Skip to content

fix: upgrade HashString from SHA1 to SHA-256#522

Merged
mwbrooks merged 1 commit intomainfrom
mwbrooks-snyk-sha256-strings-hashstring
May 5, 2026
Merged

fix: upgrade HashString from SHA1 to SHA-256#522
mwbrooks merged 1 commit intomainfrom
mwbrooks-snyk-sha256-strings-hashstring

Conversation

@mwbrooks
Copy link
Copy Markdown
Member

@mwbrooks mwbrooks commented May 5, 2026
edited
Loading

Changelog

  • N/A

Summary

This pull request upgrades the HashString function in internal/goutils/strings.go from SHA1 to SHA-256 to resolve a Snyk code analysis finding for use of a weak hash algorithm.

HashString is used only to anonymize PII (e.g. system hostname) in diagnostic data. No external system depends on the hash format, so the upgrade is safe.

Preview

  • N/A

Requirements

@mwbrooks
fix: upgrade HashString from SHA1 to SHA-256
3dd88ab 
SHA1 is flagged by Snyk as a weak hash algorithm. HashString is used
only for PII anonymization in diagnostics, so upgrading to SHA-256 is
safe with no external compatibility concerns.
@mwbrooks mwbrooks self-assigned this May 5, 2026
@mwbrooks mwbrooks added security Use on pull requests related to security semver:patch Use on pull requests to describe the release version increment labels May 5, 2026
@mwbrooks mwbrooks added this to the Next Release milestone May 5, 2026
@codecov
Copy link
Copy Markdown

codecov Bot commented May 5, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 71.23%. Comparing base (7c7394c) to head (3dd88ab).

Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #522      +/-   ##
==========================================
- Coverage   71.26%   71.23%   -0.03%     
==========================================
  Files         222      222              
  Lines       18682    18682              
==========================================
- Hits        13314    13309       -5     
- Misses       4188     4191       +3     
- Partials     1180     1182       +2

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@mwbrooks mwbrooks marked this pull request as ready for review May 5, 2026 21:34
@mwbrooks mwbrooks requested a review from a team as a code owner May 5, 2026 21:34
zimeg
zimeg approved these changes May 5, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@zimeg zimeg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mwbrooks More SHA is better I humble think 🔏 💌

@mwbrooks
Copy link
Copy Markdown
Member Author

mwbrooks commented May 5, 2026

Thanks @zimeg!

@mwbrooks mwbrooks merged commit 68134ad into main May 5, 2026
8 checks passed
@mwbrooks mwbrooks deleted the mwbrooks-snyk-sha256-strings-hashstring branch May 5, 2026 23:38
@WilliamBergamin
Copy link
Copy Markdown
Contributor

WilliamBergamin commented May 6, 2026

Nice ❤️

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zimeg zimeg zimeg approved these changes

Assignees

@mwbrooks mwbrooks

Labels

security Use on pull requests related to security semver:patch Use on pull requests to describe the release version increment

Projects

None yet

Milestone

Next Release

Development

Successfully merging this pull request may close these issues.

3 participants

@mwbrooks @WilliamBergamin @zimeg