Bump itsdangerous from 0.24 to 2.0.1

[dependabot-preview[bot]]

Bumps itsdangerous from 0.24 to 2.0.1.

Release notes

Sourced from itsdangerous's releases.

2.0.1

• Changes: https://itsdangerous.palletsprojects.com/en/2.0.x/changes/#version-2-0-1

2.0.0

New major versions of all the core Pallets libraries, including ItsDangerous 2.0, have been released! :tada:

• Read the announcement on our blog: https://palletsprojects.com/blog/flask-2-0-released/
• Read the full list of changes: https://itsdangerous.palletsprojects.com/changes/#version-2-0-0
• Retweet the announcement on Twitter: https://twitter.com/PalletsTeam/status/1392266507296514048
• Follow our blog, Twitter, or GitHub to see future announcements.

This represents a significant amount of work, and there are quite a few changes. Be sure to carefully read the changelog, and use tools such as pip-compile and Dependabot to pin your dependencies and control your updates.

2.0.0rc2

• Changes: https://itsdangerous.palletsprojects.com/en/master/changes/#version-2-0-0

Changelog

Sourced from itsdangerous's changelog.

Version 2.0.1

Released 2021-05-18

• Mark top-level names as exported so type checking understands imports in user projects. 240
• The salt argument to Serializer and Signer can be None again. 237

Version 2.0.0

Released 2021-05-11

• Drop support for Python 2 and 3.5.
• JWS support (JSONWebSignatureSerializer, TimedJSONWebSignatureSerializer) is deprecated. Use a dedicated JWS/JWT library such as authlib instead. 129
• Importing itsdangerous.json is deprecated. Import Python's json module instead. 152
• Simplejson is no longer used if it is installed. To use a different library, pass it as Serializer(serializer=...). 146
• datetime values are timezone-aware with timezone.utc. Code using TimestampSigner.unsign(return_timestamp=True) or BadTimeSignature.date_signed may need to change. 150
• If a signature has an age less than 0, it will raise SignatureExpired rather than appearing valid. This can happen if the timestamp offset is changed. 126
• BadTimeSignature.date_signed is always a datetime object rather than an int in some cases. 124
• Added support for key rotation. A list of keys can be passed as secret_key, oldest to newest. The newest key is used for signing, all keys are tried for unsigning. 141
• Removed the default SHA-512 fallback signer from default_fallback_signers. 155
• Add type information for static typing tools. 186

Version 1.1.0

Released 2018-10-26

• Change default signing algorithm back to SHA-1. 113
• Added a default SHA-512 fallback for users who used the yanked 1.0.0 release which defaulted to SHA-512. 114
• Add support for fallback algorithms during deserialization to support changing the default in the future without breaking existing signatures. 113
• Changed capitalization of packages back to lowercase as the change in capitalization broke some tooling. 113

Version 1.0.0

Released 2018-10-18

YANKED

Note: This release was yanked from PyPI because it changed the default algorithm to SHA-512. This decision was reverted in 1.1.0 and it remains at SHA1.

• Drop support for Python 2.6 and 3.3.
• Refactor code from a single module to a package. Any object in the API docs is still importable from the top-level itsdangerous name, but other imports will need to be changed. A future release will remove many of these compatibility imports. 107
• Optimize how timestamps are serialized and deserialized. 13
• base64_decode raises BadData when it is passed invalid data. 27
• Ensure value is bytes when signing to avoid a TypeError on Python 3. 29
• Add a serializer_kwargs argument to Serializer, which is passed to dumps during dump_payload. 36
• More compact JSON dumps for unicode strings. 38

... (truncated)

Commits

• 8f39dd3 Merge pull request #242 from pallets/release-2.0.1
• eccb31f release version 2.0.1
• 87d4e83 Merge pull request #241 from pallets/salt-default
• 41ec419 allow salt=None again
• 15a2e0d Merge pull request #240 from pallets/update-typing
• d2250ed mark top-level names as exported
• 56823cd Merge pull request #236 from pallets/default-branch
• b9c36cc rename default branch in files
• 0f37243 start version 2.0.1.dev0
• d101100 Merge pull request #235 from pallets/release-2.0.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)