refactor: add 'usedforsecurity=False' arg to hashlib.md5 usage

[cquick01]

This argument was introduced in Python 3.9, but using hashlib.new() prevents <3.9 versions from throwing an exception.

Tested running locally against 3.7, 3.9, and 3.10.

Closes #1187

[erezsh]

I didn't realize we call md5 from 3 different places. Would you mind refactoring it into a single function, like load_grammar.md5_digest(), and call that instead?

[erezsh]

Thanks! Also, mypy fails with

lark/load_grammar.py:1419: error: Unexpected keyword argument "usedforsecurity" for "new"  

Can you check if there's a way to fix this? If not, adding an "ignore" comment is good enough for me.

[cquick01]

Latest commit adds an explicit check for Python 3.9+ to pass the usedforsecurity argument. It's slightly messier now so if you'd prefer just changing to # type: ignore we can change back to that.

Latest commit:

if sys.version_info >= (3, 9):
    return hashlib.md5(s.encode('utf8'), usedforsecurity=False).hexdigest()
else:
    return hashlib.md5(s.encode('utf8')).hexdigest()

Or slightly cleaner version with less repeated code

hashlib.new("md5", s.encode("utf8"), usedforsecurity=False).hexdigest()  # type: ignore

[erezsh]

Looks good to me. I'll wait a bit to see if @MegaIng has anything to add.

[MegaIng]

I don't really have anything to add. IMO a version check is cleaner than a type ignore.

[erezsh]

@cquick01 Thank you for your contribution!

[jjtroberts]

Thank you all for working on this fix. When might the next release be cut?

[erezsh]

It's probably about time for a new release! I'll try to do it early next week.

[erezsh]

@jjtroberts Released 1.1.3