From d3ca9de3ca6103a7302ef166e7c12918ca567cf9 Mon Sep 17 00:00:00 2001
From: Jiaren Wu <jiaren-wu@github.com>
Date: Wed, 14 Jan 2026 21:04:02 -0800
Subject: [PATCH] Potential fix for code scanning alert no. 7: Use of a broken
 or weak cryptographic hashing algorithm on sensitive data (#4353)

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 controllers/actions.summerwind.net/multi_githubclient.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/controllers/actions.summerwind.net/multi_githubclient.go b/controllers/actions.summerwind.net/multi_githubclient.go
index 4c96deb6..92127a1e 100644
--- a/controllers/actions.summerwind.net/multi_githubclient.go
+++ b/controllers/actions.summerwind.net/multi_githubclient.go
@@ -2,7 +2,7 @@ package actionssummerwindnet
 
 import (
 	"context"
-	"crypto/sha1"
+	"crypto/sha256"
 	"encoding/hex"
 	"fmt"
 	"sort"
@@ -176,7 +176,7 @@ func (c *MultiGitHubClient) initClientForSecret(secret *corev1.Secret, dependent
 
 	sort.SliceStable(ks, func(i, j int) bool { return ks[i] < ks[j] })
 
-	hash := sha1.New()
+	hash := sha256.New()
 	for _, k := range ks {
 		hash.Write(secret.Data[k])
 	}