build(deps): bump werkzeug from 2.1.2 to 2.2.3

[dependabot[bot]]

Bumps werkzeug from 2.1.2 to 2.2.3.

Release notes

Sourced from werkzeug's releases.

2.2.3

This is a fix release for the 2.2.x release branch.

• Changes: https://werkzeug.palletsprojects.com/en/2.2.x/changes/#version-2-2-3
• Milestone: https://github.com/pallets/werkzeug/milestone/26?closed=1

This release contains security fixes for:

• https://github.com/pallets/werkzeug/security/advisories/GHSA-xg9f-g7g7-2323
• https://github.com/pallets/werkzeug/security/advisories/GHSA-px8h-6qxv-m22q

2.2.2

This is a fix release for the 2.2.0 feature release.

• Changes: https://werkzeug.palletsprojects.com/en/2.2.x/changes/#version-2-2-2
• Milestone: https://github.com/pallets/werkzeug/milestone/25?closed=1

2.2.1

This is a fix release for the 2.2.0 feature release.

• Changes: https://werkzeug.palletsprojects.com/en/2.2.x/changes/#version-2-2-1
• Milestone: https://github.com/pallets/werkzeug/milestone/24?closed=1

2.2.0

This is a feature release, which includes new features and removes previously deprecated features. The 2.2.x branch is now the supported bugfix branch, the 2.1.x branch will become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades.

• Changes: https://werkzeug.palletsprojects.com/en/2.2.x/changes/#version-2-2-0
• Milestone: https://github.com/pallets/werkzeug/milestone/20?closed=1

Changelog

Sourced from werkzeug's changelog.

Version 2.2.3

Released 2023-02-14

• Ensure that URL rules using path converters will redirect with strict slashes when the trailing slash is missing. :issue:2533
• Type signature for get_json specifies that return type is not optional when silent=False. :issue:2508
• parse_content_range_header returns None for a value like bytes */-1 where the length is invalid, instead of raising an AssertionError. :issue:2531
• Address remaining ResourceWarning related to the socket used by run_simple. Remove prepare_socket, which now happens when creating the server. :issue:2421
• Update pre-existing headers for multipart/form-data requests with the test client. :issue:2549
• Fix handling of header extended parameters such that they are no longer quoted. :issue:2529
• LimitedStream.read works correctly when wrapping a stream that may not return the requested size in one read call. :issue:2558
• A cookie header that starts with = is treated as an empty key and discarded, rather than stripping the leading ==.
• Specify a maximum number of multipart parts, default 1000, after which a RequestEntityTooLarge exception is raised on parsing. This mitigates a DoS attack where a larger number of form/file parts would result in disproportionate resource use.

Version 2.2.2

Released 2022-08-08

• Fix router to restore the 2.1 strict_slashes == False behaviour whereby leaf-requests match branch rules and vice versa. :pr:2489
• Fix router to identify invalid rules rather than hang parsing them, and to correctly parse / within converter arguments. :pr:2489
• Update subpackage imports in :mod:werkzeug.routing to use the import as syntax for explicitly re-exporting public attributes. :pr:2493
• Parsing of some invalid header characters is more robust. :pr:2494
• When starting the development server, a warning not to use it in a production deployment is always shown. :issue:2480
• LocalProxy.__wrapped__ is always set to the wrapped object when the proxy is unbound, fixing an issue in doctest that would cause it to fail. :issue:2485
• Address one ResourceWarning related to the socket used by run_simple. :issue:2421

... (truncated)

Commits

• 22a254f release version 2.2.3
• 517cac5 Merge pull request from GHSA-xg9f-g7g7-2323
• babc8d9 rewrite docs about request data limits
• 09449ee clean up docs
• fe899d0 limit the maximum number of multipart form parts
• cf275f4 Merge pull request from GHSA-px8h-6qxv-m22q
• 8c2b4b8 don't strip leading = when parsing cookie
• 7c7ce5c [pre-commit.ci] pre-commit autoupdate (#2585)
• 19ae03e [pre-commit.ci] auto fixes from pre-commit.com hooks
• a83d3b8 [pre-commit.ci] pre-commit autoupdate
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/sfu-db/dataprep/network/alerts).

[codecov[bot]]

Codecov Report

Base: 56.37% // Head: 56.43% // Increases project coverage by +0.06% :tada:

Coverage data is based on head (2694bee) compared to base (26546d0). Patch coverage: 97.05% of modified lines in pull request are covered.

Additional details and impacted files

```diff @@ Coverage Diff @@ ## develop #958 +/- ## =========================================== + Coverage 56.37% 56.43% +0.06% =========================================== Files 318 319 +1 Lines 20630 20660 +30 =========================================== + Hits 11630 11660 +30 Misses 9000 9000 ``` | [Impacted Files](https://codecov.io/gh/sfu-db/dataprep/pull/958?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=sfu-db) | Coverage Δ | | |---|---|---| | [dataprep/eda/create\_db\_report/diagram\_factory.py](https://codecov.io/gh/sfu-db/dataprep/pull/958?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=sfu-db#diff-ZGF0YXByZXAvZWRhL2NyZWF0ZV9kYl9yZXBvcnQvZGlhZ3JhbV9mYWN0b3J5LnB5) | `95.31% <92.85%> (-0.34%)` | :arrow_down: | | [...rep/eda/create\_db\_report/db\_models/table\_column.py](https://codecov.io/gh/sfu-db/dataprep/pull/958?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=sfu-db#diff-ZGF0YXByZXAvZWRhL2NyZWF0ZV9kYl9yZXBvcnQvZGJfbW9kZWxzL3RhYmxlX2NvbHVtbi5weQ==) | `90.69% <100.00%> (ø)` | | | [...taprep/eda/create\_db\_report/header/sql\_metadata.py](https://codecov.io/gh/sfu-db/dataprep/pull/958?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=sfu-db#diff-ZGF0YXByZXAvZWRhL2NyZWF0ZV9kYl9yZXBvcnQvaGVhZGVyL3NxbF9tZXRhZGF0YS5weQ==) | `42.01% <100.00%> (ø)` | | | [dataprep/eda/create\_db\_report/run\_function.py](https://codecov.io/gh/sfu-db/dataprep/pull/958?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=sfu-db#diff-ZGF0YXByZXAvZWRhL2NyZWF0ZV9kYl9yZXBvcnQvcnVuX2Z1bmN0aW9uLnB5) | `98.55% <100.00%> (+0.04%)` | :arrow_up: | | [dataprep/eda/create\_db\_report/views/orphan.py](https://codecov.io/gh/sfu-db/dataprep/pull/958?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=sfu-db#diff-ZGF0YXByZXAvZWRhL2NyZWF0ZV9kYl9yZXBvcnQvdmlld3Mvb3JwaGFuLnB5) | `100.00% <100.00%> (ø)` | | | [dataprep/eda/distribution/render.py](https://codecov.io/gh/sfu-db/dataprep/pull/958?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=sfu-db#diff-ZGF0YXByZXAvZWRhL2Rpc3RyaWJ1dGlvbi9yZW5kZXIucHk=) | `91.06% <0.00%> (+0.10%)` | :arrow_up: | Help us with your feedback. Take ten seconds to tell us [how you rate us](https://about.codecov.io/nps?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=sfu-db). Have a feature suggestion? [Share it here.](https://app.codecov.io/gh/feedback/?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=sfu-db)

:umbrella: View full report at Codecov.
:loudspeaker: Do you have feedback about the report comment? Let us know in this issue.