Skip to content

chore(deps): bump uuid from 8.3.2 to 14.0.0 in /frontend#5804

Merged
aglinxinyuan merged 5 commits into
mainfrom
dependabot/npm_and_yarn/frontend/uuid-14.0.0
Jun 20, 2026
Merged

chore(deps): bump uuid from 8.3.2 to 14.0.0 in /frontend#5804
aglinxinyuan merged 5 commits into
mainfrom
dependabot/npm_and_yarn/frontend/uuid-14.0.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 19, 2026

Copy link
Copy Markdown
Contributor

Bumps uuid from 8.3.2 to 14.0.0.

Release notes

Sourced from uuid's releases.

v14.0.0

14.0.0 (2026-04-19)

⚠ BREAKING CHANGES

  • expect crypto to be global everywhere (requires node@20+) (#935)
  • drop node@18 support (#934)

Features

Bug Fixes

  • expect crypto to be global everywhere (requires node@20+) (#935) (f2c235f)
  • Use GITHUB_TOKEN for release-please and enable npm provenance (#925) (ffa3138)

v13.0.2

13.0.2 (2026-05-04)

Bug Fixes

  • rerelease to fix provenance. (49ccb35)

v13.0.1

13.0.1 (2026-04-27)

Bug Fixes

v13.0.0

13.0.0 (2025-09-08)

⚠ BREAKING CHANGES

  • make browser exports the default (#901)

Bug Fixes

v12.0.1

12.0.1 (2026-04-29)

... (truncated)

Changelog

Sourced from uuid's changelog.

14.0.0 (2026-04-19)

Security

  • Fixes GHSA-w5hq-g745-h8pq: v3(), v5(), and v6() did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid offset was provided. A RangeError is now thrown if offset < 0 or offset + 16 > buf.length.

⚠ BREAKING CHANGES

  • crypto is now expected to be globally defined (requires node@20+) (#935)
  • drop node@18 support (#934)
  • upgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years

13.0.0 (2025-09-08)

⚠ BREAKING CHANGES

  • make browser exports the default (#901)

Bug Fixes

12.0.0 (2025-09-05)

⚠ BREAKING CHANGES

  • update to typescript@5.2 (#887)
  • remove CommonJS support (#886)
  • drop node@16 support (#883)

Features

Bug Fixes

11.1.0 (2025-02-19)

... (truncated)

Commits
  • 7c1ea08 chore(main): release 14.0.0 (#926)
  • 3d2c5b0 Merge commit from fork
  • f2c235f fix!: expect crypto to be global everywhere (requires node@20+) (#935)
  • 529ef08 chore: upgrade TypeScript and fixup types (#927)
  • 086fd79 chore: update dependencies (#933)
  • dc4ddb8 feat!: drop node@18 support (#934)
  • 0f1f9c9 chore: switch to Biome for parsing and linting (#932)
  • e2879e6 chore: use maintained version of npm-run-all (#930)
  • ffa3138 fix: Use GITHUB_TOKEN for release-please and enable npm provenance (#925)
  • 0423d49 docs: remove obsolete v1 option notes (#915)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for uuid since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump uuid from 8.3.2 to 14.0.0 in /frontend
68b852b 
Bumps [uuid](https://github.com/uuidjs/uuid) from 8.3.2 to 14.0.0.
- [Release notes](https://github.com/uuidjs/uuid/releases)
- [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md)
- [Commits](uuidjs/uuid@v8.3.2...v14.0.0)

---
updated-dependencies:
- dependency-name: uuid
  dependency-version: 14.0.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 19, 2026
@github-actions github-actions Bot added the frontend Changes related to the frontend GUI label Jun 19, 2026
@aglinxinyuan aglinxinyuan requested a review from Copilot June 19, 2026 23:38
Copilot AI reviewed Jun 19, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the frontend’s uuid dependency to a newer major version, aligning with the frontend’s current Node/TypeScript toolchain and pulling in upstream fixes.

Changes:

  • Bump uuid in frontend/package.json from 8.3.2 to 14.0.0.
  • Update frontend/yarn.lock to resolve the new direct uuid@14.0.0 version.

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated 1 comment.

File Description
frontend/package.json Updates the direct uuid dependency version used by the Angular frontend.
frontend/yarn.lock Refreshes lockfile entries to include uuid@14.0.0 (while still retaining a transitive uuid@8.3.2 via other deps).

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread frontend/package.json
@codecov-commenter

codecov-commenter commented Jun 19, 2026
edited
Loading

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 53.40%. Comparing base (c2129d4) to head (5640e49).
⚠️ Report is 6 commits behind head on main.
✅ All tests successful. No failed tests found.

Additional details and impacted files 
@@            Coverage Diff            @@
##               main    #5804   +/-   ##
=========================================
  Coverage     53.39%   53.40%           
+ Complexity     2692     2691    -1     
=========================================
  Files          1099     1099           
  Lines         42541    42541           
  Branches       4577     4577           
=========================================
+ Hits          22716    22718    +2     
+ Misses        18493    18485    -8     
- Partials       1332     1338    +6
Flag Coverage Δ *Carryforward flag
access-control-service 70.44% <ø> (ø) Carriedforward from fb13259
agent-service 34.36% <ø> (ø) Carriedforward from fb13259
amber 54.00% <ø> (-0.02%) ⬇️ Carriedforward from fb13259
computing-unit-managing-service 1.65% <ø> (ø) Carriedforward from fb13259
config-service 56.71% <ø> (ø) Carriedforward from fb13259
file-service 57.06% <ø> (ø) Carriedforward from fb13259
frontend 48.05% <ø> (+0.02%) ⬆️
pyamber 90.13% <ø> (ø) Carriedforward from fb13259
python 90.80% <ø> (ø) Carriedforward from fb13259
workflow-compiling-service 58.69% <ø> (ø) Carriedforward from fb13259

*This pull request uses carry forward flags. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@aglinxinyuan aglinxinyuan added the release/v1.2 back porting to release/v1.2 label Jun 19, 2026
@aglinxinyuan aglinxinyuan removed the release/v1.2 back porting to release/v1.2 label Jun 20, 2026
@aglinxinyuan aglinxinyuan enabled auto-merge June 20, 2026 00:10
@aglinxinyuan
fix(frontend): point vitest browser uuid alias at v14 dist entry
5640e49 
uuid v14 dropped dist/esm-browser/index.js; its browser ESM build now
lives at dist/index.js (the package's default export condition). Update
the vitest browser-mode alias so the Vite optimizer can resolve it,
fixing the ENOENT that failed the frontend browser tests.
@aglinxinyuan aglinxinyuan added this pull request to the merge queue Jun 20, 2026
Merged via the queue into main with commit e341dc4 Jun 20, 2026
17 checks passed
@aglinxinyuan aglinxinyuan deleted the dependabot/npm_and_yarn/frontend/uuid-14.0.0 branch June 20, 2026 00:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@aglinxinyuan aglinxinyuan aglinxinyuan approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file frontend Changes related to the frontend GUI javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@codecov-commenter @aglinxinyuan