ItsDangerous provides helpers to safely pass trusted data to untrusted environments and get it back intact. It signs tokens cryptographically to prevent tampering, with options for custom serialization, optional compression, and automatic timestamping and verification when loading a token.
Project status
- The repository appears to be maintained, with an upstream push as recent as 2025-06-14, though the provided update history shows the newest published update was 2.2.0 on 2024-04-16.
- Update cadence is relatively infrequent based on the provided history, with major changes at 2.2.0 (2024-04-16) and then a gap to 2.1.x in early 2022, indicating a slower maintenance rhythm rather than frequent iteration.
AI summary generated 2 weeks ago
Recent updates
2.2.0
4/16/2024itsdangerous 2.2.0 is a feature release that modernizes packaging (pyproject.toml, flit backend), drops Python 3.7 support, and updates typing for the Serializer API (including better generic typing for dumps/return types). It also implements runtime-safe deprecations for the __version__ attribute and avoids importing hashlib.sha1 at import time for FIPS compatibility.
BreakingFeatures2.1.2
3/24/2022Release 2.1.2 updates itsdangerous with a targeted fix for timed signature verification. It specifically improves error handling in the timed unsign flow when converting timestamps on 32-bit platforms.
2.1.1
3/9/2022Release 2.1.1 is a small maintenance update for itsdangerous. The only runtime-relevant code change is an adjustment to error handling in timed signature verification, plus minor test and configuration updates.
2.1.0
2/18/2022ItsDangerous 2.1.0 primarily removes previously deprecated APIs, specifically JWS support and the deprecated `itsdangerous.json` shim, and updates version metadata. The code changes also include minor exception-handling adjustments (exception chaining) and various CI and tooling updates.
Breaking2.0.1
5/18/2021Release 2.0.1 mainly contains internal/type-support changes and a behavioral fix around the meaning of the `salt` parameter. It also updates CI branch naming from `master` to `main` and bumps the package version to 2.0.1.
2.0.0
5/12/2021This release is primarily the finalization of version 2.0.0 (from the 2.0.0rc2 release candidate) with no substantive runtime code changes. The diff focuses on metadata, releasing the CHANGES.rst entry, and updating development and documentation tooling dependencies.
2.0.0rc2
4/16/2021Release 2.0.0rc2 is a candidate release. The provided release notes only include a link to the upstream changes page, but the actual changelog entries are not included in the prompt, so specific developer-impacting changes (new features, breaking changes, fixes, security, performance, migration steps) cannot be extracted or verified from the provided text.