build(deps): bump tar and firebase-tools

[dependabot]

Bumps tar to 7.5.13 and updates ancestor dependency firebase-tools. These dependencies need to be updated together.

Updates tar from 6.2.1 to 7.5.13

Changelog

Sourced from tar's changelog.

Changelog

7.5

• Added zstd compression support.
• Consistent TOCTOU behavior in sync t.list
• Only read from ustar block if not specified in Pax
• Fix sync tar.list when file size reduces while reading
• Sanitize absolute linkpaths properly
• Prevent writing hardlink entries to the archive ahead of their file target

7.4

• Deprecate onentry in favor of onReadEntry for clarity.

7.3

• Add onWriteEntry option

7.2

• DRY the command definitions into a single makeCommand method, and update the type signatures to more appropriately infer the return type from the options and arguments provided.

7.1

• Update minipass to v7.1.0
• Update the type definitions of write() and end() methods on Unpack and Parser classes to be compatible with the NodeJS.WritableStream type in the latest versions of @types/node.

7.0

• Drop support for node <18
• Rewrite in TypeScript, provide ESM and CommonJS hybrid interface
• Add tree-shake friendly exports, like import('tar/create') and import('tar/read-entry') to get individual functions or classes.
• Add chmod option that defaults to false, and deprecate noChmod. That is, reverse the default option regarding explicitly setting file system modes to match tar entry settings.
• Add processUmask option to avoid having to call process.umask() when chmod: true (or noChmod: false) is set.

... (truncated)

Commits

• d6611ae 7.5.13
• 119c401 fix(extract): prevent raced symlink writes outside cwd
• 2a294d3 7.5.12
• 01082a4 fix: reject top promise on floating addFilesAsync rejections
• dd1c36a linting
• 35a1ffe doc: more clarity in security warning
• bf776f6 7.5.11
• f48b5fa prevent escaping symlinks with drive-relative paths
• 97cff15 docs: more security info
• 2b72abc 7.5.10
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by isaacs, a new releaser for tar since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Updates firebase-tools from 13.35.1 to 15.14.0

Release notes

Sourced from firebase-tools's releases.

v15.14.0

• Added Enterprise Edition support to the Firestore emulator. Configure it by setting firebase.json#firestore.edition or firebase.json#emulators.firestore.edition.
• Fixed an issue where functions deployments would silently fail (#6989)
• Fixed issue where the CLI isn't able to correctly parse command arguments on PowerShell (#7506)
• Add support for Next.js 16 middleware (proxy.ts/proxy.js) (#9631)
• Updates the default region for new App Hosting backends to us-east4 (#10271)
• Fix Next.js image optimization detection in client components (#10228)
• Updates Firebase Data Connect emulator to v3.4.1 (#10290)
  • Upgraded Go runtime to 1.25.9.
  • Bug fix: Fixed an issue that caused Angular SDK generation to fail.

v15.13.0

• Add validation to check if backendId exists in firebase.json when --only flag is used. (#10161)
• Updated default Postgres version for Data Connect to 18. (#10234)
• Update Typescript version to v6 in templates for functions and extensions. (#10232)

v15.12.0

• Moved MCP server firebase-debug.log to ~/.cache/firebase/firebase-debug.log. (#9982)
• Added a prompt to firebase init to install Agent Skills for Firebase.
• Updated the Firebase Data Connect local toolkit to v3.3.1, which includes the following changes: (#10190)
  • [added] Support for configuring client-side caching in connector.yaml / generate section

v15.11.0

• Add support for dataAccessMode in Firestore database creation. This allows choosing between FIRESTORE_NATIVE and MONGODB_COMPATIBLE for Enterprise edition databases.
• Updated Firestore Emulator to v1.20.4, which includes minor bug fixes for Firestore Native Mode.
• Added apptesting:execute command to run App Testing agent tests from YAML files.
• Updated Data Connect emulator to v3.3.0:
  • firebase dataconnect:sdk:generate now performs compilation check first before generating SDKs.
  • Updated the Golang dependency version from 1.24.13 to 1.25.8, which removes support for macOS versions prior to Monterey.
  • Prevent concurrent execution of operations. firebase/firebase-tools#9866
  • Support for skip and include directives.
  • Vector similarity search now supports offset as well as limit

v15.10.1

• Updated Pub/Sub emulator to version 0.8.29.

v15.10.0

• Add support for VPC direct connect in GCF 2nd gen (#10033)
• Added --only flag for emulators:export (#4033)
• Added support for custom PostgreSQL schema names in Data Connect. (#9271)
• When SSR web app features are detected in the firebase init hosting flow, offer to switch to App Hosting (#9887)
• Removed the experimental web frameworks prompt from firebase init hosting (#9843)
• Added studio:export command to export Firebase Studio projects to Antigravity.

v15.9.1

• Added support for next.config.ts and next.config.mts in Next.js deployments (#9871)
• Enabled free trials without a billing instrument for Firebase Data Connect (#10042)

v15.9.0

• Added *_EMULATOR_VERSION env variables to allow overriding specific versions of downloadable emulators

... (truncated)

Commits

• afa7672 15.14.0
• bab18c0 handle powershell stripping commas (#10288)
• 3abf55a Another attempt to fix the npm propogation delay issues on publish (#10303)
• 08ba2a7 Add enterprise edition support in Firestore Emulator (#10280)
• 0c9a82a Update FDC emulator to v3.3.9 (#10290)
• 66a5ab6 Alternate link to Cloud Console (#10283)
• af20c4e Revert "Rename 'functionsrunapionly' experiment 'dartfunctions'. (#10269)"
• 35783b0 feat: enable fdcrealtime by default and inject clientCache into SDK generatio...
• f95ede5 fix: detect next/image usage in client components (#10228)
• 0542937 middleware/proxy fixes for next.js 16 (#9631)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.