Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Replace md5sum with sha512sum #3048

Merged
merged 1 commit into from Jun 6, 2022
Merged

Replace md5sum with sha512sum #3048

merged 1 commit into from Jun 6, 2022
+2 −2

Conversation

ericcornelissen
Copy link
Contributor

Update the hashing algorithm used for the package-lock.json checksum in the CI from MD5 to SHA512 - the same algorithm used by npm for the integrity check in the package-lock.json file itself.

My motivation for doing this is that MD5 is considered an insecure hash algorithm nowadays (ref. the MD5 Wikipedia page or RFC 6151). I do not intend to start a discussion on whether that's relevant in this particular case. I believe that regardless of ones point of view on the matter, upgrading to SHA512 is harmless (considering that this project is already using SHA512 through the lockfile).

@ericcornelissen
Replace md5sum with sha512sum
7e96e2b 
Update the hashing algorithm used for the package-lock.json checksum
from md5 to sha512 - the same algorithm used by npm for the integrity
check in the package-lock.json file itself.
@novemberborn novemberborn merged commit 3f17f8c into avajs:main Jun 6, 2022
@novemberborn
Copy link
Member

OK then, thanks @ericcornelissen.

@ericcornelissen ericcornelissen deleted the replace-md5sum-with-sha512sum branch June 6, 2022 12:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@ericcornelissen @novemberborn