chore(deps): update dependency uuid to v14 (alpha)

[mend-for-github-com]

This PR contains the following updates:

Package	Type	Update	Change
uuid	dependencies	major	^9.0.0 → ^14.0.0

By merging this PR, the issue #475 will be automatically resolved and closed:

Severity	CVSS Score	Vulnerability
Critical	9.8	CVE-2026-41907
Low	3.2	CVE-2026-41988

---

Release Notes

uuidjs/uuid (uuid)

v14.0.0

Compare Source

Security

• Fixes GHSA-w5hq-g745-h8pq: v3(), v5(), and v6() did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid offset was provided. A RangeError is now thrown if offset < 0 or offset + 16 > buf.length.

⚠ BREAKING CHANGES

• crypto is now expected to be globally defined (requires node@​20+) (#​935)
• drop node@​18 support (#​934)
• upgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years

v13.0.2

Compare Source

Bug Fixes

• rerelease to fix provenance. (49ccb35)

v13.0.1

Compare Source

Bug Fixes

• backport fix for GHSA-w5hq-g745-h8pq (9d27ddf)

v13.0.0

Compare Source

⚠ BREAKING CHANGES

• make browser exports the default (#​901)

Bug Fixes

• make browser exports the default (#​901) (bce9d72)

v12.0.1

Compare Source

Bug Fixes

• backport fix for GHSA-w5hq-g745-h8pq (3d61d6a)

v12.0.0

Compare Source

⚠ BREAKING CHANGES

• update to typescript@​5.2 (#​887)
• remove CommonJS support (#​886)
• drop node@​16 support (#​883)

Features

• add node@​24 to ci matrix (#​879) (42b6178)
• drop node@​16 support (#​883) (0f38cf1)
• remove CommonJS support (#​886) (ae786e2)
• update to typescript@​5.2 (#​887) (c7ee405)

Bug Fixes

• improve v4() performance (#​894) (5fd974c)
• restore node: prefix (#​889) (e1f42a3)

v11.1.1

Compare Source

Bug Fixes

• backport GHSA-w5hq-g745-h8pq fix (32389c8)

v11.1.0

Compare Source

Features

• update TS types to allowUint8Array subtypes for buffer option (#​865) (a5231e7)

v11.0.5

Compare Source

Bug Fixes

• add TS unit test, pin to typescript@​5.0.4 (#​860) (24ac2fd)

v11.0.4

Compare Source

Bug Fixes

• docs: insure -> ensure (#​843) (d2a61e1)
• exclude tests from published package (#​840) (f992ff4)
• Test for invalid byte array sizes and ranges in v1(), v4(), and v7() (#​845) (e0ee900)

v11.0.3

Compare Source

Bug Fixes

• apply stricter typing to the v* signatures (#​831) (c2d3fed)
• export internal uuid types (#​833) (341edf4)
• remove sourcemaps (#​827) (b93ea10)
• revert "simplify type for v3 and v5" (#​835) (e2dee69)

v11.0.2

Compare Source

Bug Fixes

• remove wrapper.mjs (#​822) (6683ad3)

v11.0.1

Compare Source

Bug Fixes

• restore package.json#browser field (#​817) (ae8f386)

v11.0.0

Compare Source

⚠ BREAKING CHANGES

• refactor v1 internal state and options logic (#​780)
• refactor v7 internal state and options logic, fixes #​764 (#​779)
• Port to TypeScript, closes #​762 (#​763)
• update node support matrix (only support node 16-20) (#​750)

Features

• Port to TypeScript, closes #​762 (#​763) (1e0f987)
• update node support matrix (only support node 16-20) (#​750) (883b163)

Bug Fixes

• missing v7 expectations in browser spec (#​751) (f54a866)
• refactor v1 internal state and options logic (#​780) (031b3d3)
• refactor v7 internal state and options logic, fixes #​764 (#​779) (9dbd1cd)
• remove v4 options default assignment preventing native.randomUUID from being used (#​786) (afe6232), closes #​763
• seq_hi shift for byte 6 (#​775) (1d532ca)
• tsconfig module type (#​778) (7eff835)

v10.0.0

Compare Source

⚠ BREAKING CHANGES

• update node support (drop node@​12, node@​14, add node@​20) (#​750)

Features

• support support rfc9562 MAX uuid (new in RFC9562) (#​714) (0385cd3)
• support rfc9562 v6 uuids (#​754) (c4ed13e)
• support rfc9562 v7 uuids (#​681) (db76a12)
• update node support matrix (only support node 16-20) (#​750) (883b163)
• support rfc9562 v8 uuids (#​759) (35a5342)

Bug Fixes

• revert "perf: remove superfluous call to toLowerCase (#​677)" (#​738) (e267b90)

v9.0.1

Compare Source

build

• Fix CI to work with Node.js 20.x

---

• If you want to rebase/retry this PR, check this box

[mend-for-github-com]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json

npm warn cli npm v11.13.0 does not support Node.js v18.12.1. This version of npm supports the following node versions: `^20.17.0 || >=22.9.0`. You can find the latest version at https://nodejs.org/.
npm error (0 , L.tracingChannel) is not a function
npm error A complete log of this run can be found in: /tmp/renovate/cache/others/npm/_logs/2026-04-29T20_45_21_354Z-debug-0.log

[changeset-bot]

⚠️ No Changeset found

Latest commit: 1f77f6d

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR