Remove upper bound on werkzeug [dependency]

[marcstern14]

werkzeug currently has an upper bound <3.1. There are more updated versions, which are compatible within the current Flask boundaries. Bumping the allowed versions of werkzeug would help for more flexible dependency installs for apps, and setting werkzeug>=3.0.6 would prevent triggering snyk vulnerabilities: https://security.snyk.io/vuln/SNYK-PYTHON-WERKZEUG-8309092

I've provided a PR here: #3095

[alexcjohnson]

See #2538 and the community forum discussion mentioned there for context around our decision to restrict Flask and Werkzeug versions. I'm still strongly in favor of continuing the current approach of bumping these upper bounds only after we've tested them throughout the Dash ecosystem.

[marcstern14]

Hmm ok, I see that this issue has been discussed at length in the past. Considering the last bump of werkzeug was over a year ago, could there be plans to test bumping it again?

[alexcjohnson]

Absolutely - part of deciding to restrict it was that then it’s incumbent on us as maintainers to keep up with new versions and this one has been waiting too long. I’ll have to defer to @T4rk1n and @gvwilson, who are focused on getting v3 released shortly, but I would imagine this can be prioritized soon after that.

[marcstern14]

Sounds great! All your work is much appreciated – looking forward to tracking the progress.

[marcstern14]

Hi @yuvashrikarunakaran, are you the point person for this request? Any chance this will get bumped to P1 label?

[gvwilson]

Hi @marcstern14 - I'm the guilty party, and I'd be happy to look at it once we get the Dash 3.0 release candidate out - I hope that will be next week.

[marcstern14]

Hey @gvwilson just wanted to check in to see if this could be bumped to P1? As time goes on, there are more security vulnerabilities caused by downstream dependencies that are stuck because of the werkzeug limitations.

[gvwilson]

Apologies @marcstern14 - the Dash 3.0 release is taking longer than expected. I'll see if I can get this looked at.