Update werkzeug to 2.2.2

[pyup-bot]

This PR updates Werkzeug from 2.0.1 to 2.2.2.

Changelog

2.2.2

-------------

Released 2022-08-08

-   Fix router to restore the 2.1 ``strict_slashes == False`` behaviour
 whereby leaf-requests match branch rules and vice
 versa. :pr:`2489`
-   Fix router to identify invalid rules rather than hang parsing them,
 and to correctly parse ``/`` within converter arguments. :pr:`2489`
-   Update subpackage imports in :mod:`werkzeug.routing` to use the
 ``import as`` syntax for explicitly re-exporting public attributes.
 :pr:`2493`
-   Parsing of some invalid header characters is more robust. :pr:`2494`
-   When starting the development server, a warning not to use it in a
 production deployment is always shown. :issue:`2480`
-   ``LocalProxy.__wrapped__`` is always set to the wrapped object when
 the proxy is unbound, fixing an issue in doctest that would cause it
 to fail. :issue:`2485`
-   Address one ``ResourceWarning`` related to the socket used by
 ``run_simple``. :issue:`2421`

2.2.1

-------------

Released 2022-07-27

-   Fix router so that ``/path/`` will match a rule ``/path`` if strict
 slashes mode is disabled for the rule. :issue:`2467`
-   Fix router so that partial part matches are not allowed
 i.e. ``/2df`` does not match ``/<int>``. :pr:`2470`
-   Fix router static part weighting, so that simpler routes are matched
 before more complex ones. :issue:`2471`
-   Restore ``ValidationError`` to be importable from
 ``werkzeug.routing``. :issue:`2465`

2.2.0

-------------

Released 2022-07-23

-   Deprecated ``get_script_name``, ``get_query_string``,
 ``peek_path_info``, ``pop_path_info``, and
 ``extract_path_info``. :pr:`2461`
-   Remove previously deprecated code. :pr:`2461`
-   Add MarkupSafe as a dependency and use it to escape values when
 rendering HTML. :issue:`2419`
-   Added the ``werkzeug.debug.preserve_context`` mechanism for
 restoring context-local data for a request when running code in the
 debug console. :pr:`2439`
-   Fix compatibility with Python 3.11 by ensuring that ``end_lineno``
 and ``end_col_offset`` are present on AST nodes. :issue:`2425`
-   Add a new faster matching router based on a state
 machine. :pr:`2433`
-   Fix branch leaf path masking branch paths when strict-slashes is
 disabled. :issue:`1074`
-   Names within options headers are always converted to lowercase. This
 matches :rfc:`6266` that the case is not relevant. :issue:`2442`
-   ``AnyConverter`` validates the value passed for it when building
 URLs. :issue:`2388`
-   The debugger shows enhanced error locations in tracebacks in Python
 3.11. :issue:`2407`
-   Added Sans-IO ``is_resource_modified`` and ``parse_cookie`` functions
 based on WSGI versions. :issue:`2408`
-   Added Sans-IO ``get_content_length`` function. :pr:`2415`
-   Don't assume a mimetype for test responses. :issue:`2450`
-   Type checking ``FileStorage`` accepts ``os.PathLike``. :pr:`2418`

2.1.2

-------------

Released 2022-04-28

-   The development server does not set ``Transfer-Encoding: chunked``
 for 1xx, 204, 304, and HEAD responses. :issue:`2375`
-   Response HTML for exceptions and redirects starts with
 ``<!doctype html>`` and ``<html lang=en>``. :issue:`2390`
-   Fix ability to set some ``cache_control`` attributes to ``False``.
 :issue:`2379`
-   Disable ``keep-alive`` connections in the development server, which
 are not supported sufficiently by Python's ``http.server``.
 :issue:`2397`

2.1.1

-------------

Released 2022-04-01

-   ``ResponseCacheControl.s_maxage`` converts its value to an int, like
 ``max_age``. :issue:`2364`

2.1.0

-------------

Released 2022-03-28

-   Drop support for Python 3.6. :pr:`2277`
-   Using gevent or eventlet requires greenlet>=1.0 or PyPy>=7.3.7.
 ``werkzeug.locals`` and ``contextvars`` will not work correctly with
 older versions. :pr:`2278`
-   Remove previously deprecated code. :pr:`2276`

 -   Remove the non-standard ``shutdown`` function from the WSGI
     environ when running the development server. See the docs for
     alternatives.
 -   Request and response mixins have all been merged into the
     ``Request`` and ``Response`` classes.
 -   The user agent parser and the ``useragents`` module is removed.
     The ``user_agent`` module provides an interface that can be
     subclassed to add a parser, such as ua-parser. By default it
     only stores the whole string.
 -   The test client returns ``TestResponse`` instances and can no
     longer be treated as a tuple. All data is available as
     properties on the response.
 -   Remove ``locals.get_ident`` and related thread-local code from
     ``locals``, it no longer makes sense when moving to a
     contextvars-based implementation.
 -   Remove the ``python -m werkzeug.serving`` CLI.
 -   The ``has_key`` method on some mapping datastructures; use
     ``key in data`` instead.
 -   ``Request.disable_data_descriptor`` is removed, pass
     ``shallow=True`` instead.
 -   Remove the ``no_etag`` parameter from ``Response.freeze()``.
 -   Remove the ``HTTPException.wrap`` class method.
 -   Remove the ``cookie_date`` function. Use ``http_date`` instead.
 -   Remove the ``pbkdf2_hex``, ``pbkdf2_bin``, and ``safe_str_cmp``
     functions. Use equivalents in ``hashlib`` and ``hmac`` modules
     instead.
 -   Remove the ``Href`` class.
 -   Remove the ``HTMLBuilder`` class.
 -   Remove the ``invalidate_cached_property`` function. Use
     ``del obj.attr`` instead.
 -   Remove ``bind_arguments`` and ``validate_arguments``. Use
     :meth:`Signature.bind` and :func:`inspect.signature` instead.
 -   Remove ``detect_utf_encoding``, it's built-in to ``json.loads``.
 -   Remove ``format_string``, use :class:`string.Template` instead.
 -   Remove ``escape`` and ``unescape``. Use MarkupSafe instead.

-   The ``multiple`` parameter of ``parse_options_header`` is
 deprecated. :pr:`2357`
-   Rely on :pep:`538` and :pep:`540` to handle decoding file names
 with the correct filesystem encoding. The ``filesystem`` module is
 removed. :issue:`1760`
-   Default values passed to ``Headers`` are validated the same way
 values added later are. :issue:`1608`
-   Setting ``CacheControl`` int properties, such as ``max_age``, will
 convert the value to an int. :issue:`2230`
-   Always use ``socket.fromfd`` when restarting the dev server.
 :pr:`2287`
-   When passing a dict of URL values to ``Map.build``, list values do
 not filter out ``None`` or collapse to a single value. Passing a
 ``MultiDict`` does collapse single items. This undoes a previous
 change that made it difficult to pass a list, or ``None`` values in
 a list, to custom URL converters. :issue:`2249`
-   ``run_simple`` shows instructions for dealing with "address already
 in use" errors, including extra instructions for macOS. :pr:`2321`
-   Extend list of characters considered always safe in URLs based on
 :rfc:`3986`. :issue:`2319`
-   Optimize the stat reloader to avoid watching unnecessary files in
 more cases. The watchdog reloader is still recommended for
 performance and accuracy. :issue:`2141`
-   The development server uses ``Transfer-Encoding: chunked`` for
 streaming responses when it is configured for HTTP/1.1.
 :issue:`2090, 1327`, :pr:`2091`
-   The development server uses HTTP/1.1, which enables keep-alive
 connections and chunked streaming responses, when ``threaded`` or
 ``processes`` is enabled. :pr:`2323`
-   ``cached_property`` works for classes with ``__slots__`` if a
 corresponding ``_cache_{name}`` slot is added. :pr:`2332`
-   Refactor the debugger traceback formatter to use Python's built-in
 ``traceback`` module as much as possible. :issue:`1753`
-   The ``TestResponse.text`` property is a shortcut for
 ``r.get_data(as_text=True)``, for convenient testing against text
 instead of bytes. :pr:`2337`
-   ``safe_join`` ensures that the path remains relative if the trusted
 directory is the empty string. :pr:`2349`
-   Percent-encoded newlines (``%0a``), which are decoded by WSGI
 servers, are considered when routing instead of terminating the
 match early. :pr:`2350`
-   The test client doesn't set duplicate headers for ``CONTENT_LENGTH``
 and ``CONTENT_TYPE``. :pr:`2348`
-   ``append_slash_redirect`` handles ``PATH_INFO`` with internal
 slashes. :issue:`1972`, :pr:`2338`
-   The default status code for ``append_slash_redirect`` is 308 instead
 of 301. This preserves the request body, and matches a previous
 change to ``strict_slashes`` in routing. :issue:`2351`
-   Fix ``ValueError: I/O operation on closed file.`` with the test
 client when following more than one redirect. :issue:`2353`
-   ``Response.autocorrect_location_header`` is disabled by default.
 The ``Location`` header URL will remain relative, and exclude the
 scheme and domain, by default. :issue:`2352`
-   ``Request.get_json()`` will raise a 400 ``BadRequest`` error if the
 ``Content-Type`` header is not ``application/json``. This makes a
 very common source of confusion more visible. :issue:`2339`

2.0.3

-------------

Released 2022-02-07

-   ``ProxyFix`` supports IPv6 addresses. :issue:`2262`
-   Type annotation for ``Response.make_conditional``,
 ``HTTPException.get_response``, and ``Map.bind_to_environ`` accepts
 ``Request`` in addition to ``WSGIEnvironment`` for the first
 parameter. :pr:`2290`
-   Fix type annotation for ``Request.user_agent_class``. :issue:`2273`
-   Accessing ``LocalProxy.__class__`` and ``__doc__`` on an unbound
 proxy returns the fallback value instead of a method object.
 :issue:`2188`
-   Redirects with the test client set ``RAW_URI`` and ``REQUEST_URI``
 correctly. :issue:`2151`

2.0.2

-------------

Released 2021-10-05

-   Handle multiple tokens in ``Connection`` header when routing
 WebSocket requests. :issue:`2131`
-   Set the debugger pin cookie secure flag when on https. :pr:`2150`
-   Fix type annotation for ``MultiDict.update`` to accept iterable
 values :pr:`2142`
-   Prevent double encoding of redirect URL when ``merge_slash=True``
 for ``Rule.match``. :issue:`2157`
-   ``CombinedMultiDict.to_dict`` with ``flat=False`` considers all
 component dicts when building value lists. :issue:`2189`
-   ``send_file`` only sets a detected ``Content-Encoding`` if
 ``as_attachment`` is disabled to avoid browsers saving
 decompressed ``.tar.gz`` files. :issue:`2149`
-   Fix type annotations for ``TypeConversionDict.get`` to not return an
 ``Optional`` value if both ``default`` and ``type`` are not
 ``None``. :issue:`2169`
-   Fix type annotation for routing rule factories to accept
 ``Iterable[RuleFactory]`` instead of ``Iterable[Rule]`` for the
 ``rules`` parameter. :issue:`2183`
-   Add missing type annotation for ``FileStorage.__getattr__``
 :issue:`2155`
-   The debugger pin cookie is set with ``SameSite`` set to ``Strict``
 instead of ``None`` to be compatible with modern browser security.
 :issue:`2156`
-   Type annotations use ``IO[bytes]`` and ``IO[str]`` instead of
 ``BinaryIO`` and ``TextIO`` for wider type compatibility.
 :issue:`2130`
-   Ad-hoc TLS certs are generated with SAN matching CN. :issue:`2158`
-   Fix memory usage for locals when using Python 3.6 or pre 0.4.17
 greenlet versions. :pr:`2212`
-   Fix type annotation in ``CallbackDict``, because it is not
 utilizing a bound TypeVar. :issue:`2235`
-   Fix setting CSP header options on the response. :pr:`2237`
-   Fix an issue with with the interactive debugger where lines would
 not expand on click for very long tracebacks. :pr:`2239`
-   The interactive debugger handles displaying an exception that does
 not have a traceback, such as from ``ProcessPoolExecutor``.
 :issue:`2217`

Links

• PyPI: https://pypi.org/project/werkzeug
• Changelog: https://pyup.io/changelogs/werkzeug/
• Homepage: https://palletsprojects.com/p/werkzeug/