Replace `js-md5` Dependency in `@jitsi/js-utils`

[nbstr]

Let’s Nuke eval in @jitsi/js-utils – A js-md5 Replacement Proposal 🚀

---

hello friends 👋,

I’m diving deep into the Jitsi stack and stumbled upon a gnarly little relic in @jitsi/js-utils—our friend [js-md5](https://www.npmjs.com/package/js-md5). While it gets the job done hashing bits and bytes, there’s one glaring issue: eval. Yep, the ol’ wildcard.

Here’s the scoop:

• Why it’s a problem:
  • It’s a security risk. The use of eval opens doors we’d rather keep locked (think XSS attacks waiting to happen).
  • Build tools like Vite (and others) throw a fit during minification because eval messes with optimization.
• Why it’s time to upgrade:
  • Modern alternatives like [spark-md5](https://www.npmjs.com/package/spark-md5) do the same thing, minus the security baggage. Think of it as js-md5's cooler, younger cousin.

---

The Plan

Let’s swap out js-md5 for spark-md5. The API is nearly identical, so the migration is smoother than a codec negotiation on a clean connection.

Here’s how we can make the change:

1. Update the package.json:

   "dependencies": {
     "js-md5": "^0.7.3"
   }

   becomes:

   "dependencies": {
     "spark-md5": "^3.0.1"
   }

2. Fix the imports:

   const md5 = require('js-md5'); // Bye 👋
   const md5 = require('spark-md5'); // Hello 🌟

3. Done. That’s it. No eval. No build warnings. Just clean, modern, safe MD5 hashing.

---

What’s in it for You?

• Security: eval gets the boot—always a win.
• Build Compatibility: Works like a charm in modern tools (hello, Vite users 🎉).
• Maintenance: spark-md5 is actively maintained, while js-md5 is stuck in the past.

---

I’m happy to fork the repo and open a PR to help get this in. Just give me the green light, and we can send eval packing.

Thanks for everything you do to keep Jitsi amazing. This is an incredible project, and I’m excited to contribute!

Catch you in the commits,
nabster