fix(deps): update all dependencies

[renovate]

Note: This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@google-cloud/monitoring (source)	5.3.0 -> 5.3.1			dependencies	patch
@google-cloud/storage	7.16.0 -> 7.18.0			dependencies	minor
actions/checkout	v4 -> v6			action	major
actions/setup-java	v4 -> v5			action	major
actions/upload-artifact	v4 -> v6			action	major
firebase-admin (source)	13.4.0 -> 13.6.0			dependencies	minor
firebase-functions	^6.0.1 -> ^7.0.0			dependencies	major
google-github-actions/auth	v2 -> v3			action	major
google-github-actions/setup-gcloud	v2 -> v3			action	major
gradle (source)	8.14.3 -> 9.2.1				major
gradle/actions	v4 -> v5			action	major
node (source)	22.17.1 -> 24.12.0				major
node (source)	22.17.1 -> 24.12.0			engines	major
typescript (source)	5.8.3 -> 5.9.3			devDependencies	minor
androidx.navigation:navigation-ui-ktx (source)	2.9.3 -> 2.9.6			dependencies	patch
androidx.navigation:navigation-fragment-ktx (source)	2.9.3 -> 2.9.6			dependencies	patch
com.google.android.material:material	1.12.0 -> 1.13.0			dependencies	minor
org.jetbrains.kotlin.android (source)	2.2.0 -> 2.2.21			plugin	patch
org.jetbrains.kotlin.plugin.compose (source)	2.2.0 -> 2.2.21			plugin	patch
org.jetbrains.kotlin:kotlin-stdlib (source)	2.2.0 -> 2.2.21			dependencies	patch
androidx.metrics:metrics-performance (source)	1.0.0-beta02 -> 1.0.0			dependencies	patch
androidx.compose:compose-bom	2025.07.00 -> 2025.12.00			dependencies	minor
androidx.activity:activity-ktx (source)	1.10.1 -> 1.12.1			dependencies	minor
com.android.test (source)	8.11.1 -> 8.13.2			plugin	minor
com.android.application (source)	8.11.1 -> 8.13.2			plugin	minor
androidx.test.uiautomator:uiautomator (source)	2.4.0-alpha06 -> 2.4.0-alpha07			dependencies	patch
androidx.tracing:tracing-perfetto-binary (source)	1.0.0 -> 1.0.1			dependencies	patch
androidx.tracing:tracing-perfetto (source)	1.0.0 -> 1.0.1			dependencies	patch
androidx.compose.runtime:runtime-tracing (source)	1.9.4 -> 1.10.0			dependencies	minor
androidx.lifecycle:lifecycle-viewmodel-ktx (source)	2.9.4 -> 2.10.0			dependencies	minor
androidx.lifecycle:lifecycle-runtime-ktx (source)	2.9.4 -> 2.10.0			dependencies	minor
androidx.datastore:datastore-preferences (source)	1.1.7 -> 1.2.0			dependencies	minor
androidx.test:rules	1.6.1 -> 1.7.0			dependencies	minor
androidx.core:core-ktx (source)	1.16.0 -> 1.17.0			dependencies	minor
androidx.compose:compose-bom	2025.11.00 -> 2025.12.00			dependencies	minor
androidx.benchmark (source)	1.4.0 -> 1.4.1			plugin	patch
androidx.benchmark:benchmark-junit4 (source)	1.4.0 -> 1.4.1			dependencies	patch
androidx.activity:activity-compose (source)	1.11.0 -> 1.12.1			dependencies	minor
androidx.activity:activity-ktx (source)	1.11.0 -> 1.12.1			dependencies	minor
com.android.library (source)	8.11.1 -> 8.13.2			plugin	minor
com.android.test (source)	8.13.1 -> 8.13.2			plugin	patch
com.android.library (source)	8.13.1 -> 8.13.2			plugin	patch
com.android.application (source)	8.13.1 -> 8.13.2			plugin	patch

---

Release Notes

googleapis/google-cloud-node (@​google-cloud/monitoring)

v5.3.1

Bug Fixes

• [gkeconnect-gateway] remove unused GatewayServiceClient (#​6775) (41c2ff2)

googleapis/nodejs-storage (@​google-cloud/storage)

v7.18.0

Compare Source

Features

• listBuckets: Add support for returning partial success (#​2678) (c7004da)

v7.17.3

Compare Source

Bug Fixes

• 🐛 fix the issue 2667, do not mutate object given to options … (#​2668) (8a9f259)
• Revert implement path containment to prevent traversal attacks (254b6b2)

v7.17.2

Compare Source

Bug Fixes

• Common Service: should retry a request failed (#​2652) (b38b5d2)
• Implement path containment to prevent traversal attacks (#​2654) (08d7abf)

v7.17.1

Compare Source

Bug Fixes

• Respect useAuthWithCustomEndpoint flag for resumable uploads (#​2637) (707b4f2)

v7.17.0

Compare Source

Features

• Add CSEK to download (#​2604) (cacc0be)

Bug Fixes

• Propagate errors when using pipelines (#​2560) (#​2624) (a43b490)
• Typo correction (#​2610) (9cae69c)

actions/checkout (actions/checkout)

v6

Compare Source

v5

Compare Source

actions/setup-java (actions/setup-java)

v5

Compare Source

actions/upload-artifact (actions/upload-artifact)

v6

Compare Source

v5

Compare Source

firebase/firebase-admin-node (firebase-admin)

v13.6.0: Firebase Admin Node.js SDK v13.6.0

Compare Source

New Features

• feat(dc): Add executeQuery and executeMutation APIs to Data Connect (#​2979)

Miscellaneous

• [chore] Release 13.6.0 (#​3006)
• build(deps-dev): bump gulp from 5.0.0 to 5.0.1 (#​3001)
• build(deps): bump @​firebase/database-compat from 2.0.6 to 2.1.0 (#​3002)
• build(deps): bump @​fastify/busboy from 3.1.1 to 3.2.0 (#​2998)
• build(deps-dev): bump @​firebase/api-documenter from 0.4.0 to 0.5.0 (#​3000)
• build(deps): bump axios in /.github/actions/send-email (#​2983)
• chore(dc): Implement gen tracking (#​2985)
• FDC: update api version, integration tests, and CONTRIBUTING.md (#​2972)
• chore: update copyright headers from Google Inc. to Google LLC (#​2974)

v13.5.0: Firebase Admin Node.js SDK v13.5.0

Compare Source

New Features

• feat: initializeApp idempotency (#​2947)
• feat(fcm): Support apns.live_activity_token field in FCM ApnsConfig (#​2891)

Miscellaneous

• [chore] Release 13.5.0 (#​2969)
• chore: Upgrade @​firebase/auth-compat and @​firebase/auth-types (#​2964)
• build(deps): bump uuid from 11.0.3 to 11.1.0 (#​2946)
• build(deps-dev): bump @​types/request from 2.48.12 to 2.48.13 (#​2959)
• build(deps): bump form-data in /.github/actions/send-email (#​2951)
• chore: Fix strip-only mode issues in Node.js 22.18 (#​2958)
• build(deps-dev): bump @​microsoft/api-extractor from 7.52.7 to 7.52.10 (#​2955)
• build(deps-dev): bump @​types/lodash from 4.17.15 to 4.17.18 (#​2942)
• build(deps): bump undici in /.github/actions/send-email (#​2922)

firebase/firebase-functions (firebase-functions)

v7.0.1

Compare Source

• Fix "Dual-Package Hazard" for parameterized configuration in ESM projects. (#​1780)

v7.0.0

Compare Source

• BREAKING: Drop support for Node.js 16. Minimum supported version is now Node.js 18. (#​1747)
• BREAKING: Remove deprecated functions.config() API. Use params module for environment variables instead. (#​1748)
• BREAKING: Upgrade to TypeScript v5 and target ES2022. (#​1746)
• BREAKING: Unhandled errors in async onRequest handlers in the Emulator now return a 500 error immediately. (#​1755)
• Add support for ESM (ECMAScript Modules) alongside CommonJS. (#​1750)
• Add onMutationExecuted() trigger for Firebase Data Connect. (#​1727)
• BREAKING: Rename v1 Event to LegacyEvent to avoid api-extractor conflict. (#​1767)

v6.6.0

Compare Source

• Add defineJsonSecret API for storing structured JSON objects in Cloud Secret Manager. (#​1745)
• Enhance validation against incomplete/invalid app_remove events to avoid runtime crashes. (#​1738)

v6.5.0

Compare Source

• Add LLM guidance (#​1736)
• Fix issue calling DataSnapshot methods with null data (#​1661)
• Adds auth.rawToken to context to allow access to the underlying token. (#​1678)
• Fix logger runtime exceptions #(1704)

google-github-actions/auth (google-github-actions/auth)

v3

Compare Source

Floating v3 tag

google-github-actions/setup-gcloud (google-github-actions/setup-gcloud)

v3

Compare Source

Floating v3 tag

gradle/gradle (gradle)

v9.2.1: 9.2.1

Compare Source

The Gradle team is excited to announce Gradle 9.2.1.

Here are the highlights of this release:

• Windows ARM support
• Improved publishing APIs
• Better guidance for dependency verification failures

Read the Release Notes

We would like to thank the following community members for their contributions to this release of Gradle:
Adam,
Björn Kautler,
hasunzo,
HYEON,
Hyunjoon Park,
HYUNJUN SON,
Jendrik Johannes,
Kirill Gavrilov,
Madalin Valceleanu,
Martin Bonnin,
Matthew Haughton,
Mikhail Polivakha,
Na Minhyeok,
Philip Wedemann,
Philipp Schneider,
Róbert Papp,
Simon Marquis,
TheGoesen,
Vincent Potucek,
Xin Wang.

Upgrade instructions

Switch your build to use Gradle 9.2.1 by updating your wrapper:

./gradlew wrapper --gradle-version=9.2.1 && ./gradlew wrapper

See the Gradle 9.x upgrade guide to learn about deprecations, breaking changes and other considerations when upgrading.

For Java, Groovy, Kotlin and Android compatibility, see the full compatibility notes.

Reporting problems

If you find a problem with this release, please file a bug on GitHub Issues adhering to our issue guidelines.
If you're not sure you're encountering a bug, please use the forum.

We hope you will build happiness with Gradle, and we look forward to your feedback via Twitter or on GitHub.

v9.2.0

Compare Source

v9.1.0: 9.1.0

Compare Source

The Gradle team is excited to announce Gradle 9.1.0.

Here are the highlights of this release:

• Full Java 25 support
• Native task graph visualization
• Enhanced console output

Read the Release Notes

We would like to thank the following community members for their contributions to this release of Gradle:
Eng Zer Jun,
EunHyunsu,
Gaëtan Muller,
HeeChul Yang,
Jendrik Johannes,
Johnny Lim,
Junho Lee,
Kirill Gavrilov,
Matthew Haughton,
Na Minhyeok,
Philip Wedemann,
Philipp Schneider,
Pradyumna C,
r-a-sattarov,
Ryszard Perkowski,
Sebastian Schuberth,
SebastianHeil,
Staffan Al-Kadhimi,
winfriedgerlach,
Xin Wang.

Upgrade instructions

Switch your build to use Gradle 9.1.0 by updating your wrapper:

./gradlew wrapper --gradle-version=9.1.0 && ./gradlew wrapper

See the Gradle 9.x upgrade guide to learn about deprecations, breaking changes and other considerations when upgrading.

For Java, Groovy, Kotlin and Android compatibility, see the full compatibility notes.

Reporting problems

If you find a problem with this release, please file a bug on GitHub Issues adhering to our issue guidelines.
If you're not sure you're encountering a bug, please use the forum.

We hope you will build happiness with Gradle, and we look forward to your feedback via Twitter or on GitHub.

v9.0.0: 9.0.0

Compare Source

The Gradle team is excited to announce Gradle 9.0.0.

Here are the highlights of this release:

• Configuration Cache is the recommended execution mode
• Gradle requires JVM 17 or higher to run
• Build scripts use Kotlin 2.2 and Groovy 4.0
• Improved Kotlin DSL script compilation avoidance

Read the Release Notes

We would like to thank the following community members for their contributions to this release of Gradle:
Aaron Matthis,
Adam E,
Adam S,
Björn Kautler,
Daniel Lacasse,
Eng Zer Jun,
EunHyunsu,
FlorianMichael,
Francisco Prieto,
Gaëtan Muller,
Jake Wharton,
Kengo TODA,
Kent Kaseda,
Madalin Valceleanu,
Marc Philipp,
Mark S. Lewis,
Matthew Haughton,
Mycroft Wong,
Na Minhyeok,
Nelson Osacky,
Olivier "Oli" Dagenais,
ploober,
Radai Rosenblatt,
Róbert Papp,
Sebastian Schuberth,
Victor Merkulov.

Upgrade instructions

Switch your build to use Gradle 9.0.0 by updating your wrapper:

./gradlew wrapper --gradle-version=9.0.0 && ./gradlew wrapper

See the Gradle 9.0.0 upgrade guide to learn about deprecations, breaking changes and other considerations when upgrading.

For Java, Groovy, Kotlin and Android compatibility, see the full compatibility notes.

Reporting problems

If you find a problem with this release, please file a bug on GitHub Issues adhering to our issue guidelines.
If you're not sure you're encountering a bug, please use the forum.

We hope you will build happiness with Gradle, and we look forward to your feedback via Twitter or on GitHub.

gradle/actions (gradle/actions)

v5

Compare Source

nodejs/node (node)

v24.12.0: 2025-12-10, Version 24.12.0 'Krypton' (LTS), @​targos

Compare Source

Notable Changes

• [1a00b5f68a] - (SEMVER-MINOR) http: add optimizeEmptyRequests server option (Rafael Gonzaga) #​59778
• [ff5754077d] - (SEMVER-MINOR) lib: add options to util.deprecate (Rafael Gonzaga) #​59982
• [8987159234] - (SEMVER-MINOR) module: mark type stripping as stable (Marco Ippolito) #​60600
• [92c484ebf4] - (SEMVER-MINOR) node-api: add napi_create_object_with_properties (Miguel Marcondes Filho) #​59953
• [b11bc5984e] - (SEMVER-MINOR) sqlite: allow setting defensive flag (Bart Louwers) #​60217
• [e7da5b4b7d] - (SEMVER-MINOR) src: add watch config namespace (Marco Ippolito) #​60178
• [a7f7d10c06] - (SEMVER-MINOR) src: add an option to make compile cache portable (Aditi) #​58797
• [92ea669240] - (SEMVER-MINOR) src,permission: add --allow-inspector ability (Rafael Gonzaga) #​59711
• [05d7509bd2] - (SEMVER-MINOR) v8: add cpu profile (theanarkh) #​59807

Commits

• [e4a23a35ac] - benchmark: focus on import.meta intialization in import-meta benchmark (Joyee Cheung) #​60603
• [b6114ae5c9] - benchmark: add per-suite setup option (Joyee Cheung) #​60574
• [ac8e90af7c] - buffer: speed up concat via TypedArray#set (Gürgün Dayıoğlu) #​60399
• [acbc8ca13e] - build: upgrade Python linter ruff, add rules ASYNC,PERF (Christian Clauss) #​59984
• [f97a609a07] - console: optimize single-string logging (Gürgün Dayıoğlu) #​60422
• [6cd9bdc580] - crypto: ensure documented RSA-PSS saltLength default is used (Filip Skokan) #​60662
• [0fafe24d9b] - crypto: fix argument validation in crypto.timingSafeEqual fast path (Joyee Cheung) #​60538
• [54421e0419] - debugger: fix event listener leak in the run command (Joyee Cheung) #​60464
• [c361a628b4] - deps: V8: cherry-pick 72b0e27 (pthier) #​60732
• [c70f4588dd] - deps: V8: cherry-pick 6bb32bd (Erik Corry) #​60732
• [881fe784c5] - deps: V8: cherry-pick 0dd2318 (Erik Corry) #​60732
• [457c33efcc] - deps: V8: cherry-pick df20105 (Erik Corry) #​60732
• [0bf45a829c] - deps: V8: backport e5dbbba (Darshan Sen) #​60524
• [4993bdc476] - deps: V8: cherry-pick 5ba9200 (Juan José Arboleda) #​60620
• [1e9abe0078] - deps: update corepack to 0.34.5 (Node.js GitHub Bot) #​60842
• [3f704ed08f] - deps: update corepack to 0.34.4 (Node.js GitHub Bot) #​60643
• [04e360fdb1] - deps: V8: cherry-pick 06bf293, 146962d and e0fb10b (Michaël Zasso) #​60713
• [fcbd8dbbde] - deps: patch V8 to 13.6.233.17 (Michaël Zasso) #​60712
• [28e9433f39] - deps: V8: cherry-pick 8735658 (Joyee Cheung) #​60069
• [3cac85b243] - deps: V8: backport 2e4c5cf (Michaël Zasso) #​60654
• [1daece1970] - deps: call OPENSSL_free after ANS1_STRING_to_UTF8 (Rafael Gonzaga) #​60609
• [5f55a9c9ea] - deps: nghttp2: revert 7784fa9 (Antoine du Hamel) #​59790
• [1d9e7c1f4d] - deps: update nghttp2 to 1.67.1 (nodejs-github-bot) #​59790
• [3140415068] - deps: update simdjson to 4.1.0 (Node.js GitHub Bot) #​60542
• [d911f9f1b8] - deps: update amaro to 1.1.5 (Node.js GitHub Bot) #​60541
• [daaaf04a32] - deps: V8: cherry-pick 2abc613 (Richard Lau) #​60177
• [b4f63ee5f8] - doc: update Collaborators list to reflect hybrist handle change (Antoine du Hamel) #​60650
• [effcf7a8ab] - doc: fix link in --env-file=file section (N. Bighetti) #​60563
• [7011736703] - doc: fix linter issues (Antoine du Hamel) #​60636
• [5cc79d8945] - doc: add missing history entry for sqlite.md (Antoine du Hamel) #​60607
• [bbc649057c] - doc: correct values/references for buffer.kMaxLength (René) #​60305
• [ea7ecb517b] - doc: recommend events.once to manage 'close' event (Dan Fabulich) #​60017
• [58bff04cc2] - doc: highlight module loading difference between import and require (Ajay A) #​59815
• [bbcbff9b4d] - doc: add CJS code snippets in sqlite.md (Allon Murienik) #​60395
• [f8af33d5a7] - doc: fix typo in process.unref documentation (우혁) #​59698
• [df105dc351] - doc: add some entries to glossary.md (Mohataseem Khan) #​59277
• [4955cb2b5b] - doc: improve agent.createConnection docs for http and https agents (JaeHo Jang) #​58205
• [6283bb5cc9] - doc: fix pseudo code in modules.md (chirsz) #​57677
• [d5059ea537] - doc: add missing variable in code snippet (Koushil Mankali) #​55478
• [900de373ae] - doc: add missing word in single-executable-applications.md (Konstantin Tsabolov) #​53864
• [5735044c8b] - doc: fix typo in http.md (Michael Solomon) #​59354
• [2dee6df831] - doc: update devcontainer.json and add documentation (Joyee Cheung) #​60472
• [8f2d98d7d2] - doc: add haramj as triager (Haram Jeong) #​60348
• [bbd7fdfff4] - doc: clarify require(esm) description (dynst) #​60520
• [33ad11a764] - doc: instantiate resolver object (Donghoon Nam) #​60476
• [81a61274f3] - doc: correct module loading descriptions (Joyee Cheung) #​60346
• [77911185fe] - doc: clarify --use-system-ca support status (Joyee Cheung) #​60340
• [185f6e95d9] - doc,crypto: link keygen to supported types (Filip Skokan) #​60585
• [772d6c6608] - doc,src,lib: clarify experimental status of Web Storage support (Antoine du Hamel) #​60708
• [ad98e11ac2] - esm: use sync loading/resolving on non-loader-hook thread (Joyee Cheung) #​60380
• [1a00b5f68a] - (SEMVER-MINOR) http: add optimizeEmptyRequests server option (Rafael Gonzaga) #​59778
• [5703ce68bc] - http: replace startsWith with strict equality (btea) #​59394
• [2b696ffad8] - http2: add diagnostics channels for client stream request body (Darshan Sen) #​60480
• [dbdf4cb5a5] - inspector: inspect HTTP response body (Chengzhong Wu) #​60572
• [9dc9a7d33d] - inspector: support inspecting HTTP/2 request and response bodies (Darshan Sen) #​60483
• [89fa2befe4] - inspector: fix crash when receiving non json message (Shima Ryuhei) #​60388
• [ff5754077d] - (SEMVER-MINOR) lib: add options to util.deprecate (Rafael Gonzaga) #​59982
• [33baaf42c8] - lib: replace global SharedArrayBuffer constructor with bound method (Renegade334) #​60497
• [b047586a08] - meta: bump actions/download-artifact from 5.0.0 to 6.0.0 (dependabot[bot]) #​60532
• [64192176d7] - meta: bump actions/upload-artifact from 4.6.2 to 5.0.0 (dependabot[bot]) #​60531
• [af6d4a6b9b] - meta: bump github/codeql-action from 3.30.5 to 4.31.2 (dependabot[bot]) #​60533
• [c17276fd24] - meta: bump actions/setup-node from 5.0.0 to 6.0.0 (dependabot[bot]) #​60529
• [[6e8b52a7dc](

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.