Fix high vulnerabilities

[ClementVanPeuter]

We have many high severity vulnerabilities.
I try to fix them with updates of the relevant packages.
The relevant packages are related to the Firebase solution, like firebase-admin and Firestore client.

But these upgrades introduced breaking change:
See here and here

[hgwood]

Here's the list of breaking changes:

• from upgrading from firebase-admin v6 to v7:

  • app must be compatible with Firestore client v1 (aka nodejs-firestore see below) ✅

• from upgrading nodejs-firestore from v0 to v1

  • app must not expect Dates out of Firestore queries ✅ functions are globally configured to receive timestamps from queries (see here)

• from upgrading from firebase-admin v7 to v8:

  • app must run on Node.js 8: ✅ we are already running on this version, as set in functions/package.json, see here and here
  • app must be compatible with Firestore client v2 (aka nodejs-firestore see below) ✅

• from upgrading nodejs-firestore from v1 to v2

  • app must not use array arguments ✅ app does not call getAll or new FieldPath, see here for details of breaking change
  • app must not use getCollections ✅

[hgwood]

Conclusion: upgrading to firebase-admin v8 should be safe. See #99.