Bump uuid and npm

[dependabot]

Removes uuid. It's no longer used after updating ancestor dependency npm. These dependencies need to be updated together.

Removes uuid

Updates npm from 6.14.18 to 11.13.0

Release notes

Sourced from npm's releases.

v11.13.0

11.13.0 (2026-04-22)

Features

• 8e8dadb #9246 add u as alias for update command (#9246) (@​github-actions[bot], @​Ausoj)

Bug Fixes

• ecd161b #9258 ignore intended error code (@​owlstronaut)

Dependencies

• 8d2fdcd #9272 lru-cache@11.3.5
• e603d36 #9272 node-gyp@12.3.0
• d48b7da #9272 is-cidr@6.0.4
• 032a5ca #9240 @sigstore/protobuf-specs@0.5.1
• 33a81e7 #9240 tinyglobby@0.2.16
• 68dc4a0 #9240 picomatch@4.0.4
• 1bb6703 #9240 lru-cache@11.3.3
• 37059e4 #9240 diff@8.0.4
• fb450ab #9240 minimatch@10.2.5
• 7c4bbbf #9240 tar@7.5.13
• 703a3bc #9240 minipass-flush@1.0.6

Chores

• e0724ac #9272 dev dependency updates (@​owlstronaut)
• d249341 #9230 don't run npm update in CI (@​owlstronaut)
• workspace: @npmcli/arborist@9.4.3
• workspace: libnpmdiff@8.1.6
• workspace: libnpmexec@10.2.6
• workspace: libnpmfund@7.0.20
• workspace: libnpmpack@9.1.6

v11.12.1

11.12.1 (2026-03-24)

Bug Fixes

• 596706a #9148 revert prefer-offline/prefer-online exclusivity (#9129) (@​owlstronaut)

Documentation

• d1ee8a5 #9140 Add note on relative path prefix for npm publish (#9140) (@​pydsigner)

Dependencies

• workspace: @npmcli/config@10.8.1

v11.12.0

11.12.0 (2026-03-18)

Features

• 8eff5fb #9049 audit: add --include-attestations flag to output sigstore bundles (#9049) (@​mitchdenny)

Bug Fixes

• 03af94d #9123 skip synopsis code block when command has no usage (@​owlstronaut)
• 21ea382 #9110 arborist: resolve sibling override sets via common ancestor (#9110) (@​manzoorwanijk)

Dependencies

• 03f4c3a #9131 @sigstore/tuf@4.0.2
• 4d5f7d9 #9131 @gar/promise-retry@1.0.3
• 8dcfe69 #9131 @sigstore/sign@4.1.1

... (truncated)

Changelog

Sourced from npm's changelog.

11.13.0 (2026-04-22)

Features

• 8e8dadb #9246 add u as alias for update command (#9246) (@​github-actions[bot], @​Ausoj)

Bug Fixes

• ecd161b #9258 ignore intended error code (@​owlstronaut)

Dependencies

• 8d2fdcd #9272 lru-cache@11.3.5
• e603d36 #9272 node-gyp@12.3.0
• d48b7da #9272 is-cidr@6.0.4
• 032a5ca #9240 @sigstore/protobuf-specs@0.5.1
• 33a81e7 #9240 tinyglobby@0.2.16
• 68dc4a0 #9240 picomatch@4.0.4
• 1bb6703 #9240 lru-cache@11.3.3
• 37059e4 #9240 diff@8.0.4
• fb450ab #9240 minimatch@10.2.5
• 7c4bbbf #9240 tar@7.5.13
• 703a3bc #9240 minipass-flush@1.0.6

Chores

• e0724ac #9272 dev dependency updates (@​owlstronaut)
• d249341 #9230 don't run npm update in CI (@​owlstronaut)
• workspace: @npmcli/arborist@9.4.3
• workspace: libnpmdiff@8.1.6
• workspace: libnpmexec@10.2.6
• workspace: libnpmfund@7.0.20
• workspace: libnpmpack@9.1.6

11.12.1 (2026-03-24)

Bug Fixes

• 596706a #9148 revert prefer-offline/prefer-online exclusivity (#9129) (@​owlstronaut)

Documentation

• d1ee8a5 #9140 Add note on relative path prefix for npm publish (#9140) (@​pydsigner)

Dependencies

• workspace: @npmcli/config@10.8.1

11.12.0 (2026-03-18)

Features

• 8eff5fb #9049 audit: add --include-attestations flag to output sigstore bundles (#9049) (@​mitchdenny)

Bug Fixes

• 03af94d #9123 skip synopsis code block when command has no usage (@​owlstronaut)
• 21ea382 #9110 arborist: resolve sibling override sets via common ancestor (#9110) (@​manzoorwanijk)

Dependencies

• 03f4c3a #9131 @sigstore/tuf@4.0.2
• 4d5f7d9 #9131 @gar/promise-retry@1.0.3
• 8dcfe69 #9131 @sigstore/sign@4.1.1
• e5a7e22 #9127 lru-cache@11.2.7
• 82deab6 #9127 make-fetch-happen@15.0.5
• ce195dc #9127 cacache@20.0.4

... (truncated)

Commits

• 524590f chore: release 11.13.0
• e0724ac chore: dev dependency updates
• 8d2fdcd deps: lru-cache@11.3.5
• e603d36 deps: node-gyp@12.3.0
• d48b7da deps: is-cidr@6.0.4
• ecd161b fix: ignore intended error code
• e200696 fix(libnpmexec): skip redundant reify for cached directory specs (#9256)
• 7cd45c6 fix(arborist): handle npm link with install-strategy=linked
• 8e8dadb feat: add u as alias for update command (#9246)
• 032a5ca deps: @​sigstore/protobuf-specs@​0.5.1
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by owlstronaut, a new releaser for npm since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[solsson]

can't bump npm because we're wired in code to npm 6's API

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.