Update werkzeug requirement from <2.3,>=2 to >=2,<2.4

[dependabot]

Updates the requirements on werkzeug to permit the latest version.

Release notes

Sourced from werkzeug's releases.

2.3.0

This is a feature release, which includes new features, removes previously deprecated code, and adds new deprecations. The 2.3.x branch is now the supported fix branch, the 2.2.x branch will become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.

• Changes: https://werkzeug.palletsprojects.com/en/2.3.x/changes/#version-2-3-0
• Milestone: https://github.com/pallets/werkzeug/milestone/23?closed=1

Changelog

Sourced from werkzeug's changelog.

Version 2.3.0

Released 2023-04-25

• Drop support for Python 3.7. :pr:2648
• Remove previously deprecated code. :pr:2592
• Passing bytes where strings are expected is deprecated, as well as the charset and errors parameters in many places. Anywhere that was annotated, documented, or tested to accept bytes shows a warning. Removing this artifact of the transition from Python 2 to 3 removes a significant amount of overhead in instance checks and encoding cycles. In general, always work with UTF-8, the modern HTML, URL, and HTTP standards all strongly recommend this. :issue:2602
• Deprecate the werkzeug.urls module, except for the uri_to_iri and iri_to_uri functions. Use the urllib.parse library instead. :issue:2600
• Update which characters are considered safe when using percent encoding in URLs, based on the WhatWG URL Standard. :issue:2601
• Update which characters are considered safe when using percent encoding for Unicode filenames in downloads. :issue:2598
• Deprecate the safe_conversion parameter of iri_to_uri. The Location header is converted to IRI using the same process as everywhere else. :issue:2609
• Deprecate werkzeug.wsgi.make_line_iter and make_chunk_iter. :pr:2613
• Use modern packaging metadata with pyproject.toml instead of setup.cfg. :pr:2574
• Request.get_json() will raise a 415 Unsupported Media Type error if the Content-Type header is not application/json, instead of a generic 400. :issue:2550
• A URL converter's part_isolating defaults to False if its regex contains a /. :issue:2582
• A custom converter's regex can have capturing groups without breaking the router. :pr:2596
• The reloader can pick up arguments to python like -X dev, and does not require heuristics to determine how to reload the command. Only available on Python >= 3.10. :issue:2589
• The Watchdog reloader ignores file opened events. Bump the minimum version of Watchdog to 2.3.0. :issue:2603
• When using a Unix socket for the development server, the path can start with a dot. :issue:2595
• Increase default work factor for PBKDF2 to 600,000 iterations. :issue:2611
• parse_options_header is 2-3 times faster. It conforms to :rfc:9110, some invalid parts that were previously accepted are now ignored. :issue:1628
• The is_filename parameter to unquote_header_value is deprecated. :pr:2614
• Deprecate the extra_chars parameter and passing bytes to quote_header_value, the allow_token parameter to dump_header, and the cls parameter and passing bytes to parse_dict_header. :pr:2618
• Improve parse_accept_header implementation. Parse according to :rfc:9110. Discard items with invalid q values. :issue:1623
• quote_header_value quotes the empty string. :pr:2618
• dump_options_header skips None values rather than using a bare key. :pr:2618

... (truncated)

Commits

• f2e0ac6 release version 2.3.0
• 853d747 Merge branch '2.2.x'
• 6a0bcf7 update dev dependencies
• e8cebe0 support scrypt (#2655)
• dfb6465 support scrypt
• ecfeafb fix issue links
• e1b4b52 update form parser API (#2653)
• bdb6466 deprecate custom form parser content types
• 7bd91d9 escape ASCII control characters in request log (#2652)
• e5a3aff escape ASCII control characters in request log
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

> **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[Glandos]

We want to support Python 3.7.

[dependabot]

Superseded by #1234.