From d63b84ee1f49591df09c62db9efab9213a29602a Mon Sep 17 00:00:00 2001 From: pedr Date: Thu, 14 Dec 2023 12:28:41 -0300 Subject: [PATCH] Chore: Add function to generate secure random values (#9409) Co-authored-by: Laurent Cozic --- .../patches/nanoid-npm-3.3.7-98824ba130.patch | 12 +++++++ package.json | 1 + packages/lib/uuid.ts | 5 +++ yarn.lock | 35 +++---------------- 4 files changed, 22 insertions(+), 31 deletions(-) create mode 100644 .yarn/patches/nanoid-npm-3.3.7-98824ba130.patch diff --git a/.yarn/patches/nanoid-npm-3.3.7-98824ba130.patch b/.yarn/patches/nanoid-npm-3.3.7-98824ba130.patch new file mode 100644 index 000000000..84ddb590c --- /dev/null +++ b/.yarn/patches/nanoid-npm-3.3.7-98824ba130.patch @@ -0,0 +1,12 @@ +diff --git a/package.json b/package.json +index 4f24d9658ca167733dbe9c3fb3bcfc3f4e6d20c8..15062cc4eb3bc8e14b54b07a9c873e5a5c4b6ab8 100644 +--- a/package.json ++++ b/package.json +@@ -35,7 +35,6 @@ + "module": "index.js", + "exports": { + ".": { +- "browser": "./index.browser.js", + "require": { + "types": "./index.d.cts", + "default": "./index.cjs" diff --git a/package.json b/package.json index 00990831f..819714a8e 100644 --- a/package.json +++ b/package.json @@ -106,6 +106,7 @@ "eslint": "patch:eslint@8.52.0#./.yarn/patches/eslint-npm-8.39.0-d92bace04d.patch", "app-builder-lib@24.4.0": "patch:app-builder-lib@npm%3A24.4.0#./.yarn/patches/app-builder-lib-npm-24.4.0-05322ff057.patch", "react-native@0.71.10": "patch:react-native@npm%3A0.71.10#./.yarn/patches/react-native-animation-fix/react-native-npm-0.71.10-f9c32562d8.patch", + "nanoid": "patch:nanoid@npm%3A3.3.7#./.yarn/patches/nanoid-npm-3.3.7-98824ba130.patch", "pdfjs-dist": "patch:pdfjs-dist@npm%3A3.11.174#./.yarn/patches/pdfjs-dist-npm-3.11.174-67f2fee6d6.patch" } } diff --git a/packages/lib/uuid.ts b/packages/lib/uuid.ts index 98892b46f..e4e9a44b7 100644 --- a/packages/lib/uuid.ts +++ b/packages/lib/uuid.ts @@ -1,5 +1,6 @@ import { v4 as uuidv4 } from 'uuid'; import { customAlphabet } from 'nanoid/non-secure'; +import { nanoid as nanoidSecure } from 'nanoid'; // https://zelark.github.io/nano-id-cc/ // https://security.stackexchange.com/a/41749/1873 @@ -21,6 +22,10 @@ export default { }, }; +export const createSecureRandom = (size = 32) => { + return nanoidSecure(size); +}; + type FuncUiidGen = (length?: number)=> string; const cachedUuidgen: Record = {}; diff --git a/yarn.lock b/yarn.lock index b1da99dcd..353bb39c2 100644 --- a/yarn.lock +++ b/yarn.lock @@ -30561,15 +30561,6 @@ __metadata: languageName: node linkType: hard -"nanoid@npm:*": - version: 3.3.2 - resolution: "nanoid@npm:3.3.2" - bin: - nanoid: bin/nanoid.cjs - checksum: 376717f0685251fad77850bd84c6b8d57837c71eeb1c05be7c742140cc1835a5a2953562add05166d6dbc8fb65f3fdffa356213037b967a470e1691dc3e7b9cc - languageName: node - linkType: hard - "nanoid@npm:3.3.7": version: 3.3.7 resolution: "nanoid@npm:3.3.7" @@ -30579,30 +30570,12 @@ __metadata: languageName: node linkType: hard -"nanoid@npm:^3.1.30": - version: 3.1.30 - resolution: "nanoid@npm:3.1.30" +"nanoid@patch:nanoid@npm%3A3.3.7#./.yarn/patches/nanoid-npm-3.3.7-98824ba130.patch::locator=root%40workspace%3A.": + version: 3.3.7 + resolution: "nanoid@patch:nanoid@npm%3A3.3.7#./.yarn/patches/nanoid-npm-3.3.7-98824ba130.patch::version=3.3.7&hash=1fda01&locator=root%40workspace%3A." bin: nanoid: bin/nanoid.cjs - checksum: 276d0d4b0c41c46aeefec5f09f093e4085a2352d06881c845db22b84f8ef72cc8defae6d76bfb1d8a2a128eb2dec42ab148d16582be4e7754c97905806ef57b6 - languageName: node - linkType: hard - -"nanoid@npm:^3.3.4": - version: 3.3.4 - resolution: "nanoid@npm:3.3.4" - bin: - nanoid: bin/nanoid.cjs - checksum: 2fddd6dee994b7676f008d3ffa4ab16035a754f4bb586c61df5a22cf8c8c94017aadd360368f47d653829e0569a92b129979152ff97af23a558331e47e37cd9c - languageName: node - linkType: hard - -"nanoid@npm:^3.3.6": - version: 3.3.6 - resolution: "nanoid@npm:3.3.6" - bin: - nanoid: bin/nanoid.cjs - checksum: 7d0eda657002738aa5206107bd0580aead6c95c460ef1bdd0b1a87a9c7ae6277ac2e9b945306aaa5b32c6dcb7feaf462d0f552e7f8b5718abfc6ead5c94a71b3 + checksum: 0a210d4b5dd9ab9f31dea7e3d30319ff477985f7b08df197853c196e4cdf7e8a6809c18d885defd8822bbd6be010b4d6a11b01a0da230a83010f451537645496 languageName: node linkType: hard