Bump the npm_and_yarn group across 1 directory with 11 updates

[dependabot]

Bumps the npm_and_yarn group with 11 updates in the / directory:

Package	From	To
express	4.18.2	4.19.2
firebase-tools	12.9.1	13.6.0
browserify-sign	4.2.1	4.2.3
protobufjs	7.2.4	7.2.6
firebase-admin	11.11.1	12.1.0
ip	1.1.8	1.1.9
jose	4.15.3	4.15.5
jsrsasign	10.5.26	removed
@simplewebauthn/server	6.3.0-alpha.1	10.0.0
undici	5.26.5	5.28.4
firebase	10.7.1	10.11.1

Updates express from 4.18.2 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

• Improved fix for open redirect allow list bypass

Full Changelog: expressjs/express@4.19.1...4.19.2

4.19.1

What's Changed

• Fix ci after location patch by @​wesleytodd in expressjs/express#5552
• fixed un-edited version in history.md for 4.19.0 by @​wesleytodd in expressjs/express#5556

Full Changelog: expressjs/express@4.19.0...4.19.1

4.19.0

What's Changed

• fix typo in release date by @​UlisesGascon in expressjs/express#5527
• docs: nominating @​wesleytodd to be project captian by @​wesleytodd in expressjs/express#5511
• docs: loosen TC activity rules by @​wesleytodd in expressjs/express#5510
• Add note on how to update docs for new release by @​crandmck in expressjs/express#5541
• Prevent open redirect allow list bypass due to encodeurl
• Release 4.19.0 by @​wesleytodd in expressjs/express#5551

New Contributors

• @​crandmck made their first contribution in expressjs/express#5541

Full Changelog: expressjs/express@4.18.3...4.19.0

4.18.3

Main Changes

• Fix routing requests without method
• deps: [email protected]
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: [email protected]

Other Changes

• Use https: protocol instead of deprecated git: protocol by @​vcsjones in expressjs/express#5032
• build: [email protected] and [email protected] by @​abenhamdine in expressjs/express#5034
• ci: update actions/checkout to v3 by @​armujahid in expressjs/express#5027
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5124
• Remove unused originalIndex from acceptParams by @​raksbisht in expressjs/express#5119
• Fixed typos by @​raksbisht in expressjs/express#5117
• examples: remove unused params by @​raksbisht in expressjs/express#5113
• fix: parameter str is not described in JSDoc by @​raksbisht in expressjs/express#5130
• fix: typos in History.md by @​raksbisht in expressjs/express#5131
• build : add [email protected] by @​abenhamdine in expressjs/express#5028
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

• Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

• Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

• Prevent open redirect allow list bypass due to encodeurl
• deps: [email protected]

4.18.3 / 2024-02-29

• Fix routing requests without method
• deps: [email protected]
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: [email protected]
• deps: [email protected]
  • Add partitioned option

Commits

• 04bc627 4.19.2
• da4d763 Improved fix for open redirect allow list bypass
• 4f0f6cc 4.19.1
• a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
• a1fa90f fixed un-edited version in history.md for 4.19.0
• 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
• 084e365 4.19.0
• 0867302 Prevent open redirect allow list bypass due to encodeurl
• 567c9c6 Add note on how to update docs for new release (#5541)
• 69a4cf2 deps: [email protected]
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Updates firebase-tools from 12.9.1 to 13.6.0

Release notes

Sourced from firebase-tools's releases.

v13.6.0

• Released Firestore Emulator 1.19.4. This version fixes a minor bug with reserve ids and adds a reset endpoint for Datastore Mode.
• Released PubSub Emulator 0.8.2. This version includes support for no_wrapper options.
• Fixes issue where GitHub actions service account cannot add preview URLs to Auth authorized domains. (#6895)
• Fixes issue where GOOGLE_CLOUD_QUOTA_PROJECT breaks functions source uploads (#6917)

v13.5.2

• Fix hosting rewrite deployment bug for skipped functions (#6658).

v13.5.1

• Release Emulator Suite UI v1.11.8 which adds support for Multiple DBs in the Emulator UI Firestore page via editing the URL. (#6874)

v13.5.0

• Enable dynamic debugger port for functions + support for inspecting multiple codebases (#6854)
• Inject an environment variable in the node functions emulator to tell the google-gax SDK not to look for the metadata service. (#6860)
• Release Firestore Emulator 1.19.3 which fixes ancestor and namespace scope queries for Datastore Mode. This release also fixes internal errors seen across REST API and firebase-js-sdk.
• v2 scheduled functions with explicit service accounts trigger eventarc to use that service account (#6858)
• v2 event functions with explicit service accounts trigger eventarc to use that service account (#6859)

v13.4.1

• Released Firestore emulator v1.19.2, which fixes some bugs affecting client SDKs when in Datastore Mode.
• Fix demo projects + web frameworks with emulators (#6737)
• Fix Next.js static routes with server actions (#6664)
• Fixed an issue where GOOGLE_CLOUD_QUOTA_PROJECT was not correctly respected. (#6801)
• Make VPC egress settings in functions parameterizeable (#6843)

v13.4.0

• Added new commands for managing Firestore backups and restoring databases. (#6778)
• Fixed quota attribution for Firebase Auth API calls. (#6819)

v13.3.1

• Release Cloud Firestore emulator v1.19.1:
  • Adds support for Datastore Mode to the Firstore Emulator. Adds --database-mode flag to gcloud emulator firestore start command. Note that this is a preview feature and if you find any bugs, please file them here: https://github.com/firebase/firebase-tools/issues.
• Improve FAH onboarding flow to connect backends with SCMs (#6764).
• Fixed issue where GitHub actions would fail due to lack of permission. (#6791)

v13.3.0

• Improved detection for when login has expired due to Google Cloud Session Control. (#1846)
• Added support for Python 3.12. (#6679)
• Fixed issues with internal utilities. (#6754)
• Fixed an issue where firestore:delete wouldn't target the emulator when expected. (#6537)

v13.2.1

• Fixed an issue where appdistribution:distribute would always attempt to run tests. (#6749)

v13.2.0

• Added rudimentary email enumeration protection for auth emulator. (#6702)

... (truncated)

Commits

• f6b7d05 13.6.0
• a26c3d0 Ignore quota project in GCF source uploads (#6917)
• 476bd33 Update to PubSub emulator 0.8.2 (#6916)
• ccab9b7 Add Service Usage Consumer role to GitHub Actions service account (#6895)
• 4c1bd42 Switching a few more places to getters (#6914)
• 6950829 Fix "could not assert Secret Manager permissions" Cloud Build error (#6904)
• 4a17ca7 Refactor api.ts file constants to getters (#6913)
• c6d1615 Update Firestore Emulator version (#6912)
• 90b6506 Vector config support (#6900)
• dc13cb9 make fetchLinkableGitRepositories get all linkable git repositories (#6889)
• Additional commits viewable in compare view

Updates browserify-sign from 4.2.1 to 4.2.3

Changelog

Sourced from browserify-sign's changelog.

v4.2.3 - 2024-03-05

Commits

• [patch] widen support to 0.12 9247adf
• [patch] drop minimum node support to v1 4d0ee49
• [Dev Deps] update aud, npmignore, tape 87f3a35
• [actions] remove redundant finisher 37a4758
• [Deps] pin hash-base to ~3.0, due to a breaking change 9e2bf12
• [Deps] update parse-asn1 [f427270`](browserify/browserify-sign@f427270)
• [Deps] update elliptic fb261ce
• [Deps] pin elliptic due to a breaking change 168e16f

v4.2.2 - 2023-10-25

Fixed

• [Tests] log when openssl doesn't support cipher [#37](https://github.com/crypto-browserify/browserify-sign/issues/37)

Commits

• Only apps should have lockfiles 09a8995
• [eslint] switch to eslint 83fe463
• [meta] add npmignore and auto-changelog 4418183
• [meta] fix package.json indentation 9ac5a5e
• [Tests] migrate from travis to github actions d845d85
• [Fix] sign: throw on unsupported padding scheme 8767739
• [Fix] properly check the upper bound for DSA signatures 85994cd
• [Tests] handle openSSL not supporting a scheme f5f17c2
• [Deps] update bn.js, browserify-rsa, elliptic, parse-asn1, readable-stream, safe-buffer a67d0eb
• [Dev Deps] update nyc, standard, tape cc5350b
• [Tests] always run coverage; downgrade nyc 75ce1d5
• [meta] add safe-publish-latest dcf49ce
• [Tests] add npm run posttest 75dd8fd
• [Dev Deps] update tape 3aec038
• [Tests] skip unsupported schemes 703c83e
• [Tests] node < 6 lacks array includes 3aa43cf
• [Dev Deps] fix eslint range 98d4e0d

Commits

• bf2c3ec v4.2.3
• 9247adf [patch] widen support to 0.12
• f427270 [Deps] update `parse-asn1
• 87f3a35 [Dev Deps] update aud, npmignore, tape
• fb261ce [Deps] update elliptic
• 4d0ee49 [patch] drop minimum node support to v1
• 9e2bf12 [Deps] pin hash-base to ~3.0, due to a breaking change
• 168e16f [Deps] pin elliptic due to a breaking change
• 37a4758 [actions] remove redundant finisher
• 4af5a90 v4.2.2
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for browserify-sign since your current version.

Updates protobufjs from 7.2.4 to 7.2.6

Release notes

Sourced from protobufjs's releases.

protobufjs: v7.2.6

7.2.6 (2024-01-16)

Bug Fixes

• report missing import properly in loadSync (#1960) (af3ff83)

protobufjs: v7.2.5

7.2.5 (2023-08-21)

Bug Fixes

• crash in comment parsing (#1890) (eaf9f0a)
• deprecation warning for new Buffer (#1905) (e93286e)
• possible infinite loop when parsing option (#1923) (f2a8620)

Changelog

Sourced from protobufjs's changelog.

7.2.6 (2024-01-16)

Bug Fixes

• report missing import properly in loadSync (#1960) (af3ff83)

7.2.5 (2023-08-21)

Bug Fixes

• crash in comment parsing (#1890) (eaf9f0a)
• deprecation warning for new Buffer (#1905) (e93286e)
• possible infinite loop when parsing option (#1923) (f2a8620)

Commits

• 2f846fe chore: release master (#1962)
• af3ff83 fix: report missing import properly in loadSync (#1960)
• 4436cc7 chore: release master (#1925)
• e93286e fix: deprecation warning for new Buffer (#1905)
• eaf9f0a fix: crash in comment parsing (#1890)
• f2a8620 fix: possible infinite loop when parsing option (#1923)
• See full diff in compare view

Updates firebase-admin from 11.11.1 to 12.1.0

Release notes

Sourced from firebase-admin's releases.

Firebase Admin Node.js SDK v12.1.0

New Features

• feat(rc): Add server side Remote Config support (#2529)

Miscellaneous

• [chore] Release 12.1.0 (#2532)
• Fix minor typo (#2533)
• chore: Excluding certain event_types from processing uid (#2370)
• build(deps-dev): bump gulp from 4.0.2 to 5.0.0 (#2526)
• build(deps-dev): bump @​firebase/app-compat from 0.2.29 to 0.2.30 (#2527)
• build(deps): bump @​google-cloud/firestore from 7.5.0 to 7.6.0 (#2528)
• build(deps): bump undici in /.github/actions/send-email (#2521)
• build(deps-dev): bump @​firebase/auth-types from 0.12.0 to 0.12.1 (#2514)
• build(deps-dev): bump mocha from 10.3.0 to 10.4.0 (#2513)
• build(deps): bump @​types/node from 20.11.30 to 20.12.2 (#2516)
• build(deps): bump @​google-cloud/firestore from 7.4.0 to 7.5.0 (#2517)
• build(deps-dev): bump @​firebase/app-compat from 0.2.28 to 0.2.29 (#2510)
• build(deps): bump @​google-cloud/storage from 7.7.0 to 7.9.0 (#2509)
• build(deps-dev): bump @​microsoft/api-extractor from 7.42.3 to 7.43.0 (#2511)
• build(deps): bump @​types/node from 20.11.24 to 20.11.30 (#2508)
• [chore] Fixed links to rtdb api docs (#2501)
• issue 2467: add async to send each loop to prevent local validation from throwing in an unknown state (#2469)
• build(deps): bump @​fastify/busboy from 2.1.0 to 2.1.1 (#2491)
• build(deps): bump follow-redirects in /.github/actions/send-email (#2497)
• build(deps): bump @​google-cloud/firestore from 7.3.0 to 7.4.0 (#2499)
• build(deps): bump jose from 4.15.4 to 4.15.5 (#2489)
• build(deps-dev): bump @​microsoft/api-extractor from 7.42.0 to 7.42.3 (#2485)
• build(deps): bump @​types/node from 20.11.19 to 20.11.24 (#2484)
• build(deps-dev): bump @​firebase/app-compat from 0.2.27 to 0.2.28 (#2483)
• build(deps-dev): bump @​microsoft/api-extractor from 7.40.3 to 7.42.0 (#2480)
• build(deps-dev): bump eslint from 8.56.0 to 8.57.0 (#2473)
• build(deps-dev): bump nock from 13.5.3 to 13.5.4 (#2475)
• build(deps-dev): bump @​microsoft/api-extractor from 7.40.1 to 7.40.3 (#2465)
• build(deps-dev): bump nock from 13.5.1 to 13.5.3 (#2463)
• build(deps): bump @​types/node from 20.11.17 to 20.11.19 (#2464)
• build(deps): bump undici in /.github/actions/send-email (#2459)
• build(deps): bump @​types/node from 20.11.5 to 20.11.17 (#2455)
• build(deps-dev): bump mocha from 10.2.0 to 10.3.0 (#2454)
• build(deps-dev): bump @​microsoft/api-extractor from 7.39.4 to 7.40.1 (#2452)
• [chore] Update Github action workflows to fix node version and set-output deprecation warnings (#2431)
• [chore] Bump mailgun.js to v10.1.0 (#2451)
• build(deps): bump @​google-cloud/firestore from 7.1.0 to 7.3.0 (#2446)
• build(deps-dev): bump @​types/uuid from 9.0.7 to 9.0.8 (#2445)
• build(deps-dev): bump @​firebase/app-compat from 0.2.25 to 0.2.27 (#2443)
• build(deps-dev): bump @​types/sinon from 17.0.2 to 17.0.3 (#2442)
• [chore] Bump @actions/core to ^1.10.1 to remove set-output warning and set action to use Node 20 (#2432)
• build(deps-dev): bump ts-node from 10.9.1 to 10.9.2 (#2435)

... (truncated)

Commits

• 67151e6 [chore] Release 12.1.0 (#2532)
• ba20755 Fix minor typo (#2533)
• 19c74dc chore: Excluding certain event_types from processing uid (#2370)
• a833f4e feat(rc): Add server side Remote Config support (#2529)
• a00de0c build(deps-dev): bump gulp from 4.0.2 to 5.0.0 (#2526)
• 25b2c68 build(deps-dev): bump @​firebase/app-compat from 0.2.29 to 0.2.30 (#2527)
• fa59e2a build(deps): bump @​google-cloud/firestore from 7.5.0 to 7.6.0 (#2528)
• 34f0ac2 build(deps): bump undici in /.github/actions/send-email (#2521)
• 837b69b build(deps-dev): bump @​firebase/auth-types from 0.12.0 to 0.12.1 (#2514)
• e7ea83e build(deps-dev): bump mocha from 10.3.0 to 10.4.0 (#2513)
• Additional commits viewable in compare view

Updates ip from 1.1.8 to 1.1.9

Commits

• 1ecbf2f 1.1.9
• 6a3ada9 lib: fixed CVE-2023-42282 and added unit test
• See full diff in compare view

Updates jose from 4.15.3 to 4.15.5

Release notes

Sourced from jose's releases.

v4.15.5

Fixes

• add a maxOutputLength option to zlib inflate (1b91d88), fixes CVE-2024-28176

v4.15.4

Fixes

• types: export GetKeyFunction (#592) (936c9df), closes #591

Changelog

Sourced from jose's changelog.

4.15.5 (2024-03-07)

Fixes

• add a maxOutputLength option to zlib inflate (1b91d88)

4.15.4 (2023-10-14)

Fixes

• types: export GetKeyFunction (#592) (936c9df), closes #591

Commits

• 765aafd chore(release): 4.15.5
• b36e45e test: add export check to x509 pem import tests
• e839ecb test: stop testing JWE RSA1_5 Algorithm
• 1b91d88 fix: add a maxOutputLength option to zlib inflate
• 9ca2b24 build: remove release action
• f3035d8 chore: cleanup after release
• f0bb220 chore(release): 4.15.4
• 6f38554 chore: bump dev deps
• 936c9df fix(types): export GetKeyFunction (#592)
• 5ac6619 chore: bump dev deps
• Additional commits viewable in compare view

Removes jsrsasign

Updates @simplewebauthn/server from 6.3.0-alpha.1 to 10.0.0

Release notes

Sourced from @​simplewebauthn/server's releases.

v10.0.0 - The one that goes up to 20

Thanks for everything, Node 16 and Node 18, but it's time to move on! The headlining change of this release is the targeting of Node LTS v20+ as the minimum Node runtime. Additional developer-centric quality-of-life changes have also been made in the name of streamlining use of SimpleWebAuthn on both the back end and front end.

This release is packed with updates, so buckle up! Refactor advice for breaking changes is, as always, offered below.

Packages

• @​simplewebauthn/browser@​10.0.0
• @​simplewebauthn/server@​10.0.0
• @​simplewebauthn/types@​10.0.0

Changes

• [server] The minimum supported Node version has been raised to Node v20 (#531)
• [server] user.displayName now defaults to an empty string if a value is not specified for userDisplayName when calling generateRegistrationOptions() (#538)
• [browser] The browserSupportsWebAuthnAutofill() helper will no longer break in environments in which PublicKeyCredential is not present (#557, with thanks to @​clarafitzgerald)

Breaking Changes

• [server] The following breaking changes were made in PR #529:
  • generateRegistrationOptions() now expects Base64URLString for excluded credential IDs
  • generateAuthenticationOptions() now expects Base64URLString for allowed credential IDs
  • credentialID returned from response verification methods is now a Base64URLString
  • AuthenticatorDevice.credentialID is now a Base64URLString
  • isoBase64URL.isBase64url() is now called isoBase64URL.isBase64URL()
• [browser, server] The following breaking changes were made in PR #552:
  • generateRegistrationOptions() now accepts an optional Uint8Array instead of a string for userID
  • isoBase64URL.toString() and isoBase64URL.fromString() have been renamed
  • generateRegistrationOptions() will now generate random user IDs
  • user.id is now treated like a base64url string in startRegistration()
  • userHandle is now treated like a base64url string in startAuthentication()
• [server] rpID is now a required argument when calling generateAuthenticationOptions() (#555)

---

[server] generateRegistrationOptions() now expects Base64URLString for excluded credential IDs

... (truncated)

Changelog

Sourced from @​simplewebauthn/server's changelog.

v10.0.0 - The one that goes up to 20

Thanks for everything, Node 16 and Node 18, but it's time to move on! The headlining change of this release is the targeting of Node LTS v20+ as the minimum Node runtime. Additional developer-centric quality-of-life changes have also been made in the name of streamlining use of SimpleWebAuthn on both the back end and front end.

This release is packed with updates, so buckle up! Refactor advice for breaking changes is, as always, offered below.

Packages

• @​simplewebauthn/browser@​10.0.0
• @​simplewebauthn/server@​10.0.0
• @​simplewebauthn/types@​10.0.0

Changes

• [server] The minimum supported Node version has been raised to Node v20 (#531)
• [server] user.displayName now defaults to an empty string if a value is not specified for userDisplayName when calling generateRegistrationOptions() (#538)
• [browser] The browserSupportsWebAuthnAutofill() helper will no longer break in environments in which PublicKeyCredential is not present (#557, with thanks to @​clarafitzgerald)

Breaking Changes

• [server] The following breaking changes were made in PR #529:
  • generateRegistrationOptions() now expects Base64URLString for excluded credential IDs
  • generateAuthenticationOptions() now expects Base64URLString for allowed credential IDs
  • credentialID returned from response verification methods is now a Base64URLString
  • AuthenticatorDevice.credentialID is now a Base64URLString
  • isoBase64URL.isBase64url() is now called isoBase64URL.isBase64URL()
• [browser, server] The following breaking changes were made in PR #552:
  • generateRegistrationOptions() now accepts an optional Uint8Array instead of a string for userID
  • isoBase64URL.toString() and isoBase64URL.fromString() have been renamed
  • generateRegistrationOptions() will now generate random user IDs
  • user.id is now treated like a base64url string in startRegistration()
  • userHandle is now treated like a base64url string in startAuthentication()
• [server] rpID is now a required argument when calling generateAuthenticationOptions() (#555)

---

[server] generateRegistrationOptions() now expects Base64URLString for excluded credential IDs

... (truncated)

Commits

• 81d9e49 chore(release): publish v10.0.0
• 7a86e80 Modernize server method docstrings
• eb1988a Require rpID arg when generating auth options
• b316c3f Update uses of base64url string methods
• 84a2ea5 Clarify string encoding on isoBase64URL methods
• a95489e Remove trailing close parenthesis
• d470a1c Explicitly disallow string userIDs
• 9ebd9ec Update generateRegistrationOptions tests
• 4c3f693 Generate user IDs by default
• b1b6d33 Add method to generate user IDs
• Additional commits viewable in compare view

Updates undici from 5.26.5 to 5.28.4

Release notes

Sourced from undici's releases.

v5.28.4

⚠️ Security Release ⚠️

• Fixes GHSA-m4v8-wqvr-p9f7 CVE-2024-30260
• Fixes GHSA-9qxr-qj54-h672 CVE-2024-30261

Full Changelog: nodejs/undici@v5.28.3...v5.28.4

v5.28.3

⚠️ Security Release ⚠️

Fixes:

• CVE-2024-24758 Proxy-Authorization header not cleared on cross-origin redirect in fetch

Full Changelog: nodejs/undici@v5.28.2...v5.28.3

v5.28.2

What's Changed

• fix: remove optional chainning for compatible with Nodejs12 and below by @​bugb in nodejs/undici#2470
• fix: remove node: prefix by @​tsctx in nodejs/undici#2471
• perf: avoid Headers initialization by @​tsctx in nodejs/undici#2468
• fix: handle SharedArrayBuffer correctly by @​tsctx in nodejs/undici#2466
• fix: Add null type to signal in RequestInit by @​gebsh in nodejs/undici#2455
• fix: correctly handle data URL with hashes. by @​tsctx in nodejs/undici#2475
• fix: check response for timinginfo allow flag by @​ToshB in nodejs/undici#2477
• Make call to onBodySent conditional in RetryHandler by @​MzUgM in nodejs/undici#2478
• refactor: better integrity check by @​tsctx in nodejs/undici#2462
• fix: Added support for inline URL username:password proxy auth by @​matt-way in nodejs/undici#2473
• build(deps-dev): bump jsdom from 22.1.0 to 23.0.0 by @​dependabot in nodejs/undici#2472
• build(deps-dev): bump sinon from 16.1.3 to 17.0.1 by @​dependabot in nodejs/undici#2405
• build(deps): bump ossf/scorecard-action from 2.2.0 to 2.3.1 by @​dependabot in nodejs/undici#2396
• build(deps): bump actions/setup-node from 3.8.1 to 4.0.0 by @​dependabot in nodejs/undici#2395
• build(deps): bump step-security/harden-runner from 2.5.0 to 2.6.0 by @​dependabot in nodejs/undici#2392
• build(deps-dev): bump formdata-node from 4.4.1 to 6.0.3 by @​dependabot in nodejs/undici#2389
• build(deps): bump actions/upload-artifact from 3.1.2 to 3.1.3 by @​dependabot in nodejs/undici#2302

New Contributors

• @​bugb made their first contribution in nodejs/undici#2470
• @​gebsh made their first contribution in nodejs/undici#2455
• @​ToshB made their first contribution in nodejs/undici#2477
• @​MzUgM made their first contribution in nodejs/undici#2478
• @​matt-way made their first contribution in nodejs/undici#2473

Full Changelog: nodejs/undici@v5.28.1...v5.28.2

v5.28.1

What's Changed

• perf: Improve normalizeMethod by @​tsctx in nodejs/undici#2456
• fix: dispatch error handling by @​ronag in nodejs/undici#2459

... (truncated)

Commits

• fb98306 Bumped v5.28.4
• 2b39440 Merge pull request from GHSA-9qxr-qj54-h672
• 64e3402 Merge pull request from GHSA-m4v8-wqvr-p9f7
• 723c4e7 Revert "build(deps-dev): bump formdata-node from 4.4.1 to 6.0.3 (#2389)"
• 0e9d54b skip failing test due to Node.js changes
• e71cb4c Bumped v5.28.3
• 20c65b8 Fix tests for Node.js v20.11.0 (#2618)
• 8ec52cd Fix tests for Node.js v21 (#2609)
• d3aa574 Merge pull request from GHSA-3787-6prv-h9w3
• 9a14e5f Bumped v5.28.2
• Additional commits viewable in compare view

Updates firebase from 10.7.1 to 10.11.1

Commits

• 7709f10 Version Packages (#8202)
• e16d613 Merge master into release
• e1a7764 Go back using xmlhttprequest for bidi-streams (#8197)
• 36b283f Emit a module package file into esm2017 auth webextension bundle (#8191)
• 62a20ff Update bug_report_v2.yaml (#8199)
• 03069bb Fix typo and link formatting in contribution guide (#8183)
• f24...

  Description has been truncated

  Note
  Automatic rebases have been disabled on this pull request as it has been open for over 30 days.