Bump itsdangerous from 0.24 to 1.1.0#23
Closed
![dependabot-preview[bot]](https://avatars.githubusercontent.com/in/2141?v=4)
Bumps [itsdangerous](https://github.com/pallets/itsdangerous) from 0.24 to 1.1.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pallets/itsdangerous/blob/master/CHANGES.rst">itsdangerous's changelog</a>.</em></p> <blockquote> <h1>Version 1.1.0</h1> <p>Released 2018-10-26</p> <ul> <li>Change default signing algorithm back to SHA-1. 113</li> <li>Added a default SHA-512 fallback for users who used the yanked 1.0.0 release which defaulted to SHA-512. 114</li> <li>Add support for fallback algorithms during deserialization to support changing the default in the future without breaking existing signatures. 113</li> <li>Changed capitalization of packages back to lowercase as the change in capitalization broke some tooling. 113</li> </ul> <h1>Version 1.0.0</h1> <p>Released 2018-10-18</p> <p>YANKED</p> <p><em>Note</em>: This release was yanked from PyPI because it changed the default algorithm to SHA-512. This decision was reverted in 1.1.0 and it remains at SHA1.</p> <ul> <li> <p>Drop support for Python 2.6 and 3.3.</p> </li> <li> <p>Refactor code from a single module to a package. Any object in the API docs is still importable from the top-level <code>itsdangerous</code> name, but other imports will need to be changed. A future release will remove many of these compatibility imports. 107</p> </li> <li> <p>Optimize how timestamps are serialized and deserialized. 13</p> </li> <li> <p><code>base64_decode</code> raises <code>BadData</code> when it is passed invalid data. 27</p> </li> <li> <p>Ensure value is bytes when signing to avoid a <code>TypeError</code> on Python 3. 29</p> </li> <li> <p>Add a <code>serializer_kwargs</code> argument to <code>Serializer</code>, which is passed to <code>dumps</code> during <code>dump_payload</code>. 36</p> </li> <li> <p>More compact JSON dumps for unicode strings. 38</p> </li> <li> <p>Use the full timestamp rather than an offset, allowing dates before 2011. 46</p> <p>To retain compatibility with signers from previous versions, consider using <a href="">this shim <<a href="https://github.com/pallets/itsdangerous">https://github.com/pallets/itsdangerous</a> /issues/120#issuecomment-456913331></a> when unsigning.</p> </li> <li> <p>Detect a <code>sep</code> character that may show up in the signature itself and raise a <code>ValueError</code>. 62</p> </li> <li> <p>Use a consistent signature for keyword arguments for <code>Serializer.load_payload</code> in subclasses. 74, 75</p> </li> <li> <p>Change default intermediate hash from SHA-1 to SHA-512. 80</p> </li> <li> <p>Convert JWS exp header to an int when loading. 99</p> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pallets/itsdangerous/commit/6e6359864be6055860adf1e11d8bb0db69ff1840"><code>6e63598</code></a> release 1.1.0</li> <li><a href="https://github.com/pallets/itsdangerous/commit/66c931920251540130e512cb04c1c0a9e57a31a7"><code>66c9319</code></a> link <a href="https://github-redirect.dependabot.com/pallets/itsdangerous/issues/114">#114</a> changelog</li> <li><a href="https://github.com/pallets/itsdangerous/commit/85618914af03b35340e8add170f938d386f5cb5a"><code>8561891</code></a> test iter_unsigners</li> <li><a href="https://github.com/pallets/itsdangerous/commit/e52959388bc027e8a336c3a835856e7b08519166"><code>e529593</code></a> add compat import for itsdangerous.want_bytes</li> <li><a href="https://github.com/pallets/itsdangerous/commit/920993c48a41a322ae85ecfaa6fa43fcce1b1089"><code>920993c</code></a> Added SHA-512 fallback by default</li> <li><a href="https://github.com/pallets/itsdangerous/commit/d79c74ac6b56e7802f3e3ead948cd3454f55ab95"><code>d79c74a</code></a> Added SHA-512 fallback by default</li> <li><a href="https://github.com/pallets/itsdangerous/commit/ef8fd9894efab262761d2dcf24671592a8fc8bbf"><code>ef8fd98</code></a> more name cleanup, parametrize fallback test</li> <li><a href="https://github.com/pallets/itsdangerous/commit/af4856aeaa648369b3bc8176089221b038b7a873"><code>af4856a</code></a> Added fallback signers and switch back to sha1</li> <li><a href="https://github.com/pallets/itsdangerous/commit/92a642339f9babb7397d9ff228ef2199fca4cd5d"><code>92a6423</code></a> Document change to lowercase</li> <li><a href="https://github.com/pallets/itsdangerous/commit/2fd3237035ccf4d5b7dfe3c2ab8b5423be326564"><code>2fd3237</code></a> Change package back to lowercase</li> <li>Additional commits viewable in <a href="https://github.com/pallets/itsdangerous/compare/0.24...1.1.0">compare view</a></li> </ul> </details> <br /> [](https://dependabot.com/compatibility-score/?dependency-name=itsdangerous&package-manager=pip&previous-version=0.24&new-version=1.1.0) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) </details>
AI Analysis
This issue appears to be discussing a feature request or bug report related to the repository. Based on the content, it seems to be resolved. The issue was opened by dependabot-preview[bot] and has received 1 comments.
Add a comment
Comment form would go here