[build] Fix vulnerability in uuid < 14.0.0

vrubezhny · vrubezhny · commit fbb46db78cd0 · 2026-04-29T17:15:00.000+02:00
``` npm audit report uuid <14.0.0 Severity: moderate uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided - GHSA-w5hq-g745-h8pq fix available via `npm audit fix --force` Will install @redhat-developer/vscode-redhat-telemetry@0.0.3, which is a breaking change node_modules/@redhat-developer/vscode-redhat-telemetry/node_modules/uuid node_modules/uuid @azure/msal-node <=5.1.4 Depends on vulnerable versions of uuid node_modules/@azure/msal-node @redhat-developer/vscode-redhat-telemetry >=0.0.5 Depends on vulnerable versions of uuid node_modules/@redhat-developer/vscode-redhat-telemetry ``` Fixes: https://github.com/redhat-developer/vscode-openshift-tools/security/dependabot/155 Signed-off-by: Victor Rubezhny <vrubezhny@redhat.com>
diff --git a/build/esbuild.settings.cjs b/build/esbuild.settings.cjs
@@ -23,6 +23,7 @@ const webviews = [
 const esmImportTargets = {
   'clipboardy': { entry: 'node_modules/clipboardy/index.js', outfile: 'out/esm/clipboardy.cjs' },
   'got': { entry: 'node_modules/got/dist/source/index.js', outfile: 'out/esm/got.cjs' },
+  'uuid': { entry: 'node_modules/uuid/dist/index.js', outfile: 'out/esm/uuid.cjs' },
   '@kubernetes/client-node': { entry: 'node_modules/@kubernetes/client-node/dist/index.js', outfile: 'out/esm/k8s-client-node.cjs' },
   '@apidevtools/json-schema-ref-parser': { entry: 'node_modules/@apidevtools/json-schema-ref-parser/dist/lib/index.js', outfile: 'out/esm/apidevtools-json-schema-ref-parser.cjs' }
 };
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -200,7 +200,8 @@
 		"tough-cookie": "^6.0.1",
 		"tar-fs": "^3.1.2",
 		"diff": "^8.0.3",
-		"serialize-javascript": "^7.0.5"
+		"serialize-javascript": "^7.0.5",
+		"uuid": "^14.0.0"
 	},
 	"activationEvents": [
 		"onView:openshiftProjectExplorer",
diff --git a/tsconfig.json b/tsconfig.json
@@ -5,6 +5,7 @@
     "paths": {
       "clipboardy": [ "out/esm/clipboardy.cjs" ],
       "got": [ "out/esm/got.cjs" ],
+      "uuid": [ "out/esm/uuid.cjs"],
       "@kubernetes/client-node": [ "out/esm/k8s-client-node.cjs" ],
       "@apidevtools/json-schema-ref-parser": [ "out/esm/apidevtools-json-schema-ref-parser.cjs" ]
     },
