Bump uuid and auditjs in /src/legacy

[dependabot]

Removes uuid. It's no longer used after updating ancestor dependency auditjs. These dependencies need to be updated together.

Removes uuid

Updates auditjs from 4.2.0 to 5.0.0

Release notes

Sourced from auditjs's releases.

v5.0.0

What's Changed

• feat!: Release 5.0.0 of auditjs by @​madpah in sonatype-nexus-community/auditjs#291

See CHANGELOG for full details.

Full Changelog: sonatype-nexus-community/auditjs@v4.2.0...v5.0.0

Changelog

Sourced from auditjs's changelog.

5.0.0 (2026-05-14)

• feat!: modernise build toolchain and test framework for v5 (a2c568f)

Bug Fixes

• ci: add npm auth token to .npmrc for semantic-release publish (03a93a3)
• ci: allow dogfood scan to find vulns without failing the build (c55a964)
• ci: fix dogfood auth and lifecycle prepare script failures (d773aa3)
• ci: fix npm publish ENEEDAUTH caused by @​semantic-release/npm OIDC bug (07d5308)
• ci: fix release workflow dogfood token name and ignore-scripts (40fc04c)
• ci: force public npm registry and fix @​types/figlet@​1.7.0 type change (874260c)
• ossi: normalise baseURL to always have trailing slash (5a44702)
• ci: pin @​semantic-release/npm to v10 and restore NPM_TOKEN (c6908a1)
• ci: remove _authToken from .npmrc — OIDC handles publish auth (426bef1)
• release: remove prepublishOnly to fix OIDC npm publish (6718143)
• config: store guide bearer token in AccessToken field; fall back to Token for backward compat (7fa9480)
• release: update .releaserc assets from yarn.lock to package-lock.json (04d956e)
• ossi: update default server URL to api.guide.sonatype.com (c08491d)
• ci: upgrade npm before install to avoid 10.8.2 exit-handler bug (3a32f70)
• ci: upgrade release workflow to Node 22 (980fdb7)
• lint: upgrade to ESLint 8 + Prettier 3 and fix all formatting errors (55ec1fd)
• guide: use Basic auth for OSSIndexCompatibilityApi in PAT-only mode (a78fad6)
• ci: use OSSI_TOKEN for guide dogfood scan; improve error message (363560f)

Features

• types: Phase 5 — TypeScript strict enforcement (2d443b4)
• guide: Phase 6 — bearer token auth and upgrade recommendations (92806f1)
• sbom: replace xmlbuilder with @​cyclonedx/cyclonedx-library v10 targeting CycloneDX 1.6 (feb2c73)

BREAKING CHANGES

• requires Node 20+; yarn replaced by npm

Co-Authored-By: Claude Sonnet 4.6 noreply@anthropic.com Signed-off-by: Paul Horton phorton@sonatype.com

Commits

• bd9fbb5 chore(release): 5.0.0 [skip ci]
• 075a080 chore: revert CHANGELOG
• d470243 chore(release): 5.0.1 [skip ci]
• c6908a1 fix(ci): pin @​semantic-release/npm to v10 and restore NPM_TOKEN
• 85aed2f chore(release): 5.0.0 [skip ci]
• fc13b6d chore(ci): Attempt to fix releaes workflow
• 00c5d73 chore(release): 5.0.0 [skip ci]
• 98a1a0a chore(ci): Attempt to fix releaes workflow
• 5c2d4ba chore(release): 5.0.0 [skip ci]
• b4093d2 chore: revert CHANGELOG
• Additional commits viewable in compare view

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.