issues: 890073989
This data as json
id | node_id | number | title | user | state | locked | assignee | milestone | comments | created_at | updated_at | closed_at | author_association | pull_request | body | repo | type | active_lock_reason | performed_via_github_app | reactions | draft | state_reason |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
890073989 | MDExOlB1bGxSZXF1ZXN0NjQzMTQ5MzY0 | 1325 | Update itsdangerous requirement from ~=1.1 to >=1.1,<3.0 | 49699333 | closed | 0 | 2 | 2021-05-12T13:09:03Z | 2021-05-22T23:54:25Z | 2021-05-22T23:54:25Z | CONTRIBUTOR | simonw/datasette/pulls/1325 | Updates the requirements on [itsdangerous](https://github.com/pallets/itsdangerous) to permit the latest version. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pallets/itsdangerous/releases">itsdangerous's releases</a>.</em></p> <blockquote> <h2>2.0.0</h2> <p>New major versions of all the core Pallets libraries, including ItsDangerous 2.0, have been released! :tada:</p> <ul> <li>Read the announcement on our blog: <a href="https://palletsprojects.com/blog/flask-2-0-released/">https://palletsprojects.com/blog/flask-2-0-released/</a></li> <li>Read the full list of changes: <a href="https://itsdangerous.palletsprojects.com/changes/#version-2-0-0">https://itsdangerous.palletsprojects.com/changes/#version-2-0-0</a></li> <li>Retweet the announcement on Twitter: <a href="https://twitter.com/PalletsTeam/status/1392266507296514048">https://twitter.com/PalletsTeam/status/1392266507296514048</a></li> <li>Follow our blog, Twitter, or GitHub to see future announcements.</li> </ul> <p>This represents a significant amount of work, and there are quite a few changes. Be sure to carefully read the changelog, and use tools such as pip-compile and Dependabot to pin your dependencies and control your updates.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pallets/itsdangerous/blob/main/CHANGES.rst">itsdangerous's changelog</a>.</em></p> <blockquote> <h2>Version 2.0.0</h2> <p>Released 2021-05-11</p> <ul> <li>Drop support for Python 2 and 3.5.</li> <li>JWS support (<code>JSONWebSignatureSerializer</code>, <code>TimedJSONWebSignatureSerializer</code>) is deprecated. Use a dedicated JWS/JWT library such as authlib instead. :issue:<code>129</code></li> <li>Importing <code>itsdangerous.json</code> is deprecated. Import Python's <code>json</code> module instead. :pr:<code>152</code></li> <li>Simplejson is no longer used if it is installed. To use a different library, pass it as <code>Serializer(serializer=...)</code>. :issue:<code>146</code></li> <li><code>datetime</code> values are timezone-aware with <code>timezone.utc</code>. Code using <code>TimestampSigner.unsign(return_timestamp=True)</code> or <code>BadTimeSignature.date_signed</code> may need to change. :issue:<code>150</code></li> <li>If a signature has an age less than 0, it will raise <code>SignatureExpired</code> rather than appearing valid. This can happen if the timestamp offset is changed. :issue:<code>126</code></li> <li><code>BadTimeSignature.date_signed</code> is always a <code>datetime</code> object rather than an <code>int</code> in some cases. :issue:<code>124</code></li> <li>Added support for key rotation. A list of keys can be passed as <code>secret_key</code>, oldest to newest. The newest key is used for signing, all keys are tried for unsigning. :pr:<code>141</code></li> <li>Removed the default SHA-512 fallback signer from <code>default_fallback_signers</code>. :issue:<code>155</code></li> <li>Add type information for static typing tools. :pr:<code>186</code></li> </ul> <h2>Version 1.1.0</h2> <p>Released 2018-10-26</p> <ul> <li>Change default signing algorithm back to SHA-1. :pr:<code>113</code></li> <li>Added a default SHA-512 fallback for users who used the yanked 1.0.0 release which defaulted to SHA-512. :pr:<code>114</code></li> <li>Add support for fallback algorithms during deserialization to support changing the default in the future without breaking existing signatures. :pr:<code>113</code></li> <li>Changed capitalization of packages back to lowercase as the change in capitalization broke some tooling. :pr:<code>113</code></li> </ul> <h2>Version 1.0.0</h2> <p>Released 2018-10-18</p> <p>YANKED</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pallets/itsdangerous/commit/d101100c395958d67368b8c37d95a9c404598c2e"><code>d101100</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pallets/itsdangerous/issues/235">#235</a> from pallets/release-2.0.0</li> <li><a href="https://github.com/pallets/itsdangerous/commit/ca0f59ac73507014729a5857e985229604e5e83b"><code>ca0f59a</code></a> release version 2.0.0</li> <li><a href="https://github.com/pallets/itsdangerous/commit/d1ed89f6ac50d58fa43ce37f92db371bebc20bc5"><code>d1ed89f</code></a> update requirements</li> <li><a href="https://github.com/pallets/itsdangerous/commit/d1722ea35b4239b6d08e8d418edc74d6594eebd6"><code>d1722ea</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pallets/itsdangerous/issues/234">#234</a> from pallets/pre-commit-ci-schedule</li> <li><a href="https://github.com/pallets/itsdangerous/commit/d1eb7aa76756268061f2d31551f79da7882b45a9"><code>d1eb7aa</code></a> update pre-commit monthly</li> <li><a href="https://github.com/pallets/itsdangerous/commit/acbc456c91d4a9e9f63b9230be5a1cf3d5a1d767"><code>acbc456</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pallets/itsdangerous/issues/233">#233</a> from pallets/pre-commit-ci-update-config</li> <li><a href="https://github.com/pallets/itsdangerous/commit/04e485a0b0b00d8b2dc73a287852d642d3366c72"><code>04e485a</code></a> [pre-commit.ci] pre-commit autoupdate</li> <li><a href="https://github.com/pallets/itsdangerous/commit/c0e6b484a6cdc92c38bec74ffcf350bc42f20e2b"><code>c0e6b48</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pallets/itsdangerous/issues/232">#232</a> from pallets/pre-commit-ci-update-config</li> <li><a href="https://github.com/pallets/itsdangerous/commit/6a9df8338ce39b780cebd8a7f54b8a7cb75eeab4"><code>6a9df83</code></a> [pre-commit.ci] pre-commit autoupdate</li> <li><a href="https://github.com/pallets/itsdangerous/commit/477f42c3e74f1a823deb3d7c3ab94a5b534d545b"><code>477f42c</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pallets/itsdangerous/issues/231">#231</a> from pallets/dependabot/pip/pre-commit-2.12.1</li> <li>Additional commits viewable in <a href="https://github.com/pallets/itsdangerous/compare/1.1.0...2.0.0">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually </details> | 107914493 | pull | {"url": "https://api.github.com/repos/simonw/datasette/issues/1325/reactions", "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0} | 0 |