Add usedforsecurity=False argument to hashlib.md5 instances to support running on FIPS-enabled systems #1187
Description
Describe the bug
Packages using lark fail when running in a FIPS-enabled environment due to use of the hashlib.md5 function. MD5 is not a secure algorithm to begin with, but it isn't really being used for security purposes here.
To support running in a FIPS environment, we can add usedforsecurity=False to the hashlib.md5 constructor. This argument is only available in Python 3.9+, but if implemented like hashlib.new('md5', usedforsecurity=False) it will not raise an exception on older versions of Python. See https://docs.python.org/3/library/hashlib.html#hash-algorithms for more info on the argument
To Reproduce
I see it when trying to install packages with poetry on a FIPS-enabled system (running RHEL 8.5).
[digital envelope routines: EVP_DigestInit_ex] disabled for FIPS
at ~/.pyenv/versions/3.9.13/lib/python3.9/site-packages/poetry/core/_vendor/lark/load_grammar.py:1315 in do_import
1311│ text = f.read()
1312│ except IOError:
1313│ continue
1314│ else:
→ 1315│ h = hashlib.md5(text.encode('utf8')).hexdigest()
1316│ if self.used_files.get(joined_path, h) != h:
1317│ raise RuntimeError("Grammar file was changed during importing")
1318│ self.used_files[joined_path] = h
1319│