chore(deps): bump uuid from 9.0.1 to 14.0.0#4050
Conversation
dependabot
Bot
added
dependencies
|
|
|
Your PR title doesn't contain a Jira issue key. Consider adding it for better traceability. Example:
Projects:
Please add a Jira issue key to your PR title. |
2 similar comments
|
Your PR title doesn't contain a Jira issue key. Consider adding it for better traceability. Example:
Projects:
Please add a Jira issue key to your PR title. |
|
Your PR title doesn't contain a Jira issue key. Consider adding it for better traceability. Example:
Projects:
Please add a Jira issue key to your PR title. |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 2 potential issues.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 8ff3836. Configure here.
| "tsconfig-paths": "^4.2.0", | ||
| "utf-8-validate": "^5.0.10", | ||
| "uuid": "^9.0.0", | ||
| "uuid": "^14.0.0", |
There was a problem hiding this comment.
ESM-only uuid v14 breaks CommonJS project at runtime
High Severity
uuid v14 is ESM-only (CommonJS removed in v12), but the backend's tsconfig.json uses "module": "commonjs" and "moduleResolution": "node", and the services use "module": "Node16" without "type": "module" in package.json. TypeScript will compile import { v4 } from 'uuid' into require('uuid'), which fails at runtime with ERR_REQUIRE_ESM on Node 20 (used in CI). All code paths using uuid will crash.
Additional Locations (2)
Reviewed by Cursor Bugbot for commit 8ff3836. Configure here.
| needle@https://codeload.github.com/clearbit/needle/tar.gz/84d28b5f2c3916db1e7eb84aeaa9d976cc40054b: | ||
| resolution: {tarball: https://codeload.github.com/clearbit/needle/tar.gz/84d28b5f2c3916db1e7eb84aeaa9d976cc40054b} | ||
| needle@git+https://git@github.com:clearbit/needle.git#84d28b5f2c3916db1e7eb84aeaa9d976cc40054b: | ||
| resolution: {commit: 84d28b5f2c3916db1e7eb84aeaa9d976cc40054b, repo: git@github.com:clearbit/needle.git, type: git} |
There was a problem hiding this comment.
Needle resolution changed from HTTPS tarball to SSH git
Medium Severity
The lockfile regeneration silently changed the clearbit/needle dependency resolution from an HTTPS tarball download (https://codeload.github.com/...) to an SSH-based git clone (git@github.com:clearbit/needle.git). CI/CD pipelines and Docker builds that previously worked without SSH keys configured for GitHub will now fail during pnpm install when attempting to clone this dependency.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit 8ff3836. Configure here.
|
Your PR title doesn't contain a Jira issue key. Consider adding it for better traceability. Example:
Projects:
Please add a Jira issue key to your PR title. |
dependabot
Bot
force-pushed
the
dependabot/npm_and_yarn/uuid-14.0.0
branch
from
8ff3836 to
8c9ec20
Compare
Bumps [uuid](https://github.com/uuidjs/uuid) from 9.0.1 to 14.0.0. - [Release notes](https://github.com/uuidjs/uuid/releases) - [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md) - [Commits](uuidjs/uuid@v9.0.1...v14.0.0) --- updated-dependencies: - dependency-name: uuid dependency-version: 14.0.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
force-pushed
the
dependabot/npm_and_yarn/uuid-14.0.0
branch
from
8c9ec20 to
c739b57
Compare
1 participant
Bumps uuid from 9.0.1 to 14.0.0.
Release notes
Sourced from uuid's releases.
... (truncated)
Changelog
Sourced from uuid's changelog.
... (truncated)
Commits
7c1ea08chore(main): release 14.0.0 (#926)3d2c5b0Merge commit from forkf2c235ffix!: expectcryptoto be global everywhere (requires node@20+) (#935)529ef08chore: upgrade TypeScript and fixup types (#927)086fd79chore: update dependencies (#933)dc4ddb8feat!: drop node@18 support (#934)0f1f9c9chore: switch to Biome for parsing and linting (#932)e2879e6chore: use maintained version of npm-run-all (#930)ffa3138fix: Use GITHUB_TOKEN for release-please and enable npm provenance (#925)0423d49docs: remove obsolete v1 option notes (#915)Maintainer changes
This version was pushed to npm by GitHub Actions, a new releaser for uuid since your current version.
Install script changes
This version adds
preparescript that runs during installation. Review the package contents before updating.Note
Medium Risk
Dependency-only change, but
uuid@14is a breaking major upgrade that drops Node 18 support and changes crypto expectations, which can cause runtime failures if any deployed environment or bundling path isn’t Node 20+ compatible.Overview
Upgrades
uuidfrom^9.xto^14.0.0across the backend and shared libs (@crowd/common,@crowd/data-access-layer), updatingpnpm-lock.yamlto resolve to14.0.0.Lockfile changes also reflect updated package metadata/resolution entries (including the
clearbit-pinnedneedlesource URL format and AWS SDK subdependency graph adjustments) with no direct application code changes.Reviewed by Cursor Bugbot for commit c739b57. Bugbot is set up for automated code reviews on this repo. Configure here.