Upgrade itsdangerous

Version 1.1.0 has reverted the breaking change (moving from sha1 to sha256) that was introduced in version 1.0.0. Upgrading now so that we can take advantage of this bug fix: https://github.com/pallets/itsdangerous/issues/46
2026-06-04 13:30:02 -04:00 · 2020-02-19 13:47:35 +00:00
parent 8a91068682
commit d4a173c78c
2 changed files with 4 additions and 8 deletions
--- a/requirements-app.txt
+++ b/requirements-app.txt
@@ -19,9 +19,7 @@ notifications-python-client==5.5.1

 # PaaS
 awscli-cwlogs>=1.4,<1.5
-
-# Putting upgrade on hold due to v1.0.0 using sha512 instead of sha1 by default
-itsdangerous==0.24  # pyup: <1.0.0
+itsdangerous==1.1.0

 git+https://github.com/alphagov/notifications-utils.git@36.6.0#egg=notifications-utils==36.6.0
 git+https://github.com/alphagov/govuk-frontend-jinja.git@v0.5.1-alpha#egg=govuk-frontend-jinja==0.5.1-alpha
--- a/requirements.txt
+++ b/requirements.txt
@@ -21,18 +21,16 @@ notifications-python-client==5.5.1

 # PaaS
 awscli-cwlogs>=1.4,<1.5
-
-# Putting upgrade on hold due to v1.0.0 using sha512 instead of sha1 by default
-itsdangerous==0.24  # pyup: <1.0.0
+itsdangerous==1.1.0

 git+https://github.com/alphagov/notifications-utils.git@36.6.0#egg=notifications-utils==36.6.0
 git+https://github.com/alphagov/govuk-frontend-jinja.git@v0.5.1-alpha#egg=govuk-frontend-jinja==0.5.1-alpha

 ## The following requirements were added by pip freeze:
-awscli==1.17.15
+awscli==1.18.2
 bleach==3.1.0
 boto3==1.10.38
-botocore==1.14.15
+botocore==1.15.2
 certifi==2019.11.28
 chardet==3.0.4
 Click==7.0