crypto-js is no longer maintained
briancameron-appsec opened this issue · comments
crypto-js is discontinued. Probably a good idea to switch to using something else as a dependency for SHA.
I notice crypto-js is only used here:
Line 25 in 5df5a1b
SHA-1 is considered unsafe and has collision concerns. Shouldn't SHA-256 be used instead these days?