Itsdangerous

-------------

Released 2024-04-16

- Drop support for Python 3.7. :pr:`372`
- Use modern packaging metadata with ``pyproject.toml`` instead of ``setup.cfg``.
:pr:`326`
- Use ``flit_core`` instead of ``setuptools`` as build backend.
- Deprecate the ``__version__`` attribute. Use feature detection, or
``importlib.metadata.version("itsdangerous")``, instead. :issue:`371`
- ``Serializer`` and the return type of ``dumps`` is generic for type checking.
By default it is ``Serializer[str]`` and ``dumps`` returns a ``str``. If a
different ``serializer`` argument is given, it will try to infer the return
type of its ``dumps`` method. :issue:`347`
- The default ``hashlib.sha1`` may not be available in FIPS builds. Don't
access it at import time so the developer has time to change the default.
:issue:`375`

-------------

Released 2022-03-24

- Handle date overflow in timed unsign on 32-bit systems. :pr:`299`

-------------

Released 2022-03-09

- Handle date overflow in timed unsign. :pr:`296`

-------------

Released 2022-02-17

- Drop support for Python 3.6. :pr:`272`
- Remove previously deprecated code. :pr:`273`

- JWS functionality: Use a dedicated library such as Authlib
instead.
- ``import itsdangerous.json``: Import ``json`` from the standard
library instead.

-------------

Released 2021-05-18

- Mark top-level names as exported so type checking understands
imports in user projects. :pr:`240`
- The ``salt`` argument to ``Serializer`` and ``Signer`` can be
``None`` again. :issue:`237`

-------------

Released 2021-05-11

- Drop support for Python 2 and 3.5.
- JWS support (``JSONWebSignatureSerializer``,
``TimedJSONWebSignatureSerializer``) is deprecated. Use a dedicated
JWS/JWT library such as authlib instead. :issue:`129`
- Importing ``itsdangerous.json`` is deprecated. Import Python's
``json`` module instead. :pr:`152`
- Simplejson is no longer used if it is installed. To use a different
library, pass it as ``Serializer(serializer=...)``. :issue:`146`
- ``datetime`` values are timezone-aware with ``timezone.utc``. Code
using ``TimestampSigner.unsign(return_timestamp=True)`` or
``BadTimeSignature.date_signed`` may need to change. :issue:`150`
- If a signature has an age less than 0, it will raise
``SignatureExpired`` rather than appearing valid. This can happen if
the timestamp offset is changed. :issue:`126`
- ``BadTimeSignature.date_signed`` is always a ``datetime`` object
rather than an ``int`` in some cases. :issue:`124`
- Added support for key rotation. A list of keys can be passed as
``secret_key``, oldest to newest. The newest key is used for
signing, all keys are tried for unsigning. :pr:`141`
- Removed the default SHA-512 fallback signer from
``default_fallback_signers``. :issue:`155`
- Add type information for static typing tools. :pr:`186`