chore: address codeql warnings (#201776)

build/linux/debian/install-sysroot.js

@@ -34,6 +34,7 @@ function getElectronVersion() {
     return { electronVersion, msBuildId };
 }
 function getSha(filename) {
+    // CodeQL [SM04514] Hash logic cannot be changed due to external dependency, also the code is only used during build.
     const hash = (0, crypto_1.createHash)('sha1');
     // Read file 1 MB at a time
     const fd = fs.openSync(filename, 'r');

build/linux/debian/install-sysroot.ts

@@ -45,6 +45,7 @@ function getElectronVersion(): Record<string, string> {
 }
 
 function getSha(filename: fs.PathLike): string {
+	// CodeQL [SM04514] Hash logic cannot be changed due to external dependency, also the code is only used during build.
 	const hash = createHash('sha1');
 	// Read file 1 MB at a time
 	const fd = fs.openSync(filename, 'r');

src/vs/base/parts/ipc/node/ipc.net.ts

@@ -785,11 +785,12 @@ export function createRandomIPCHandle(): string {
 }
 
 export function createStaticIPCHandle(directoryPath: string, type: string, version: string): string {
-	const scope = createHash('md5').update(directoryPath).digest('hex');
+	const scope = createHash('sha256').update(directoryPath).digest('hex');
+	const scopeForSocket = scope.substr(0, 8);
 
 	// Windows: use named pipe
 	if (process.platform === 'win32') {
-		return `\\\\.\\pipe\\${scope}-${version}-${type}-sock`;
+		return `\\\\.\\pipe\\${scopeForSocket}-${version}-${type}-sock`;
 	}
 
 	// Mac & Unix: Use socket file
@@ -799,7 +800,6 @@ export function createStaticIPCHandle(directoryPath: string, type: string, versi
 
 	const versionForSocket = version.substr(0, 4);
 	const typeForSocket = type.substr(0, 6);
-	const scopeForSocket = scope.substr(0, 8);
 
 	let result: string;
 	if (process.platform !== 'darwin' && XDG_RUNTIME_DIR && !process.env['VSCODE_PORTABLE']) {