Skip to content

Fix security vulnerability: bump uuid from 9.0.0 to 14.0.0#2615

Open
ConnorQi01 wants to merge 1 commit intomasterfrom
dev/v-peq/security-fix-2026-04-24
Open

Fix security vulnerability: bump uuid from 9.0.0 to 14.0.0#2615
ConnorQi01 wants to merge 1 commit intomasterfrom
dev/v-peq/security-fix-2026-04-24

Conversation

@ConnorQi01
Copy link
Copy Markdown
Collaborator

@ConnorQi01 ConnorQi01 commented Apr 24, 2026
edited
Loading

Summary

Upgrade uuid from 9.0.0 to ^14.0.0 to address CVE-2026-4800 (moderate severity).

Both usages in the codebase already use the modern import { v4 } from 'uuid' syntax, so no code changes are required.

Files changed

  • package.json
  • package-lock.json

Test plan

  • Run gulp build — no errors
  • Run npm test — no regressions

Closes #2606

@ConnorQi01
Copy link
Copy Markdown
Collaborator Author

ConnorQi01 commented Apr 24, 2026

/azp run

@azure-pipelines
Copy link
Copy Markdown

azure-pipelines Bot commented Apr 24, 2026

Azure Pipelines will not run the associated pipelines, because the pull request was updated after the run command was issued. Review the pull request again and issue a new run command.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Fix security vulnerability: bump uuid from 9.0.0 to 14.0.0

1 participant

@ConnorQi01