chore(deps-dev): bump uuid from 10.0.0 to 14.0.0

[dependabot]

Bumps uuid from 10.0.0 to 14.0.0.

Release notes

Sourced from uuid's releases.

v14.0.0

14.0.0 (2026-04-19)

⚠ BREAKING CHANGES

• expect crypto to be global everywhere (requires node@20+) (#935)
• drop node@18 support (#934)

Features

• drop node@18 support (#934) (dc4ddb8)

Bug Fixes

• expect crypto to be global everywhere (requires node@20+) (#935) (f2c235f)
• Use GITHUB_TOKEN for release-please and enable npm provenance (#925) (ffa3138)

v13.0.2

13.0.2 (2026-05-04)

Bug Fixes

• rerelease to fix provenance. (49ccb35)

v13.0.1

13.0.1 (2026-04-27)

Bug Fixes

• backport fix for GHSA-w5hq-g745-h8pq (9d27ddf)

v13.0.0

13.0.0 (2025-09-08)

⚠ BREAKING CHANGES

• make browser exports the default (#901)

Bug Fixes

• make browser exports the default (#901) (bce9d72)

v12.0.1

12.0.1 (2026-04-29)

... (truncated)

Changelog

Sourced from uuid's changelog.

14.0.0 (2026-04-19)

Security

• Fixes GHSA-w5hq-g745-h8pq: v3(), v5(), and v6() did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid offset was provided. A RangeError is now thrown if offset < 0 or offset + 16 > buf.length.

⚠ BREAKING CHANGES

• crypto is now expected to be globally defined (requires node@20+) (#935)
• drop node@18 support (#934)
• upgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years

13.0.0 (2025-09-08)

⚠ BREAKING CHANGES

• make browser exports the default (#901)

Bug Fixes

• make browser exports the default (#901) (bce9d72)

12.0.0 (2025-09-05)

⚠ BREAKING CHANGES

• update to typescript@5.2 (#887)
• remove CommonJS support (#886)
• drop node@16 support (#883)

Features

• add node@24 to ci matrix (#879) (42b6178)
• drop node@16 support (#883) (0f38cf1)
• remove CommonJS support (#886) (ae786e2)
• update to typescript@5.2 (#887) (c7ee405)

Bug Fixes

• improve v4() performance (#894) (5fd974c)
• restore node: prefix (#889) (e1f42a3)

11.1.0 (2025-02-19)

... (truncated)

Commits

• 7c1ea08 chore(main): release 14.0.0 (#926)
• 3d2c5b0 Merge commit from fork
• f2c235f fix!: expect crypto to be global everywhere (requires node@20+) (#935)
• 529ef08 chore: upgrade TypeScript and fixup types (#927)
• 086fd79 chore: update dependencies (#933)
• dc4ddb8 feat!: drop node@18 support (#934)
• 0f1f9c9 chore: switch to Biome for parsing and linting (#932)
• e2879e6 chore: use maintained version of npm-run-all (#930)
• ffa3138 fix: Use GITHUB_TOKEN for release-please and enable npm provenance (#925)
• 0423d49 docs: remove obsolete v1 option notes (#915)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for uuid since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

[github-actions]

🤖 AI PR Validation Report

PR Review Results

Thank you for your submission! Here's detailed feedback on your PR title and body compliance:

✅ PR Title

• Current: chore(deps-dev): bump uuid from 10.0.0 to 14.0.0
• Issue: None — the title is clear and follows conventional commit style for a dependency chore.
• Recommendation: Keep as-is.

---

❌ Commit Type

• The PR body does not use the required PR body template checkboxes to select a Commit Type.
• Note: Based on the title this is a chore (dependency bump). Please include the PR body section and check exactly one of the Commit Type checkboxes (e.g., - [x] chore).

---

❌ Risk Level

• The PR does not include one of the required Risk Level checkboxes (Low/Medium/High).
• Assessment: Advised risk = High. Reason: uuid@14.0.0 contains breaking changes (requires Node.js 20+, expects crypto to be global, and drops Node 18 support). Even though this is a dev-dependency bump in apps/vs-code-designer, the pnpm lockfile changes show the package resolution updates and transitive changes across the lockfile. If your CI or developer environments run an older Node version (e.g., 18) or any tooling assumes older behavior, CI/build/test may fail. Please add a risk label (e.g., risk:high) and pick the corresponding checkbox in the PR body. If you intend this to be lower risk, add an explanation why (for example: uuid is only used in tooling that runs under Node 20 in CI and you have validated all pipelines).

---

❌ What & Why

• Current: (Missing) — PR body is the auto-generated dependabot description and does not contain the project-specific "What & Why" section using the required template.
• Issue: The required "What & Why" section of the template is missing. Reviewers need a concise explanation of the change in repo context (why this bump is required and any notes about breakage or migration steps).
• Recommendation: Add a short description, e.g.: What & Why: Bump uuid from 10.0.0 to 14.0.0 to pick up security fixes and bugfixes. Note: uuid@14 requires Node.js >= 20 and expects global crypto — ensure CI and local dev environments meet this requirement or keep using older uuid for Node 18 compatibility.

---

❌ Impact of Change

• Missing or incomplete. The PR touches dependency versions and the lockfile; it may affect builds, tests, and tooling.
• Recommendation: Explicitly state impacts in the PR body:
  • Users: None (runtime user-facing changes unlikely if uuid is dev-only) OR note if this could affect runtime packages.
  • Developers: Build/test may require Node 20+; update local dev instructions and CI images if needed.
  • System: CI images, build agents, or extension packaging steps might need Node 20. If the change affects runtime packages, list which bundles may require revalidation.

---

❌ Test Plan

• Assessment: No unit tests or E2E tests were added or updated, and there is no explanation for why none are included.
• Issue: Per repo policy template: if no tests are added, provide a justification. The current PR provides no such explanation.
• Recommendation: Add one of:
  • - [x] Unit tests added/updated (if you updated code that requires tests), or
  • - [x] E2E tests added/updated (if applicable), or
  • - [x] Manual testing completed plus a clear explanation of manual steps and verification performed (for example: CI ran on Node 20 and all checks passed). If this bump is purely dev-tooling and you validated it by running the build/test matrix, list the CI run IDs or the commands you ran locally (node version, commands).

Note: Because there are no tests or justification, this check fails.

⚠️ Contributors

• Assessment: The PR body does not list repository contributors who assisted. The auto-generated dependabot PR rarely contains contributor acknowledgements.
• Recommendation: Optionally list reviewers, PMs, designers if they contributed. If none, you can leave blank, but please remember to credit humans who reviewed/approved this change.

---

✅ Screenshots/Videos

• Assessment: Not applicable for a dependency bump.
• Recommendation: No screenshots required.

---

Summary Table

Section	Status	Recommendation
Title	✅	Title is good — keep it.
Commit Type	❌	Add a checked box in the PR body (e.g., - [x] chore).
Risk Level	❌	Add one risk checkbox and risk: label. Advised: risk:high.
What & Why	❌	Add a concise "What & Why" explaining the bump and Node/version implications.
Impact of Change	❌	Describe Users/Developers/System impact and Node requirements.
Test Plan	❌	Add tests or a clear manual testing explanation (CI run details).
Contributors	⚠️	Optionally list contributors; not required but recommended.
Screenshots/Videos	✅	Not applicable.

---

Final Message
Please update the PR title/body to use the required template. Minimum required fixes to pass this check:

1. In the PR body, use the provided template and check exactly one Commit Type checkbox (e.g., - [x] chore).
2. Select exactly one Risk Level checkbox. Based on the code diff and release notes, set the risk to High (and add the repository label risk:high) unless you can justify a lower risk with evidence.
3. Fill the "What & Why" and "Impact of Change" sections. Be explicit about Node.js version requirements (uuid@14 requires Node 20+ / global crypto) and whether CI/dev environments will be updated.
4. Add a Test Plan entry. If you ran CI / tested locally, include exact steps and CI run IDs or commands (node version, npm/pnpm commands). If no tests are needed, explain why.
5. Remove the needs-pr-update label after updating the PR body and add the correct risk label (risk:high), and any other applicable labels.

Why I marked the advised risk as High

• uuid@14.0.0 contains breaking changes including a Node 20 requirement and changes in how crypto is located. If your CI or dev machines use Node 18 or tooling that expects the previous behavior, builds or tests may fail. Even as a devDependency, changes to the lockfile and package resolutions can affect CI, extension packaging, or developer workflows.

If you want, after updating the PR body I can re-evaluate and re-run the checks. Thanks for keeping dependencies up to date — just include the template details and CI/test evidence so reviewers can approve safely.

---

Last updated: Wed, 13 May 2026 22:50:50 GMT

[github-actions]

📊 Coverage Check

No source files changed in this PR.

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.