[Snyk] Security upgrade @angular/fire from 7.5.0 to 7.6.1

[RayG-XD]

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• package.json
• package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Regular Expression Denial of Service (ReDoS) SNYK-JS-AJV-15274295	803

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

---

Summary by cubic

Upgraded @angular/fire to 7.6.1 to address a high-severity ReDoS vulnerability in ajv flagged by Snyk. No app code changes required; Angular v14 remains supported.

• Dependencies
  • Bump @angular/fire from 7.5.0 to 7.6.1 (package.json and lockfile).
  • Fixes SNYK-JS-AJV-15274295 (ReDoS) via dependency updates.
  • Removes transitive file-loader and widens peer ranges (adds Angular 16, newer firebase-tools); no breaking changes expected.

^{Written for commit b453e01. Summary will update on new commits.}

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
clips	Ready	Preview, Comment	Feb 16, 2026 3:31pm

[coderabbitai]

Important

Review skipped

Ignore keyword(s) in the title.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

Warning

.coderabbit.yaml has a parsing error

The CodeRabbit configuration file in this repository has a parsing error and default settings were used instead. Please fix the error(s) in the configuration file. You can initialize chat with CodeRabbit to get help with the configuration file.

💥 Parsing errors (1)

duplicated mapping key in ".coderabbit.yaml" (28:1)

 25 | 
 26 | knowledge_base:
 27 | code_guidelines:
 28 | enabled: true
------^
 29 | filePatterns:
 30 |   - "**/.cursorrules"

⚙️ Configuration instructions

• Please see the configuration documentation for more information.
• You can also validate your configuration using the online YAML validator.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch snyk-fix-176093204a920a9780191c15d65fde88

Tip

Issue Planner is now in beta. Read the docs and try it out! Share your feedback on Discord.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Summary of Changes

Hello @RayG-XD, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request performs a critical security upgrade by updating the @angular/fire package to its latest version, 7.6.1. This update is essential to mitigate a high-severity Regular Expression Denial of Service (ReDoS) vulnerability identified by Snyk. The changes primarily involve updating dependency versions and their corresponding lock file entries, ensuring the project remains secure and compatible with updated Angular and Firebase tooling.

Highlights

• Security Upgrade: Upgraded the @angular/fire dependency from version 7.5.0 to 7.6.1 to address a high-severity Regular Expression Denial of Service (ReDoS) vulnerability (SNYK-JS-AJV-15274295).
• Dependency Management: The package.json and package-lock.json files were updated to reflect the new dependency version and associated changes in the dependency tree, including the removal of file-loader and its sub-dependencies.
• Peer Dependency Updates: Adjusted peer dependency ranges for Angular core packages and firebase-tools within @angular/fire to support newer versions, including Angular 16 and Firebase Tools 12.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• package-lock.json
  • Updated @angular/fire from 7.5.0 to 7.6.1, including its resolved URL, integrity hash, and added license: "MIT" entry.
  • Extended peer dependency ranges for @angular/common, @angular/core, @angular/platform-browser, @angular/platform-browser-dynamic to include ^16.0.0.
  • Extended peer dependency range for firebase-tools to include ^12.0.0.
  • Removed file-loader and its associated sub-dependencies (ajv, ajv-keywords, json-schema-traverse, loader-utils, schema-utils) from the dependency tree.
  • Added "dev": true flag to numerous development-related dependencies, clarifying their scope.
• package.json
  • Updated the @angular/fire dependency version from ^7.1.0 to ^7.6.1.

Activity

• This pull request was automatically created by Snyk to address identified vulnerabilities.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request, automatically generated by Snyk, upgrades the @angular/fire package from version 7.5.0 to 7.6.1. This addresses a Regular Expression Denial of Service (ReDoS) vulnerability (SNYK-JS-AJV-15274295) found in a transitive dependency. The changes in package.json and package-lock.json correctly reflect this upgrade. The vulnerability is resolved as the new version of @angular/fire no longer includes the vulnerable package in its dependency tree. The changes appear correct and safe to merge.

[cubic-dev-ai]

No issues found across 2 files