diff --git a/products/03-alert-intelligence/src/ingestion/webhook.ts b/products/03-alert-intelligence/src/ingestion/webhook.ts
index a6dc48f..0b6f087 100644
--- a/products/03-alert-intelligence/src/ingestion/webhook.ts
+++ b/products/03-alert-intelligence/src/ingestion/webhook.ts
@@ -53,7 +53,8 @@ export function validateDatadogHmac(
     .update(timestamp + body)
     .digest('hex');
 
-  if (!crypto.timingSafeEqual(Buffer.from(signature), Buffer.from(expected))) {
+  const sigBuf = Buffer.from(signature), expBuf = Buffer.from(expected);
+  if (sigBuf.length !== expBuf.length || !crypto.timingSafeEqual(sigBuf, expBuf)) {
     return { valid: false, error: 'Invalid signature' };
   }
 
@@ -90,7 +91,8 @@ export function validatePagerdutyHmac(
     .digest('hex');
 
   const sig = sigPart.slice(3);
-  if (!crypto.timingSafeEqual(Buffer.from(sig), Buffer.from(expected))) {
+  const sigBuf2 = Buffer.from(sig), expBuf2 = Buffer.from(expected);
+  if (sigBuf2.length !== expBuf2.length || !crypto.timingSafeEqual(sigBuf2, expBuf2)) {
     return { valid: false, error: 'Invalid signature' };
   }
 
@@ -128,7 +130,8 @@ export function validateOpsgenieHmac(
     .update(body)
     .digest('hex');
 
-  if (!crypto.timingSafeEqual(Buffer.from(signature), Buffer.from(expected))) {
+  const sigBuf = Buffer.from(signature), expBuf = Buffer.from(expected);
+  if (sigBuf.length !== expBuf.length || !crypto.timingSafeEqual(sigBuf, expBuf)) {
     return { valid: false, error: 'Invalid signature' };
   }
 
diff --git a/products/05-aws-cost-anomaly/tests/unit/scorer.test.ts b/products/05-aws-cost-anomaly/tests/unit/scorer.test.ts
index a24f6f6..fc7da5d 100644
--- a/products/05-aws-cost-anomaly/tests/unit/scorer.test.ts
+++ b/products/05-aws-cost-anomaly/tests/unit/scorer.test.ts
@@ -87,7 +87,7 @@ describe('scoreAnomaly', () => {
       fc.property(
         fc.float({ min: 0, max: 100, noNaN: true }),
         fc.float({ min: 0, max: 100, noNaN: true }),
-        fc.float({ min: 0.01, max: 50, noNaN: true }),
+        fc.float({ min: Math.fround(0.01), max: 50, noNaN: true }),
         (costA, costB, stddev) => {
           const baseline = { mean: 5.0, stddev };
           const scoreA = scoreAnomaly({ cost: Math.min(costA, costB), ...baseline });