chore(deps-dev): bump uuid from 11.1.0 to 14.0.0#133
Conversation
Bumps [uuid](https://github.com/uuidjs/uuid) from 11.1.0 to 14.0.0. - [Release notes](https://github.com/uuidjs/uuid/releases) - [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md) - [Commits](uuidjs/uuid@v11.1.0...v14.0.0) --- updated-dependencies: - dependency-name: uuid dependency-version: 14.0.0 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
![lifeomic-review-bot[bot]](https://avatars.githubusercontent.com/u/29172293?s=60&v=4){kind=small}
| "typescript": "^5.8.3", | ||
| "typescript-eslint": "^8.38.0", | ||
| "uuid": "^11.1.0", | ||
| "uuid": "^14.0.0", |
There was a problem hiding this comment.
Suggestion: uuid v14 aligns with Node 20+ and a global crypto. Declaring an explicit engines.node floor (for example >=20) would document the same constraint the dependency now assumes, since this manifest does not state it yet.
This review was generated by review-bot.
There was a problem hiding this comment.
Scope
Dependabot updates the devDependency uuid to ^14.0.0 in package.json and syncs yarn.lock; canonical scope is manifest and lockfile only.
CI
Required checks are still pending—branch protection can wait for results; nothing in the dependency-only diff alone warrants duplicating CI as a merge-bar narrative.
Regression risk
Risk is moderate for a multi-major jump but narrow in this tree: tests use v4 from uuid, which remains a stable import path on supported Node.
Upstream
Upstream: uuidjs/uuid#926 (14.0.0) plus breaking-note issues referenced in the PR body (global crypto, Node 20+).
Bugbot: no blocking threads — no action.
Residual risks / follow-ups
Residual risk: uuid 11→14 stacks several upstream breaking releases (Node 20+, global crypto, prior majors’ module layout changes). Confirm the repo’s CI and contributor Node floor actually meet uuid 14 before merge, and consider codifying that floor in package metadata if it is not already guaranteed elsewhere.
This review was generated by review-bot.
Bumps uuid from 11.1.0 to 14.0.0.
Release notes
Sourced from uuid's releases.
... (truncated)
Changelog
Sourced from uuid's changelog.
Commits
7c1ea08chore(main): release 14.0.0 (#926)3d2c5b0Merge commit from forkf2c235ffix!: expectcryptoto be global everywhere (requires node@20+) (#935)529ef08chore: upgrade TypeScript and fixup types (#927)086fd79chore: update dependencies (#933)dc4ddb8feat!: drop node@18 support (#934)0f1f9c9chore: switch to Biome for parsing and linting (#932)e2879e6chore: use maintained version of npm-run-all (#930)ffa3138fix: Use GITHUB_TOKEN for release-please and enable npm provenance (#925)0423d49docs: remove obsolete v1 option notes (#915)Maintainer changes
This version was pushed to npm by GitHub Actions, a new releaser for uuid since your current version.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.