From d7b8c44151672affcb3803c410b94e9a8d7af142 Mon Sep 17 00:00:00 2001
From: Tanker187 <yesim100ya@outlook.com>
Date: Tue, 24 Feb 2026 16:36:15 -0500
Subject: [PATCH] Potential fix for code scanning alert no. 8: Use of password
 hash with insufficient computational effort

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 test/integration/auth.spec.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/integration/auth.spec.ts b/test/integration/auth.spec.ts
index 3c538d3319..92b58c5014 100644
--- a/test/integration/auth.spec.ts
+++ b/test/integration/auth.spec.ts
@@ -1948,7 +1948,7 @@ describe('admin.auth', () => {
       it('importUsers() should upload a user to the specified tenant', () => {
         const currentHashKey = importOptions.hash.key.toString('utf8');
         const passwordHash =
-          crypto.createHmac('sha256', currentHashKey).update(rawPassword + rawSalt).digest();
+          crypto.pbkdf2Sync(rawPassword, rawSalt, 100000, 32, 'sha256');
         const importUserRecord: any = {
           uid: createdUserUid,
           email: createdUserUid + '@example.com',