From ffd6f2519e8aeb9d39ccc7ecfb59c418c21dbc38 Mon Sep 17 00:00:00 2001 From: Tomina Date: Thu, 7 May 2026 16:11:44 +0200 Subject: [PATCH 1/2] fix(deps): support UUID v14 and use it in standalone/peer exports Addresses https://github.com/advisories/GHSA-w5hq-g745-h8pq in standalone and peer exports where we had pinned a vulnerable version. --- package-lock.json | 10 +++++----- package.json | 4 ++-- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/package-lock.json b/package-lock.json index 3673f99b0..a6d908e8a 100644 --- a/package-lock.json +++ b/package-lock.json @@ -40,7 +40,7 @@ "sinon": "21.0.0", "snap-shot-it": "7.9.10", "start-server-and-test": "2.1.5", - "uuid": "13.0.2", + "uuid": "14.0.0", "vis-data": "8.0.3", "vis-dev-utils": "6.0.1", "vis-util": "6.0.0" @@ -53,7 +53,7 @@ "@egjs/hammerjs": "^2.0.0", "component-emitter": "^1.3.0 || ^2.0.0", "keycharm": "^0.2.0 || ^0.3.0 || ^0.4.0", - "uuid": "^3.4.0 || ^7.0.0 || ^8.0.0 || ^9.0.0 || ^10.0.0 || ^11.0.0 || ^13.0.0", + "uuid": "^3.4.0 || ^7.0.0 || ^8.0.0 || ^9.0.0 || ^10.0.0 || ^11.0.0 || ^13.0.0 || ^14.0.0", "vis-data": ">=8.0.0", "vis-util": ">=6.0.0" } @@ -20698,9 +20698,9 @@ "license": "MIT" }, "node_modules/uuid": { - "version": "13.0.2", - "resolved": "https://registry.npmjs.org/uuid/-/uuid-13.0.2.tgz", - "integrity": "sha512-vzi9uRZ926x4XV73S/4qQaTwPXM2JBj6/6lI/byHH1jOpCzb0zDbfytgA9LcN/hzb2l7WQSQnxITOVx5un/wGw==", + "version": "14.0.0", + "resolved": "https://registry.npmjs.org/uuid/-/uuid-14.0.0.tgz", + "integrity": "sha512-Qo+uWgilfSmAhXCMav1uYFynlQO7fMFiMVZsQqZRMIXp0O7rR7qjkj+cPvBHLgBqi960QCoo/PH2/6ZtVqKvrg==", "dev": true, "funding": [ "https://github.com/sponsors/broofa", diff --git a/package.json b/package.json index 626eb4548..7cecfe7cd 100644 --- a/package.json +++ b/package.json @@ -254,7 +254,7 @@ "@egjs/hammerjs": "^2.0.0", "component-emitter": "^1.3.0 || ^2.0.0", "keycharm": "^0.2.0 || ^0.3.0 || ^0.4.0", - "uuid": "^3.4.0 || ^7.0.0 || ^8.0.0 || ^9.0.0 || ^10.0.0 || ^11.0.0 || ^13.0.0", + "uuid": "^3.4.0 || ^7.0.0 || ^8.0.0 || ^9.0.0 || ^10.0.0 || ^11.0.0 || ^13.0.0 || ^14.0.0", "vis-data": ">=8.0.0", "vis-util": ">=6.0.0" }, @@ -290,7 +290,7 @@ "sinon": "21.0.0", "snap-shot-it": "7.9.10", "start-server-and-test": "2.1.5", - "uuid": "13.0.2", + "uuid": "14.0.0", "vis-data": "8.0.3", "vis-dev-utils": "6.0.1", "vis-util": "6.0.0" From 780af6b53be52d525d8b0e03971f8069c788db6f Mon Sep 17 00:00:00 2001 From: Tomina Date: Thu, 7 May 2026 16:11:58 +0200 Subject: [PATCH 2/2] fix(deps): update vis-data to 8.0.4 This version supports UUID v14. --- package-lock.json | 10 +++++----- package.json | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/package-lock.json b/package-lock.json index a6d908e8a..cdbcd943e 100644 --- a/package-lock.json +++ b/package-lock.json @@ -41,7 +41,7 @@ "snap-shot-it": "7.9.10", "start-server-and-test": "2.1.5", "uuid": "14.0.0", - "vis-data": "8.0.3", + "vis-data": "8.0.4", "vis-dev-utils": "6.0.1", "vis-util": "6.0.0" }, @@ -20847,9 +20847,9 @@ "license": "MIT" }, "node_modules/vis-data": { - "version": "8.0.3", - "resolved": "https://registry.npmjs.org/vis-data/-/vis-data-8.0.3.tgz", - "integrity": "sha512-jhnb6rJNqkKR1Qmlay0VuDXY9ZlvAnYN1udsrP4U+krgZEq7C0yNSKdZqmnCe13mdnf9AdVcdDGFOzy2mpPoqw==", + "version": "8.0.4", + "resolved": "https://registry.npmjs.org/vis-data/-/vis-data-8.0.4.tgz", + "integrity": "sha512-TsN0sMHqIRpdfg6TNPtfdINpkgxtnQP6JNWCaiSwvou5seXqKiP5eERkaBg+Y56wyJ4FZTeOEs/dEmWEPrpltQ==", "dev": true, "license": "(Apache-2.0 OR MIT)", "funding": { @@ -20857,7 +20857,7 @@ "url": "https://opencollective.com/visjs" }, "peerDependencies": { - "uuid": "^3.4.0 || ^7.0.0 || ^8.0.0 || ^9.0.0 || ^10.0.0 || ^11.0.0 || ^13.0.0", + "uuid": "^3.4.0 || ^7.0.0 || ^8.0.0 || ^9.0.0 || ^10.0.0 || ^11.0.0 || ^13.0.0 || ^14.0.0", "vis-util": ">=6.0.0" } }, diff --git a/package.json b/package.json index 7cecfe7cd..123df79de 100644 --- a/package.json +++ b/package.json @@ -291,7 +291,7 @@ "snap-shot-it": "7.9.10", "start-server-and-test": "2.1.5", "uuid": "14.0.0", - "vis-data": "8.0.3", + "vis-data": "8.0.4", "vis-dev-utils": "6.0.1", "vis-util": "6.0.0" }