This new v1 patch:
- displays a warning telling people v1 has reached its end of life
- uses 15k pbkdf2 iterations with SHA-256, making it more secure (unless an old password_template is used, then we keep using 1k to stay backward compatible)
I was going to just mark v1 as deprecated but npm statistics show some users are still on it, that way they can benefit from added security as well.
With this v1 reaches its end of life.