From 47ee2247c835f3c2faae78095635ca01a6dacf5a Mon Sep 17 00:00:00 2001
From: CanbiZ <47820557+MickLesk@users.noreply.github.com>
Date: Fri, 12 Dec 2025 11:45:43 +0100
Subject: [PATCH] fix for code scanning alert no. 4: Insecure randomness (#396)

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 src/app/_components/VersionDisplay.tsx | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/app/_components/VersionDisplay.tsx b/src/app/_components/VersionDisplay.tsx
index 03fc279..a8376fd 100644
--- a/src/app/_components/VersionDisplay.tsx
+++ b/src/app/_components/VersionDisplay.tsx
@@ -416,11 +416,20 @@ export function VersionDisplay({ onOpenReleaseNotes }: VersionDisplayProps = {})
     setShowUpdateConfirmation(true);
   };
 
+  // Helper to generate secure random string
+  function getSecureRandomString(length: number): string {
+    const array = new Uint8Array(length);
+    window.crypto.getRandomValues(array);
+    // Convert to base36 string (alphanumeric)
+    return Array.from(array, b => b.toString(36)).join('').substr(0, length);
+  }
+
   const handleConfirmUpdate = () => {
     // Close the confirmation modal
     setShowUpdateConfirmation(false);
     // Start the actual update process
-    const sessionId = `update_${Date.now()}_${Math.random().toString(36).substr(2, 9)}`;
+    const randomSuffix = getSecureRandomString(9);
+    const sessionId = `update_${Date.now()}_${randomSuffix}`;
     const startTime = Date.now();
     
     setIsUpdating(true);