diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index b2b18c7..33361f9 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -4,6 +4,9 @@ settings:
   autoInstallPeers: true
   excludeLinksFromLockfile: false
 
+overrides:
+  uuid: ^14.0.0
+
 importers:
   .:
     dependencies:
@@ -2124,12 +2127,11 @@ packages:
         integrity: sha512-7rKUyy33Q1yc98pQ1DAmLtwX109F7TIfWlW1Ydo8Wl1ii1SeHieeh0HHfPeL2fMXK6z0s8ecKs9frCuLJvndBg==,
       }
 
-  uuid@3.4.0:
+  uuid@14.0.0:
     resolution:
       {
-        integrity: sha512-HjSDRw6gZE5JMggctHBcjVak08+KEVhSIiDzFnT9S9aegmp85S/bReBVTb4QTFaRNptJ9kuYaNhnbNEOkbKb/A==,
+        integrity: sha512-Qo+uWgilfSmAhXCMav1uYFynlQO7fMFiMVZsQqZRMIXp0O7rR7qjkj+cPvBHLgBqi960QCoo/PH2/6ZtVqKvrg==,
       }
-    deprecated: uuid@10 and below is no longer supported.  For ESM codebases, update to uuid@latest.  For CommonJS codebases, use uuid@11 (but be aware this version will likely be deprecated in 2028).
     hasBin: true
 
   vite@8.0.14:
@@ -3125,7 +3127,7 @@ snapshots:
 
   nf-grapher@1.2.24:
     dependencies:
-      uuid: 3.4.0
+      uuid: 14.0.0
 
   obug@2.1.1: {}
 
@@ -3403,7 +3405,7 @@ snapshots:
     dependencies:
       punycode: 2.3.1
 
-  uuid@3.4.0: {}
+  uuid@14.0.0: {}
 
   vite@8.0.14(@types/node@25.9.1)(yaml@2.9.0):
     dependencies:
diff --git a/pnpm-workspace.yaml b/pnpm-workspace.yaml
index f7d724c..9ab3a1f 100644
--- a/pnpm-workspace.yaml
+++ b/pnpm-workspace.yaml
@@ -6,3 +6,8 @@ savePrefix: ''
 
 allowBuilds:
   husky: true
+
+# https://github.com/nativeformat/NFPlayerJS/security/dependabot/201 affects
+# v3/v5/v6 with caller-supplied buffer: nf-grapher only calls v4() with no args.
+overrides:
+  uuid: ^14.0.0