Update node-forge to fix CVE-2025-66031

[moosthuizen42]

[READ] Step 1: Are you in the right place?

• For issues related to the code in this repository file a Github issue.
• If the issue pertains to Cloud Firestore, read the instructions in the "Firestore issue" template.
• For general technical questions, post a question on StackOverflow with the firebase tag.
• For general Firebase discussion, use the firebase-talk google group.
• For help troubleshooting your application that does not fall under one of the above categories, reach out to the personalized Firebase support channel.

[REQUIRED] Step 2: Describe your environment

• Operating System version: node:24.10-bookworm
• Firebase SDK version: 13.2.0
• Firebase Product: auth
• Node.js version: 24.10.0
• NPM version: 11.6.1

[REQUIRED] Step 3: Describe the problem

See:

• https://github.com/advisories/GHSA-554w-wpv2-vw27
• https://www.tenable.com/cve/CVE-2025-66031

Steps to reproduce:

• Add [email protected] to a project as a dependency
• Run npm audit
• Receive the following warning:

# npm audit report

node-forge  <=1.3.1
Severity: high
node-forge has ASN.1 Unbounded Recursion - https://github.com/advisories/GHSA-554w-wpv2-vw27
node-forge is vulnerable to ASN.1 OID Integer Truncation - https://github.com/advisories/GHSA-65ch-62r8-g69g
node-forge has an Interpretation Conflict vulnerability via its ASN.1 Validator Desynchronization - https://github.com/advisories/GHSA-5gfm-wpxj-wjgq
fix available via `npm audit fix`
node_modules/node-forge