mini-remote-downloader icon indicating copy to clipboard operation
mini-remote-downloader copied to clipboard

Published 20 hours ago verified publisher icon P1-Ro

Bump itsdangerous from 0.24 to 1.1.0

Open dependabot-preview[bot] opened this issue 4 years ago • 0 comments

Bumps itsdangerous from 0.24 to 1.1.0.

Changelog

Sourced from itsdangerous's changelog.

Version 1.1.0

Released 2018-10-26

  • Change default signing algorithm back to SHA-1. 113
  • Added a default SHA-512 fallback for users who used the yanked 1.0.0 release which defaulted to SHA-512. 114
  • Add support for fallback algorithms during deserialization to support changing the default in the future without breaking existing signatures. 113
  • Changed capitalization of packages back to lowercase as the change in capitalization broke some tooling. 113

Version 1.0.0

Released 2018-10-18

YANKED

Note: This release was yanked from PyPI because it changed the default algorithm to SHA-512. This decision was reverted in 1.1.0 and it remains at SHA1.

  • Drop support for Python 2.6 and 3.3.

  • Refactor code from a single module to a package. Any object in the API docs is still importable from the top-level itsdangerous name, but other imports will need to be changed. A future release will remove many of these compatibility imports. 107

  • Optimize how timestamps are serialized and deserialized. 13

  • base64_decode raises BadData when it is passed invalid data. 27

  • Ensure value is bytes when signing to avoid a TypeError on Python 3. 29

  • Add a serializer_kwargs argument to Serializer, which is passed to dumps during dump_payload. 36

  • More compact JSON dumps for unicode strings. 38

  • Use the full timestamp rather than an offset, allowing dates before 2011. 46

    To retain compatibility with signers from previous versions, consider using this shim <https://github.com/pallets/itsdangerous /issues/120#issuecomment-456913331> when unsigning.

  • Detect a sep character that may show up in the signature itself and raise a ValueError. 62

  • Use a consistent signature for keyword arguments for Serializer.load_payload in subclasses. 74, 75

  • Change default intermediate hash from SHA-1 to SHA-512. 80

  • Convert JWS exp header to an int when loading. 99

Commits
  • 6e63598 release 1.1.0
  • 66c9319 link #114 changelog
  • 8561891 test iter_unsigners
  • e529593 add compat import for itsdangerous.want_bytes
  • 920993c Added SHA-512 fallback by default
  • d79c74a Added SHA-512 fallback by default
  • ef8fd98 more name cleanup, parametrize fallback test
  • af4856a Added fallback signers and switch back to sha1
  • 92a6423 Document change to lowercase
  • 2fd3237 Change package back to lowercase
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
  • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

  • Update frequency (including time of day and day of week)
  • Pull request limits (per update run and/or open at any time)
  • Out-of-range updates (receive only lockfile updates, if desired)
  • Security updates (receive only security updates, if desired)

dependabot-preview[bot] avatar Nov 30 '20 05:11 dependabot-preview[bot]