Merge pull request #4568 from JaysonHurst/fips

fix: Removed offending MD5 crypto hash and replaced with SHA1 and SHA256 …

packages/node_modules/@node-red/editor-api/lib/editor/ui.js

@@ -99,7 +99,7 @@ module.exports = {
             // settings.instanceId is set asynchronously to the editor-api
             // being initiaised. So we defer calculating the cacheBuster hash
             // until the first load of the editor
-            cacheBuster = crypto.createHash('md5').update(`${settings.version || 'version'}-${settings.instanceId || 'instanceId'}`).digest("hex").substring(0,12)    
+            cacheBuster = crypto.createHash('sha1').update(`${settings.version || 'version'}-${settings.instanceId || 'instanceId'}`).digest("hex").substring(0,12)    
         }
 
         let sessionMessages;

packages/node_modules/@node-red/runtime/lib/storage/index.js

@@ -77,7 +77,7 @@ var storageModuleInterface = {
                         flows: flows,
                         credentials: creds
                     };
-                    result.rev = crypto.createHash('md5').update(JSON.stringify(result.flows)).digest("hex");
+                    result.rev = crypto.createHash('sha256').update(JSON.stringify(result.flows)).digest("hex");
                     return result;
                 })
             });
@@ -95,7 +95,7 @@ var storageModuleInterface = {
 
             return credentialSavePromise.then(function() {
                 return storageModule.saveFlows(flows, user).then(function() {
-                    return crypto.createHash('md5').update(JSON.stringify(config.flows)).digest("hex");
+                    return crypto.createHash('sha256').update(JSON.stringify(config.flows)).digest("hex");
                 })
             });
         },