Skip to content

Update dependency Werkzeug to v3.1.8 - autoclosed#40

Closed
renovate[bot] wants to merge 1 commit intomainfrom
renovate/werkzeug-3.x
Closed

Update dependency Werkzeug to v3.1.8 - autoclosed#40
renovate[bot] wants to merge 1 commit intomainfrom
renovate/werkzeug-3.x

Conversation

@renovate
Copy link
Copy Markdown

@renovate renovate Bot commented Nov 29, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
Werkzeug (changelog) ==3.0.4==3.1.8 age confidence

Release Notes

pallets/werkzeug (Werkzeug)

v3.1.8

Compare Source

Released 2026-04-02

  • Request.host and get_host return the empty string if the header is
    missing or has invalid characters. :issue:3142

v3.1.7

Compare Source

Released 2026-03-23

  • parse_list_header preserves partially quoted items, discards empty
    items, and returns empty for unclosed quoted values. :pr:3128
  • WWWAuthenticate.to_header does not produce a trailing space when there
    are no parameters. :issue:3127
  • Transfer-Encoding is parsed as a set. :pr:3134
  • Request.host, get_host, and host_is_trusted validate the
    characters of the value. An empty value is no longer allowed. A Unix socket
    server address is ignored. The trusted_list argument to
    host_is_trusted is optional. :pr:3113
  • Fix multipart form parser handling of newline at boundary. :issue:3088
  • Response.make_conditional sets the Accept-Ranges header even if it
    is not a satisfiable range request. :issue:3108
  • merge_slashes merges any number of consecutive slashes. :issue:3121

v3.1.6

Compare Source

Released 2026-02-19

  • safe_join on Windows does not allow special devices names in
    multi-segment paths. :ghsa:29vq-49wr-vm6x

v3.1.5

Compare Source

Released 2026-01-08

  • safe_join on Windows does not allow more special device names, regardless
    of extension or surrounding spaces. :ghsa:87hc-h4r5-73f7
  • The multipart form parser handles a \r\n sequence at a chunk boundary.
    This fixes the previous attempt, which caused incorrect content lengths.
    :issue:3065 :issue:3077
  • Fix AttributeError when initializing DebuggedApplication with
    pin_security=False. :issue:3075

v3.1.4

Compare Source

Released 2025-11-28

  • safe_join on Windows does not allow special device names. This prevents
    reading from these when using send_from_directory. secure_filename
    already prevented writing to these. :ghsa:hgf8-39gv-g3f2
  • The debugger pin fails after 10 attempts instead of 11. :pr:3020
  • The multipart form parser handles a \r\n sequence at a chunk boundary.
    :issue:3065
  • Improve CPU usage during Watchdog reloader. :issue:3054
  • Request.json annotation is more accurate. :issue:3067
  • Traceback rendering handles when the line number is beyond the available
    source lines. :issue:3044
  • HTTPException.get_response annotation and doc better conveys the
    distinction between WSGI and sans-IO responses. :issue:3056

v3.1.3

Compare Source

Released 2024-11-08

  • Initial data passed to MultiDict and similar interfaces only accepts
    list, tuple, or set when passing multiple values. It had been
    changed to accept any Collection, but this matched types that should be
    treated as single values, such as bytes. :issue:2994
  • When the Host header is not set and Request.host falls back to the
    WSGI SERVER_NAME value, if that value is an IPv6 address it is wrapped
    in [] to match the Host header. :issue:2993

v3.1.2

Compare Source

Released 2024-11-04

  • Improve type annotation for TypeConversionDict.get to allow the type
    parameter to be a callable. :issue:2988
  • Headers does not inherit from MutableMapping, as it is does not
    exactly match that interface. :issue:2989

v3.1.1

Compare Source

Released 2024-11-01

  • Fix an issue that caused str(Request.headers) to always appear empty.
    :issue:2985

v3.1.0

Compare Source

Released 2024-10-31

  • Drop support for Python 3.8. :pr:2966

  • Remove previously deprecated code. :pr:2967

  • Request.max_form_memory_size defaults to 500kB instead of unlimited.
    Non-file form fields over this size will cause a RequestEntityTooLarge
    error. :issue:2964

  • OrderedMultiDict and ImmutableOrderedMultiDict are deprecated.
    Use MultiDict and ImmutableMultiDict instead. :issue:2968

  • Behavior of properties on request.cache_control and
    response.cache_control has been significantly adjusted.

    • Dict values are always str | None. Setting properties will convert
      the value to a string. Setting a property to False is equivalent to
      setting it to None. Getting typed properties will return None if
      conversion raises ValueError, rather than the string. :issue:2980
    • max_age is None if present without a value, rather than -1.
      :issue:2980
    • no_cache is a boolean for requests, it is True instead of
      "*" when present. It remains a string for responses. :issue:2980
    • max_stale is True if present without a value, rather
      than "*". :issue:2980
    • no_transform is a boolean. Previously it was mistakenly always
      None. :issue:2881
    • min_fresh is None if present without a value, rather than
      "*". :issue:2881
    • private is True if present without a value, rather than "*".
      :issue:2980
    • Added the must_understand property. :issue:2881
    • Added the stale_while_revalidate, and stale_if_error
      properties. :issue:2948
    • Type annotations more accurately reflect the values. :issue:2881

  • Support Cookie CHIPS (Partitioned Cookies). :issue:2797

  • Add 421 MisdirectedRequest HTTP exception. :issue:2850

  • Increase default work factor for PBKDF2 to 1,000,000 iterations.
    :issue:2969

  • Inline annotations for datastructures, removing stub files.
    :issue:2970

  • MultiDict.getlist catches TypeError in addition to ValueError
    when doing type conversion. :issue:2976

  • Implement | and |= operators for MultiDict, Headers, and
    CallbackDict, and disallow |= on immutable types. :issue:2977

v3.0.6

Compare Source

Released 2024-10-25

  • Fix how max_form_memory_size is applied when parsing large non-file
    fields. :ghsa:q34m-jh98-gwm2
  • safe_join catches certain paths on Windows that were not caught by
    ntpath.isabs on Python < 3.11. :ghsa:f9vj-2wh5-fj8j

v3.0.5

Compare Source

Released 2024-10-24

  • The Watchdog reloader ignores file closed no write events. :issue:2945
  • Logging works with client addresses containing an IPv6 scope :issue:2952
  • Ignore invalid authorization parameters. :issue:2955
  • Improve type annotation fore SharedDataMiddleware. :issue:2958
  • Compatibility with Python 3.13 when generating debugger pin and the current
    UID does not have an associated name. :issue:2957

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot changed the title Update dependency Werkzeug to v3.1.4 Update dependency Werkzeug to v3.1.5 Jan 8, 2026
@renovate renovate Bot force-pushed the renovate/werkzeug-3.x branch from 340e962 to 5479803 Compare January 8, 2026 23:40
@renovate renovate Bot changed the title Update dependency Werkzeug to v3.1.5 Update dependency Werkzeug to v3.1.6 Feb 19, 2026
@renovate renovate Bot force-pushed the renovate/werkzeug-3.x branch from 5479803 to 1ac9c18 Compare February 19, 2026 17:29
@renovate renovate Bot changed the title Update dependency Werkzeug to v3.1.6 Update dependency Werkzeug to v3.1.7 Mar 24, 2026
@renovate renovate Bot force-pushed the renovate/werkzeug-3.x branch from 1ac9c18 to bf91938 Compare March 24, 2026 05:21
@renovate renovate Bot changed the title Update dependency Werkzeug to v3.1.7 Update dependency Werkzeug to v3.1.8 Apr 2, 2026
@renovate renovate Bot force-pushed the renovate/werkzeug-3.x branch from bf91938 to 4fce8c4 Compare April 2, 2026 22:14
thomast1906 added a commit that referenced this pull request Apr 14, 2026
@thomast1906
chore: upgrade Terraform, providers, GitHub Actions, and Python deps
88d0df0 
Incorporates all open Renovate PRs (#33, #37, #38, #39, #40, #41, #42, #43, #44, #45)
plus Terraform/provider version bumps and deploy script fixes.

Terraform:
- required_version: >= 1.9.8 -> >= 1.14.0, < 2.0.0 (all modules)
- Pinned to 1.14.8 in CI workflows

Azure provider (azurerm):
- >= 4.28.0 -> >= 4.68.0, < 5.0.0 (all modules)

GitHub Actions (closes PRs #39 #43 #45 #44 #42 #41 #38):
- actions/checkout: v4 -> v6
- azure/login: v2 -> v3
- azure/setup-kubectl: v4 -> v5
- azure/setup-helm: v4 -> v5
- docker/setup-buildx-action: v3 -> v4
- hashicorp/setup-terraform: v3 -> v4
- stefanzweifel/git-auto-commit-action: v5 -> v7

Python dependencies (closes PRs #33 #40):
- Flask: 3.0.3 -> 3.1.3
- Werkzeug: 3.0.4 -> 3.1.8

Note: python:3.14-slim (PR #37) deferred - 3.14 is still in beta

Fix deploy-all.sh:
- Compute REPO_ROOT from script location; use absolute paths throughout
- Pass -backend-config flags to terraform init (matches CI workflow)
- Fix deprecated --query objectId -> --query id for AD group creation

Docs:
- Test-lab-only.md: rewritten with version table, AKS check, env vars
- Update Terraform version prereq refs in README and 1-Create-ACR.md
- CHANGELOG.md: document all changes

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@renovate renovate Bot changed the title Update dependency Werkzeug to v3.1.8 Update dependency Werkzeug to v3.1.8 - autoclosed Apr 14, 2026
@renovate renovate Bot closed this Apr 14, 2026
@renovate renovate Bot deleted the renovate/werkzeug-3.x branch April 14, 2026 21:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants