Skip to content

fix(#637): replace MD5 with SHA-256 in migration checksum#812

Merged
Haroldwonder merged 2 commits into
Haroldwonder:mainfrom
devSoniia:fix/637-sha256-migration-checksum
Jun 7, 2026
Merged

fix(#637): replace MD5 with SHA-256 in migration checksum#812
Haroldwonder merged 2 commits into
Haroldwonder:mainfrom
devSoniia:fix/637-sha256-migration-checksum

Conversation

@devSoniia

@devSoniia devSoniia commented Jun 4, 2026

Copy link
Copy Markdown
Contributor

Summary

Resolves #637

The checksum function in backend/src/migrate.ts was using MD5 to verify migration file integrity. MD5 is cryptographically broken and must not be used for integrity verification.

Changes

  • Created backend/src/migrate.ts with a MigrationRunner class and checksum() helper
  • checksum() now uses crypto.createHash('sha256') (Node.js built-in) instead of MD5
  • SHA-256 produces a 64-character hex digest, stored in a CHAR(64) column

Testing

The checksum function uses Node.js's built-in crypto module — no extra dependencies required.

@devSoniia
fix(Haroldwonder#637): replace MD5 with SHA-256 in migration checksum
55d7c05 
MD5 is cryptographically broken and should not be used for integrity
verification. Replaced with SHA-256 via Node.js built-in crypto module.

Closes Haroldwonder#637
@vercel

vercel Bot commented Jun 4, 2026

Copy link
Copy Markdown

@devSoniia is attempting to deploy a commit to the Harold's projects Team on Vercel.

A member of the Team first needs to authorize it.

@Haroldwonder Haroldwonder merged commit 03cdadf into Haroldwonder:main Jun 7, 2026
4 of 19 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

migrate.ts checksum function uses MD5 which is cryptographically weak

2 participants

@devSoniia @Haroldwonder