build(deps): bump @grpc/grpc-js and firebase-tools in /app

[dependabot]

Bumps @grpc/grpc-js to 1.8.17 and updates ancestor dependency firebase-tools. These dependencies need to be updated together.

Updates @grpc/grpc-js from 0.6.18 to 1.8.17

Release notes

Sourced from @​grpc/grpc-js's releases.

@​grpc/grpc-js 1.8.17

• Disallow pick_first LB policy as the direct child of an outlier_detection LB policy (#2476)

@​grpc/grpc-js 1.8.16

• Fix missing transport trace logs (#2470)

@​grpc/grpc-js 1.8.15

• Fix a memory leak that could result from a specific pattern of recursive function calls (#2456)
• Ensure status and error events are consistently emitted asynchronously (#2456)

@​grpc/grpc-js 1.8.14

• Fix sequencing of some events related to connectivity state changes (#2421)

@​grpc/grpc-js 1.8.13

• Fix memory leak in channelz socket tracking (#2394)

@​grpc/grpc-js@​1.8.12

• Fix an occasional type error when receiving DNS updates (#2380)
• Fix ordering of events when handing requests on the server (#2376 contributed by @​phoenix741)

@​grpc/grpc-js 1.8.11

• Avoid accumulating placeholder objects when sending many messages on a long-running stream (#2372)

@​grpc/grpc-js 1.8.10

• Fix bugs in "pick first" load balancing policy that caused incorrect reconnection behavior (#2369)

@​grpc/grpc-js 1.8.9

• Fix a bug where clients would continue to send pings at the original configured rate after receiving a backoff request from the server (#2363)

@​grpc/grpc-js 1.8.8

• Remove progress field in returned status object (#2350)
• Export InterceptingListener and NextCall types (#2351)
• Fix a bug that could cause a crash when sending messages that exceed the outgoing message buffer size while a retry is in progress (#2349)

@​grpc/grpc-js 1.8.7

• Make handling of HTTP2 session references work independent of keepalive settings (#2337)

@​grpc/grpc-js 1.8.6

• Hold a reference to transport from call to avoid premature garbage collection (#2336)

@​grpc/grpc-js 1.8.5

• Cancel deadline timer when the call ends (#2335)

@​grpc/grpc-js@​1.8.4

• Fix a bug that would sometimes allow the Node process to exit even though a gRPC request is active (#2322)

@​grpc/grpc-js 1.8.3

• Fix bug that caused streams to fail early when receiving a GOAWAY (#2319)

@​grpc/grpc-js@​1.8.2

... (truncated)

Commits

• 409418b Merge pull request #2476 from murgatroid99/grpc-js_prohibit_od_pick_first
• ed70a0b Fix handling of OD policy with no child
• 073caf5 Merge pull request #2478 from murgatroid99/grpc-js-xds_docker_distroless_1.8.x
• d2d17b0 Merge pull request #2482 from XuanWang-Amos/backport-1.8-file_multiple_url_map
• a6aa7ea Merge pull request #2475 from XuanWang-Amos/file_multiple_url_map
• a62d2b0 Use entrypoint /nodejs/bin/node
• 9441de7 grpc-js-xds: Use distroless Node image for interop Dockerfile
• b53f588 grpc-js: Disallow pick_first as child of outlier_detection
• 09d74ca Merge pull request #2470 from murgatroid99/grpc-js_transport_trace_fix
• 87b5466 grpc-js: Implement trace function in Http2SubchannelConnector
• Additional commits viewable in compare view

Updates firebase-tools from 8.6.0 to 12.4.2

Release notes

Sourced from firebase-tools's releases.

v12.4.2

• Run lifecycle hooks for specific functions. (#6023)
• Increased extension instance create poll timeout to 1h to match backend (#5969).
• Refactored ext:install to use the latest extension metadata. (#5997)
• Added descriptive error when repo is private or not found during ext:dev:upload. (#6052)
• Fixed issue where missing trigger warnings would be wrongly displayed when emulating extensions with HTTPS triggers. (#6055)
• Normalized extension root path before usage in ext:dev:upload. (#6054)

v12.4.1

• Release Firestore emulator 1.18.1 which addes a emulator configuration to start with experimental mode (#5942).
• Run lifecycle hooks for specific codebases. (#6011)
• Fixed issue causing firebase emulators:start to crash in Next.js apps (#6005)

v12.4.0

• Added appdistribution:group:create and appdistribution:group:delete. (#5978)
• Added --group-alias option to appdistribution:testers:add and appdistribution:testers:remove. (#5978)
• Fixed an issue where Storage rules could not be deployed to projects without a billing plan. (#5955)

v12.3.1

• Delete and re-create v2 function on Cloud Run API quota exhaustion (#5719).
• firebase functions:secrets:* ensure the secretmanager API is enabled (#5918)

v12.3.0

• Fix a bug preventing web framework's dev-mode from working out-of-box with Firebase Authentication. (#5894)
• Address additional cases where we were attempting to deploy a framework's development bundle (#5895)
• NextJS rewrites should be prefixed with the basePath defined in next.config.js (#5923)
• Web Frameworks emulators will again respect existing Cloud Functions rewrites (#5923)
• Web Frameworks rewrites/redirects/headers will only prepend those in firebase.json if there's a baseUrl (#5923)
• Fixes issue where Authentication emulator creates a user if empty email and empty password is provided. (#5639)
• Improve error message raised when --import flag directory does not exist. (#5851)
• Switch ext:dev:init to default 'billingRequired' to true in extension.yaml
• Remove LOCATION param from the extensions.yaml template for ext:dev:init
• Support Astro hybrid rendering (#5898)

v12.2.1

• Gracefully close rules runtime on storage emulator stop (#4902)
• Always assume build target of production when deploying a web framework, unless overridden (#5892)

v12.2.0

• Update error message when function deploy fails due to quota. (#5867)
• Fixes RTDB emulator 127.0.0.1 namespace resolution bug. (#5863)
• Improves RTDB emulator to GCF emulator network reliability. (#5863)
• Allow for Angular developers to both target a PWA and leverage serveOptimizedImages. (#5716)
• Multi-page applications that are fully staticly rendered are no longer treated as PWAs. (#5716)
• Add fast dev-mode support for devlopers using Nuxt v2. (#5716)
• Respect ssr: false and baseURL when using Nuxt. (#5716)
• Fix bug where JS SDK auto-init was not working for Vite while in dev-mode (#5610).
• Respect FIREBASE_FRAMEWORKS_BUILD_TARGET environment variable to override the default build target (#5572).
• Improves cleanup process when reloading emulated functions in debug mode. (#5878)
• Allow Web Frameworks to target NodeJS v20. (#5879)

... (truncated)

Commits

• 998a533 12.4.2
• 55e8949 Run lifecycle hooks for specific functions (#6023)
• 0bcee86 Allow $schema property in firebase.json (#6051)
• e1f0d8d Added descriptive error when repo is private or not found during ext:dev:uplo...
• 893971f Only record metrics if user confirms ext:install (#6047)
• 4db12d2 Fix incorrect warnings when emulating extensions with httpsTriggers (#6055)
• 197506a Migrates functions metrics to GA4 (#6053)
• 654e884 Normalized extension root path before usage in ext:dev:upload. (#6054)
• ac28f26 Increased create extensions instance timeout to 1h to match the backend (#5969)
• 417c4b4 Discovery: Added node runtime. (#5993)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.