Merge main into release

Author: google-oss-bot

.changeset/chilled-clocks-remember.md

@@ -0,0 +1,6 @@
+---
+"@firebase/database": patch
+'firebase': patch
+---
+
+Fix a potential for a negative offset when calculating last reconnect times. This could cause lengthy reconnect delays in some scenarios. Fixes #8718.

.changeset/config.json

@@ -10,7 +10,6 @@
   "baseBranch": "main",
   "updateInternalDependencies": "patch",
   "ignore": [
-    "firebase-namespace-integration-test",
     "firebase-firestore-integration-test",
     "firebase-messaging-integration-test",
     "firebase-compat-interop-test",

.changeset/kind-dingos-work.md

@@ -0,0 +1,6 @@
+---
+'@firebase/performance': minor
+'firebase': minor
+---
+
+Collect web vital metrics (INP,CLS,LCP) as part of page load event.

.changeset/kind-pets-sin.md

@@ -0,0 +1,15 @@
+---
+'@firebase/app': minor
+'firebase': minor
+'@firebase/data-connect': patch
+'@firebase/firestore': patch
+'@firebase/functions': patch
+'@firebase/database': patch
+'@firebase/vertexai': patch
+'@firebase/storage': patch
+'@firebase/auth': patch
+---
+
+`FirebaseServerApp` can now be initalized with an App Check token instead of invoking the App Check
+`getToken` method. This should unblock the use of App Check enforced products in SSR environments
+where the App Check SDK cannot be initialized.

.changeset/little-news-sniff.md

@@ -0,0 +1,6 @@
+---
+'@firebase/data-connect': minor
+'firebase': minor
+---
+
+Add custom request headers based on the type of SDK (JS/TS, React, Angular, etc) that's invoking Data Connect requests. This will help us understand how users interact with Data Connect when using the Web SDK.

.changeset/polite-lies-vanish.md

@@ -0,0 +1,7 @@
+---
+'firebase': minor
+'@firebase/auth-types': minor
+'@firebase/auth': minor
+---
+
+Added `ActionCodeSettings.linkDomain` to customize the Firebase Hosting link domain that is used in mobile out-of-band email action flows. Also, deprecated `ActionCodeSettings.dynamicLinkDomain`.

.changeset/spotty-trainers-lay.md

@@ -0,0 +1,6 @@
+---
+'@firebase/firestore': patch
+'firebase': patch
+---
+
+Fixed a server and sdk mismatch in unicode string sorting.

.changeset/yellow-rice-kneel.md

@@ -0,0 +1,5 @@
+---
+'@firebase/app': patch
+---
+
+Discard the earliest heartbeat once a limit of 30 heartbeats in storage has been hit.

.github/CODEOWNERS

@@ -51,9 +51,9 @@ packages/installations-compat @avolkovi @yoyomyo @firebase/jssdk-global-approver
 packages/installations-types @avolkovi @yoyomyo @firebase/jssdk-global-approvers
 
 # Performance Code
-packages/performance @jposuna @firebase/jssdk-global-approvers
-packages/performance-compat @jposuna @firebase/jssdk-global-approvers
-packages/performance-types @jposuna @firebase/jssdk-global-approvers
+packages/performance @visumickey @firebase/jssdk-global-approvers
+packages/performance-compat @visumickey @firebase/jssdk-global-approvers
+packages/performance-types @visumickey @firebase/jssdk-global-approvers
 
 # Analytics Code
 packages/analytics @hsubox76 @firebase/jssdk-global-approvers

.github/workflows/check-vertexai-responses.yml

@@ -19,36 +19,45 @@ on: pull_request
 jobs:
   check-version:
     runs-on: ubuntu-latest
+    # Allow GITHUB_TOKEN to have write permissions
+    permissions:
+      contents: write
+      pull-requests: write
     steps:
-    - uses: actions/checkout@v4
-    - name: Clone mock responses
-      run: scripts/update_vertexai_responses.sh
-    - name: Find cloned and latest versions
-      run: |
-        CLONED=$(git describe --tags)
-        LATEST=$(git tag --sort=v:refname | tail -n1)
-        echo "cloned_tag=$CLONED" >> $GITHUB_ENV
-        echo "latest_tag=$LATEST" >> $GITHUB_ENV
-      working-directory: packages/vertexai/test-utils/vertexai-sdk-test-data
-    - name: Find comment from previous run if exists
-      uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e
-      id: fc
-      with:
-        issue-number: ${{github.event.number}}
-        body-includes: Vertex AI Mock Responses Check
-    - name: Comment on PR if newer version is available
-      if: ${{env.cloned_tag != env.latest_tag && !steps.fc.outputs.comment-id}}
-      uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043
-      with:
-        issue-number: ${{github.event.number}}
-        body: >
-          ### Vertex AI Mock Responses Check :warning:
-          
-          A newer major version of the mock responses for Vertex AI unit tests is available.
-          [update_vertexai_responses.sh](https://github.com/firebase/firebase-js-sdk/blob/main/scripts/update_vertexai_responses.sh)
-          should be updated to clone the latest version of the responses: `${{env.latest_tag}}`
-    - name: Delete comment when version gets updated
-      if: ${{env.cloned_tag == env.latest_tag && steps.fc.outputs.comment-id}}
-      uses: detomarco/delete-comment@850734dd44d8b15fef55b45252613b903ceb06f0
-      with:
-        comment-id: ${{ steps.fc.outputs.comment-id }}
+      - uses: actions/checkout@v4
+      - name: Clone mock responses
+        run: scripts/update_vertexai_responses.sh
+      - name: Find cloned and latest versions
+        run: |
+          CLONED=$(git describe --tags)
+          LATEST=$(git tag --sort=v:refname | tail -n1)
+          echo "cloned_tag=$CLONED" >> $GITHUB_ENV
+          echo "latest_tag=$LATEST" >> $GITHUB_ENV
+        working-directory: packages/vertexai/test-utils/vertexai-sdk-test-data
+      - name: Find comment from previous run if exists
+        uses: peter-evans/find-comment@v3
+        id: fc
+        with:
+          issue-number: ${{github.event.number}}
+          body-includes: Vertex AI Mock Responses Check
+      - name: Comment on PR if newer version is available
+        if: ${{env.cloned_tag != env.latest_tag && !steps.fc.outputs.comment-id}}
+        uses: peter-evans/create-or-update-comment@v4
+        with:
+          issue-number: ${{github.event.number}}
+          body: >
+            ### Vertex AI Mock Responses Check :warning:
+
+            A newer major version of the mock responses for Vertex AI unit tests is available.
+            [update_vertexai_responses.sh](https://github.com/firebase/firebase-js-sdk/blob/main/scripts/update_vertexai_responses.sh)
+            should be updated to clone the latest version of the responses: `${{env.latest_tag}}`
+      - name: Delete comment when version gets updated
+        if: ${{env.cloned_tag == env.latest_tag && steps.fc.outputs.comment-id}}
+        uses: actions/github-script@v7
+        with:
+          script: |
+            github.rest.issues.deleteComment({
+                    owner: context.repo.owner,
+                    repo: context.repo.repo,
+                    comment_id: ${{ steps.fc.outputs.comment-id }},
+            })

.github/workflows/test-all.yml

@@ -23,8 +23,8 @@ env:
   # the behavior to use the new URLs.
   CHROMEDRIVER_CDNURL: https://googlechromelabs.github.io/
   CHROMEDRIVER_CDNBINARIESURL: https://storage.googleapis.com/chrome-for-testing-public
-  CHROME_VALIDATED_VERSION: linux-120.0.6099.71
-  CHROME_VERSION_MISMATCH_MESSAGE: "The Chrome version doesn't match the previously validated version. Consider updating CHROME_VALIDATED_VERSION in the GitHub workflow if tests pass."
+  CHROME_VALIDATED_VERSION: linux-132.0.6834.110
+  CHROME_VERSION_MISMATCH_MESSAGE: "The Chrome version doesn't match the previously validated version. Consider updating CHROME_VALIDATED_VERSION in the GitHub workflow if tests pass, or rollback the installed Chrome version if tests fail."
   artifactRetentionDays: 14
   # Bump Node memory limit
   NODE_OPTIONS: "--max_old_space_size=4096"
@@ -117,13 +117,9 @@ jobs:
         npx @puppeteer/browsers install chrome@stable
         chromeVersionString=$(ls chrome)
         if [ "$CHROME_VALIDATED_VERSION" != "$chromeVersionString" ]; then
-        echo "::warning ::The Chrome version doesn't match the previously validated version. Consider updating CHROME_VALIDATED_VERSION in the GitHub workflow if tests pass."
+        echo "::warning ::${CHROME_VERSION_MISMATCH_MESSAGE}"
         echo "::warning ::Previously validated version: ${CHROME_VALIDATED_VERSION} vs. Installed version: $chromeVersionString"
-        echo "CHROME_VERSION_NOTES=$CHROME_VERSION_MISMATCH_MESSAGE" >> "$GITHUB_ENV"
         fi
-    - name: Test Evn TEMP
-      run: |
-        echo $CHROME_VERSION_NOTES=$CHROME_VERSION_MISMATCH_MESSAGE
     - name: Download build archive
       uses: actions/download-artifact@v4
       with:

.github/workflows/test-changed-auth.yml

@@ -106,7 +106,7 @@ jobs:
         with:
           fetch-depth: 0
       - name: Set up Node (20)
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
           node-version: 22.10.0
       - name: Test setup and yarn install

.github/workflows/test-changed-firestore.yml

@@ -210,7 +210,7 @@ jobs:
       - name: Unzip build artifact
         run: tar xf build.tar.gz
       - name: Set up Node (20)
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
           node-version: 22.10.0
       - name: Test setup and yarn install
@@ -228,11 +228,11 @@ jobs:
     if: ${{ needs.build.outputs.changed == 'true'}}
     steps:
       - name: Set up Node (20)
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
           node-version: 22.10.0
       - name: Download build archive
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           name: build.tar.gz
       - name: Unzip build artifact
@@ -259,7 +259,7 @@ jobs:
     if: ${{ needs.build.outputs.changed == 'true'}}
     steps:
       - name: Download build archive
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           name: build.tar.gz
       - name: Unzip build artifact

.github/workflows/test-changed.yml

@@ -85,7 +85,7 @@ jobs:
         with:
           fetch-depth: 0
       - name: Set up Node (20)
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
           node-version: 22.10.0
       - name: Test setup and yarn install

.github/workflows/test-firebase-integration.yml

@@ -79,6 +79,7 @@ export interface FirebaseServerApp extends FirebaseApp {
 
 // @public
 export interface FirebaseServerAppSettings extends Omit<FirebaseAppSettings, 'name'> {
+    appCheckToken?: string;
     authIdToken?: string;
     releaseOnDeref?: object;
 }
@@ -115,7 +116,7 @@ export function initializeServerApp(options: FirebaseOptions | FirebaseApp, conf
 export function _isFirebaseApp(obj: FirebaseApp | FirebaseOptions): obj is FirebaseApp;
 
 // @internal (undocumented)
-export function _isFirebaseServerApp(obj: FirebaseApp | FirebaseServerApp): obj is FirebaseServerApp;
+export function _isFirebaseServerApp(obj: FirebaseApp | FirebaseServerApp | null | undefined): obj is FirebaseServerApp;
 
 // @public
 export function onLog(logCallback: LogCallback | null, options?: LogOptions): void;

common/api-review/app.api.md

@@ -40,11 +40,13 @@ export interface ActionCodeSettings {
         minimumVersion?: string;
         packageName: string;
     };
+    // @deprecated
     dynamicLinkDomain?: string;
     handleCodeInApp?: boolean;
     iOS?: {
         bundleId: string;
     };
+    linkDomain?: string;
     url: string;
 }
 
@@ -236,6 +238,7 @@ export const AuthErrorCodes: {
     readonly MISSING_RECAPTCHA_VERSION: "auth/missing-recaptcha-version";
     readonly INVALID_RECAPTCHA_VERSION: "auth/invalid-recaptcha-version";
     readonly INVALID_REQ_TYPE: "auth/invalid-req-type";
+    readonly INVALID_HOSTING_LINK_DOMAIN: "auth/invalid-hosting-link-domain";
 };
 
 // @public

common/api-review/auth.api.md

@@ -11,6 +11,19 @@ import { FirebaseError } from '@firebase/util';
 import { LogLevelString } from '@firebase/logger';
 import { Provider } from '@firebase/component';
 
+// @public
+export type CallerSdkType = 'Base' | 'Generated' | 'TanstackReactCore' | 'GeneratedReact' | 'TanstackAngularCore' | 'GeneratedAngular';
+
+// @public (undocumented)
+export const CallerSdkTypeEnum: {
+    readonly Base: "Base";
+    readonly Generated: "Generated";
+    readonly TanstackReactCore: "TanstackReactCore";
+    readonly GeneratedReact: "GeneratedReact";
+    readonly TanstackAngularCore: "TanstackAngularCore";
+    readonly GeneratedAngular: "GeneratedAngular";
+};
+
 // @public
 export function connectDataConnectEmulator(dc: DataConnect, host: string, port?: number, sslEnabled?: boolean): void;
 

common/api-review/data-connect.api.md

@@ -100,7 +100,7 @@
      *
      * DEFAULT VALUE: false
      */
-    // "skipLibCheck": true,
+    "skipLibCheck": true,
   },
 
   /**

config/api-extractor.json

@@ -54,8 +54,8 @@ const config = {
   // Doing 65 seconds to allow for the 20 second firestore tests
   browserNoActivityTimeout: 65000,
 
-  // preprocess matching files before serving them to the browser
-  // available preprocessors:
+  // Preprocess matching files before serving them to the browser.
+  // Available preprocessors:
   // https://npmjs.org/browse/keyword/karma-preprocessor
   preprocessors: {
     'test/**/*.ts': ['webpack', 'sourcemap'],

config/karma.base.js

@@ -23,16 +23,31 @@ export interface FirebaseServerAppSettings extends Omit<FirebaseAppSettings, 'na
 
 |  Property | Type | Description |
 |  --- | --- | --- |
-|  [authIdToken](./app.firebaseserverappsettings.md#firebaseserverappsettingsauthidtoken) | string | An optional Auth ID token used to resume a signed in user session from a client runtime environment.<!-- -->Invoking <code>getAuth</code> with a <code>FirebaseServerApp</code> configured with a validated <code>authIdToken</code> causes an automatic attempt to sign in the user that the <code>authIdToken</code> represents. The token needs to have been recently minted for this operation to succeed.<!-- -->If the token fails local verification, or if the Auth service has failed to validate it when the Auth SDK is initialized, then a warning is logged to the console and the Auth SDK will not sign in a user on initialization.<!-- -->If a user is successfully signed in, then the Auth instance's <code>onAuthStateChanged</code> callback is invoked with the <code>User</code> object as per standard Auth flows. However, <code>User</code> objects created via an <code>authIdToken</code> do not have a refresh token. Attempted <code>refreshToken</code> operations fail. |
+|  [appCheckToken](./app.firebaseserverappsettings.md#firebaseserverappsettingsappchecktoken) | string | An optional App Check token. If provided, the Firebase SDKs that use App Check will utilize this App Check token in place of requiring an instance of App Check to be initialized.<!-- -->If the token fails local verification due to expiration or parsing errors, then a console error is logged at the time of initialization of the <code>FirebaseServerApp</code> instance. |
+|  [authIdToken](./app.firebaseserverappsettings.md#firebaseserverappsettingsauthidtoken) | string | An optional Auth ID token used to resume a signed in user session from a client runtime environment.<!-- -->Invoking <code>getAuth</code> with a <code>FirebaseServerApp</code> configured with a validated <code>authIdToken</code> causes an automatic attempt to sign in the user that the <code>authIdToken</code> represents. The token needs to have been recently minted for this operation to succeed.<!-- -->If the token fails local verification due to expiration or parsing errors, then a console error is logged at the time of initialization of the <code>FirebaseServerApp</code> instance.<!-- -->If the Auth service has failed to validate the token when the Auth SDK is initialized, then an warning is logged to the console and the Auth SDK will not sign in a user on initialization.<!-- -->If a user is successfully signed in, then the Auth instance's <code>onAuthStateChanged</code> callback is invoked with the <code>User</code> object as per standard Auth flows. However, <code>User</code> objects created via an <code>authIdToken</code> do not have a refresh token. Attempted <code>refreshToken</code> operations fail. |
 |  [releaseOnDeref](./app.firebaseserverappsettings.md#firebaseserverappsettingsreleaseonderef) | object | An optional object. If provided, the Firebase SDK uses a <code>FinalizationRegistry</code> object to monitor the garbage collection status of the provided object. The Firebase SDK releases its reference on the <code>FirebaseServerApp</code> instance when the provided <code>releaseOnDeref</code> object is garbage collected.<!-- -->You can use this field to reduce memory management overhead for your application. If provided, an app running in a SSR pass does not need to perform <code>FirebaseServerApp</code> cleanup, so long as the reference object is deleted (by falling out of SSR scope, for instance.)<!-- -->If an object is not provided then the application must clean up the <code>FirebaseServerApp</code> instance by invoking <code>deleteApp</code>.<!-- -->If the application provides an object in this parameter, but the application is executed in a JavaScript engine that predates the support of <code>FinalizationRegistry</code> (introduced in node v14.6.0, for instance), then an error is thrown at <code>FirebaseServerApp</code> initialization. |
 
+## FirebaseServerAppSettings.appCheckToken
+
+An optional App Check token. If provided, the Firebase SDKs that use App Check will utilize this App Check token in place of requiring an instance of App Check to be initialized.
+
+If the token fails local verification due to expiration or parsing errors, then a console error is logged at the time of initialization of the `FirebaseServerApp` instance.
+
+<b>Signature:</b>
+
+```typescript
+appCheckToken?: string;
+```
+
 ## FirebaseServerAppSettings.authIdToken
 
 An optional Auth ID token used to resume a signed in user session from a client runtime environment.
 
 Invoking `getAuth` with a `FirebaseServerApp` configured with a validated `authIdToken` causes an automatic attempt to sign in the user that the `authIdToken` represents. The token needs to have been recently minted for this operation to succeed.
 
-If the token fails local verification, or if the Auth service has failed to validate it when the Auth SDK is initialized, then a warning is logged to the console and the Auth SDK will not sign in a user on initialization.
+If the token fails local verification due to expiration or parsing errors, then a console error is logged at the time of initialization of the `FirebaseServerApp` instance.
+
+If the Auth service has failed to validate the token when the Auth SDK is initialized, then an warning is logged to the console and the Auth SDK will not sign in a user on initialization.
 
 If a user is successfully signed in, then the Auth instance's `onAuthStateChanged` callback is invoked with the `User` object as per standard Auth flows. However, `User` objects created via an `authIdToken` do not have a refresh token. Attempted `refreshToken` operations fail.