Up to [cvs.NetBSD.org] / pkgsrc / security / py-itsdangerous
Request diff between arbitrary revisions
Keyword substitution: kv
Default branch: MAIN
py-itsdangerous: updated to 2.2.0 Version 2.2.0 - Drop support for Python 3.7. :pr:`372` - Use modern packaging metadata with ``pyproject.toml`` instead of ``setup.cfg``. :pr:`326` - Use ``flit_core`` instead of ``setuptools`` as build backend. - Deprecate the ``__version__`` attribute. Use feature detection, or ``importlib.metadata.version("itsdangerous")``, instead. :issue:`371` - ``Serializer`` and the return type of ``dumps`` is generic for type checking. By default it is ``Serializer[str]`` and ``dumps`` returns a ``str``. If a different ``serializer`` argument is given, it will try to infer the return type of its ``dumps`` method. :issue:`347` - The default ``hashlib.sha1`` may not be available in FIPS builds. Don't access it at import time so the developer has time to change the default. :issue:`375`
py-itsdangerous: update to 2.1.2. Version 2.1.2 ------------- Released 2022-03-24 - Handle date overflow in timed unsign on 32-bit systems. :pr:`299` Version 2.1.1 ------------- Released 2022-03-09 - Handle date overflow in timed unsign. :pr:`296` Version 2.1.0 ------------- Released 2022-02-17 - Drop support for Python 3.6. :pr:`272` - Remove previously deprecated code. :pr:`273` - JWS functionality: Use a dedicated library such as Authlib instead. - ``import itsdangerous.json``: Import ``json`` from the standard library instead. Version 2.0.1 ------------- Released 2021-05-18 - Mark top-level names as exported so type checking understands imports in user projects. :pr:`240` - The ``salt`` argument to ``Serializer`` and ``Signer`` can be ``None`` again. :issue:`237` Version 2.0.0 ------------- Released 2021-05-11 - Drop support for Python 2 and 3.5. - JWS support (``JSONWebSignatureSerializer``, ``TimedJSONWebSignatureSerializer``) is deprecated. Use a dedicated JWS/JWT library such as authlib instead. :issue:`129` - Importing ``itsdangerous.json`` is deprecated. Import Python's ``json`` module instead. :pr:`152` - Simplejson is no longer used if it is installed. To use a different library, pass it as ``Serializer(serializer=...)``. :issue:`146` - ``datetime`` values are timezone-aware with ``timezone.utc``. Code using ``TimestampSigner.unsign(return_timestamp=True)`` or ``BadTimeSignature.date_signed`` may need to change. :issue:`150` - If a signature has an age less than 0, it will raise ``SignatureExpired`` rather than appearing valid. This can happen if the timestamp offset is changed. :issue:`126` - ``BadTimeSignature.date_signed`` is always a ``datetime`` object rather than an ``int`` in some cases. :issue:`124` - Added support for key rotation. A list of keys can be passed as ``secret_key``, oldest to newest. The newest key is used for signing, all keys are tried for unsigning. :pr:`141` - Removed the default SHA-512 fallback signer from ``default_fallback_signers``. :issue:`155` - Add type information for static typing tools. :pr:`186`
*: bump PKGREVISION for egg.mk users They now have a tool dependency on py-setuptools instead of a DEPENDS
Use https for pythonhosted.org.
Update py-itsdangerous to 1.1.0. Version 1.1.0 ------------- Released 2018-10-26 - Change default signing algorithm back to SHA-1. (`#113`_) - Added a default SHA-512 fallback for users who used the yanked 1.0.0 release which defaulted to SHA-512. (`#114`_) - Add support for fallback algorithms during deserialization to support changing the default in the future without breaking existing signatures. (`#113`_) - Changed capitalization of packages back to lowercase as the change in capitalization broke some tooling. (`#113`_) .. _#113: https://github.com/pallets/itsdangerous/pull/113 .. _#114: https://github.com/pallets/itsdangerous/pull/114 Version 1.0.0 ------------- Released 2018-10-18 YANKED *Note*: This release was yanked from PyPI because it changed the default algorithm to SHA-512. This decision was reverted in 1.1.0 and it remains at SHA1. - Drop support for Python 2.6 and 3.3. - Refactor code from a single module to a package. Any object in the API docs is still importable from the top-level ``itsdangerous`` name, but other imports will need to be changed. A future release will remove many of these compatibility imports. (`#107`_) - Optimize how timestamps are serialized and deserialized. (`#13`_) - ``base64_decode`` raises ``BadData`` when it is passed invalid data. (`#27`_) - Ensure value is bytes when signing to avoid a ``TypeError`` on Python 3. (`#29`_) - Add a ``serializer_kwargs`` argument to ``Serializer``, which is passed to ``dumps`` during ``dump_payload``. (`#36`_) - More compact JSON dumps for unicode strings. (`#38`_) - Use the full timestamp rather than an offset, allowing dates before 2011. (`#46`_) - Detect a ``sep`` character that may show up in the signature itself and raise a ``ValueError``. (`#62`_) - Use a consistent signature for keyword arguments for ``Serializer.load_payload`` in subclasses. (`#74`_, `#75`_) - Change default intermediate hash from SHA-1 to SHA-512. (`#80`_) - Convert JWS exp header to an int when loading. (`#99`_) .. _#13: https://github.com/pallets/itsdangerous/pull/13 .. _#27: https://github.com/pallets/itsdangerous/pull/27 .. _#29: https://github.com/pallets/itsdangerous/issues/29 .. _#36: https://github.com/pallets/itsdangerous/pull/36 .. _#38: https://github.com/pallets/itsdangerous/issues/38 .. _#46: https://github.com/pallets/itsdangerous/issues/46 .. _#62: https://github.com/pallets/itsdangerous/issues/62 .. _#74: https://github.com/pallets/itsdangerous/issues/74 .. _#75: https://github.com/pallets/itsdangerous/pull/75 .. _#80: https://github.com/pallets/itsdangerous/pull/80 .. _#99: https://github.com/pallets/itsdangerous/pull/99 .. _#107: https://github.com/pallets/itsdangerous/pull/107
Switch to MASTER_SITES_PYPI.
Update py-itsdangerous to 0.24. Version 0.24 ~~~~~~~~~~~~ - Added a `BadHeader` exception that is used for bad headers that replaces the old `BadPayload` exception that was reused in those cases.
Mark packages as not ready for python-3.x where applicable; either because they themselves are not ready or because a dependency isn't. This is annotated by PYTHON_VERSIONS_INCOMPATIBLE= 33 # not yet ported as of x.y.z or PYTHON_VERSIONS_INCOMPATIBLE= 33 # py-foo, py-bar respectively, please use the same style for other packages, and check during updates. Use versioned_dependencies.mk where applicable. Use REPLACE_PYTHON instead of handcoded alternatives, where applicable. Reorder Makefile sections into standard order, where applicable. Remove PYTHON_VERSIONS_INCLUDE_3X lines since that will be default with the next commit. Whitespace cleanups and other nits corrected, where necessary.
PYTHON_VERSIONS_INCOMPATIBLE cleanup.
Update py-itsdangerous to 0.23. Version 0.23 ~~~~~~~~~~~~ - Fixed a packaging mistake that caused the tests and license files to not be included.
Update py-itsdangerous to 0.22. Version 0.22 ~~~~~~~~~~~~ - Added support for `TimedJSONWebSignatureSerializer`. - made it possible to override the signature verification function to allow implementing asymmetrical algorithms.
Import itsdangerous-0.21 as security/py-itsdangerous. It's Dangerous ... so better sign this Various helpers to pass data to untrusted environments and to get it back safe and sound. This repository provides a module that is a port of the django signing module. It's not directly copied but some changes were applied to make it work better on its own.