Skip to content

Bump werkzeug from 1.0.1 to 2.0.2 #2690

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dependabot wants to merge 1 commit into from
Closed

Bump werkzeug from 1.0.1 to 2.0.2 #2690

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 10, 2021
edited
Loading

Bumps werkzeug from 1.0.1 to 2.0.2.

Release notes

Sourced from werkzeug's releases.

2.0.2

2.0.1

2.0.0

New major versions of all the core Pallets libraries, including Werkzeug 2.0, have been released! 🎉

This represents a significant amount of work, and there are quite a few changes. Be sure to carefully read the changelog, and use tools such as pip-compile and Dependabot to pin your dependencies and control your updates.

2.0.0rc5

2.0.0rc4

2.0.0 Release Candidate 3

Use the --pre flag to install this pre-release:

pip install --pre Werkzeug==2.0.0rc3

2.0.0 Release Candidate 2

Use the --pre flag to install this pre-release:

pip install --pre Werkzeug==2.0.0rc2

2.0.0 Release Candidate 1

Use the --pre flag to install this pre-release:

pip install --pre Werkzeug==2.0.0rc1
Changelog

Sourced from werkzeug's changelog.

Version 2.0.2

Released 2021-10-05

  • Handle multiple tokens in Connection header when routing WebSocket requests. :issue:2131
  • Set the debugger pin cookie secure flag when on https. :pr:2150
  • Fix type annotation for MultiDict.update to accept iterable values :pr:2142
  • Prevent double encoding of redirect URL when merge_slash=True for Rule.match. :issue:2157
  • CombinedMultiDict.to_dict with flat=False considers all component dicts when building value lists. :issue:2189
  • send_file only sets a detected Content-Encoding if as_attachment is disabled to avoid browsers saving decompressed .tar.gz files. :issue:2149
  • Fix type annotations for TypeConversionDict.get to not return an Optional value if both default and type are not None. :issue:2169
  • Fix type annotation for routing rule factories to accept Iterable[RuleFactory] instead of Iterable[Rule] for the rules parameter. :issue:2183
  • Add missing type annotation for FileStorage.__getattr__ :issue:2155
  • The debugger pin cookie is set with SameSite set to Strict instead of None to be compatible with modern browser security. :issue:2156
  • Type annotations use IO[bytes] and IO[str] instead of BinaryIO and TextIO for wider type compatibility. :issue:2130
  • Ad-hoc TLS certs are generated with SAN matching CN. :issue:2158
  • Fix memory usage for locals when using Python 3.6 or pre 0.4.17 greenlet versions. :pr:2212
  • Fix type annotation in CallbackDict, because it is not utilizing a bound TypeVar. :issue:2235
  • Fix setting CSP header options on the response. :pr:2237
  • Fix an issue with with the interactive debugger where lines would not expand on click for very long tracebacks. :pr:2239
  • The interactive debugger handles displaying an exception that does not have a traceback, such as from ProcessPoolExecutor. :issue:2217

Version 2.0.1

Released 2021-05-17

  • Fix type annotation for send_file max_age callable. Don't

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot requested a review from a team as a code owner October 10, 2021 11:10
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Oct 10, 2021
@dependabot dependabot bot mentioned this pull request Oct 10, 2021
Closed
@dependabot dependabot bot force-pushed the dependabot/pip/werkzeug-2.0.2 branch from 8336e05 to 1665af3 Compare October 18, 2021 19:35
@dependabot dependabot bot force-pushed the dependabot/pip/werkzeug-2.0.2 branch from 1665af3 to 553099a Compare October 26, 2021 21:48
@dependabot dependabot bot force-pushed the dependabot/pip/werkzeug-2.0.2 branch 2 times, most recently from 8e3d47b to 9385ee5 Compare November 11, 2021 22:28
@dependabot dependabot bot force-pushed the dependabot/pip/werkzeug-2.0.2 branch from 9385ee5 to 6955f7a Compare December 9, 2021 23:33
@dependabot dependabot bot force-pushed the dependabot/pip/werkzeug-2.0.2 branch from 6955f7a to 64d31b7 Compare January 4, 2022 19:48
@dependabot dependabot bot force-pushed the dependabot/pip/werkzeug-2.0.2 branch 2 times, most recently from 8214368 to 481e12b Compare January 25, 2022 21:10
@dependabot dependabot bot force-pushed the dependabot/pip/werkzeug-2.0.2 branch from 481e12b to 4873347 Compare February 1, 2022 20:20
@dependabot
Bump werkzeug from 1.0.1 to 2.0.2
7638805 
Bumps [werkzeug](https://github.com/pallets/werkzeug) from 1.0.1 to 2.0.2.
- [Release notes](https://github.com/pallets/werkzeug/releases)
- [Changelog](https://github.com/pallets/werkzeug/blob/main/CHANGES.rst)
- [Commits](pallets/werkzeug@1.0.1...2.0.2)

---
updated-dependencies:
- dependency-name: werkzeug
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/pip/werkzeug-2.0.2 branch from 4873347 to 7638805 Compare February 4, 2022 14:28
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Feb 13, 2022

Superseded by #2815.

@dependabot dependabot bot closed this Feb 13, 2022
@dependabot dependabot bot deleted the dependabot/pip/werkzeug-2.0.2 branch February 13, 2022 11:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant