Frontend/postcss and uuid dep updates

[jsandoval81]

Requirements List

• yarn install --ignore-engines

Description List

• https://github.com/csg-org/CompactConnect/security/dependabot/713
• https://github.com/csg-org/CompactConnect/security/dependabot/711

Testing List

• yarn test:unit:all should run without errors or warnings
• yarn serve should run without errors or warnings
• yarn build should run without errors or warnings
• Code review
• Smoke test

Closes #1513

Summary by CodeRabbit

• Chores
  • Updated UUID library dependency to version 14.0.0 for improved compatibility and maintenance support.

[coderabbitai]

📝 Walkthrough

Walkthrough

The uuid dependency in webroot/package.json is upgraded from version ^8.3.2 to ^14.0.0 to address security vulnerabilities identified in the repository's security advisories.

Changes

Cohort / File(s)	Summary
Dependency Update webroot/package.json	UUID package version upgraded from ^8.3.2 to ^14.0.0 to resolve CVE vulnerabilities.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Suggested reviewers

• rmolinares
• jlkravitz

Poem

🐰 A nibble here, a version there,
UUID hops without a care!
From eight to fourteen, safe and sound,
Security bugs no longer found! ✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Out of Scope Changes check	❓ Inconclusive	The raw summary shows only the uuid dependency was updated in package.json; postcss mentioned in the title is not present in the provided summary, warranting clarification.	Verify that postcss dependency changes exist in the PR or update the title to reflect only uuid updates if postcss changes are not included.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description check	✅ Passed	The PR description includes required sections (Requirements, Description, Testing lists) with specific commands and testing steps, properly referencing linked issues and closing information.
Linked Issues check	✅ Passed	The PR updates uuid dependency from ^8.3.2 to ^14.0.0 to address security vulnerabilities mentioned in issue #1513 and referenced Dependabot advisories #713 and #711.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Title check	✅ Passed	The title 'Frontend/postcss and uuid dep updates' accurately references both postcss and uuid dependency updates, which aligns with the PR objectives of addressing CVE security advisories for these packages.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

webroot/package.json (1)

37-37: Consider adding explicit "engines" field to declare Node 20+ requirement.

CI already uses Node 24.14.0 (which satisfies uuid@14.0.0's Node 20+ requirement), so no runtime compatibility issue exists. However, the package.json lacks an explicit "engines" declaration, making the version contract implicit.

Suggested package.json alignment

 {
   "name": "ia-vuejs-frontend",
   "version": "1.0.0",
   "private": true,
+  "engines": {
+    "node": ">=20"
+  },
   "scripts": {

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@webroot/package.json` at line 37, Add an explicit "engines" field to
package.json to declare the Node version contract required by uuid@14.x; update
package.json to include an "engines" entry such as "node": ">=20" (or
">=20.0.0") so CI and contributors know the runtime requirement, and ensure this
is kept in sync if you later bump the uuid dependency or change supported Node
versions.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@webroot/package.json`:
- Line 37: Add an explicit "engines" field to package.json to declare the Node
version contract required by uuid@14.x; update package.json to include an
"engines" entry such as "node": ">=20" (or ">=20.0.0") so CI and contributors
know the runtime requirement, and ensure this is kept in sync if you later bump
the uuid dependency or change supported Node versions.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: b75d1d9a-759f-4b33-b3aa-c84bddbb59c7

📥 Commits

Reviewing files that changed from the base of the PR and between 7a9691d and ac2a2f0.

⛔ Files ignored due to path filters (1)

• webroot/yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (1)

• webroot/package.json

[jsandoval81]

@jlkravitz This is ready for your review. A small dependency update to address some CVEs that appeared over the weekend.

[jlkravitz]

@isabeleliassen Good to merge. (This is a major-version package update, so not merging in myself.)