Bump werkzeug from 2.2.3 to 2.3.4

[dependabot]

Bumps werkzeug from 2.2.3 to 2.3.4.

Release notes

Sourced from werkzeug's releases.

2.3.4

This is a fix release for the 2.3.x release branch.

• Changes: https://werkzeug.palletsprojects.com/en/2.3.x/changes/#version-2-3-4
• Milestone: https://github.com/pallets/werkzeug/milestone/30?closed=1

2.3.3

This is a fix release for the 2.3.x release branch.

• Changes: https://werkzeug.palletsprojects.com/en/2.3.x/changes/#version-2-3-3
• Milestone: https://github.com/pallets/werkzeug/milestone/29?closed=1

2.3.2

This is a fix release for the 2.3.x release branch.

• Changes: https://werkzeug.palletsprojects.com/en/2.3.x/changes/#version-2-3-2
• Milestone: https://github.com/pallets/werkzeug/milestone/28?closed=1

2.3.1

This is a fix release for the 2.3.x release branch.

• Changes: https://werkzeug.palletsprojects.com/en/2.3.x/changes/#version-2-3-1
• Milestone: https://github.com/pallets/werkzeug/milestone/27?closed=1

2.3.0

This is a feature release, which includes new features, removes previously deprecated code, and adds new deprecations. The 2.3.x branch is now the supported fix branch, the 2.2.x branch will become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.

• Changes: https://werkzeug.palletsprojects.com/en/2.3.x/changes/#version-2-3-0
• Milestone: https://github.com/pallets/werkzeug/milestone/23?closed=1

Changelog

Sourced from werkzeug's changelog.

Version 2.3.4

Released 2023-05-08

• Authorization.from_header and WWWAuthenticate.from_header detects tokens that end with base64 padding (=). :issue:2685
• Remove usage of warnings.catch_warnings. :issue:2690
• Remove max_form_parts restriction from standard form data parsing and only use if for multipart content. :pr:2694
• Response will avoid converting the Location header in some cases to preserve invalid URL schemes like itms-services. :issue:2691

Version 2.3.3

Released 2023-05-01

• Fix parsing of large multipart bodies. Remove invalid leading newline, and restore parsing speed. :issue:2658, 2675
• The cookie Path attribute is set to / by default again, to prevent clients from falling back to RFC 6265's default-path behavior. :issue:2672, 2679

Version 2.3.2

Released 2023-04-28

• Parse the cookie Expires attribute correctly in the test client. :issue:2669
• max_content_length can only be enforced on streaming requests if the server sets wsgi.input_terminated. :issue:2668

Version 2.3.1

Released 2023-04-27

• Percent-encode plus (+) when building URLs and in test requests. :issue:2657
• Cookie values don't quote characters defined in RFC 6265. :issue:2659
• Include pyi files for datastructures type annotations. :issue:2660
• Authorization and WWWAuthenticate objects can be compared for equality. :issue:2665

Version 2.3.0

... (truncated)

Commits

• 9959cff release version 2.3.4
• 3b1b0e0 update version to remove deprecations to 3.0 (#2696)
• 0820d2e update removal version to 3.0
• 5a149fa preserve invalid itms-services url scheme (#2695)
• 6822773 preserve invalid itms-services url scheme
• 3072610 Do not apply max_form_parts to non-multipart data (#2694)
• 4321c5b Do not apply max_form_parts to non-multipart data
• 3a4c8d0 Remove uses of warnings.catch_warnings (#2690) (#2692)
• 2051469 WWWAuthenticate.from_header handles base64 padding in token
• 6e63efe Make werkzeug.http.parse_dict_header avoid base64 padding (#2686)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov]

Codecov Report

❗ No coverage uploaded for pull request base (master@e56573e). Click here to learn what that means.
Patch has no changes to coverable lines.

❗ Current head 9997755 differs from pull request most recent head 4100e4b. Consider uploading reports for the commit 4100e4b to get more accurate results

Additional details and impacted files

@@            Coverage Diff            @@
##             master     #849   +/-   ##
=========================================
  Coverage          ?   77.15%           
=========================================
  Files             ?       20           
  Lines             ?     1309           
  Branches          ?        0           
=========================================
  Hits              ?     1010           
  Misses            ?      299           
  Partials          ?        0           

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

[dependabot]

Superseded by #872.