eli-darkly
commented
4 years ago (Tracked internally as 65523)
Closed pouyahbb closed 4 years ago
eli-darkly
commented
4 years ago (Tracked internally as 65523)
eli-darkly
commented
4 years ago Removed node-sha1 in the 5.11.0 release.
Since this issue has no description, I'm not sure if you're referring to the
node-sha1package specifically, or the fact that we're using SHA1 at all. To be clear, we do not use SHA1 for authentication at all— just to generate a well-distributed set of large integers for computing percentage rollouts of users.We have been using a pretty old version of
node-sha1to do this, but since that package is really just a simple wrapper for Node'scrypto, we can probably just drop that dependency rather than upgrading it. But we do need to continue using the SHA1 algorithm so customers will not suddenly start seeing different results for percentage rollouts.