diff --git a/dist/query.js b/dist/query.js index 39a3a1e25..ef65480f2 100644 --- a/dist/query.js +++ b/dist/query.js @@ -78679,11 +78679,17 @@ function v4(options, buf, offset) { return native_default.randomUUID(); } options = options || {}; - const rnds = options.random || (options.rng || rng)(); + const rnds = options.random ?? options.rng?.() ?? rng(); + if (rnds.length < 16) { + throw new Error("Random bytes length must be >= 16"); + } rnds[6] = rnds[6] & 15 | 64; rnds[8] = rnds[8] & 63 | 128; if (buf) { offset = offset || 0; + if (offset < 0 || offset + 16 > buf.length) { + throw new RangeError(`UUID byte range ${offset}:${offset + 15} is out of buffer bounds`); + } for (let i = 0; i < 16; ++i) { buf[offset + i] = rnds[i]; } diff --git a/package-lock.json b/package-lock.json index b68f4d465..5798b096f 100644 --- a/package-lock.json +++ b/package-lock.json @@ -22,7 +22,7 @@ "form-data": "^4.0.1", "jszip": "3.10.1", "semver": "^7.6.3", - "uuid": "^11.0.3", + "uuid": "^11.0.4", "yaml": "^2.7.0" }, "devDependencies": { @@ -10477,13 +10477,14 @@ "license": "MIT" }, "node_modules/uuid": { - "version": "11.0.3", - "resolved": "https://registry.npmjs.org/uuid/-/uuid-11.0.3.tgz", - "integrity": "sha512-d0z310fCWv5dJwnX1Y/MncBAqGMKEzlBb1AOf7z9K8ALnd0utBX/msg/fA0+sbyN1ihbMsLhrBlnl1ak7Wa0rg==", + "version": "11.0.4", + "resolved": "https://registry.npmjs.org/uuid/-/uuid-11.0.4.tgz", + "integrity": "sha512-IzL6VtTTYcAhA/oghbFJ1Dkmqev+FpQWnCBaKq/gUluLxliWvO8DPFWfIviRmYbtaavtSQe4WBL++rFjdcGWEg==", "funding": [ "https://github.com/sponsors/broofa", "https://github.com/sponsors/ctavan" ], + "license": "MIT", "bin": { "uuid": "dist/esm/bin/uuid" } diff --git a/package.json b/package.json index 8cdece6c3..44d2063bc 100644 --- a/package.json +++ b/package.json @@ -29,7 +29,7 @@ "form-data": "^4.0.1", "jszip": "3.10.1", "semver": "^7.6.3", - "uuid": "^11.0.3", + "uuid": "^11.0.4", "yaml": "^2.7.0" }, "devDependencies": {