Skip to content

chore(deps): bump uuid to v10 across affected packages#2815

Open
cabljac wants to merge 2 commits into
nextfrom
chore/uuid-bump-v10
Open

chore(deps): bump uuid to v10 across affected packages#2815
cabljac wants to merge 2 commits into
nextfrom
chore/uuid-bump-v10

Conversation

@cabljac
Copy link
Copy Markdown
Contributor

@cabljac cabljac commented May 8, 2026
edited
Loading

Summary

Supersedes five stale dependabot PRs that all attempted to bump uuid to v14:

uuid v14 (and v12+) is ESM-only and drops CJS exports. Every consumer in this repo compiles to CJS (tsconfig.module: "commonjs", no "type": "module" in any package.json), so the dependabot bumps would have broken every callsite without a tsconfig + import-style refactor.

uuid v11 is the only currently-supported CJS-capable line. v10 is deprecated upstream ("uuid@10 and below is no longer supported"); v12+ dropped CJS again. v11.1.0+ ships dual CJS+ESM exports via the exports field.

Changes

  • firestore-counter/functions: uuid ^3.3.2 -> ^11.1.0
  • firestore-counter/clients/node: uuid ^8.3.2 -> ^11.1.0
  • firestore-counter/clients/web: uuid ^3.3.2 -> ^11.1.0, dropped now-redundant @types/uuid (uuid ships its own types from v9+)
  • storage-resize-images/functions:
    • uuid ^11.0.5 -> ^11.1.0 (minor)
    • dropped the duplicate uuidv4 legacy package
    • migrated src/resize-image.ts to import { v4 as uuidv4 } from "uuid", matching util.ts and file-operations.ts already in the same package

No tsconfig changes, no module-system changes, no webpack changes.

Test plan

  • npm run build clean in firestore-counter/functions
  • npm run build (webpack) clean in firestore-counter/clients/web (uuid resolved from uuid/dist/cjs-browser)
  • npm run build clean in storage-resize-images/functions
  • npm test in storage-resize-images/functions: 49 unit tests pass; 4 e2e failures are pre-existing emulator-connect issues (ECONNREFUSED 127.0.0.1:9199) unrelated to this change
  • Lockfiles regenerated and resolve to uuid 11.1.1 in all four packages
  • CI to confirm

@cabljac
chore(deps): bump uuid to v10 across affected packages
67b3c48 
Supersedes the five dependabot PRs targeting uuid v14
(#2807, #2806, #2805, #2789, #2788). uuid v14 (and v11+) is
ESM-only and would have required an ESM migration of every
consumer; v10 is the highest version that still ships dual
CJS+ESM exports, satisfying the security driver without
forcing a module-system change.

- firestore-counter/functions: ^3.3.2 -> ^10.0.0
- firestore-counter/clients/node: ^8.3.2 -> ^10.0.0
- firestore-counter/clients/web: ^3.3.2 -> ^10.0.0 (also @types/uuid)
- storage-resize-images/functions: ^11.0.5 -> ^10.0.0,
  drop the duplicate `uuidv4` legacy package and migrate
  resize-image.ts to import { v4 as uuidv4 } from "uuid"
  to match util.ts and file-operations.ts.
@cabljac cabljac requested a review from a team as a code owner May 8, 2026 11:19
gemini-code-assist[bot]
gemini-code-assist Bot reviewed May 8, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request updates the uuid dependency to version 10 across multiple packages and migrates the image resizing function from uuidv4 to the standard uuid library. Feedback from the reviewer highlights that uuid version 10 is deprecated and suggests upgrading to version 11.1.0 or higher, which maintains CommonJS compatibility while ensuring long-term support. It was also recommended to remove the now-redundant @types/uuid package.

Comment thread firestore-counter/clients/node/package.json Outdated
Comment thread firestore-counter/clients/web/package.json Outdated
Comment on lines +9 to +10
"@types/uuid": "^10.0.0",
"uuid": "^10.0.0"
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist Bot May 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

high

Since uuid version 9 and above includes built-in TypeScript definitions, the @types/uuid package is redundant and can be removed. Additionally, as uuid version 11.1.0+ supports CommonJS and version 10 is now marked as unsupported, it is recommended to upgrade directly to ^11.1.0.

    "uuid": "^11.1.0"

Comment thread firestore-counter/functions/package.json Outdated
Comment thread storage-resize-images/functions/package.json Outdated
This was referenced May 8, 2026
Closed
Closed
Closed
Closed
Closed
@cabljac
chore(deps): retarget uuid bump to v11.1.0
b7e3890 
Per review on #2815: uuid v10 was deprecated upstream
("uuid@10 and below is no longer supported"). v11.1.0 is the
correct CJS-compatible target — it ships dual CJS+ESM exports
via the package's `exports` field. v12+ drops CJS again, so
v11 is the only currently-supported CJS-capable line.

- firestore-counter/{functions,clients/node,clients/web}: ^10.0.0 -> ^11.1.0
- storage-resize-images/functions: ^10.0.0 -> ^11.1.0
- firestore-counter/clients/web: drop now-redundant @types/uuid
  (uuid ships its own types from v9+)
@cabljac
Copy link
Copy Markdown
Contributor Author

cabljac commented May 8, 2026

Validated @gemini-code-assist's feedback against npm registry data and pushed an amendment retargeting to ^11.1.0.

Verified directly from the registry (npm view uuid@<version>):

Version CJS exports Status
10.0.0 yes deprecated: "uuid@10 and below is no longer supported"
11.0.0 - 11.1.1 yes (dual via exports field) supported, slated for 2028 deprecation
12.0.0+ no (ESM-only) supported
13.0.0+ no (ESM-only) supported
14.0.0 no (ESM-only) supported (latest)

So my original analysis was wrong on two points:

  1. v10 is deprecated, not just "older".
  2. v11.1.0+ ships CJS via exports["."]["node"]["require"]. Only v12+ dropped CJS again.

That makes v11 the only currently-supported CJS-capable line. The storage-resize-images pin to ^11.0.5 was actually correct, not broken.

Also dropped @types/uuid from firestore-counter/clients/web per the second suggestion - uuid ships its own types from v9+.

Builds clean across all four packages with v11.1.1 resolved; webpack picks up uuid/dist/cjs-browser as expected. Storage-resize-images unit tests still pass (49/49 unit; same 4 e2e emulator-connect failures pre-existing on next).

@gemini-code-assist
Copy link
Copy Markdown
Contributor

gemini-code-assist Bot commented May 8, 2026

Thank you for the thorough investigation and for validating the uuid package compatibility. Your analysis regarding the CJS support in uuid@11.1.0+ is correct, and pinning to ^11.1.0 is indeed the right approach to maintain compatibility with your current CommonJS-based build system while avoiding the deprecated v10 line. The removal of @types/uuid is also appropriate given that uuid includes its own type definitions from v9 onwards. This looks solid.

@cabljac cabljac added the dependencies Pull requests that update a dependency file label May 11, 2026
IzaakGough
IzaakGough approved these changes May 13, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@IzaakGough IzaakGough left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@IzaakGough IzaakGough IzaakGough approved these changes

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@cabljac @IzaakGough