Update werkzeug requirement from <3,>=2 to >=2,<4

[dependabot]

Updates the requirements on werkzeug to permit the latest version.

Release notes

Sourced from werkzeug's releases.

3.0.1

This is a security release for the 3.0.x feature branch.

• Changes: https://werkzeug.palletsprojects.com/en/3.0.x/changes/#version-3-0-1

Changelog

Sourced from werkzeug's changelog.

Version 3.0.1

Released 2023-10-24

• Fix slow multipart parsing for large parts potentially enabling DoS attacks. :cwe:CWE-407

Version 3.0.0

Released 2023-09-30

• Remove previously deprecated code. :pr:2768
• Deprecate the __version__ attribute. Use feature detection, or importlib.metadata.version("werkzeug"), instead. :issue:2770
• generate_password_hash uses scrypt by default. :issue:2769
• Add the "werkzeug.profiler" item to the WSGI environ dictionary passed to ProfilerMiddleware's filename_format function. It contains the elapsed and time values for the profiled request. :issue:2775
• Explicitly marked the PathConverter as non path isolating. :pr:2784

Version 2.3.8

Released 2023-11-08

• Fix slow multipart parsing for large parts potentially enabling DoS attacks. :cwe:CWE-407

Version 2.3.7

Released 2023-08-14

• Use flit_core instead of setuptools as build backend.
• Fix parsing of multipart bodies. :issue:2734
• Adjust index of last newline in data start. :issue:2761
• Parsing ints from header values strips spacing first. :issue:2734
• Fix empty file streaming when testing. :issue:2740
• Clearer error message when URL rule does not start with slash. :pr:2750
• Accept q value can be a float without a decimal part. :issue:2751

Version 2.3.6

Released 2023-06-08

... (truncated)

Commits

• ce4eff5 Release version 3.0.1
• b1916c0 Fix: slow multipart parsing for huge files with few CR/LF characters
• 726eaa2 Release version 3.0.0
• 6427542 Default the PathConverter (and descendants) to be non part isolating
• 4820d8c Provide elapsed and timestamp info to filename_format
• 599993d Bump pypa/gh-action-pypi-publish from 1.8.8 to 1.8.10 (#2780)
• a2394ed Bump slsa-framework/slsa-github-generator from 1.7.0 to 1.9.0 (#2779)
• 1efd6f3 Bump actions/checkout from 3.5.3 to 3.6.0 (#2778)
• 76a5419 Bump pypa/gh-action-pypi-publish from 1.8.8 to 1.8.10
• ce8cfe7 Bump slsa-framework/slsa-github-generator from 1.7.0 to 1.9.0
• Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
werkzeug	[>= 2.1.a, < 2.2]
werkzeug	[>= 2.2.a, < 2.3]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)