Update werkzeug requirement from ~=0.16.1 to ~=1.0.1

[dependabot-preview]

Updates the requirements on werkzeug to permit the latest version.

Release notes

Sourced from werkzeug's releases.

1.0.1

• Changelog: https://werkzeug.palletsprojects.com/en/1.0.x/changes/#version-1-0-1

Changelog

Sourced from werkzeug's changelog.

Version 1.0.1

Released 2020-03-31

• Make the argument to RequestRedirect.get_response optional. 1718
• Only allow a single access control allow origin value. 1723
• Fix crash when trying to parse a non-existent Content Security Policy header. 1731
• http_date zero fills years < 1000 to always output four digits. 1739
• Fix missing local variables in interactive debugger console. 1746
• Fix passing file-like objects like io.BytesIO to FileStorage.save. 1733

Version 1.0.0

Released 2020-02-06

• Drop support for Python 3.4. (1478)
• Remove code that issued deprecation warnings in version 0.15. (1477)
• Remove most top-level attributes provided by the werkzeug module in favor of direct imports. For example, instead of import werkzeug; werkzeug.url_quote, do from werkzeug.urls import url_quote. Install version 0.16 first to see deprecation warnings while upgrading. 2, 1640
• Added utils.invalidate_cached_property() to invalidate cached properties. (1474)
• Directive keys for the Set-Cookie response header are not ignored when parsing the Cookie request header. This allows cookies with names such as "expires" and "version". (1495)
• Request cookies are parsed into a MultiDict to capture all values for cookies with the same key. cookies[key] returns the first value rather than the last. Use cookies.getlist(key) to get all values. parse_cookie also defaults to a MultiDict. 1562, 1458
• Add charset=utf-8 to an HTTP exception response's CONTENT_TYPE header. (1526)
• The interactive debugger handles outer variables in nested scopes such as lambdas and comprehensions. 913, 1037, 1532
• The user agent for Opera 60 on Mac is correctly reported as "opera" instead of "chrome". 1556
• The platform for Crosswalk on Android is correctly reported as "android" instead of "chromeos". (1572)
• Issue a warning when the current server name does not match the configured server name. 760
• A configured server name with the default port for a scheme will match the current server name without the port if the current scheme matches. 1584
• ~exceptions.InternalServerError has a original_exception attribute that frameworks can use to track the original cause of the error. 1590
• Headers are tested for equality independent of the header key case, such that X-Foo is the same as x-foo. 1605
• http.dump_cookie accepts 'None' as a value for samesite. 1549
• ~test.Client.set_cookie accepts a samesite argument. 1705
• Support the Content Security Policy header through the Response.content_security_policy data structure. 1617
• LanguageAccept will fall back to matching "en" for "en-US" or "en-US" for "en" to better support clients or translations that only match at the primary language tag. 450, 1507
• MIMEAccept uses MIME parameters for specificity when matching. 458, 1574
• If the development server is started with an SSLContext configured to verify client certificates, the certificate in PEM format will be available as environ["SSL_CLIENT_CERT"]. 1469
• is_resource_modified will run for methods other than GET and HEAD, rather than always returning False. 409
• SharedDataMiddleware returns 404 rather than 500 when trying to access a directory instead of a file with the package loader. The dependency on setuptools and pkg_resources is removed. 1599
• Add a response.cache_control.immutable flag. Keep in mind that browser support for this Cache-Control header option is still experimental and may not be implemented. 1185
• Optional request log highlighting with the development server is handled by Click instead of termcolor. 1235
• Optional ad-hoc TLS support for the development server is handled by cryptography instead of pyOpenSSL. 1555
• FileStorage.save() supports pathlib and 519 PathLike objects. 1653
• The debugger security pin is unique in containers managed by Podman. 1661
• Building a URL when host_matching is enabled takes into account the current host when there are duplicate endpoints with different hosts. 488
• The 429 TooManyRequests and 503 ServiceUnavailable HTTP exceptions takes a retry_after parameter to set the Retry-After header. 1657
• Map and Rule have a merge_slashes option to collapse multiple slashes into one, similar to how many HTTP servers behave. This is enabled by default. 1286, 1694
• Add HTTP 103, 208, 306, 425, 506, 508, and 511 to the list of status codes. 1678
• Add update, setlist, and setlistdefault methods to the Headers data structure. extend method can take MultiDict and kwargs. 1687, 1697
• The development server accepts paths that start with two slashes, rather than stripping off the first path segment. 491

... (truncated)

Commits

• 1dde4b1 release version 1.0.1
• 1527e05 Merge pull request #1743 from Dreamsorcerer/patch-1
• a9ba22a Add missing documentation about None return type.
• 244b486 Merge pull request #1734 from alexa-infra/fix-filestorage-save-bytes-io
• c341a0a fix os.fspath call on file-like objects
• 32f3b07 Merge pull request #1741 from mbertoldi/1.0.x
• c761ff8 fix locals in InteractiveConsole
• 6ff5cd1 Merge pull request #1740 from nicolary/hf-zfill_4_year_dump_date
• b70df18 zfill year < 1000
• 8568bed Merge pull request #1736 from magula/1.0.x
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

[Sumukh]

@dependabot-bot rebase