refactor: Upgrade uuid from 10.0.0 to 11.1.0

[parseplatformorg]

Snyk has created this PR to upgrade uuid from 10.0.0 to 11.1.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

• The recommended version is 8 versions ahead of your current version.

• The recommended version was released 2 months ago.

Release notes

Package name: uuid

• 11.1.0 - 2025-02-19
  

  11.1.0 (2025-02-19)

  Features

  • update TS types to allowUint8Array subtypes for buffer option (#865) (a5231e7)
• 11.0.5 - 2025-01-09
  

  11.0.5 (2025-01-09)

  Bug Fixes

  • add TS unit test, pin to [email protected] (#860) (24ac2fd)
• 11.0.4 - 2025-01-05
  

  11.0.4 (2025-01-05)

  Bug Fixes

  • docs: insure -> ensure (#843) (d2a61e1)
  • exclude tests from published package (#840) (f992ff4)
  • Test for invalid byte array sizes and ranges in v1(), v4(), and v7() (#845) (e0ee900)
• 11.0.3 - 2024-11-10
  

  11.0.3 (2024-11-04)

  Bug Fixes

  • apply stricter typing to the v* signatures (#831) (c2d3fed)
  • export internal uuid types (#833) (341edf4)
  • remove sourcemaps (#827) (b93ea10)
  • revert "simplify type for v3 and v5" (#835) (e2dee69)
• 11.0.2 - 2024-10-28
  

  11.0.2 (2024-10-28)

  Bug Fixes

  • remove wrapper.mjs (2a18871)
  • remove wrapper.mjs (#822) (6683ad3)
• 11.0.1 - 2024-10-27
  

  11.0.1 (2024-10-27)

  Bug Fixes

  • restore package.json#browser field (#817) (ae8f386)
• 11.0.0 - 2024-10-27
  

  11.0.0 (2024-10-27)

  ⚠ BREAKING CHANGES

  • refactor v1 internal state and options logic (#780)
  • refactor v7 internal state and options logic, fixes #764 (#779)
  • Port to TypeScript, closes #762 (#763)
  • update node support matrix (only support node 16-20) (#750)
  • This library always aims at supporting one EOLed LTS release which by this time now is 12.x which has reached EOL 30 Apr 2022.
  • Remove the minified UMD build from the package.
  • Drop support for browsers that don't correctly implement const/let and default arguments, and no longer transpile the browser build to ES2015.
  • Although in practice this is currently a noop since the resulting build does not change, the build will no longer transpiles future changes for Node.js 8.x targets, so semantically this is still a breaking change.
  • Deep requiring specific algorithms of this library like require('uuid/v4'), which has been deprecated in uuid@7, is no longer supported.
  • The default export, which used to be the v4() method but which was already discouraged in v3.x of this library, has been removed.
  • Explicitly note that deep imports of the different uuid version functions are deprecated and no longer encouraged and that ECMAScript module named imports should be used instead. Emit a deprecation warning for people who deep-require the different algorithm variants.
  • Remove builtin support for insecure random number generators in the browser. Users who want that will have to supply their own random number generator function.
  • Remove support for generating v3 and v5 UUIDs in Node.js<4.x
  • Convert code base to ECMAScript Modules (ESM) and release CommonJS build for node and ESM build for browser bundlers.

  Features

  • add parse/stringify/validate/version/NIL APIs (#479) (0e6c10b)
  • add support for MAX uuid (new in RFC9562) (#714) (0385cd3)
  • add UMD build to npm package (#357) (4e75adf)
  • add various es module and CommonJS examples (b238510)
  • enforce Conventional Commit style commit messages (#282) (0705cd5)
  • ensure that docs are up-to-date in CI (ee5e77d)
  • hybrid CommonJS & ECMAScript modules build (a3f078f)
  • improve performance of v1 string representation (#453) (0ee0b67)
  • improve v4 performance by reusing random number array (#435) (bf4af0d)
  • optimize uuid.v1 by 1.3x uuid.v4 by 4.3x (430%) (#597) (3a033f6)
  • optimize V8 performance of bytesToUuid (#434) (e156415)
  • Port to TypeScript, closes #762 (#763) (1e0f987)
  • remove deep requires (#426) (daf72b8)
  • remove deprecated v4 string parameter (#454) (88ce3ca)
  • remove insecure fallback random number generator (3a5842b)
  • remove support for pre Node.js v4 Buffer API (#356) (b59b5c5)
  • remove UMD build (#645) (e948a0f), closes #620
  • rename repository to github:uuidjs/uuid (#351) (c37a518), closes #338
  • rename repository to github:uuidjs/uuid (#351) (e2d7314), closes #338
  • support v6 uuids (#754) (c4ed13e)
  • update node support matrix (only support node 16-20) (#750) (883b163)
  • use native crypto.randomUUID when available (#600) (c9e076c)
  • v8 support (#759) (35a5342)

  Bug Fixes

  • 248 (#251) (67d697c)
  • 30, _rb not defined for lesser node.js versions (8a6c03f)
  • add CommonJS syntax example to README quickstart section (#417) (e0ec840)
  • add deep-require proxies for local testing and adjust tests (#365) (7fedc79)
  • add Jest/jsdom compatibility (#642) (16f9c46)
  • add missing exports and tests for new APIs (#495) (681e1da)
  • assignment to readonly property to allow running in strict mode (#270) (d062fdc)
  • change default export to named function (#545) (c57bc5a)
  • clean up esm builds for node and browser (#383) (59e6a49)
  • export package.json required by react-native and bundlers (#449) (be1c8fe), closes #444
  • fix #229 (d9033cf)
  • fix #284 by setting function name in try-catch (f2a60f2)
  • Get correct version of IE11 crypto (#274) (205e0ed)
  • handle error when parameter is not set in v3 and v5 (#622) (fcd7388)
  • lazy load getRandomValues (#537) (16c8f6d), closes #536
  • make access to msCrypto consistent (#393) (8bf2a20)
  • make deep require deprecation warning work in browsers (#409) (4b71107)
  • mem issue when generating uuid (#267) (c47702c)
  • missing v7 expectations in browser spec (#751) (f54a866)
  • prepare package exports for webpack 5 (#468) (8d6e6a5)
  • provide browser versions independent from module system (#380) (4344a22)
  • refactor v1 internal state and options logic (#780) (031b3d3)
  • refactor v7 internal state and options logic, fixes #764 (#779) (9dbd1cd)
  • remove v4 options default assignment preventing native.randomUUID from being used (#786) (afe6232)
  • revert "perf: remove superfluous call to toLowerCase (#677)" (#738) (e267b90)
  • run npm audit fix (#644) (04686f5)
  • seq_hi shift for byte 6 (#775) (1d532ca)
  • simplify link in deprecation warning (#391) (bb2c8e4)
  • support expo>=39.0.0 (#515) (c65a0f3), closes #375
  • tsconfig module type (#778) (7eff835)
  • typo (305d877)
  • update links to match content in readme (#386) (44f2f86)
  • upgrading from uuid3 broken link (#568) (1c849da)
  • use msCrypto if available. Fixes #241 (#247) (1fef18b)

  Performance Improvements

  • nodejs: introduce pool into default rng (#513) (7f1af04)
  • remove superfluous call to toLowerCase (#677) (e53793f)

  Documentation

  • add note about removal of default export (#372) (12749b7), closes #370
  • deprecated deep requiring of the different algorithm versions (#361) (c0bdf15)

  Miscellaneous Chores

  • drop node 10.x to upgrade dev dependencies (#653) (28a5712)
  • release 11.0.0 (#805) (b003cde)

  Build System

  • drop Node.js 8.x from babel transpile target (#603) (aa11485)
  • drop support for legacy browsers (IE11, Safari 10) (#604) (0f433e5)
• 11.0.0-0 - 2024-09-05
  

  chore(release): 11.0.0-0

• 10.0.0 - 2024-06-09
  

  chore: typo in CHANGELOG

from uuid GitHub release notes

---

Important

• Warning: This PR contains a major version upgrade, and may be a breaking change.
• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[parse-github-assistant]

I will reformat the title to use the proper commit message syntax.

[parse-github-assistant]

🚀 Thanks for opening this pull request!

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 100.00%. Comparing base (dcaccc2) to head (bf71efc).
Report is 22 commits behind head on alpha.

Additional details and impacted files

@@            Coverage Diff            @@
##             alpha     #2568   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files           64        64           
  Lines         6238      6238           
  Branches      1466      1450   -16     
=========================================
  Hits          6238      6238           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[mtrezza]

@coderabbitai what changes are necessary for this dependency upgrade? Can you make the change recommendations in review comments?

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Get basic information about the PR
gh pr view 2568 --json title,body,files

# Get the list of commits for the PR to understand what changes were made
gh pr view 2568 --json commits

Length of output: 36502

---

🏁 Script executed:

#!/bin/bash
# Search for usages of uuid in the codebase
rg -l 'uuid' --type js --type ts

# Look for specific import patterns for uuid to understand migration needs
rg -A 3 'require\(.*uuid' --type js --type ts
rg -A 3 'import.*uuid' --type js --type ts

Length of output: 1907

---

🏁 Script executed:

#!/bin/bash
# Examine the uuid.ts file to understand current usage
cat src/uuid.ts

# Check for uuid type definitions
cat types/uuid.d.ts

# Let's check package.json to confirm the dependency and other relevant packages
cat package.json | grep -A 3 -B 3 uuid

Length of output: 915

---

@mtrezza Good news! After reviewing the codebase's usage of the UUID library, I found that minimal changes are needed for this upgrade from v10.0.0 to v11.1.0.

The codebase already follows best practices that align with UUID v11:

1. You're using named imports in your wrapper (import { v4 } from 'uuid') which is the recommended pattern
2. The main functionality you use (v4) remains unchanged in this version
3. Your custom implementation for WeApp builds is independent of the library's internals

The major breaking changes in UUID v11 include:

• Port to TypeScript (which may provide better type safety)
• Removal of deep requires (not used in your codebase)
• Removal of default export (you're already using named imports)
• Internal refactoring of v1 and v7 UUIDs (you only use v4)

I recommend:

1. Keep your existing wrapper as is - no changes needed
2. Run your test suite to confirm everything works as expected
3. Verify the integration test that imports directly from uuid (const { v4: uuidv4 } = require('uuid')) still passes

This upgrade should be very straightforward with no code changes required.

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

🧩 Analysis chain

I'll need to analyze this dependency upgrade to provide proper recommendations. Let me gather information about what's being changed in the PR first.

---

🏁 Script executed:

#!/bin/bash
# Get PR details and changed files
gh pr view 2568 --json title,body,files,commits

# Get the git diff to see exactly what changes are being made
git diff origin/alpha...HEAD

Length of output: 36548

---

Let me check the codebase to see how uuid is being used and what changes might be needed for this upgrade.

---

🏁 Script executed:

#!/bin/bash
# Check package.json for uuid dependency
cat package.json | grep uuid

# Find all usages of uuid in the codebase
rg "uuid" --type js --type ts

# Check specifically for import/require patterns
rg "require.*uuid|import.*uuid" --type js --type ts

Length of output: 3329

---

Let me examine the current uuid wrapper module to better understand the implementation.

---

🏁 Script executed:

#!/bin/bash
# Get the content of the uuid wrapper module
cat src/uuid.ts

Length of output: 616

---

Now I'll check if there are any type declarations for UUID in the project:

---

🏁 Script executed:

#!/bin/bash
# View the type declarations for uuid
cat types/uuid.d.ts

Length of output: 74

---

@mtrezza Based on my analysis of the codebase and the uuid v10.0.0 to v11.1.0 upgrade, the changes required are minimal since Parse SDK uses uuid through a wrapper module that isolates most of the codebase from direct dependency on uuid's specific API.

Here are my recommendations:

1. No code changes are necessary because:

   • Your wrapper in src/uuid.ts already uses the named import import { v4 } from 'uuid' which is compatible with uuid v11
   • The functionality of v4 hasn't changed in a breaking way that would affect your usage

2. Areas to test after the upgrade:

   • Verify that the WeApp platform code path still works correctly
   • Ensure integration tests that directly import uuid still pass
   • Check that UUID generation still functions as expected in all environments

3. One thing to be aware of: uuid v11 dropped support for Node.js versions earlier than 16. If Parse SDK needs to support older Node.js versions, this could be an issue.

The PR looks good to merge as-is. The changes in uuid v11 are mostly related to its internal implementation, TypeScript conversion, and APIs you're not currently using.

[parseplatformorg]

⚠️ Snyk checks are incomplete.

⚠️ security/snyk check encountered an error. (View Details)