From 32baefbc7a45d1767f5c15c394c6e5e1e5c01fab Mon Sep 17 00:00:00 2001 From: Alexander Zayats Date: Mon, 19 Jan 2026 13:07:52 +0200 Subject: [PATCH 1/4] Mark blake2b hashing as `usedforsecurity=False` This will allow make package FIPS compatible --- src/grimp/adaptors/caching.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/grimp/adaptors/caching.py b/src/grimp/adaptors/caching.py index d717063d..41ecb81f 100644 --- a/src/grimp/adaptors/caching.py +++ b/src/grimp/adaptors/caching.py @@ -37,7 +37,7 @@ def make_data_file_name( # Use a hash algorithm with a limited size to avoid cache filenames that are too long # the filesystem, which can happen if there are more than a few root packages # being analyzed. - safe_unicode_identifier = hashlib.blake2b(bytes_identifier, digest_size=20).hexdigest() + safe_unicode_identifier = hashlib.blake2b(bytes_identifier, digest_size=20, usedforsecurity=False).hexdigest() return f"{safe_unicode_identifier}.data.json" @classmethod From c4617dc822f1fd69d27fc6d9149474f1fcdcdb83 Mon Sep 17 00:00:00 2001 From: Alexander Zayats Date: Mon, 19 Jan 2026 13:09:41 +0200 Subject: [PATCH 2/4] Update CHANGELOG with FIPS compatibility note --- CHANGELOG.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 07a38ac9..12dc6070 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -9,6 +9,7 @@ latest * Improve contribution experience for Windows developers using Just. * Tweak Just commands for running version-specific Python tests. * Remove `typing-extensions` as a dependency. +* Make package FIPS compatible by marking blake2 hashing with `usedforsecurity=False`. 3.14 (2025-12-10) ----------------- From 775c357526e36100670c018c21767802eec01f63 Mon Sep 17 00:00:00 2001 From: Alexander Zayats Date: Mon, 19 Jan 2026 11:26:37 +0000 Subject: [PATCH 3/4] Update AUTHORS.rst --- AUTHORS.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/AUTHORS.rst b/AUTHORS.rst index 2923446a..1bd657fb 100644 --- a/AUTHORS.rst +++ b/AUTHORS.rst @@ -11,3 +11,4 @@ Authors * Andreas Rammhold - https://github.com/andir * Nicholas Bunn - https://github.com/NicholasBunn * Nathan McDougall - https://github.com/nathanjmcdougall +* Oleksandr Zaiats - https://github.com/z4y4ts From a89008d69dc066bf0e7c0abdaedddf1576bb6b97 Mon Sep 17 00:00:00 2001 From: Alexander Zayats Date: Mon, 19 Jan 2026 12:24:54 +0000 Subject: [PATCH 4/4] Fix code formatting --- src/grimp/adaptors/caching.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/grimp/adaptors/caching.py b/src/grimp/adaptors/caching.py index 41ecb81f..2baa4ac4 100644 --- a/src/grimp/adaptors/caching.py +++ b/src/grimp/adaptors/caching.py @@ -37,7 +37,9 @@ def make_data_file_name( # Use a hash algorithm with a limited size to avoid cache filenames that are too long # the filesystem, which can happen if there are more than a few root packages # being analyzed. - safe_unicode_identifier = hashlib.blake2b(bytes_identifier, digest_size=20, usedforsecurity=False).hexdigest() + safe_unicode_identifier = hashlib.blake2b( + bytes_identifier, digest_size=20, usedforsecurity=False + ).hexdigest() return f"{safe_unicode_identifier}.data.json" @classmethod