Is there a new version of this package?

[JacksonGL]

It seems that the authentication of this package uses SHA-1 (code location), which has been compromised (link) a few weeks ago.

Using SHA-256 would be safer.

[jrm2k6]

Do you have any issue using it?

…

On Sat, Mar 11, 2017 at 5:30 PM Liang Gong ***@***.***> wrote: Reopened #4 <#4>. — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#4 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ABCaY3IqQvJxBN5n0vFlJtHoASePUdaJks5rk0q2gaJpZM4MR1Vt> .

[JacksonGL]

No. I was trying to report the potential security issue mentioned above. Not sure if this is the right place since it hasn't been updated since a few months ago.

[jrm2k6]

Oh yeah I saw that, I will try to fix it really soon

…

On Sat, Mar 11, 2017 at 5:45 PM Liang Gong ***@***.***> wrote: No. I was trying to report the potential security issue mentioned above. Not sure if this is the right place since it hasn't been updated since a few months ago. — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#4 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ABCaYyJ00TzLybzc4QDs18alusr5NwFmks5rk04jgaJpZM4MR1Vt> .

[JacksonGL]

Cool! Thanks.

[jrm2k6]

Sorry getting to this only now.
For bitbucket I am using oauth 1.0, I am not sure SHA-256 is supported so I will have to investigate, or hopefully they have updated their api to let us use oauth2.0, meaning we could use SHA-256

[JacksonGL]

I see. Thanks for letting me know.