Automated review of 6 open Dependabot PRs against develop. Waiting for confirmation before merging.
Summary Table
| # |
Package |
Version Change |
Bump |
CI |
Action |
| #442 |
firebase-tools (dev) |
15.18.0 → 15.19.1 |
minor |
✅ green |
Auto-merge |
| #441 |
ava (dev) |
7.0.0 → 8.0.1 |
major |
❌ Test failing |
Needs fix |
| #440 |
eslint-plugin-prettier (dev) |
5.5.5 → 5.5.6 |
patch |
✅ green |
Auto-merge |
| #438 |
ajv |
8.18.0 → 8.20.0 |
minor |
✅ green |
Auto-merge |
| #424 |
typescript |
5.9.3 → 6.0.3 |
major |
❌ Build failing |
Needs fix |
| #421 |
tslint (dev) |
5.20.1 → 6.1.3 |
major |
✅ green |
Review (see notes) |
Changelog Analysis
✅ #442 — firebase-tools 15.18.0 → 15.19.1 (minor, dev)
Emulator and Data Connect tooling updates, new auth import/export providers, bug fixes. No breaking changes. Safe to merge.
❌ #441 — ava 7.0.0 → 8.0.1 (major, dev) — CI FAILING
Breaking changes in ava 8:
- Node.js 22.20+ or 24.12+ required (Node 20 support dropped)
- AVA is now fully ESM internally — all test files loaded via
import(), not require()
- CJS projects must update imports:
const {default: test} = require('ava') (was const test = require('ava'))
@ava/typescript must be upgraded to v7 — tests using ts-node/register will break- Default file extensions changed to
js and mjs (no more cjs by default)
- Object form of
extensions config no longer supported
The test suite uses ts-node/register (see CLAUDE.md). This is almost certainly why CI fails — ava 8 requires @ava/typescript@7 for TypeScript test transpilation, not ts-node/register. This PR requires code changes before merging.
✅ #440 — eslint-plugin-prettier 5.5.5 → 5.5.6 (patch, dev)
Dependency bumps only. No breaking changes. Safe to merge.
✅ #438 — ajv 8.18.0 → 8.20.0 (minor)
Includes a security fix in 8.19.0 (prototype pollution via format keyword using $data ref). Node 22/24 support added in 8.20.0. No breaking changes. Recommended to merge promptly due to security fix.
❌ #424 — typescript 5.9.3 → 6.0.3 (major) — CI BUILD FAILING
TypeScript 6.0 build fails at the Build step (test never runs). This PR has also been open >30 days with auto-rebases disabled. Notable TS6 breaking changes include stricter type checking, removed deprecated APIs, and potential moduleResolution changes. Needs investigation of the build error before merging.
⚠️ #421 — tslint 5.20.1 → 6.1.3 (major, dev) — CI GREEN
CI passes, so the breaking changes (changed default formatter, some tslint:recommended rules removed) don't affect the build. However: tslint is deprecated and v6.0 was marked deprecated on npm to push users toward ESLint. The project already has ESLint (eslint-plugin-prettier is in use). Worth considering whether to merge this or instead remove tslint entirely in favour of ESLint (which is already present). CI green so merging is safe, but long-term the dependency should be removed.
Proposed Plan
Merge immediately (CI green, no breaking changes): #440, #438, #442
Skip for now (CI failing, need code changes): #441, #424
Awaiting your decision: #421 — merge as-is (CI green), or skip and open a separate issue to remove tslint in favour of ESLint?
Please reply to confirm or adjust the plan. Once confirmed I'll approve and merge the auto-merge candidates, and can investigate the failing PRs if desired.
Automated review of 6 open Dependabot PRs against
develop. Waiting for confirmation before merging.Summary Table
Changelog Analysis
✅ #442 — firebase-tools 15.18.0 → 15.19.1 (minor, dev)
Emulator and Data Connect tooling updates, new auth import/export providers, bug fixes. No breaking changes. Safe to merge.
❌ #441 — ava 7.0.0 → 8.0.1 (major, dev) — CI FAILING
Breaking changes in ava 8:
import(), notrequire()const {default: test} = require('ava')(wasconst test = require('ava'))@ava/typescriptmust be upgraded to v7 — tests usingts-node/registerwill breakjsandmjs(no morecjsby default)extensionsconfig no longer supportedThe test suite uses
ts-node/register(seeCLAUDE.md). This is almost certainly why CI fails — ava 8 requires@ava/typescript@7for TypeScript test transpilation, notts-node/register. This PR requires code changes before merging.✅ #440 — eslint-plugin-prettier 5.5.5 → 5.5.6 (patch, dev)
Dependency bumps only. No breaking changes. Safe to merge.
✅ #438 — ajv 8.18.0 → 8.20.0 (minor)
Includes a security fix in 8.19.0 (prototype pollution via format keyword using
$dataref). Node 22/24 support added in 8.20.0. No breaking changes. Recommended to merge promptly due to security fix.❌ #424 — typescript 5.9.3 → 6.0.3 (major) — CI BUILD FAILING
TypeScript 6.0 build fails at the
Buildstep (test never runs). This PR has also been open >30 days with auto-rebases disabled. Notable TS6 breaking changes include stricter type checking, removed deprecated APIs, and potentialmoduleResolutionchanges. Needs investigation of the build error before merging.CI passes, so the breaking changes (changed default formatter, some
tslint:recommendedrules removed) don't affect the build. However: tslint is deprecated and v6.0 was marked deprecated on npm to push users toward ESLint. The project already has ESLint (eslint-plugin-prettieris in use). Worth considering whether to merge this or instead removetslintentirely in favour of ESLint (which is already present). CI green so merging is safe, but long-term the dependency should be removed.Proposed Plan
Merge immediately (CI green, no breaking changes): #440, #438, #442
Skip for now (CI failing, need code changes): #441, #424
Awaiting your decision: #421 — merge as-is (CI green), or skip and open a separate issue to remove tslint in favour of ESLint?
Please reply to confirm or adjust the plan. Once confirmed I'll approve and merge the auto-merge candidates, and can investigate the failing PRs if desired.