philnash
commented
3 years ago UUID is only used to generate a random name for a tunnel. The name allows you to refer to the tunnel in further API requests to the internal API.
So, even if it is not as random as it needs to be for security purposes, I don't believe that makes it a security concern for this package.
However, I do believe in keeping dependencies up to date, so if you want to put together a PR for the upgrade I would happily review and merge it. Thanks!
we should upgrade uuid dependency to >= 7 Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details. if you agree, i can provide the PR thanks for the great work on ngrok folks