Bump werkzeug from 0.16.0 to 1.0.1

[dependabot-preview[bot]]

Bumps werkzeug from 0.16.0 to 1.0.1.

Release notes

Sourced from werkzeug's releases.

1.0.1

• Changelog: https://werkzeug.palletsprojects.com/en/1.0.x/changes/#version-1-0-1

1.0.0

After 13 years of development, we're finally 1.0!

Note that previously deprecated code has been removed in this release. Use 0.16.1 as an intermediate step to see deprecation warnings and upgrade.

• Blog: https://palletsprojects.com/blog/werkzeug-1-0-0-released
• Changelog: https://werkzeug.palletsprojects.com/en/1.0.x/changes/#version-1-0-0
• Twitter: https://twitter.com/PalletsTeam/status/1225561504004689920

1.0.0 Release Candidate 1

• Changes: https://werkzeug.palletsprojects.com/en/master/changes/#version-1-0-0

Use the --pre flag to install this pre-release:

pip install --pre Werkzeug==1.0.0rc1

0.16.1

• Changelog: https://werkzeug.palletsprojects.com/en/0.16.x/changes/#version-0-16-1

Changelog

Sourced from werkzeug's changelog.

Version 1.0.1

Released 2020-03-31

• Make the argument to RequestRedirect.get_response optional. 1718
• Only allow a single access control allow origin value. 1723
• Fix crash when trying to parse a non-existent Content Security Policy header. 1731
• http_date zero fills years < 1000 to always output four digits. 1739
• Fix missing local variables in interactive debugger console. 1746
• Fix passing file-like objects like io.BytesIO to FileStorage.save. 1733

Version 1.0.0

Released 2020-02-06

• Drop support for Python 3.4. (1478)
• Remove code that issued deprecation warnings in version 0.15. (1477)
• Remove most top-level attributes provided by the werkzeug module in favor of direct imports. For example, instead of import werkzeug; werkzeug.url_quote, do from werkzeug.urls import url_quote. Install version 0.16 first to see deprecation warnings while upgrading. 2, 1640
• Added utils.invalidate_cached_property() to invalidate cached properties. (1474)
• Directive keys for the Set-Cookie response header are not ignored when parsing the Cookie request header. This allows cookies with names such as "expires" and "version". (1495)
• Request cookies are parsed into a MultiDict to capture all values for cookies with the same key. cookies[key] returns the first value rather than the last. Use cookies.getlist(key) to get all values. parse_cookie also defaults to a MultiDict. 1562, 1458
• Add charset=utf-8 to an HTTP exception response's CONTENT_TYPE header. (1526)
• The interactive debugger handles outer variables in nested scopes such as lambdas and comprehensions. 913, 1037, 1532
• The user agent for Opera 60 on Mac is correctly reported as "opera" instead of "chrome". 1556
• The platform for Crosswalk on Android is correctly reported as "android" instead of "chromeos". (1572)
• Issue a warning when the current server name does not match the configured server name. 760
• A configured server name with the default port for a scheme will match the current server name without the port if the current scheme matches. 1584
• ~exceptions.InternalServerError has a original_exception attribute that frameworks can use to track the original cause of the error. 1590
• Headers are tested for equality independent of the header key case, such that X-Foo is the same as x-foo. 1605
• http.dump_cookie accepts 'None' as a value for samesite. 1549
• ~test.Client.set_cookie accepts a samesite argument. 1705
• Support the Content Security Policy header through the Response.content_security_policy data structure. 1617
• LanguageAccept will fall back to matching "en" for "en-US" or "en-US" for "en" to better support clients or translations that only match at the primary language tag. 450, 1507
• MIMEAccept uses MIME parameters for specificity when matching. 458, 1574
• If the development server is started with an SSLContext configured to verify client certificates, the certificate in PEM format will be available as environ["SSL_CLIENT_CERT"]. 1469
• is_resource_modified will run for methods other than GET and HEAD, rather than always returning False. 409
• SharedDataMiddleware returns 404 rather than 500 when trying to access a directory instead of a file with the package loader. The dependency on setuptools and pkg_resources is removed. 1599
• Add a response.cache_control.immutable flag. Keep in mind that browser support for this Cache-Control header option is still experimental and may not be implemented. 1185
• Optional request log highlighting with the development server is handled by Click instead of termcolor. 1235
• Optional ad-hoc TLS support for the development server is handled by cryptography instead of pyOpenSSL. 1555
• FileStorage.save() supports pathlib and 519 PathLike objects. 1653
• The debugger security pin is unique in containers managed by Podman. 1661
• Building a URL when host_matching is enabled takes into account the current host when there are duplicate endpoints with different hosts. 488
• The 429 TooManyRequests and 503 ServiceUnavailable HTTP exceptions takes a retry_after parameter to set the Retry-After header. 1657
• Map and Rule have a merge_slashes option to collapse multiple slashes into one, similar to how many HTTP servers behave. This is enabled by default. 1286, 1694
• Add HTTP 103, 208, 306, 425, 506, 508, and 511 to the list of status codes. 1678
• Add update, setlist, and setlistdefault methods to the Headers data structure. extend method can take MultiDict and kwargs. 1687, 1697
• The development server accepts paths that start with two slashes, rather than stripping off the first path segment. 491

... (truncated)

Commits

• 1dde4b1 release version 1.0.1
• 1527e05 Merge pull request #1743 from Dreamsorcerer/patch-1
• a9ba22a Add missing documentation about None return type.
• 244b486 Merge pull request #1734 from alexa-infra/fix-filestorage-save-bytes-io
• c341a0a fix os.fspath call on file-like objects
• 32f3b07 Merge pull request #1741 from mbertoldi/1.0.x
• c761ff8 fix locals in InteractiveConsole
• 6ff5cd1 Merge pull request #1740 from nicolary/hf-zfill_4_year_dump_date
• b70df18 zfill year < 1000
• 8568bed Merge pull request #1736 from magula/1.0.x
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired)

[dependabot-preview[bot]]

Superseded by #1335.