From c7567c78433f6cbb4578044a77809cd04048293c Mon Sep 17 00:00:00 2001
From: Thorsten Kaufmann <instinctvfx@googlemail.com>
Date: Wed, 8 Oct 2025 00:27:58 +0200
Subject: [PATCH 1/2] Add semgrep ignore for working dir hash

---
 src/rez/cli/release.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/rez/cli/release.py b/src/rez/cli/release.py
index 275f597ac..8ead3aea9 100644
--- a/src/rez/cli/release.py
+++ b/src/rez/cli/release.py
@@ -84,7 +84,7 @@ def command(opts, parser, extra_arg_groups=None):
     if config.prompt_release_message and not release_msg and not opts.no_message:
         from hashlib import sha1
 
-        h = sha1(working_dir.encode("utf8")).hexdigest()
+        h = sha1(working_dir.encode("utf8")).hexdigest() # nosemgrep: insecure-hash-algorithm-sha1
         filename = "rez-release-message-%s.txt" % h
         filepath = os.path.join(config.tmpdir, filename)
 

From db7d9d08b0e5768608749f8c3690e26d2b42b6ee Mon Sep 17 00:00:00 2001
From: Thorsten Kaufmann <instinctvfx@googlemail.com>
Date: Wed, 8 Oct 2025 00:35:53 +0200
Subject: [PATCH 2/2] Fix missing space to make linter happy

---
 src/rez/cli/release.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/rez/cli/release.py b/src/rez/cli/release.py
index 8ead3aea9..5419fd9f6 100644
--- a/src/rez/cli/release.py
+++ b/src/rez/cli/release.py
@@ -84,7 +84,7 @@ def command(opts, parser, extra_arg_groups=None):
     if config.prompt_release_message and not release_msg and not opts.no_message:
         from hashlib import sha1
 
-        h = sha1(working_dir.encode("utf8")).hexdigest() # nosemgrep: insecure-hash-algorithm-sha1
+        h = sha1(working_dir.encode("utf8")).hexdigest()  # nosemgrep: insecure-hash-algorithm-sha1
         filename = "rez-release-message-%s.txt" % h
         filepath = os.path.join(config.tmpdir, filename)