Bump werkzeug from 2.0.2 to 2.2.3

[dependabot[bot]]

Bumps werkzeug from 2.0.2 to 2.2.3.

Release notes

Sourced from werkzeug's releases.

2.2.3

This is a fix release for the 2.2.x release branch.

• Changes: https://werkzeug.palletsprojects.com/en/2.2.x/changes/#version-2-2-3
• Milestone: https://github.com/pallets/werkzeug/milestone/26?closed=1

This release contains security fixes for:

• https://github.com/pallets/werkzeug/security/advisories/GHSA-xg9f-g7g7-2323
• https://github.com/pallets/werkzeug/security/advisories/GHSA-px8h-6qxv-m22q

2.2.2

This is a fix release for the 2.2.0 feature release.

• Changes: https://werkzeug.palletsprojects.com/en/2.2.x/changes/#version-2-2-2
• Milestone: https://github.com/pallets/werkzeug/milestone/25?closed=1

2.2.1

This is a fix release for the 2.2.0 feature release.

• Changes: https://werkzeug.palletsprojects.com/en/2.2.x/changes/#version-2-2-1
• Milestone: https://github.com/pallets/werkzeug/milestone/24?closed=1

2.2.0

This is a feature release, which includes new features and removes previously deprecated features. The 2.2.x branch is now the supported bugfix branch, the 2.1.x branch will become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades.

• Changes: https://werkzeug.palletsprojects.com/en/2.2.x/changes/#version-2-2-0
• Milestone: https://github.com/pallets/werkzeug/milestone/20?closed=1

2.1.2

This is a fix release for the 2.1.0 feature release.

• Changes: https://werkzeug.palletsprojects.com/en/2.1.x/changes/#version-2-1-2
• Milestone: https://github.com/pallets/werkzeug/milestone/22?closed=1

2.1.1

This is a fix release for the 2.1.0 feature release.

• Changes: https://werkzeug.palletsprojects.com/en/2.1.x/changes/#version-2-1-1
• Milestone: https://github.com/pallets/werkzeug/milestone/19?closed=1

2.1.0

This is a feature release, which includes new features and removes previously deprecated features. The 2.1.x branch is now the supported bugfix branch, the 2.0.x branch will become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades.

• Changes: https://werkzeug.palletsprojects.com/en/2.1.x/changes/#version-2-1-0
• Milestone: https://github.com/pallets/werkzeug/milestone/16?closed=1

2.0.3

• Changes: https://werkzeug.palletsprojects.com/en/2.0.x/changes/#version-2-0-3
• Milestone: https://github.com/pallets/werkzeug/milestone/18?closed=1

Changelog

Sourced from werkzeug's changelog.

Version 2.2.3

Released 2023-02-14

• Ensure that URL rules using path converters will redirect with strict slashes when the trailing slash is missing. :issue:2533
• Type signature for get_json specifies that return type is not optional when silent=False. :issue:2508
• parse_content_range_header returns None for a value like bytes */-1 where the length is invalid, instead of raising an AssertionError. :issue:2531
• Address remaining ResourceWarning related to the socket used by run_simple. Remove prepare_socket, which now happens when creating the server. :issue:2421
• Update pre-existing headers for multipart/form-data requests with the test client. :issue:2549
• Fix handling of header extended parameters such that they are no longer quoted. :issue:2529
• LimitedStream.read works correctly when wrapping a stream that may not return the requested size in one read call. :issue:2558
• A cookie header that starts with = is treated as an empty key and discarded, rather than stripping the leading ==.
• Specify a maximum number of multipart parts, default 1000, after which a RequestEntityTooLarge exception is raised on parsing. This mitigates a DoS attack where a larger number of form/file parts would result in disproportionate resource use.

Version 2.2.2

Released 2022-08-08

• Fix router to restore the 2.1 strict_slashes == False behaviour whereby leaf-requests match branch rules and vice versa. :pr:2489
• Fix router to identify invalid rules rather than hang parsing them, and to correctly parse / within converter arguments. :pr:2489
• Update subpackage imports in :mod:werkzeug.routing to use the import as syntax for explicitly re-exporting public attributes. :pr:2493
• Parsing of some invalid header characters is more robust. :pr:2494
• When starting the development server, a warning not to use it in a production deployment is always shown. :issue:2480
• LocalProxy.__wrapped__ is always set to the wrapped object when the proxy is unbound, fixing an issue in doctest that would cause it to fail. :issue:2485
• Address one ResourceWarning related to the socket used by run_simple. :issue:2421

... (truncated)

Commits

• 22a254f release version 2.2.3
• 517cac5 Merge pull request from GHSA-xg9f-g7g7-2323
• babc8d9 rewrite docs about request data limits
• 09449ee clean up docs
• fe899d0 limit the maximum number of multipart form parts
• cf275f4 Merge pull request from GHSA-px8h-6qxv-m22q
• 8c2b4b8 don't strip leading = when parsing cookie
• 7c7ce5c [pre-commit.ci] pre-commit autoupdate (#2585)
• 19ae03e [pre-commit.ci] auto fixes from pre-commit.com hooks
• a83d3b8 [pre-commit.ci] pre-commit autoupdate
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/qwc-services/qwc-ogc-service/network/alerts).

> **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[pka]

@dependabot rebase

[dependabot[bot]]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.