fix(deps): update dependency @google-cloud/firestore to v6 [security]

[renovate-bot]

This PR contains the following updates:

Package	Change	Age	Confidence
@google-cloud/firestore (source)	^5.0.0 → ^6.2.0

---

Logging of the firestore key within nodejs-firestore

CVE-2023-6460 / GHSA-4g6q-77j7-vvjc

More information

Details

A potential logging of the firestore key via logging within nodejs-firestore exists - Developers who were logging objects through this._settings would be logging the firestore key as well potentially exposing it to anyone with logs read access. We recommend upgrading to version 6.1.0 to avoid this issue

Severity

• CVSS Score: 4.0 / 10 (Medium)
• Vector String: CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N

References

• https://nvd.nist.gov/vuln/detail/CVE-2023-6460
• https://github.com/googleapis/nodejs-firestore/pull/1742
• https://github.com/googleapis/nodejs-firestore/releases/tag/v6.1.0
• https://github.com/advisories/GHSA-4g6q-77j7-vvjc

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

Release Notes

googleapis/google-cloud-node (@​google-cloud/firestore)

v6.2.0

Compare Source

Features

• Use REST (#​1698) (d85b0e9)

Bug Fixes

• Minify proto JSON files (#​1771) (6393fe7)
• Remove hack in update.sh, and replace with existing pattern for protobuf dependencies. (#​1769) (6ba6751)

v6.0.0

Compare Source

⚠ BREAKING CHANGES

• update library to use Node 12 (#​1725)

Features

• Enable RunQueryResponse.done (#​1712) (0cc549c)
• Support Logical Termination on RunQueryResponse (#​1741) (07de28a)
• support regapic LRO (#​1729) (b9d8fef)
• update client libraries to support Database operations (#​1676) (533aade)

Bug Fixes

• change REST binding for ListDocuments to support root collection (#​1695) (6185f13)
• deps: update dependency protobufjs to v7 (#​1747) (4e8d33c)
• split v1 and v1beta1 protos to improve startup time (#​1664) (f3729cf)

Build System

• update library to use Node 12 (#​1725) (0abbd21)

5.0.2 (2022-01-07)

Bug Fixes

• remove serializer check from Query.isEqual() (#​1654) (f13da18)

5.0.1 (2021-12-02)

Bug Fixes

• save negative zero as doubleValue (#​1639) (a6ba5cc)

v5.0.2

Compare Source

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • ""
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[dpebot]

/gcbrun

[gemini-code-assist]

Code Review

This pull request updates the @google-cloud/firestore dependency from version 5 to version 6 across several package.json files. A critical compatibility issue was identified in sessions/package.json, where upgrading Firestore to v6 requires a corresponding upgrade of @google-cloud/connect-firestore to version 3.0.0 to prevent breaking changes and ensure the session store remains functional.

[gemini-code-assist]

Upgrading @google-cloud/firestore to v6 while keeping @google-cloud/connect-firestore at v2.x is likely to cause compatibility issues. Firestore v6 introduced several breaking changes, including the separation of v1 and v1beta1 protos, which are not supported by older versions of the session store. @google-cloud/connect-firestore v3.0.0 was specifically released to provide compatibility with Firestore v6. It is highly recommended to upgrade @google-cloud/connect-firestore to ^3.0.0 alongside this change to ensure the application remains functional.

[dpebot]

/gcbrun

[dpebot]

/gcbrun

[dpebot]

/gcbrun

[dpebot]

/gcbrun