chore(deps): bump uuid from 10.0.0 to 14.0.0 in /apps/chat#5105
chore(deps): bump uuid from 10.0.0 to 14.0.0 in /apps/chat#5105dependabot[bot] wants to merge 1 commit into
Conversation
Bumps [uuid](https://github.com/uuidjs/uuid) from 10.0.0 to 14.0.0. - [Release notes](https://github.com/uuidjs/uuid/releases) - [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md) - [Commits](uuidjs/uuid@v10.0.0...v14.0.0) --- updated-dependencies: - dependency-name: uuid dependency-version: 14.0.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
javascript
dosubot
Bot
added
size:XS
Confidence Score: 4/5Safe to merge; the only active concern is the stale @types/uuid devDependency which is redundant and can be cleaned up independently. The runtime usage is limited to v4, whose API is unchanged across all bumped versions. Node 20 and ESM compatibility are already satisfied. The only remaining loose end is @types/uuid staying at ^10.0.0 while the runtime is now 14.0.0 — a type-definition inconsistency that is unlikely to cause build failures given uuid's own bundled types, but worth cleaning up. apps/chat/package.json — @types/uuid devDependency should be removed or updated alongside the runtime bump.
|
| Filename | Overview |
|---|---|
| apps/chat/package.json | Bumps uuid from 10.0.0 to 14.0.0; the app's Node 20 engine requirement satisfies uuid v14's Node 20+ constraint and only v4 is used (unchanged API), but @types/uuid remains pinned to ^10.0.0 which is now stale and redundant since uuid ships its own types. |
Flowchart
%%{init: {'theme': 'neutral'}}%%
flowchart TD
A["uuid v10.0.0 → v14.0.0"] --> B["Breaking changes"]
A --> C["Security fix"]
B --> D["Node 20+ required\n✅ engines: node=20"]
B --> E["CommonJS dropped\n✅ Next.js 15 ESM-compatible"]
B --> F["Browser exports default\n✅ No impact on server usage"]
C --> G["v3/v5/v6 buffer bounds check\n✅ App only uses v4"]
A --> H["@types/uuid ^10.0.0\n⚠️ Stale — uuid ships own types"]
Comments Outside Diff (1)
-
apps/chat/package.json, line 61 (link)The
@types/uuiddevDependency is pinned to^10.0.0while the runtime package has jumped to14.0.0. Sinceuuidhas shipped its own bundled TypeScript declarations since v9,@types/uuidis redundant. With the version now four major versions behind the runtime, any TypeScript-level API divergence between the two type sources could surface unexpected type errors. The safest fix is to remove@types/uuidentirely and let uuid's own bundled types take over.
Reviews (1): Last reviewed commit: "chore(deps): bump uuid from 10.0.0 to 14..." | Re-trigger Greptile
Bumps uuid from 10.0.0 to 14.0.0.
Release notes
Sourced from uuid's releases.
... (truncated)
Changelog
Sourced from uuid's changelog.
... (truncated)
Commits
7c1ea08chore(main): release 14.0.0 (#926)3d2c5b0Merge commit from forkf2c235ffix!: expectcryptoto be global everywhere (requires node@20+) (#935)529ef08chore: upgrade TypeScript and fixup types (#927)086fd79chore: update dependencies (#933)dc4ddb8feat!: drop node@18 support (#934)0f1f9c9chore: switch to Biome for parsing and linting (#932)e2879e6chore: use maintained version of npm-run-all (#930)ffa3138fix: Use GITHUB_TOKEN for release-please and enable npm provenance (#925)0423d49docs: remove obsolete v1 option notes (#915)Maintainer changes
This version was pushed to npm by GitHub Actions, a new releaser for uuid since your current version.
Install script changes
This version adds
preparescript that runs during installation. Review the package contents before updating.Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.