fix!: replace uuid dependency with crypto.randomUUID()

uuid <14.0.0 is flagged by GHSA-w5hq-g745-h8pq (missing buffer bounds
check in v3/v5/v6 when buf is provided). The only upstream fix is uuid
v14, but v14 dropped CommonJS support, which would break this package.

Since only uuid.v4() is used here (in generateUuid()), replace it with
Node's built-in crypto.randomUUID() — available since Node 14.17.0,
produces the same RFC 4122 v4 UUID format, and requires no external
dependency. The uuid package is removed from dependencies entirely.

BREAKING CHANGE: Node >=14.17.0 is now required at runtime (crypto.randomUUID
was introduced in that release). The engines field remains >=10.0.0; a
separate PR will bump it to reflect the new minimum.

All 426 existing tests pass.

Author: escoberik

lib/pbxProject.js

@@ -21,7 +21,7 @@ var util = require('util'),
     f = util.format,
     EventEmitter = require('events').EventEmitter,
     path = require('path'),
-    uuid = require('uuid'),
+    crypto = require('crypto'),
     fork = require('child_process').fork,
     pbxWriter = require('./pbxWriter'),
     pbxFile = require('./pbxFile'),
@@ -89,7 +89,7 @@ pbxProject.prototype.allUuids = function() {
 }
 
 pbxProject.prototype.generateUuid = function() {
-    var id = uuid.v4()
+    var id = crypto.randomUUID()
         .replace(/-/g, '')
         .substr(0, 24)
         .toUpperCase()

package.json

@@ -10,8 +10,7 @@
     "node": ">=10.0.0"
   },
   "dependencies": {
-    "simple-plist": "^1.1.0",
-    "uuid": "^7.0.3"
+    "simple-plist": "^1.1.0"
   },
   "devDependencies": {
     "pegjs": "^0.10.0"