Bump uuid and oidc-provider in /apiproxies/sandboxes-v1/apiproxy/resources/hosted

[dependabot]

Removes uuid. It's no longer used after updating ancestor dependency oidc-provider. These dependencies need to be updated together.

Removes uuid

Updates oidc-provider from 5.5.6 to 9.8.3

Release notes

Sourced from oidc-provider's releases.

v9.8.3

Fixes

• await registration token policy (6269602)
• pass ciba user code to verifier (a340869)
• reject malformed dpop htu with a clearer message (1b6146c)
• select signing keys for jwt access tokens (1d6df9c)
• validate ciba notification tokens (2807a8f)

v9.8.2

Fixes

• html-escape debug data sent to development-only interactions (924d25c), closes #1414

v9.8.1

Refactor

• relax native app custom URI scheme validation (75be6ce), closes #1411

v9.8.0

Features

• promote rpMetadataChoices to stable (cc8cfcc)

Refactor

• do not depend on undici being part of the bundle (2ffec73)

v9.7.1

Refactor

• CIMD: filter unrecognized array members before validating (969edba), closes #1398
• fetch_body_check.js now returns early when limit is Infinite (a794f51)
• fixup grant_types and response_types mismatch instead of rejecting (81538bf)
• process client schema after custom metadata processing (35fb736)
• pull csrf into a shared module (6239f17)

v9.7.0

Features

• add configuration for limiting external resource body limits (0c424cd)
• experimental support for Client ID Metadata Document (CIMD) (d5323f4)
• prevent fetching special-use IP address resources (1548834)

Documentation

• align section titles and auto-generate toc (287bfa8)
• description fixes and various editorial edits (a8f4f15)

... (truncated)

Changelog

Sourced from oidc-provider's changelog.

9.8.3 (2026-04-27)

Fixes

• await registration token policy (6269602)
• pass ciba user code to verifier (a340869)
• reject malformed dpop htu with a clearer message (1b6146c)
• select signing keys for jwt access tokens (1d6df9c)
• validate ciba notification tokens (2807a8f)

9.8.2 (2026-04-17)

Fixes

• html-escape debug data sent to development-only interactions (924d25c), closes #1414

9.8.1 (2026-04-15)

Refactor

• relax native app custom URI scheme validation (75be6ce), closes #1411

9.8.0 (2026-04-07)

Features

• promote rpMetadataChoices to stable (cc8cfcc)

Refactor

• do not depend on undici being part of the bundle (2ffec73)

9.7.1 (2026-03-18)

Refactor

• CIMD: filter unrecognized array members before validating (969edba), closes #1398
• fetch_body_check.js now returns early when limit is Infinite (a794f51)
• fixup grant_types and response_types mismatch instead of rejecting (81538bf)
• process client schema after custom metadata processing (35fb736)
• pull csrf into a shared module (6239f17)

9.7.0 (2026-03-06)

... (truncated)

Commits

• 8415108 chore(release): 9.8.3
• e7dab4d chore(deps-dev): bump @​fastify/middie (#1416)
• 2807a8f fix: validate ciba notification tokens
• a340869 fix: pass ciba user code to verifier
• 1d6df9c fix: select signing keys for jwt access tokens
• 6269602 fix: await registration token policy
• 1b6146c fix: reject malformed dpop htu with a clearer message
• 29a216c chore: use optional catch binding
• 3e3a674 chore: avoid dynamic namespace import access
• dda9767 chore: remove leftover blank line in example/my_adapter.js
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for oidc-provider since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.