From cd0fe04ae5b1acd6bb11634c84239c2c6b76c340 Mon Sep 17 00:00:00 2001
From: John Caruso <johncaruso@hey.com>
Date: Thu, 6 Jul 2023 16:41:18 -0400
Subject: [PATCH 1/4] update dependency - remove vulnerabilities

---
 package.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/package.json b/package.json
index 7828bb5..ba7e2c9 100644
--- a/package.json
+++ b/package.json
@@ -3,9 +3,9 @@
   "description": "Simple browser implementation of the Gravatar API",
   "version": "1.1.1",
   "dependencies": {
-    "md5-component": "0.0.1",
+    "component-querystring": "2.0.1",
     "jsonp": "0.1.0",
-    "component-querystring": "1.3.2"
+    "md5-component": "0.0.1"
   },
   "browser": {
     "md5": "md5-component",

From eafbf76555bdf6a77d1c8d4aa7c7fdbe13a5a480 Mon Sep 17 00:00:00 2001
From: John Caruso <johncaruso@hey.com>
Date: Thu, 6 Jul 2023 16:50:06 -0400
Subject: [PATCH 2/4] replace md5 with sha256

---
 index.js     | 6 +++---
 package.json | 1 +
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/index.js b/index.js
index b69c691..ce01ebd 100644
--- a/index.js
+++ b/index.js
@@ -2,7 +2,7 @@
  * Module dependencies.
  */
 
-var md5 = require('md5');
+var sha256 = require('js-sha256');
 var jsonp = require('jsonp');
 var querystring = require('querystring');
 
@@ -19,7 +19,7 @@ exports.url = function (email, config) {
   config = config || {};
   var qs = querystring.stringify(config);
   var qs = qs === '' ? '' : '?' + qs;
-  var url = 'https://secure.gravatar.com/avatar/' + md5(email.trim().toLowerCase()) + qs;
+  var url = 'https://secure.gravatar.com/avatar/' + sha256(email.trim().toLowerCase()) + qs;
   return url;
 };
 
@@ -32,7 +32,7 @@ exports.url = function (email, config) {
  */
 
 exports.profile = function (email, fn) {
-  var url = 'https://secure.gravatar.com/' + md5(email.trim().toLowerCase());
+  var url = 'https://secure.gravatar.com/' + sha256(email.trim().toLowerCase());
   jsonp(url + '.json', function (err, obj) {
     if (err) return fn(err);
     if (obj && obj.entry) {
diff --git a/package.json b/package.json
index ba7e2c9..82c5675 100644
--- a/package.json
+++ b/package.json
@@ -4,6 +4,7 @@
   "version": "1.1.1",
   "dependencies": {
     "component-querystring": "2.0.1",
+    "js-sha256": "0.9.0",
     "jsonp": "0.1.0",
     "md5-component": "0.0.1"
   },

From cc0d78f3eab5671bf762e078f56380d45792b13e Mon Sep 17 00:00:00 2001
From: John Caruso <johncaruso@hey.com>
Date: Wed, 19 Jul 2023 16:50:07 -0400
Subject: [PATCH 3/4] remove md5-component from dependencies

---
 package.json | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/package.json b/package.json
index 82c5675..d0ba6dc 100644
--- a/package.json
+++ b/package.json
@@ -5,8 +5,7 @@
   "dependencies": {
     "component-querystring": "2.0.1",
     "js-sha256": "0.9.0",
-    "jsonp": "0.1.0",
-    "md5-component": "0.0.1"
+    "jsonp": "0.1.0"
   },
   "browser": {
     "md5": "md5-component",

From f2001c43fcdb60ae085ce731de6ec8aec66a4461 Mon Sep 17 00:00:00 2001
From: John Caruso <johncaruso@hey.com>
Date: Wed, 26 Jul 2023 10:27:44 -0400
Subject: [PATCH 4/4] remove reference to browser/md5

---
 package.json | 1 -
 1 file changed, 1 deletion(-)

diff --git a/package.json b/package.json
index d0ba6dc..ffdc81e 100644
--- a/package.json
+++ b/package.json
@@ -8,7 +8,6 @@
     "jsonp": "0.1.0"
   },
   "browser": {
-    "md5": "md5-component",
     "querystring": "component-querystring"
   },
   "component": {