Make package FIPS compatible by marking blake2 hashing with usedforsecurity=False (#295)

Author: z4y4ts

AUTHORS.rst

@@ -11,3 +11,4 @@ Authors
 * Andreas Rammhold - https://github.com/andir
 * Nicholas Bunn - https://github.com/NicholasBunn
 * Nathan McDougall - https://github.com/nathanjmcdougall
+* Oleksandr Zaiats - https://github.com/z4y4ts

CHANGELOG.rst

@@ -9,6 +9,7 @@ latest
 * Improve contribution experience for Windows developers using Just.
 * Tweak Just commands for running version-specific Python tests.
 * Remove `typing-extensions` as a dependency.
+* Make package FIPS compatible by marking blake2 hashing with `usedforsecurity=False`.
 
 3.14 (2025-12-10)
 -----------------

src/grimp/adaptors/caching.py

@@ -37,7 +37,9 @@ def make_data_file_name(
         # Use a hash algorithm with a limited size to avoid cache filenames that are too long
         # the filesystem, which can happen if there are more than a few root packages
         # being analyzed.
-        safe_unicode_identifier = hashlib.blake2b(bytes_identifier, digest_size=20).hexdigest()
+        safe_unicode_identifier = hashlib.blake2b(
+            bytes_identifier, digest_size=20, usedforsecurity=False
+        ).hexdigest()
         return f"{safe_unicode_identifier}.data.json"
 
     @classmethod