search

radiorabe / klangbecken

Klangbecken: The RaBe Endless Music Player
https://rabe.ch/klangbecken/
GNU Affero General Public License v3.0
11 stars 5 forks source link

chore(deps): bump werkzeug from 2.1.2 to 2.3.0 #176

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 1 year ago

Bumps werkzeug from 2.1.2 to 2.3.0.

Release notes

Sourced from werkzeug's releases.

2.3.0

This is a feature release, which includes new features, removes previously deprecated code, and adds new deprecations. The 2.3.x branch is now the supported fix branch, the 2.2.x branch will become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.

2.2.3

This is a fix release for the 2.2.x release branch.

This release contains security fixes for:

2.2.2

This is a fix release for the 2.2.0 feature release.

2.2.1

This is a fix release for the 2.2.0 feature release.

2.2.0

This is a feature release, which includes new features and removes previously deprecated features. The 2.2.x branch is now the supported bugfix branch, the 2.1.x branch will become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades.

Changelog

Sourced from werkzeug's changelog.

Version 2.3.0

Released 2023-04-25

  • Drop support for Python 3.7. :pr:2648
  • Remove previously deprecated code. :pr:2592
  • Passing bytes where strings are expected is deprecated, as well as the charset and errors parameters in many places. Anywhere that was annotated, documented, or tested to accept bytes shows a warning. Removing this artifact of the transition from Python 2 to 3 removes a significant amount of overhead in instance checks and encoding cycles. In general, always work with UTF-8, the modern HTML, URL, and HTTP standards all strongly recommend this. :issue:2602
  • Deprecate the werkzeug.urls module, except for the uri_to_iri and iri_to_uri functions. Use the urllib.parse library instead. :issue:2600
  • Update which characters are considered safe when using percent encoding in URLs, based on the WhatWG URL Standard. :issue:2601
  • Update which characters are considered safe when using percent encoding for Unicode filenames in downloads. :issue:2598
  • Deprecate the safe_conversion parameter of iri_to_uri. The Location header is converted to IRI using the same process as everywhere else. :issue:2609
  • Deprecate werkzeug.wsgi.make_line_iter and make_chunk_iter. :pr:2613
  • Use modern packaging metadata with pyproject.toml instead of setup.cfg. :pr:2574
  • Request.get_json() will raise a 415 Unsupported Media Type error if the Content-Type header is not application/json, instead of a generic 400. :issue:2550
  • A URL converter's part_isolating defaults to False if its regex contains a /. :issue:2582
  • A custom converter's regex can have capturing groups without breaking the router. :pr:2596
  • The reloader can pick up arguments to python like -X dev, and does not require heuristics to determine how to reload the command. Only available on Python >= 3.10. :issue:2589
  • The Watchdog reloader ignores file opened events. Bump the minimum version of Watchdog to 2.3.0. :issue:2603
  • When using a Unix socket for the development server, the path can start with a dot. :issue:2595
  • Increase default work factor for PBKDF2 to 600,000 iterations. :issue:2611
  • parse_options_header is 2-3 times faster. It conforms to :rfc:9110, some invalid parts that were previously accepted are now ignored. :issue:1628
  • The is_filename parameter to unquote_header_value is deprecated. :pr:2614
  • Deprecate the extra_chars parameter and passing bytes to quote_header_value, the allow_token parameter to dump_header, and the cls parameter and passing bytes to parse_dict_header. :pr:2618
  • Improve parse_accept_header implementation. Parse according to :rfc:9110. Discard items with invalid q values. :issue:1623
  • quote_header_value quotes the empty string. :pr:2618
  • dump_options_header skips None values rather than using a bare key. :pr:2618

... (truncated)

Commits


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 1 year ago

Superseded by #177.