diff --git a/lang/python/itsdangerous/Makefile b/lang/python/itsdangerous/Makefile
index 769333ba3f..e6d57063d1 100644
--- a/lang/python/itsdangerous/Makefile
+++ b/lang/python/itsdangerous/Makefile
@@ -5,11 +5,11 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=itsdangerous
-PKG_VERSION:=2.1.2
+PKG_VERSION:=2.2.0
 PKG_RELEASE:=1
 
 PYPI_NAME:=$(PKG_NAME)
-PKG_HASH:=5dbbc68b317e5e42f327f9021763545dc3fc3bfe22e6deb96aaf1fc38874156a
+PKG_HASH:=e0050c0b7da1eea53ffaf149c0cfbb5c6e2e2b69c4bef22c81fa6eb73e5f6173
 
 PKG_MAINTAINER:=Alexandru Ardelean <ardeleanalex@gmail.com>
 PKG_LICENSE:=BSD-3-Clause
diff --git a/lang/python/itsdangerous/test.sh b/lang/python/itsdangerous/test.sh
new file mode 100644
index 0000000000..17f8174e32
--- /dev/null
+++ b/lang/python/itsdangerous/test.sh
@@ -0,0 +1,28 @@
+#!/bin/sh
+
+[ "$1" = python3-itsdangerous ] || exit 0
+
+python3 - << 'EOF'
+from itsdangerous import URLSafeSerializer, URLSafeTimedSerializer, BadSignature
+
+s = URLSafeSerializer("secret-key")
+token = s.dumps({"user_id": 42, "role": "admin"})
+assert isinstance(token, str)
+data = s.loads(token)
+assert data["user_id"] == 42
+assert data["role"] == "admin"
+
+# Test that tampered tokens are rejected
+try:
+    s.loads(token + "tampered")
+    assert False, "should have raised BadSignature"
+except BadSignature:
+    pass
+
+# Test timed serializer
+ts = URLSafeTimedSerializer("another-secret")
+timed_token = ts.dumps("payload")
+assert ts.loads(timed_token) == "payload"
+
+print("python3-itsdangerous OK")
+EOF