deps(deps): bump the firebase-sdk group in /functions with 3 updates

[dependabot]

Bumps the firebase-sdk group in /functions with 3 updates: firebase-admin, firebase-functions and @google-cloud/vision.

Updates firebase-admin from 12.7.0 to 13.10.0

Release notes

Sourced from firebase-admin's releases.

Firebase Admin Node.js SDK v13.10.0

New Features

• feat(appcheck): Add support for minting limited-use tokens and custom JTI (#3027)

Bug Fixes

• fix: Replace node-forge with native crypto for private key validation (#3051)

Miscellaneous

• [chore] Release 13.10.0 (#3146)
• add node prefix to crypto imports (#3144)
• chore: remove uuid dependency (#3130)
• build(deps): bump fast-xml-builder from 1.1.5 to 1.2.0 (#3134)
• build(deps): bump protobufjs from 7.5.5 to 7.5.8 (#3141)
• build(deps): bump fast-uri from 3.1.0 to 3.1.2 (#3135)

Firebase Admin Node.js SDK v13.9.0

New Features

• feat(remote-config): add optional exposurePercent field to ExperimentValue (#3096)

Miscellaneous

• [chore] Release 13.9.0 (#3129)
• chore: Deprecate support for Node.js 20 (#3128)
• build(deps-dev): bump @​typescript-eslint/parser from 8.57.2 to 8.59.1 (#3114)
• build(deps): bump follow-redirects in /.github/actions/send-email (#3113)
• build(deps): bump protobufjs from 7.5.4 to 7.5.5 (#3119)
• build(deps): bump uuid and @​actions/core in /.github/actions/send-email (#3120)
• build(deps): bump axios in /.github/actions/send-email (#3123)
• build(deps): bump fast-xml-parser from 5.5.9 to 5.7.1 (#3122)

Firebase Admin Node.js SDK v13.8.0

New Features

• feat(pnv): Add support for Phone Number Verification (#3101)
• feat(fcm): Add bandwidthConstrainedOk and restrictedSatelliteOk (#2994)

Miscellaneous

• [chore] Release 13.8.0 (#3109)
• chore(deps): bump node-forge to 1.4.0 (#3108)
• build(deps-dev): bump @​types/node from 25.3.0 to 25.3.3 (#3090)
• build(deps-dev): bump lodash and @​microsoft/api-extractor (#3106)
• build(deps): bump fast-xml-parser from 5.5.6 to 5.5.7 (#3095)

... (truncated)

Commits

• e0a2177 [chore] Release 13.10.0 (#3146)
• 67d6d82 add node prefix to crypto imports (#3144)
• 2c8d215 chore: remove uuid dependency (#3130)
• da2141a build(deps): bump fast-xml-builder from 1.1.5 to 1.2.0 (#3134)
• fcedf6b feat(appcheck): Add support for minting limited-use tokens and custom JTI (#3...
• 48d5212 build(deps): bump protobufjs from 7.5.5 to 7.5.8 (#3141)
• 16e6c33 fix: Replace node-forge with native crypto for private key validation (#3051)
• 6c81c7e build(deps): bump fast-uri from 3.1.0 to 3.1.2 (#3135)
• 0efb21f [chore] Release 13.9.0 (#3129)
• 363a302 chore: Deprecate support for Node.js 20 (#3128)
• Additional commits viewable in compare view

Updates firebase-functions from 5.1.1 to 7.2.5

Release notes

Sourced from firebase-functions's releases.

v7.2.5

Internal fixes

v7.2.4

-Internal Improvements #1864

v7.2.3

• Accept BooleanParams in CallableOptions (#1854)
• rotate the npmrc key to robot account (#1857)

v7.2.2

• Allow v2 auth blocking functions to use run.app or cloudfunctions.net URLs (#1831)

v7.2.1

• Fix issue where v1 firestore paths would not handle literals with leading or trailing slashes (#1829)
• transformed string exprssions (currenlty an internal tool) now propagate across interpolated strings (#1829)

V7.2.0

• All V1 configuration (e.g. pubsub topics) can be set with params. (#1820)
• String expressions can now be used in string interpolation with the expr tag. (#1820) E.g.

  const schedule = expr`every ${intervalParam} minutes`;

• Secret params now support a label and/or description. (#1820)
• Add support for VPC direct connect (network interfaces) (#1823)
• Realtime database events in the v2 SDK now provide auth context (#1770)

V7.1.1

-Internal Docgen improvements

v7.1.0

• Add an onGraphRequest method. (#1784, #1818)

v7.0.6

Internal improvements (#1814)

v7.0.5

• Fixed issue with missing dependency on graphql. (#1795)
• Internal improvements (#1800)

v7.0.3

• Internal improvements.

v7.0.2

• Export param types (SecretParam, StringParam, etc.) from firebase-functions/params for type annotations. (#1789)
• Remove attemptDeadlineSeconds in v2 scheduled functions. (#1776)
• Allow JsonSecretParam in function secrets option arrays. (#1788)

v7.0.1

• Fix "Dual-Package Hazard" for parameterized configuration in ESM projects. (#1780)

... (truncated)

Commits

• d6c1dcc 7.2.5
• bd2dae5 Fix exports for new library (#1865)
• d416aca [firebase-release] Removed change log and reset repo after 7.2.4 release
• 1f21e8d 7.2.4
• 1459858 adding-change-logs (#1867)
• aafbece fix(pubsub): assign Message instance back to event.data.message (#1864)
• da64c26 [firebase-release] Removed change log and reset repo after 7.2.3 release
• c8d9c7c 7.2.3
• 4d6a1cf Update changelog (#1858)
• 7eb8206 rotate the npmrc key to robot account (#1857)
• Additional commits viewable in compare view

Updates @google-cloud/vision from 4.3.3 to 5.3.6

Release notes

Sourced from @​google-cloud/vision's releases.

vision: v5.3.6

5.3.6 (2026-05-01)

Bug Fixes

• Change the copyright year for files in the packages folder (#8109) (c1a03fe)
• Do not publish the protos to npm (#8079) (816216b)
• Revert "fix: Do not publish the protos to npm" (#8096) (ac0fbb6)

scheduler: v5.3.2

5.3.2 (2026-05-01)

Bug Fixes

• Change the copyright year for files in the packages folder (#8109) (c1a03fe)
• Do not publish the protos to npm (#8079) (816216b)
• Revert "fix: Do not publish the protos to npm" (#8096) (ac0fbb6)

web-risk: v5.3.2

5.3.2 (2026-05-01)

Bug Fixes

• Change the copyright year for files in the packages folder (#8109) (c1a03fe)
• Do not publish the protos to npm (#8079) (816216b)
• Revert "fix: Do not publish the protos to npm" (#8096) (ac0fbb6)

pubsub: v5.3.1

5.3.1 (2026-05-11)

Bug Fixes

• Bump all node submodules (#8178) (9fd76ef)
• pubsub: Remove messages from leasing on nackWithResponse (#7817) (841f0ca)

logging-bunyan: v5.1.2

5.1.2 (2026-05-11)

Bug Fixes

• Bump all node submodules (#8178) (9fd76ef)

workflows: v5.1.1

5.1.1 (2026-05-01)

... (truncated)

Changelog

Sourced from @​google-cloud/vision's changelog.

5.3.6 (2026-05-01)

Bug Fixes

• Change the copyright year for files in the packages folder (#8109) (c1a03fe)
• Do not publish the protos to npm (#8079) (816216b)
• Revert "fix: Do not publish the protos to npm" (#8096) (ac0fbb6)

5.3.5 (2026-03-19)

Bug Fixes

• deps: Update dependency redis to ~5.11.0 (#7619) (febcc55)

5.3.4 (2025-10-13)

Bug Fixes

• [gkeconnect-gateway] remove unused GatewayServiceClient (#6775) (41c2ff2)

5.3.3 (2025-08-04)

Bug Fixes

• deps: Update dependency redis to ~5.7.0 (#6551) (517a9ca)

5.3.2 (2025-07-22)

Bug Fixes

• Remove is dependency (#6516) (0cb9bb2)

5.3.1 (2025-07-17)

Bug Fixes

• deps: Update dependency redis to ~5.6.0 (#6469) (6ac1df8)

5.3.0 (2025-07-09)

Features

• [Many APIs] add methods from gax to cache proto root and process custom error details (#6419) (f8a324c)

... (truncated)

Commits

• 4572246 chore: release main (#8148)
• 59f445d fix: sync legacy 0.1.0 snippet metadata versions across monorepo (#8144)
• c1a03fe fix: change the copyright year for files in the packages folder (#8109)
• a47507c chore: consolidate prettierignore and prettierrc files: autogen (#8082)
• ac0fbb6 fix: Revert "fix: Do not publish the protos to npm" (#8096)
• 816216b fix: Do not publish the protos to npm (#8079)
• 5d85291 chore: cleanup redundant .gitattributes files (#8007)
• 6b4a203 chore: remove duplicate per-package contribution and license files (#7972)
• c35255e ci: resolve type conflict for @​sinonjs/fake-timers for all generated packages...
• 9fc552c chore: release main (#7833)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: cloud-functions. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.