[tkone]

Simple answer: github was doing most of this work as SHA1 is a non-allowed hash type for FIPS compliance, which mattered since Microsoft had landed the US DoD JEDI contract.

The JEDI contract was cancelled a in 2021 so the work never continued on that workstream.

source: former github developer

[FreakLegion]

Clarification: SHA-1 is under review but still allowed. The next revision of FIPS 180-4 will certainly start the clock on retiring it, but that's a years-long process.

[layer8]

More specifically, the current deadline is end of 2030: “Modules that still use SHA-1 after 2030 will not be permitted for purchase by the federal government.” (https://www.nist.gov/news-events/news/2022/12/nist-retires-s...)