Navigation:
Browse pkgsrc
(this page) 2024-04-19 06:40:49 by Adam Ciarcinski | Files touched by this commit (3) |  |
Log message:
py-itsdangerous: updated to 2.2.0
Version 2.2.0
- Drop support for Python 3.7. :pr:`372`
- Use modern packaging metadata with ``pyproject.toml`` instead of ``setup.cfg``.
:pr:`326`
- Use ``flit_core`` instead of ``setuptools`` as build backend.
- Deprecate the ``__version__`` attribute. Use feature detection, or
``importlib.metadata.version("itsdangerous")``, instead. :issue:`371`
- ``Serializer`` and the return type of ``dumps`` is generic for type checking.
By default it is ``Serializer[str]`` and ``dumps`` returns a ``str``. If a
different ``serializer`` argument is given, it will try to infer the return
type of its ``dumps`` method. :issue:`347`
- The default ``hashlib.sha1`` may not be available in FIPS builds. Don't
access it at import time so the developer has time to change the default.
:issue:`375`
|
| 2022-04-29 14:05:02 by Thomas Klausner | Files touched by this commit (3) | |
Log message:
py-itsdangerous: update to 2.1.2.
Version 2.1.2
-------------
Released 2022-03-24
- Handle date overflow in timed unsign on 32-bit systems. :pr:`299`
Version 2.1.1
-------------
Released 2022-03-09
- Handle date overflow in timed unsign. :pr:`296`
Version 2.1.0
-------------
Released 2022-02-17
- Drop support for Python 3.6. :pr:`272`
- Remove previously deprecated code. :pr:`273`
- JWS functionality: Use a dedicated library such as Authlib
instead.
- ``import itsdangerous.json``: Import ``json`` from the standard
library instead.
Version 2.0.1
-------------
Released 2021-05-18
- Mark top-level names as exported so type checking understands
imports in user projects. :pr:`240`
- The ``salt`` argument to ``Serializer`` and ``Signer`` can be
``None`` again. :issue:`237`
Version 2.0.0
-------------
Released 2021-05-11
- Drop support for Python 2 and 3.5.
- JWS support (``JSONWebSignatureSerializer``,
``TimedJSONWebSignatureSerializer``) is deprecated. Use a dedicated
JWS/JWT library such as authlib instead. :issue:`129`
- Importing ``itsdangerous.json`` is deprecated. Import Python's
``json`` module instead. :pr:`152`
- Simplejson is no longer used if it is installed. To use a different
library, pass it as ``Serializer(serializer=...)``. :issue:`146`
- ``datetime`` values are timezone-aware with ``timezone.utc``. Code
using ``TimestampSigner.unsign(return_timestamp=True)`` or
``BadTimeSignature.date_signed`` may need to change. :issue:`150`
- If a signature has an age less than 0, it will raise
``SignatureExpired`` rather than appearing valid. This can happen if
the timestamp offset is changed. :issue:`126`
- ``BadTimeSignature.date_signed`` is always a ``datetime`` object
rather than an ``int`` in some cases. :issue:`124`
- Added support for key rotation. A list of keys can be passed as
``secret_key``, oldest to newest. The newest key is used for
signing, all keys are tried for unsigning. :pr:`141`
- Removed the default SHA-512 fallback signer from
``default_fallback_signers``. :issue:`155`
- Add type information for static typing tools. :pr:`186`
|
| 2022-01-04 21:55:40 by Thomas Klausner | Files touched by this commit (1595) |
Log message: *: bump PKGREVISION for egg.mk users They now have a tool dependency on py-setuptools instead of a DEPENDS |
| 2021-10-26 13:18:07 by Nia Alarie | Files touched by this commit (605) |
Log message: security: Replace RMD160 checksums with BLAKE2s checksums All checksums have been double-checked against existing RMD160 and SHA512 hashes Unfetchable distfiles (fetched conditionally?): ./security/cyrus-sasl/distinfo \ cyrus-sasl-dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d.patch.v2 |
| 2021-10-07 16:54:50 by Nia Alarie | Files touched by this commit (606) |
Log message: security: Remove SHA1 hashes for distfiles |
| 2019-07-09 13:29:30 by Nia Alarie | Files touched by this commit (6) |
Log message: Use https for pythonhosted.org. |
| 2018-11-11 17:20:42 by Klaus Klein | Files touched by this commit (1) |
Log message: Sort PLIST; missed in previous. No functional change. |
| 2018-11-10 18:27:36 by Klaus Klein | Files touched by this commit (3) |
Log message:
Update py-itsdangerous to 1.1.0.
Version 1.1.0
-------------
Released 2018-10-26
- Change default signing algorithm back to SHA-1. (`#113`_)
- Added a default SHA-512 fallback for users who used the yanked 1.0.0
release which defaulted to SHA-512. (`#114`_)
- Add support for fallback algorithms during deserialization to
support changing the default in the future without breaking existing
signatures. (`#113`_)
- Changed capitalization of packages back to lowercase as the change
in capitalization broke some tooling. (`#113`_)
.. _#113: https://github.com/pallets/itsdangerous/pull/113
.. _#114: https://github.com/pallets/itsdangerous/pull/114
Version 1.0.0
-------------
Released 2018-10-18
YANKED
*Note*: This release was yanked from PyPI because it changed the default
algorithm to SHA-512. This decision was reverted in 1.1.0 and it remains
at SHA1.
- Drop support for Python 2.6 and 3.3.
- Refactor code from a single module to a package. Any object in the
API docs is still importable from the top-level ``itsdangerous``
name, but other imports will need to be changed. A future release
will remove many of these compatibility imports. (`#107`_)
- Optimize how timestamps are serialized and deserialized. (`#13`_)
- ``base64_decode`` raises ``BadData`` when it is passed invalid data.
(`#27`_)
- Ensure value is bytes when signing to avoid a ``TypeError`` on
Python 3. (`#29`_)
- Add a ``serializer_kwargs`` argument to ``Serializer``, which is
passed to ``dumps`` during ``dump_payload``. (`#36`_)
- More compact JSON dumps for unicode strings. (`#38`_)
- Use the full timestamp rather than an offset, allowing dates before
2011. (`#46`_)
- Detect a ``sep`` character that may show up in the signature itself
and raise a ``ValueError``. (`#62`_)
- Use a consistent signature for keyword arguments for
``Serializer.load_payload`` in subclasses. (`#74`_, `#75`_)
- Change default intermediate hash from SHA-1 to SHA-512. (`#80`_)
- Convert JWS exp header to an int when loading. (`#99`_)
.. _#13: https://github.com/pallets/itsdangerous/pull/13
.. _#27: https://github.com/pallets/itsdangerous/pull/27
.. _#29: https://github.com/pallets/itsdangerous/issues/29
.. _#36: https://github.com/pallets/itsdangerous/pull/36
.. _#38: https://github.com/pallets/itsdangerous/issues/38
.. _#46: https://github.com/pallets/itsdangerous/issues/46
.. _#62: https://github.com/pallets/itsdangerous/issues/62
.. _#74: https://github.com/pallets/itsdangerous/issues/74
.. _#75: https://github.com/pallets/itsdangerous/pull/75
.. _#80: https://github.com/pallets/itsdangerous/pull/80
.. _#99: https://github.com/pallets/itsdangerous/pull/99
.. _#107: https://github.com/pallets/itsdangerous/pull/107
|
| 2016-06-08 19:43:49 by Thomas Klausner | Files touched by this commit (356) |
Log message: Switch to MASTER_SITES_PYPI. |
| 2015-11-04 02:18:12 by Alistair G. Crooks | Files touched by this commit (434) |
Log message: Add SHA512 digests for distfiles for security category Problems found locating distfiles: Package f-prot-antivirus6-fs-bin: missing distfile fp-NetBSD.x86.32-fs-6.2.3.tar.gz Package f-prot-antivirus6-ws-bin: missing distfile fp-NetBSD.x86.32-ws-6.2.3.tar.gz Package libidea: missing distfile libidea-0.8.2b.tar.gz Package openssh: missing distfile openssh-7.1p1-hpn-20150822.diff.bz2 Package uvscan: missing distfile vlp4510e.tar.Z Otherwise, existing SHA1 digests verified and found to be the same on the machine holding the existing distfiles (morden). All existing SHA1 digests retained for now as an audit trail. |
New packages: