Update werkzeug requirement from <1.0.0 to <2.0.0

Updates the requirements on werkzeug to permit the latest version.

Release notes

1.0.1

Changelog: https://werkzeug.palletsprojects.com/en/1.0.x/changes/#version-1-0-1

Changelog

Version 1.0.1

Released 2020-03-31

Make the argument to RequestRedirect.get_response optional. 1718

Only allow a single access control allow origin value. 1723

Fix crash when trying to parse a non-existent Content Security Policy header. 1731

http_date zero fills years < 1000 to always output four digits. 1739

Fix missing local variables in interactive debugger console. 1746

Fix passing file-like objects like io.BytesIO to FileStorage.save. 1733

Version 1.0.0

Released 2020-02-06

Drop support for Python 3.4. (1478)

Remove code that issued deprecation warnings in version 0.15. (1477)

Remove most top-level attributes provided by the werkzeug module in favor of direct imports. For example, instead of import werkzeug; werkzeug.url_quote, do from werkzeug.urls import url_quote. Install version 0.16 first to see deprecation warnings while upgrading. 2, 1640

Added utils.invalidate_cached_property() to invalidate cached properties. (1474)

Directive keys for the Set-Cookie response header are not ignored when parsing the Cookie request header. This allows cookies with names such as "expires" and "version". (1495)

Request cookies are parsed into a MultiDict to capture all values for cookies with the same key. cookies[key] returns the first value rather than the last. Use cookies.getlist(key) to get all values. parse_cookie also defaults to a MultiDict. 1562, 1458

Add charset=utf-8 to an HTTP exception response's CONTENT_TYPE header. (1526)

The interactive debugger handles outer variables in nested scopes such as lambdas and comprehensions. 913, 1037, 1532

The user agent for Opera 60 on Mac is correctly reported as "opera" instead of "chrome". 1556

The platform for Crosswalk on Android is correctly reported as "android" instead of "chromeos". (1572)

Issue a warning when the current server name does not match the configured server name. 760

A configured server name with the default port for a scheme will match the current server name without the port if the current scheme matches. 1584

~exceptions.InternalServerError has a original_exception attribute that frameworks can use to track the original cause of the error. 1590

Headers are tested for equality independent of the header key case, such that X-Foo is the same as x-foo. 1605

http.dump_cookie accepts 'None' as a value for samesite. 1549

~test.Client.set_cookie accepts a samesite argument. 1705

Support the Content Security Policy header through the Response.content_security_policy data structure. 1617

LanguageAccept will fall back to matching "en" for "en-US" or "en-US" for "en" to better support clients or translations that only match at the primary language tag. 450, 1507

MIMEAccept uses MIME parameters for specificity when matching. 458, 1574

If the development server is started with an SSLContext configured to verify client certificates, the certificate in PEM format will be available as environ["SSL_CLIENT_CERT"]. 1469

is_resource_modified will run for methods other than GET and HEAD, rather than always returning False. 409

SharedDataMiddleware returns 404 rather than 500 when trying to access a directory instead of a file with the package loader. The dependency on setuptools and pkg_resources is removed. 1599

Add a response.cache_control.immutable flag. Keep in mind that browser support for this Cache-Control header option is still experimental and may not be implemented. 1185

Optional request log highlighting with the development server is handled by Click instead of termcolor. 1235

Optional ad-hoc TLS support for the development server is handled by cryptography instead of pyOpenSSL. 1555

FileStorage.save() supports pathlib and 519 PathLike objects. 1653

The debugger security pin is unique in containers managed by Podman. 1661

Building a URL when host_matching is enabled takes into account the current host when there are duplicate endpoints with different hosts. 488

The 429 TooManyRequests and 503 ServiceUnavailable HTTP exceptions takes a retry_after parameter to set the Retry-After header. 1657

Map and Rule have a merge_slashes option to collapse multiple slashes into one, similar to how many HTTP servers behave. This is enabled by default. 1286, 1694

Add HTTP 103, 208, 306, 425, 506, 508, and 511 to the list of status codes. 1678

Add update, setlist, and setlistdefault methods to the Headers data structure. extend method can take MultiDict and kwargs. 1687, 1697

The development server accepts paths that start with two slashes, rather than stripping off the first path segment. 491

... (truncated)

Commits

1dde4b1 release version 1.0.1
1527e05 Merge pull request #1743 from Dreamsorcerer/patch-1
a9ba22a Add missing documentation about None return type.
244b486 Merge pull request #1734 from alexa-infra/fix-filestorage-save-bytes-io
c341a0a fix os.fspath call on file-like objects
32f3b07 Merge pull request #1741 from mbertoldi/1.0.x
c761ff8 fix locals in InteractiveConsole
6ff5cd1 Merge pull request #1740 from nicolary/hf-zfill_4_year_dump_date
b70df18 zfill year < 1000
8568bed Merge pull request #1736 from magula/1.0.x
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Note: This repo was added to Dependabot recently, so you'll receive a maximum of 5 PRs for your first few update runs. Once an update run creates fewer than 5 PRs we'll remove that limit.

You can always request more updates by clicking Bump now in your Dependabot dashboard.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired)

michael-lazar / flask-gopher

Update werkzeug requirement from <1.0.0 to <2.0.0 #10

1.0.1

Version 1.0.1

Version 1.0.0