From 0c01a189c9b612eb0c02e8c8ce7c7a7cb77ad9c2 Mon Sep 17 00:00:00 2001
From: Stan Hu <stanhu@gmail.com>
Date: Tue, 3 May 2022 15:34:13 -0700
Subject: [PATCH] Switch hash from MD5 to SHA256

On FIPS-compliant systems (http://en.wikipedia.org/wiki/FIPS_140), MD5
cannot be used. Switch to SHA256 instead.

However, this change does not keep backward compatibility with systems
with already-installed Thor recipes.

Closes #287
---
 lib/thor/runner.rb  | 4 ++--
 spec/runner_spec.rb | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/thor/runner.rb b/lib/thor/runner.rb
index 7b1b8d9b1..8d076759b 100644
--- a/lib/thor/runner.rb
+++ b/lib/thor/runner.rb
@@ -2,7 +2,7 @@
 require_relative "group"
 
 require "yaml"
-require "digest/md5"
+require "digest/sha2"
 require "pathname"
 
 class Thor::Runner < Thor #:nodoc: # rubocop:disable ClassLength
@@ -91,7 +91,7 @@ def install(name) # rubocop:disable MethodLength
     end
 
     thor_yaml[as] = {
-      :filename   => Digest::MD5.hexdigest(name + as),
+      :filename   => Digest::SHA256.hexdigest(name + as),
       :location   => location,
       :namespaces => Thor::Util.namespaces_in_content(contents, base)
     }
diff --git a/spec/runner_spec.rb b/spec/runner_spec.rb
index 6a8cc67fa..52748fcc9 100644
--- a/spec/runner_spec.rb
+++ b/spec/runner_spec.rb
@@ -219,7 +219,7 @@ def when_no_thorfiles_exist
         allow(FileUtils).to receive(:touch)
         allow(Thor::LineEditor).to receive(:readline).and_return("Y")
 
-        path = File.join(Thor::Util.thor_root, Digest::MD5.hexdigest(@location + "random"))
+        path = File.join(Thor::Util.thor_root, Digest::SHA256.hexdigest(@location + "random"))
         expect(File).to receive(:open).with(path, "w")
       end