Bump werkzeug from 0.16.0 to 2.0.1

[dependabot-preview[bot]]

Bumps werkzeug from 0.16.0 to 2.0.1.

Release notes

Sourced from werkzeug's releases.

2.0.1

• Changes: https://werkzeug.palletsprojects.com/en/2.0.x/changes/#version-2-0-1

2.0.0

New major versions of all the core Pallets libraries, including Werkzeug 2.0, have been released! :tada:

• Read the announcement on our blog: https://palletsprojects.com/blog/flask-2-0-released/
• Read the full list of changes: https://werkzeug.palletsprojects.com/changes/#version-2-0-0
• Retweet the announcement on Twitter: https://twitter.com/PalletsTeam/status/1392266507296514048
• Follow our blog, Twitter, or GitHub to see future announcements.

This represents a significant amount of work, and there are quite a few changes. Be sure to carefully read the changelog, and use tools such as pip-compile and Dependabot to pin your dependencies and control your updates.

2.0.0rc5

• Changes: https://werkzeug.palletsprojects.com/en/master/changes#version-2-0-0

2.0.0rc4

• Changes: https://werkzeug.palletsprojects.com/en/master/changes/#version-2-0-0

2.0.0 Release Candidate 3

• Changes: https://werkzeug.palletsprojects.com/en/master/changes/#version-2-0-0

Use the --pre flag to install this pre-release:

pip install --pre Werkzeug==2.0.0rc3

2.0.0 Release Candidate 2

• Changes: https://werkzeug.palletsprojects.com/en/master/changes/#version-2-0-0

Use the --pre flag to install this pre-release:

pip install --pre Werkzeug==2.0.0rc2

2.0.0 Release Candidate 1

• Changes: https://werkzeug.palletsprojects.com/en/master/changes/#version-2-0-0

Use the --pre flag to install this pre-release:

pip install --pre Werkzeug==2.0.0rc1

1.0.1

• Changelog: https://werkzeug.palletsprojects.com/en/1.0.x/changes/#version-1-0-1

1.0.0

... (truncated)

Changelog

Sourced from werkzeug's changelog.

Version 2.0.1

Released 2021-05-17

• Fix type annotation for send_file max_age callable. Don't pass pathlib.Path to max_age. 2119
• Mark top-level names as exported so type checking understands imports in user projects. 2122
• Fix some types that weren't available in Python 3.6.0. 2123
• cached_property is generic over its return type, properties decorated with it report the correct type. 2113
• Fix multipart parsing bug when boundary contains special regex characters. 2125
• Type checking understands that calling headers.get with a string default will always return a string. 2128
• If HTTPException.description is not a string, get_description will convert it to a string. 2115

Version 2.0.0

Released 2021-05-11

• Drop support for Python 2 and 3.5. 1693
• Deprecate utils.format_string, use string.Template instead. 1756
• Deprecate utils.bind_arguments and utils.validate_arguments, use Signature.bind and inspect.signature instead. 1757
• Deprecate utils.HTMLBuilder. 1761
• Deprecate utils.escape and utils.unescape, use MarkupSafe instead. 1758
• Deprecate the undocumented python -m werkzeug.serving CLI. 1834
• Deprecate the environ["werkzeug.server.shutdown"] function that is available when running the development server. 1752
• Deprecate the useragents module and the built-in user agent parser. Use a dedicated parser library instead by subclassing user_agent.UserAgent and setting Request.user_agent_class. 2078
• Remove the unused, internal posixemulation module. 1759
• All datetime values are timezone-aware with tzinfo=timezone.utc. This applies to anything using http.parse_date: Request.date, .if_modified_since, .if_unmodified_since; Response.date, .expires, .last_modified, .retry_after; parse_if_range_header, and IfRange.date. When comparing values, the other values must also be aware, or these values must be made naive. When passing parameters or setting attributes, naive values are still assumed to be in UTC. 2040
• Merge all request and response wrapper mixin code into single Request and Response classes. Using the mixin classes is no longer necessary and will show a deprecation warning. Checking isinstance or issubclass against BaseRequest and BaseResponse will show a deprecation warning and check against Request or Response instead. 1963
• JSON support no longer uses simplejson if it's installed. To use another JSON module, override Request.json_module and Response.json_module. 1766
• Response.get_json() no longer caches the result, and the cache parameter is removed. 1698
• Response.freeze() generates an ETag header if one is not set. The no_etag parameter (which usually wasn't visible anyway) is no longer used. 1963
• Add a url_scheme argument to ~routing.MapAdapter.build to override the bound scheme. 1721
• Passing an empty list as a query string parameter to build() won't append an unnecessary ?. Also drop any number of None items in a list. 1992
• When passing a Headers object to a test client method or EnvironBuilder, multiple values for a key are joined into one comma separated value. This matches the HTTP spec on multi-value headers. 1655
• Setting Response.status and status_code uses identical parsing and error checking. 1658, 1728
• MethodNotAllowed and RequestedRangeNotSatisfiable take a response kwarg, consistent with other HTTP errors. 1748
• The response generated by ~exceptions.Unauthorized produces one WWW-Authenticate header per value in www_authenticate, rather than joining them into a single value, to improve interoperability with browsers and other clients. 1755
• If parse_authorization_header can't decode the header value, it returns None instead of raising a UnicodeDecodeError. 1816
• The debugger no longer uses jQuery. 1807
• The test client includes the query string in REQUEST_URI and RAW_URI. 1781
• Switch the parameter order of default_stream_factory to match the order used when calling it. 1085
• Add send_file function to generate a response that serves a file. Adapted from Flask's implementation. 265, 1850
• Add send_from_directory function to safely serve an untrusted path within a trusted directory. Adapted from Flask's implementation. 1880
• send_file takes download_name, which is passed even if as_attachment=False by using Content-Disposition: inline. download_name replaces Flask's attachment_filename. 1869
• send_file sets conditional=True and max_age=None by default. Cache-Control is set to no-cache if max_age is not set, otherwise public. This tells browsers to validate conditional requests instead of using a timed cache. max_age=None replaces Flask's cache_timeout=43200. 1882
• send_file can be called with etag="string" to set a custom ETag instead of generating one. etag replaces Flask's add_etags. 1868
• send_file sets the Content-Encoding header if an encoding is returned when guessing mimetype from download_name. 3896
• Update the defaults used by generate_password_hash. Increase PBKDF2 iterations to 260000 from 150000. Increase salt length to 16 from 8. Use secrets module to generate salt. 1935
• The reloader doesn't crash if sys.stdin is somehow None. 1915

... (truncated)

Commits

• 73ed5ef Merge pull request #2135 from pallets/release-2.0.1
• c09fe3f release version 2.0.1
• f0bc6b2 Merge pull request #2134 from pallets/typeshed
• e6305ec Merge pull request #2133 from pallets/http-description
• 67ef741 convert HTTPException.description to string
• ca830ca use _typeshed.wsgi instead of wsgiref.types
• c2fd0f1 update 2128 changelog
• 1b8907a Merge pull request #2129 from bayesimpact/pascal-type-get
• 625aaba Enhance type of headers.get method.
• 1104012 Merge pull request #2126 from pgjones/mpfix
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired)