Bump itsdangerous from 0.24 to 2.0.1#45

Bumps [itsdangerous](https://github.com/pallets/itsdangerous) from 0.24 to 2.0.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pallets/itsdangerous/releases">itsdangerous's releases</a>.</em></p> <blockquote> <h2>2.0.1</h2> <ul> <li>Changes: <a href="https://itsdangerous.palletsprojects.com/en/2.0.x/changes/#version-2-0-1">https://itsdangerous.palletsprojects.com/en/2.0.x/changes/#version-2-0-1</a></li> </ul> <h2>2.0.0</h2> <p>New major versions of all the core Pallets libraries, including ItsDangerous 2.0, have been released! :tada:</p> <ul> <li>Read the announcement on our blog: <a href="https://palletsprojects.com/blog/flask-2-0-released/">https://palletsprojects.com/blog/flask-2-0-released/</a></li> <li>Read the full list of changes: <a href="https://itsdangerous.palletsprojects.com/changes/#version-2-0-0">https://itsdangerous.palletsprojects.com/changes/#version-2-0-0</a></li> <li>Retweet the announcement on Twitter: <a href="https://twitter.com/PalletsTeam/status/1392266507296514048">https://twitter.com/PalletsTeam/status/1392266507296514048</a></li> <li>Follow our blog, Twitter, or GitHub to see future announcements.</li> </ul> <p>This represents a significant amount of work, and there are quite a few changes. Be sure to carefully read the changelog, and use tools such as pip-compile and Dependabot to pin your dependencies and control your updates.</p> <h2>2.0.0rc2</h2> <ul> <li>Changes: <a href="https://itsdangerous.palletsprojects.com/en/master/changes/#version-2-0-0">https://itsdangerous.palletsprojects.com/en/master/changes/#version-2-0-0</a></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pallets/itsdangerous/blob/main/CHANGES.rst">itsdangerous's changelog</a>.</em></p> <blockquote> <h1>Version 2.0.1</h1> <p>Released 2021-05-18</p> <ul> <li>Mark top-level names as exported so type checking understands imports in user projects. 240</li> <li>The <code>salt</code> argument to <code>Serializer</code> and <code>Signer</code> can be <code>None</code> again. 237</li> </ul> <h1>Version 2.0.0</h1> <p>Released 2021-05-11</p> <ul> <li>Drop support for Python 2 and 3.5.</li> <li>JWS support (<code>JSONWebSignatureSerializer</code>, <code>TimedJSONWebSignatureSerializer</code>) is deprecated. Use a dedicated JWS/JWT library such as authlib instead. 129</li> <li>Importing <code>itsdangerous.json</code> is deprecated. Import Python's <code>json</code> module instead. 152</li> <li>Simplejson is no longer used if it is installed. To use a different library, pass it as <code>Serializer(serializer=...)</code>. 146</li> <li><code>datetime</code> values are timezone-aware with <code>timezone.utc</code>. Code using <code>TimestampSigner.unsign(return_timestamp=True)</code> or <code>BadTimeSignature.date_signed</code> may need to change. 150</li> <li>If a signature has an age less than 0, it will raise <code>SignatureExpired</code> rather than appearing valid. This can happen if the timestamp offset is changed. 126</li> <li><code>BadTimeSignature.date_signed</code> is always a <code>datetime</code> object rather than an <code>int</code> in some cases. 124</li> <li>Added support for key rotation. A list of keys can be passed as <code>secret_key</code>, oldest to newest. The newest key is used for signing, all keys are tried for unsigning. 141</li> <li>Removed the default SHA-512 fallback signer from <code>default_fallback_signers</code>. 155</li> <li>Add type information for static typing tools. 186</li> </ul> <h1>Version 1.1.0</h1> <p>Released 2018-10-26</p> <ul> <li>Change default signing algorithm back to SHA-1. 113</li> <li>Added a default SHA-512 fallback for users who used the yanked 1.0.0 release which defaulted to SHA-512. 114</li> <li>Add support for fallback algorithms during deserialization to support changing the default in the future without breaking existing signatures. 113</li> <li>Changed capitalization of packages back to lowercase as the change in capitalization broke some tooling. 113</li> </ul> <h1>Version 1.0.0</h1> <p>Released 2018-10-18</p> <p>YANKED</p> <p><em>Note</em>: This release was yanked from PyPI because it changed the default algorithm to SHA-512. This decision was reverted in 1.1.0 and it remains at SHA1.</p> <ul> <li>Drop support for Python 2.6 and 3.3.</li> <li>Refactor code from a single module to a package. Any object in the API docs is still importable from the top-level <code>itsdangerous</code> name, but other imports will need to be changed. A future release will remove many of these compatibility imports. 107</li> <li>Optimize how timestamps are serialized and deserialized. 13</li> <li><code>base64_decode</code> raises <code>BadData</code> when it is passed invalid data. 27</li> <li>Ensure value is bytes when signing to avoid a <code>TypeError</code> on Python 3. 29</li> <li>Add a <code>serializer_kwargs</code> argument to <code>Serializer</code>, which is passed to <code>dumps</code> during <code>dump_payload</code>. 36</li> <li>More compact JSON dumps for unicode strings. 38</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pallets/itsdangerous/commit/8f39dd317914321fed26437c874637641bd598b6"><code>8f39dd3</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pallets/itsdangerous/issues/242">#242</a> from pallets/release-2.0.1</li> <li><a href="https://github.com/pallets/itsdangerous/commit/eccb31fd83e89a6787884d3e58319965ea459a67"><code>eccb31f</code></a> release version 2.0.1</li> <li><a href="https://github.com/pallets/itsdangerous/commit/87d4e83a1ff7810b5016d447b39d82ce28496f8f"><code>87d4e83</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pallets/itsdangerous/issues/241">#241</a> from pallets/salt-default</li> <li><a href="https://github.com/pallets/itsdangerous/commit/41ec419632aae3533ff12838044eeddd9cd1311f"><code>41ec419</code></a> allow salt=None again</li> <li><a href="https://github.com/pallets/itsdangerous/commit/15a2e0d9b4bdaa38144c947a9aa04ffd49826700"><code>15a2e0d</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pallets/itsdangerous/issues/240">#240</a> from pallets/update-typing</li> <li><a href="https://github.com/pallets/itsdangerous/commit/d2250ed8b2185af1ffaea4166b8d114286a95462"><code>d2250ed</code></a> mark top-level names as exported</li> <li><a href="https://github.com/pallets/itsdangerous/commit/56823cd7db35a435029626e5679e546aa260bbd6"><code>56823cd</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pallets/itsdangerous/issues/236">#236</a> from pallets/default-branch</li> <li><a href="https://github.com/pallets/itsdangerous/commit/b9c36cc5c0b79be80c4c35227db0370a3bc4990f"><code>b9c36cc</code></a> rename default branch in files</li> <li><a href="https://github.com/pallets/itsdangerous/commit/0f372436f47a85a23023abb510e7cc6bc563c392"><code>0f37243</code></a> start version 2.0.1.dev0</li> <li><a href="https://github.com/pallets/itsdangerous/commit/d101100c395958d67368b8c37d95a9c404598c2e"><code>d101100</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pallets/itsdangerous/issues/235">#235</a> from pallets/release-2.0.0</li> <li>Additional commits viewable in <a href="https://github.com/pallets/itsdangerous/compare/0.24...2.0.1">compare view</a></li> </ul> </details> <br /> [](https://dependabot.com/compatibility-score/?dependency-name=itsdangerous&package-manager=pip&previous-version=0.24&new-version=2.0.1) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) </details>