Use `crypto.randomUUID` instead of using `Math.random` to seed a PRNG for UUIDs
What does this MR do and why?
For #360730 (closed)
Why
Please see the linked issue for a deeper discussion of "Why".
In short:
-
Math.random
is unsuitable for true randomness, and while there are currently no security implications, we should avoid it - The browsers that we support all provide
crypto.randomUUID
, so we should leverage that for fully random UUIDs.
What
This just swaps out the implementation for fully random UUIDs to use the browser-provided crypto.randomUUID
.
It also updates the UUID generation code to be more generalized to handle more UUID versions.
Screenshots or screen recordings
N/A, all of this code is backstage.
How to set up and validate locally
- Probably just run the tests.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Thomas Randolph