atjohns
commented
3 months ago Thanks, we will include this upgrade in our 0.20.3 release
Open ghoelzer-aws opened 3 months ago
atjohns
commented
3 months ago Thanks, we will include this upgrade in our 0.20.3 release
https://github.com/aws-samples/aws-lex-web-ui/blob/94bd01d54913cfdfcc1f3dd0052725b1e725c138/lex-web-ui/src/lib/lex/client.js#L60-L62
An AWS Customer using this solution reached out to me and identified these lines of code that are failing their internal code/security scan, using GitHub CodeQL. They are asking that the following recommendation be reviewed and suggested (or similar) remediation applied: Use a cryptographically secure pseudo-random number generator if the output is to be used in a security-sensitive context. For JavaScript on the NodeS platform, crypto.getRandombytes provides a cryptographically secure pseudo-random byte generator. For JavaScript in the browser, RandomSource.getRandomvalues provides a cryptographically secure pseudo-random number generator.