fix: hashlib constructor with usedforsecurity=False

- Python 3.9 and later introduce a keyword argument ``usedforsecurity``
- Set to False because we use hash to check file integrity not for password hash.

Signed-off-by: Hiroshi Miura <[email protected]>

aqt/helper.py

@@ -94,12 +94,13 @@ def getUrl(url: str, timeout: Tuple[float, float], expected_hash: Optional[bytes
                 raise ArchiveDownloadError(msg)
         result: str = r.text
         filename = url.split("/")[-1]
+        _kwargs = {"usedforsecurity": False} if sys.version_info >= (3, 9) else {}
         if Settings.hash_algorithm == "sha256":
-            actual_hash = hashlib.sha256(bytes(result, "utf-8")).digest()
+            actual_hash = hashlib.sha256(bytes(result, "utf-8"), **_kwargs).digest()
         elif Settings.hash_algorithm == "sha1":
-            actual_hash = hashlib.sha1(bytes(result, "utf-8")).digest()
+            actual_hash = hashlib.sha1(bytes(result, "utf-8"), **_kwargs).digest()
         elif Settings.hash_algorithm == "md5":
-            actual_hash = hashlib.md5(bytes(result, "utf-8")).digest()
+            actual_hash = hashlib.md5(bytes(result, "utf-8"), **_kwargs).digest()
         else:
             raise ArchiveChecksumError(f"Unknown hash algorithm: {Settings.hash_algorithm}.\nPlease check settings.ini")
         if expected_hash is not None and expected_hash != actual_hash:
@@ -133,7 +134,10 @@ def downloadBinaryFile(url: str, out: Path, hash_algo: str, exp: bytes, timeout:
         except requests.exceptions.Timeout as e:
             raise ArchiveConnectionError(f"Connection timeout: {e.args}") from e
         else:
-            hash = hashlib.new(hash_algo)
+            if sys.version_info >= (3, 9):
+                hash = hashlib.new(hash_algo, usedforsecurity=False)
+            else:
+                hash = hashlib.new(hash_algo)
             try:
                 with open(out, "wb") as fd:
                     for chunk in r.iter_content(chunk_size=8196):