Skip to content

Update uuid to v14 to fix moderate vulnerability#157

Merged
BernardGatt merged 1 commit into
developfrom
update-uuid-dependency
Jun 4, 2026
Merged

Update uuid to v14 to fix moderate vulnerability#157
BernardGatt merged 1 commit into
developfrom
update-uuid-dependency

Conversation

@BernardGatt

@BernardGatt BernardGatt commented Jun 4, 2026

Copy link
Copy Markdown
Collaborator

Summary

  • Updates uuid from 8.3.2 to 14.0.0 to resolve moderate severity vulnerability GHSA-w5hq-g745-h8pq (missing buffer bounds check in v3/v5/v6)
  • Removes @types/uuid since uuid v14 ships its own TypeScript types
  • No code changes required — our usage is limited to v4 which is unchanged across major versions

Addresses: INAPP-14471


Note

Low Risk
Dependency-only change with continued v4 usage; no auth, data, or logic changes in the diff.

Overview
Bumps uuid from 8.3.2 to 14.0.0 to address a moderate security advisory on older releases, and drops @types/uuid because v14 ships built-in TypeScript types.

There are no application source changes in the diff; runtime behavior for existing v4 ID generation should stay the same.

Reviewed by Cursor Bugbot for commit 6b5100d. Bugbot is set up for automated code reviews on this repo. Configure here.

Resolves moderate severity vulnerability (GHSA-w5hq-g745-h8pq) in uuid
versions below 11.1.1. Also removes @types/uuid since uuid v14 ships its
own TypeScript types.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@BernardGatt BernardGatt requested a review from a team as a code owner June 4, 2026 06:13
@socket-security

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Updateduuid@​8.3.2 ⏵ 14.0.0100 +1100 +210091 +41100

View full report

@BernardGatt BernardGatt merged commit a69a4de into develop Jun 4, 2026
4 checks passed
@BernardGatt BernardGatt deleted the update-uuid-dependency branch June 4, 2026 06:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants