fix(deps): update dependency @google-cloud/firestore to v6 [security]

[renovate-bot]

This PR contains the following updates:

Package	Change	Age	Confidence
@google-cloud/firestore (source)	^5.0.0 → ^6.2.0

GitHub Vulnerability Alerts

CVE-2023-6460

A potential logging of the firestore key via logging within nodejs-firestore exists - Developers who were logging objects through this._settings would be logging the firestore key as well potentially exposing it to anyone with logs read access. We recommend upgrading to version 6.1.0 to avoid this issue

Severity

• CVSS Score: 4.0 / 10 (Medium)
• Vector String: CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N

---

Release Notes

googleapis/google-cloud-node (@​google-cloud/firestore)

v6.2.0

Compare Source

Features

• Use REST (#​1698) (d85b0e9)

Bug Fixes

• Minify proto JSON files (#​1771) (6393fe7)
• Remove hack in update.sh, and replace with existing pattern for protobuf dependencies. (#​1769) (6ba6751)

v6.0.0

Compare Source

⚠ BREAKING CHANGES

• update library to use Node 12 (#​1725)

Features

• Enable RunQueryResponse.done (#​1712) (0cc549c)
• Support Logical Termination on RunQueryResponse (#​1741) (07de28a)
• support regapic LRO (#​1729) (b9d8fef)
• update client libraries to support Database operations (#​1676) (533aade)

Bug Fixes

• change REST binding for ListDocuments to support root collection (#​1695) (6185f13)
• deps: update dependency protobufjs to v7 (#​1747) (4e8d33c)
• split v1 and v1beta1 protos to improve startup time (#​1664) (f3729cf)

Build System

• update library to use Node 12 (#​1725) (0abbd21)

5.0.2 (2022-01-07)

Bug Fixes

• remove serializer check from Query.isEqual() (#​1654) (f13da18)

5.0.1 (2021-12-02)

Bug Fixes

• save negative zero as doubleValue (#​1639) (a6ba5cc)

v5.0.2

Compare Source

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • ""
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[dpebot]

/gcbrun

[gemini-code-assist]

Code Review

This pull request updates the @google-cloud/firestore dependency from version 5.0.0 to 6.2.0 across several modules. Feedback indicates that for the sessions module, the @google-cloud/connect-firestore package must also be upgraded to version 3.0.0 to ensure compatibility with the new Firestore version and avoid potential runtime issues.

[gemini-code-assist]

Upgrading @google-cloud/firestore to v6 (a major version bump) requires a corresponding update to @google-cloud/connect-firestore to version ^3.0.0. The current version (^2.0.0) is incompatible with Firestore v6, which will lead to peer dependency conflicts and potential runtime errors during session management.

Note: Upgrading to connect-firestore v3 also requires a code change in sessions/index.js: the dataset property in the FirestoreStore constructor should be renamed to firestore to align with the updated API.

Suggested change

	"@google-cloud/connect-firestore": "^2.0.0",
	"@google-cloud/firestore": "^5.0.0",
	"@google-cloud/firestore": "^6.2.0",
	"@google-cloud/connect-firestore": "^3.0.0",
	"@google-cloud/firestore": "^6.2.0",

[dpebot]

/gcbrun

[dpebot]

/gcbrun

[dpebot]

/gcbrun

[dpebot]

/gcbrun

[dpebot]

/gcbrun

[dpebot]

/gcbrun