Bump protobufjs and firebase

[dependabot]

Bumps protobufjs to 7.5.5 and updates ancestor dependency firebase. These dependencies need to be updated together.

Updates protobufjs from 7.5.4 to 7.5.5

Release notes

Sourced from protobufjs's releases.

v7.5.5

This release backports two reported security issues to 7.x branch.

• fix: do not allow setting __proto__ in Message constructor (#2126)
• fix: filter invalid characters from the type name (#2127)

Full Changelog: protobufjs/protobuf.js@protobufjs-v7.5.4...protobufjs-v7.5.5

Changelog

Sourced from protobufjs's changelog.

Changelog

8.0.1 (2026-03-11)

Bug Fixes

• bump protobufjs dependency version for cli package (#2128) (549b05e)
• correct json syntax in tsconfig.json (#2120) (8065625)
• descriptor: guard oneof index for non-Type parents (#2122) (1cac5cf)
• do not allow setting proto in Message constructor (#2126) (f05e3c3)
• filter invalid characters from the type name (#2127) (535df44)

8.0.0 (2025-12-16)

⚠ BREAKING CHANGES

• add Edition 2024 Support (#2060)

Features

• add Edition 2024 Support (#2060) (53e8492)

Commits

• b7bdfaf chore: release 7.5.5
• ff7b2af fix: filter invalid characters from the type name (#2127)
• 086b19d fix: do not allow setting proto in Message constructor (#2126)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by fenster, a new releaser for protobufjs since your current version.

Updates firebase from 7.24.0 to 12.12.1

Release notes

Sourced from firebase's releases.

firebase@12.12.0

For more detailed release notes, see Firebase JavaScript SDK Release Notes.

What's Changed

@​firebase/ai@​2.11.0

Minor Changes

• cccb6d0 #9771 - [deprecated] All Imagen models are deprecated and will shut down as early as June 2026. As a replacement, you can migrate your apps to use Gemini Image models (the "Nano Banana" models).

• 6cbe865 #9816 - Deprecate topK and temperature properties for hybrid inference mode.

• 9c8e864 #9763 - Add startChat() for TemplateGenerativeModel.

• 9c8e864 #9763 - Add automatic function calling and chat history for server prompt templates.

Patch Changes

• f87c15e #9791 (fixes #9792) - Fixed a bug that causes the model to error if the user specifies responseSchema or responseJsonSchema.

@​firebase/auth@​1.13.0

Minor Changes

• 715c042 #9740 (fixes #9739) - Updated the peer dependency range for @​react-native-async-storage/async-storage to support both v2 and v3

@​firebase/data-connect@​0.6.0

Minor Changes

• 34c63bf #9822 - Fix header names for auth and app check tokens over streaming

• 87d5cc1 #9809 - Add streaming support for Firebase Data Connect.

firebase@12.12.0

Minor Changes

• cccb6d0 #9771 - [deprecated] All Imagen models are deprecated and will shut down as early as June 2026. As a replacement, you can migrate your apps to use Gemini Image models (the "Nano Banana" models).

• 44c234c #9773 - Add support for the parent expression

• 5cd6509 #9728 - Add support for timestamp_trunc, timestamp_diff and timestamp_extract expressions

• 34c63bf #9822 - Fix header names for auth and app check tokens over streaming

• 715c042 #9740 (fixes #9739) - Updated the peer dependency range for @​react-native-async-storage/async-storage to support both v2 and v3

• 6cbe865 #9816 - Deprecate topK and temperature properties for hybrid inference mode.

... (truncated)

Commits

• 7bb8c35 chore: Add combine PRs workflow (#9856)
• eb45714 build(deps): bump handlebars from 4.7.8 to 4.7.9 (#9778)
• 23ab5b9 fix(ai): Update code execution and URL context doc comments to reflect they a...
• 6db5af4 fix(ai): Fix TemplateChatSession type (#9840)
• fea8d1f test(firestore): Enable forceIndex tests (#9838)
• 78fc282 Version Packages (#9821)
• 00a46d5 Merge main into release
• 34c63bf fix(data-connect): Fix auth and app check token names on stream wire (#9822)
• 1623fb0 Merge main into release
• 87d5cc1 feat(data-connect): add support for streaming transport (#9809)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[dependabot]

Superseded by #7.