Is this case of a bad release, where the new version used the wrong tag?

Seems like the chances made in the last few years were just never released. 0.7.1 was released in 2015 judging by the commits and pypi release history.

If you download the latest PyPI release, do you see the latest code? I was not able to see it.

No, like I said. 0.7.1 is the latest release and that was released back in 2015. Not sure why they've made changes to master over the years but not published a release since then.

wanted to open same isssue but checked the code and it has been changed but i have the latest version installed rt now and it still gives the warning. last update was 5 months ago whats happening?

Figured I'd chime in, as I'm noticing this deprecation warning as well. The switch to hmac was made in PR #70 , as mentioned, but the changes don't appear to have made it to release. 0.7.1 is latest as of current.

FYI str_safe_cmp has been removed on the latest version of Werkzeug 2.1.0 as of today. So this library on PyPi doesn't work correctly anymore unless you pin/downgrade Werkzeug version

Same problem here with str_safe_cmp. Is there an estimation of when a new version will be released at PyPi?

@maxcountryman any plans on releasing a new version to pypi?

Version 1.0.0 was released today.