[Snyk] Upgrade uuid from 9.0.1 to 13.0.0

[snyk-io]

Snyk has created this PR to upgrade uuid from 9.0.1 to 13.0.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 11 versions ahead of your current version.

• The recommended version was released 5 months ago.

Release notes

Package name: uuid

• 13.0.0 - 2025-09-08
  

  13.0.0 (2025-09-08)

  ⚠ BREAKING CHANGES

  • make browser exports the default (#901)

  Bug Fixes

  • make browser exports the default (#901) (bce9d72)
• 12.0.0 - 2025-09-05
  

  12.0.0 (2025-09-05)

  ⚠ BREAKING CHANGES

  • update to typescript@5.2 (#887)
  • remove CommonJS support (#886)
  • drop node@16 support (#883)

  Features

  • add node@24 to ci matrix (#879) (42b6178)
  • drop node@16 support (#883) (0f38cf1)
  • remove CommonJS support (#886) (ae786e2)
  • update to typescript@5.2 (#887) (c7ee405)

  Bug Fixes

  • improve v4() performance (#894) (5fd974c)
  • restore node: prefix (#889) (e1f42a3)
• 11.1.0 - 2025-02-19
  

  11.1.0 (2025-02-19)

  Features

  • update TS types to allowUint8Array subtypes for buffer option (#865) (a5231e7)
• 11.0.5 - 2025-01-09
  

  11.0.5 (2025-01-09)

  Bug Fixes

  • add TS unit test, pin to typescript@5.0.4 (#860) (24ac2fd)
• 11.0.4 - 2025-01-05
  

  11.0.4 (2025-01-05)

  Bug Fixes

  • docs: insure -> ensure (#843) (d2a61e1)
  • exclude tests from published package (#840) (f992ff4)
  • Test for invalid byte array sizes and ranges in v1(), v4(), and v7() (#845) (e0ee900)
• 11.0.3 - 2024-11-10
  

  11.0.3 (2024-11-04)

  Bug Fixes

  • apply stricter typing to the v* signatures (#831) (c2d3fed)
  • export internal uuid types (#833) (341edf4)
  • remove sourcemaps (#827) (b93ea10)
  • revert "simplify type for v3 and v5" (#835) (e2dee69)
• 11.0.2 - 2024-10-28
  

  11.0.2 (2024-10-28)

  Bug Fixes

  • remove wrapper.mjs (2a18871)
  • remove wrapper.mjs (#822) (6683ad3)
• 11.0.1 - 2024-10-27
  

  11.0.1 (2024-10-27)

  Bug Fixes

  • restore package.json#browser field (#817) (ae8f386)
• 11.0.0 - 2024-10-27
  

  11.0.0 (2024-10-27)

  Note

  Notes for v11 and prior releases can be found in CHANGELOG.md

• 11.0.0-0 - 2024-09-05
  

  chore(release): 11.0.0-0

• 10.0.0 - 2024-06-09
• 9.0.1 - 2023-09-12

from uuid GitHub release notes

---

Important

• Warning: This PR contains a major version upgrade, and may be a breaking change.
• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

High-level PR Summary

This PR upgrades the uuid dependency from version 9.0.1 to 13.0.0, a major version upgrade spanning 11 versions. This update includes breaking changes such as removal of CommonJS support, dropping Node 16 support, browser exports becoming the default, and upgrading to TypeScript 5.2. The change also brings performance improvements to v4() and better TypeScript typing support.

⏱️ Estimated Review Time: 5-15 minutes

💡 Review Order Suggestion

Order	File Path
1	package.json

---

Summary by cubic

Upgraded uuid from 9.0.1 to 13.0.0. This major bump removes CommonJS support, drops Node 16, and changes browser export defaults.

• Dependencies

  • uuid: ^9.0.1 -> ^13.0.0

• Migration

  • Use Node 18+ (Node 16 is no longer supported).
  • Switch to ESM imports (e.g., import { v4 } from 'uuid'; CommonJS require is not supported).
  • If using TypeScript, ensure version 5.2+ and update types as needed.
  • Verify bundler/SSR config resolves the correct Node/browser export and run a quick smoke test of uuid calls.

^{Written for commit 2564172. Summary will update on new commits.}

[codeant-ai]

Skipping PR review because a bot author is detected.

If you want to trigger CodeAnt AI, comment @codeant-ai review to trigger a manual review.

[orange-pro-ai]

AI Analysis Initiated 🤖

Thank you for your contribution! I will now analyze the following 1 file(s) for code quality:

• package.json

Details will be posted in the 'Checks' tab shortly.

[safedep]

SafeDep Report Summary

Package Details

Package	Malware	Vulnerability	Risky License	Report
uuid @ 13.0.0 package.json				🔗

Installation is not linked with SafeDep Tenant. Click here to optionally link your GitHub App installation with SafeDep Tenant.

_{This report is generated by SafeDep Github App}

[bdiff]

Please see the diff results of BDiff here.

[snyk-io]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	uuid@​9.0.1 ⏵ 13.0.0

View full report

[kilo-code-bot]

Code Review Summary

Status: No Issues Found | Recommendation: Merge

Files Reviewed (1 files)

• package.json

[cubic-dev-ai]

No issues found across 1 file

[llamapreview]

Auto Pull Request Review from LlamaPReview

Review Status: Automated Review Skipped

Dear contributor,

Thank you for your Pull Request. LlamaPReview has analyzed your changes and determined that this PR does not require an automated code review.

Analysis Result:

PR contains only a dependency version upgrade (uuid from 9.0.1 to 13.0.0) with no substantive code changes, aligning with the criteria for skipping a review.

We're continuously improving our PR analysis capabilities. Have thoughts on when and how LlamaPReview should perform automated reviews? Share your insights in our GitHub Discussions.

Best regards,
LlamaPReview Team

[recurseml]

Review by RecurseML

🔍 Review performed on 6c2e85f..2564172

✨ No bugs found, your code is sparkling clean

✅ Files analyzed, no issues (1)

• package.json

[sentry]

Bug: The project's CommonJS configuration is incompatible with the upgraded ESM-only uuid package, which will cause a runtime crash on startup.
_{Severity: CRITICAL}

Suggested Fix

Downgrade the uuid package to a version that supports CommonJS, such as uuid@9.0.1. Alternatively, update the project to support ESM by setting "type": "module" in package.json and updating the TypeScript configuration to use a modern module setting like "module": "NodeNext".

Prompt for AI Agent

Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.

Location: package.json#L31

Potential issue: The `uuid` package has been upgraded to v13.0.0, which is an ESM-only
module. The project's TypeScript configuration (`tsconfig.main.json`) is set to compile
to CommonJS. At runtime, the transpiled `require('uuid')` call in the Electron main
process will fail because Node.js cannot use `require()` to import an ESM-only package.
Since this module is loaded at the application's entry point (`main.ts`), this will
cause the application to crash immediately on startup with an `ERR_REQUIRE_ESM` error.

_{Did we get this right? 👍 / 👎 to inform future reviews.}