“we recommend to deprecate SHA-1 everywhere, even when there is no direct evidence that this weaknesses can be exploited. SHA-1 has been broken for 15 years, and there are better alternatives available, well-studied, and standardized” https://eprint.iacr.org/2020/014.pdf #sha1