Skip to content

Update dependency uuid to v11 (master)#10

Open
mend-for-github-com[bot] wants to merge 1 commit into
masterfrom
whitesource-remediate/master-uuid-11.x
Open

Update dependency uuid to v11 (master)#10
mend-for-github-com[bot] wants to merge 1 commit into
masterfrom
whitesource-remediate/master-uuid-11.x

Conversation

@mend-for-github-com

Copy link
Copy Markdown

This PR contains the following updates:

Package Type Update Change
uuid dependencies major ^2.0.2^11.0.0

By merging this PR, the below vulnerabilities will be automatically resolved:

Severity CVSS Score Vulnerability Reachability
Critical Critical 9.8 CVE-2026-41907

Unreachable


Release Notes

uuidjs/uuid (uuid)

v11.1.1

Compare Source

Bug Fixes

v11.1.0

Compare Source

Features
  • update TS types to allowUint8Array subtypes for buffer option (#​865) (a5231e7)

v11.0.5

Compare Source

Bug Fixes

v11.0.4

Compare Source

Bug Fixes

v11.0.3

Compare Source

Bug Fixes

v11.0.2

Compare Source

Bug Fixes

v11.0.1

Compare Source

Bug Fixes

v11.0.0

Compare Source

⚠ BREAKING CHANGES
  • refactor v1 internal state and options logic (#​780)
  • refactor v7 internal state and options logic, fixes #​764 (#​779)
  • Port to TypeScript, closes #​762 (#​763)
  • update node support matrix (only support node 16-20) (#​750)
Features
Bug Fixes

v10.0.0

Compare Source

⚠ BREAKING CHANGES
  • update node support (drop node@​12, node@​14, add node@​20) (#​750)
Features
Bug Fixes

v9.0.1

Compare Source

build
  • Fix CI to work with Node.js 20.x

v9.0.0

Compare Source

⚠ BREAKING CHANGES
  • Drop Node.js 10.x support. This library always aims at supporting one EOLed LTS release which by this time now is 12.x which has reached EOL 30 Apr 2022.

  • Remove the minified UMD build from the package.

    Minified code is hard to audit and since this is a widely used library it seems more appropriate nowadays to optimize for auditability than to ship a legacy module format that, at best, serves educational purposes nowadays.

    For production browser use cases, users should be using a bundler. For educational purposes, today's online sandboxes like replit.com offer convenient ways to load npm modules, so the use case for UMD through repos like UNPKG or jsDelivr has largely vanished.

  • Drop IE 11 and Safari 10 support. Drop support for browsers that don't correctly implement const/let and default arguments, and no longer transpile the browser build to ES2015.

    This also removes the fallback on msCrypto instead of the crypto API.

    Browser tests are run in the first supported version of each supported browser and in the latest (as of this commit) version available on Browserstack.

Features
Bug Fixes
build
8.3.2 (2020-12-08)
Bug Fixes
8.3.1 (2020-10-04)
Bug Fixes

v8.3.2

Compare Source

⚠ BREAKING CHANGES
  • Drop Node.js 10.x support. This library always aims at supporting one EOLed LTS release which by this time now is 12.x which has reached EOL 30 Apr 2022.

  • Remove the minified UMD build from the package.

    Minified code is hard to audit and since this is a widely used library it seems more appropriate nowadays to optimize for auditability than to ship a legacy module format that, at best, serves educational purposes nowadays.

    For production browser use cases, users should be using a bundler. For educational purposes, today's online sandboxes like replit.com offer convenient ways to load npm modules, so the use case for UMD through repos like UNPKG or jsDelivr has largely vanished.

  • Drop IE 11 and Safari 10 support. Drop support for browsers that don't correctly implement const/let and default arguments, and no longer transpile the browser build to ES2015.

    This also removes the fallback on msCrypto instead of the crypto API.

    Browser tests are run in the first supported version of each supported browser and in the latest (as of this commit) version available on Browserstack.

Features
Bug Fixes
build
8.3.2 (2020-12-08)
Bug Fixes
8.3.1 (2020-10-04)
Bug Fixes

v8.3.1

Compare Source

⚠ BREAKING CHANGES
  • Drop Node.js 10.x support. This library always aims at supporting one EOLed LTS release which by this time now is 12.x which has reached EOL 30 Apr 2022.

  • Remove the minified UMD build from the package.

    Minified code is hard to audit and since this is a widely used library it seems more appropriate nowadays to optimize for auditability than to ship a legacy module format that, at best, serves educational purposes nowadays.

    For production browser use cases, users should be using a bundler. For educational purposes, today's online sandboxes like replit.com offer convenient ways to load npm modules, so the use case for UMD through repos like UNPKG or jsDelivr has largely vanished.

  • Drop IE 11 and Safari 10 support. Drop support for browsers that don't correctly implement const/let and default arguments, and no longer transpile the browser build to ES2015.

    This also removes the fallback on msCrypto instead of the crypto API.

    Browser tests are run in the first supported version of each supported browser and in the latest (as of this commit) version available on Browserstack.

Features
Bug Fixes
build
8.3.2 (2020-12-08)
Bug Fixes
8.3.1 (2020-10-04)
Bug Fixes

v8.3.0

Compare Source

⚠ BREAKING CHANGES
  • Drop Node.js 10.x support. This library always aims at supporting one EOLed LTS release which by this time now is 12.x which has reached EOL 30 Apr 2022.

  • Remove the minified UMD build from the package.

    Minified code is hard to audit and since this is a widely used library it seems more appropriate nowadays to optimize for auditability than to ship a legacy module format that, at best, serves educational purposes nowadays.

    For production browser use cases, users should be using a bundler. For educational purposes, today's online sandboxes like replit.com offer convenient ways to load npm modules, so the use case for UMD through repos like UNPKG or jsDelivr has largely vanished.

  • Drop IE 11 and Safari 10 support. Drop support for browsers that don't correctly implement const/let and default arguments, and no longer transpile the browser build to ES2015.

    This also removes the fallback on msCrypto instead of the crypto API.

    Browser tests are run in the first supported version of each supported browser and in the latest (as of this commit) version available on Browserstack.

Features
Bug Fixes
build
8.3.2 (2020-12-08)
Bug Fixes
8.3.1 (2020-10-04)
Bug Fixes

v8.2.0

Compare Source

Features
Bug Fixes

v8.1.0

Compare Source

Features
Bug Fixes

v8.0.0

Compare Source

⚠ BREAKING CHANGES
  • For native ECMAScript Module (ESM) usage in Node.js only named exports are exposed, there is no more default export.

    -import uuid from 'uuid';
    -console.log(uuid.v4()); // -> 'cd6c3b08-0adc-4f4b-a6ef-36087a1c9869'
    +import { v4 as uuidv4 } from 'uuid';
    +uuidv4(); // ⇨ '9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d'
  • Deep requiring specific algorithms of this library like require('uuid/v4'), which has been deprecated in uuid@7, is no longer supported.

    Instead use the named exports that this module exports.

    For ECMAScript Modules (ESM):

    -import uuidv4 from 'uuid/v4';
    +import { v4 as uuidv4 } from 'uuid';
    uuidv4();

    For CommonJS:

    -const uuidv4 = require('uuid/v4');
    +const { v4: uuidv4 } = require('uuid');
    uuidv4();
Features
Bug Fixes
  • add CommonJS syntax example to README quickstart section (#​417) (e0ec840)
7.0.3 (2020-03-31)
Bug Fixes
7.0.2 (2020-03-04)
Bug Fixes
7.0.1 (2020-02-25)
Bug Fixes

v7.0.3

Compare Source

⚠ BREAKING CHANGES
  • For native ECMAScript Module (ESM) usage in Node.js only named exports are exposed, there is no more default export.

    -import uuid from 'uuid';
    -console.log(uuid.v4()); // -> 'cd6c3b08-0adc-4f4b-a6ef-36087a1c9869'
    +import { v4 as uuidv4 } from 'uuid';
    +uuidv4(); // ⇨ '9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d'
  • Deep requiring specific algorithms of this library like require('uuid/v4'), which has been deprecated in uuid@7, is no longer supported.

    Instead use the named exports that this module exports.

    For ECMAScript Modules (ESM):

    -import uuidv4 from 'uuid/v4';
    +import { v4 as uuidv4 } from 'uuid';
    uuidv4();

    For CommonJS:

    -const uuidv4 = require('uuid/v4');
    +const { v4: uuidv4 } = require('uuid');
    uuidv4();
Features
Bug Fixes
  • add CommonJS syntax example to README quickstart section (#​417) (e0ec840)
7.0.3 (2020-03-31)
Bug Fixes
7.0.2 (2020-03-04)
Bug Fixes
7.0.1 (2020-02-25)
Bug Fixes

v7.0.2

Compare Source

⚠ BREAKING CHANGES
  • For native ECMAScript Module (ESM) usage in Node.js only named exports are exposed, there is no more default export.

    -import uuid from 'uuid';
    -console.log(uuid.v4()); // -> 'cd6c3b08-0adc-4f4b-a6ef-36087a1c9869'
    +import { v4 as uuidv4 } from 'uuid';
    +uuidv4(); // ⇨ '9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d'
  • Deep requiring specific algorithms of this library like require('uuid/v4'), which has been deprecated in uuid@7, is no longer supported.

    Instead use the named exports that this module exports.

    For ECMAScript Modules (ESM):

    -import uuidv4 from 'uuid/v4';
    +import { v4 as uuidv4 } from 'uuid';
    uuidv4();

    For CommonJS:

    -const uuidv4 = require('uuid/v4');
    +const { v4: uuidv4 } = require('uuid');
    uuidv4();
Features
Bug Fixes
  • add CommonJS syntax example to README quickstart section (#​417) (e0ec840)
7.0.3 (2020-03-31)
Bug Fixes
7.0.2 (2020-03-04)
Bug Fixes
7.0.1 (2020-02-25)
Bug Fixes

v7.0.1

Compare Source

⚠ BREAKING CHANGES
  • For native ECMAScript Module (ESM) usage in Node.js only named exports are exposed, there is no more default export.

    -import uuid from 'uuid';
    -console.log(uuid.v4()); // -> 'cd6c3b08-0adc-4f4b-a6ef-36087a1c9869'
    +import { v4 as uuidv4 } from 'uuid';
    +uuidv4(); // ⇨ '9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d'
  • Deep requiring specific algorithms of this library like require('uuid/v4'), which has been deprecated in uuid@7, is no longer supported.

    Instead use the named exports that this module exports.

    For ECMAScript Modules (ESM):

    -import uuidv4 from 'uuid/v4';
    +import { v4 as uuidv4 } from 'uuid';
    uuidv4();

    For CommonJS:

    -const uuidv4 = require('uuid/v4');
    +const { v4: uuidv4 } = require('uuid');
    uuidv4();
Features
Bug Fixes
  • add CommonJS syntax example to README quickstart section (#​417) (e0ec840)
7.0.3 (2020-03-31)
Bug Fixes
7.0.2 (2020-03-04)
Bug Fixes
7.0.1 (2020-02-25)
Bug Fixes

v7.0.0

Compare Source

⚠ BREAKING CHANGES
  • For native ECMAScript Module (ESM) usage in Node.js only named exports are exposed, there is no more default export.

    -import uuid from 'uuid';
    -console.log(uuid.v4()); // -> 'cd6c3b08-0adc-4f4b-a6ef-36087a1c9869'
    +import { v4 as uuidv4 } from 'uuid';
    +uuidv4(); // ⇨ '9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d'
  • Deep requiring specific algorithms of this library like require('uuid/v4'), which has been deprecated in uuid@7, is no longer supported.

    Instead use the named exports that this module exports.

    For ECMAScript Modules (ESM):

    -import uuidv4 from 'uuid/v4';
    +import { v4 as uuidv4 } from 'uuid';
    uuidv4();

    For CommonJS:

    -const uuidv4 = require('uuid/v4');
    +const { v4: uuidv4 } = require('uuid');
    uuidv4();
Features
Bug Fixes
  • add CommonJS syntax example to README quickstart section (#​417) (e0ec840)
7.0.3 (2020-03-31)
Bug Fixes
7.0.2 (2020-03-04)
Bug Fixes
7.0.1 (2020-02-25)
Bug Fixes

v3.4.0

Compare Source

Features

v3.3.3

Compare Source

Bug Fixes
  • no longer run ci tests on node v4
  • upgrade dependencies

v3.3.2

Compare Source

Bug Fixes

v3.3.0

Compare Source

Bug Fixes
Features
  • enforce Conventional Commit style commit messages (#​282) (cc9a182)

3.2.1 (2018-01-16)

Bug Fixes

v3.2.1

Compare Source

Bug Fixes
Features
  • enforce Conventional Commit style commit messages (#​282) (cc9a182)

3.2.1 (2018-01-16)

Bug Fixes

v3.2.0

Compare Source

Bug Fixes
Features
  • enforce Conventional Commit style commit messages (#​282) (cc9a182)

3.2.1 (2018-01-16)

Bug Fixes

v3.1.0

Compare Source

Bug Fixes
  • (fix) Add .npmignore file to exclude test/ and other non-essential files from packing. (#​183)
  • Fix typo (#​178)
  • Simple typo fix (#​165)
Features

v3.0.1

Compare Source

  • split uuid versions into separate files

v3.0.0

Compare Source

  • remove .parse and .unparse

  • If you want to rebase/retry this PR, check this box

@mend-for-github-com mend-for-github-com Bot added the security fix Security fix generated by Mend label May 22, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

security fix Security fix generated by Mend

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants