This is an automated email from the ASF dual-hosted git repository. rusackas pushed a commit to branch chore/bump-uuid-docs in repository https://gitbox.apache.org/repos/asf/superset.git
commit 2c3f51550b20c3557ecbe7717f14d2f2f117eb96 Author: Claude Code <[email protected]> AuthorDate: Fri May 29 22:09:57 2026 -0700 chore(deps): force uuid 11.1.1 in docs Picks up an upstream fix flagged by Dependabot for uuid. The vulnerable 8.3.2 was pulled in transitively by postman-collection (exact `8.3.2`, via the OpenAPI docs generation) and sockjs (`^8.3.2`, webpack-dev-server's websocket fallback). The fix only lands in 11.x, so a yarn `resolutions` override forces every uuid request to 11.1.1. uuid v9 removed the default export, but both consumers use the named `.v4()` API, which is unchanged across the 8.x -> 11.x range. mermaid (`^11.1.0 || ...`) is unaffected (11.1.1 satisfies its range). Validated with a full `yarn build` of the docs site (exercises the postman-collection / OpenAPI-docs path) and `yarn install --immutable`. Note: sockjs is only used by `docusaurus start` (dev server), not the production build, so its uuid path is covered by changelog review rather than the build. Co-Authored-By: Claude Opus 4.8 <[email protected]> --- docs/package.json | 3 ++- docs/yarn.lock | 13 ++++--------- 2 files changed, 6 insertions(+), 10 deletions(-) diff --git a/docs/package.json b/docs/package.json index d1348d7c558..7757dc4dc9b 100644 --- a/docs/package.json +++ b/docs/package.json @@ -131,7 +131,8 @@ "swagger-client": "3.37.3", "lodash": "4.18.1", "lodash-es": "4.18.1", - "yaml": "1.10.3" + "yaml": "1.10.3", + "uuid": "11.1.1" }, "packageManager": "[email protected]+sha1.ac34549e6aa8e7ead463a7407e1c7390f61a6610" } diff --git a/docs/yarn.lock b/docs/yarn.lock index 229f70fcea1..577358684d1 100644 --- a/docs/yarn.lock +++ b/docs/yarn.lock @@ -14721,15 +14721,10 @@ [email protected]: resolved "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz"; integrity sha512-pMZTvIkT1d+TFGvDOqodOclx0QWkkgi6Tdoa8gC8ffGAAqz9pzPTZWAybbsHHoED/ztMtkv/VoYTYyShUn81hA== [email protected], uuid@^8.3.2: - version "8.3.2" - resolved "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz"; - integrity sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg== - -"uuid@^11.1.0 || ^12 || ^13 || ^14.0.0": - version "14.0.0" - resolved "https://registry.yarnpkg.com/uuid/-/uuid-14.0.0.tgz#0af883220163d264ffe0c084f6b8a89b9666966d"; - integrity sha512-Qo+uWgilfSmAhXCMav1uYFynlQO7fMFiMVZsQqZRMIXp0O7rR7qjkj+cPvBHLgBqi960QCoo/PH2/6ZtVqKvrg== [email protected], [email protected], "uuid@^11.1.0 || ^12 || ^13 || ^14.0.0", uuid@^8.3.2: + version "11.1.1" + resolved "https://registry.yarnpkg.com/uuid/-/uuid-11.1.1.tgz#f6d81d2e1c65d00762e5e29b16c5d2d995e208ad"; + integrity sha512-vIYxrBCC/N/K+Js3qSN88go7kIfNPssr/hHCesKCQNAjmgvYS2oqr69kIufEG+O4+PfezOH4EbIeHCfFov8ZgQ== uvu@^0.5.0: version "0.5.6"
