Bump itsdangerous from 1.1.0 to 2.0.0

[dependabot-preview]

Bumps itsdangerous from 1.1.0 to 2.0.0.

Release notes

Sourced from itsdangerous's releases.

2.0.0

New major versions of all the core Pallets libraries, including ItsDangerous 2.0, have been released! 🎉

• Read the announcement on our blog: https://palletsprojects.com/blog/flask-2-0-released/
• Read the full list of changes: https://itsdangerous.palletsprojects.com/changes/#version-2-0-0
• Retweet the announcement on Twitter: https://twitter.com/PalletsTeam/status/1392266507296514048
• Follow our blog, Twitter, or GitHub to see future announcements.

This represents a significant amount of work, and there are quite a few changes. Be sure to carefully read the changelog, and use tools such as pip-compile and Dependabot to pin your dependencies and control your updates.

2.0.0rc2

• Changes: https://itsdangerous.palletsprojects.com/en/master/changes/#version-2-0-0

Changelog

Sourced from itsdangerous's changelog.

Version 2.0.0

Released 2021-05-11

• Drop support for Python 2 and 3.5.
• JWS support (JSONWebSignatureSerializer, TimedJSONWebSignatureSerializer) is deprecated. Use a dedicated JWS/JWT library such as authlib instead. 129
• Importing itsdangerous.json is deprecated. Import Python's json module instead. 152
• Simplejson is no longer used if it is installed. To use a different library, pass it as Serializer(serializer=...). 146
• datetime values are timezone-aware with timezone.utc. Code using TimestampSigner.unsign(return_timestamp=True) or BadTimeSignature.date_signed may need to change. 150
• If a signature has an age less than 0, it will raise SignatureExpired rather than appearing valid. This can happen if the timestamp offset is changed. 126
• BadTimeSignature.date_signed is always a datetime object rather than an int in some cases. 124
• Added support for key rotation. A list of keys can be passed as secret_key, oldest to newest. The newest key is used for signing, all keys are tried for unsigning. 141
• Removed the default SHA-512 fallback signer from default_fallback_signers. 155
• Add type information for static typing tools. 186

Commits

• d101100 Merge pull request #235 from pallets/release-2.0.0
• ca0f59a release version 2.0.0
• d1ed89f update requirements
• d1722ea Merge pull request #234 from pallets/pre-commit-ci-schedule
• d1eb7aa update pre-commit monthly
• acbc456 Merge pull request #233 from pallets/pre-commit-ci-update-config
• 04e485a [pre-commit.ci] pre-commit autoupdate
• c0e6b48 Merge pull request #232 from pallets/pre-commit-ci-update-config
• 6a9df83 [pre-commit.ci] pre-commit autoupdate
• 477f42c Merge pull request #231 from pallets/dependabot/pip/pre-commit-2.12.1
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

[dependabot-preview]

Superseded by #41.