Merge pull request #2378 from ViewComponent/alert-autofix-17

Potential fix for code scanning alert no. 17: Insecure randomness

Author: joelhawksley

test/sandbox/public/turbo.es2017-esm.js

@@ -499,16 +499,17 @@ function interpolate(strings, values) {
 }
 
 function uuid() {
+  const randomValues = crypto.getRandomValues(new Uint8Array(36));
   return Array.from({ length: 36 })
     .map((_, i) => {
       if (i == 8 || i == 13 || i == 18 || i == 23) {
         return "-"
       } else if (i == 14) {
         return "4"
       } else if (i == 19) {
-        return (Math.floor(Math.random() * 4) + 8).toString(16)
+        return ((randomValues[i] % 4) + 8).toString(16)
       } else {
-        return Math.floor(Math.random() * 15).toString(16)
+        return (randomValues[i] % 16).toString(16)
       }
     })
     .join("")