![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.NetBSD.org] / pkgsrc / security / py-itsdangerous
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.11 / (download) - annotate - [select for diffs], Fri Apr 29 12:05:02 2022 UTC (19 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2023Q3-base,
pkgsrc-2023Q3,
pkgsrc-2023Q2-base,
pkgsrc-2023Q2,
pkgsrc-2023Q1-base,
pkgsrc-2023Q1,
pkgsrc-2022Q4-base,
pkgsrc-2022Q4,
pkgsrc-2022Q3-base,
pkgsrc-2022Q3,
pkgsrc-2022Q2-base,
pkgsrc-2022Q2,
HEAD
Changes since 1.10: +4 -3
lines
Diff to previous 1.10 (colored)
py-itsdangerous: update to 2.1.2.
Version 2.1.2
-------------
Released 2022-03-24
- Handle date overflow in timed unsign on 32-bit systems. :pr:`299`
Version 2.1.1
-------------
Released 2022-03-09
- Handle date overflow in timed unsign. :pr:`296`
Version 2.1.0
-------------
Released 2022-02-17
- Drop support for Python 3.6. :pr:`272`
- Remove previously deprecated code. :pr:`273`
- JWS functionality: Use a dedicated library such as Authlib
instead.
- ``import itsdangerous.json``: Import ``json`` from the standard
library instead.
Version 2.0.1
-------------
Released 2021-05-18
- Mark top-level names as exported so type checking understands
imports in user projects. :pr:`240`
- The ``salt`` argument to ``Serializer`` and ``Signer`` can be
``None`` again. :issue:`237`
Version 2.0.0
-------------
Released 2021-05-11
- Drop support for Python 2 and 3.5.
- JWS support (``JSONWebSignatureSerializer``,
``TimedJSONWebSignatureSerializer``) is deprecated. Use a dedicated
JWS/JWT library such as authlib instead. :issue:`129`
- Importing ``itsdangerous.json`` is deprecated. Import Python's
``json`` module instead. :pr:`152`
- Simplejson is no longer used if it is installed. To use a different
library, pass it as ``Serializer(serializer=...)``. :issue:`146`
- ``datetime`` values are timezone-aware with ``timezone.utc``. Code
using ``TimestampSigner.unsign(return_timestamp=True)`` or
``BadTimeSignature.date_signed`` may need to change. :issue:`150`
- If a signature has an age less than 0, it will raise
``SignatureExpired`` rather than appearing valid. This can happen if
the timestamp offset is changed. :issue:`126`
- ``BadTimeSignature.date_signed`` is always a ``datetime`` object
rather than an ``int`` in some cases. :issue:`124`
- Added support for key rotation. A list of keys can be passed as
``secret_key``, oldest to newest. The newest key is used for
signing, all keys are tried for unsigning. :pr:`141`
- Removed the default SHA-512 fallback signer from
``default_fallback_signers``. :issue:`155`
- Add type information for static typing tools. :pr:`186`
Revision 1.10 / (download) - annotate - [select for diffs], Tue Jan 4 20:54:41 2022 UTC (22 months, 4 weeks ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2022Q1-base,
pkgsrc-2022Q1
Changes since 1.9: +2 -1
lines
Diff to previous 1.9 (colored)
*: bump PKGREVISION for egg.mk users They now have a tool dependency on py-setuptools instead of a DEPENDS
Revision 1.9 / (download) - annotate - [select for diffs], Tue Jul 9 11:29:30 2019 UTC (4 years, 4 months ago) by nia
Branch: MAIN
CVS Tags: pkgsrc-2021Q4-base,
pkgsrc-2021Q4,
pkgsrc-2021Q3-base,
pkgsrc-2021Q3,
pkgsrc-2021Q2-base,
pkgsrc-2021Q2,
pkgsrc-2021Q1-base,
pkgsrc-2021Q1,
pkgsrc-2020Q4-base,
pkgsrc-2020Q4,
pkgsrc-2020Q3-base,
pkgsrc-2020Q3,
pkgsrc-2020Q2-base,
pkgsrc-2020Q2,
pkgsrc-2020Q1-base,
pkgsrc-2020Q1,
pkgsrc-2019Q4-base,
pkgsrc-2019Q4,
pkgsrc-2019Q3-base,
pkgsrc-2019Q3
Changes since 1.8: +2 -2
lines
Diff to previous 1.8 (colored)
Use https for pythonhosted.org.
Revision 1.8 / (download) - annotate - [select for diffs], Sat Nov 10 17:27:36 2018 UTC (5 years ago) by kleink
Branch: MAIN
CVS Tags: pkgsrc-2019Q2-base,
pkgsrc-2019Q2,
pkgsrc-2019Q1-base,
pkgsrc-2019Q1,
pkgsrc-2018Q4-base,
pkgsrc-2018Q4
Changes since 1.7: +2 -2
lines
Diff to previous 1.7 (colored)
Update py-itsdangerous to 1.1.0.
Version 1.1.0
-------------
Released 2018-10-26
- Change default signing algorithm back to SHA-1. (`#113`_)
- Added a default SHA-512 fallback for users who used the yanked 1.0.0
release which defaulted to SHA-512. (`#114`_)
- Add support for fallback algorithms during deserialization to
support changing the default in the future without breaking existing
signatures. (`#113`_)
- Changed capitalization of packages back to lowercase as the change
in capitalization broke some tooling. (`#113`_)
.. _#113: https://github.com/pallets/itsdangerous/pull/113
.. _#114: https://github.com/pallets/itsdangerous/pull/114
Version 1.0.0
-------------
Released 2018-10-18
YANKED
*Note*: This release was yanked from PyPI because it changed the default
algorithm to SHA-512. This decision was reverted in 1.1.0 and it remains
at SHA1.
- Drop support for Python 2.6 and 3.3.
- Refactor code from a single module to a package. Any object in the
API docs is still importable from the top-level ``itsdangerous``
name, but other imports will need to be changed. A future release
will remove many of these compatibility imports. (`#107`_)
- Optimize how timestamps are serialized and deserialized. (`#13`_)
- ``base64_decode`` raises ``BadData`` when it is passed invalid data.
(`#27`_)
- Ensure value is bytes when signing to avoid a ``TypeError`` on
Python 3. (`#29`_)
- Add a ``serializer_kwargs`` argument to ``Serializer``, which is
passed to ``dumps`` during ``dump_payload``. (`#36`_)
- More compact JSON dumps for unicode strings. (`#38`_)
- Use the full timestamp rather than an offset, allowing dates before
2011. (`#46`_)
- Detect a ``sep`` character that may show up in the signature itself
and raise a ``ValueError``. (`#62`_)
- Use a consistent signature for keyword arguments for
``Serializer.load_payload`` in subclasses. (`#74`_, `#75`_)
- Change default intermediate hash from SHA-1 to SHA-512. (`#80`_)
- Convert JWS exp header to an int when loading. (`#99`_)
.. _#13: https://github.com/pallets/itsdangerous/pull/13
.. _#27: https://github.com/pallets/itsdangerous/pull/27
.. _#29: https://github.com/pallets/itsdangerous/issues/29
.. _#36: https://github.com/pallets/itsdangerous/pull/36
.. _#38: https://github.com/pallets/itsdangerous/issues/38
.. _#46: https://github.com/pallets/itsdangerous/issues/46
.. _#62: https://github.com/pallets/itsdangerous/issues/62
.. _#74: https://github.com/pallets/itsdangerous/issues/74
.. _#75: https://github.com/pallets/itsdangerous/pull/75
.. _#80: https://github.com/pallets/itsdangerous/pull/80
.. _#99: https://github.com/pallets/itsdangerous/pull/99
.. _#107: https://github.com/pallets/itsdangerous/pull/107
Revision 1.7 / (download) - annotate - [select for diffs], Wed Jun 8 17:43:38 2016 UTC (7 years, 5 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2018Q3-base,
pkgsrc-2018Q3,
pkgsrc-2018Q2-base,
pkgsrc-2018Q2,
pkgsrc-2018Q1-base,
pkgsrc-2018Q1,
pkgsrc-2017Q4-base,
pkgsrc-2017Q4,
pkgsrc-2017Q3-base,
pkgsrc-2017Q3,
pkgsrc-2017Q2-base,
pkgsrc-2017Q2,
pkgsrc-2017Q1-base,
pkgsrc-2017Q1,
pkgsrc-2016Q4-base,
pkgsrc-2016Q4,
pkgsrc-2016Q3-base,
pkgsrc-2016Q3,
pkgsrc-2016Q2-base,
pkgsrc-2016Q2
Changes since 1.6: +2 -2
lines
Diff to previous 1.6 (colored)
Switch to MASTER_SITES_PYPI.
Revision 1.6 / (download) - annotate - [select for diffs], Thu Apr 3 08:40:28 2014 UTC (9 years, 8 months ago) by kleink
Branch: MAIN
CVS Tags: pkgsrc-2016Q1-base,
pkgsrc-2016Q1,
pkgsrc-2015Q4-base,
pkgsrc-2015Q4,
pkgsrc-2015Q3-base,
pkgsrc-2015Q3,
pkgsrc-2015Q2-base,
pkgsrc-2015Q2,
pkgsrc-2015Q1-base,
pkgsrc-2015Q1,
pkgsrc-2014Q4-base,
pkgsrc-2014Q4,
pkgsrc-2014Q3-base,
pkgsrc-2014Q3,
pkgsrc-2014Q2-base,
pkgsrc-2014Q2
Changes since 1.5: +2 -2
lines
Diff to previous 1.5 (colored)
Update py-itsdangerous to 0.24. Version 0.24 ~~~~~~~~~~~~ - Added a `BadHeader` exception that is used for bad headers that replaces the old `BadPayload` exception that was reused in those cases.
Revision 1.5 / (download) - annotate - [select for diffs], Sat Jan 25 10:30:20 2014 UTC (9 years, 10 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2014Q1-base,
pkgsrc-2014Q1
Changes since 1.4: +1 -3
lines
Diff to previous 1.4 (colored)
Mark packages as not ready for python-3.x where applicable; either because they themselves are not ready or because a dependency isn't. This is annotated by PYTHON_VERSIONS_INCOMPATIBLE= 33 # not yet ported as of x.y.z or PYTHON_VERSIONS_INCOMPATIBLE= 33 # py-foo, py-bar respectively, please use the same style for other packages, and check during updates. Use versioned_dependencies.mk where applicable. Use REPLACE_PYTHON instead of handcoded alternatives, where applicable. Reorder Makefile sections into standard order, where applicable. Remove PYTHON_VERSIONS_INCLUDE_3X lines since that will be default with the next commit. Whitespace cleanups and other nits corrected, where necessary.
Revision 1.4 / (download) - annotate - [select for diffs], Sun Jan 12 09:45:24 2014 UTC (9 years, 10 months ago) by wiz
Branch: MAIN
Changes since 1.3: +1 -2
lines
Diff to previous 1.3 (colored)
PYTHON_VERSIONS_INCOMPATIBLE cleanup.
Revision 1.3 / (download) - annotate - [select for diffs], Mon Aug 12 18:17:22 2013 UTC (10 years, 3 months ago) by kleink
Branch: MAIN
CVS Tags: pkgsrc-2013Q4-base,
pkgsrc-2013Q4,
pkgsrc-2013Q3-base,
pkgsrc-2013Q3
Changes since 1.2: +2 -2
lines
Diff to previous 1.2 (colored)
Update py-itsdangerous to 0.23. Version 0.23 ~~~~~~~~~~~~ - Fixed a packaging mistake that caused the tests and license files to not be included.
Revision 1.2 / (download) - annotate - [select for diffs], Tue Jul 9 16:49:16 2013 UTC (10 years, 4 months ago) by kleink
Branch: MAIN
Changes since 1.1: +2 -2
lines
Diff to previous 1.1 (colored)
Update py-itsdangerous to 0.22. Version 0.22 ~~~~~~~~~~~~ - Added support for `TimedJSONWebSignatureSerializer`. - made it possible to override the signature verification function to allow implementing asymmetrical algorithms.
Revision 1.1 / (download) - annotate - [select for diffs], Fri Jun 14 09:41:01 2013 UTC (10 years, 5 months ago) by kleink
Branch: MAIN
CVS Tags: pkgsrc-2013Q2-base,
pkgsrc-2013Q2
Import itsdangerous-0.21 as security/py-itsdangerous. It's Dangerous ... so better sign this Various helpers to pass data to untrusted environments and to get it back safe and sound. This repository provides a module that is a port of the django signing module. It's not directly copied but some changes were applied to make it work better on its own.