Skip to content

chore(deps): bump uuid from 9.0.1 to 14.0.0 #4050

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
dependabot wants to merge 1 commit into
base: main
Choose a base branch
from
+24 −14
Open

chore(deps): bump uuid from 9.0.1 to 14.0.0 #4050

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion backend/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -129,7 +129,7 @@
"superagent": "^8.0.0",
"tsconfig-paths": "^4.2.0",
"utf-8-validate": "^5.0.10",
"uuid": "^9.0.0",
"uuid": "^14.0.0",
Copy link
Copy Markdown

@cursor cursor Bot Apr 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ESM-only uuid v14 breaks CommonJS project at runtime

High Severity

uuid v14 is ESM-only (CommonJS removed in v12), but the backend's tsconfig.json uses "module": "commonjs" and "moduleResolution": "node", and the services use "module": "Node16" without "type": "module" in package.json. TypeScript will compile import { v4 } from 'uuid' into require('uuid'), which fails at runtime with ERR_REQUIRE_ESM on Node 20 (used in CI). All code paths using uuid will crash.

Additional Locations (2)
Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit 8ff3836. Configure here.

Copy link
Copy Markdown

@cursor cursor Bot May 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Stale @types/uuid v9 remains after uuid v14 upgrade

Low Severity

The uuid package is bumped to v14 which bundles its own TypeScript types, but @types/uuid@^9.0.2 remains in devDependencies (line 150). With "moduleResolution": "node", if TypeScript cannot resolve types from the ESM-only uuid package directly (due to missing top-level types field), it falls back to @types/uuid@9 which describes uuid v9's API — potentially masking type errors for any API differences between v9 and v14.

Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit 8a14c31. Configure here.

"validator": "^13.7.0",
"verify-github-webhook": "^1.0.1",
"zlib-sync": "^0.1.8",
Expand Down
32 changes: 21 additions & 11 deletions pnpm-lock.yaml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion services/libs/common/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@
"lodash.unionwith": "^4.6.0",
"moment-timezone": "^0.5.34",
"tldts": "^6.1.11",
"uuid": "^9.0.0",
"uuid": "^14.0.0",
"validator": "^13.7.0"
}
}
2 changes: 1 addition & 1 deletion services/libs/data-access-layer/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@
"moment": "~2.29.4",
"pg-promise": "^11.4.3",
"pg-query-stream": "^4.7.0",
"uuid": "^9.0.1",
"uuid": "^14.0.0",
"validator": "^13.7.0"
},
"devDependencies": {
Expand Down
Loading