Skip to content

Bump path-to-regexp, express and firebase-tools in /functions#1046

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/functions/multi-330393e048
Open

Bump path-to-regexp, express and firebase-tools in /functions#1046
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/functions/multi-330393e048

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 28, 2026

Bumps path-to-regexp to 0.1.13 and updates ancestor dependencies path-to-regexp, express and firebase-tools. These dependencies need to be updated together.

Updates path-to-regexp from 0.1.12 to 0.1.13

Release notes

Sourced from path-to-regexp's releases.

0.1.13

Important

Full Changelog: pillarjs/path-to-regexp@v0.1.12...v.0.1.13

Changelog

Sourced from path-to-regexp's changelog.

0.1.13 / 2026-03-26

0.1.7 / 2015-07-28

  • Fixed regression with escaped round brackets and matching groups.

0.1.6 / 2015-06-19

  • Replace index feature by outputting all parameters, unnamed and named.

0.1.5 / 2015-05-08

  • Add an index property for position in match result.

0.1.4 / 2015-03-05

  • Add license information

0.1.3 / 2014-07-06

  • Better array support
  • Improved support for trailing slash in non-ending mode

0.1.0 / 2014-03-06

  • add options.end

0.0.2 / 2013-02-10

  • Update to match current express
  • add .license property to component.json
Commits
Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for path-to-regexp since your current version.


Updates express from 4.21.2 to 4.22.1

Release notes

Sourced from express's releases.

v4.22.1

What's Changed

[!IMPORTANT]
The prior release (4.22.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

Full Changelog: expressjs/express@4.22.0...v4.22.1

4.22.0

Important: Security

What's Changed

Full Changelog: expressjs/express@4.21.2...4.22.0

Changelog

Sourced from express's changelog.

4.22.1 / 2025-12-01

4.22.0 / 2025-12-01

Commits

Updates firebase-tools from 11.18.0 to 13.35.1

Release notes

Sourced from firebase-tools's releases.

v13.35.1

  • Fix bug where functions:artifacts:setpolicy command's --none option didn't work as expected (#8330)

v13.35.0

  • Added support for generated Angular SDKs for Data Connect
  • App Hosting emulator can now load secret env vars. (#8305)
  • Fixed webframeworks deployments when using multiple hosting sites in firebase.json. (#8314)
  • Added a new command to setup a cleanup policy for functions artifacts. (#8268)
  • Added support for 3rd party builders for Angular. (#7557)
  • Fixed GCF V2 artifact cleanup by correctly encoding artifact names to match GCF V2's format. (#8318)
  • Increase emulator UI body parser limit to match Storage emulator maximum. (#8329)
  • Fixed Data Connect setup issues for fresh databases due to IAM user not being created. (#8335)
  • Fixed an issue where ext:install used POSIX file seperators on Windows machines. (#8326)
  • Updated the Firebase Data Connect local toolkit to v1.9.2, which adds support for generated Angular SDKs and updates Dart SDK fields to follow best practices. (#8347)
  • Fixed an issue where credentials from firebase login would not be correctly provided to the Data Connect emulator.
  • Fixed misleading comments in firebase init dataconnect connector.yaml template.
  • Improved Data Connect SQL permissions to better handle tables owned by IAM roles. (#8339)
  • Fixed an issue where the Data Connect emulator would crash after some SQL errors.

v13.34.0

  • Fix webframeworks deployments when using site in firebase.json. (#8295)
  • Add support for brownfield project onboard dataconnect:sql:setup. (#8150)
  • Update the Firebase Data Connect local toolkit to v1.8.5, which includes the following changes: (#8310)
    • Fix the Int and Int64 scalars to correctly validate the int32 and int64 ranges, respectively.
    • Fix the generated web SDK so that pnpm properly uses the link functionality.

v13.33.0

  • Fixed issue where apps:init fails to detect the output directory when it was run in a directory where app was the only module.
  • Set LOG_EXECUTION_ID=true by default for Cloud Functions (2nd gen) to improve debugging by displaying execution IDs in logs. (#8276)
  • Fix bug where function deployment no-oped for functions in bad state. (#8289)
  • Updated the Firebase Data Connect local toolkit to v1.8.4 which includes the following changes: (#8290)
    • React hooks for mutations without args no longer require undefined to be passed when calling mutate.
    • Fixed import resolution when moduleResolution is set to bundler.
    • React code generation will now generate a README explaining how to use generated query and mutation hook functions.
    • Fixed an issue where React developers have to pass in an empty object even when all fields are optional.
    • Fixed an issue where FirebaseError wasn't being passed into UseMutationOptions.

v13.32.0

  • Replaced VSCODE_CWD check to address issues running in VSCode environments. (#7471)
  • Added initial delay when loading python functions (#8239)
  • Enforced webframeworks enablement only on webframeworks sites (#8168)
  • Fixed issue where apps:init throws an error upon app creation.
  • Reenabled prompts for unused service deletion in deploy --only.
  • Update Firebase Data Connect local toolkit to v1.8.3, which includes the following changes: (#8263)
    • Adds a _metadata.distance field to vector similarity search results
    • Fixes auth and request.auth when the request is unauthenticated
    • Fixes an issue with hanging commas in import statements in the generated Web SDK
    • Fixes an issue where the additional union type { __angular?: true } breaks type inference in the generated Web SDK

v13.31.2

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump path-to-regexp, express and firebase-tools in /functions
70068c0 
Bumps [path-to-regexp](https://github.com/pillarjs/path-to-regexp) to 0.1.13 and updates ancestor dependencies [path-to-regexp](https://github.com/pillarjs/path-to-regexp), [express](https://github.com/expressjs/express) and [firebase-tools](https://github.com/firebase/firebase-tools). These dependencies need to be updated together.


Updates `path-to-regexp` from 0.1.12 to 0.1.13
- [Release notes](https://github.com/pillarjs/path-to-regexp/releases)
- [Changelog](https://github.com/pillarjs/path-to-regexp/blob/v.0.1.13/History.md)
- [Commits](pillarjs/path-to-regexp@v0.1.12...v.0.1.13)

Updates `express` from 4.21.2 to 4.22.1
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/v4.22.1/History.md)
- [Commits](expressjs/express@4.21.2...v4.22.1)

Updates `firebase-tools` from 11.18.0 to 13.35.1
- [Release notes](https://github.com/firebase/firebase-tools/releases)
- [Commits](firebase/firebase-tools@v11.18.0...v13.35.1)

---
updated-dependencies:
- dependency-name: path-to-regexp
  dependency-version: 0.1.13
  dependency-type: indirect
- dependency-name: express
  dependency-version: 4.22.1
  dependency-type: indirect
- dependency-name: firebase-tools
  dependency-version: 13.35.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 28, 2026
@dependabot dependabot bot requested a review from a team as a code owner March 28, 2026 18:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants