Bump itsdangerous from 1.1.0 to 2.0.1

[dependabot[bot]]

Bumps itsdangerous from 1.1.0 to 2.0.1.

Release notes

Sourced from itsdangerous's releases.

2.0.1

• Changes: https://itsdangerous.palletsprojects.com/en/2.0.x/changes/#version-2-0-1

2.0.0

New major versions of all the core Pallets libraries, including ItsDangerous 2.0, have been released! :tada:

• Read the announcement on our blog: https://palletsprojects.com/blog/flask-2-0-released/
• Read the full list of changes: https://itsdangerous.palletsprojects.com/changes/#version-2-0-0
• Retweet the announcement on Twitter: https://twitter.com/PalletsTeam/status/1392266507296514048
• Follow our blog, Twitter, or GitHub to see future announcements.

This represents a significant amount of work, and there are quite a few changes. Be sure to carefully read the changelog, and use tools such as pip-compile and Dependabot to pin your dependencies and control your updates.

2.0.0rc2

• Changes: https://itsdangerous.palletsprojects.com/en/master/changes/#version-2-0-0

Changelog

Sourced from itsdangerous's changelog.

Version 2.0.1

Released 2021-05-18

• Mark top-level names as exported so type checking understands imports in user projects. :pr:240
• The salt argument to Serializer and Signer can be None again. :issue:237

Version 2.0.0

Released 2021-05-11

• Drop support for Python 2 and 3.5.
• JWS support (JSONWebSignatureSerializer, TimedJSONWebSignatureSerializer) is deprecated. Use a dedicated JWS/JWT library such as authlib instead. :issue:129
• Importing itsdangerous.json is deprecated. Import Python's json module instead. :pr:152
• Simplejson is no longer used if it is installed. To use a different library, pass it as Serializer(serializer=...). :issue:146
• datetime values are timezone-aware with timezone.utc. Code using TimestampSigner.unsign(return_timestamp=True) or BadTimeSignature.date_signed may need to change. :issue:150
• If a signature has an age less than 0, it will raise SignatureExpired rather than appearing valid. This can happen if the timestamp offset is changed. :issue:126
• BadTimeSignature.date_signed is always a datetime object rather than an int in some cases. :issue:124
• Added support for key rotation. A list of keys can be passed as secret_key, oldest to newest. The newest key is used for signing, all keys are tried for unsigning. :pr:141
• Removed the default SHA-512 fallback signer from default_fallback_signers. :issue:155
• Add type information for static typing tools. :pr:186

Commits

• 8f39dd3 Merge pull request #242 from pallets/release-2.0.1
• eccb31f release version 2.0.1
• 87d4e83 Merge pull request #241 from pallets/salt-default
• 41ec419 allow salt=None again
• 15a2e0d Merge pull request #240 from pallets/update-typing
• d2250ed mark top-level names as exported
• 56823cd Merge pull request #236 from pallets/default-branch
• b9c36cc rename default branch in files
• 0f37243 start version 2.0.1.dev0
• d101100 Merge pull request #235 from pallets/release-2.0.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot[bot]]

Looks like itsdangerous is up-to-date now, so this is no longer needed.