Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: replace gravatar-url with inline function #5128

Merged
merged 3 commits into from
Oct 24, 2023

Conversation

chriswk
Copy link
Member

@chriswk chriswk commented Oct 23, 2023

As #4475 says, MD5 is not available in secure places anymore. This PR swaps out gravatar-url with an inline function using crypto:sha256 which is FIPS-140-2 compliant. Since we only used this method for generating avatar URLs the extra customization wasn't needed and we could hard code the URL parameters.

fixes: Linear https://linear.app/unleash/issue/SR-112/gh-support-swap-out-gravatar-url-lib
closes: #4475

@chriswk chriswk requested review from sjaanus and sighphyre October 23, 2023 13:12
@chriswk chriswk self-assigned this Oct 23, 2023
@vercel
Copy link

vercel bot commented Oct 23, 2023

The latest updates on your projects. Learn more about Vercel for Git ↗︎

2 Ignored Deployments
Name Status Preview Comments Updated (UTC)
unleash-docs ⬜️ Ignored (Inspect) Visit Preview Oct 23, 2023 2:27pm
unleash-monorepo-frontend ⬜️ Ignored (Inspect) Visit Preview Oct 23, 2023 2:27pm

Copy link
Member

@sighphyre sighphyre left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@chriswk chriswk force-pushed the feat/replaceGravatarUrlLib branch from 78a4c96 to cc422f7 Compare October 23, 2023 13:59
@chriswk chriswk merged commit c60bca7 into main Oct 24, 2023
6 checks passed
@chriswk chriswk deleted the feat/replaceGravatarUrlLib branch October 24, 2023 08:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Archived in project
Development

Successfully merging this pull request may close these issues.

FIPS Compatibility - gravatar-url removal / update / replacement to correct md5 usage
2 participants