Bump itsdangerous from 0.24 to 1.1.0

[dependabot-preview]

Bumps itsdangerous from 0.24 to 1.1.0.

Changelog

Sourced from itsdangerous's changelog.

Version 1.1.0

Released 2018-10-26

• Change default signing algorithm back to SHA-1. 113
• Added a default SHA-512 fallback for users who used the yanked 1.0.0 release which defaulted to SHA-512. 114
• Add support for fallback algorithms during deserialization to support changing the default in the future without breaking existing signatures. 113
• Changed capitalization of packages back to lowercase as the change in capitalization broke some tooling. 113

Version 1.0.0

Released 2018-10-18

YANKED

Note: This release was yanked from PyPI because it changed the default algorithm to SHA-512. This decision was reverted in 1.1.0 and it remains at SHA1.

• Drop support for Python 2.6 and 3.3.

• Refactor code from a single module to a package. Any object in the API docs is still importable from the top-level itsdangerous name, but other imports will need to be changed. A future release will remove many of these compatibility imports. 107

• Optimize how timestamps are serialized and deserialized. 13

• base64_decode raises BadData when it is passed invalid data. 27

• Ensure value is bytes when signing to avoid a TypeError on Python 3. 29

• Add a serializer_kwargs argument to Serializer, which is passed to dumps during dump_payload. 36

• More compact JSON dumps for unicode strings. 38

• Use the full timestamp rather than an offset, allowing dates before 2011. 46

  To retain compatibility with signers from previous versions, consider using this shim <https://github.com/pallets/itsdangerous /issues/120#issuecomment-456913331> when unsigning.

• Detect a sep character that may show up in the signature itself and raise a ValueError. 62

• Use a consistent signature for keyword arguments for Serializer.load_payload in subclasses. 74, 75

• Change default intermediate hash from SHA-1 to SHA-512. 80

• Convert JWS exp header to an int when loading. 99

Commits

• 6e63598 release 1.1.0
• 66c9319 link #114 changelog
• 8561891 test iter_unsigners
• e529593 add compat import for itsdangerous.want_bytes
• 920993c Added SHA-512 fallback by default
• d79c74a Added SHA-512 fallback by default
• ef8fd98 more name cleanup, parametrize fallback test
• af4856a Added fallback signers and switch back to sha1
• 92a6423 Document change to lowercase
• 2fd3237 Change package back to lowercase
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)