Upgrade to release 2.0.0:
- Drop support for Python 2 and 3.5.
- JWS support (JSONWebSignatureSerializer,
TimedJSONWebSignatureSerializer) is deprecated. Use a dedicated
JWS/JWT library such as authlib instead.
- Importing itsdangerous.json is deprecated. Import Python’s json
module instead.
- Simplejson is no longer used if it is installed. To use a
different library, pass it as Serializer(serializer=...).
- datetime values are timezone-aware with timezone.utc. Code using
TimestampSigner.unsign(return_timestamp=True) or
BadTimeSignature.date_signed may need to change.
- If a signature has an age less than 0, it will raise
SignatureExpired rather than appearing valid. This can happen if
the timestamp offset is changed.
- BadTimeSignature.date_signed is always a datetime object rather
than an int in some cases.
- Added support for key rotation. A list of keys can be passed as
secret_key, oldest to newest. The newest key is used for
signing, all keys are tried for unsigning.
- Removed the default SHA-512 fallback signer from
default_fallback_signers.
- Add type information for static typing tools.
License-Update: standardize license
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
