Oh, so SHA-1 was cracked by whom last year to have made browsers give warnings?
No one. You exaggerate out the butt.
I’m a computer developer and professional with many years in the Federal security space.
While SHA-1 is not forbidden, Federally, they are moving to make it non-FIPS-compliant at some point, and internal guidance is to take the 15 minutes and convert your app to SHA-3 or SHA-256.
It’s not QUITE an overstatement to say SHA-1 is insecure. If it is not insecure now, it will be shortly.
Think of conversion to a more robust security schema as a proactive move.
Actually, the warnings started in 2014-2015 as the vulnerability of SHA-1 was anticipated, but not proven. See the cited articles. Google just proved it last month.