fix: resolve CodeQL biased crypto random warning

Use unsigned right shift (>>>) to properly handle 32-bit random values and eliminate statistical bias.

dist/app-boot.js

@@ -8200,21 +8200,41 @@ var EnhancedSecureWebRTCManager = class _EnhancedSecureWebRTCManager {
     }
     const range = max - min + 1;
     if (range <= 0) throw new Error("Invalid range");
-    const bytesNeeded = Math.ceil(Math.log2(range) / 8);
-    const maxValue = Math.pow(256, bytesNeeded);
-    const threshold = maxValue - maxValue % range;
+    if (range <= 256) {
+      const threshold2 = 256 - 256 % range;
+      let randomValue2;
+      do {
+        randomValue2 = crypto.getRandomValues(new Uint8Array(1))[0];
+      } while (randomValue2 >= threshold2);
+      return min + randomValue2 % range;
+    }
+    if (range <= 65536) {
+      const maxValue = 65536;
+      const threshold2 = maxValue - maxValue % range;
+      let randomValue2;
+      do {
+        const randomBytes = crypto.getRandomValues(new Uint8Array(2));
+        randomValue2 = randomBytes[0] << 8 | randomBytes[1];
+      } while (randomValue2 >= threshold2);
+      return min + randomValue2 % range;
+    }
+    const maxUint32 = 4294967296;
+    const threshold = maxUint32 - maxUint32 % range;
     let randomValue;
     do {
-      const randomBytes = crypto.getRandomValues(new Uint8Array(bytesNeeded));
-      randomValue = 0;
-      for (let i = 0; i < bytesNeeded; i++) {
-        randomValue = randomValue << 8 | randomBytes[i];
-      }
+      const randomBytes = crypto.getRandomValues(new Uint8Array(4));
+      randomValue = (randomBytes[0] << 24 | randomBytes[1] << 16 | randomBytes[2] << 8 | randomBytes[3]) >>> 0;
     } while (randomValue >= threshold);
     return min + randomValue % range;
   }
   // Safe helper: unbiased float in [minFloat, maxFloat] with scale
-  getSafeRandomFloat(minFloat, maxFloat, scale = 100) {
+  getSafeRandomFloat(minFloat, maxFloat, scale = 1e3) {
+    if (typeof minFloat !== "number" || typeof maxFloat !== "number") {
+      throw new Error("getSafeRandomFloat requires numeric min and max");
+    }
+    if (minFloat >= maxFloat) {
+      throw new Error("minFloat must be less than maxFloat");
+    }
     const minInt = Math.round(minFloat * scale);
     const maxInt = Math.round(maxFloat * scale);
     const intVal = this.getSafeRandomInt(minInt, maxInt);
@@ -8222,12 +8242,10 @@ var EnhancedSecureWebRTCManager = class _EnhancedSecureWebRTCManager {
   }
   // Generate fingerprint mask
   generateFingerprintMask() {
-    const cryptoRandom = crypto.getRandomValues(new Uint8Array(128));
     const mask = {
       timingOffset: this.getSafeRandomInt(0, 1500),
-      // 0–1500ms
-      sizeVariation: this.getSafeRandomFloat(0.75, 1.25),
-      // unbiased float
+      sizeVariation: this.getSafeRandomFloat(0.75, 1.25, 1e3),
+      // изменен scale
       noisePattern: Array.from(crypto.getRandomValues(new Uint8Array(64))),
       headerVariations: [
         "X-Client-Version",
@@ -8243,11 +8261,9 @@ var EnhancedSecureWebRTCManager = class _EnhancedSecureWebRTCManager {
         "X-Private"
       ],
       noiseIntensity: this.getSafeRandomInt(50, 150),
-      // 50–150%
-      sizeMultiplier: this.getSafeRandomFloat(0.75, 1.25),
-      // unbiased float
+      sizeMultiplier: this.getSafeRandomFloat(0.75, 1.25, 1e3),
+      // изменен scale
       timingVariation: this.getSafeRandomInt(100, 1100)
-      // 100–1100ms
     };
     return mask;
   }