Microsoft.Azure.WebJobs.Host.Storage runtime DLL is compiled with insecure (Sha1) hashing algorithm

[rsimons7]

Our ADO YAML OneBranch pipelines are being flagged by Guardian BinSkim Rule BA2004. The offending DLL (Microsoft.Azure.WebJobs.Host.Storage) is used by the functions runtime during build and so not controlled by our project (this DLL is not a dependency or a transitive dependency for our project) >> we cannot force it to use SHA256 to remediate this as Guardian recommends.

In the meantime, we are suppressing this error, however we'd like to know if this is on/can be placed on a roadmap to update Microsoft.Azure.WebJobs.Host.Storage to use a secure hashing algorithm.

Pipeline error:

##[warning]Rule BA2004 is set to non-breaking in the current policy until 09/05/2025. This rule is not blocking your pipeline until 09/05/2025. Please fix the issues before the deadline. ##[warning]3. BinSkim Warning BA2004 - File: out/Ev2ServiceArtifactsRoot/bin/cspw-functions-app/DCX.Peds.AzureFunctions/.azurefunctions/Microsoft.Azure.WebJobs.Host.Storage.dll. Signature: a4385a7d0387f1b2eaa6e28917f1f9b28a981b521177964e752c8e27de91eec2 Tool: BinSkim: Rule: BA2004 (EnableSecureSourceCodeHashing). https://github.com/microsoft/binskim/blob/main/docs/BinSkimRules.md#rule-BA2004EnableSecureSourceCodeHashing 'Microsoft.Azure.WebJobs.Host.Storage.dll' is a managed binary compiled with an insecure (Sha1) source code hashing algorithm. Sha1 is subject to collision attacks and its use can compromise supply chain integrity. Pass '-checksumalgorithm:SHA256' on the csc.exe command-line or populate the project <ChecksumAlgorithm> property with 'SHA256' to enable secure source code hashing.