Math.random() is not cryptographically secure

[gen0cide]

node-saml/lib/utils.js

Line 61 in 7ee7984

function getRandomInt(min, max) {

This function is used to generate unique UIDs throughout the SAML library. Given that SAML deals with authentication, it seems like poor practice to not generate random UIDs in a cryptographically secure manner.

Reference: https://nodejs.org/api/crypto.html#crypto_crypto_randomint_min_max_callback
Guidance: https://gist.github.com/joepie91/7105003c3b26e65efcea63f3db82dfba