faraday icon indicating copy to clipboard operation
faraday copied to clipboard

Published 20 hours ago verified publisher icon infobyte

itsdangerous: JWS support (JSONWebSignatureSerializer, TimedJSONWebSignatureSerializer) is deprecated

Open elboulangero opened this issue 2 years ago • 1 comments

Dear Faraday maintainers,

itsdangerous deprecated JSONWebSignatureSerializer, TimedJSONWebSignatureSerializer in version 2.0 (2021, June) and completely removed it in version 2.1 (2022, February).

The version 2.1 of itsdangerous entered Kali Rolling end of February: https://pkg.kali.org/pkg/python-itsdangerous.

I can see that the automatic tests in Kali fails since then, eg. https://autopkgtest.kali.org/data/autopkgtest/kali-rolling/amd64/p/python-faraday/4106273/log.gz. Failure at the bottom of the logs:

Traceback (most recent call last):
  File "/usr/bin/faraday-manage", line 33, in <module>
    sys.exit(load_entry_point('faradaysec==3.19.0', 'console_scripts', 'faraday-manage')())
  File "/usr/bin/faraday-manage", line 25, in importlib_load_entry_point
    return next(matches).load()
  File "/usr/lib/python3.9/importlib/metadata.py", line 77, in load
    module = import_module(match.group('module'))
  File "/usr/lib/python3.9/importlib/__init__.py", line 127, in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
  File "<frozen importlib._bootstrap>", line 1030, in _gcd_import
  File "<frozen importlib._bootstrap>", line 1007, in _find_and_load
  File "<frozen importlib._bootstrap>", line 986, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 680, in _load_unlocked
  File "<frozen importlib._bootstrap_external>", line 850, in exec_module
  File "<frozen importlib._bootstrap>", line 228, in _call_with_frames_removed
  File "/usr/lib/python3/dist-packages/faraday/manage.py", line 49, in <module>
    from faraday.server.commands.app_urls import show_all_urls
  File "/usr/lib/python3/dist-packages/faraday/server/commands/app_urls.py", line 11, in <module>
    from faraday.server.web import get_app
  File "/usr/lib/python3/dist-packages/faraday/server/web.py", line 27, in <module>
    from faraday.server.app import create_app
  File "/usr/lib/python3/dist-packages/faraday/server/app.py", line 13, in <module>
    from itsdangerous import TimedJSONWebSignatureSerializer, SignatureExpired, BadSignature
ImportError: cannot import name 'TimedJSONWebSignatureSerializer' from 'itsdangerous' (/usr/lib/python3/dist-packages/itsdangerous/__init__.py)

cc @sbrun

elboulangero avatar Mar 14 '22 07:03 elboulangero

@elboulangero Thanks this was on our radar. Now that kali will upgrade wi will look at it

aenima-x avatar Mar 14 '22 11:03 aenima-x

Thanks for the bug report, fixed.

fedek avatar Nov 10 '22 21:11 fedek