Bump the npm_and_yarn group across 1 directory with 3 updates

[dependabot]

Bumps the npm_and_yarn group with 1 update in the /js directory: firebase.

Updates firebase from 7.24.0 to 12.13.0

Release notes

Sourced from firebase's releases.

firebase@12.13.0

For more detailed release notes, see Firebase JavaScript SDK Release Notes.

What's Changed

@​firebase/ai@​2.12.0

Minor Changes

• ffa39f6 #9795 - Added LiveSession.resumeSession() to allow resuming a previous LiveSession. Also added contextWindowCompression feature.

• 86dc0db #9819 - Added support for ImageConfig (aspect ratio and size). Expanded FinishReason values to include all currently available values provided by the models.

• 345c5f6 #9458 - AI Logic : Feature : Added support for Grounding with Google Maps.

Patch Changes

• 8e384c9 #9883 - Updated dependencies.

• Updated dependencies [8e384c9]:

• @​firebase/app-check-interop-types@​0.3.4

• @​firebase/component@​0.7.3

• @​firebase/logger@​0.5.1

• @​firebase/util@​1.15.1

@​firebase/data-connect@​0.7.0

Minor Changes

• 714b41d #9905 - Hardened the Firebase SQL Connect streaming transport with intelligent reconnection, query de-duplication, and resume optimizations.

Patch Changes

• 8e384c9 #9883 - Updated dependencies.

• Updated dependencies [8e384c9]:

• @​firebase/auth-interop-types@​0.2.5

• @​firebase/component@​0.7.3

• @​firebase/logger@​0.5.1

• @​firebase/util@​1.15.1

firebase@12.13.0

Minor Changes

• ffa39f6 #9795 - Added LiveSession.resumeSession() to allow resuming a previous LiveSession. Also added contextWindowCompression feature.

• 714b41d #9905 - Hardened the Firebase SQL Connect streaming transport with intelligent reconnection, query de-duplication, and resume optimizations.

... (truncated)

Commits

• 1adfd64 Version Packages (#9923)
• 50d5b6a Merge main into release
• 714b41d feat(data-connect): add de-duplication, resume, and intelligent reconnection ...
• f80895f Merge main into release
• 330a387 chore: migrate test functions to v2 (#9910)
• 3b87134 build(deps): bump axios from 1.13.5 to 1.15.2 (#9860)
• 402b1f0 fix(firestore): Assertion ID: ca9 (pendingResponses less than 0) caused by ta...
• 86dc0db feat(ai): ImageConfig and FinishReasons (#9819)
• 62ae2e2 chore: Update picomatch and rollup-plugin-typescript2 (#9892)
• 96e81ff feat(firestore): Added search stage support for languageCode, offset, limit, ...
• Additional commits viewable in compare view

Updates @firebase/util from 0.3.2 to 1.15.1

Changelog

Sourced from @​firebase/util's changelog.

1.15.1

Patch Changes

• 8e384c9 #9883 - Updated dependencies.

1.15.0

Minor Changes

• 2f7f426 #9608 - Remove updateEmulatorBanner(). (No release note needed.)

1.14.0

Minor Changes

• eebba69 #9439 - Add Memory-Based caching to Queries in Firebase Data Connect.

1.13.0

Minor Changes

• 25b60fd #9128 - Update node "engines" version to a minimum of Node 20.

Patch Changes

• f18b25f #9167 - Set build targets to ES2020.

1.12.1

Patch Changes

• 42ac401 #9111 - Fixed issue where Storage on Firebase Studio throws CORS errors.

1.12.0

Minor Changes

• 8a03143 #8993 - Fix Safari/WebKit cache issues when client-side indexing is used.

1.11.3

Patch Changes

• 9bcd1ea #9043 - Fixed emulator overlay behavior on scroll

1.11.2

Patch Changes

... (truncated)

Commits

• 1adfd64 Version Packages (#9923)
• 62ae2e2 chore: Update picomatch and rollup-plugin-typescript2 (#9892)
• 852957b Version Packages (#9727)
• 2f7f426 Remove updateEmulatorBanner (#9608)
• 291851c Version Packages (#9591)
• eebba69 feat(data-connect): Caching for FDC (#9439)
• 52c8579 Version Packages (#9165)
• 25b60fd chore!: update engines.node to minimum of 20 (#9128)
• 2d72099 build!: update build targets to ES2020 (#9101)
• 3c759f0 Version Packages (#9126)
• Additional commits viewable in compare view

Install script changes

This version adds postinstall script that runs during installation. Review the package contents before updating.

Updates protobufjs from 6.11.6 to 7.5.8

Release notes

Sourced from protobufjs's releases.

protobufjs: v7.5.8

7.5.8 (2026-05-12)

Bug Fixes

• Backport parser hardening to 7.x (#2245) (54b593f)

protobufjs: v7.5.7

7.5.7 (2026-05-09)

Bug Fixes

• Restore first-match namespace lookup (#2236) (cc7d595)

protobufjs: v7.5.6

7.5.6 (2026-04-27)

Bug Fixes

• Backport input hardening and CLI fixes to 7.x (#2173) (75392ea)

v7.5.5

This release backports two reported security issues to 7.x branch.

• fix: do not allow setting __proto__ in Message constructor (#2126)
• fix: filter invalid characters from the type name (#2127)

Full Changelog: protobufjs/protobuf.js@protobufjs-v7.5.4...protobufjs-v7.5.5

protobufjs: v7.5.4

7.5.4 (2025-08-15)

Bug Fixes

• invalid syntax in descriptor.proto (#2092) (5a3769a)

protobufjs: v7.5.3

7.5.3 (2025-05-28)

Bug Fixes

• descriptor extensions handling post-editions (#2075) (6e255d4)

protobufjs: v7.5.2

7.5.2 (2025-05-14)

... (truncated)

Changelog

Sourced from protobufjs's changelog.

7.5.8 (2026-05-12)

Bug Fixes

• Backport parser hardening to 7.x (#2245) (54b593f)

7.5.7 (2026-05-09)

Bug Fixes

• Restore first-match namespace lookup (#2236) (cc7d595)

7.5.6 (2026-04-27)

Bug Fixes

• Backport input hardening and CLI fixes to 7.x (#2173) (75392ea)

7.5.4 (2025-08-15)

Bug Fixes

• invalid syntax in descriptor.proto (#2092) (5a3769a)

7.5.3 (2025-05-28)

Bug Fixes

• descriptor extensions handling post-editions (#2075) (6e255d4)

7.5.2 (2025-05-14)

Bug Fixes

• ensure that types are always resolved (#2068) (4b51cb2)

7.5.1 (2025-05-08)

Bug Fixes

• optimize regressions from editions implementations (#2066) (6406d4c)
• reserved field inside group blocks fail parsing (#2058) (56782bf)

... (truncated)

Commits

• d7035f9 chore: release protobufjs-v7.x (#2248)
• 54b593f fix: Backport parser hardening to 7.x (#2245)
• e88fcea chore: release protobufjs-v7.x (#2239)
• cc7d595 fix: Restore first-match namespace lookup (#2236)
• 3abc9b5 chore: release protobufjs-v7.x (#2190)
• a0bf2df fix: Update CLI peer dependency (7.x) (#2189)
• 2189e5b chore: release protobufjs-v7.x (#2174)
• 75392ea fix: Backport input hardening and CLI fixes to 7.x (#2173)
• 8af8d7c chore(ci): Fix 7.x release please configuration (#2169)
• e92ca42 chore(ci): Enable release-please for 7.x (#2166)
• Additional commits viewable in compare view

Install script changes

This version modifies prepublish script that runs during installation. Review the package contents before updating.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[dependabot]

Looks like these dependencies are no longer updatable, so this is no longer needed.