chore(NA): replace deprecated cuid with @paralleldrive/cuid2 (#174787)

## Summary `cuid` has been deprecated due to security concerns. This PR replaces `cuid` with the successor `@paralleldrive/cuid2` while keeping the usage intact. ### Checklist N/A ### Risk Matrix N/A ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) --------- Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
2025-04-23 17:28:26 -04:00 · 2024-02-12 22:22:14 +07:00 · 2024-02-12 22:22:14 +07:00 · 8fb4bf2432
commit 8fb4bf2432
parent 8a651ea5be
5 changed files with 19 additions and 12 deletions
--- a/package.json
+++ b/package.json
@ -879,6 +879,7 @@
    "@opentelemetry/resources": "^1.4.0",
    "@opentelemetry/sdk-metrics-base": "^0.31.0",
    "@opentelemetry/semantic-conventions": "^1.4.0",
+    "@paralleldrive/cuid2": "^2.2.2",
    "@reduxjs/toolkit": "1.9.7",
    "@slack/webhook": "^7.0.1",
    "@smithy/eventstream-codec": "^2.0.12",
@ -929,7 +930,6 @@
    "cronstrue": "^1.51.0",
    "css-box-model": "^1.2.1",
    "css.escape": "^1.5.1",
-    "cuid": "^2.1.8",
    "cypress-data-session": "^2.8.0",
    "cytoscape": "^3.10.0",
    "cytoscape-dagre": "^2.2.2",
--- a/src/plugins/custom_integrations/public/components/fleet_integration/sample/sample_client_readme.tsx
+++ b/src/plugins/custom_integrations/public/components/fleet_integration/sample/sample_client_readme.tsx
@ -10,7 +10,7 @@ import React, { useState } from 'react';

 // eslint-disable-next-line @kbn/eslint/module_migration
 import styled from 'styled-components';
-import cuid from 'cuid';
+import { createId } from '@paralleldrive/cuid2';

 import {
  EuiButton,
@ -145,7 +145,7 @@ export const SampleClientReadme = () => {

                <EuiFlexGroup alignItems="center">
                  <EuiFlexItem grow={false}>
-                    <EuiButton onClick={() => setApiKey(cuid())} disabled={!!apiKey}>
+                    <EuiButton onClick={() => setApiKey(createId())} disabled={!!apiKey}>
                      Generate API key
                    </EuiButton>
                  </EuiFlexItem>
--- a/src/plugins/files/server/blob_storage_service/adapters/es/content_stream/content_stream.ts
+++ b/src/plugins/files/server/blob_storage_service/adapters/es/content_stream/content_stream.ts
@ -6,7 +6,7 @@
 * Side Public License, v 1.
 */

-import cuid from 'cuid';
+import { createId } from '@paralleldrive/cuid2';
 import * as cborx from 'cbor-x';
 import { errors as esErrors } from '@elastic/elasticsearch';
 import type { ElasticsearchClient, Logger } from '@kbn/core/server';
@ -225,7 +225,7 @@ export class ContentStream extends Duplex {

  private getId(): string {
    if (!this.id) {
-      this.id = cuid();
+      this.id = createId();
    }
    return this.id;
  }
--- a/src/plugins/files/server/file_client/file_client.ts
+++ b/src/plugins/files/server/file_client/file_client.ts
@ -9,7 +9,7 @@
 import moment from 'moment';
 import { Readable } from 'stream';
 import mimeType from 'mime';
-import cuid from 'cuid';
+import { createId } from '@paralleldrive/cuid2';
 import { type Logger, SavedObjectsErrorHelpers } from '@kbn/core/server';
 import type { AuditLogger } from '@kbn/security-plugin/server';
 import type { UsageCounter } from '@kbn/usage-collection-plugin/server';
@ -129,7 +129,7 @@ export class FileClientImpl implements FileClient {
  public async create<M = unknown>({ id, metadata }: CreateArgs): Promise<File<M>> {
    const serializedMetadata = serializeJSON({ ...metadata, mimeType: metadata.mime });
    const result = await this.metadataClient.create({
-      id: id || cuid(),
+      id: id || createId(),
      metadata: {
        ...createDefaultFileAttributes(),
        ...serializedMetadata,
--- a/yarn.lock
+++ b/yarn.lock
@ -6930,6 +6930,11 @@
  dependencies:
    eslint-scope "5.1.1"

+"@noble/hashes@^1.1.5":
+  version "1.3.3"
+  resolved "https://registry.yarnpkg.com/@noble/hashes/-/hashes-1.3.3.tgz#39908da56a4adc270147bb07968bf3b16cfe1699"
+  integrity sha512-V7/fPHgl+jsVPXqqeOzT8egNj2iBIVt+ECeMMG8TdcnTikP3oaBtUVqpT/gYCR68aEBJSF+XbYUxStjbFMqIIA==
+
 "@nodelib/fs.scandir@2.1.5":
  version "2.1.5"
  resolved "https://registry.yarnpkg.com/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz#7619c2eb21b25483f6d167548b4cfd5a7488c3d5"
@ -7393,6 +7398,13 @@
  resolved "https://registry.yarnpkg.com/@opentelemetry/semantic-conventions/-/semantic-conventions-1.8.0.tgz#fe2aa90e6df050a11cd57f5c0f47b0641fd2cad3"
  integrity sha512-TYh1MRcm4JnvpqtqOwT9WYaBYY4KERHdToxs/suDTLviGRsQkIjS5yYROTYTSJQUnYLOn/TuOh5GoMwfLSU+Ew==

+"@paralleldrive/cuid2@^2.2.2":
+  version "2.2.2"
+  resolved "https://registry.yarnpkg.com/@paralleldrive/cuid2/-/cuid2-2.2.2.tgz#7f91364d53b89e2c9cb9e02e8dd0f129e834455f"
+  integrity sha512-ZOBkgDwEdoYVlSeRbYYXs0S9MejQofiVYoTbKzy/6GQa39/q5tQU2IX46+shYnUkpEl3wc+J6wRlar7r2EK2xA==
+  dependencies:
+    "@noble/hashes" "^1.1.5"
+
 "@parcel/watcher@^2.1.0":
  version "2.1.0"
  resolved "https://registry.yarnpkg.com/@parcel/watcher/-/watcher-2.1.0.tgz#5f32969362db4893922c526a842d8af7a8538545"
@ -14320,11 +14332,6 @@ csstype@^3.0.2:
  resolved "https://registry.yarnpkg.com/csstype/-/csstype-3.0.7.tgz#2a5fb75e1015e84dd15692f71e89a1450290950b"
  integrity sha512-KxnUB0ZMlnUWCsx2Z8MUsr6qV6ja1w9ArPErJaJaF8a5SOWoHLIszeCTKGRGRgtLgYrs1E8CHkNSP1VZTTPc9g==

-cuid@^2.1.8:
-  version "2.1.8"
-  resolved "https://registry.yarnpkg.com/cuid/-/cuid-2.1.8.tgz#cbb88f954171e0d5747606c0139fb65c5101eac0"
-  integrity sha512-xiEMER6E7TlTPnDxrM4eRiC6TRgjNX9xzEZ5U/Se2YJKr7Mq4pJn/2XEHjl3STcSh96GmkHPcBXLES8M29wyyg==
-
 currently-unhandled@^0.4.1:
  version "0.4.1"
  resolved "https://registry.yarnpkg.com/currently-unhandled/-/currently-unhandled-0.4.1.tgz#988df33feab191ef799a61369dd76c17adf957ea"