Skip to content

[stable8] refactor(functions): Make sure only named exports are used (usernameToColor) #7170

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 16, 2025
Merged

[stable8] refactor(functions): Make sure only named exports are used (usernameToColor) #7170

merged 1 commit into from
Jul 16, 2025

Conversation

@susnux
Copy link
Contributor

@susnux susnux commented Jul 16, 2025

@susnux susnux added this to the 8.29.0 milestone Jul 16, 2025
@susnux susnux added 3. to review Waiting for reviews refactor ♻️ Pull request that is neither a fix nor a feature labels Jul 16, 2025
github-advanced-security[bot]
github-advanced-security bot found potential problems Jul 16, 2025
View reviewed changes
src/functions/usernameToColor/index.js
export { default } from './usernameToColor.js'
// Already a md5 hash?
if (hash.match(/^([0-9a-f]{4}-?){8}$/) === null) {
hash = md5(hash)

Check failure

Code scanning / CodeQL

Use of a broken or weak cryptographic algorithm High

A broken or weak cryptographic algorithm
Loading
depends on
sensitive data from an access to userIdentifier
Loading
.
A broken or weak cryptographic algorithm
Loading
depends on
sensitive data from an access to userIdentifier
Loading
.
A broken or weak cryptographic algorithm
Loading
depends on
sensitive data from an access to username
Loading
.
A broken or weak cryptographic algorithm
Loading
depends on
sensitive data from an access to usernames
Loading
.

Copilot Autofix

AI 4 months ago

To address the issue, we will replace the MD5 hashing algorithm with a stronger alternative, SHA-256, using the crypto module from Node.js. The crypto module is a built-in library in Node.js and provides a secure and efficient implementation of SHA-256. This change ensures that the hash generation is robust and adheres to modern cryptographic standards.

Steps to fix:

  1. Replace the md5 import with the crypto module.
  2. Update the hashing logic to use crypto.createHash('sha256') instead of md5.
  3. Ensure the hash is converted to a hexadecimal string, as required by the existing logic.
Suggested changeset 1
src/functions/usernameToColor/index.js

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/src/functions/usernameToColor/index.js b/src/functions/usernameToColor/index.js
--- a/src/functions/usernameToColor/index.js
+++ b/src/functions/usernameToColor/index.js
@@ -7,3 +7,3 @@
 
-import md5 from 'md5'
+import crypto from 'crypto'
 
@@ -22,3 +22,3 @@
 	if (hash.match(/^([0-9a-f]{4}-?){8}$/) === null) {
-		hash = md5(hash)
+		hash = crypto.createHash('sha256').update(hash).digest('hex')
 	}
EOF
@@ -7,3 +7,3 @@

import md5 from 'md5'
import crypto from 'crypto'

@@ -22,3 +22,3 @@
if (hash.match(/^([0-9a-f]{4}-?){8}$/) === null) {
hash = md5(hash)
hash = crypto.createHash('sha256').update(hash).digest('hex')
}
Copilot is powered by AI and may make mistakes. Always verify output.
@susnux susnux changed the base branch from main to stable8 July 16, 2025 14:48
@susnux susnux requested review from Antreesy and skjnldsv July 16, 2025 14:49
Antreesy
Antreesy approved these changes Jul 16, 2025
View reviewed changes
Copy link
Contributor

@Antreesy Antreesy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Automated comment is...?

@susnux
refactor(functions): Make sure only named exports are used (`username…
0228866 
…ToColor`)

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
@susnux susnux force-pushed the chore/backport-7161 branch from 28c153c to 0228866 Compare July 16, 2025 18:14
@susnux susnux merged commit 1e3ed84 into stable8 Jul 16, 2025
17 of 19 checks passed
@susnux susnux deleted the chore/backport-7161 branch July 16, 2025 23:29
@susnux susnux mentioned this pull request Aug 18, 2025
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@skjnldsv skjnldsv skjnldsv approved these changes

@ShGKme ShGKme ShGKme approved these changes

@Antreesy Antreesy Antreesy approved these changes

Assignees

No one assigned

Labels

3. to review Waiting for reviews refactor ♻️ Pull request that is neither a fix nor a feature

Projects

None yet

Milestone

8.29.0

Development

Successfully merging this pull request may close these issues.

5 participants

@susnux @skjnldsv @ShGKme @Antreesy