itsdangerous v2.0.0 Release Notes
-
๐ Released 2021-05-11
- ๐ Drop support for Python 2 and 3.5.
- ๐ JWS support (
JSONWebSignatureSerializer
,TimedJSONWebSignatureSerializer
) is deprecated. Use a dedicated JWS/JWT library such as authlib instead. :issue:129
- ๐ Importing
itsdangerous.json
is deprecated. Import Python'sjson
module instead. :pr:152
- Simplejson is no longer used if it is installed. To use a different
library, pass it as
Serializer(serializer=...)
. :issue:146
-
datetime
values are timezone-aware withtimezone.utc
. Code usingTimestampSigner.unsign(return_timestamp=True)
orBadTimeSignature.date_signed
may need to change. :issue:150
- If a signature has an age less than 0, it will raise
SignatureExpired
rather than appearing valid. This can happen if the timestamp offset is changed. :issue:126
-
BadTimeSignature.date_signed
is always adatetime
object rather than anint
in some cases. :issue:124
- ๐ Added support for key rotation. A list of keys can be passed as
secret_key
, oldest to newest. The newest key is used for signing, all keys are tried for unsigning. :pr:141
- ๐ Removed the default SHA-512 fallback signer from
default_fallback_signers
. :issue:155
- Add type information for static typing tools. :pr:
186