Bump werkzeug from 0.15.4 to 1.0.0

[dependabot-preview]

Bumps werkzeug from 0.15.4 to 1.0.0.

Release notes

Sourced from werkzeug's releases.

1.0.0 Release Candidate 1

• Changes: https://werkzeug.palletsprojects.com/en/master/changes/#version-1-0-0

Use the --pre flag to install this pre-release:

pip install --pre Werkzeug==1.0.0rc1

0.16.1

• Changelog: https://werkzeug.palletsprojects.com/en/0.16.x/changes/#version-0-16-1

0.16.0

Most of the top-level attributes in the werkzeug module are now deprecated, and will be removed in 1.0.0.

For example, instead of import werkzeug; werkzeug.url_quote, do from werkzeug.urls import url_quote. A deprecation warning will show the correct import to use. werkzeug.exceptions and werkzeug.routing should also be imported instead of accessed, but for technical reasons can’t show a warning.

• Blog: https://palletsprojects.com/blog/werkzeug-0-16-0-released
• Changelog: https://werkzeug.palletsprojects.com/en/0.16.x/changes/#version-0-16-0

0.15.6

The issue causing the reloader to fail when running from a setuptools entry point (like flask run) on Windows has been fixed.

• Changelog: http://werkzeug.palletsprojects.com/en/0.15.x/changes/#version-0-15-6

0.15.5

• Changelog: http://werkzeug.palletsprojects.com/en/0.15.x/changes/#version-0-15-5

Changelog

Sourced from werkzeug's changelog.

Version 1.0.0

Released 2020-02-06

• Drop support for Python 3.4. (1478)
• Remove code that issued deprecation warnings in version 0.15. (1477)
• Remove most top-level attributes provided by the werkzeug module in favor of direct imports. For example, instead of import werkzeug; werkzeug.url_quote, do from werkzeug.urls import url_quote. Install version 0.16 first to see deprecation warnings while upgrading. 2, 1640
• Added utils.invalidate_cached_property() to invalidate cached properties. (1474)
• Directive keys for the Set-Cookie response header are not ignored when parsing the Cookie request header. This allows cookies with names such as "expires" and "version". (1495)
• Request cookies are parsed into a MultiDict to capture all values for cookies with the same key. cookies[key] returns the first value rather than the last. Use cookies.getlist(key) to get all values. parse_cookie also defaults to a MultiDict. 1562, 1458
• Add charset=utf-8 to an HTTP exception response's CONTENT_TYPE header. (1526)
• The interactive debugger handles outer variables in nested scopes such as lambdas and comprehensions. 913, 1037, 1532
• The user agent for Opera 60 on Mac is correctly reported as "opera" instead of "chrome". 1556
• The platform for Crosswalk on Android is correctly reported as "android" instead of "chromeos". (1572)
• Issue a warning when the current server name does not match the configured server name. 760
• A configured server name with the default port for a scheme will match the current server name without the port if the current scheme matches. 1584
• ~exceptions.InternalServerError has a original_exception attribute that frameworks can use to track the original cause of the error. 1590
• Headers are tested for equality independent of the header key case, such that X-Foo is the same as x-foo. 1605
• http.dump_cookie accepts 'None' as a value for samesite. 1549
• ~test.Client.set_cookie accepts a samesite argument. 1705
• Support the Content Security Policy header through the Response.content_security_policy data structure. 1617
• LanguageAccept will fall back to matching "en" for "en-US" or "en-US" for "en" to better support clients or translations that only match at the primary language tag. 450, 1507
• MIMEAccept uses MIME parameters for specificity when matching. 458, 1574
• If the development server is started with an SSLContext configured to verify client certificates, the certificate in PEM format will be available as environ["SSL_CLIENT_CERT"]. 1469
• is_resource_modified will run for methods other than GET and HEAD, rather than always returning False. 409
• SharedDataMiddleware returns 404 rather than 500 when trying to access a directory instead of a file with the package loader. The dependency on setuptools and pkg_resources is removed. 1599
• Add a response.cache_control.immutable flag. Keep in mind that browser support for this Cache-Control header option is still experimental and may not be implemented. 1185
• Optional request log highlighting with the development server is handled by Click instead of termcolor. 1235
• Optional ad-hoc TLS support for the development server is handled by cryptography instead of pyOpenSSL. 1555
• FileStorage.save() supports pathlib and 519 PathLike objects. 1653
• The debugger security pin is unique in containers managed by Podman. 1661
• Building a URL when host_matching is enabled takes into account the current host when there are duplicate endpoints with different hosts. 488
• The 429 TooManyRequests and 503 ServiceUnavailable HTTP exceptions takes a retry_after parameter to set the Retry-After header. 1657
• Map and Rule have a merge_slashes option to collapse multiple slashes into one, similar to how many HTTP servers behave. This is enabled by default. 1286, 1694
• Add HTTP 103, 208, 306, 425, 506, 508, and 511 to the list of status codes. 1678
• Add update, setlist, and setlistdefault methods to the Headers data structure. extend method can take MultiDict and kwargs. 1687, 1697
• The development server accepts paths that start with two slashes, rather than stripping off the first path segment. 491
• Add access control (Cross Origin Request Sharing, CORS) header properties to the Request and Response wrappers. 1699
• Accept values are no longer ordered alphabetically for equal quality tags. Instead the initial order is preserved. 1686
• Added Map.lock_class attribute for alternative implementations. 1702
• Support matching and building WebSocket rules in the routing system, for use by async frameworks. 1709
• Range requests that span an entire file respond with 206 instead of 200, to be more compliant with 7233. This may help serving media to older browsers. 410, 1704
• The ~middleware.shared_data.SharedDataMiddleware default fallback_mimetype is application/octet-stream. If a filename looks like a text mimetype, the utf-8 charset is added to it. This matches the behavior of ~wrappers.BaseResponse and Flask's send_file(). 1689

Version 0.16.1

Released 2020-01-27

... (truncated)

Commits

• dfde671 release version 1.0.0
• 1daf2c7 Merge pull request #1712 from pallets/shared-data-charset
• a8b2df2 SharedDataMiddleware adds utf-8 charset
• 0474354 Merge pull request #1711 from pallets/video-range
• 85eaee9 range request always returns 206 status
• 07e3c97 Merge pull request #1708 from bsolomon1124/master
• 4249e01 document werkzeug logger
• 13b6ef0 Merge pull request #1709 from pgjones/websocket
• ecd0d75 docs cleanup
• e932a1f Add support for WebSocket rules in the routing
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot will not automatically merge this PR because it includes an out-of-range update to a development dependency.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)