From 56e58521bdc3ecb3bb73c8072b68fead38fac285 Mon Sep 17 00:00:00 2001
From: Jayson Hurst <jayson.hurst@quest.com>
Date: Sat, 17 Feb 2024 00:35:03 +0000
Subject: [PATCH] Removed offending MD5 crypto hash and replaced with SHA1 and
 SHA256 crypto hashes to work with the FIPS crypto policy.

---
 packages/node_modules/@node-red/editor-api/lib/editor/ui.js  | 2 +-
 packages/node_modules/@node-red/runtime/lib/storage/index.js | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/packages/node_modules/@node-red/editor-api/lib/editor/ui.js b/packages/node_modules/@node-red/editor-api/lib/editor/ui.js
index e7bf15069..37c79d415 100644
--- a/packages/node_modules/@node-red/editor-api/lib/editor/ui.js
+++ b/packages/node_modules/@node-red/editor-api/lib/editor/ui.js
@@ -99,7 +99,7 @@ module.exports = {
             // settings.instanceId is set asynchronously to the editor-api
             // being initiaised. So we defer calculating the cacheBuster hash
             // until the first load of the editor
-            cacheBuster = crypto.createHash('md5').update(`${settings.version || 'version'}-${settings.instanceId || 'instanceId'}`).digest("hex").substring(0,12)    
+            cacheBuster = crypto.createHash('sha1').update(`${settings.version || 'version'}-${settings.instanceId || 'instanceId'}`).digest("hex").substring(0,12)    
         }
 
         let sessionMessages;
diff --git a/packages/node_modules/@node-red/runtime/lib/storage/index.js b/packages/node_modules/@node-red/runtime/lib/storage/index.js
index f5e07e254..989989e1d 100644
--- a/packages/node_modules/@node-red/runtime/lib/storage/index.js
+++ b/packages/node_modules/@node-red/runtime/lib/storage/index.js
@@ -77,7 +77,7 @@ var storageModuleInterface = {
                         flows: flows,
                         credentials: creds
                     };
-                    result.rev = crypto.createHash('md5').update(JSON.stringify(result.flows)).digest("hex");
+                    result.rev = crypto.createHash('sha256').update(JSON.stringify(result.flows)).digest("hex");
                     return result;
                 })
             });
@@ -95,7 +95,7 @@ var storageModuleInterface = {
 
             return credentialSavePromise.then(function() {
                 return storageModule.saveFlows(flows, user).then(function() {
-                    return crypto.createHash('md5').update(JSON.stringify(config.flows)).digest("hex");
+                    return crypto.createHash('sha256').update(JSON.stringify(config.flows)).digest("hex");
                 })
             });
         },