Bump werkzeug from 1.0.1 to 2.3.5

[dependabot]

Bumps werkzeug from 1.0.1 to 2.3.5.

Release notes

Sourced from werkzeug's releases.

2.3.5

This is a fix release for the 2.3.x feature branch.

• Changes: https://werkzeug.palletsprojects.com/en/2.3.x/changes/#version-2-3-5
• Milestone: https://github.com/pallets/werkzeug/milestone/31?closed=1

2.3.4

This is a fix release for the 2.3.x release branch.

• Changes: https://werkzeug.palletsprojects.com/en/2.3.x/changes/#version-2-3-4
• Milestone: https://github.com/pallets/werkzeug/milestone/30?closed=1

2.3.3

This is a fix release for the 2.3.x release branch.

• Changes: https://werkzeug.palletsprojects.com/en/2.3.x/changes/#version-2-3-3
• Milestone: https://github.com/pallets/werkzeug/milestone/29?closed=1

2.3.2

This is a fix release for the 2.3.x release branch.

• Changes: https://werkzeug.palletsprojects.com/en/2.3.x/changes/#version-2-3-2
• Milestone: https://github.com/pallets/werkzeug/milestone/28?closed=1

2.3.1

This is a fix release for the 2.3.x release branch.

• Changes: https://werkzeug.palletsprojects.com/en/2.3.x/changes/#version-2-3-1
• Milestone: https://github.com/pallets/werkzeug/milestone/27?closed=1

2.3.0

This is a feature release, which includes new features, removes previously deprecated code, and adds new deprecations. The 2.3.x branch is now the supported fix branch, the 2.2.x branch will become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.

• Changes: https://werkzeug.palletsprojects.com/en/2.3.x/changes/#version-2-3-0
• Milestone: https://github.com/pallets/werkzeug/milestone/23?closed=1

2.2.3

This is a fix release for the 2.2.x release branch.

• Changes: https://werkzeug.palletsprojects.com/en/2.2.x/changes/#version-2-2-3
• Milestone: https://github.com/pallets/werkzeug/milestone/26?closed=1

This release contains security fixes for:

• GHSA-xg9f-g7g7-2323
• GHSA-px8h-6qxv-m22q

2.2.2

This is a fix release for the 2.2.0 feature release.

... (truncated)

Changelog

Sourced from werkzeug's changelog.

Version 2.3.5

Released 2023-06-07

• Python 3.12 compatibility. :issue:2704
• Fix handling of invalid base64 values in Authorization.from_header. :issue:2717
• The debugger escapes the exception message in the page title. :pr:2719
• When binding routing.Map, a long IDNA server_name with a port does not fail encoding. :issue:2700
• iri_to_uri shows a deprecation warning instead of an error when passing bytes. :issue:2708
• When parsing numbers in HTTP request headers such as Content-Length, only ASCII digits are accepted rather than any format that Python's int and float accept. :issue:2716

Version 2.3.4

Released 2023-05-08

• Authorization.from_header and WWWAuthenticate.from_header detects tokens that end with base64 padding (=). :issue:2685
• Remove usage of warnings.catch_warnings. :issue:2690
• Remove max_form_parts restriction from standard form data parsing and only use if for multipart content. :pr:2694
• Response will avoid converting the Location header in some cases to preserve invalid URL schemes like itms-services. :issue:2691

Version 2.3.3

Released 2023-05-01

• Fix parsing of large multipart bodies. Remove invalid leading newline, and restore parsing speed. :issue:2658, 2675
• The cookie Path attribute is set to / by default again, to prevent clients from falling back to RFC 6265's default-path behavior. :issue:2672, 2679

Version 2.3.2

Released 2023-04-28

• Parse the cookie Expires attribute correctly in the test client. :issue:2669
• max_content_length can only be enforced on streaming requests if the server sets wsgi.input_terminated. :issue:2668

... (truncated)

Commits

• 2c9b513 release version 2.3.5
• 86c5c78 fail on Python's extended int/float syntax (#2723)
• 6290332 fail on Python's extended int/float syntax
• 1892c10 show warning instead of error when passing bytes to iri_to_uri (#2709)
• dc9e73b passing bytes to iri_to_uri shows deprecation warning
• d70b37d Map.bind ignores port for IDNA (#2721)
• 23593ae Map.bind ignores port for IDNA
• 031991a [pre-commit.ci] pre-commit autoupdate (#2720)
• c431ab3 [pre-commit.ci] pre-commit autoupdate
• 7d2f846 retarget pre-commit.ci
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #261.