CLI: update uuid dependency

[cnharrison]

Issue

The CLI still depends on uuid ^9.0.0, which resolves inside the reported advisory range. Downstream listener repos can inherit that finding through flatfile -> uuid.

What changed

• Updated the CLI uuid dependency to ^11.1.1.
• Removed @types/uuid because uuid now ships its own types.
• Added a patch changeset for flatfile.

Validation

• CLI lint and build pass.
• The CLI workspace audit no longer reports a uuid finding.

[obvious-autobuild-staging]

Obvious Code Review

Verdict: COMMENT — CLEAN

Summary

• Blocker: 0
• High: 0
• Medium: 0
• Suggestion: 1

Suggestion

packages/cli/package.json — uuid does not appear to be directly imported anywhere in packages/cli/src/. Since it lives in dependencies, every npm install flatfile installs it for end users. Two possibilities: (1) it is inlined via a bundled transitive dep (fine as-is), or (2) the direct import was removed in a prior refactor without cleaning up the manifest (in which case dropping it entirely would eliminate the advisory exposure path more permanently). Consider running npx depcheck packages/cli in a follow-up to confirm. Not a blocker for this PR.

---

View full review in Obvious