Skip to content

Commit

Permalink
Bump werkzeug from 2.3.7 to 3.0.0 (#126)
Browse files Browse the repository at this point in the history 
Bumps [werkzeug](https://github.com/pallets/werkzeug) from 2.3.7 to
3.0.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pallets/werkzeug/releases">werkzeug's
releases</a>.</em></p>
<blockquote>
<h2>3.0.0</h2>
<p>This is a feature release, which includes new features, removes
previously deprecated code, and adds new deprecations. The 3.0.x branch
is now the supported fix branch, the 2.3.x branch will become a tag
marking the end of support for that branch. We encourage everyone to
upgrade, and to use a tool such as <a
href="https://pypi.org/project/pip-tools/">pip-tools</a> to pin all
dependencies and control upgrades. Test with warnings treated as errors
to be able to adapt to deprecation warnings early.</p>
<ul>
<li>Changes: <a
href="https://werkzeug.palletsprojects.com/en/3.0.x/changes/#version-3-0-0">https://werkzeug.palletsprojects.com/en/3.0.x/changes/#version-3-0-0</a></li>
<li>Milestone: <a
href="https://github.com/pallets/werkzeug/milestone/21?closed=1">https://github.com/pallets/werkzeug/milestone/21?closed=1</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pallets/werkzeug/blob/main/CHANGES.rst">werkzeug's
changelog</a>.</em></p>
<blockquote>
<h2>Version 3.0.0</h2>
<p>Released 2023-09-30</p>
<ul>
<li>Remove previously deprecated code. :pr:<code>2768</code></li>
<li>Deprecate the <code>__version__</code> attribute. Use feature
detection, or
<code>importlib.metadata.version(&quot;werkzeug&quot;)</code>, instead.
:issue:<code>2770</code></li>
<li><code>generate_password_hash</code> uses scrypt by default.
:issue:<code>2769</code></li>
<li>Add the <code>&quot;werkzeug.profiler&quot;</code> item to the WSGI
<code>environ</code> dictionary
passed to <code>ProfilerMiddleware</code>'s <code>filename_format</code>
function. It contains
the <code>elapsed</code> and <code>time</code> values for the profiled
request. :issue:<code>2775</code></li>
<li>Explicitly marked the PathConverter as non path isolating.
:pr:<code>2784</code></li>
</ul>
<h2>Version 2.3.8</h2>
<p>Unreleased</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pallets/werkzeug/commit/aa5088f6e550ab6dfb6742270c9ea733ed17261c"><code>aa5088f</code></a>
Release version 3.0.0</li>
<li><a
href="https://github.com/pallets/werkzeug/commit/64275425888b6ca4f5ebdfa1a9df814317718290"><code>6427542</code></a>
Default the PathConverter (and descendants) to be non part
isolating</li>
<li><a
href="https://github.com/pallets/werkzeug/commit/4820d8c487e5db9f43645c31c4123fce5ac5ad32"><code>4820d8c</code></a>
Provide elapsed and timestamp info to filename_format</li>
<li><a
href="https://github.com/pallets/werkzeug/commit/599993d7382eeb96add9f38b4431a2f50cd2c9f2"><code>599993d</code></a>
Bump pypa/gh-action-pypi-publish from 1.8.8 to 1.8.10 (<a
href="https://redirect.github.com/pallets/werkzeug/issues/2780">#2780</a>)</li>
<li><a
href="https://github.com/pallets/werkzeug/commit/a2394ed51ed8697b5523243acb10cb589c0f7834"><code>a2394ed</code></a>
Bump slsa-framework/slsa-github-generator from 1.7.0 to 1.9.0 (<a
href="https://redirect.github.com/pallets/werkzeug/issues/2779">#2779</a>)</li>
<li><a
href="https://github.com/pallets/werkzeug/commit/1efd6f3c2c31ec9479d8b8d9219bdb042e55bd15"><code>1efd6f3</code></a>
Bump actions/checkout from 3.5.3 to 3.6.0 (<a
href="https://redirect.github.com/pallets/werkzeug/issues/2778">#2778</a>)</li>
<li><a
href="https://github.com/pallets/werkzeug/commit/76a5419d2ee8b7785c0304d58a94d6c0387c976c"><code>76a5419</code></a>
Bump pypa/gh-action-pypi-publish from 1.8.8 to 1.8.10</li>
<li><a
href="https://github.com/pallets/werkzeug/commit/ce8cfe7dbb73b56c982a9c74162084cdb284c2f5"><code>ce8cfe7</code></a>
Bump slsa-framework/slsa-github-generator from 1.7.0 to 1.9.0</li>
<li><a
href="https://github.com/pallets/werkzeug/commit/2b172cb0a4f32a61c7e64033245e6cb7a287df51"><code>2b172cb</code></a>
Bump actions/checkout from 3.5.3 to 3.6.0</li>
<li><a
href="https://github.com/pallets/werkzeug/commit/3f9c1be6ceb97b5f3d1c1c0d4d0b6e7bc23ab161"><code>3f9c1be</code></a>
Update helpful error message about AirPlay collision on macOS (<a
href="https://redirect.github.com/pallets/werkzeug/issues/2776">#2776</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/pallets/werkzeug/compare/2.3.7...3.0.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=werkzeug&package-manager=pip&previous-version=2.3.7&new-version=3.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Ben McLean <[email protected]>
  • Loading branch information
@dependabot @emilymclean
dependabot[bot] and emilymclean authored Oct 8, 2023
1 parent 6eb1157 commit c9a1016
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions Pipfile.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit c9a1016

Please sign in to comment.