id,node_id,number,title,user,state,locked,assignee,milestone,comments,created_at,updated_at,closed_at,author_association,pull_request,body,repo,type,active_lock_reason,performed_via_github_app,reactions,draft,state_reason
890073989,MDExOlB1bGxSZXF1ZXN0NjQzMTQ5MzY0,1325,"Update itsdangerous requirement from ~=1.1 to >=1.1,<3.0",49699333,closed,0,,,2,2021-05-12T13:09:03Z,2021-05-22T23:54:25Z,2021-05-22T23:54:25Z,CONTRIBUTOR,simonw/datasette/pulls/1325,"Updates the requirements on [itsdangerous](https://github.com/pallets/itsdangerous) to permit the latest version.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href=""https://github.com/pallets/itsdangerous/releases"">itsdangerous's releases</a>.</em></p>
<blockquote>
<h2>2.0.0</h2>
<p>New major versions of all the core Pallets libraries, including ItsDangerous 2.0, have been released! :tada:</p>
<ul>
<li>Read the announcement on our blog: <a href=""https://palletsprojects.com/blog/flask-2-0-released/"">https://palletsprojects.com/blog/flask-2-0-released/</a></li>
<li>Read the full list of changes: <a href=""https://itsdangerous.palletsprojects.com/changes/#version-2-0-0"">https://itsdangerous.palletsprojects.com/changes/#version-2-0-0</a></li>
<li>Retweet the announcement on Twitter: <a href=""https://twitter.com/PalletsTeam/status/1392266507296514048"">https://twitter.com/PalletsTeam/status/1392266507296514048</a></li>
<li>Follow our blog, Twitter, or GitHub to see future announcements.</li>
</ul>
<p>This represents a significant amount of work, and there are quite a few changes. Be sure to carefully read the changelog, and use tools such as pip-compile and Dependabot to pin your dependencies and control your updates.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href=""https://github.com/pallets/itsdangerous/blob/main/CHANGES.rst"">itsdangerous's changelog</a>.</em></p>
<blockquote>
<h2>Version 2.0.0</h2>
<p>Released 2021-05-11</p>
<ul>
<li>Drop support for Python 2 and 3.5.</li>
<li>JWS support (<code>JSONWebSignatureSerializer</code>,
<code>TimedJSONWebSignatureSerializer</code>) is deprecated. Use a dedicated
JWS/JWT library such as authlib instead. :issue:<code>129</code></li>
<li>Importing <code>itsdangerous.json</code> is deprecated. Import Python's
<code>json</code> module instead. :pr:<code>152</code></li>
<li>Simplejson is no longer used if it is installed. To use a different
library, pass it as <code>Serializer(serializer=...)</code>. :issue:<code>146</code></li>
<li><code>datetime</code> values are timezone-aware with <code>timezone.utc</code>. Code
using <code>TimestampSigner.unsign(return_timestamp=True)</code> or
<code>BadTimeSignature.date_signed</code> may need to change. :issue:<code>150</code></li>
<li>If a signature has an age less than 0, it will raise
<code>SignatureExpired</code> rather than appearing valid. This can happen if
the timestamp offset is changed. :issue:<code>126</code></li>
<li><code>BadTimeSignature.date_signed</code> is always a <code>datetime</code> object
rather than an <code>int</code> in some cases. :issue:<code>124</code></li>
<li>Added support for key rotation. A list of keys can be passed as
<code>secret_key</code>, oldest to newest. The newest key is used for
signing, all keys are tried for unsigning. :pr:<code>141</code></li>
<li>Removed the default SHA-512 fallback signer from
<code>default_fallback_signers</code>. :issue:<code>155</code></li>
<li>Add type information for static typing tools. :pr:<code>186</code></li>
</ul>
<h2>Version 1.1.0</h2>
<p>Released 2018-10-26</p>
<ul>
<li>Change default signing algorithm back to SHA-1. :pr:<code>113</code></li>
<li>Added a default SHA-512 fallback for users who used the yanked 1.0.0
release which defaulted to SHA-512. :pr:<code>114</code></li>
<li>Add support for fallback algorithms during deserialization to
support changing the default in the future without breaking existing
signatures. :pr:<code>113</code></li>
<li>Changed capitalization of packages back to lowercase as the change
in capitalization broke some tooling. :pr:<code>113</code></li>
</ul>
<h2>Version 1.0.0</h2>
<p>Released 2018-10-18</p>
<p>YANKED</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href=""https://github.com/pallets/itsdangerous/commit/d101100c395958d67368b8c37d95a9c404598c2e""><code>d101100</code></a> Merge pull request <a href=""https://github-redirect.dependabot.com/pallets/itsdangerous/issues/235"">#235</a> from pallets/release-2.0.0</li>
<li><a href=""https://github.com/pallets/itsdangerous/commit/ca0f59ac73507014729a5857e985229604e5e83b""><code>ca0f59a</code></a> release version 2.0.0</li>
<li><a href=""https://github.com/pallets/itsdangerous/commit/d1ed89f6ac50d58fa43ce37f92db371bebc20bc5""><code>d1ed89f</code></a> update requirements</li>
<li><a href=""https://github.com/pallets/itsdangerous/commit/d1722ea35b4239b6d08e8d418edc74d6594eebd6""><code>d1722ea</code></a> Merge pull request <a href=""https://github-redirect.dependabot.com/pallets/itsdangerous/issues/234"">#234</a> from pallets/pre-commit-ci-schedule</li>
<li><a href=""https://github.com/pallets/itsdangerous/commit/d1eb7aa76756268061f2d31551f79da7882b45a9""><code>d1eb7aa</code></a> update pre-commit monthly</li>
<li><a href=""https://github.com/pallets/itsdangerous/commit/acbc456c91d4a9e9f63b9230be5a1cf3d5a1d767""><code>acbc456</code></a> Merge pull request <a href=""https://github-redirect.dependabot.com/pallets/itsdangerous/issues/233"">#233</a> from pallets/pre-commit-ci-update-config</li>
<li><a href=""https://github.com/pallets/itsdangerous/commit/04e485a0b0b00d8b2dc73a287852d642d3366c72""><code>04e485a</code></a> [pre-commit.ci] pre-commit autoupdate</li>
<li><a href=""https://github.com/pallets/itsdangerous/commit/c0e6b484a6cdc92c38bec74ffcf350bc42f20e2b""><code>c0e6b48</code></a> Merge pull request <a href=""https://github-redirect.dependabot.com/pallets/itsdangerous/issues/232"">#232</a> from pallets/pre-commit-ci-update-config</li>
<li><a href=""https://github.com/pallets/itsdangerous/commit/6a9df8338ce39b780cebd8a7f54b8a7cb75eeab4""><code>6a9df83</code></a> [pre-commit.ci] pre-commit autoupdate</li>
<li><a href=""https://github.com/pallets/itsdangerous/commit/477f42c3e74f1a823deb3d7c3ab94a5b534d545b""><code>477f42c</code></a> Merge pull request <a href=""https://github-redirect.dependabot.com/pallets/itsdangerous/issues/231"">#231</a> from pallets/dependabot/pip/pre-commit-2.12.1</li>
<li>Additional commits viewable in <a href=""https://github.com/pallets/itsdangerous/compare/1.1.0...2.0.0"">compare view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually


</details>",107914493,pull,,,"{""url"": ""https://api.github.com/repos/simonw/datasette/issues/1325/reactions"", ""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",0,