diff --git a/shard.yml b/shard.yml
index 2f97e90..6e506fd 100644
--- a/shard.yml
+++ b/shard.yml
@@ -4,17 +4,18 @@ version: 0.3.0
 dependencies:
   kemal-session:
     github: kemalcr/kemal-session
-    version: 0.8.0
+    #version: 0.8.0
+    branch: master
 
 development_dependencies:
   kemal:
     github: sdogruyol/kemal
-    version: 0.20.0
+    version: 0.22.0
 
 authors:
   - Serdar Dogruyol <dogruyolserdar@gmail.com>
 
 
-crystal: 0.23.0
+crystal: 0.24.1
 
 license: MIT
diff --git a/src/kemal-csrf.cr b/src/kemal-csrf.cr
index 6cafcd9..86695f3 100644
--- a/src/kemal-csrf.cr
+++ b/src/kemal-csrf.cr
@@ -1,4 +1,4 @@
-require "secure_random"
+require "random/secure"
 require "kemal"
 require "kemal-session"
 
@@ -11,10 +11,9 @@ require "kemal-session"
 # where an attacker can re-submit a form.
 #
 class CSRF < Kemal::Handler
-  
-  def initialize(@header = "X_CSRF_TOKEN", @allowed_methods = %w(GET HEAD OPTIONS TRACE), @parameter_name = "authenticity_token", @error : String | (HTTP::Server::Context->String) = "Forbidden", @allowed_routes = [] of String)
+  def initialize(@header = "X_CSRF_TOKEN", @allowed_methods = %w(GET HEAD OPTIONS TRACE), @parameter_name = "authenticity_token", @error : String | (HTTP::Server::Context -> String) = "Forbidden", @allowed_routes = [] of String)
     setup
-  end 
+  end
 
   def setup
     @allowed_routes.each do |path|
@@ -24,11 +23,11 @@ class CSRF < Kemal::Handler
       end
     end
   end
-  
+
   def call(context)
     return call_next(context) if exclude_match?(context)
     unless context.session.string?("csrf")
-      csrf_token = SecureRandom.hex(16)
+      csrf_token = Random::Secure.hex(16)
       context.session.string("csrf", csrf_token)
       context.response.cookies << HTTP::Cookie.new(
         name: @parameter_name,