The uuid library is a little stuck at v3.x in the JS Tracker. From version v7, they dropped support for IE9 and 10 which we still support in the JS Tracker.
In v3 it checks for the crypto libraries for the random number generation and if it isn’t there (in the case of bots and old IE), it falls back to a Math.random implementation. Unfortunately, lots of bots have TERRIBLE Math.random implementations so you end up with lots of UUID collisions when bots land on your page. This Math.random fallback no longer exists in newer versions of the library, it simply only uses crypto or else it fails to generate a uuid (so you’d get no uuid when the traffic was bot traffic and/or ie9/10).
That was a bit of a brain dump on where we’re at with uuids in js. Open to thoughts and ideas!