Remove the use of mt_rand (#5857)

`mt_rand` does not generate cryptographically secure values. This logic should be updated to follow best practices because this key should be random. Although the outcome is the same, because of the limited character set, it sets precedence to follow good security practices.
drush-ops · Mar 2, 2024 · a6585cd · a6585cd
1 parent fd9e0da
commit a6585cd
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/Utils/StringUtils.php b/src/Utils/StringUtils.php
@@ -120,7 +120,7 @@ public static function generatePassword(int $length = 10): string
         for ($i = 0; $i < $length; $i++) {
             // Each iteration, pick a random character from the
             // allowable string and append it to the password:
-            $pass .= $allowable_characters[mt_rand(0, $len)];
+            $pass .= $allowable_characters[random_int(0, $len)];
         }
 
         return $pass;