[Snyk] Fix for 2 vulnerabilities

[kburger]

Snyk has created this PR to fix 2 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• package.json
• package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Improperly Controlled Modification of Dynamically-Determined Object Attributes SNYK-JS-AXIOS-16299921	243
	Improper Validation of Specified Index, Position, or Offset in Input SNYK-JS-UUID-16133035	82

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Improperly Controlled Modification of Dynamically-Determined Object Attributes

[kburger]

This update includes a significant major version increase for uuid which introduces multiple breaking changes. The axios upgrade is a minor patch with no breaking changes.

uuid@8.3.2 → uuid@14.0.0

Risk: HIGH

This is a major upgrade that spans multiple breaking versions (v9 through v14). Action is required to address these changes.

Key Breaking Changes:

• ESM Only (v12.0.0): The package now only supports ES Modules (ESM). CommonJS require() calls are no longer supported and must be migrated to import syntax.
  • Before: const { v4: uuidv4 } = require('uuid');
  • After: import { v4 as uuidv4 } from 'uuid';
• Named Imports (v9.0.0): The default export was removed. You must now use named imports for all functions.
• Node.js Version Support: Support for older Node.js versions has been progressively dropped. Version 14.0.0 requires Node.js 20+ because it expects the crypto module to be globally available.
• Browser Support: Support for Internet Explorer 11 and Safari 10 was dropped in v9.0.0.

Recommendation:

Due to the move to an ESM-only package and the significant changes to imports, this upgrade requires careful code refactoring. Ensure your project is configured to handle ES Modules and update all uuid imports to use the named import syntax. Verify that your Node.js version is compatible.

Sources: GitHub Releases, Changelog

axios@1.15.0 → axios@1.15.2

Risk: LOW

This is a patch release containing security fixes and bug resolutions. It addresses potential prototype pollution, a Server-Side Request Forgery (SSRF) vulnerability, and a memory leak. No breaking changes are documented.

Source: GitHub Releases

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.