The offending dependency is usrsctp (https://github.com/sctplab/usrsctp) at commit 9d6b99b:

https://github.com/sctplab/usrsctp/archive/9d6b99b10a70f7a63d21cd80d03c353da9ac19d3.zip

This file's sha256sum has always been

    d9b7b3350ea0be2a3d1437e404d4852df741c4984b734729c5edc337ff4b7611

    e86fe0b8aabef0eae207a94a5525da303e90477c37fce272c84e2d87d7ac169b