chore(deps): bump firebase-admin from 11.3.0 to 12.4.0 in /functions

[dependabot]

Bumps firebase-admin from 11.3.0 to 12.4.0.

Release notes

Sourced from firebase-admin's releases.

Firebase Admin Node.js SDK v12.4.0

Miscellaneous

• [chore] Release 12.4.0 (#2674)
• build(deps-dev): bump @​firebase/app-compat from 0.2.38 to 0.2.39 (#2677)
• chore: Deprecate sendToTopic and Condition (#2683)
• build(deps): bump @​types/node from 22.1.0 to 22.3.0 (#2675)
• build(deps-dev): bump mocha from 10.7.0 to 10.7.3 (#2670)
• build(deps): bump @​google-cloud/storage from 7.12.0 to 7.12.1 (#2669)
• build(deps): bump axios in /.github/actions/send-email (#2673)
• build(deps-dev): bump @​microsoft/api-extractor from 7.47.5 to 7.47.6 (#2671)
• Reroute Cloud Tasks to emulator when it is running (#2649)

Firebase Admin Node.js SDK v12.3.1

Bug Fixes

• fix: getToken() returns existing promise to a token if one exists instead of a new token. (#2648)

Miscellaneous

• [chore] Release 12.3.1 (#2667)
• chore: Skip sendToDeviceGroup integration test (#2666)
• build(deps-dev): bump @​microsoft/api-extractor from 7.47.2 to 7.47.5 (#2661)
• build(deps): bump @​types/node from 22.0.1 to 22.1.0 (#2663)
• build(deps-dev): bump @​firebase/app-compat from 0.2.37 to 0.2.38 (#2664)
• build(deps): bump @​types/node from 20.14.11 to 22.0.1 (#2657)
• build(deps-dev): bump chai from 4.4.1 to 4.5.0 (#2650)
• build(deps-dev): bump @​firebase/app-compat from 0.2.35 to 0.2.37 (#2653)
• build(deps): bump fast-xml-parser from 4.4.0 to 4.4.1 (#2654)

Firebase Admin Node.js SDK v12.3.0

New Features

• feat(fcm): Add HTTP2 support for sendEach() and sendEachForMulticast() (#2550)

Miscellaneous

• [chore] Release 12.3.0 (#2644)
• build(deps): bump @​types/node from 20.14.8 to 20.14.11 (#2641)
• build(deps-dev): bump @​microsoft/api-extractor from 7.47.0 to 7.47.2 (#2642)
• build(deps): bump @​google-cloud/storage from 7.11.2 to 7.12.0 (#2643)
• build(deps-dev): bump mocha and @​types/mocha (#2640)
• build(deps): bump @​fastify/busboy from 2.1.1 to 3.0.0 (#2632)
• build(deps-dev): bump @​types/lodash from 4.17.5 to 4.17.7 (#2636)
• Remove Remote Config dependency on Long JS (#2614)
• build(deps): bump @​google-cloud/firestore from 7.8.0 to 7.9.0 (#2618)
• build(deps-dev): bump nyc from 15.1.0 to 17.0.0 (#2616)

... (truncated)

Commits

• d88c3fb [chore] Release 12.4.0 (#2674)
• 22924d8 build(deps-dev): bump @​firebase/app-compat from 0.2.38 to 0.2.39 (#2677)
• a0cc486 chore: Deprecate sendToTopic and Condition (#2683)
• 3a97552 build(deps): bump @​types/node from 22.1.0 to 22.3.0 (#2675)
• fcd7f27 build(deps-dev): bump mocha from 10.7.0 to 10.7.3 (#2670)
• 9635169 build(deps): bump @​google-cloud/storage from 7.12.0 to 7.12.1 (#2669)
• b865eb7 build(deps): bump axios in /.github/actions/send-email (#2673)
• 8a83bdf build(deps-dev): bump @​microsoft/api-extractor from 7.47.5 to 7.47.6 (#2671)
• 8d11961 Reroute Cloud Tasks to emulator when it is running (#2649)
• 5d47529 [chore] Release 12.3.1 (#2667)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[guardrails]

⚠️ We detected 7 security issues in this pull request:

Insecure File Management (1)

Severity	Details	Docs
High	Title: Path Traversal from user input Spot-the-Hole/functions/index.js Line 562 in 0ccce5f path.join(os.tmpdir(), path.basename(req.files.file[0].fieldname)),	📚

More info on how to fix Insecure File Management in JavaScript.

---

Insecure Use of Crypto (1)

Severity	Details	Docs
Medium	Title: Insecure use of random generator Spot-the-Hole/functions/index.js Line 204 in 0ccce5f result += characters.charAt(Math.floor(Math.random() * charactersLength));	📚

More info on how to fix Insecure Use of Crypto in JavaScript.

---

Vulnerable Libraries (5)

Severity	Details
Medium	pkg:npm/[email protected] upgrade to: 1.6.0
High	pkg:npm/[email protected] upgrade to: > 0.3.1
Critical	pkg:npm/@tensorflow/[email protected] upgrade to: > 3.14.0
N/A	pkg:npm/[email protected] upgrade to: 3.1.10
High	pkg:npm/[email protected] upgrade to: > 4.2.1

More info on how to fix Vulnerable Libraries in JavaScript.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.

[sonarcloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[stale]

Automatically marked as stale due to lack of recent activity. Will be closed if no further activity occurs. Thank you for your contributions.

[dependabot]

Superseded by #590.