Core: Fix FIPS compliance

[JReinhold]

What I did

Changed the default hashing algorithm for the file system cache from MD5 to SHA256, as FIPS environments don't allow the usage of insecure hasing algorithms like MD5.

Using Storybook in a FIPS environment would result in an error like:

  throw error;
  ^

Error: error:060800C8:digital envelope routines:EVP_DigestInit_ex:disabled for FIPS
    at new Hash (node:internal/crypto/hash:79:19)
    at createHash (node:crypto:142:10)
    at new FileSystemCache (/node_modules/@storybook/core/dist/common/index.cjs:16584:111)
    at createFileSystemCache (/node_modules/@storybook/core/dist/common/index.cjs:16668:10)
    at Object.<anonymous> (/node_modules/@storybook/core/dist/common/index.cjs:16924:10)
    at Module._compile (node:internal/modules/cjs/loader:1529:14)
    at Module._extensions..js (node:internal/modules/cjs/loader:1613:10)
    at Module.load (node:internal/modules/cjs/loader:1275:32)
    at Module._load (node:internal/modules/cjs/loader:1096:12)
    at Module.require (node:internal/modules/cjs/loader:1298:19) {
  library: 'digital envelope routines',
  function: 'EVP_DigestInit_ex',
  reason: 'disabled for FIPS',
  code: 'ERR_OSSL_EVP_DISABLED_FOR_FIPS'
}

Node.js v20.19.1
error Command failed with exit code 7.

Checklist for Contributors

Testing

The changes in this PR are covered in the following automated tests:

• stories
• unit tests
• integration tests
• end-to-end tests

Manual testing

This section is mandatory for all contributions. If you believe no manual test is necessary, please state so explicitly. Thanks!

Documentation

• Add or update documentation reflecting your changes
• If you are deprecating/removing a feature, make sure to update
  MIGRATION.MD

Checklist for Maintainers

• When this PR is ready for testing, make sure to add ci:normal, ci:merged or ci:daily GH label to it to run a specific set of sandboxes. The particular set of sandboxes can be found in code/lib/cli-storybook/src/sandbox-templates.ts

• Make sure this PR contains one of the labels below:

  Available labels

  • bug: Internal changes that fixes incorrect behavior.
  • maintenance: User-facing maintenance tasks.
  • dependencies: Upgrading (sometimes downgrading) dependencies.
  • build: Internal-facing build tooling & test updates. Will not show up in release changelog.
  • cleanup: Minor cleanup style change. Will not show up in release changelog.
  • documentation: Documentation only changes. Will not show up in release changelog.
  • feature request: Introducing a new feature.
  • BREAKING CHANGE: Changes that break compatibility in some way with current major version.
  • other: Changes that don't fit in the above categories.

🦋 Canary release

0.0.0-pr-31806-sha-dd7d87dd

Greptile Summary

Updates FileSystemCache to use SHA256 instead of MD5 for FIPS-compliant environments, addressing compatibility issues with secure computing standards.

• Modified code/core/src/common/utils/file-cache.ts to replace MD5 with SHA256 hashing algorithm
• Resolves runtime errors in FIPS environments where MD5 is disabled as an insecure algorithm
• Existing caches using MD5 will need to be regenerated with the new SHA256 algorithm
• Change improves security while maintaining cache functionality
• No breaking changes to the cache API, only internal hashing implementation changed

[storybook-bot]

Failed to publish canary version of this pull request, triggered by @JReinhold. See the failed workflow run at: https://github.com/storybookjs/storybook/actions/runs/15716517128

[nx-cloud]

View your CI Pipeline Execution ↗ for commit 71a9bb7

Command	Status	Duration	Result
nx run-many -t check -c production --parallel=7	✅ Succeeded	1s	View ↗
nx run-many -t build -c production --parallel=3	✅ Succeeded	3s	View ↗

---

☁️ Nx Cloud last updated this comment at 2025-07-08 09:06:15 UTC

[greptile-apps]

LGTM

_{1 file reviewed, no comments
Edit PR Review Bot Settings | Greptile}

[storybook-app-bot]

Package Benchmarks

^{Commit: 71a9bb7, ran on 8 July 2025 at 09:10:02 UTC}

The following packages have significant changes to their size or dependencies:

storybook

	Before	After	Difference
Dependency count	51	49	🎉 -2 🎉
Self size	31.75 MB	31.85 MB	🚨 +103 KB 🚨
Dependency size	17.43 MB	17.41 MB	🎉 -22 KB 🎉
Bundle Size Analyzer	Link	Link

@storybook/ember

	Before	After	Difference
Dependency count	202	204	🚨 +2 🚨
Self size	28 KB	28 KB	🎉 -2 B 🎉
Dependency size	27.95 MB	28.76 MB	🚨 +810 KB 🚨
Bundle Size Analyzer	Link	Link

sb

	Before	After	Difference
Dependency count	52	50	🎉 -2 🎉
Self size	1 KB	1 KB	0 B
Dependency size	49.18 MB	49.26 MB	🚨 +81 KB 🚨
Bundle Size Analyzer	Link	Link

@storybook/cli

	Before	After	Difference
Dependency count	217	215	🎉 -2 🎉
Self size	582 KB	582 KB	🚨 +170 B 🚨
Dependency size	94.81 MB	94.86 MB	🚨 +48 KB 🚨
Bundle Size Analyzer	Link	Link

@storybook/codemod

	Before	After	Difference
Dependency count	186	184	🎉 -2 🎉
Self size	31 KB	31 KB	0 B
Dependency size	78.91 MB	78.99 MB	🚨 +81 KB 🚨
Bundle Size Analyzer	Link	Link

create-storybook

	Before	After	Difference
Dependency count	1	1	0
Self size	12.50 MB	12.47 MB	🎉 -32 KB 🎉
Dependency size	98 KB	98 KB	0 B
Bundle Size Analyzer	Link	Link