pip: bump werkzeug from 1.0.1 to 2.3.7 in /authn-service

[dependabot[bot]]

Bumps werkzeug from 1.0.1 to 2.3.7.

Release notes

Sourced from werkzeug's releases.

2.3.7

This is a fix release for the 2.3.x feature branch.

• Changes: https://werkzeug.palletsprojects.com/en/2.3.x/changes/#version-2-3-7
• Milestone: https://github.com/pallets/werkzeug/milestone/33?closed=1

2.3.5

This is a fix release for the 2.3.x feature branch.

• Changes: https://werkzeug.palletsprojects.com/en/2.3.x/changes/#version-2-3-5
• Milestone: https://github.com/pallets/werkzeug/milestone/31?closed=1

2.3.4

This is a fix release for the 2.3.x release branch.

• Changes: https://werkzeug.palletsprojects.com/en/2.3.x/changes/#version-2-3-4
• Milestone: https://github.com/pallets/werkzeug/milestone/30?closed=1

2.3.3

This is a fix release for the 2.3.x release branch.

• Changes: https://werkzeug.palletsprojects.com/en/2.3.x/changes/#version-2-3-3
• Milestone: https://github.com/pallets/werkzeug/milestone/29?closed=1

2.3.2

This is a fix release for the 2.3.x release branch.

• Changes: https://werkzeug.palletsprojects.com/en/2.3.x/changes/#version-2-3-2
• Milestone: https://github.com/pallets/werkzeug/milestone/28?closed=1

2.3.1

This is a fix release for the 2.3.x release branch.

• Changes: https://werkzeug.palletsprojects.com/en/2.3.x/changes/#version-2-3-1
• Milestone: https://github.com/pallets/werkzeug/milestone/27?closed=1

2.3.0

This is a feature release, which includes new features, removes previously deprecated code, and adds new deprecations. The 2.3.x branch is now the supported fix branch, the 2.2.x branch will become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.

• Changes: https://werkzeug.palletsprojects.com/en/2.3.x/changes/#version-2-3-0
• Milestone: https://github.com/pallets/werkzeug/milestone/23?closed=1

2.2.3

This is a fix release for the 2.2.x release branch.

• Changes: https://werkzeug.palletsprojects.com/en/2.2.x/changes/#version-2-2-3
• Milestone: https://github.com/pallets/werkzeug/milestone/26?closed=1

This release contains security fixes for:

... (truncated)

Changelog

Sourced from werkzeug's changelog.

Version 2.3.7

Released 2023-08-14

• Use flit_core instead of setuptools as build backend.
• Fix parsing of multipart bodies. :issue:2734 Adjust index of last newline in data start. :issue:2761
• Parsing ints from header values strips spacing first. :issue:2734
• Fix empty file streaming when testing. :issue:2740
• Clearer error message when URL rule does not start with slash. :pr:2750
• Accept q value can be a float without a decimal part. :issue:2751

Version 2.3.6

Released 2023-06-08

• FileStorage.content_length does not fail if the form data did not provide a value. :issue:2726

Version 2.3.5

Released 2023-06-07

• Python 3.12 compatibility. :issue:2704
• Fix handling of invalid base64 values in Authorization.from_header. :issue:2717
• The debugger escapes the exception message in the page title. :pr:2719
• When binding routing.Map, a long IDNA server_name with a port does not fail encoding. :issue:2700
• iri_to_uri shows a deprecation warning instead of an error when passing bytes. :issue:2708
• When parsing numbers in HTTP request headers such as Content-Length, only ASCII digits are accepted rather than any format that Python's int and float accept. :issue:2716

Version 2.3.4

Released 2023-05-08

• Authorization.from_header and WWWAuthenticate.from_header detects tokens that end with base64 padding (=). :issue:2685
• Remove usage of warnings.catch_warnings. :issue:2690
• Remove max_form_parts restriction from standard form data parsing and only use if for multipart content. :pr:2694

... (truncated)

Commits

• 3c2ba3d Release version 2.3.7
• ac9974c Fix qvalue parsing (#2753)
• 88f4ed6 qvalue parsing accepts float without decimal
• dd1f137 Fix: Improve Error Message (#2750)
• fdc295a clearer url rule slash error
• a0f4bf4 fix: improve error message
• 1886322 Expand variables button scrolls to page header (#2733)
• d927efb Don't scroll to page header on expand button click
• a3a313a Fix empty stream file uploads when testing
• 3712c7b Add missing future import
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions[bot]]

Dependency Review

✅ No vulnerabilities or license issues found.

Scanned Manifest Files

authn-service/requirements.txt

• werkzeug@1.0.1
• werkzeug@2.3.7

[dependabot[bot]]

Superseded by #185.