Skip to content

Bump uuid and @finos/fdc3#1393

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/multi-65bc2a9179
Open

Bump uuid and @finos/fdc3#1393
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/multi-65bc2a9179

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor

Bumps uuid and @finos/fdc3. These dependencies needed to be updated together.
Updates uuid from 9.0.1 to 14.0.1

Release notes

Sourced from uuid's releases.

v14.0.1

14.0.1 (2026-06-20)

Bug Fixes

  • add types condition to node export for moduleResolution bundler (#961) (27ffae5)

v14.0.0

14.0.0 (2026-04-19)

⚠ BREAKING CHANGES

  • expect crypto to be global everywhere (requires node@20+) (#935)
  • drop node@18 support (#934)

Features

Bug Fixes

  • expect crypto to be global everywhere (requires node@20+) (#935) (f2c235f)
  • Use GITHUB_TOKEN for release-please and enable npm provenance (#925) (ffa3138)

v13.0.2

13.0.2 (2026-05-04)

Bug Fixes

  • rerelease to fix provenance. (49ccb35)

v13.0.1

13.0.1 (2026-04-27)

Bug Fixes

v13.0.0

13.0.0 (2025-09-08)

⚠ BREAKING CHANGES

  • make browser exports the default (#901)

... (truncated)

Changelog

Sourced from uuid's changelog.

14.0.1 (2026-06-20)

Bug Fixes

  • add types condition to node export for moduleResolution bundler (#961) (27ffae5)

14.0.0 (2026-04-19)

Security

  • Fixes GHSA-w5hq-g745-h8pq: v3(), v5(), and v6() did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid offset was provided. A RangeError is now thrown if offset < 0 or offset + 16 > buf.length.

⚠ BREAKING CHANGES

  • crypto is now expected to be globally defined (requires node@20+) (#935)
  • drop node@18 support (#934)
  • upgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years

13.0.0 (2025-09-08)

⚠ BREAKING CHANGES

  • make browser exports the default (#901)

Bug Fixes

12.0.0 (2025-09-05)

⚠ BREAKING CHANGES

  • update to typescript@5.2 (#887)
  • remove CommonJS support (#886)
  • drop node@16 support (#883)

Features

Bug Fixes

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for uuid since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.


Updates @finos/fdc3 from 2.2.0 to 2.2.3

Release notes

Sourced from @​finos/fdc3's releases.

npm v2.2.3 - 2026-05-14

Maintenance release for the JavaScript implementation of FDC3 2.2 that resolve an issue with the ChannelChangedEvent in fdc3-agent-proxy and includes recent dependnecy updates to resolve a number of CVEs in dependencies.

See CHANGELOG for details:

Fixed

  • Fixed addEventListener callback receiving the raw channelChangedEvent wire message instead of a properly structured FDC3ChannelChangedEvent when a user leaves a channel or when the currentChannelId field is used in place of the deprecated newChannelId field. (#1870)

Full Changelog: finos/FDC3@v2.2.2...v2.2.3

npm v2.2.2 - 2026-04-20

Maintenance release for the JavaScript implementation of FDC3 2.2 that includes a significant number of fixes to the FDC3 packages, FDC3-for-web reference implementation, FDC3 Conformance framework and FDC3 Workbench application. See CHANGELOG for details:

Added

  • Added a notes field to Trade type (#1563)
  • Added a notes field to Order and Product types (#1597)
  • Added dynamic intent listener support to the reference Desktop Agent implementation (#1613)
  • Ported FDC3 Conformance Project as-is into the FDC3 Monorepo, just including minimal fixes for typescript compilation. (#1576)
  • Added Conformance tests for FDC3 2.2 (#1586)
  • Added custom mocha test runner for conformance tests to better display test progress. (#1769)

Changed

  • Converted the standalone app-directory specification test from src/app-directory/specification/test/ into a test that runs as part of CI. (#1720)
  • Fix for channel change listeners not sending addEventListenerRequests (#1606)
  • When adding a listener on the current channel, the payload.channelId should be null (#1611)
  • Increased FDC3 Conformance Test WindowCloseWaitTime to 2000 (from 1000). (#1586)
  • Enhanced method binding for FDC3 API objects to support destructuring. All public methods of Channel, PrivateChannel, and IntentResolution objects are now properly bound to their instances using .bind(this) in their constructors. (#1645)
  • Changed fdc3-web-impl to not deliver broadcast messages back to the sending application, as recommended (SHOULD) in the Standard. #1749
  • Removed version number prefix from conformance test names and implementation to simplify future maintenance. (#1726)
  • Updated workbench from MUI 4 to MUI 5 (#1714)
  • Modernized and standardised eslint configuration in all packages. (#1823)
  • Reduced log messages in fdc3-web-impl to the debug level and removed logging of all messages recevied in the BroadcastHandler. (#1851)

Fixed

  • Added support for passing originatingApp metadata to context listeners in fdc3-agent-proxy and fdc3-web-impl, matching the ContextMetadata spec for addContextListener callbacks. (#1819)
  • Corrected /toolbox/fdc3-for-web/demo to only use MessagePort communication when 'Parent Post-Message' selected in the demo. (#1695)
  • Corrected the property set in WCP1Hello by getAgent that indicates whether an intent resolver is needed. (#1684)
  • Added unit tests to the fdc3-context package for validating context examples are valid schema.
  • Reverted schema of fdc3.timeRange context type back to use anyOf in place of oneOf for the startTime and endTime property combinations. This will allow existence of one of either, or both, and pass schema validation. When defined with oneOf, validation would fail due to multiple entries being valid and it could not identify which to apply. (#1592)
  • Reverted schema of fdc3.interaction context type back to use anyOf in place of oneOf for the interactionType property. Since it could be a string enum or a string, validation could not differentiate. (#1598)
  • Fixed fdc3.timeRange context example to use correctly formatted dateTime. (#1599)
  • Removed broken sourcemaps from npm package output (#1589)
  • Fixed the fdc3-commonjs build to include d.ts files and corrects the config for easier consumption in different environments. (#1694)
  • Updated .NET API documentation for IListener.Unsubscribe to be async for 2.2 and current. (#1690)

... (truncated)

Changelog

Sourced from @​finos/fdc3's changelog.

[npm v2.2.3] - 2026-04-15

Fixed

  • Fixed addEventListener callback receiving the raw channelChangedEvent wire message instead of a properly structured FDC3ChannelChangedEvent when a user leaves a channel or when the currentChannelId field is used in place of the deprecated newChannelId field. (#1870)

[npm v2.2.2] - 2026-04-13

Added

  • Added a notes field to Trade type (#1563)
  • Added a notes field to Order and Product types (#1597)
  • Added dynamic intent listener support to the reference Desktop Agent implementation (#1613)
  • Ported FDC3 Conformance Project as-is into the FDC3 Monorepo, just including minimal fixes for typescript compilation. (#1576)
  • Added Conformance tests for FDC3 2.2 (#1586)
  • Added custom mocha test runner for conformance tests to better display test progress. (#1769)

Changed

  • Replaced the webpack build in toolbox/fdc3-conformance with a Vite build to align with other packages. (#1830)
  • Converted the standalone app-directory specification test from src/app-directory/specification/test/ into a test that runs as part of CI. (#1720)
  • Fix for channel change listeners not sending addEventListenerRequests (#1606)
  • When adding a listener on the current channel, the payload.channelId should be null (#1611)
  • Increased FDC3 Conformance Test WindowCloseWaitTime to 2000 (from 1000). (#1586)
  • Enhanced method binding for FDC3 API objects to support destructuring. All public methods of Channel, PrivateChannel, and IntentResolution objects are now properly bound to their instances using .bind(this) in their constructors. (#1645)
  • Changed fdc3-web-impl to not deliver broadcast messages back to the sending application, as recommended (SHOULD) in the Standard. #1749
  • Removed version number prefix from conformance test names and implementation to simplify future maintenance. (#1726)
  • Updated workbench from MUI 4 to MUI 5 (#1714)
  • Modernized and standardised eslint configuration in all packages. (#1823)
  • Reduced log messages in fdc3-web-impl to the debug level and removed logging of all messages recevied in the BroadcastHandler. (#1851)

Fixed

  • Added support for passing originatingApp metadata to context listeners in fdc3-agent-proxy and fdc3-web-impl, matching the ContextMetadata spec for addContextListener callbacks. (#1819)
  • Corrected /toolbox/fdc3-for-web/demo to only use MessagePort communication when 'Parent Post-Message' selected in the demo. (#1695)
  • Corrected the property set in WCP1Hello by getAgent that indicates whether an intent resolver is needed. (#1684)
  • Added unit tests to the fdc3-context package for validating context examples are valid schema.
  • Reverted schema of fdc3.timeRange context type back to use anyOf in place of oneOf for the startTime and endTime property combinations. This will allow existence of one of either, or both, and pass schema validation. When defined with oneOf, validation would fail due to multiple entries being valid and it could not identify which to apply. (#1592)
  • Reverted schema of fdc3.interaction context type back to use anyOf in place of oneOf for the interactionType property. Since it could be a string enum or a string, validation could not differentiate. (#1598)
  • Fixed fdc3.timeRange context example to use correctly formatted dateTime. (#1599)
  • Removed broken sourcemaps from npm package output (#1589)
  • Fixed the fdc3-commonjs build to include d.ts files and corrects the config for easier consumption in different environments. (#1694)
  • Updated .NET API documentation for IListener.Unsubscribe to be async for 2.2 and current. (#1690)
  • Fix for channel change listeners not sending addEventListenerRequests (#1606)
  • Fix to ensure that Adding A Channel Change Event Listener Doesn't Send addEventListenerRequest - Conformance 2.2 (#1606)
  • Updated Conformance tests to allow agents that fully qualify app Ids (as recommended in the Standard) to pass the conformance tests (#1767)
  • Fixed import file extensions and module type to be esm module compliant (#1677)
  • Added mising context types to types and enums in. ContextTypes.ts and implemented tests to ensure they stay in sync with the fdc3-context package (#1796)
  • Allowed retrieval of User channels as App channels via getOrCreateChannel and getCurrentChannel in fdc3-web-impl. (#1835)
  • Corrected description of UCBasic3 in the fdc-conformance framework implementation. (#1823)

... (truncated)

Commits
  • 0d71e7f Changelog and version numbers for release/v2.2.3
  • d2bbf88 Bump postcss from 8.5.9 to 8.5.14
  • c8eb274 Bump fast-uri from 3.1.0 to 3.1.2
  • 296aa75 Bump @​babel/plugin-transform-modules-systemjs from 7.29.0 to 7.29.4
  • 9a6ba84 Bump uuid from 9.0.1 to 14.0.0
  • 65ae352 Bump protobufjs and @​cucumber/html-formatter
  • 03fb36c [Bugfix] channel changed event (#1870)
  • 89b1361 Update package.jsonUpdate root package.json to v2.2.2
  • 07f17d2 Updating all package versions and internal dependencies to 2.2.2
  • 9004466 Update version numbers to v2.2.2-beta.2
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [uuid](https://github.com/uuidjs/uuid) and [@finos/fdc3](https://github.com/finos/FDC3). These dependencies needed to be updated together.

Updates `uuid` from 9.0.1 to 14.0.1
- [Release notes](https://github.com/uuidjs/uuid/releases)
- [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md)
- [Commits](uuidjs/uuid@v9.0.1...v14.0.1)

Updates `@finos/fdc3` from 2.2.0 to 2.2.3
- [Release notes](https://github.com/finos/FDC3/releases)
- [Changelog](https://github.com/finos/FDC3/blob/main/CHANGELOG.md)
- [Commits](finos/FDC3@v2.2...v2.2.3)

---
updated-dependencies:
- dependency-name: uuid
  dependency-version: 14.0.1
  dependency-type: indirect
- dependency-name: "@finos/fdc3"
  dependency-version: 2.2.3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jun 29, 2026
@dependabot dependabot Bot requested a review from a team as a code owner June 29, 2026 22:30
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jun 29, 2026
@codecov

codecov Bot commented Jun 29, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 65.8%. Comparing base (ad6d447) to head (127e824).

Additional details and impacted files

Impacted file tree graph

@@          Coverage Diff          @@
##            main   #1393   +/-   ##
=====================================
  Coverage   65.8%   65.8%           
=====================================
  Files        336     336           
  Lines       9868    9868           
  Branches    1297    1296    -1     
=====================================
  Hits        6498    6498           
+ Misses      2995    2991    -4     
- Partials     375     379    +4     

see 4 files with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants