Open mattg-sigsci opened 4 years ago
👋 @mattg-sigsci is this going to be merged? we (at snyk) plan to add this issue to our vulnerability db when but can wait until it is mitigated.
@gurshafriri I don't know. It doesn't seem like RobotsAndPencils is maintaining this library. We're not using this fork anymore. Maybe one of the other forks is more maintained, perhaps Cloudflare's?
Hello @mbrevoort since there are some security concern, can you please give us some of your time for review this PR and bring it into the repository? Thanks!
SHA1 is vulnerable so better to use SHA256 instead