chore: update uuid to v14.0.0

[joaoloureirop]

Description

Changelog

CHANGELOG entry: null

Related issues

Fixes: https://consensyssoftware.atlassian.net/browse/MCWP-557

Manual testing steps

Feature: my feature name

  Scenario: user [verb for user action]
    Given [describe expected initial app state]

    When user [verb for user action]
    Then [describe expected outcome]

Screenshots/Recordings

Before

After

Pre-merge author checklist

• I've followed MetaMask Contributor Docs and MetaMask Mobile Coding Standards.
• I've completed the PR template to the best of my ability
• I've included tests if applicable
• I've documented my code using JSDoc format if applicable
• I've applied the right labels on the PR (see labeling guidelines). Not required for external contributors.

Performance checks (if applicable)

• I've tested on Android
  • Ideally on a mid-range device; emulator is acceptable
• I've tested with a power user scenario
  • Use these power-user SRPs to import wallets with many accounts and tokens
• I've instrumented key operations with Sentry traces for production performance metrics
  • See trace() for usage and addToken for an example

For performance guidelines and tooling, see the Performance Guide.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

---

Note

Medium Risk
Major-version bump of uuid can change module format/typing and affect any runtime UUID generation paths, especially in React Native/Jest transforms. The code changes are small but dependency behavior changes could surface at build/test time or in places relying on uuid options.

Overview
Upgrades uuid from ^8.3.2 to ^14.0.0 (and updates yarn.lock accordingly), removing the now-unneeded npm audit ignore entry for the prior uuid advisory.

Adjusts test infrastructure for the new uuid package shape: adds uuid to Jest’s transformIgnorePatterns allowlist, updates analyticsId.test.ts’s v4 mock typing, and tweaks accountsControllerTestUtils.ts to cast the v4({ random }) input to Uint8Array for the updated type expectations.

^{Reviewed by Cursor Bugbot for commit 608d200. Bugbot is set up for automated code reviews on this repo. Configure here.}

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​uuid@​14.0.0

View full report

[socket-security]

All alerts resolved. Learn more about Socket for GitHub.

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

View full report

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit ceef559. Configure here.}

[github-actions]

🔍 Smart E2E Test Selection

• Selected E2E tags: None (no tests recommended)
• Selected Performance tags: None (no tests recommended)
• Risk Level: low
• AI Confidence: 88%

click to see 🤖 AI reasoning details

E2E Test Selection:
This PR upgrades the uuid package from v8.3.2 to v14.0.0 and makes the necessary compatibility fixes:

1. package.json: Major version bump uuid v8 → v14. The core API (v4, v1) remains functionally identical — UUIDs are still generated the same way.

2. jest.config.js: Adds uuid to Jest's transformIgnorePatterns exclusion so Jest will transpile the uuid package (uuid v14 uses ESM modules, requiring Babel transformation in Jest's Node environment).

3. accountsControllerTestUtils.ts: TypeScript type cast fix (as unknown as Uint8Array) for uuid v14's stricter typing on the random option parameter.

4. analyticsId.test.ts: Updates mock type from jest.MockedFunction<typeof v4> to jest.Mock<string> for uuid v14 compatibility.

5. .yarnrc.yml: Removes the security advisory suppression for uuid (the vulnerability is now resolved by upgrading to v14).

6. yarn.lock: Lock file update.

Why no E2E tests are needed:

• The changes are purely a dependency upgrade with TypeScript/Jest compatibility fixes
• UUID generation behavior (v4, v1) is functionally identical between v8 and v14
• No user-facing UI, business logic, or E2E test infrastructure was changed
• The fixes are in test utilities and Jest configuration, not in production code paths that E2E tests exercise
• The uuid package is used for ID generation (analytics IDs, request IDs, etc.) — the format and behavior remain the same

Why no performance tests are needed:

• UUID generation is a trivial operation with negligible performance impact
• No rendering, state management, or data loading code was changed

Performance Test Selection:
UUID generation is a trivial operation with negligible performance impact. No rendering, state management, data loading, or critical user flow code was changed — only the uuid dependency version and Jest/TypeScript compatibility fixes.

View GitHub Actions results

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[Cal-L]

Lgtm