Update dependency itsdangerous to v2 (#2004)

pulumi-renovate[bot] · web-flow · commit 6ed31f587a1b · 2025-02-18T09:42:43.000Z
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [itsdangerous](https://redirect.github.com/pallets/itsdangerous) ([changelog](https://itsdangerous.palletsprojects.com/changes/)) | major | `==0.24` -> `==2.2.0` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>pallets/itsdangerous (itsdangerous)</summary> ### [`v2.2.0`](https://redirect.github.com/pallets/itsdangerous/blob/HEAD/CHANGES.rst#Version-220) [Compare Source](https://redirect.github.com/pallets/itsdangerous/compare/2.1.2...2.2.0) Released 2024-04-16 - Drop support for Python 3.7. :pr:`372` - Use modern packaging metadata with `pyproject.toml` instead of `setup.cfg`. :pr:`326` - Use `flit_core` instead of `setuptools` as build backend. - Deprecate the `__version__` attribute. Use feature detection, or `importlib.metadata.version("itsdangerous")`, instead. :issue:`371` - `Serializer` and the return type of `dumps` is generic for type checking. By default it is `Serializer[str]` and `dumps` returns a `str`. If a different `serializer` argument is given, it will try to infer the return type of its `dumps` method. :issue:`347` - The default `hashlib.sha1` may not be available in FIPS builds. Don't access it at import time so the developer has time to change the default. :issue:`375` ### [`v2.1.2`](https://redirect.github.com/pallets/itsdangerous/blob/HEAD/CHANGES.rst#Version-212) [Compare Source](https://redirect.github.com/pallets/itsdangerous/compare/2.1.1...2.1.2) Released 2022-03-24 - Handle date overflow in timed unsign on 32-bit systems. :pr:`299` ### [`v2.1.1`](https://redirect.github.com/pallets/itsdangerous/blob/HEAD/CHANGES.rst#Version-211) [Compare Source](https://redirect.github.com/pallets/itsdangerous/compare/2.1.0...2.1.1) Released 2022-03-09 - Handle date overflow in timed unsign. :pr:`296` ### [`v2.1.0`](https://redirect.github.com/pallets/itsdangerous/blob/HEAD/CHANGES.rst#Version-210) [Compare Source](https://redirect.github.com/pallets/itsdangerous/compare/2.0.1...2.1.0) Released 2022-02-17 - Drop support for Python 3.6. :pr:`272` - Remove previously deprecated code. :pr:`273` - JWS functionality: Use a dedicated library such as Authlib instead. - `import itsdangerous.json`: Import `json` from the standard library instead. ### [`v2.0.1`](https://redirect.github.com/pallets/itsdangerous/blob/HEAD/CHANGES.rst#Version-201) [Compare Source](https://redirect.github.com/pallets/itsdangerous/compare/2.0.0...2.0.1) Released 2021-05-18 - Mark top-level names as exported so type checking understands imports in user projects. :pr:`240` - The `salt` argument to `Serializer` and `Signer` can be `None` again. :issue:`237` ### [`v2.0.0`](https://redirect.github.com/pallets/itsdangerous/blob/HEAD/CHANGES.rst#Version-200) [Compare Source](https://redirect.github.com/pallets/itsdangerous/compare/1.1.0...2.0.0) Released 2021-05-11 - Drop support for Python 2 and 3.5. - JWS support (`JSONWebSignatureSerializer`, `TimedJSONWebSignatureSerializer`) is deprecated. Use a dedicated JWS/JWT library such as authlib instead. :issue:`129` - Importing `itsdangerous.json` is deprecated. Import Python's `json` module instead. :pr:`152` - Simplejson is no longer used if it is installed. To use a different library, pass it as `Serializer(serializer=...)`. :issue:`146` - `datetime` values are timezone-aware with `timezone.utc`. Code using `TimestampSigner.unsign(return_timestamp=True)` or `BadTimeSignature.date_signed` may need to change. :issue:`150` - If a signature has an age less than 0, it will raise `SignatureExpired` rather than appearing valid. This can happen if the timestamp offset is changed. :issue:`126` - `BadTimeSignature.date_signed` is always a `datetime` object rather than an `int` in some cases. :issue:`124` - Added support for key rotation. A list of keys can be passed as `secret_key`, oldest to newest. The newest key is used for signing, all keys are tried for unsigning. :pr:`141` - Removed the default SHA-512 fallback signer from `default_fallback_signers`. :issue:`155` - Add type information for static typing tools. :pr:`186` ### [`v1.1.0`](https://redirect.github.com/pallets/itsdangerous/blob/HEAD/CHANGES.rst#Version-110) [Compare Source](https://redirect.github.com/pallets/itsdangerous/compare/0.24...1.1.0) Released 2018-10-26 - Change default signing algorithm back to SHA-1. :pr:`113` - Added a default SHA-512 fallback for users who used the yanked 1.0.0 release which defaulted to SHA-512. :pr:`114` - Add support for fallback algorithms during deserialization to support changing the default in the future without breaking existing signatures. :pr:`113` - Changed capitalization of packages back to lowercase as the change in capitalization broke some tooling. :pr:`113` </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - "every weekday" (UTC). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate).  Co-authored-by: pulumi-renovate[bot] <189166143+pulumi-renovate[bot]@users.noreply.github.com>
diff --git a/aws-ts-stackreference-architecture/application/src/backend/requirements.txt b/aws-ts-stackreference-architecture/application/src/backend/requirements.txt
@@ -1,7 +1,7 @@
 Click==7.0
 dnspython==2.7.0
 Flask==2.3.3
-itsdangerous==0.24
+itsdangerous==2.2.0
 Jinja2==3.1.5
 MarkupSafe>=1.0
 Werkzeug==3.0.6
