chore(deps): bump tar, @angular/fire, @angular/cli and firebase-tools in /frontend

[dependabot]

Bumps tar to 7.5.9 and updates ancestor dependencies tar, @angular/fire, @angular/cli and firebase-tools. These dependencies need to be updated together.

Updates tar from 7.5.2 to 7.5.9

Commits

• 1f0c2c9 7.5.9
• fbb0851 build minified version as default export
• 6b8eba0 7.5.8
• 2cb1120 fix(unpack): improve UnpackSync symlink error "into" path accuracy
• d18e4e1 fix: do not write linkpaths through symlinks
• 4a37eb9 7.5.7
• f4a7aa9 fix: properly sanitize hard links containing ..
• 394ece6 7.5.6
• 7d4cc17 fix race puting a Link ahead of its target File
• 26ab904 7.5.5
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by isaacs, a new releaser for tar since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Updates @angular/fire from 18.0.1 to 20.0.1

Release notes

Sourced from @​angular/fire's releases.

20.0.1

What's Changed

• fix: Avoid handling promise rejections twice in stability helper by @​atscott in angular/angularfire#3657

New Contributors

• @​atscott made their first contribution in angular/angularfire#3657

Full Changelog: angular/angularfire@20.0.0...20.0.1

20.0.0

What's Changed

• Peer on Angular v20
• Peer on firebase-tools v14

Full Changelog: angular/angularfire@19.2.0...20.0.0

20.0.0-rc.0

What's Changed

• Peer on Angular v20
• Peer on firebase-tools v14

Full Changelog: angular/angularfire@19.2.0...20.0.0-rc.0

19.2.0

What's Changed

• Add @angular/fire/ai entry for Firebase AI by @​nohe427 in angular/angularfire#3650

New Contributors

• @​nohe427 made their first contribution in angular/angularfire#3650

Full Changelog: angular/angularfire@19.1.0...19.2.0

19.1.0

What's Changed

• Added data connect to schematics by @​maneesht in angular/angularfire#3638

New Contributors

• @​maneesht made their first contribution in angular/angularfire#3638

Full Changelog: angular/angularfire@19.0.0...19.1.0

19.0.0

What's Changed

• Single sample application—demonstrating the modular SDK in a Zoneless SSR application with code-splitting on @defer
• Now logging zone warnings about instability when using AngularFire outside of an injection context
• Added docs on application instability
• Bumped Angular, Firebase, and other dependencies
• Now bundling CLI dependencies

Added

... (truncated)

Commits

• eb99d8e fix: Avoid handling promise rejections twice in stability helper (#3657)
• c1c6af9 Preparing v20 release (#3655)
• 61fde1b 19.2.0 release (#3651)
• 20bee94 Add AI package (#3650)
• ec4e3bd Bump action, bump minor (#3644)
• da4d2d1 Added data connect to schematics (#3638)
• 35e0a98 zone log verbosity (#3613)
• 8ce95bf Zone docs and switch to warnings (#3608)
• e567618 fix(compat): correct injectors to fix issue with compat API on v19 (#3595)
• bc926a8 Single n19 sample (#3591)
• Additional commits viewable in compare view

Updates @angular/cli from 20.3.8 to 20.3.16

Release notes

Sourced from @​angular/cli's releases.

20.3.16

@​angular/cli

Commit	Description
	update dependency @​modelcontextprotocol/sdk to v1.26.0

20.3.15

@​angular/cli

Commit	Description
	update pacote to v21.0.4

@​angular-devkit/build-angular

Commit	Description
	update webpack to version 5.104.1

20.3.14

@​angular/cli

Commit	Description
	update dependency @​modelcontextprotocol/sdk to v1.25.2

20.3.13

@​angular/cli

Commit	Description
	update @modelcontextprotocol/sdk to v1.24.0

20.3.12

@​angular/build

Commit	Description
	ensure correct URL joining for prerender routes

@​angular/ssr

Commit	Description
	handle X-Forwarded-Prefix and APP_BASE_HREF in redirects
	prevent redirect loop with encoded query parameters

20.3.11

@​angular/build

Commit	Description
	ensure ɵgetOrCreateAngularServerApp is always defined after errors

20.3.10

@​schematics/angular

Commit	Description
	correct tsconfig.spec.json include for spec files

... (truncated)

Changelog

Sourced from @​angular/cli's changelog.

20.3.16 (2026-02-09)

@​angular/cli

Commit	Type	Description
656888a25	fix	update dependency @​modelcontextprotocol/sdk to v1.26.0

21.2.0-next.1 (2026-02-05)

@​angular/cli

Commit	Type	Description
91b9d281f	feat	integrate file formatting into update migrations
6f29a8c35	fix	renamed files by their new path in the schematic workflow
bc363af8b	perf	optimize package manager discovery with stat-based probing

@​schematics/angular

Commit	Type	Description
5d1df50d8	fix	add actionable feedback to vitest-browser schematic
51fc77828	fix	warn when production configuration is missing for service worker

@​angular/build

Commit	Type	Description
ece30f235	feat	add headless option to unit-test builder
1f114a9e8	fix	bundle setup files in unit-test builder for Vitest

21.1.3 (2026-02-05)

@​schematics/angular

Commit	Type	Description
a18196a10	fix	warn when production configuration is missing for service worker

@​angular-devkit/build-angular

... (truncated)

Commits

• 750f037 release: cut the v20.3.16 release
• 0f02aca build: update webpack to v5.105.0
• 656888a fix(@​angular/cli): update dependency @​modelcontextprotocol/sdk to v1.26.0
• 279b1ad release: cut the v20.3.15 release
• 795d654 fix(@​angular/cli): update pacote to v21.0.4
• ffc72cb fix(@​angular-devkit/build-angular): update webpack to version 5.104.1
• 4963d9c release: cut the v20.3.14 release
• ff36649 fix(@​angular/cli): update dependency @​modelcontextprotocol/sdk to v1.25.2
• 66140c8 ci: force ipv4 resolutions first in Node.js
• 948869d release: cut the v20.3.13 release
• Additional commits viewable in compare view

Updates firebase-tools from 13.35.1 to 15.6.0

Release notes

Sourced from firebase-tools's releases.

v15.6.0

• Added support for enabling Firebase Authentication providers via firebase deploy. You can configure providers in firebase.json like so:

{
  "auth": {
    "providers": {
      "anonymous": true,
      "emailPassword": true,
      "googleSignIn": {
        "oAuthBrandDisplayName": "My App",
        "supportEmail": "support@myapp.com"
      }
    }
  }
}

• Added initial zip deploy support in functions deploy for HTTP functions (#9707)
• Fixes an issue where Python was missing from the firebase-tools Docker image (#9855).
• Fixes billing information check to use user's project quota (#9879).
• Updated the Firebase Data Connect local toolkit to v3.1.2, which contains the following changes: (#9882)
  • Improved insecure operation warning messages and reduced the severity of existing insecure operation warnings to LOG_ONLY.
  • Updated the Golang dependency version from 1.24.4 to 1.24.12.
• Fixes issue where auth emulator multi-tenant mode exports/imports only users tied to the default tenant (#5623)
• Updated Pub/Sub emulator to version 0.8.27.
• Updated the Data Connect emulator to v3.1.3, which enables the native SQL feature.

v15.5.1

• Fixes issues with calls to serviceusage (#9844)

v15.5.0

• Added firebase dataconnect:compile command.
• Loads experiments earlier in CLI startup so they can be used earlier. (#9797)
• Fixed issue where AuthBlockingEvent had invalid format for metadata.creationTime and metadata.lastSignInTime. (#8109)
• Fixed issue where Storage security rules is overwritten when running firebase init storage. (#8170)
• Add support for firestoreDataAccessMode, mongodbCompatibleDataAccessMode, and the realtimeUpdatesMode flags for Firestore Database creation (#9817)
• Updated to v3.1.1 of the Data Connect emulator which includes fixes and internal improvements. (#9835)

v15.4.0

• Fix the bug when Data Connect emulator hangs with PGlite. (#9756, #9771)
• Updated to v3.1.0 of the Data Connect emulator, which adds support for using distinct: true in combination with orderBy, and other internal improvements (#9778).

v15.3.1

• Renamed MCP prompts /firestore:generate_rules to /firestore:generate_security_rules and /storage:generate_rules to /storage:generate_security_rules.

v15.3.0

• Fixed pricing calculation for Cloud Functions deployed to newer regions (africa-south1, europe-west8, me-west1, and others) when using minInstances. (#9696)
• Removed MCP tools and prompts that required Gemini in Firebase terms of service.

... (truncated)

Commits

• b7b7eff 15.6.0
• 1be6b05 Update NPM in builder image as well (#9915)
• 6e07a5d More debugging of release script (#9913)
• 50686da Debugging release script (#9912)
• 28e5887 Update dataconnect emulator to version 3.1.3
• 75b688c Adding support for enabling auth providers via firebase deploy (#9694)
• a84faf1 Updating pubsub emulator to 0.8.27, and add an agent skill for the task (#9902)
• 26b7b83 Prompt to delete unreferenced secondary schemas (#9906)
• 3a18ec0 Remove reference of legacy GiF (#9907)
• a153d34 Skip flaky tests (#9904)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.