chore(pip-prod)(deps): bump werkzeug from 3.0.3 to 3.0.4 #99

Merged

dependabot[bot] merged 1 commits from dependabot/pip/werkzeug-3.0.4 into main 2024-08-22 06:15:36 +00:00

Conversation 2 Commits 1 Files Changed 1 +1 -1

dependabot[bot] commented 2024-08-22 00:33:15 +00:00 (Migrated from github.com)

Copy Link

Bumps werkzeug from 3.0.3 to 3.0.4.

Release notes

Sourced from werkzeug's releases.

3.0.4

This is the Werkzeug 3.0.4 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/Werkzeug/3.0.4/ Changes: https://werkzeug.palletsprojects.com/en/3.0.x/changes/#version-3-0-4 Milestone: https://github.com/pallets/werkzeug/milestone/36?closed=1

• Restore behavior where parsing multipart/x-www-form-urlencoded data with invalid UTF-8 bytes in the body results in no form data parsed rather than a 413 error. #2930
• Improve parse_options_header performance when parsing unterminated quoted string values. #2904
• Debugger pin auth is synchronized across threads/processes when tracking failed entries. #2916
• Dev server handles unexpected SSLEOFError due to issue in Python < 3.13. #2926
• Debugger pin auth works when the URL already contains a query string. #2918

Changelog

Sourced from werkzeug's changelog.

Version 3.0.4

Released 2024-08-21

• Restore behavior where parsing multipart/x-www-form-urlencoded data with invalid UTF-8 bytes in the body results in no form data parsed rather than a 413 error. :issue:2930
• Improve parse_options_header performance when parsing unterminated quoted string values. :issue:2904
• Debugger pin auth is synchronized across threads/processes when tracking failed entries. :issue:2916
• Dev server handles unexpected SSLEOFError due to issue in Python < 3.13. :issue:2926
• Debugger pin auth works when the URL already contains a query string. :issue:2918

Commits

• b933ccb release version 3.0.4
• c09de73 debugger works on urls with query string (#2942)
• 1d1d987 debugger works on urls with query string
• 32a77a0 treat SSLEOFError as dropped connection (#2941)
• cf18d03 treat SSLEOFError as dropped connection
• a1db120 synchronize failed pin entry (#2940)
• 6504819 synchronize failed pin entry
• 7abec4b improve parse_options_header performance (#2939)
• 3a893d2 improve parse_options_header performance
• 3a52597 restore invalid bytes behavior for form parser (#2938)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [werkzeug](https://github.com/pallets/werkzeug) from 3.0.3 to 3.0.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pallets/werkzeug/releases">werkzeug's releases</a>.</em></p> <blockquote> <h2>3.0.4</h2> <p>This is the Werkzeug 3.0.4 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes.</p> <p>PyPI: <a href="https://pypi.org/project/Werkzeug/3.0.4/">https://pypi.org/project/Werkzeug/3.0.4/</a> Changes: <a href="https://werkzeug.palletsprojects.com/en/3.0.x/changes/#version-3-0-4">https://werkzeug.palletsprojects.com/en/3.0.x/changes/#version-3-0-4</a> Milestone: <a href="https://github.com/pallets/werkzeug/milestone/36?closed=1">https://github.com/pallets/werkzeug/milestone/36?closed=1</a></p> <ul> <li>Restore behavior where parsing <code>multipart/x-www-form-urlencoded</code> data with invalid UTF-8 bytes in the body results in no form data parsed rather than a 413 error. <a href="https://redirect.github.com/pallets/werkzeug/issues/2930">#2930</a></li> <li>Improve <code>parse_options_header</code> performance when parsing unterminated quoted string values. <a href="https://redirect.github.com/pallets/werkzeug/issues/2904">#2904</a></li> <li>Debugger pin auth is synchronized across threads/processes when tracking failed entries. <a href="https://redirect.github.com/pallets/werkzeug/issues/2916">#2916</a></li> <li>Dev server handles unexpected <code>SSLEOFError</code> due to issue in Python &lt; 3.13. <a href="https://redirect.github.com/pallets/werkzeug/issues/2926">#2926</a></li> <li>Debugger pin auth works when the URL already contains a query string. <a href="https://redirect.github.com/pallets/werkzeug/issues/2918">#2918</a></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pallets/werkzeug/blob/main/CHANGES.rst">werkzeug's changelog</a>.</em></p> <blockquote> <h2>Version 3.0.4</h2> <p>Released 2024-08-21</p> <ul> <li>Restore behavior where parsing <code>multipart/x-www-form-urlencoded</code> data with invalid UTF-8 bytes in the body results in no form data parsed rather than a 413 error. :issue:<code>2930</code></li> <li>Improve <code>parse_options_header</code> performance when parsing unterminated quoted string values. :issue:<code>2904</code></li> <li>Debugger pin auth is synchronized across threads/processes when tracking failed entries. :issue:<code>2916</code></li> <li>Dev server handles unexpected <code>SSLEOFError</code> due to issue in Python &lt; 3.13. :issue:<code>2926</code></li> <li>Debugger pin auth works when the URL already contains a query string. :issue:<code>2918</code></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pallets/werkzeug/commit/b933ccb1f5eaf378d15ae88488bf993600fdca43"><code>b933ccb</code></a> release version 3.0.4</li> <li><a href="https://github.com/pallets/werkzeug/commit/c09de7301c7c5455772a7cd0a4ca4323a90c8186"><code>c09de73</code></a> debugger works on urls with query string (<a href="https://redirect.github.com/pallets/werkzeug/issues/2942">#2942</a>)</li> <li><a href="https://github.com/pallets/werkzeug/commit/1d1d987f6399031d33656d366b7bfa9a3960441b"><code>1d1d987</code></a> debugger works on urls with query string</li> <li><a href="https://github.com/pallets/werkzeug/commit/32a77a032a25a7e0c0bbbd1ce2d297268170469f"><code>32a77a0</code></a> treat SSLEOFError as dropped connection (<a href="https://redirect.github.com/pallets/werkzeug/issues/2941">#2941</a>)</li> <li><a href="https://github.com/pallets/werkzeug/commit/cf18d037faeacfb458e645fa2dbaf25b5bbf1080"><code>cf18d03</code></a> treat SSLEOFError as dropped connection</li> <li><a href="https://github.com/pallets/werkzeug/commit/a1db1209822c5572c177244678e6788add64bf3d"><code>a1db120</code></a> synchronize failed pin entry (<a href="https://redirect.github.com/pallets/werkzeug/issues/2940">#2940</a>)</li> <li><a href="https://github.com/pallets/werkzeug/commit/650481972fbab9e9d8f0b1af23c4fb6a88b4e8c0"><code>6504819</code></a> synchronize failed pin entry</li> <li><a href="https://github.com/pallets/werkzeug/commit/7abec4b50efdfdf791cebf0019a0fb901f46680e"><code>7abec4b</code></a> improve parse_options_header performance (<a href="https://redirect.github.com/pallets/werkzeug/issues/2939">#2939</a>)</li> <li><a href="https://github.com/pallets/werkzeug/commit/3a893d27b1a1b7da7a8ec52c297ba163371ddf71"><code>3a893d2</code></a> improve parse_options_header performance</li> <li><a href="https://github.com/pallets/werkzeug/commit/3a52597930846900356ee59b06a349420ca12c9b"><code>3a52597</code></a> restore invalid bytes behavior for form parser (<a href="https://redirect.github.com/pallets/werkzeug/issues/2938">#2938</a>)</li> <li>Additional commits viewable in <a href="https://github.com/pallets/werkzeug/compare/3.0.3...3.0.4">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>

luketainton (Migrated from github.com) reviewed 2024-08-22 00:33:15 +00:00

sonarqubecloud[bot] commented 2024-08-22 00:34:35 +00:00 (Migrated from github.com)

Copy Link

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

## [](https://sonarcloud.io/dashboard?id=luketainton_epage&pullRequest=99) **Quality Gate passed** Issues  [0 New issues](https://sonarcloud.io/project/issues?id=luketainton_epage&pullRequest=99&issueStatuses=OPEN,CONFIRMED&sinceLeakPeriod=true)  [0 Accepted issues](https://sonarcloud.io/project/issues?id=luketainton_epage&pullRequest=99&issueStatuses=ACCEPTED) Measures  [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=luketainton_epage&pullRequest=99&issueStatuses=OPEN,CONFIRMED&sinceLeakPeriod=true)  [0.0% Coverage on New Code](https://sonarcloud.io/component_measures?id=luketainton_epage&pullRequest=99&metric=new_coverage&view=list)  [0.0% Duplication on New Code](https://sonarcloud.io/component_measures?id=luketainton_epage&pullRequest=99&metric=new_duplicated_lines_density&view=list) [See analysis details on SonarCloud](https://sonarcloud.io/dashboard?id=luketainton_epage&pullRequest=99)

Sign in to join this conversation.

Reviewers

No Reviewers

luketainton

Labels

Clear labels

bug

Something isn't working

dependencies

documentation

Improvements or additions to documentation

duplicate

This issue or pull request already exists

enhancement

New feature or request

good first issue

Good for newcomers

help wanted

Extra attention is needed

invalid

This doesn't seem right

question

Further information is requested

security

wontfix

This will not be worked on

Compat/Breaking

Breaking change that won't be backward compatible

Kind/Bug

Something is not working

Kind/Documentation

Documentation changes

Kind/Enhancement

Improve existing functionality

Kind/Feature

New functionality

Kind/Security

This is security issue

Kind/Testing

Issue or pull request related to testing

Priority

Critical

The priority is critical

Priority

High

The priority is high

Priority

Low

The priority is low

Priority

Medium

The priority is medium

Reviewed

Confirmed

Issue has been confirmed

Reviewed

Duplicate

This issue or pull request already exists

Reviewed

Invalid

Invalid issue

Reviewed

Won't Fix

This issue won't be fixed

Status

Abandoned

Somebody has started to work on this but abandoned work

Status

Blocked

Something is blocking this issue or pull request

Status

Need More Info

Feedback is required to reproduce issue or to continue work

No Label

dependencies

Milestone

No items

No Milestone

Assignees

Clear assignees

ai-review-bot gitea-actions-bot luke renovate-bot

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: repos/epage#99

No description provided.