Security: Upgrade uuid dependency to address CVE-2026-41907

[bgneu]

Before submitting a new issue

• I tested using the latest version of the library, as the bug might be already fixed.
• I tested using a supported version of react native.
• I checked for possible duplicate issues, with possible answers.

Bug summary

Description

A vulnerability has been flagged (CVE-2026-41907) within this repository's dependency tree due to an outdated version of the uuid package.

Details

• Vulnerability: CVE-2026-41907 (Out-of-bounds write via missing buffer bounds check in v3/v5/v6 functions)
• Affected Dependency: uuid (Versions prior to 14.0.0 are vulnerable)
• Remediation: Upgrade the uuid package to version 14.0.0 or higher, or update the parent package that brings it in.

Thank you for looking into this!

Library version

7.3.1

Environment info

"react-native-bootsplash": "7.3.1"

Steps to reproduce

No need to provide reproducible steps. Vulnerability exists as a dependency of this repo.

Reproducible sample code

See above

[rarenatoe]

The root criminal here is
apache/cordova-node-xcode

└─ react-native-bootsplash@npm:7.3.1 [8eeb6]
   └─ @expo/config-plugins@npm:56.0.6 (via npm:*)
      └─ xcode@npm:3.0.1 (via npm:^3.0.1)
         └─ uuid@npm:7.0.3 (via npm:^7.0.3)

They just recently upgraded it: apache/cordova-node-xcode#153
I guess it's only a matter of days until we have a new version.