gurshafriri
commented
4 years ago 👋 @mattg-sigsci is this going to be merged? we (at snyk) plan to add this issue to our vulnerability db when but can wait until it is mitigated.
Open mattg-sigsci opened 4 years ago
gurshafriri
commented
4 years ago 👋 @mattg-sigsci is this going to be merged? we (at snyk) plan to add this issue to our vulnerability db when but can wait until it is mitigated.
mattg-sigsci
commented
4 years ago @gurshafriri I don't know. It doesn't seem like RobotsAndPencils is maintaining this library. We're not using this fork anymore. Maybe one of the other forks is more maintained, perhaps Cloudflare's?
bestbug456
commented
1 year ago Hello @mbrevoort since there are some security concern, can you please give us some of your time for review this PR and bring it into the repository? Thanks!
SHA1 is vulnerable so better to use SHA256 instead