Skip to content

Commit 5a96afc

Browse files
Copilotrzhao271
Copilot
and
rzhao271
authored
fix: bump serialize-javascript to v7.0.4 and use built-in crypto instead of md5.js/hash.js
Co-authored-by: rzhao271 <7199958+rzhao271@users.noreply.github.com> Agent-Logs-Url: https://github.com/microsoft/vscode-pull-request-github/sessions/b051a380-1d06-421c-8a89-e025f736ed2a
1 parent 91c8790 commit 5a96afc

File tree

4 files changed

+26
-17
lines changed

4 files changed

+26
-17
lines changed

package-lock.json

Lines changed: 10 additions & 10 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

package.json

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4175,9 +4175,9 @@
41754175
},
41764176
"overrides": {
41774177
"mocha": {
4178-
"diff": "7.0.0",
4179-
"serialize-javascript": "6.0.1"
4178+
"diff": "7.0.0"
41804179
},
4180+
"serialize-javascript": "7.0.4",
41814181
"elliptic": "6.6.1"
41824182
},
41834183
"resolutions": {

src/github/utils.ts

Lines changed: 12 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,6 @@
44
*--------------------------------------------------------------------------------------------*/
55
'use strict';
66

7-
import * as crypto from 'crypto';
87
import * as OctokitTypes from '@octokit/types';
98
import * as vscode from 'vscode';
109
import { OctokitCommon } from './common';
@@ -1697,6 +1696,17 @@ export function generateGravatarUrl(gravatarId: string | undefined, size: number
16971696
return !!gravatarId ? `https://www.gravatar.com/avatar/${gravatarId}?s=${size}&d=retro` : undefined;
16981697
}
16991698

1699+
// Use the Node.js built-in crypto module (not the browserify polyfill) to avoid md5.js/hash.js
1700+
// bundled dependencies. In browser/webworker contexts Node.js crypto is unavailable, so we
1701+
// fall back gracefully by returning undefined.
1702+
function sha256Hex(data: string): string | undefined {
1703+
try {
1704+
return (require(/* webpackIgnore: true */ 'crypto') as typeof import('crypto')).createHash('sha256').update(data).digest('hex');
1705+
} catch {
1706+
return undefined;
1707+
}
1708+
}
1709+
17001710
export function getAvatarWithEnterpriseFallback(avatarUrl: string, email: string | undefined, isEnterpriseRemote: boolean): string | undefined {
17011711

17021712
// For non-enterprise, always use the provided avatarUrl
@@ -1710,8 +1720,7 @@ export function getAvatarWithEnterpriseFallback(avatarUrl: string, email: string
17101720
}
17111721

17121722
// Only fallback to Gravatar if no avatarUrl is available and email is provided
1713-
const gravatarUrl = email ? generateGravatarUrl(
1714-
crypto.createHash('sha256').update(email.trim().toLowerCase()).digest('hex')) : undefined;
1723+
const gravatarUrl = email ? generateGravatarUrl(sha256Hex(email.trim().toLowerCase())) : undefined;
17151724
return gravatarUrl;
17161725
}
17171726

webpack.config.js

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -141,7 +141,7 @@ async function getWebviewConfig(mode, env, entry) {
141141
resolve: {
142142
extensions: ['.ts', '.tsx', '.js', '.jsx', '.json', '.svg'],
143143
fallback: {
144-
crypto: require.resolve("crypto-browserify"),
144+
crypto: false,
145145
path: require.resolve('path-browserify'),
146146
stream: require.resolve("stream-browserify"),
147147
http: require.resolve("stream-http")
@@ -365,7 +365,7 @@ async function getExtensionConfig(target, mode, env) {
365365
fallback:
366366
target === 'webworker'
367367
? {
368-
crypto: require.resolve("crypto-browserify"),
368+
crypto: false,
369369
path: require.resolve('path-browserify'),
370370
stream: require.resolve("stream-browserify"),
371371
url: false,

0 commit comments

Comments
 (0)