Bump flask from 2.3.2 to 2.3.3

[dependabot]

Bumps flask from 2.3.2 to 2.3.3.

Release notes

Sourced from flask's releases.

2.3.3

This is a fix release for the 2.3.x feature branch.

• Changes: https://flask.palletsprojects.com/en/2.3.x/changes/#version-2-3-3
• Milestone: https://github.com/pallets/flask/milestone/31?closed=1

Changelog

Sourced from flask's changelog.

Version 2.3.3

Released 2023-08-21

• Python 3.12 compatibility.
• Require Werkzeug >= 2.3.7.
• Use flit_core instead of setuptools as build backend.
• Refactor how an app's root and instance paths are determined. :issue:5160

Commits

• 3205b53 release version 2.3.3
• 9f95502 bump werkzeug 2.3.7
• 0273664 Update dispatch by path example (#5217)
• a887e17 clean up
• aa6d4c3 update dispatch-by-path example
• 826514b fix flake8 bugbear findings
• 6d266f6 Pass maxsplit via kwarg to re.split (#5215)
• 17e146a Pass maxsplit via kwarg to re.split
• 8a72b74 [pre-commit.ci] pre-commit autoupdate (#5211)
• 7255be9 [pre-commit.ci] pre-commit autoupdate
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[saidsef]

🤖
The PR is about updating the Flask version from 2.3.2 to 2.3.3. The changes are in the Pipfile and Pipfile.lock files.

Reviewing the changes, there are no security issues identified. The update is a patch version which means it's primarily about bug fixes and it's generally safe to update.

However, it's important to note that the Flask 2.3.3 version requires Werkzeug >= 2.3.7 as per the release notes. The PR also includes this update which is good.

The Pipfile.lock file has been correctly updated with the new dependencies and their corresponding hashes.

Overall, the PR is good to go.

However, it's always a good practice to run the application and tests after the dependencies update to make sure everything works as expected.

Here is a suggestion for the future:

When updating dependencies, it's a good practice to include the reason for the update in the PR description. This could be a new feature needed, a bug fix, security vulnerabilities in the old version, etc. This gives more context to the reviewers and anyone looking at the PR in the future.

For example:

This PR updates Flask from 2.3.2 to 2.3.3. 

Reason for the update: 
The new version 2.3.3 includes several bug fixes which will make our application more stable. It also requires Werkzeug >= 2.3.7 which is included in this PR. 

After the update, the application was run and all tests passed. 

This gives a clear context and makes the PR more informative.

_{> gpt-4}