Bump werkzeug from 2.3.4 to 2.3.5 #5895

dependabot · 2023-06-08T11:57:01Z

Bumps werkzeug from 2.3.4 to 2.3.5.

Release notes

2.3.5

This is a fix release for the 2.3.x feature branch.

Changes: https://werkzeug.palletsprojects.com/en/2.3.x/changes/#version-2-3-5

Milestone: https://github.com/pallets/werkzeug/milestone/31?closed=1

Changelog

Sourced from werkzeug's changelog.

Version 2.3.5

Released 2023-06-07

Python 3.12 compatibility. :issue:2704

Fix handling of invalid base64 values in Authorization.from_header. :issue:2717

The debugger escapes the exception message in the page title. :pr:2719

When binding routing.Map, a long IDNA server_name with a port does not fail encoding. :issue:2700

iri_to_uri shows a deprecation warning instead of an error when passing bytes. :issue:2708

When parsing numbers in HTTP request headers such as Content-Length, only ASCII digits are accepted rather than any format that Python's int and float accept. :issue:2716

Commits

2c9b513 release version 2.3.5
86c5c78 fail on Python's extended int/float syntax (#2723)
6290332 fail on Python's extended int/float syntax
1892c10 show warning instead of error when passing bytes to iri_to_uri (#2709)
dc9e73b passing bytes to iri_to_uri shows deprecation warning
d70b37d Map.bind ignores port for IDNA (#2721)
23593ae Map.bind ignores port for IDNA
031991a [pre-commit.ci] pre-commit autoupdate (#2720)
c431ab3 [pre-commit.ci] pre-commit autoupdate
7d2f846 retarget pre-commit.ci
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [werkzeug](https://github.com/pallets/werkzeug) from 2.3.4 to 2.3.5. - [Release notes](https://github.com/pallets/werkzeug/releases) - [Changelog](https://github.com/pallets/werkzeug/blob/main/CHANGES.rst) - [Commits](pallets/werkzeug@2.3.4...2.3.5) --- updated-dependencies: - dependency-name: werkzeug dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>