Update dependency Werkzeug to v1

[renovate]

This PR contains the following updates:

Package	Update	Change
Werkzeug (source)	major	==0.15.2 -> ==1.0.1

---

Release Notes

pallets/werkzeug

v1.0.1

Compare Source

Released 2020-03-31

• Make the argument to RequestRedirect.get_response optional.
  :issue:1718
• Only allow a single access control allow origin value. :pr:1723
• Fix crash when trying to parse a non-existent Content Security
  Policy header. :pr:1731
• http_date zero fills years < 1000 to always output four digits.
  :issue:1739
• Fix missing local variables in interactive debugger console.
  :issue:1746
• Fix passing file-like objects like io.BytesIO to
  FileStorage.save. :issue:1733

v1.0.0

Compare Source

Released 2020-02-06

• Drop support for Python 3.4. (:issue:1478)
• Remove code that issued deprecation warnings in version 0.15.
  (:issue:1477)
• Remove most top-level attributes provided by the werkzeug
  module in favor of direct imports. For example, instead of
  import werkzeug; werkzeug.url_quote, do
  from werkzeug.urls import url_quote. Install version 0.16 first
  to see deprecation warnings while upgrading. :issue:2, :pr:1640
• Added utils.invalidate_cached_property() to invalidate cached
  properties. (:pr:1474)
• Directive keys for the Set-Cookie response header are not
  ignored when parsing the Cookie request header. This allows
  cookies with names such as "expires" and "version". (:issue:1495)
• Request cookies are parsed into a MultiDict to capture all
  values for cookies with the same key. cookies[key] returns the
  first value rather than the last. Use cookies.getlist(key) to
  get all values. parse_cookie also defaults to a MultiDict.
  :issue:1562, :pr:1458
• Add charset=utf-8 to an HTTP exception response's
  CONTENT_TYPE header. (:pr:1526)
• The interactive debugger handles outer variables in nested scopes
  such as lambdas and comprehensions. :issue:913, :issue:1037,
  :pr:1532
• The user agent for Opera 60 on Mac is correctly reported as
  "opera" instead of "chrome". :issue:1556
• The platform for Crosswalk on Android is correctly reported as
  "android" instead of "chromeos". (:pr:1572)
• Issue a warning when the current server name does not match the
  configured server name. :issue:760
• A configured server name with the default port for a scheme will
  match the current server name without the port if the current scheme
  matches. :pr:1584
• :exc:~exceptions.InternalServerError has a original_exception
  attribute that frameworks can use to track the original cause of the
  error. :pr:1590
• Headers are tested for equality independent of the header key case,
  such that X-Foo is the same as x-foo. :pr:1605
• :meth:http.dump_cookie accepts 'None' as a value for
  samesite. :issue:1549
• :meth:~test.Client.set_cookie accepts a samesite argument.
  :pr:1705
• Support the Content Security Policy header through the
  Response.content_security_policy data structure. :pr:1617
• LanguageAccept will fall back to matching "en" for "en-US" or
  "en-US" for "en" to better support clients or translations that
  only match at the primary language tag. :issue:450, :pr:1507
• MIMEAccept uses MIME parameters for specificity when matching.
  :issue:458, :pr:1574
• If the development server is started with an SSLContext
  configured to verify client certificates, the certificate in PEM
  format will be available as environ["SSL_CLIENT_CERT"].
  :pr:1469
• is_resource_modified will run for methods other than GET and
  HEAD, rather than always returning False. :issue:409
• SharedDataMiddleware returns 404 rather than 500 when trying to
  access a directory instead of a file with the package loader. The
  dependency on setuptools and pkg_resources is removed.
  :issue:1599
• Add a response.cache_control.immutable flag. Keep in mind that
  browser support for this Cache-Control header option is still
  experimental and may not be implemented. :issue:1185
• Optional request log highlighting with the development server is
  handled by Click instead of termcolor. :issue:1235
• Optional ad-hoc TLS support for the development server is handled
  by cryptography instead of pyOpenSSL. :pr:1555
• FileStorage.save() supports pathlib and :pep:519
PathLike objects. :issue:1653
• The debugger security pin is unique in containers managed by Podman.
  :issue:1661
• Building a URL when host_matching is enabled takes into account
  the current host when there are duplicate endpoints with different
  hosts. :issue:488
• The 429 TooManyRequests and 503 ServiceUnavailable HTTP
  exceptions takes a retry_after parameter to set the
  Retry-After header. :issue:1657
• Map and Rule have a merge_slashes option to collapse
  multiple slashes into one, similar to how many HTTP servers behave.
  This is enabled by default. :pr:1286, 1694
• Add HTTP 103, 208, 306, 425, 506, 508, and 511 to the list of status
  codes. :pr:1678
• Add update, setlist, and setlistdefault methods to the
  Headers data structure. extend method can take MultiDict
  and kwargs. :pr:1687, 1697
• The development server accepts paths that start with two slashes,
  rather than stripping off the first path segment. :issue:491
• Add access control (Cross Origin Request Sharing, CORS) header
  properties to the Request and Response wrappers. :pr:1699
• Accept values are no longer ordered alphabetically for equal
  quality tags. Instead the initial order is preserved. :issue:1686
• Added Map.lock_class attribute for alternative
  implementations. :pr:1702
• Support matching and building WebSocket rules in the routing system,
  for use by async frameworks. :pr:1709
• Range requests that span an entire file respond with 206 instead of
  200, to be more compliant with :rfc:7233. This may help serving
  media to older browsers. :issue:410, 1704
• The :class:~middleware.shared_data.SharedDataMiddleware default
  fallback_mimetype is application/octet-stream. If a filename
  looks like a text mimetype, the utf-8 charset is added to it.
  This matches the behavior of :class:~wrappers.BaseResponse and
  Flask's send_file(). :issue:1689

v0.16.1

Compare Source

Released 2020-01-27

• Fix import location in deprecation messages for subpackages.
  :issue:1663
• Fix an SSL error on Python 3.5 when the dev server responds with no
  content. :issue:1659

v0.16.0

Compare Source

Released 2019-09-19

• Deprecate most top-level attributes provided by the werkzeug
  module in favor of direct imports. The deprecated imports will be
  removed in version 1.0.

  For example, instead of import werkzeug; werkzeug.url_quote, do
  from werkzeug.urls import url_quote. A deprecation warning will
  show the correct import to use. werkzeug.exceptions and
  werkzeug.routing should also be imported instead of accessed,
  but for technical reasons can't show a warning.

  :issue:2, :pr:1640

v0.15.6

Compare Source

Released 2019-09-04

• Work around a bug in pip that caused the reloader to fail on
  Windows when the script was an entry point. This fixes the issue
  with Flask's flask run command failing with "No module named
  Scripts\flask". :issue:1614
• ProxyFix trusts the X-Forwarded-Proto header by default.
  :issue:1630
• The deprecated num_proxies argument to ProxyFix sets
  x_for, x_proto, and x_host to match 0.14 behavior. This
  is intended to make intermediate upgrades less disruptive, but the
  argument will still be removed in 1.0. :issue:1630

v0.15.5

Compare Source

Released 2019-07-17

• Fix a TypeError due to changes to ast.Module in Python 3.8.
  :issue:1551
• Fix a C assertion failure in debug builds of some Python 2.7
  releases. :issue:1553
• :class:~exceptions.BadRequestKeyError adds the KeyError
  message to the description if e.show_exception is set to
  True. This is a more secure default than the original 0.15.0
  behavior and makes it easier to control without losing information.
  :pr:1592
• Upgrade the debugger to jQuery 3.4.1. :issue:1581
• Work around an issue in some external debuggers that caused the
  reloader to fail. :issue:1607
• Work around an issue where the reloader couldn't introspect a
  setuptools script installed as an egg. :issue:1600
• The reloader will use sys.executable even if the script is
  marked executable, reverting a behavior intended for NixOS
  introduced in 0.15. The reloader should no longer cause
  OSError: [Errno 8] Exec format error. :issue:1482,
  :issue:1580
• SharedDataMiddleware safely handles paths with Windows drive
  names. :issue:1589

v0.15.4

Compare Source

Released 2019-05-14

• Fix a SyntaxError on Python 2.7.5. (:issue:1544)

v0.15.3

Compare Source

Released 2019-05-14

• Properly handle multi-line header folding in development server in
  Python 2.7. (:issue:1080)
• Restore the response argument to :exc:~exceptions.Unauthorized.
  (:pr:1527)
• :exc:~exceptions.Unauthorized doesn't add the WWW-Authenticate
  header if www_authenticate is not given. (:issue:1516)
• The default URL converter correctly encodes bytes to string rather
  than representing them with b''. (:issue:1502)
• Fix the filename format string in
  :class:~middleware.profiler.ProfilerMiddleware to correctly handle
  float values. (:issue:1511)
• Update :class:~middleware.lint.LintMiddleware to work on Python 3.
  (:issue:1510)
• The debugger detects cycles in chained exceptions and does not time
  out in that case. (:issue:1536)
• When running the development server in Docker, the debugger security
  pin is now unique per container.

---

Renovate configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻️ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by WhiteSource Renovate. View repository job log here.