fix(deps): update all dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@google-cloud/monitoring (source)	5.3.0 -> 5.3.1			dependencies	patch
@google-cloud/storage	7.16.0 -> 7.17.3			dependencies	minor
actions/checkout	v4 -> v5			action	major
actions/setup-java	v4 -> v5			action	major
actions/upload-artifact	v4 -> v5			action	major
firebase-admin (source)	13.4.0 -> 13.6.0			dependencies	minor
firebase-functions	^6.0.1 -> ^7.0.0			dependencies	major
google-github-actions/auth	v2 -> v3			action	major
google-github-actions/setup-gcloud	v2 -> v3			action	major
gradle (source)	8.14.3 -> 9.2.1				major
gradle/actions	v4 -> v5			action	major
node (source)	22.17.1 -> 24.11.1				major
node (source)	22.17.1 -> 24.11.1			engines	major
typescript (source)	5.8.3 -> 5.9.3			devDependencies	minor
androidx.navigation:navigation-ui-ktx (source)	2.9.3 -> 2.9.6			dependencies	patch
androidx.navigation:navigation-fragment-ktx (source)	2.9.3 -> 2.9.6			dependencies	patch
com.google.android.material:material	1.12.0 -> 1.13.0			dependencies	minor
org.jetbrains.kotlin.android (source)	2.2.0 -> 2.2.21			plugin	patch
org.jetbrains.kotlin.plugin.compose (source)	2.2.0 -> 2.2.21			plugin	patch
org.jetbrains.kotlin:kotlin-stdlib (source)	2.2.0 -> 2.2.21			dependencies	patch
androidx.metrics:metrics-performance (source)	1.0.0-beta02 -> 1.0.0			dependencies	patch
androidx.compose:compose-bom	2025.07.00 -> 2025.11.00			dependencies	minor
androidx.activity:activity-ktx (source)	1.10.1 -> 1.11.0			dependencies	minor
com.android.test (source)	8.11.1 -> 8.13.1			plugin	minor
com.android.application (source)	8.11.1 -> 8.13.1			plugin	minor
androidx.test:rules	1.6.1 -> 1.7.0			dependencies	minor
androidx.core:core-ktx (source)	1.16.0 -> 1.17.0			dependencies	minor
androidx.benchmark (source)	1.4.0 -> 1.4.1			plugin	patch
androidx.benchmark:benchmark-junit4 (source)	1.4.0 -> 1.4.1			dependencies	patch
com.android.library (source)	8.11.1 -> 8.13.1			plugin	minor

---

Release Notes

googleapis/google-cloud-node (@​google-cloud/monitoring)

v5.3.1

Bug Fixes

• [gkeconnect-gateway] remove unused GatewayServiceClient (#​6775) (41c2ff2)

googleapis/nodejs-storage (@​google-cloud/storage)

v7.17.3

Compare Source

Bug Fixes

• 🐛 fix the issue 2667, do not mutate object given to options … (#​2668) (8a9f259)
• Revert implement path containment to prevent traversal attacks (254b6b2)

v7.17.2

Compare Source

Bug Fixes

• Common Service: should retry a request failed (#​2652) (b38b5d2)
• Implement path containment to prevent traversal attacks (#​2654) (08d7abf)

v7.17.1

Compare Source

Bug Fixes

• Respect useAuthWithCustomEndpoint flag for resumable uploads (#​2637) (707b4f2)

v7.17.0

Compare Source

Features

• Add CSEK to download (#​2604) (cacc0be)

Bug Fixes

• Propagate errors when using pipelines (#​2560) (#​2624) (a43b490)
• Typo correction (#​2610) (9cae69c)

actions/checkout (actions/checkout)

v5

Compare Source

actions/setup-java (actions/setup-java)

v5

Compare Source

actions/upload-artifact (actions/upload-artifact)

v5

Compare Source

firebase/firebase-admin-node (firebase-admin)

v13.6.0: Firebase Admin Node.js SDK v13.6.0

Compare Source

New Features

• feat(dc): Add executeQuery and executeMutation APIs to Data Connect (#​2979)

Miscellaneous

• [chore] Release 13.6.0 (#​3006)
• build(deps-dev): bump gulp from 5.0.0 to 5.0.1 (#​3001)
• build(deps): bump @​firebase/database-compat from 2.0.6 to 2.1.0 (#​3002)
• build(deps): bump @​fastify/busboy from 3.1.1 to 3.2.0 (#​2998)
• build(deps-dev): bump @​firebase/api-documenter from 0.4.0 to 0.5.0 (#​3000)
• build(deps): bump axios in /.github/actions/send-email (#​2983)
• chore(dc): Implement gen tracking (#​2985)
• FDC: update api version, integration tests, and CONTRIBUTING.md (#​2972)
• chore: update copyright headers from Google Inc. to Google LLC (#​2974)

v13.5.0: Firebase Admin Node.js SDK v13.5.0

Compare Source

New Features

• feat: initializeApp idempotency (#​2947)
• feat(fcm): Support apns.live_activity_token field in FCM ApnsConfig (#​2891)

Miscellaneous

• [chore] Release 13.5.0 (#​2969)
• chore: Upgrade @​firebase/auth-compat and @​firebase/auth-types (#​2964)
• build(deps): bump uuid from 11.0.3 to 11.1.0 (#​2946)
• build(deps-dev): bump @​types/request from 2.48.12 to 2.48.13 (#​2959)
• build(deps): bump form-data in /.github/actions/send-email (#​2951)
• chore: Fix strip-only mode issues in Node.js 22.18 (#​2958)
• build(deps-dev): bump @​microsoft/api-extractor from 7.52.7 to 7.52.10 (#​2955)
• build(deps-dev): bump @​types/lodash from 4.17.15 to 4.17.18 (#​2942)
• build(deps): bump undici in /.github/actions/send-email (#​2922)

firebase/firebase-functions (firebase-functions)

v7.0.0

Compare Source

• BREAKING: Drop support for Node.js 16. Minimum supported version is now Node.js 18. (#​1747)
• BREAKING: Remove deprecated functions.config() API. Use params module for environment variables instead. (#​1748)
• BREAKING: Upgrade to TypeScript v5 and target ES2022. (#​1746)
• BREAKING: Unhandled errors in async onRequest handlers in the Emulator now return a 500 error immediately. (#​1755)
• Add support for ESM (ECMAScript Modules) alongside CommonJS. (#​1750)
• Add onMutationExecuted() trigger for Firebase Data Connect. (#​1727)
• BREAKING: Rename v1 Event to LegacyEvent to avoid api-extractor conflict. (#​1767)

v6.6.0

Compare Source

• Add defineJsonSecret API for storing structured JSON objects in Cloud Secret Manager. (#​1745)
• Enhance validation against incomplete/invalid app_remove events to avoid runtime crashes. (#​1738)

v6.5.0

Compare Source

• Add LLM guidance (#​1736)
• Fix issue calling DataSnapshot methods with null data (#​1661)
• Adds auth.rawToken to context to allow access to the underlying token. (#​1678)
• Fix logger runtime exceptions #(1704)

google-github-actions/auth (google-github-actions/auth)

v3

Compare Source

Floating v3 tag

google-github-actions/setup-gcloud (google-github-actions/setup-gcloud)

v3

Compare Source

Floating v3 tag

gradle/gradle (gradle)

v9.2.1

Compare Source

v9.2.0

Compare Source

v9.1.0: 9.1.0

Compare Source

The Gradle team is excited to announce Gradle 9.1.0.

Here are the highlights of this release:

• Full Java 25 support
• Native task graph visualization
• Enhanced console output

Read the Release Notes

We would like to thank the following community members for their contributions to this release of Gradle:
Eng Zer Jun,
EunHyunsu,
Gaëtan Muller,
HeeChul Yang,
Jendrik Johannes,
Johnny Lim,
Junho Lee,
Kirill Gavrilov,
Matthew Haughton,
Na Minhyeok,
Philip Wedemann,
Philipp Schneider,
Pradyumna C,
r-a-sattarov,
Ryszard Perkowski,
Sebastian Schuberth,
SebastianHeil,
Staffan Al-Kadhimi,
winfriedgerlach,
Xin Wang.

Upgrade instructions

Switch your build to use Gradle 9.1.0 by updating your wrapper:

./gradlew wrapper --gradle-version=9.1.0 && ./gradlew wrapper

See the Gradle 9.x upgrade guide to learn about deprecations, breaking changes and other considerations when upgrading.

For Java, Groovy, Kotlin and Android compatibility, see the full compatibility notes.

Reporting problems

If you find a problem with this release, please file a bug on GitHub Issues adhering to our issue guidelines.
If you're not sure you're encountering a bug, please use the forum.

We hope you will build happiness with Gradle, and we look forward to your feedback via Twitter or on GitHub.

v9.0.0: 9.0.0

Compare Source

The Gradle team is excited to announce Gradle 9.0.0.

Here are the highlights of this release:

• Configuration Cache is the recommended execution mode
• Gradle requires JVM 17 or higher to run
• Build scripts use Kotlin 2.2 and Groovy 4.0
• Improved Kotlin DSL script compilation avoidance

Read the Release Notes

We would like to thank the following community members for their contributions to this release of Gradle:
Aaron Matthis,
Adam E,
Adam S,
Björn Kautler,
Daniel Lacasse,
Eng Zer Jun,
EunHyunsu,
FlorianMichael,
Francisco Prieto,
Gaëtan Muller,
Jake Wharton,
Kengo TODA,
Kent Kaseda,
Madalin Valceleanu,
Marc Philipp,
Mark S. Lewis,
Matthew Haughton,
Mycroft Wong,
Na Minhyeok,
Nelson Osacky,
Olivier "Oli" Dagenais,
ploober,
Radai Rosenblatt,
Róbert Papp,
Sebastian Schuberth,
Victor Merkulov.

Upgrade instructions

Switch your build to use Gradle 9.0.0 by updating your wrapper:

./gradlew wrapper --gradle-version=9.0.0 && ./gradlew wrapper

See the Gradle 9.0.0 upgrade guide to learn about deprecations, breaking changes and other considerations when upgrading.

For Java, Groovy, Kotlin and Android compatibility, see the full compatibility notes.

Reporting problems

If you find a problem with this release, please file a bug on GitHub Issues adhering to our issue guidelines.
If you're not sure you're encountering a bug, please use the forum.

We hope you will build happiness with Gradle, and we look forward to your feedback via Twitter or on GitHub.

gradle/actions (gradle/actions)

v5

Compare Source

nodejs/node (node)

v24.11.1

Compare Source

v24.11.0

Compare Source

v24.10.0: 2025-10-08, Version 24.10.0 (Current), @​RafaelGSS

Compare Source

Notable Changes

• [31bb476895] - (SEMVER-MINOR) console: allow per-stream inspectOptions option (Anna Henningsen) #​60082
• [3b92be2fb8] - (SEMVER-MINOR) lib: remove util.getCallSite (Rafael Gonzaga) #​59980
• [18c79d9e1c] - (SEMVER-MINOR) sqlite: create authorization api (Guilherme Araújo) #​59928

Commits

• [e8cff3d51e] - benchmark: remove unused variable from util/priority-queue (Bruno Rodrigues) #​59872
• [03294252ab] - benchmark: update count to n in permission startup (Bruno Rodrigues) #​59872
• [3c8a609d9b] - benchmark: update num to n in dgram offset-length (Bruno Rodrigues) #​59872
• [7b2032b13e] - benchmark: adjust dgram offset-length len values (Bruno Rodrigues) #​59708
• [552d887aee] - benchmark: update num to n in dgram offset-length (Bruno Rodrigues) #​59708
• [31bb476895] - (SEMVER-MINOR) console: allow per-stream inspectOptions option (Anna Henningsen) #​60082
• [0bf022d4c0] - console,util: improve array inspection performance (Ruben Bridgewater) #​60037
• [04d568e591] - deps: V8: cherry-pick f93055f (Olivier Flückiger) #​60105
• [621058b3bf] - deps: update archs files for openssl-3.5.4 (Node.js GitHub Bot) #​60101
• [81b3009fe6] - deps: upgrade openssl sources to openssl-3.5.4 (Node.js GitHub Bot) #​60101
• [dc44c9f349] - deps: upgrade npm to 11.6.1 (npm team) #​60012
• [ec0f137198] - deps: update ada to 3.3.0 (Node.js GitHub Bot) #​60045
• [f490f91874] - deps: update amaro to 1.1.4 (pmarchini) #​60044
• [de7a7cd0d7] - deps: update ada to 3.2.9 (Node.js GitHub Bot) #​59987
• [a533e5b5db] - doc: add automated migration info to deprecations (Augustin Mauroy) #​60022
• [7fb8fe4875] - doc: fix typo on child_process.md (Angelo Gazzola) #​60114
• [24c1ef9846] - doc: remove optional title prefixes (Aviv Keller) #​60087
• [08b9eb8e19] - doc: mark .env files support as stable (Santeri Hiltunen) #​59925
• [66d90b8063] - doc: mention reverse proxy and include simple example (Steven) #​59736
• [14aa1119cb] - doc: provide alternative to url.parse() using WHATWG URL (Steven) #​59736
• [f9412324f6] - doc: fix typo of built-in module specifier in worker_threads (Deokjin Kim) #​59992
• [64e738a342] - doc,crypto: reorder ML-KEM in the asymmetric key types table (Filip Skokan) #​60067
• [1b25008b41] - http: improve writeEarlyHints by avoiding for-of loop (Haram Jeong) #​59958
• [35f9b6b28f] - inspector: improve batch diagnostic channel subscriptions (Chengzhong Wu) #​60009
• [3b92be2fb8] - (SEMVER-MINOR) lib: remove util.getCallSite (Rafael Gonzaga) #​59980
• [c495e1fe57] - lib: optimize priority queue (Gürgün Dayıoğlu) #​60039
• [6be31fb9f3] - lib: implement passive listener behavior per spec (BCD1me) #​59995
• [c5e4aa763b] - meta: bump actions/setup-python from 5.6.0 to 6.0.0 (dependabot[bot]) #​60090
• [50fa1f4a76] - meta: bump ossf/scorecard-action from 2.4.2 to 2.4.3 (dependabot[bot]) #​60096
• [def4ce976c] - meta: bump actions/cache from 4.2.4 to 4.3.0 (dependabot[bot]) #​60095
• [24b5abc0e9] - meta: bump step-security/harden-runner from 2.12.2 to 2.13.1 (dependabot[bot]) #​60094
• [8ccf2b0b34] - meta: bump actions/setup-node from 4.4.0 to 5.0.0 (dependabot[bot]) #​60093
• [78580147ef] - meta: bump actions/stale from 9.1.0 to 10.0.0 (dependabot[bot]) #​60092
• [705686b5c4] - meta: bump codecov/codecov-action from 5.5.0 to 5.5.1 (dependabot[bot]) #​60091
• [423a6bc744] - meta: bump github/codeql-action from 3.30.0 to 3.30.5 (dependabot[bot]) #​60089
• [9d9bd0fb4f] - meta: move Michael to emeritus (Michael Dawson) #​60070
• [dbeee55824] - module: use sync cjs when importing cts (Marco Ippolito) #​60072
• [a722f677ac] - perf_hooks: fix histogram fast call signatures (Renegade334) #​59600
• [b3295b8353] - process: fix wrong asyncContext under unhandled-rejections=strict (Shima Ryuhei) #​60103
• [cff4a7608a] - process: fix default env for process.execve (Richard Lau) #​60029
• [cd034e927f] - process: fix hrtime fast call signatures (Renegade334) #​59600
• [18c79d9e1c] - (SEMVER-MINOR) sqlite: create authorization api (Guilherme Araújo) #​59928
• [d949222043] - sqlite: replace ToLocalChecked and improve filter error handling (Edy Silva) #​60028
• [6417dc879e] - src: bring permissions macros in line with general C/C++ standards (Anna Henningsen) #​60053
• [e273c2020c] - src: update contextify to use DictionaryTemplate (James M Snell) #​60059
• [5f9ff60664] - src: remove AnalyzeTemporaryDtors option from .clang-tidy (iknoom) #​60008
• [9db54adccc] - src: update cares_wrap to use DictionaryTemplates (James M Snell) #​60033
• [fc0ceb7b82] - src: correct the error handling in StatementExecutionHelper (James M Snell) #​60040
• [3e8fdc1d8d] - src: remove unused variables from report (Moonki Choi) #​60047
• [d744324d8e] - src: avoid unnecessary string allocations in SPrintF impl (Anna Henningsen) #​60052
• [de65a5c719] - src: make ToLower/ToUpper input args more flexible (Anna Henningsen) #​60052
• [354026df5a] - src: allow std::string_view arguments to SPrintF() and friends (Anna Henningsen) #​60058
• [42f7d7cb20] - src: remove unnecessary std::string error messages (Anna Henningsen) #​60057
• [30c2c0fedd] - src: remove unnecessary shadowed functions on Utf8Value & BufferValue (Anna Henningsen) #​60056
• [eb99eec09b] - src: avoid unnecessary string -> char* -> string round trips (Anna Henningsen) #​60055
• [c1f1dbdce2] - src: remove useless dereferencing in THROW_... (Anna Henningsen) #​60054
• [ea0f5e575d] - src: fill options_args, options_env after vectors are finalized (iknoom) #​59945
• [415fff217a] - src: use RAII for uv_process_options_t (iknoom) #​59945
• [982b03ecbd] - test: mark test-runner-run-watch flaky on macOS (Richard Lau) #​60115
• [831a0d3d28] - test: ensure that the message event is fired (Luigi Pinca) #​59952
• [5538cfc1e8] - test: replace diagnostics_channel stackframe in output snapshots (Chengzhong Wu) #​60024
• [77ec400d90] - test: mark test-web-locks skip on IBM i (SRAVANI GUNDEPALLI) #​59996
• [1aaadb9e31] - test: ensure message event fires in worker message port test (Jarred Sumner) #​59885
• [1d5cc5e57a] - test: mark sea tests flaky on macOS x64 (Richard Lau) #​60068
• [c412b1855d] - test: expand tls-check-server-identity coverage (Diango Gavidia) #​60002
• [ad87975029] - test: fix typo of test-benchmark-readline.js (Deokjin Kim) #​59993
• [bad4b9b878] - test: add new startNewREPLSever testing utility (Dario Piotrowicz) #​59964
• [ef90b0f456] - test: verify tracing channel doesn't swallow unhandledRejection (Gerhard Stöbich) #​59974
• [d7285459fe] - timers: fix binding fast call signatures (Renegade334) #​59600
• [6529ae9b0c] - tools: add message on auto-fixing js lint issues in gh workflow (Dario Piotrowicz) #​59128
• [1ca116a6ea] - tools: verify signatures when updating nghttp* (Antoine du Hamel) #​60113
• [20d10a2398] - tools: use dependabot cooldown and move tools/doc (Rafael Gonzaga) #​59978
• [275c07064c] - typings: update 'types' binding (René) #​59692
• [8c21c4b286] - wasi: fix WasiFunction fast call signature (Renegade334) #​59600
• [b865074641] - win,tools: add description to signature (Martin Costello) #​59877

v24.9.0: 2025-09-25, Version 24.9.0 (Current), @​targos

Compare Source

Notable Changes

• [9b043a9096] - (SEMVER-MINOR) http: add shouldUpgradeCallback to let servers control HTTP upgrades (Tim Perry) #​59824
• [a6456ab90a] - (SEMVER-MINOR) sqlite: cleanup ERM support and export Session class (James M Snell) #​58378
• [5563361d22] - (SEMVER-MINOR) sqlite: add tagged template (0hm☘️) #​58748
• [04013ee933] - (SEMVER-MINOR) worker: add heap profile API (theanarkh) #​59846

Commits

• [cbec4fd6de] - benchmark: calibrate config dgram multi-buffer (Bruno Rodrigues) #​59696
• [9a4bbdc3c5] - benchmark: calibrate config cluster/echo.js (Nam Yooseong) #​59836
• [0b284d86e8] - build: add the missing macro definitions for OpenHarmony (hqzing) #​59804
• [43e6e54d66] - build: do not include custom ESLint rules testing in tarball (Antoine du Hamel) #​59809
• [039ac19154] - crypto: expose signatureAlgorithm on X509Certificate (Patrick Costa) #​59235
• [647c332704] - crypto: use return await when returning Promises from async functions (Renegade334) #​59841
• [8ed4587cf0] - crypto: use async functions for non-stub Promise-returning functions (Renegade334) #​59841
• [bb051c56ef] - crypto: avoid calls to promise.catch() (Renegade334) #​59841
• [05e560dd25] - deps: update googletest to 50b8600 (Node.js GitHub Bot) #​59955
• [fa40d3a785] - deps: update archs files for openssl-3.5.3 (Node.js GitHub Bot) #​59901
• [8c85570d18] - deps: upgrade openssl sources to openssl-3.5.3 (Node.js GitHub Bot) #​59901
• [b71125664e] - deps: update undici to 7.16.0 (Node.js GitHub Bot) #​59830
• [dea5dd7077] - dgram: restore buffer optimization in fixBufferList (Yoo) #​59934
• [b0c1e67532] - diagnostics_channel: fix race condition with diagnostics_channel and GC (Ugaitz Urien) #​59910
• [0b37b594c3] - doc: use "WebAssembly" instead of "Web Assembly" (Tobias Nießen) #​59954
• [1e723f9c6b] - doc: fix typo in section on microtask order (Tobias Nießen) #​59932
• [a28962a85c] - doc: update V8 fast API guidance (René) #​58999
• [bd767c5d1b] - doc: add security escalation policy (Ulises Gascón) #​59806
• [9df91e59e1] - doc: type improvement of file http.md (yusheng chen) #​58189
• [e4f571680b] - doc: deprecate closing fs.Dir on garbage collection (Livia Medeiros) #​59839
• [[e9cb986fa5](

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.