Skip to content

chore(deps): bump the root-minor-patch group across 1 directory with 8 updates#81

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/root-minor-patch-51e6392ba3
Closed

chore(deps): bump the root-minor-patch group across 1 directory with 8 updates#81
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/root-minor-patch-51e6392ba3

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 22, 2026

Copy link
Copy Markdown
Contributor

Bumps the root-minor-patch group with 7 updates in the / directory:

Package From To
firebase 12.14.0 12.15.0
react-hook-form 7.78.0 7.80.0
react-router-dom 7.17.0 7.18.0
@types/node 22.19.20 22.20.0
@typescript-eslint/eslint-plugin 8.61.0 8.62.0
firebase-tools 15.19.1 15.22.1
prettier 3.8.3 3.8.4

Updates firebase from 12.14.0 to 12.15.0

Release notes

Sourced from firebase's releases.

firebase@12.15.0

For more detailed release notes, see Firebase JavaScript SDK Release Notes.

What's Changed

@​firebase/app@​0.15.0

Minor Changes

  • 420156e #10023 - Add ability to call initializeAppCheck without a provider. If no provider is passed to initializeAppCheck, App Check will attempt to initialize with a ReCaptchaEnterpriseProvider using the site key found in the recaptchaSiteKey field of the Firebase project config.

@​firebase/app-check@​0.12.0

Minor Changes

  • 420156e #10023 - Add ability to call initializeAppCheck without a provider. If no provider is passed to initializeAppCheck, App Check will attempt to initialize with a ReCaptchaEnterpriseProvider using the site key found in the recaptchaSiteKey field of the Firebase project config.

Patch Changes

  • e389f70 #9991 (fixes #9405) - Fix error causing Auth and AppCheck conflict when both are using ReCAPTCHA Enterprise.

firebase@12.15.0

Minor Changes

  • 043c0ab #9929 - Merge offline pipeline implementation with one minor API change

  • 420156e #10023 - Add ability to call initializeAppCheck without a provider. If no provider is passed to initializeAppCheck, App Check will attempt to initialize with a ReCaptchaEnterpriseProvider using the site key found in the recaptchaSiteKey field of the Firebase project config.

Patch Changes

@​firebase/firestore@​4.16.0

Minor Changes

  • 043c0ab #9929 - Merge offline pipeline implementation with one minor API change

@​firebase/ai@​2.13.1

Patch Changes

... (truncated)

Commits
  • 05c2691 Version Packages (#10080)
  • 93cecd0 Merge main into release
  • fa26af2 Change setup-node@master to v4 (#10090)
  • 67c41e3 Merge main into release
  • 9bef5ab feat(ai): Deprecate Google Maps Grounding enableWidget (#10035)
  • 40b2a8c run ratchet (#10064)
  • 3dcf8ec Revert "chore(ci): make all firestore integration tests optional (#10028)" (#...
  • 36d0ca3 Merge main into release
  • 6990f26 Fix querystring to always use apiKey even if a key is specified in the reques...
  • 712091c Support API key referrer restrictions by changing the Auth SDK referrer polic...
  • Additional commits viewable in compare view

Updates react-hook-form from 7.78.0 to 7.80.0

Release notes

Sourced from react-hook-form's releases.

Version 7.80.0

🧄 feat: disable useFieldArray fields (#13535)

const { fields } = useFieldArray({ disabled: true });
fields[0].disabled; // contains disabled props

🛺 perf: make rhf more performant (#13524) 🐞 fix(deepEqual): empty array and empty plain object should not be equal (#13533)

thanks to @​JSap0914

Version 7.79.0

🚷 feat: use field array disabled (#13520)

useFieldArray({ disabled, name: 'test' })

🐞 fix controller onChange promise (#13518) 🐞 fix: track visited pairs in deepEqual to avoid false positives with shared object references (#13515) 🐞 fix #12651 issue: field validation with shouldUseNativeValidation does not behave native like for radio groups (#13512) 🐞 fix #12754 createFormControl breaks with fast refresh in dev mode (#13511) 🐞 close #12709 #12750 StrictMode would remove field value & get mounted again (#13508) 🐞 fix #13505 issue: In v8 with React compiler, a change in formState errors does not cause child components to re-render (#13510)

thanks to @​DucMinhNe & @​louzhedong

Changelog

Sourced from react-hook-form's changelog.

[7.80.0] - 2026-06-20

Added

  • disabled prop support for individual fields within useFieldArray

Fixed

  • deepEqual incorrectly treating empty array [] and empty plain object {} as equal

Performance

  • Improve onChange, setValid, dirty checking, setValue, and setValues performance

[7.79.0] - 2026-06-13

Added

  • disabled option to useFieldArray

Fixed

  • Controller onChange promise return type
  • deepEqual false positives with shared object references
  • shouldUseNativeValidation behavior for radio groups
  • createFormControl stability with fast refresh in dev mode
  • StrictMode value preservation during remount
  • formState.errors reactivity with React compiler
Commits

Updates react-router-dom from 7.17.0 to 7.18.0

Changelog

Sourced from react-router-dom's changelog.

v7.18.0

Patch Changes

Commits

Updates @types/node from 22.19.20 to 22.20.0

Commits

Updates @typescript-eslint/eslint-plugin from 8.61.0 to 8.62.0

Release notes

Sourced from @​typescript-eslint/eslint-plugin's releases.

v8.62.0

8.62.0 (2026-06-22)

🚀 Features

  • remove redundant package.json "files" (#12444)

🩹 Fixes

  • add "files" to rule-schema-to-typescript-types (#12441)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.61.1

8.61.1 (2026-06-15)

🩹 Fixes

  • eslint-plugin: [consistent-indexed-object-style] do not remove comments when fixing (#12396, #10577)
  • eslint-plugin: [no-unnecessary-type-assertion] avoid false positive for template literal expressions (#12281)
  • eslint-plugin: [no-unnecessary-type-assertion] wrap object literal in parens when removing TSTypeAssertion in arrow body (#12394, #12393)
  • eslint-plugin: [no-unnecessary-boolean-literal-compare] fix precedence bug in autofix (#12413)
  • eslint-plugin: [no-unnecessary-template-expression] respect ECMAScript line terminators (#12388)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/eslint-plugin's changelog.

8.62.0 (2026-06-22)

🚀 Features

  • remove redundant package.json "files" (#12444)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.61.1 (2026-06-15)

🩹 Fixes

  • eslint-plugin: [no-unnecessary-template-expression] respect ECMAScript line terminators (#12388)
  • eslint-plugin: [no-unnecessary-boolean-literal-compare] fix precedence bug in autofix (#12413)
  • eslint-plugin: [no-unnecessary-type-assertion] wrap object literal in parens when removing TSTypeAssertion in arrow body (#12394, #12393)
  • eslint-plugin: [no-unnecessary-type-assertion] avoid false positive for template literal expressions (#12281)
  • eslint-plugin: [consistent-indexed-object-style] do not remove comments when fixing (#12396, #10577)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits
  • 54e2857 chore(release): publish 8.62.0
  • 81e4c26 feat: remove redundant package.json "files" (#12444)
  • b784054 chore: use stableTypeOrdering compiler option (#12427)
  • aaad718 chore(release): publish 8.61.1
  • 0cc8f35 fix(eslint-plugin): [no-unnecessary-template-expression] respect ECMAScript l...
  • 6f269e2 fix(eslint-plugin): [no-unnecessary-boolean-literal-compare] fix precedence b...
  • 1b5d543 fix(eslint-plugin): [no-unnecessary-type-assertion] wrap object literal in pa...
  • 565e666 fix(eslint-plugin): [no-unnecessary-type-assertion] avoid false positive for ...
  • 204eabc fix(eslint-plugin): [consistent-indexed-object-style] do not remove comments ...
  • See full diff in compare view

Updates @typescript-eslint/parser from 8.61.0 to 8.62.0

Release notes

Sourced from @​typescript-eslint/parser's releases.

v8.62.0

8.62.0 (2026-06-22)

🚀 Features

  • remove redundant package.json "files" (#12444)

🩹 Fixes

  • add "files" to rule-schema-to-typescript-types (#12441)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.61.1

8.61.1 (2026-06-15)

🩹 Fixes

  • eslint-plugin: [consistent-indexed-object-style] do not remove comments when fixing (#12396, #10577)
  • eslint-plugin: [no-unnecessary-type-assertion] avoid false positive for template literal expressions (#12281)
  • eslint-plugin: [no-unnecessary-type-assertion] wrap object literal in parens when removing TSTypeAssertion in arrow body (#12394, #12393)
  • eslint-plugin: [no-unnecessary-boolean-literal-compare] fix precedence bug in autofix (#12413)
  • eslint-plugin: [no-unnecessary-template-expression] respect ECMAScript line terminators (#12388)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/parser's changelog.

8.62.0 (2026-06-22)

🚀 Features

  • remove redundant package.json "files" (#12444)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.61.1 (2026-06-15)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

Updates firebase-tools from 15.19.1 to 15.22.1

Release notes

Sourced from firebase-tools's releases.

v15.22.0

  • Added apphosting:secrets:revokeaccess command. (#10669)
  • Updated Pub/Sub emulator to version 0.8.33.
  • Updated Data Connect emulator to version 3.4.12.
  • Fix Data Connect non-deterministic output order of generated SDK files when compiled from multiple GQL source files.
  • Optimize Data Connect singular relation filters on PKs to avoid EXISTS subqueries.

v15.21.0

  • Fixed an issue where login:*, target:*, and ext:* subcommands were missing from firebase --help.
  • Functions can declare additional API dependencies (#10621)
  • Added mock Passkey (WebAuthn) support to the Auth emulator. (#10636)
  • Fixes spawn activate.bat ENOENT error on Windows when initializing Python functions. (#10608)
  • Fixed an issue where Cloud Run rewrites in the Hosting emulator would always hit the live Cloud Run API instead of routing to the local functions emulator. (#10588)
  • Removed temporary warning directing Dart functions users to Cloud Console, as Firebase Console now supports Dart functions. (#10584)
  • Updated the Firebase Data Connect local toolkit to v3.4.11, which includes the following changes:
    • [changed] Updated the Golang dependency version to 1.25.11.
  • Fixed issue where apptesting:execute command rejects documented --test-username, --test-password, and --test-password-file options.
  • Updated Web Frameworks to warn about missing SSRF protection config in Angular 22 deploys (#10523)
  • Fixed an issue where Astro 6 SSR deploys returned HTTP 500 by preserving the server/ directory in the generated Cloud Function. (#10537)

v15.20.0

  • Removed the prompt and backend deletion of Data Connect services during firebase deploy. (#10619)
  • Fixes firebase init dataconnect failing with ENOEXEC when creating a new template app on some operating systems. (#10616)
  • Support setting the Google Cloud Storage (GCS) test results bucket in apptesting:execute and appdistribution:distribute
Commits

Updates prettier from 3.8.3 to 3.8.4

Release notes

Sourced from prettier's releases.

3.8.4

🔗 Changelog

Changelog

Sourced from prettier's changelog.

3.8.4

diff

Markdown: Fix blank lines between list items and nested sub-lists being removed in Markdown/MDX (#17746 by @​byplayer)

Prettier was removing blank lines between list items and their nested sub-lists, converting loose lists into tight lists and changing their semantic meaning.

<!-- Input -->
- a


b


c

d



<!-- Prettier 3.8.3 -->

a

b


c

d



<!-- Prettier 3.8.4 -->


a

b



c

d
Commits
  • 1c6ba55 Release 3.8.4
  • 4a673dc Fix blank lines between list items and nested sub-lists being removed in Mark...
  • 074aaed Replace main branch in changelog link with tags (#19054)
  • c22a003 Bump Prettier dependency to 3.8.3
  • 07bad1f Clean changelog_unreleased
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

…8 updates

Bumps the root-minor-patch group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [firebase](https://github.com/firebase/firebase-js-sdk) | `12.14.0` | `12.15.0` |
| [react-hook-form](https://github.com/react-hook-form/react-hook-form) | `7.78.0` | `7.80.0` |
| [react-router-dom](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router-dom) | `7.17.0` | `7.18.0` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `22.19.20` | `22.20.0` |
| [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) | `8.61.0` | `8.62.0` |
| [firebase-tools](https://github.com/firebase/firebase-tools) | `15.19.1` | `15.22.1` |
| [prettier](https://github.com/prettier/prettier) | `3.8.3` | `3.8.4` |



Updates `firebase` from 12.14.0 to 12.15.0
- [Release notes](https://github.com/firebase/firebase-js-sdk/releases)
- [Changelog](https://github.com/firebase/firebase-js-sdk/blob/main/CHANGELOG.md)
- [Commits](https://github.com/firebase/firebase-js-sdk/compare/firebase@12.14.0...firebase@12.15.0)

Updates `react-hook-form` from 7.78.0 to 7.80.0
- [Release notes](https://github.com/react-hook-form/react-hook-form/releases)
- [Changelog](https://github.com/react-hook-form/react-hook-form/blob/master/CHANGELOG.md)
- [Commits](react-hook-form/react-hook-form@v7.78.0...v7.80.0)

Updates `react-router-dom` from 7.17.0 to 7.18.0
- [Release notes](https://github.com/remix-run/react-router/releases)
- [Changelog](https://github.com/remix-run/react-router/blob/react-router-dom@7.18.0/packages/react-router-dom/CHANGELOG.md)
- [Commits](https://github.com/remix-run/react-router/commits/react-router-dom@7.18.0/packages/react-router-dom)

Updates `@types/node` from 22.19.20 to 22.20.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `@typescript-eslint/eslint-plugin` from 8.61.0 to 8.62.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.62.0/packages/eslint-plugin)

Updates `@typescript-eslint/parser` from 8.61.0 to 8.62.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.62.0/packages/parser)

Updates `firebase-tools` from 15.19.1 to 15.22.1
- [Release notes](https://github.com/firebase/firebase-tools/releases)
- [Commits](firebase/firebase-tools@v15.19.1...v15.22.1)

Updates `prettier` from 3.8.3 to 3.8.4
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](prettier/prettier@3.8.3...3.8.4)

---
updated-dependencies:
- dependency-name: firebase
  dependency-version: 12.15.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: root-minor-patch
- dependency-name: react-hook-form
  dependency-version: 7.80.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: root-minor-patch
- dependency-name: react-router-dom
  dependency-version: 7.18.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: root-minor-patch
- dependency-name: "@types/node"
  dependency-version: 22.20.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: root-minor-patch
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-version: 8.62.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: root-minor-patch
- dependency-name: "@typescript-eslint/parser"
  dependency-version: 8.62.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: root-minor-patch
- dependency-name: firebase-tools
  dependency-version: 15.22.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: root-minor-patch
- dependency-name: prettier
  dependency-version: 3.8.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: root-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 22, 2026
@socket-security

Copy link
Copy Markdown

@socket-security

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: npm firebase-tools is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: package-lock.jsonnpm/firebase-tools@15.22.1

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/firebase-tools@15.22.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@dependabot @github

dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor Author

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Jun 29, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/root-minor-patch-51e6392ba3 branch June 29, 2026 19:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants