Bump tmp, @angular/fire, @angular-devkit/build-angular, @angular-eslint/schematics, @angular/cli and firebase-tools

[dependabot]

Bumps tmp to 0.2.4 and updates ancestor dependencies tmp, @angular/fire, @angular-devkit/build-angular, @angular-eslint/schematics, @angular/cli and firebase-tools. These dependencies need to be updated together.

Updates tmp from 0.2.3 to 0.2.4

Commits

• 08fa3ab Update version
• 1cf4ec5 Merge commit from fork
• 188b25e Fix GHSA-52f5-9888-hmc6
• 73b9fe4 Add test case for GHSA-52f5-9888-hmc6
• b8e2f29 Remove broken tests
• 2892a02 Remove outdated URL
• f592318 Reformat package.json
• 995ac8c Merge pull request #301 from raszi/dependabot/npm_and_yarn/braces-3.0.3
• caa758d Bump braces from 3.0.2 to 3.0.3
• See full diff in compare view

Updates @angular/fire from 17.0.1 to 20.0.1

Release notes

Sourced from @​angular/fire's releases.

20.0.1

What's Changed

• fix: Avoid handling promise rejections twice in stability helper by @​atscott in angular/angularfire#3657

New Contributors

• @​atscott made their first contribution in angular/angularfire#3657

Full Changelog: angular/angularfire@20.0.0...20.0.1

20.0.0

What's Changed

• Peer on Angular v20
• Peer on firebase-tools v14

Full Changelog: angular/angularfire@19.2.0...20.0.0

20.0.0-rc.0

What's Changed

• Peer on Angular v20
• Peer on firebase-tools v14

Full Changelog: angular/angularfire@19.2.0...20.0.0-rc.0

19.2.0

What's Changed

• Add @angular/fire/ai entry for Firebase AI by @​nohe427 in angular/angularfire#3650

New Contributors

• @​nohe427 made their first contribution in angular/angularfire#3650

Full Changelog: angular/angularfire@19.1.0...19.2.0

19.1.0

What's Changed

• Added data connect to schematics by @​maneesht in angular/angularfire#3638

New Contributors

• @​maneesht made their first contribution in angular/angularfire#3638

Full Changelog: angular/angularfire@19.0.0...19.1.0

19.0.0

What's Changed

• Single sample application—demonstrating the modular SDK in a Zoneless SSR application with code-splitting on @defer
• Now logging zone warnings about instability when using AngularFire outside of an injection context
• Added docs on application instability
• Bumped Angular, Firebase, and other dependencies
• Now bundling CLI dependencies

Added

... (truncated)

Commits

• eb99d8e fix: Avoid handling promise rejections twice in stability helper (#3657)
• c1c6af9 Preparing v20 release (#3655)
• 61fde1b 19.2.0 release (#3651)
• 20bee94 Add AI package (#3650)
• ec4e3bd Bump action, bump minor (#3644)
• da4d2d1 Added data connect to schematics (#3638)
• 35e0a98 zone log verbosity (#3613)
• 8ce95bf Zone docs and switch to warnings (#3608)
• e567618 fix(compat): correct injectors to fix issue with compat API on v19 (#3595)
• bc926a8 Single n19 sample (#3591)
• Additional commits viewable in compare view

Updates @angular-devkit/build-angular from 17.3.2 to 20.1.4

Release notes

Sourced from @​angular-devkit/build-angular's releases.

20.1.4

@​angular/cli

Commit	Description
	skip workspace-specific tools when outside a workspace

@​angular/build

Commit	Description
	skip vite transformation of CSS-like assets

20.1.3

@​angular/build

Commit	Description
	update vite to 7.0.6

20.1.2

@​angular/cli

Commit	Description
	define option is being included multiple times in the JSON help

@​angular-devkit/core

Commit	Description
	use crypto.randomUUID instead of Date.now for unique string in tmp file names

20.1.1

@​angular/build

Commit	Description
	emit a warning when outputHashing is set to all or bundles when HMR is enabled
	normalize code coverage include paths to POSIX

20.1.0

@​schematics/angular

Commit	Description
	use signal in app component

@​angular/cli

Commit	Description
	add initial MCP server implementation

@​angular-devkit/build-angular

Commit	Description
	provide partial custom postcss configuration support

@​angular/build

Commit	Description
	add code coverage reporters option for unit-test

... (truncated)

Changelog

Sourced from @​angular-devkit/build-angular's changelog.

20.1.4 (2025-07-30)

@​angular/cli

Commit	Type	Description
2d753cc62	fix	skip workspace-specific tools when outside a workspace

@​angular/build

Commit	Type	Description
42d72ef4d	fix	skip vite transformation of CSS-like assets

20.1.3 (2025-07-24)

@​angular/build

Commit	Type	Description
ea5cd0e81	fix	update vite to 7.0.6

20.2.0-next.1 (2025-07-23)

@​angular/cli

Commit	Type	Description
fefa7a46f	fix	define option is being included multiple times in the JSON help

@​angular-devkit/core

Commit	Type	Description
7595e1f88	fix	use crypto.randomUUID instead of Date.now for unique string in tmp file names

@​angular/build

Commit	Type	Description
fb06bb505	feat	add headless mode for vitest browser mode

... (truncated)

Commits

• ffc4c67 release: cut the v20.1.4 release
• 2d753cc fix(@​angular/cli): skip workspace-specific tools when outside a workspace
• 42d72ef fix(@​angular/build): skip vite transformation of CSS-like assets
• 0489fe7 refactor(@​angular/build): update MCP best practices guide content
• f7b6160 build: update bazel dependencies
• 18b44f6 release: cut the v20.1.3 release
• ea5cd0e fix(@​angular/build): update vite to 7.0.6
• 0568f38 release: cut the v20.1.2 release
• 14da042 refactor(@​angular/cli): move MCP list projects tool to separate file
• 731d1a6 refactor(@​angular/cli): include content for top result in MCP documentation s...
• Additional commits viewable in compare view

Updates @angular-eslint/schematics from 17.3.0 to 20.1.1

Release notes

Sourced from @​angular-eslint/schematics's releases.

v20.1.1

20.1.1 (2025-06-19)

🩹 Fixes

• update typescript-eslint packages to v8.34.1 (#2522)
• update dependency @​angular/compiler to v20.0.4 (#2532)
• eslint-plugin: [no-output-on-prefix] update style guide link (#2514)
• eslint-plugin-template: [no-interpolation-in-attributes] use keySpan as attr. range and sourceSpan as replacement range (#2531)

❤️ Thank You

• Niklas Wolf
• Victor Santelé

v20.1.0

20.1.0 (2025-06-16)

🚀 Features

• eslint-plugin: add rules to ban experimental and developer preview (#2037)

🩹 Fixes

• update dependency @​angular/compiler to v20.0.3 (#2505)
• update dependency eslint to v9.29.0 (#2520)
• update typescript-eslint packages to v8.34.0 (#2511)

❤️ Thank You

• Daniel Kimmich @​json-derulo

v20.0.0

20.0.0 (2025-06-06)

As always we recommend that you update your existing workspaces by using ng update as we provide some helpful schematics to help migrate your workspaces to the latest and greatest. Running the following will update Angular, the Angular CLI and angular-eslint together:

ng update @angular/core @angular/cli angular-eslint

🚀 Features

• ⚠️ switch to angular v20 (e2b46ef4)
• ⚠️ eslint-lint: add prefer-inject to recommended (c8367d3b)
• ⚠️ eslint-plugin: switch prefer-standalone fix to suggestion, reference guide (4583034f)
• ⚠️ eslint-plugin: remove (component|directive)-class-suffix from recommended (c1022ee6)
• ⚠️ template-parser: do not suppress parse errors by default (#2255)

🩹 Fixes

... (truncated)

Changelog

Sourced from @​angular-eslint/schematics's changelog.

20.1.1 (2025-06-19)

🩹 Fixes

• update typescript-eslint packages to v8.34.1 (#2522)

20.1.0 (2025-06-16)

🩹 Fixes

• update typescript-eslint packages to v8.34.0 (#2511)
• update dependency eslint to v9.29.0 (#2520)

20.0.0 (2025-06-06)

🚀 Features

• ⚠️ switch to angular v20 (e2b46ef4)

⚠️ Breaking Changes

• ⚠️ switch to angular v20 (e2b46ef4)

❤️ Thank You

• JamesHenry @​JamesHenry

19.8.0 (2025-06-06)

This was a version bump only for schematics to align it with other projects, there were no code changes.

19.7.1 (2025-06-03)

🩹 Fixes

• update typescript-eslint packages to v8.33.1 (#2496)

19.7.0 (2025-06-02)

🩹 Fixes

• schematics: ensure @​eslint/js and @​angular-eslint/builder are always available in non-npm repos (#2486)
• update dependency eslint to v9.28.0 (#2484)
• update dependency ignore to v7.0.5 (#2485)
• update typescript-eslint packages to v8.33.0 (#2465)

❤️ Thank You

• James Henry @​JamesHenry

... (truncated)

Commits

• 54e8ee7 chore(release): publish 20.1.1
• 34af849 fix: update typescript-eslint packages to v8.34.1 (#2522)
• c3378d2 chore(release): publish 20.1.0
• aa72e02 fix: update typescript-eslint packages to v8.34.0 (#2511)
• cd3988f fix: update dependency eslint to v9.29.0 (#2520)
• dd42d41 chore(release): publish 20.0.0
• c08eb54 chore: add simple migration schematic for v20
• e2b46ef feat!: switch to angular v20
• 3037d4a chore(release): publish 19.8.0
• 3c2f72a chore(release): publish 19.7.1
• Additional commits viewable in compare view

Updates @angular/cli from 17.3.2 to 20.1.4

Release notes

Sourced from @​angular/cli's releases.

20.1.4

@​angular/cli

Commit	Description
	skip workspace-specific tools when outside a workspace

@​angular/build

Commit	Description
	skip vite transformation of CSS-like assets

20.1.3

@​angular/build

Commit	Description
	update vite to 7.0.6

20.1.2

@​angular/cli

Commit	Description
	define option is being included multiple times in the JSON help

@​angular-devkit/core

Commit	Description
	use crypto.randomUUID instead of Date.now for unique string in tmp file names

20.1.1

@​angular/build

Commit	Description
	emit a warning when outputHashing is set to all or bundles when HMR is enabled
	normalize code coverage include paths to POSIX

20.1.0

@​schematics/angular

Commit	Description
	use signal in app component

@​angular/cli

Commit	Description
	add initial MCP server implementation

@​angular-devkit/build-angular

Commit	Description
	provide partial custom postcss configuration support

@​angular/build

Commit	Description
	add code coverage reporters option for unit-test

... (truncated)

Changelog

Sourced from @​angular/cli's changelog.

20.1.4 (2025-07-30)

@​angular/cli

Commit	Type	Description
2d753cc62	fix	skip workspace-specific tools when outside a workspace

@​angular/build

Commit	Type	Description
42d72ef4d	fix	skip vite transformation of CSS-like assets

20.1.3 (2025-07-24)

@​angular/build

Commit	Type	Description
ea5cd0e81	fix	update vite to 7.0.6

20.2.0-next.1 (2025-07-23)

@​angular/cli

Commit	Type	Description
fefa7a46f	fix	define option is being included multiple times in the JSON help

@​angular-devkit/core

Commit	Type	Description
7595e1f88	fix	use crypto.randomUUID instead of Date.now for unique string in tmp file names

@​angular/build

Commit	Type	Description
fb06bb505	feat	add headless mode for vitest browser mode

... (truncated)

Commits

• ffc4c67 release: cut the v20.1.4 release
• 2d753cc fix(@​angular/cli): skip workspace-specific tools when outside a workspace
• 42d72ef fix(@​angular/build): skip vite transformation of CSS-like assets
• 0489fe7 refactor(@​angular/build): update MCP best practices guide content
• f7b6160 build: update bazel dependencies
• 18b44f6 release: cut the v20.1.3 release
• ea5cd0e fix(@​angular/build): update vite to 7.0.6
• 0568f38 release: cut the v20.1.2 release
• 14da042 refactor(@​angular/cli): move MCP list projects tool to separate file
• 731d1a6 refactor(@​angular/cli): include content for top result in MCP documentation s...
• Additional commits viewable in compare view

Updates firebase-tools from 13.8.1 to 14.11.2

Release notes

Sourced from firebase-tools's releases.

v14.11.2

• Fixed ext:export command so that it correctly returns system params in the .env file (#8881)
• Fixed an issue where the MCP server could not successfully use Application Default Credentials. (#8896)
• Fixed an issue where the incorrect API was enabled for apptesting commands.

v14.11.1

• Added a deprecation warning for functions.config() to stderr on deploy and all functions:config commands. (#8808)
• Added analytics to track runtime config usage in functions deployments (#8870).
• Fixed issue where __name__ fields with DESCENDING order were incorrectly filtered from index listings, causing duplicate index issues (#7629) and deployment conflicts (#8859). The fix now preserves __name__ fields with explicit DESCENDING order while filtering out implicit ASCENDING __name__ fields.
• Add service account and service enablement to firebase init apptesting
• Updated the Firebase Data Connect local toolkit to v2.10.1, which includes the following changes: (#8884)
  • [fixed] Dart codegen: Issue where list enums weren't properly serialized and deserialized.
  • [fixed] Dart codegen: Issue where if a Variable class has a field that is a custom scalar type, and that field has an enum, the enum is set to the incorrect type.
  • [fixed] Swift codegen: For enum cases that are not known to the SDK in advance, Swift generates a _UNKNOWN case with a string associated value. The fix changes that case name from UNKNOWN to _UNKNOWN. If you have existing generated enums, you may need to rebuild your project.
  • [changed] Kotlin codegen: Add value property to the EnumValue base interface.
  • [fixed] Dart codegen: Issue where nullable enum fields weren't setting the field itself as nullable.

v14.11.0

• Add experimental App Testing feature
• Fixed an issue where the Cloud Task emulator couldn't decode non-ASCII characters. (#8836)
• Fixed an issue where firestore:indexes wrongly removed the __name__ field. (#7629)
• Update Firebase Data Connect Emulator to version 2.10.0, which added support for full-text search, user-defined enums, and moved SQL/CEL errors to the GraphQL debug_details field. (#8837)

v14.10.1

• Updated Data Connect emulator to v2.9.1, which:
  • Replaces the release of v2.9.0, which used an outdated version of Data Connect emulator.
  • Fixed an issue in Data Connect where indexes over 63 characters broke schema migration.
  • Added support for string_pattern filters in Data Connect. These allow you to filter string fields using regex or LIKE semantics.
• Fixed an issue where firebase-tools could not be used within v1 Cloud Functions due to trying to write to a read only file.

v14.10.0

• Improve App Hosting compute service account flow for source deploys. (#8785)
• Fixed an issue with ext:configure where params without default values could not be set. (#8810)
• Updated Data Connect emulator to v2.9.0, which:
  • Fixed an issue in Data Connect where indexes over 63 characters broke schema migration.
  • Added support for string_pattern filters in Data Connect. These allow you to filter string fields using regex or LIKE semantics.
• Fixed an issue where the Data Connect emulator wasn't provided application default credentials. (#8819)

v14.9.0

• Added validation to check if project ID exists during project creation. (#5233)
• Added generate_dataconnect_schema, dataconnect_generate_operation, firebase_consult_assistant MCP tools. (#8647)
• firebase init dataconnect is now integrated with Gemini in Firebase API to generate Schema based on description. (#8596)
• Added user-friendly warning for runtime errors from the GCF API. (#8713)
• Updated Data Connect emulator to 2.8.0, which adds a README to generated Kotlin packages and drops support for macOS 10.15 (Catalina).

v14.8.0

• Updated the Data Connect emulator to use pglite 0.3.x and Postgres 17, which fixes some crashes related to wire protocol inconsistencies. (#8679, #8658)
• Remove container cleanup logic in functions:delete command (#8771)
• Fixed an issue where the IAM enablement for GenKit monitoring would try to change an invalid service account. (#8756)
• Added a max instance default to function templates and comments educating users on cost controls. (#8772)

... (truncated)

Commits

• 8a2e4d3 14.11.2
• 9d86bf9 Fix issue where login didnt work as expected on studio (#8914)
• eba9084 Fix apptesting enablement (#8905)
• f6c9ed1 Fixing an issue where MCP server wuld still hang on studio instead of asking ...
• ad6e8da fix: fix ext:export command (#8881)
• 226c375 Fixes for #8900 (#8901)
• dd6c8b0 Update mcp.md template (#8897)
• 26165ac docs: sync framework docs from internal repo (#8861)
• a5f9119 Set @auth(insecureReason) in init template (#8863)
• 783007a fix(deploy/functions): parsing list param (#8891)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.