fix(x-pack/reporting): use FIPS-compliant ID generator uuidv4 in Reporting plugin

package.json

@@ -998,7 +998,6 @@
     "mapbox-gl-draw-rectangle-mode": "1.0.4",
     "maplibre-gl": "3.1.0",
     "markdown-it": "^12.3.2",
-    "md5": "^2.1.0",
     "mdast-util-to-hast": "10.2.0",
     "memoize-one": "^6.0.0",
     "mime": "^2.4.4",
@@ -1035,7 +1034,6 @@
     "pretty-ms": "6.0.0",
     "prop-types": "^15.8.1",
     "proxy-from-env": "1.0.0",
-    "puid": "1.0.7",
     "puppeteer": "21.5.2",
     "query-string": "^6.13.2",
     "rbush": "^3.0.1",

x-pack/plugins/cases/public/components/use_push_to_service/callout/helpers.test.tsx

@@ -5,24 +5,24 @@
  * 2.0.
  */
 
-import md5 from 'md5';
+import { sha256 } from 'js-sha256';
 import { createCalloutId } from './helpers';
 
 describe('createCalloutId', () => {
   it('creates id correctly with one id', () => {
-    const digest = md5('one');
+    const digest = sha256('one');
     const id = createCalloutId(['one']);
     expect(id).toBe(digest);
   });
 
   it('creates id correctly with multiples ids', () => {
-    const digest = md5('one|two|three');
+    const digest = sha256('one|two|three');
     const id = createCalloutId(['one', 'two', 'three']);
     expect(id).toBe(digest);
   });
 
   it('creates id correctly with multiples ids and delimiter', () => {
-    const digest = md5('one,two,three');
+    const digest = sha256('one,two,three');
     const id = createCalloutId(['one', 'two', 'three'], ',');
     expect(id).toBe(digest);
   });

x-pack/plugins/cases/public/components/use_push_to_service/callout/helpers.tsx

@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import md5 from 'md5';
+import { sha256 } from 'js-sha256';
 
 export const createCalloutId = (ids: string[], delimiter: string = '|'): string =>
-  md5(ids.join(delimiter));
+  sha256(ids.join(delimiter));

x-pack/plugins/reporting/server/lib/store/report.ts

@@ -7,7 +7,7 @@
 
 import { omit } from 'lodash';
 import moment from 'moment';
-import Puid from 'puid';
+import { v4 as uuidv4 } from 'uuid';
 
 import { JOB_STATUS } from '@kbn/reporting-common';
 import {
@@ -19,7 +19,6 @@ import {
 
 import type { ReportTaskParams } from '../tasks';
 
-const puid = new Puid();
 export const MIGRATION_VERSION = '7.14.0';
 
 /*
@@ -63,7 +62,7 @@ export class Report implements Partial<ReportSource & ReportDocumentHead> {
    * Index string is required
    */
   constructor(opts: Partial<ReportSource> & Partial<ReportDocumentHead>, fields?: ReportFields) {
-    this._id = opts._id != null ? opts._id : puid.generate();
+    this._id = opts._id != null ? opts._id : uuidv4();
     this._index = opts._index;
     this._primary_term = opts._primary_term;
     this._seq_no = opts._seq_no;

x-pack/plugins/reporting/server/routes/common/generate/request_handler.test.ts

@@ -5,15 +5,7 @@
  * 2.0.
  */
 
-jest.mock(
-  'puid',
-  () =>
-    class MockPuid {
-      generate() {
-        return 'mock-report-id';
-      }
-    }
-);
+jest.mock('uuid', () => ({ v4: () => 'mock-report-id' }));
 
 import rison from '@kbn/rison';
 

yarn.lock

@@ -25322,11 +25322,6 @@ public-encrypt@^4.0.0:
     parse-asn1 "^5.0.0"
     randombytes "^2.0.1"
 
-puid@1.0.7:
-  version "1.0.7"
-  resolved "https://registry.yarnpkg.com/puid/-/puid-1.0.7.tgz#fa638a737d7b20419059d93965aed36ca20e1c84"
-  integrity sha1-+mOKc317IEGQWdk5Za7TbKIOHIQ=
-
 pump@^2.0.0:
   version "2.0.1"
   resolved "https://registry.yarnpkg.com/pump/-/pump-2.0.1.tgz#12399add6e4cf7526d973cbc8b5ce2e2908b3909"