summaryrefslogtreecommitdiff
path: root/security/py-itsdangerous
AgeCommit message (Collapse)AuthorFilesLines
2022-04-29py-itsdangerous: update to 2.1.2.wiz3-14/+10
Version 2.1.2 ------------- Released 2022-03-24 - Handle date overflow in timed unsign on 32-bit systems. :pr:`299` Version 2.1.1 ------------- Released 2022-03-09 - Handle date overflow in timed unsign. :pr:`296` Version 2.1.0 ------------- Released 2022-02-17 - Drop support for Python 3.6. :pr:`272` - Remove previously deprecated code. :pr:`273` - JWS functionality: Use a dedicated library such as Authlib instead. - ``import itsdangerous.json``: Import ``json`` from the standard library instead. Version 2.0.1 ------------- Released 2021-05-18 - Mark top-level names as exported so type checking understands imports in user projects. :pr:`240` - The ``salt`` argument to ``Serializer`` and ``Signer`` can be ``None`` again. :issue:`237` Version 2.0.0 ------------- Released 2021-05-11 - Drop support for Python 2 and 3.5. - JWS support (``JSONWebSignatureSerializer``, ``TimedJSONWebSignatureSerializer``) is deprecated. Use a dedicated JWS/JWT library such as authlib instead. :issue:`129` - Importing ``itsdangerous.json`` is deprecated. Import Python's ``json`` module instead. :pr:`152` - Simplejson is no longer used if it is installed. To use a different library, pass it as ``Serializer(serializer=...)``. :issue:`146` - ``datetime`` values are timezone-aware with ``timezone.utc``. Code using ``TimestampSigner.unsign(return_timestamp=True)`` or ``BadTimeSignature.date_signed`` may need to change. :issue:`150` - If a signature has an age less than 0, it will raise ``SignatureExpired`` rather than appearing valid. This can happen if the timestamp offset is changed. :issue:`126` - ``BadTimeSignature.date_signed`` is always a ``datetime`` object rather than an ``int`` in some cases. :issue:`124` - Added support for key rotation. A list of keys can be passed as ``secret_key``, oldest to newest. The newest key is used for signing, all keys are tried for unsigning. :pr:`141` - Removed the default SHA-512 fallback signer from ``default_fallback_signers``. :issue:`155` - Add type information for static typing tools. :pr:`186`
2022-01-04*: bump PKGREVISION for egg.mk userswiz1-1/+2
They now have a tool dependency on py-setuptools instead of a DEPENDS
2021-10-26security: Replace RMD160 checksums with BLAKE2s checksumsnia1-2/+2
All checksums have been double-checked against existing RMD160 and SHA512 hashes Unfetchable distfiles (fetched conditionally?): ./security/cyrus-sasl/distinfo cyrus-sasl-dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d.patch.v2
2021-10-07security: Remove SHA1 hashes for distfilesnia1-2/+1
2019-07-09Use https for pythonhosted.org.nia1-2/+2
2018-11-11Sort PLIST; missed in previous.kleink1-20/+20
No functional change.
2018-11-10Update py-itsdangerous to 1.1.0.kleink3-12/+38
Version 1.1.0 ------------- Released 2018-10-26 - Change default signing algorithm back to SHA-1. (`#113`_) - Added a default SHA-512 fallback for users who used the yanked 1.0.0 release which defaulted to SHA-512. (`#114`_) - Add support for fallback algorithms during deserialization to support changing the default in the future without breaking existing signatures. (`#113`_) - Changed capitalization of packages back to lowercase as the change in capitalization broke some tooling. (`#113`_) .. _#113: https://github.com/pallets/itsdangerous/pull/113 .. _#114: https://github.com/pallets/itsdangerous/pull/114 Version 1.0.0 ------------- Released 2018-10-18 YANKED *Note*: This release was yanked from PyPI because it changed the default algorithm to SHA-512. This decision was reverted in 1.1.0 and it remains at SHA1. - Drop support for Python 2.6 and 3.3. - Refactor code from a single module to a package. Any object in the API docs is still importable from the top-level ``itsdangerous`` name, but other imports will need to be changed. A future release will remove many of these compatibility imports. (`#107`_) - Optimize how timestamps are serialized and deserialized. (`#13`_) - ``base64_decode`` raises ``BadData`` when it is passed invalid data. (`#27`_) - Ensure value is bytes when signing to avoid a ``TypeError`` on Python 3. (`#29`_) - Add a ``serializer_kwargs`` argument to ``Serializer``, which is passed to ``dumps`` during ``dump_payload``. (`#36`_) - More compact JSON dumps for unicode strings. (`#38`_) - Use the full timestamp rather than an offset, allowing dates before 2011. (`#46`_) - Detect a ``sep`` character that may show up in the signature itself and raise a ``ValueError``. (`#62`_) - Use a consistent signature for keyword arguments for ``Serializer.load_payload`` in subclasses. (`#74`_, `#75`_) - Change default intermediate hash from SHA-1 to SHA-512. (`#80`_) - Convert JWS exp header to an int when loading. (`#99`_) .. _#13: https://github.com/pallets/itsdangerous/pull/13 .. _#27: https://github.com/pallets/itsdangerous/pull/27 .. _#29: https://github.com/pallets/itsdangerous/issues/29 .. _#36: https://github.com/pallets/itsdangerous/pull/36 .. _#38: https://github.com/pallets/itsdangerous/issues/38 .. _#46: https://github.com/pallets/itsdangerous/issues/46 .. _#62: https://github.com/pallets/itsdangerous/issues/62 .. _#74: https://github.com/pallets/itsdangerous/issues/74 .. _#75: https://github.com/pallets/itsdangerous/pull/75 .. _#80: https://github.com/pallets/itsdangerous/pull/80 .. _#99: https://github.com/pallets/itsdangerous/pull/99 .. _#107: https://github.com/pallets/itsdangerous/pull/107
2016-06-08Switch to MASTER_SITES_PYPI.wiz1-2/+2
2015-11-04Add SHA512 digests for distfiles for security categoryagc1-1/+2
Problems found locating distfiles: Package f-prot-antivirus6-fs-bin: missing distfile fp-NetBSD.x86.32-fs-6.2.3.tar.gz Package f-prot-antivirus6-ws-bin: missing distfile fp-NetBSD.x86.32-ws-6.2.3.tar.gz Package libidea: missing distfile libidea-0.8.2b.tar.gz Package openssh: missing distfile openssh-7.1p1-hpn-20150822.diff.bz2 Package uvscan: missing distfile vlp4510e.tar.Z Otherwise, existing SHA1 digests verified and found to be the same on the machine holding the existing distfiles (morden). All existing SHA1 digests retained for now as an audit trail.
2014-04-03Update py-itsdangerous to 0.24.kleink2-6/+6
Version 0.24 ~~~~~~~~~~~~ - Added a `BadHeader` exception that is used for bad headers that replaces the old `BadPayload` exception that was reused in those cases.
2014-01-25Mark packages as not ready for python-3.x where applicable;wiz1-3/+1
either because they themselves are not ready or because a dependency isn't. This is annotated by PYTHON_VERSIONS_INCOMPATIBLE= 33 # not yet ported as of x.y.z or PYTHON_VERSIONS_INCOMPATIBLE= 33 # py-foo, py-bar respectively, please use the same style for other packages, and check during updates. Use versioned_dependencies.mk where applicable. Use REPLACE_PYTHON instead of handcoded alternatives, where applicable. Reorder Makefile sections into standard order, where applicable. Remove PYTHON_VERSIONS_INCLUDE_3X lines since that will be default with the next commit. Whitespace cleanups and other nits corrected, where necessary.
2014-01-12PYTHON_VERSIONS_INCOMPATIBLE cleanup.wiz1-2/+1
2013-08-12Update py-itsdangerous to 0.23.kleink2-6/+6
Version 0.23 ~~~~~~~~~~~~ - Fixed a packaging mistake that caused the tests and license files to not be included.
2013-07-09Update py-itsdangerous to 0.22.kleink2-6/+6
Version 0.22 ~~~~~~~~~~~~ - Added support for `TimedJSONWebSignatureSerializer`. - made it possible to override the signature verification function to allow implementing asymmetrical algorithms.
2013-06-14Import itsdangerous-0.21 as security/py-itsdangerous.kleink4-0/+42
It's Dangerous ... so better sign this Various helpers to pass data to untrusted environments and to get it back safe and sound. This repository provides a module that is a port of the django signing module. It's not directly copied but some changes were applied to make it work better on its own.