMode() (#40160) (90570c0)

10.2.3 (2020-11-09)

Bug Fixes

• compiler: ensure that i18n message-parts have the correct source-span (#39589) (e67a331)
• compiler: skipping leading whitespace should not break placeholder source-spans (#39589) (2b684b7), closes #39195
• compiler-cli: avoid duplicate diagnostics about unknown pipes (#39517) (861e4fa)
• compiler-cli: do not drop non-Angular decorators when downleveling (#39577) (1c6cf8a), closes #39574

10.2.2 (2020-11-04)

Bug Fixes

• compiler-cli: report missing pipes when fullTemplateTypeCheck is disabled (#39320) (71d0063), closes #38195
• core: markDirty() should only mark flags when really scheduling tick. (#39316) (8c82106), closes #39296
• router: Ensure all outlets are used when commands have a prefix (#39456) (85d5242)

Performance Improvements

• core: do not recurse into modules that have already been registered (#39514) (812355c), closes #39487

... (truncated)

Commits

• ba8da74 fix(core): fix possible XSS attack in development through SSR (#40525)
• 90570c0 fix(core): set ngDevMode to false when calling enableProdMode() (#40160)
• 0b8e3d5 fix(core): fix possible XSS attack in development through SSR. (#40152)
• 1aee8b3 refactor(compiler): store the fullStart location on ParseSourceSpans (#39...
• 812355c perf(core): do not recurse into modules that have already been registered (#3...
• 8f36c21 refactor(router): Small refactor of createUrlTree and extra tests (#39456)
• 90acb91 docs: tView.preOrderHooks and tView.preOrderCheckHooks docs update (#39497)
• 8c82106 fix(core): markDirty() should only mark flags when really scheduling tick. (#...
• 0b37249 docs(core): update a typo in the comment of ngZoneEventCoalescing (#39423)
• 3b779a1 docs: fix typo in initializeInputAndOutputAliases docstring (#39438)
• Additional commits viewable in compare view

Updates firebase from 7.8.0 to 10.9.0

Commits

• 1eb302f Version Packages (#8063)
• b498867 Merge master into release
• ce88e71 snapshot listeners source from cache (#7982)
• 6d487d7 Prevent using authTokenSyncURL if the string begins with a double slash (#8060)
• b4d59d6 Merge master into release
• 2b22838 Fix glob pattern to work with Node 20 and its NPM version (#8059)
• feb5038 Update CI node.js versions to 20.x (#8055)
• 245dd26 Enforce authTokenSyncURL being a path and not a url. (#8056)
• e60188d Version Packages (#8046)
• 7e2efbf Merge master into release
• Additional commits viewable in compare view

Updates firebase-tools from 7.12.1 to 13.6.0

Release notes

Sourced from firebase-tools's releases.

v13.6.0

• Released Firestore Emulator 1.19.4. This version fixes a minor bug with reserve ids and adds a reset endpoint for Datastore Mode.
• Released PubSub Emulator 0.8.2. This version includes support for no_wrapper options.
• Fixes issue where GitHub actions service account cannot add preview URLs to Auth authorized domains. (#6895)
• Fixes issue where GOOGLE_CLOUD_QUOTA_PROJECT breaks functions source uploads (#6917)

v13.5.2

• Fix hosting rewrite deployment bug for skipped functions (#6658).

v13.5.1

• Release Emulator Suite UI v1.11.8 which adds support for Multiple DBs in the Emulator UI Firestore page via editing the URL. (#6874)

v13.5.0

• Enable dynamic debugger port for functions + support for inspecting multiple codebases (#6854)
• Inject an environment variable in the node functions emulator to tell the google-gax SDK not to look for the metadata service. (#6860)
• Release Firestore Emulator 1.19.3 which fixes ancestor and namespace scope queries for Datastore Mode. This release also fixes internal errors seen across REST API and firebase-js-sdk.
• v2 scheduled functions with explicit service accounts trigger eventarc to use that service account (#6858)
• v2 event functions with explicit service accounts trigger eventarc to use that service account (#6859)

v13.4.1

• Released Firestore emulator v1.19.2, which fixes some bugs affecting client SDKs when in Datastore Mode.
• Fix demo projects + web frameworks with emulators (#6737)
• Fix Next.js static routes with server actions (#6664)
• Fixed an issue where GOOGLE_CLOUD_QUOTA_PROJECT was not correctly respected. (#6801)
• Make VPC egress settings in functions parameterizeable (#6843)

v13.4.0

• Added new commands for managing Firestore backups and restoring databases. (#6778)
• Fixed quota attribution for Firebase Auth API calls. (#6819)

v13.3.1

• Release Cloud Firestore emulator v1.19.1:
  • Adds support for Datastore Mode to the Firstore Emulator. Adds --database-mode flag to gcloud emulator firestore start command. Note that this is a preview feature and if you find any bugs, please file them here: https://github.com/firebase/firebase-tools/issues.
• Improve FAH onboarding flow to connect backends with SCMs (#6764).
• Fixed issue where GitHub actions would fail due to lack of permission. (#6791)

v13.3.0

• Improved detection for when login has expired due to Google Cloud Session Control. (#1846)
• Added support for Python 3.12. (#6679)
• Fixed issues with internal utilities. (#6754)
• Fixed an issue where firestore:delete wouldn't target the emulator when expected. (#6537)

v13.2.1

• Fixed an issue where appdistribution:distribute would always attempt to run tests. (#6749)

v13.2.0

• Added rudimentary email enumeration protection for auth emulator. (#6702)

... (truncated)

Commits

• f6b7d05 13.6.0
• a26c3d0 Ignore quota project in GCF source uploads (#6917)
• 476bd33 Update to PubSub emulator 0.8.2 (#6916)
• ccab9b7 Add Service Usage Consumer role to GitHub Actions service account (#6895)
• 4c1bd42 Switching a few more places to getters (#6914)
• 6950829 Fix "could not assert Secret Manager permissions" Cloud Build error (#6904)
• 4a17ca7 Refactor api.ts file constants to getters (#6913)
• c6d1615 Update Firestore Emulator version (#6912)
• 90b6506 Vector config support (#6900)
• dc13cb9 make fetchLinkableGitRepositories get all linkable git repositories (#6889)
• Additional commits viewable in compare view

Updates semver from 7.1.3 to 7.7.1

Release notes

Sourced from semver's releases.

v7.7.1

7.7.1 (2025-02-03)

Bug Fixes

• af761c0 #764 inc: fully capture prerelease identifier (#764) (@​wraithgar)

v7.7.0

7.7.0 (2025-01-29)

Features

• 0864b3c #753 add "release" inc type (#753) (@​mbtools)

Bug Fixes

• d588e37 #755 diff: fix prerelease to stable version diff logic (#755) (@​eminberkayd, berkay.daglar)
• 8a34bde #754 add identifier validation to inc() (#754) (@​mbtools)

Documentation

• 67e5478 #756 readme: added missing period for consistency (#756) (@​shaymolcho)
• 868d4bb #749 clarify comment about obsolete prefixes (#749) (@​mbtools, @​ljharb)

Chores

• 145c554 #741 bump @​npmcli/eslint-config from 4.0.5 to 5.0.0 (@​dependabot[bot])
• 753e02b #747 bump @​npmcli/template-oss from 4.23.3 to 4.23.4 (#747) (@​dependabot[bot], @​npm-cli-bot)
• 0b812d5 #744 postinstall for dependabot template-oss PR (@​hashtagchris)

v7.6.3

7.6.3 (2024-07-16)

Bug Fixes

• 73a3d79 #726 optimize Range parsing and formatting (#726) (@​jviide)

Documentation

• 2975ece #719 fix extra backtick typo (#719) (@​stdavis)

v7.6.2

7.6.2 (2024-05-09)

Bug Fixes

• 6466ba9 #713 lru: use map.delete() directly (#713) (@​negezor, @​lukekarrys)

v7.6.1

7.6.1 (2024-05-04)

Bug Fixes

• c570a34 #704 linting: no-unused-vars (@​wraithgar)
• ad8ff11 #704 use internal cache implementation (@​mbtools)
• ac9b357 #682 typo in compareBuild debug message (#682) (@​mbtools)

Dependencies

• 988a8de #709 uninstall lru-cache (#709)

... (truncated)

Changelog

Sourced from semver's changelog.

7.7.1 (2025-02-03)

Bug Fixes

• af761c0 #764 inc: fully capture prerelease identifier (#764) (@​wraithgar)

7.7.0 (2025-01-29)

Features

• 0864b3c #753 add "release" inc type (#753) (@​mbtools)

Bug Fixes

• d588e37 #755 diff: fix prerelease to stable version diff logic (#755) (@​eminberkayd, berkay.daglar)
• 8a34bde #754 add identifier validation to inc() (#754) (@​mbtools)

Documentation

• 67e5478 #756 readme: added missing period for consistency (#756) (@​shaymolcho)
• 868d4bb #749 clarify comment about obsolete prefixes (#749) (@​mbtools, @​ljharb)

Chores

• 145c554 #741 bump @​npmcli/eslint-config from 4.0.5 to 5.0.0 (@​dependabot[bot])
• 753e02b #747 bump @​npmcli/template-oss from 4.23.3 to 4.23.4 (#747) (@​dependabot[bot], @​npm-cli-bot)
• 0b812d5 #744 postinstall for dependabot template-oss PR (@​hashtagchris)

7.6.3 (2024-07-16)

Bug Fixes

• 73a3d79 #726 optimize Range parsing and formatting (#726) (@​jviide)

Documentation

• 2975ece #719 fix extra backtick typo (#719) (@​stdavis)

7.6.2 (2024-05-09)

Bug Fixes

• 6466ba9 #713 lru: use map.delete() directly (#713) (@​negezor, @​lukekarrys)

7.6.1 (2024-05-04)

Bug Fixes

• c570a34 #704 linting: no-unused-vars (@​wraithgar)
• ad8ff11 #704 use internal cache implementation (@​mbtools)
• ac9b357 #682 typo in compareBuild debug message (#682) (@​mbtools)

Dependencies

• 988a8de #709 uninstall lru-cache (#709)
• 3fabe4d #704 remove lru-cache

Chores

• dd09b60 #705 bump @​npmcli/template-oss to 4.22.0 (@​lukekarrys)

... (truncated)

Commits

• 30c438b chore: release 7.7.1 (#765)
• af761c0 fix(inc): fully capture prerelease identifier (#764)
• 2cfcbb5 chore: release 7.7.0 (#750)
• d588e37 fix(diff): fix prerelease to stable version diff logic (#755)
• 753e02b chore: bump @​npmcli/template-oss from 4.23.3 to 4.23.4 (#747)
• 8a34bde fix: add identifier validation to inc() (#754)
• 0864b3c feat: add "release" inc type (#753)
• 67e5478 docs(readme): added missing period for consistency (#756)
• 868d4bb docs: clarify comment about obsolete prefixes (#749)
• 145c554 chore: bump @​npmcli/eslint-config from 4.0.5 to 5.0.0
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by npm-cli-ops, a new releaser for semver since your current version.

Updates ws from 7.2.1 to 7.5.10

Release notes

Sourced from ws's releases.

7.5.10

Bug fixes

• Backported e55e5106 to the 7.x release line (22c28763).

7.5.9

Bug fixes

• Backported bc8bd34e to the 7.x release line (0435e6e1).

7.5.8

Bug fixes

• Backported 0fdcc0af to the 7.x release line (2758ed35).
• Backported d68ba9e1 to the 7.x release line (dc1781bc).

7.5.7

Bug fixes

• Backported 6946f5fe to the 7.x release line (1f72e2e1).

7.5.6

Bug fixes

• Backported b8186dd1 to the 7.x release line (73dec34b).
• Backported ed2b8039 to the 7.x release line (22a26afb).

7.5.5

Bug fixes

• Backported ec9377ca to the 7.x release line (0e274acd).

7.5.4

Bug fixes

• Backported 6a72da3e to the 7.x release line (76087fbf).
• Backported 869c9892 to the 7.x release line (27997933).

7.5.3

Bug fixes

• The WebSocketServer constructor now throws an error if more than one of the noServer, server, and port options are specefied (66e58d27).
• Fixed a bug where a 'close' event was emitted by a WebSocketServer before the internal HTTP/S server was actually closed (5a587304).
• Fixed a bug that allowed WebSocket connections to be established after WebSocketServer.prototype.close() was called (772236a1).

7.5.2

Bug fixes

... (truncated)

Commits

• d962d70 [dist] 7.5.10
• 22c2876 [security] Fix crash when the Upgrade header cannot be read (#2231)
• 8a78f87 [dist] 7.5.9
• 0435e6e [security] Fix same host check for ws+unix: redirects
• 4271f07 [dist] 7.5.8
• dc1781b [security] Drop sensitive headers when following insecure redirects
• 2758ed3 [fix] Abort the handshake if the Upgrade header is invalid
• a370613 [dist] 7.5.7
• 1f72e2e [security] Drop sensitive headers when following redirects (#2013)
• 8ecd890 [dist] 7.5.6
• Additional commits viewable in compare view

Updates @babel/traverse from 7.8.4 to 7.26.8

Release notes

Sourced from @​babel/traverse's releases.

v7.26.8 (2025-02-08)

🏠 Internal

• babel-preset-env
  • #17097 Update dependency babel-plugin-polyfill-corejs3 to ^0.11.0

v7.26.7 (2025-01-24)

Thanks @​branchseer and @​tquetano-netflix for your first PRs!

🐛 Bug Fix

• babel-helpers, babel-preset-env, babel-runtime-corejs3
  • #17086 Make "object without properties" helpers ES6-compatible (@​tquetano-netflix)
• babel-plugin-transform-typeof-symbol
  • #17085 fix: Correctly handle typeof in arrow functions (@​liuxingbaoyu)
• babel-parser
  • #17079 Respect ranges option in estree method value (@​JLHwung)
• babel-core
  • #17052 Do not try to parse .ts configs as JSON if natively supported (@​nicolo-ribaudo)
• babel-plugin-transform-typescript
  • #17050 fix: correctly resolve references to non-constant enum members (@​branchseer)
• babel-plugin-transform-typescript, babel-traverse, babel-types
  • #17025 fix: Remove type-only import x = y.z (@​liuxingbaoyu)

Committers: 6

• Babel Bot (@​babel-bot)
• Huáng Jùnliàng (@​JLHwung)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• Tony Quetano (@​tquetano-netflix)
• @​branchseer
• @​liuxingbaoyu

v7.26.6 (2025-01-13)

🐛 Bug Fix

• babel-plugin-transform-nullish-coalescing-operator
  • #17061 fix: Chaining nullish coalescing operators output size regression (@​liuxingbaoyu)

Committers: 1

• @​liuxingbaoyu

v7.26.5 (2025-01-10)

👓 Spec Compliance

• babel-parser
  • #17011 Allow the dynamic import.defer() form of import defer (@​babel-bot)

🐛 Bug Fix

• babel-plugin-transform-block-scoped-functions
  • #17024 chore: Avoid calling isInStrictMode in Babel 7 (@​liuxingbaoyu)

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

Changelog

Tags:

• 💥 [Breaking Change]
• 👓 [Spec Compliance]
• 🚀 [New Feature]
• 🐛 [Bug Fix]
• 📝 [Documentation]
• 🏠 [Internal]
• 💅 [Polish]

Note: Gaps between patch versions are faulty, broken or test releases.

This file contains the changelog starting from v7.15.0.

• See CHANGELOG - v7.0.0 to v7.14.9 for v7.0.0 to v7.14.9 changes.
• See CHANGELOG - v7 prereleases for v7.0.0-alpha.1 to v7.0.0-rc.4 changes.
• See CHANGELOG - v4, CHANGELOG - v5, and CHANGELOG - v6 for v4.x-v6.x changes.
• See CHANGELOG - 6to5 for the pre-4.0.0 version changelog.
• See Babylon's CHANGELOG for the Babylon pre-7.0.0-beta.29 version changelog.
• See babel-eslint's releases for the changelog before @babel/eslint-parser 7.8.0.
• See eslint-plugin-babel's releases for the changelog before @babel/eslint-plugin 7.8.0.

v7.26.7 (2025-01-24)

🐛 Bug Fix

• babel-helpers, babel-preset-env, babel-runtime-corejs3
  • #17086 Make "object without properties" helpers ES6-compatible (@​tquetano-netflix)
• babel-plugin-transform-typeof-symbol
  • #17085 fix: Correctly handle typeof in arrow functions (@​liuxingbaoyu)
• babel-parser
  • #17079 Respect ranges option in estree method value (@​JLHwung)
• babel-core
  • #17052 Do not try to parse .ts configs as JSON if natively supported (@​nicolo-ribaudo)
• babel-plugin-transform-typescript
  • #17050 fix: correctly resolve references to non-constant enum members (@​branchseer)
• babel-plugin-transform-typescript, babel-traverse, babel-types
  • #17025 fix: Remove type-only import x = y.z (@​liuxingbaoyu)

v7.26.6 (2025-01-13)

🐛 Bug Fix

• babel-plugin-transform-nullish-coalescing-operator
  • #17061 fix: Chaining nullish coalescing operators output size regression (@​liuxingbaoyu)

v7.26.5 (2025-01-10)

👓 Spec Compliance

... (truncated)

Commits

• 0593941 v7.26.8
• e02b0ff [Babel 8] Create TSTemplateLiteralType (#17066)
• 2d95140 v7.26.7
• ad572fd fix: Remove type-only import x = y.z (#17025)
• 74181cf v7.26.5
• d35794e [Babel 8] Create TSEnumBody for TSEnumDeclaration (#16979)
• cd24cc0 chore: Update TS 5.7 (#17053)
• cf7b9cd v7.26.4
• f33704a Revert "perf: Improve scope information collection performance" (#17005)
• 36ca8fa v7.26.3
• Additional commits viewable in compare view

Updates basic-auth-connect from 1.0.0 to 1.1.0

Release notes

Sourced from basic-auth-connect's releases.

1.1.0

What's Changed

Important

• feat: add timing safe equal comparison bac1e6a
  • chore: add [email protected] as dependency
• Fix CVE-2024-47178. See: Advisory: GHSA-7p89-p6hx-q4fw

Other

• 💚 GH workflow CI by @​ctcpip in expressjs/basic-auth-connect#2
• 📄 normalize license by @​ctcpip in expressjs/basic-auth-connect#3
• remove redundant variable declaration by @​UlisesGascon in expressjs/basic-auth-connect#6
• Remove usage of undefined return value by @​UlisesGascon in expressjs/basic-auth-connect#5
• Release v1.1.0 by @​UlisesGascon in expressjs/basic-auth-connect#9

New Contributors

• @​ctcpip made their first contribution in expressjs/basic-auth-connect#2
• @​UlisesGascon made their first contribution in expressjs/basic-auth-connect#6

Full Changelog: expressjs/basic-auth-connect@1.0.0...1.1.0

Commits

• 45decb3 1.1.0
• e6b376e docs: improve documentation
• bac1e6a feat: add timing safe equal comparison
• d3b6a63 chore: remove usage of undefined return value (#5)
• b05baf8 test: remove redundant variable declaration (#6)
• e8f35c6 chore: normalize license
• 8d38a0b ci: migrate to GitHub Actions
• 727b4cd 💚 GH workflow CI
• 9eed03b Fixed the readme header.
• See full diff in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for basic-auth-connect since your current version.

Updates browserify-sign from 4.0.4 to 4.2.3

Changelog

Sourced from browserify-sign's changelog.

v4.2.3 - 2024-03-05

Commits

• [patch] widen support to 0.12 9247adf
• [patch] drop minimum node support to v1 4d0ee49
• [Dev Deps] update aud, npmignore, tape 87f3a35
• [actions] remove redundant finisher 37a4758
• [Deps] pin hash-base to ~3.0, due to a breaking change 9e2bf12
• [Deps] update parse-asn1 [f427270`](browserify/browserify-sign@f427270)
• [Deps] update elliptic fb261ce
• [Deps] pin elliptic due to a breaking change 168e16f

v4.2.2 - 2023-10-25

Fixed

• [Tests] log when openssl doesn't support cipher [#37](https://github.com/crypto-browserify/browserify-sign/issues/37)

Commits

• Only apps should have lockfiles 09a8995
• [eslint] switch to eslint 83fe463
• [meta] add npmignore and auto-changelog 4418183
• [meta] fix package.json indentation 9ac5a5e
• [Tests] migrate from travis to github actions d845d85
• [Fix] sign: throw on unsupported padding scheme 8767739
• [Fix] properly check the upper bound for DSA signatures 85994cd
• [Tests] handle openSSL not supporting a scheme f5f17c2
• [Deps] update bn.js, browserify-rsa, elliptic, parse-asn1, readable-stream, safe-buffer a67d0eb
• [Dev Deps] update nyc, standard, tape cc5350b
• [Tests] always run coverage; downgrade nyc 75ce1d5
• [meta] add safe-publish-latest dcf49ce
• [Tests] add npm run posttest 75dd8fd
• [Dev Deps] update tape 3aec038
• [Tests] skip unsupported schemes 703c83e
• [Tests] node < 6 lacks array includes 3aa43cf
• [Dev Deps] fix eslint range 98d4e0d

v4.2.1 - 2020-08-04

Merged

• bump elliptic [#58](https://github.com/crypto-browserify/browserify-sign/issues/58)

v4.2.0 - 2020-05-18

Merged

• switch to safe buffer [#53](https://github.com/crypto-browserify/browserify-sign/issues/53)

... (truncated)

Commits

• bf2c3ec v4.2.3
• 9247adf [patch] widen support to 0.12
• f427270 [Deps] update `parse-asn1
• 87f3a35 [Dev Deps] update aud, npmignore, tape
• fb261ce [Deps] update elliptic
• 4d0ee49 [patch] drop minimum node support to v1
• 9e2bf12 [Deps] pin hash-base to ~3.0, due to a breaking change
• 168e16f [Deps] pin elliptic due to a breaking change
• 37a4758 [actions] remove redundant finisher
• 4af5a90 v4.2.2
• Additional commits viewable in compare view

Description has been truncated