Shopify: ShopifyAPI is vulnerable to timing attacks.

Dear Shopify bug bounty team, The Python ShopifyAPI library is vulnerable to timing attacks, because the validatehmac falls back to a non-constant time comparison when hmac.comparedigest is not available. I am perfectly aware that this issue is out of scope, but your Shopify Guru Jack P. kindly...