Updated uuid to crypto.randomUUID() (#20821)

The uuid package README suggests using the node builtin `crypto` library if we're only using uuid.v4, which we are.
TryGhost · Sep 12, 2024 · 58ca6f3 · 58ca6f3
1 parent 2cb9cf8
commit 58ca6f3
Show file tree

Hide file tree

Showing 21 changed files with 52 additions and 54 deletions.
diff --git a/ghost/core/core/server/data/importer/import-manager.js b/ghost/core/core/server/data/importer/import-manager.js
@@ -3,7 +3,7 @@ const fs = require('fs-extra');
 const path = require('path');
 const os = require('os');
 const glob = require('glob');
-const uuid = require('uuid');
+const crypto = require('crypto');
 const config = require('../../../shared/config');
 const {extract} = require('@tryghost/zip');
 const tpl = require('@tryghost/tpl');
@@ -220,7 +220,7 @@ class ImportManager {
      * @returns {Promise<string>} full path to the extracted folder
      */
     async extractZip(filePath) {
-        const tmpDir = path.join(os.tmpdir(), uuid.v4());
+        const tmpDir = path.join(os.tmpdir(), crypto.randomUUID());
         this.fileToDelete = tmpDir;
 
         try {

diff --git a/ghost/core/core/server/data/importer/importers/data/PostsImporter.js b/ghost/core/core/server/data/importer/importers/data/PostsImporter.js
@@ -1,6 +1,6 @@
 const debug = require('@tryghost/debug')('importer:posts');
 const _ = require('lodash');
-const uuid = require('uuid');
+const crypto = require('crypto');
 const BaseImporter = require('./Base');
 const mobiledocLib = require('../../../../lib/mobiledoc');
 const validator = require('@tryghost/validator');
@@ -29,7 +29,7 @@ class PostsImporter extends BaseImporter {
     sanitizeAttributes() {
         _.each(this.dataToImport, (obj) => {
             if (!validator.isUUID(obj.uuid || '')) {
-                obj.uuid = uuid.v4();
+                obj.uuid = crypto.randomUUID();
             }
 
             // we used to have post.page=true/false

diff --git a/...e/core/server/data/migrations/versions/4.46/2022-04-13-12-58-fill-uuid-for-newsletters.js b/...e/core/server/data/migrations/versions/4.46/2022-04-13-12-58-fill-uuid-for-newsletters.js
@@ -1,5 +1,5 @@
 const logging = require('@tryghost/logging');
-const uuid = require('uuid');
+const crypto = require('crypto');
 const {createTransactionalMigration} = require('../../utils');
 
 module.exports = createTransactionalMigration(
@@ -10,7 +10,7 @@ module.exports = createTransactionalMigration(
 
         // eslint-disable-next-line no-restricted-syntax
         for (const newsletter of newslettersWithoutUUID) {
-            await knex('newsletters').update('uuid', uuid.v4()).where('id', newsletter.id);
+            await knex('newsletters').update('uuid', crypto.randomUUID()).where('id', newsletter.id);
         }
     },
     async function down() {

diff --git a/...core/core/server/data/migrations/versions/4.46/2022-04-13-13-00-add-default-newsletter.js b/...core/core/server/data/migrations/versions/4.46/2022-04-13-13-00-add-default-newsletter.js
@@ -1,5 +1,5 @@
 const ObjectId = require('bson-objectid').default;
-const uuid = require('uuid');
+const crypto = require('crypto');
 const logging = require('@tryghost/logging');
 const startsWith = require('lodash/startsWith');
 const {createTransactionalMigration} = require('../../utils');
@@ -9,7 +9,7 @@ module.exports = createTransactionalMigration(
         // This uses the default settings from core/server/data/schema/default-settings/default-settings.json
         const newsletter = {
             id: (new ObjectId()).toHexString(),
-            uuid: uuid.v4(),
+            uuid: crypto.randomUUID(),
             name: 'Ghost',
             description: '',
             slug: 'default-newsletter',

diff --git a/ghost/core/core/server/models/email.js b/ghost/core/core/server/models/email.js
@@ -1,12 +1,12 @@
-const uuid = require('uuid');
+const crypto = require('crypto');
 const ghostBookshelf = require('./base');
 
 const Email = ghostBookshelf.Model.extend({
     tableName: 'emails',
 
     defaults: function defaults() {
         return {
-            uuid: uuid.v4(),
+            uuid: crypto.randomUUID(),
             status: 'pending',
             recipient_filter: 'status:-free',
             track_opens: false,

diff --git a/ghost/core/core/server/models/member.js b/ghost/core/core/server/models/member.js
@@ -1,5 +1,5 @@
 const ghostBookshelf = require('./base');
-const uuid = require('uuid');
+const crypto = require('crypto');
 const _ = require('lodash');
 const config = require('../../shared/config');
 const {gravatar} = require('../lib/image');
@@ -10,8 +10,8 @@ const Member = ghostBookshelf.Model.extend({
     defaults() {
         return {
             status: 'free',
-            uuid: uuid.v4(),
-            transient_id: uuid.v4(),
+            uuid: crypto.randomUUID(),
+            transient_id: crypto.randomUUID(),
             email_count: 0,
             email_opened_count: 0,
             enable_comment_notifications: true

diff --git a/ghost/core/core/server/models/newsletter.js b/ghost/core/core/server/models/newsletter.js
@@ -1,14 +1,14 @@
 const ghostBookshelf = require('./base');
 const ObjectID = require('bson-objectid').default;
-const uuid = require('uuid');
+const crypto = require('crypto');
 const urlUtils = require('../../shared/url-utils');
 
 const Newsletter = ghostBookshelf.Model.extend({
     tableName: 'newsletters',
 
     defaults: function defaults() {
         return {
-            uuid: uuid.v4(),
+            uuid: crypto.randomUUID(),
             sender_reply_to: 'newsletter',
             status: 'active',
             visibility: 'members',

diff --git a/ghost/core/core/server/models/post.js b/ghost/core/core/server/models/post.js
@@ -1,6 +1,6 @@
 // # Post Model
 const _ = require('lodash');
-const uuid = require('uuid');
+const crypto = require('crypto');
 const moment = require('moment');
 const {sequence} = require('@tryghost/promise');
 const tpl = require('@tryghost/tpl');
@@ -89,7 +89,7 @@ Post = ghostBookshelf.Model.extend({
         }
 
         return {
-            uuid: uuid.v4(),
+            uuid: crypto.randomUUID(),
             status: 'draft',
             featured: false,
             type: 'post',

diff --git a/ghost/core/core/server/models/settings.js b/ghost/core/core/server/models/settings.js
@@ -1,5 +1,4 @@
 const _ = require('lodash');
-const uuid = require('uuid');
 const crypto = require('crypto');
 const keypair = require('keypair');
 const ObjectID = require('bson-objectid').default;
@@ -50,7 +49,7 @@ function parseDefaultSettings() {
     const defaultSettingsFlattened = {};
 
     const dynamicDefault = {
-        db_hash: () => uuid.v4(),
+        db_hash: () => crypto.randomUUID(),
         public_hash: () => crypto.randomBytes(15).toString('hex'),
         admin_session_secret: () => crypto.randomBytes(32).toString('hex'),
         theme_session_secret: () => crypto.randomBytes(32).toString('hex'),

diff --git a/ghost/core/core/server/web/parent/middleware/request-id.js b/ghost/core/core/server/web/parent/middleware/request-id.js
@@ -1,4 +1,4 @@
-const uuid = require('uuid');
+const crypto = require('crypto');
 
 /**
  * @TODO: move this middleware to Framework monorepo?
@@ -8,7 +8,7 @@ const uuid = require('uuid');
  * @param {import('express').NextFunction} next
  */
 module.exports = function requestIdMw(req, res, next) {
-    const requestId = req.get('X-Request-ID') || uuid.v4();
+    const requestId = req.get('X-Request-ID') || crypto.randomUUID();
 
     // Set a value for internal use
     req.requestId = requestId;

diff --git a/ghost/core/package.json b/ghost/core/package.json
@@ -220,7 +220,6 @@
     "sanitize-html": "2.13.0",
     "semver": "7.6.3",
     "stoppable": "1.1.0",
-    "uuid": "9.0.1",
     "ws": "8.18.0",
     "xml": "1.0.1",
     "y-protocols": "1.0.6",

diff --git a/ghost/core/test/e2e-api/admin/members-exporter.test.js b/ghost/core/test/e2e-api/admin/members-exporter.test.js
@@ -1,15 +1,15 @@
 const {agentProvider, mockManager, fixtureManager, matchers} = require('../../utils/e2e-framework');
 const {anyContentVersion, anyEtag, anyString, anyContentLength} = matchers;
 
-const uuid = require('uuid');
+const crypto = require('crypto');
 const should = require('should');
 const Papa = require('papaparse');
 const models = require('../../../core/server/models');
 const moment = require('moment');
 
 async function createMember(data) {
     const member = await models.Member.add({
-        email: uuid.v4() + '@example.com',
+        email: crypto.randomUUID() + '@example.com',
         name: '',
         email_disabled: false,
         ...data

diff --git a/ghost/core/test/regression/api/admin/db.test.js b/ghost/core/test/regression/api/admin/db.test.js
@@ -2,7 +2,7 @@ const path = require('path');
 const _ = require('lodash');
 const os = require('os');
 const fs = require('fs-extra');
-const uuid = require('uuid');
+const crypto = require('crypto');
 const should = require('should');
 const supertest = require('supertest');
 const sinon = require('sinon');
@@ -61,7 +61,7 @@ describe('DB API', function () {
     });
 
     it('can export & import', function () {
-        const exportFolder = path.join(os.tmpdir(), uuid.v4());
+        const exportFolder = path.join(os.tmpdir(), crypto.randomUUID());
         const exportPath = path.join(exportFolder, 'export.json');
 
         return request.put(localUtils.API.getApiQuery('settings/'))

diff --git a/ghost/core/test/regression/api/admin/redirects.test.js b/ghost/core/test/regression/api/admin/redirects.test.js
@@ -3,7 +3,7 @@ const supertest = require('supertest');
 const fs = require('fs-extra');
 const path = require('path');
 const os = require('os');
-const uuid = require('uuid');
+const crypto = require('crypto');
 const localUtils = require('./utils');
 const config = require('../../../../core/shared/config');
 
@@ -23,7 +23,7 @@ describe('Redirects API', function () {
                 //       which is currently impossible with available test utils.
                 //       The test itself should be broken down into a unit test for the
                 //       Redirects service class.
-                const contentFolder = path.join(os.tmpdir(), uuid.v4(), 'ghost-test');
+                const contentFolder = path.join(os.tmpdir(), crypto.randomUUID(), 'ghost-test');
                 fs.ensureDirSync(contentFolder);
                 fs.ensureDirSync(path.join(contentFolder, 'data'));
                 fs.writeFileSync(path.join(contentFolder, 'data', 'redirects.json'), JSON.stringify([]));

diff --git a/ghost/core/test/utils/e2e-framework.js b/ghost/core/test/utils/e2e-framework.js
@@ -20,7 +20,7 @@ const {AsymmetricMatcher} = require('expect');
 const fs = require('fs-extra');
 const path = require('path');
 const os = require('os');
-const uuid = require('uuid');
+const crypto = require('crypto');
 
 const fixtureUtils = require('./fixture-utils');
 const redirectsUtils = require('./redirects');
@@ -64,7 +64,7 @@ const startGhost = async (options = {}) => {
      * We never use the root content folder for testing!
      * We use a tmp folder.
      */
-    const contentFolder = path.join(os.tmpdir(), uuid.v4(), 'ghost-test');
+    const contentFolder = path.join(os.tmpdir(), crypto.randomUUID(), 'ghost-test');
     await prepareContentFolder({contentFolder});
 
     // NOTE: need to pass this config to the server instance

diff --git a/ghost/core/test/utils/e2e-utils.js b/ghost/core/test/utils/e2e-utils.js
@@ -4,7 +4,7 @@ const _ = require('lodash');
 const fs = require('fs-extra');
 const path = require('path');
 const os = require('os');
-const uuid = require('uuid');
+const crypto = require('crypto');
 
 // Ghost Internals
 const boot = require('../../core/boot');
@@ -213,7 +213,7 @@ const startGhost = async (options) => {
         forceStart: false,
         copyThemes: false,
         copySettings: false,
-        contentFolder: path.join(os.tmpdir(), uuid.v4(), 'ghost-test'),
+        contentFolder: path.join(os.tmpdir(), crypto.randomUUID(), 'ghost-test'),
         subdir: false
     }, options);
 

diff --git a/ghost/core/test/utils/fixture-utils.js b/ghost/core/test/utils/fixture-utils.js
@@ -2,7 +2,7 @@
 const _ = require('lodash');
 const path = require('path');
 const fs = require('fs-extra');
-const uuid = require('uuid');
+const crypto = require('crypto');
 const ObjectId = require('bson-objectid').default;
 const KnexMigrator = require('knex-migrator');
 const {sequence} = require('@tryghost/promise');
@@ -160,7 +160,7 @@ const fixtures = {
         let i;
 
         for (i = 0; i < max; i += 1) {
-            tagName = uuid.v4().split('-')[0];
+            tagName = crypto.randomUUID().split('-')[0];
             tags.push(DataGenerator.forKnex.createBasic({name: tagName, slug: tagName}));
         }
 

diff --git a/ghost/core/test/utils/fixtures/data-generator.js b/ghost/core/test/utils/fixtures/data-generator.js
@@ -1,5 +1,5 @@
 const _ = require('lodash');
-const uuid = require('uuid');
+const crypto = require('crypto');
 const ObjectId = require('bson-objectid').default;
 const moment = require('moment');
 const constants = require('@tryghost/constants');
@@ -1037,7 +1037,7 @@ DataGenerator.forKnex = (function () {
 
         return _.defaults(newObj, {
             id: ObjectId().toHexString(),
-            uuid: uuid.v4(),
+            uuid: crypto.randomUUID(),
             title: 'title',
             status: 'published',
             feature_image: null,
@@ -1107,7 +1107,7 @@ DataGenerator.forKnex = (function () {
 
         return _.defaults(newObj, {
             id: ObjectId().toHexString(),
-            uuid: uuid.v4(),
+            uuid: crypto.randomUUID(),
             secret: 'not_available',
             redirection_uri: 'http://localhost:9999',
             client_uri: 'http://localhost:9000',
@@ -1156,7 +1156,7 @@ DataGenerator.forKnex = (function () {
         const newObj = _.cloneDeep(overrides);
         return _.defaults(newObj, {
             id: ObjectId().toHexString(),
-            uuid: uuid.v4(),
+            uuid: crypto.randomUUID(),
             slug: 'daily-newsletter',
             name: 'Daily Newsletter',
             sender_name: 'Jamie Larsen',
@@ -1299,7 +1299,7 @@ DataGenerator.forKnex = (function () {
 
         return _.defaults(newObj, {
             id: ObjectId().toHexString(),
-            token: uuid.v4(),
+            token: crypto.randomUUID(),
             expires: Date.now() + constants.ONE_DAY_MS
         });
     }
@@ -1309,7 +1309,7 @@ DataGenerator.forKnex = (function () {
 
         return _.defaults(newObj, {
             id: ObjectId().toHexString(),
-            token: uuid.v4(),
+            token: crypto.randomUUID(),
             email: 'test@ghost.org',
             role_id: DataGenerator.Content.roles[0].id,
             expires: Date.now() + (60 * 1000),

diff --git a/ghost/members-api/lib/repositories/MemberRepository.js b/ghost/members-api/lib/repositories/MemberRepository.js
@@ -7,7 +7,7 @@ const {SubscriptionActivatedEvent, MemberCreatedEvent, SubscriptionCreatedEvent,
 const ObjectId = require('bson-objectid').default;
 const {NotFoundError} = require('@tryghost/errors');
 const validator = require('@tryghost/validator');
-const uuid = require('uuid');
+const crypto = require('crypto');
 
 const messages = {
     noStripeConnection: 'Cannot {action} without a Stripe Connection',
@@ -228,7 +228,7 @@ module.exports = class MemberRepository {
     }
 
     _generateTransientId() {
-        return uuid.v4();
+        return crypto.randomUUID();
     }
 
     async cycleTransientId({id, email}) {