Stop following symlinks when archiving directories #9284
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Fix filter for symlinks * Fine. Preserve ordering at the cost of readability
yuchenshi
requested changes
Nov 24, 2025
Member
|
@joehan btw you may have forgotten to push your latest changes |
Member
Author
I most certainly did. |
yuchenshi
approved these changes
Nov 25, 2025
joehan
added a commit
that referenced
this pull request
Dec 10, 2025
* Update next to match master (#9313) * Remove overrides that diverge the test configuration from the build configuration. (#9300) Co-authored-by: Jamie Rothfeder <rothbutter@google.com> * Fix misleading typing for options.json. (#9275) * feat(dataconnect): Add confirmation for Gemini schema generation (#9282) * feat(dataconnect): add confirmation for Gemini schema generation Instead of directly asking for an app description to generate a schema with Gemini, this change first asks the user to confirm if they want to use Gemini. If the user confirms, it then prompts for the app description with a default value of "an app for ${setup.projectId}". * prompts * changelog * m * feedback * typo * metrics * Update index.ts --------- Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com> --------- Co-authored-by: Jamie Rothfeder <jamie.rothfeder@gmail.com> Co-authored-by: Jamie Rothfeder <rothbutter@google.com> Co-authored-by: Yuchen Shi <yuchenshi@google.com> Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com> * BREAKING: clean up monkey patching in functions emulator runtime (#9402) 1. Removed `functions.config()` Polyfill Removed initializeRuntimeConfig() from `src/emulator/functionsEmulatorRuntime.ts`. This function manually read `.runtimeconfig.json` and set `CLOUD_RUNTIME_CONFIG` env var to polyfill the logic for old clients of the Functions SDK. Functions SDK has included this feature for more than 5+ years now. 2. Removed Callable Auth Monkey Patches Removed wrapCallableHandler from src/emulator/functionsEmulatorRuntime.ts. that handled manual auth header swapping logic in src/emulator/functionsEmulator.ts. We now rely on the SDK's built-in skipTokenVerification feature shipped since 3.16.0. 3. Bumped Minimum SDK Version Increased minimum required firebase-functions version from 3.15.1 to 3.16.0 (launched 4+ years ago) in `src/emulator/functionsEmulatorRuntime.ts`. This ensures users have an SDK that supports skipTokenVerification and likely handles .runtimeconfig.json loading correctly in emulation. * BREAKING: hide functions:config:* commands by default (#9340) We'll gate all mutating functions:config:* commands behind the new `legacyRuntimeConfigCommands` experiment. We'll keep functions:config:{get,export} available for inspection. Includes some minor refactoring to align deprecation message across all surfaces. ```shell $ firebase functions:config:set FOO=bar Error: DEPRECATION NOTICE: Action required before March 2026 The functions.config() API and the Cloud Runtime Config service are deprecated. Deploys that rely on functions.config() will fail once Runtime Config shuts down in March 2026. The legacy functions:config:* CLI commands are deprecated and will be removed before March 2026. Migrate configuration to the Firebase Functions params APIs: import { defineJsonSecret } from "firebase-functions/params"; const config = defineJsonSecret("RUNTIME_CONFIG"); exports.myFunction = functions .runWith({ secrets: [config] }) .https.onRequest((req, res) => { const apiKey = config.value().service.key; // ... }); To convert existing runtime config values, try the interactive migration command: firebase functions:config:export Learn more: https://firebase.google.com/docs/functions/config-env#migrate-config To run this legacy command temporarily, run the following command and try again: firebase experiments:enable legacyRuntimeConfigCommands ``` * BREAKING: Rewrite functions:config:export command (#9341) Target the new defineJsonSecret API as migration target for functions.config() usage. The new API is a simpler migration target for existing functions.config() use cases. Example flow: ```shell $ firebase functions:config:export i This command retrieves your Runtime Config values (accessed via functions.config()) and exports them as a Secret Manager secret. i Fetching your existing functions.config() from danielylee-90... ✔ Fetched your existing functions.config(). i Configuration to be exported: ⚠ This may contain sensitive data. Do not share this output. { <CONFIG> } ✔ What would you like to name the new secret for your configuration? RUNTIME_CONFIG ✔ Created new secret version projects/XXX/secrets/RUNTIME_CONFIG/versions/1 i To complete the migration, update your code: // Before: const functions = require('firebase-functions'); exports.myFunction = functions.https.onRequest((req, res) => { const apiKey = functions.config().service.key; // ... }); // After: const functions = require('firebase-functions'); const { defineJsonSecret } = require('firebase-functions/params'); const config = defineJsonSecret("RUNTIME_CONFIG"); exports.myFunction = functions .runWith({ secrets: [config] }) // Bind secret here .https.onRequest((req, res) => { const apiKey = config.value().service.key; // ... }); i Note: defineJsonSecret requires firebase-functions v6.6.0 or later. Update your package.json if needed. i Then deploy your functions: firebase deploy --only functions ``` * feat(firestore): return listBackupsResponse from firestore:backups:list --json (#9392) The `firestore:backups:list --json` command now returns the full `listBackupsResponse` object instead of just the `backups` array. This provides more information to the user, including a list of unreachable locations. * Break java (#9451) * error out java version below 21 * error out java version below 21 * error out java version below 21 * update formatting * Remove duplicate error message * Update CHANGELOG.md to include breaking change * update CI to java 21 * Add setup-java action to integration --------- Co-authored-by: Joe Hanley <joehanley@google.com> * Removing support for .bolt rules (#9339) * Removing support for .bolt rules * Changelog * Merging in master * Stop following symlinks when archiving directories (#9284) * Stop following symlinks when archiving directories * Update exfil PR (#9289) * Fix filter for symlinks * Fine. Preserve ordering at the cost of readability * Format * Progress on new approach * Remove unused tar path, fix up zip path to ignore symlinks, add test * More tests * Actually good for real this time ; --------- Co-authored-by: Thomas Bouldin <inlined@users.noreply.github.com> * Remove --open-sesame and --close-sesame (#9532) * Lazy load commands (#9519) * Refactor command loading to be lazy - Updated `src/commands/index.ts` to make `loadCommand` return a lazy runner that only `require`s and registers the command when executed or explicitly loaded. - Updated `src/index.ts` to handle lazy loading in the catch-all command handler by traversing the `client` object and loading the matching command before re-parsing arguments. - Updated `src/bin/cli.ts` to load all commands when no arguments are provided (global help), ensuring the help text is fully populated. - Added cycle detection to the `loadAll` logic to handle circular references in the `client` object. * Refactor command loading to be lazy - Updated `src/commands/index.ts` to make `loadCommand` return a lazy runner that only `require`s and registers the command when executed or explicitly loaded. - Updated `src/index.ts` to handle lazy loading in the catch-all command handler by traversing the `client` object and loading the matching command before re-parsing arguments. - Updated `src/bin/cli.ts` to load all commands when no arguments are provided (global help), ensuring the help text is fully populated. - Added cycle detection to the `loadAll` logic to handle circular references in the `client` object. - Added `scripts/benchmark_load.ts` to measure command load time. * Fix help command as well * Get rid of flawed benchmark test; * Clean up unused vars * Typeguards for style points * Move typeguard * Better types * CHANGELOG * More type cleanup * No anys * Fixing getCommand * Bump timeout? * 20s is better * Removing extra timing code * format --------- Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com> * BREAKING: Enforce strict timeout validation for functions (#9540) * feat: enforce strict timeout validation for functions * nit: run formatter * docs: add changelog entry for timeout validation * refactor: optimize timeout validation logic * nit: add "breaking" prefix in changelog. * bug: remove redundant timeout validation. * feat: remove obsolete parseTriggers fallback (#9521) * feat: remove obsolete parseTriggers fallback * nit: clean up conditional paths * feat(dataconnect): Update dataconnect:* commands to use flags for --service & --location (#9312) * Update Firestore Emulator to v1.20.2 (#9565) * Bump FS emulator version to 1.20.2 * Update CHANGELOG.md Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --------- Co-authored-by: Joe Hanley <joehanley@google.com> Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> * Fix test broken by merge conflict * format * Update version in server.json * Implement a `firebase init dataconnect:resolver` command. (#9493) * Implement a `firebase init dataconnect:schema` command. * Gate behind experiment flag and a few other fixes. * Add unit tests. * Fix unit tests. * Rename command to `firebase init dataconnect:resolver`. * Commit missed file. * Fix default location in Cloud Run URL. * Don't prompt for Cloud Run URL. * Remove no-op line. * Gate command at init level. * [VS Code] Fix rendering of generate query code lens (#9588) * Fix package-lock.json * Fix missing auth:import and appdistribution:testers:remove commands (#9590) * Fix missing auth:import and appdistribution:testers:remove commands * Update CHANGELOG.md Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --------- Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> * Dont pass undefined to getCommand (#9596) * Fix --help (#9597) * Fix --help * handle firebase --help * bump fdc emulator to v3 (#9602) * FDC V3 * FDC V3 * merging --------- Co-authored-by: oleina <oleina@google.com> Co-authored-by: Joe Hanley <joehanley@google.com> * lint --------- Co-authored-by: Fred Zhang <fredzqm@google.com> Co-authored-by: Jamie Rothfeder <jamie.rothfeder@gmail.com> Co-authored-by: Jamie Rothfeder <rothbutter@google.com> Co-authored-by: Yuchen Shi <yuchenshi@google.com> Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com> Co-authored-by: Daniel Lee <danielylee@google.com> Co-authored-by: harshyyy21 <harshoza24@gmail.com> Co-authored-by: Thomas Bouldin <inlined@users.noreply.github.com> Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Co-authored-by: Rosalyn Tan <rosalyntan@google.com> Co-authored-by: Anthony Oleinik <48811365+antholeole@users.noreply.github.com> Co-authored-by: oleina <oleina@google.com>
joehan
added a commit
that referenced
this pull request
Dec 15, 2025
) * Update next to match master (#9313) * Remove overrides that diverge the test configuration from the build configuration. (#9300) Co-authored-by: Jamie Rothfeder <rothbutter@google.com> * Fix misleading typing for options.json. (#9275) * feat(dataconnect): Add confirmation for Gemini schema generation (#9282) * feat(dataconnect): add confirmation for Gemini schema generation Instead of directly asking for an app description to generate a schema with Gemini, this change first asks the user to confirm if they want to use Gemini. If the user confirms, it then prompts for the app description with a default value of "an app for ${setup.projectId}". * prompts * changelog * m * feedback * typo * metrics * Update index.ts --------- Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com> --------- Co-authored-by: Jamie Rothfeder <jamie.rothfeder@gmail.com> Co-authored-by: Jamie Rothfeder <rothbutter@google.com> Co-authored-by: Yuchen Shi <yuchenshi@google.com> Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com> * BREAKING: clean up monkey patching in functions emulator runtime (#9402) 1. Removed `functions.config()` Polyfill Removed initializeRuntimeConfig() from `src/emulator/functionsEmulatorRuntime.ts`. This function manually read `.runtimeconfig.json` and set `CLOUD_RUNTIME_CONFIG` env var to polyfill the logic for old clients of the Functions SDK. Functions SDK has included this feature for more than 5+ years now. 2. Removed Callable Auth Monkey Patches Removed wrapCallableHandler from src/emulator/functionsEmulatorRuntime.ts. that handled manual auth header swapping logic in src/emulator/functionsEmulator.ts. We now rely on the SDK's built-in skipTokenVerification feature shipped since 3.16.0. 3. Bumped Minimum SDK Version Increased minimum required firebase-functions version from 3.15.1 to 3.16.0 (launched 4+ years ago) in `src/emulator/functionsEmulatorRuntime.ts`. This ensures users have an SDK that supports skipTokenVerification and likely handles .runtimeconfig.json loading correctly in emulation. * BREAKING: hide functions:config:* commands by default (#9340) We'll gate all mutating functions:config:* commands behind the new `legacyRuntimeConfigCommands` experiment. We'll keep functions:config:{get,export} available for inspection. Includes some minor refactoring to align deprecation message across all surfaces. ```shell $ firebase functions:config:set FOO=bar Error: DEPRECATION NOTICE: Action required before March 2026 The functions.config() API and the Cloud Runtime Config service are deprecated. Deploys that rely on functions.config() will fail once Runtime Config shuts down in March 2026. The legacy functions:config:* CLI commands are deprecated and will be removed before March 2026. Migrate configuration to the Firebase Functions params APIs: import { defineJsonSecret } from "firebase-functions/params"; const config = defineJsonSecret("RUNTIME_CONFIG"); exports.myFunction = functions .runWith({ secrets: [config] }) .https.onRequest((req, res) => { const apiKey = config.value().service.key; // ... }); To convert existing runtime config values, try the interactive migration command: firebase functions:config:export Learn more: https://firebase.google.com/docs/functions/config-env#migrate-config To run this legacy command temporarily, run the following command and try again: firebase experiments:enable legacyRuntimeConfigCommands ``` * BREAKING: Rewrite functions:config:export command (#9341) Target the new defineJsonSecret API as migration target for functions.config() usage. The new API is a simpler migration target for existing functions.config() use cases. Example flow: ```shell $ firebase functions:config:export i This command retrieves your Runtime Config values (accessed via functions.config()) and exports them as a Secret Manager secret. i Fetching your existing functions.config() from danielylee-90... ✔ Fetched your existing functions.config(). i Configuration to be exported: ⚠ This may contain sensitive data. Do not share this output. { <CONFIG> } ✔ What would you like to name the new secret for your configuration? RUNTIME_CONFIG ✔ Created new secret version projects/XXX/secrets/RUNTIME_CONFIG/versions/1 i To complete the migration, update your code: // Before: const functions = require('firebase-functions'); exports.myFunction = functions.https.onRequest((req, res) => { const apiKey = functions.config().service.key; // ... }); // After: const functions = require('firebase-functions'); const { defineJsonSecret } = require('firebase-functions/params'); const config = defineJsonSecret("RUNTIME_CONFIG"); exports.myFunction = functions .runWith({ secrets: [config] }) // Bind secret here .https.onRequest((req, res) => { const apiKey = config.value().service.key; // ... }); i Note: defineJsonSecret requires firebase-functions v6.6.0 or later. Update your package.json if needed. i Then deploy your functions: firebase deploy --only functions ``` * feat(firestore): return listBackupsResponse from firestore:backups:list --json (#9392) The `firestore:backups:list --json` command now returns the full `listBackupsResponse` object instead of just the `backups` array. This provides more information to the user, including a list of unreachable locations. * Break java (#9451) * error out java version below 21 * error out java version below 21 * error out java version below 21 * update formatting * Remove duplicate error message * Update CHANGELOG.md to include breaking change * update CI to java 21 * Add setup-java action to integration --------- Co-authored-by: Joe Hanley <joehanley@google.com> * Removing support for .bolt rules (#9339) * Removing support for .bolt rules * Changelog * Merging in master * Stop following symlinks when archiving directories (#9284) * Stop following symlinks when archiving directories * Update exfil PR (#9289) * Fix filter for symlinks * Fine. Preserve ordering at the cost of readability * Format * Progress on new approach * Remove unused tar path, fix up zip path to ignore symlinks, add test * More tests * Actually good for real this time ; --------- Co-authored-by: Thomas Bouldin <inlined@users.noreply.github.com> * Remove --open-sesame and --close-sesame (#9532) * Lazy load commands (#9519) * Refactor command loading to be lazy - Updated `src/commands/index.ts` to make `loadCommand` return a lazy runner that only `require`s and registers the command when executed or explicitly loaded. - Updated `src/index.ts` to handle lazy loading in the catch-all command handler by traversing the `client` object and loading the matching command before re-parsing arguments. - Updated `src/bin/cli.ts` to load all commands when no arguments are provided (global help), ensuring the help text is fully populated. - Added cycle detection to the `loadAll` logic to handle circular references in the `client` object. * Refactor command loading to be lazy - Updated `src/commands/index.ts` to make `loadCommand` return a lazy runner that only `require`s and registers the command when executed or explicitly loaded. - Updated `src/index.ts` to handle lazy loading in the catch-all command handler by traversing the `client` object and loading the matching command before re-parsing arguments. - Updated `src/bin/cli.ts` to load all commands when no arguments are provided (global help), ensuring the help text is fully populated. - Added cycle detection to the `loadAll` logic to handle circular references in the `client` object. - Added `scripts/benchmark_load.ts` to measure command load time. * Fix help command as well * Get rid of flawed benchmark test; * Clean up unused vars * Typeguards for style points * Move typeguard * Better types * CHANGELOG * More type cleanup * No anys * Fixing getCommand * Bump timeout? * 20s is better * Removing extra timing code * format --------- Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com> * BREAKING: Enforce strict timeout validation for functions (#9540) * feat: enforce strict timeout validation for functions * nit: run formatter * docs: add changelog entry for timeout validation * refactor: optimize timeout validation logic * nit: add "breaking" prefix in changelog. * bug: remove redundant timeout validation. * feat: remove obsolete parseTriggers fallback (#9521) * feat: remove obsolete parseTriggers fallback * nit: clean up conditional paths * feat(dataconnect): Update dataconnect:* commands to use flags for --service & --location (#9312) * Update Firestore Emulator to v1.20.2 (#9565) * Bump FS emulator version to 1.20.2 * Update CHANGELOG.md Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --------- Co-authored-by: Joe Hanley <joehanley@google.com> Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> * Fix test broken by merge conflict * format * Update version in server.json * Performance improvements and new billing info for get_environment * Implement a `firebase init dataconnect:resolver` command. (#9493) * Implement a `firebase init dataconnect:schema` command. * Gate behind experiment flag and a few other fixes. * Add unit tests. * Fix unit tests. * Rename command to `firebase init dataconnect:resolver`. * Commit missed file. * Fix default location in Cloud Run URL. * Don't prompt for Cloud Run URL. * Remove no-op line. * Gate command at init level. * [VS Code] Fix rendering of generate query code lens (#9588) * fix test * Fix usage in mocks too * Fix package-lock.json * Fix missing auth:import and appdistribution:testers:remove commands (#9590) * Fix missing auth:import and appdistribution:testers:remove commands * Update CHANGELOG.md Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --------- Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> * lint * Dont pass undefined to getCommand (#9596) * Fix --help (#9597) * Fix --help * handle firebase --help * bump fdc emulator to v3 (#9602) * FDC V3 * FDC V3 * merging --------- Co-authored-by: oleina <oleina@google.com> Co-authored-by: Joe Hanley <joehanley@google.com> * lint * Merging * Get rid of uneeded intermediate variable * Fix new test conflict * Addressing flaky tests --------- Co-authored-by: Fred Zhang <fredzqm@google.com> Co-authored-by: Jamie Rothfeder <jamie.rothfeder@gmail.com> Co-authored-by: Jamie Rothfeder <rothbutter@google.com> Co-authored-by: Yuchen Shi <yuchenshi@google.com> Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com> Co-authored-by: Daniel Lee <danielylee@google.com> Co-authored-by: harshyyy21 <harshoza24@gmail.com> Co-authored-by: Thomas Bouldin <inlined@users.noreply.github.com> Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Co-authored-by: Rosalyn Tan <rosalyntan@google.com> Co-authored-by: Anthony Oleinik <48811365+antholeole@users.noreply.github.com> Co-authored-by: oleina <oleina@google.com>
andrewbrook
pushed a commit
that referenced
this pull request
Dec 16, 2025
* Update next to match master (#9313) * Remove overrides that diverge the test configuration from the build configuration. (#9300) Co-authored-by: Jamie Rothfeder <rothbutter@google.com> * Fix misleading typing for options.json. (#9275) * feat(dataconnect): Add confirmation for Gemini schema generation (#9282) * feat(dataconnect): add confirmation for Gemini schema generation Instead of directly asking for an app description to generate a schema with Gemini, this change first asks the user to confirm if they want to use Gemini. If the user confirms, it then prompts for the app description with a default value of "an app for ${setup.projectId}". * prompts * changelog * m * feedback * typo * metrics * Update index.ts --------- Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com> --------- Co-authored-by: Jamie Rothfeder <jamie.rothfeder@gmail.com> Co-authored-by: Jamie Rothfeder <rothbutter@google.com> Co-authored-by: Yuchen Shi <yuchenshi@google.com> Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com> * BREAKING: clean up monkey patching in functions emulator runtime (#9402) 1. Removed `functions.config()` Polyfill Removed initializeRuntimeConfig() from `src/emulator/functionsEmulatorRuntime.ts`. This function manually read `.runtimeconfig.json` and set `CLOUD_RUNTIME_CONFIG` env var to polyfill the logic for old clients of the Functions SDK. Functions SDK has included this feature for more than 5+ years now. 2. Removed Callable Auth Monkey Patches Removed wrapCallableHandler from src/emulator/functionsEmulatorRuntime.ts. that handled manual auth header swapping logic in src/emulator/functionsEmulator.ts. We now rely on the SDK's built-in skipTokenVerification feature shipped since 3.16.0. 3. Bumped Minimum SDK Version Increased minimum required firebase-functions version from 3.15.1 to 3.16.0 (launched 4+ years ago) in `src/emulator/functionsEmulatorRuntime.ts`. This ensures users have an SDK that supports skipTokenVerification and likely handles .runtimeconfig.json loading correctly in emulation. * BREAKING: hide functions:config:* commands by default (#9340) We'll gate all mutating functions:config:* commands behind the new `legacyRuntimeConfigCommands` experiment. We'll keep functions:config:{get,export} available for inspection. Includes some minor refactoring to align deprecation message across all surfaces. ```shell $ firebase functions:config:set FOO=bar Error: DEPRECATION NOTICE: Action required before March 2026 The functions.config() API and the Cloud Runtime Config service are deprecated. Deploys that rely on functions.config() will fail once Runtime Config shuts down in March 2026. The legacy functions:config:* CLI commands are deprecated and will be removed before March 2026. Migrate configuration to the Firebase Functions params APIs: import { defineJsonSecret } from "firebase-functions/params"; const config = defineJsonSecret("RUNTIME_CONFIG"); exports.myFunction = functions .runWith({ secrets: [config] }) .https.onRequest((req, res) => { const apiKey = config.value().service.key; // ... }); To convert existing runtime config values, try the interactive migration command: firebase functions:config:export Learn more: https://firebase.google.com/docs/functions/config-env#migrate-config To run this legacy command temporarily, run the following command and try again: firebase experiments:enable legacyRuntimeConfigCommands ``` * BREAKING: Rewrite functions:config:export command (#9341) Target the new defineJsonSecret API as migration target for functions.config() usage. The new API is a simpler migration target for existing functions.config() use cases. Example flow: ```shell $ firebase functions:config:export i This command retrieves your Runtime Config values (accessed via functions.config()) and exports them as a Secret Manager secret. i Fetching your existing functions.config() from danielylee-90... ✔ Fetched your existing functions.config(). i Configuration to be exported: ⚠ This may contain sensitive data. Do not share this output. { <CONFIG> } ✔ What would you like to name the new secret for your configuration? RUNTIME_CONFIG ✔ Created new secret version projects/XXX/secrets/RUNTIME_CONFIG/versions/1 i To complete the migration, update your code: // Before: const functions = require('firebase-functions'); exports.myFunction = functions.https.onRequest((req, res) => { const apiKey = functions.config().service.key; // ... }); // After: const functions = require('firebase-functions'); const { defineJsonSecret } = require('firebase-functions/params'); const config = defineJsonSecret("RUNTIME_CONFIG"); exports.myFunction = functions .runWith({ secrets: [config] }) // Bind secret here .https.onRequest((req, res) => { const apiKey = config.value().service.key; // ... }); i Note: defineJsonSecret requires firebase-functions v6.6.0 or later. Update your package.json if needed. i Then deploy your functions: firebase deploy --only functions ``` * feat(firestore): return listBackupsResponse from firestore:backups:list --json (#9392) The `firestore:backups:list --json` command now returns the full `listBackupsResponse` object instead of just the `backups` array. This provides more information to the user, including a list of unreachable locations. * Break java (#9451) * error out java version below 21 * error out java version below 21 * error out java version below 21 * update formatting * Remove duplicate error message * Update CHANGELOG.md to include breaking change * update CI to java 21 * Add setup-java action to integration --------- Co-authored-by: Joe Hanley <joehanley@google.com> * Removing support for .bolt rules (#9339) * Removing support for .bolt rules * Changelog * Merging in master * Stop following symlinks when archiving directories (#9284) * Stop following symlinks when archiving directories * Update exfil PR (#9289) * Fix filter for symlinks * Fine. Preserve ordering at the cost of readability * Format * Progress on new approach * Remove unused tar path, fix up zip path to ignore symlinks, add test * More tests * Actually good for real this time ; --------- Co-authored-by: Thomas Bouldin <inlined@users.noreply.github.com> * Remove --open-sesame and --close-sesame (#9532) * Lazy load commands (#9519) * Refactor command loading to be lazy - Updated `src/commands/index.ts` to make `loadCommand` return a lazy runner that only `require`s and registers the command when executed or explicitly loaded. - Updated `src/index.ts` to handle lazy loading in the catch-all command handler by traversing the `client` object and loading the matching command before re-parsing arguments. - Updated `src/bin/cli.ts` to load all commands when no arguments are provided (global help), ensuring the help text is fully populated. - Added cycle detection to the `loadAll` logic to handle circular references in the `client` object. * Refactor command loading to be lazy - Updated `src/commands/index.ts` to make `loadCommand` return a lazy runner that only `require`s and registers the command when executed or explicitly loaded. - Updated `src/index.ts` to handle lazy loading in the catch-all command handler by traversing the `client` object and loading the matching command before re-parsing arguments. - Updated `src/bin/cli.ts` to load all commands when no arguments are provided (global help), ensuring the help text is fully populated. - Added cycle detection to the `loadAll` logic to handle circular references in the `client` object. - Added `scripts/benchmark_load.ts` to measure command load time. * Fix help command as well * Get rid of flawed benchmark test; * Clean up unused vars * Typeguards for style points * Move typeguard * Better types * CHANGELOG * More type cleanup * No anys * Fixing getCommand * Bump timeout? * 20s is better * Removing extra timing code * format --------- Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com> * BREAKING: Enforce strict timeout validation for functions (#9540) * feat: enforce strict timeout validation for functions * nit: run formatter * docs: add changelog entry for timeout validation * refactor: optimize timeout validation logic * nit: add "breaking" prefix in changelog. * bug: remove redundant timeout validation. * feat: remove obsolete parseTriggers fallback (#9521) * feat: remove obsolete parseTriggers fallback * nit: clean up conditional paths * feat(dataconnect): Update dataconnect:* commands to use flags for --service & --location (#9312) * Update Firestore Emulator to v1.20.2 (#9565) * Bump FS emulator version to 1.20.2 * Update CHANGELOG.md Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --------- Co-authored-by: Joe Hanley <joehanley@google.com> Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> * Fix test broken by merge conflict * format * Update version in server.json * Implement a `firebase init dataconnect:resolver` command. (#9493) * Implement a `firebase init dataconnect:schema` command. * Gate behind experiment flag and a few other fixes. * Add unit tests. * Fix unit tests. * Rename command to `firebase init dataconnect:resolver`. * Commit missed file. * Fix default location in Cloud Run URL. * Don't prompt for Cloud Run URL. * Remove no-op line. * Gate command at init level. * [VS Code] Fix rendering of generate query code lens (#9588) * Fix package-lock.json * Fix missing auth:import and appdistribution:testers:remove commands (#9590) * Fix missing auth:import and appdistribution:testers:remove commands * Update CHANGELOG.md Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --------- Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> * Dont pass undefined to getCommand (#9596) * Fix --help (#9597) * Fix --help * handle firebase --help * bump fdc emulator to v3 (#9602) * FDC V3 * FDC V3 * merging --------- Co-authored-by: oleina <oleina@google.com> Co-authored-by: Joe Hanley <joehanley@google.com> * lint --------- Co-authored-by: Fred Zhang <fredzqm@google.com> Co-authored-by: Jamie Rothfeder <jamie.rothfeder@gmail.com> Co-authored-by: Jamie Rothfeder <rothbutter@google.com> Co-authored-by: Yuchen Shi <yuchenshi@google.com> Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com> Co-authored-by: Daniel Lee <danielylee@google.com> Co-authored-by: harshyyy21 <harshoza24@gmail.com> Co-authored-by: Thomas Bouldin <inlined@users.noreply.github.com> Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Co-authored-by: Rosalyn Tan <rosalyntan@google.com> Co-authored-by: Anthony Oleinik <48811365+antholeole@users.noreply.github.com> Co-authored-by: oleina <oleina@google.com>
andrewbrook
pushed a commit
that referenced
this pull request
Dec 16, 2025
) * Update next to match master (#9313) * Remove overrides that diverge the test configuration from the build configuration. (#9300) Co-authored-by: Jamie Rothfeder <rothbutter@google.com> * Fix misleading typing for options.json. (#9275) * feat(dataconnect): Add confirmation for Gemini schema generation (#9282) * feat(dataconnect): add confirmation for Gemini schema generation Instead of directly asking for an app description to generate a schema with Gemini, this change first asks the user to confirm if they want to use Gemini. If the user confirms, it then prompts for the app description with a default value of "an app for ${setup.projectId}". * prompts * changelog * m * feedback * typo * metrics * Update index.ts --------- Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com> --------- Co-authored-by: Jamie Rothfeder <jamie.rothfeder@gmail.com> Co-authored-by: Jamie Rothfeder <rothbutter@google.com> Co-authored-by: Yuchen Shi <yuchenshi@google.com> Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com> * BREAKING: clean up monkey patching in functions emulator runtime (#9402) 1. Removed `functions.config()` Polyfill Removed initializeRuntimeConfig() from `src/emulator/functionsEmulatorRuntime.ts`. This function manually read `.runtimeconfig.json` and set `CLOUD_RUNTIME_CONFIG` env var to polyfill the logic for old clients of the Functions SDK. Functions SDK has included this feature for more than 5+ years now. 2. Removed Callable Auth Monkey Patches Removed wrapCallableHandler from src/emulator/functionsEmulatorRuntime.ts. that handled manual auth header swapping logic in src/emulator/functionsEmulator.ts. We now rely on the SDK's built-in skipTokenVerification feature shipped since 3.16.0. 3. Bumped Minimum SDK Version Increased minimum required firebase-functions version from 3.15.1 to 3.16.0 (launched 4+ years ago) in `src/emulator/functionsEmulatorRuntime.ts`. This ensures users have an SDK that supports skipTokenVerification and likely handles .runtimeconfig.json loading correctly in emulation. * BREAKING: hide functions:config:* commands by default (#9340) We'll gate all mutating functions:config:* commands behind the new `legacyRuntimeConfigCommands` experiment. We'll keep functions:config:{get,export} available for inspection. Includes some minor refactoring to align deprecation message across all surfaces. ```shell $ firebase functions:config:set FOO=bar Error: DEPRECATION NOTICE: Action required before March 2026 The functions.config() API and the Cloud Runtime Config service are deprecated. Deploys that rely on functions.config() will fail once Runtime Config shuts down in March 2026. The legacy functions:config:* CLI commands are deprecated and will be removed before March 2026. Migrate configuration to the Firebase Functions params APIs: import { defineJsonSecret } from "firebase-functions/params"; const config = defineJsonSecret("RUNTIME_CONFIG"); exports.myFunction = functions .runWith({ secrets: [config] }) .https.onRequest((req, res) => { const apiKey = config.value().service.key; // ... }); To convert existing runtime config values, try the interactive migration command: firebase functions:config:export Learn more: https://firebase.google.com/docs/functions/config-env#migrate-config To run this legacy command temporarily, run the following command and try again: firebase experiments:enable legacyRuntimeConfigCommands ``` * BREAKING: Rewrite functions:config:export command (#9341) Target the new defineJsonSecret API as migration target for functions.config() usage. The new API is a simpler migration target for existing functions.config() use cases. Example flow: ```shell $ firebase functions:config:export i This command retrieves your Runtime Config values (accessed via functions.config()) and exports them as a Secret Manager secret. i Fetching your existing functions.config() from danielylee-90... ✔ Fetched your existing functions.config(). i Configuration to be exported: ⚠ This may contain sensitive data. Do not share this output. { <CONFIG> } ✔ What would you like to name the new secret for your configuration? RUNTIME_CONFIG ✔ Created new secret version projects/XXX/secrets/RUNTIME_CONFIG/versions/1 i To complete the migration, update your code: // Before: const functions = require('firebase-functions'); exports.myFunction = functions.https.onRequest((req, res) => { const apiKey = functions.config().service.key; // ... }); // After: const functions = require('firebase-functions'); const { defineJsonSecret } = require('firebase-functions/params'); const config = defineJsonSecret("RUNTIME_CONFIG"); exports.myFunction = functions .runWith({ secrets: [config] }) // Bind secret here .https.onRequest((req, res) => { const apiKey = config.value().service.key; // ... }); i Note: defineJsonSecret requires firebase-functions v6.6.0 or later. Update your package.json if needed. i Then deploy your functions: firebase deploy --only functions ``` * feat(firestore): return listBackupsResponse from firestore:backups:list --json (#9392) The `firestore:backups:list --json` command now returns the full `listBackupsResponse` object instead of just the `backups` array. This provides more information to the user, including a list of unreachable locations. * Break java (#9451) * error out java version below 21 * error out java version below 21 * error out java version below 21 * update formatting * Remove duplicate error message * Update CHANGELOG.md to include breaking change * update CI to java 21 * Add setup-java action to integration --------- Co-authored-by: Joe Hanley <joehanley@google.com> * Removing support for .bolt rules (#9339) * Removing support for .bolt rules * Changelog * Merging in master * Stop following symlinks when archiving directories (#9284) * Stop following symlinks when archiving directories * Update exfil PR (#9289) * Fix filter for symlinks * Fine. Preserve ordering at the cost of readability * Format * Progress on new approach * Remove unused tar path, fix up zip path to ignore symlinks, add test * More tests * Actually good for real this time ; --------- Co-authored-by: Thomas Bouldin <inlined@users.noreply.github.com> * Remove --open-sesame and --close-sesame (#9532) * Lazy load commands (#9519) * Refactor command loading to be lazy - Updated `src/commands/index.ts` to make `loadCommand` return a lazy runner that only `require`s and registers the command when executed or explicitly loaded. - Updated `src/index.ts` to handle lazy loading in the catch-all command handler by traversing the `client` object and loading the matching command before re-parsing arguments. - Updated `src/bin/cli.ts` to load all commands when no arguments are provided (global help), ensuring the help text is fully populated. - Added cycle detection to the `loadAll` logic to handle circular references in the `client` object. * Refactor command loading to be lazy - Updated `src/commands/index.ts` to make `loadCommand` return a lazy runner that only `require`s and registers the command when executed or explicitly loaded. - Updated `src/index.ts` to handle lazy loading in the catch-all command handler by traversing the `client` object and loading the matching command before re-parsing arguments. - Updated `src/bin/cli.ts` to load all commands when no arguments are provided (global help), ensuring the help text is fully populated. - Added cycle detection to the `loadAll` logic to handle circular references in the `client` object. - Added `scripts/benchmark_load.ts` to measure command load time. * Fix help command as well * Get rid of flawed benchmark test; * Clean up unused vars * Typeguards for style points * Move typeguard * Better types * CHANGELOG * More type cleanup * No anys * Fixing getCommand * Bump timeout? * 20s is better * Removing extra timing code * format --------- Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com> * BREAKING: Enforce strict timeout validation for functions (#9540) * feat: enforce strict timeout validation for functions * nit: run formatter * docs: add changelog entry for timeout validation * refactor: optimize timeout validation logic * nit: add "breaking" prefix in changelog. * bug: remove redundant timeout validation. * feat: remove obsolete parseTriggers fallback (#9521) * feat: remove obsolete parseTriggers fallback * nit: clean up conditional paths * feat(dataconnect): Update dataconnect:* commands to use flags for --service & --location (#9312) * Update Firestore Emulator to v1.20.2 (#9565) * Bump FS emulator version to 1.20.2 * Update CHANGELOG.md Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --------- Co-authored-by: Joe Hanley <joehanley@google.com> Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> * Fix test broken by merge conflict * format * Update version in server.json * Performance improvements and new billing info for get_environment * Implement a `firebase init dataconnect:resolver` command. (#9493) * Implement a `firebase init dataconnect:schema` command. * Gate behind experiment flag and a few other fixes. * Add unit tests. * Fix unit tests. * Rename command to `firebase init dataconnect:resolver`. * Commit missed file. * Fix default location in Cloud Run URL. * Don't prompt for Cloud Run URL. * Remove no-op line. * Gate command at init level. * [VS Code] Fix rendering of generate query code lens (#9588) * fix test * Fix usage in mocks too * Fix package-lock.json * Fix missing auth:import and appdistribution:testers:remove commands (#9590) * Fix missing auth:import and appdistribution:testers:remove commands * Update CHANGELOG.md Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --------- Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> * lint * Dont pass undefined to getCommand (#9596) * Fix --help (#9597) * Fix --help * handle firebase --help * bump fdc emulator to v3 (#9602) * FDC V3 * FDC V3 * merging --------- Co-authored-by: oleina <oleina@google.com> Co-authored-by: Joe Hanley <joehanley@google.com> * lint * Merging * Get rid of uneeded intermediate variable * Fix new test conflict * Addressing flaky tests --------- Co-authored-by: Fred Zhang <fredzqm@google.com> Co-authored-by: Jamie Rothfeder <jamie.rothfeder@gmail.com> Co-authored-by: Jamie Rothfeder <rothbutter@google.com> Co-authored-by: Yuchen Shi <yuchenshi@google.com> Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com> Co-authored-by: Daniel Lee <danielylee@google.com> Co-authored-by: harshyyy21 <harshoza24@gmail.com> Co-authored-by: Thomas Bouldin <inlined@users.noreply.github.com> Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Co-authored-by: Rosalyn Tan <rosalyntan@google.com> Co-authored-by: Anthony Oleinik <48811365+antholeole@users.noreply.github.com> Co-authored-by: oleina <oleina@google.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
For security reasons, we should stop following symlinks when archiving directories. Considering whether this needs to be a breaking change and part of the next major release.