Back to Explore

pallets/itsdangerous

GitHub
1 watchersOpen source

Last release: 2024-04-16

ItsDangerous provides helpers to safely pass trusted data to untrusted environments and get it back intact. It signs tokens cryptographically to prevent tampering, with options for custom serialization, optional compression, and automatic timestamping and verification when loading a token.

Project status

  • Maintenance status: The source appears largely quiet/in maintenance mode as of 2026-06-09, with the latest documented update 2.2.0 on 2024-04-16 and no newer version updates shown in the provided history, despite an upstream push in 2025-06-14.
  • Update cadence: Updates came in clusters, 2.1.x and 2.2.0 in April 2024, then a long gap until the next listed versions (previously 2022-03/02 and 2021-05), indicating low ongoing release frequency.

AI summary generated 2026-06-09

AI-generated from public sources. May be inaccurate. Report

Recent updates

  • 2.2.0

    2024-04-16

    itsdangerous 2.2.0 is a feature release that modernizes packaging (pyproject.toml, flit backend), drops Python 3.7 support, and updates typing for the Serializer API (including better generic typing for dumps/return types). It also implements runtime-safe deprecations for the __version__ attribute and avoids importing hashlib.sha1 at import time for FIPS compatibility.

    BreakingFeatures

  • 2.1.x

    2024-04-16

    No release notes were provided for this version. The code diff shows a mix of typing-only modernization (generics, postponed evaluation of annotations, updated type hints) plus a couple of behavior-affecting changes around version reporting and default hashing behavior.

  • 2.1.2

    2022-03-24

    Release 2.1.2 updates itsdangerous with a targeted fix for timed signature verification. It specifically improves error handling in the timed unsign flow when converting timestamps on 32-bit platforms.

  • 2.1.1

    2022-03-09

    Release 2.1.1 is a small maintenance update for itsdangerous. The only runtime-relevant code change is an adjustment to error handling in timed signature verification, plus minor test and configuration updates.

  • 2.1.0

    2022-02-18

    ItsDangerous 2.1.0 primarily removes previously deprecated APIs, specifically JWS support and the deprecated `itsdangerous.json` shim, and updates version metadata. The code changes also include minor exception-handling adjustments (exception chaining) and various CI and tooling updates.

    Breaking

  • 2.0.1

    2021-05-18

    Release 2.0.1 mainly contains internal/type-support changes and a behavioral fix around the meaning of the `salt` parameter. It also updates CI branch naming from `master` to `main` and bumps the package version to 2.0.1.

  • 2.0.0

    2021-05-12

    This release is primarily the finalization of version 2.0.0 (from the 2.0.0rc2 release candidate) with no substantive runtime code changes. The diff focuses on metadata, releasing the CHANGES.rst entry, and updating development and documentation tooling dependencies.

  • 2.0.0rc2

    2021-04-16

    Release 2.0.0rc2 is a candidate release. The provided release notes only include a link to the upstream changes page, but the actual changelog entries are not included in the prompt, so specific developer-impacting changes (new features, breaking changes, fixes, security, performance, migration steps) cannot be extracted or verified from the provided text.