Werkzeug

-------------

Unreleased

- Support Cookie CHIPS (Partitioned Cookies). :issue:`2797`

-------------

Released 2024-04-01

- Ensure setting merge_slashes to False results in NotFound for
repeated-slash requests against single slash routes. :issue:`2834`
- Fix handling of TypeError in TypeConversionDict.get() to match
ValueErrors. :issue:`2843`
- Fix response_wrapper type check in test client. :issue:`2831`
- Make the return type of ``MultiPartParser.parse`` more
precise. :issue:`2840`
- Raise an error if converter arguments cannot be
parsed. :issue:`2822`

-------------

Released 2023-10-24

- Fix slow multipart parsing for large parts potentially enabling DoS
attacks. :cwe:`CWE-407`

-------------

Released 2023-09-30

- Remove previously deprecated code. :pr:`2768`
- Deprecate the ``__version__`` attribute. Use feature detection, or
``importlib.metadata.version("werkzeug")``, instead. :issue:`2770`
- ``generate_password_hash`` uses scrypt by default. :issue:`2769`
- Add the ``"werkzeug.profiler"`` item to the WSGI ``environ`` dictionary
passed to `ProfilerMiddleware`'s `filename_format` function. It contains
the ``elapsed`` and ``time`` values for the profiled request. :issue:`2775`
- Explicitly marked the PathConverter as non path isolating. :pr:`2784`

-------------

Released 2023-11-08

- Fix slow multipart parsing for large parts potentially enabling DoS
attacks. :cwe:`CWE-407`

-------------

Released 2023-08-14

- Use ``flit_core`` instead of ``setuptools`` as build backend.
- Fix parsing of multipart bodies. :issue:`2734`
- Adjust index of last newline in data start. :issue:`2761`
- Parsing ints from header values strips spacing first. :issue:`2734`
- Fix empty file streaming when testing. :issue:`2740`
- Clearer error message when URL rule does not start with slash. :pr:`2750`
- ``Accept`` ``q`` value can be a float without a decimal part. :issue:`2751`