Remove upper bound on werkzeug [dependency]

[marcstern14]

werkzeug currently has an upper bound <3.1. There are more updated versions, which are compatible within the current Flask boundaries. Bumping the allowed versions of werkzeug would help for more flexible dependency installs for apps, and setting werkzeug>=3.0.6 would prevent triggering snyk vulnerabilities: https://security.snyk.io/vuln/SNYK-PYTHON-WERKZEUG-8309092

I've provided a PR here: #3095

[alexcjohnson]

See #2538 and the community forum discussion mentioned there for context around our decision to restrict Flask and Werkzeug versions. I'm still strongly in favor of continuing the current approach of bumping these upper bounds only after we've tested them throughout the Dash ecosystem.

[marcstern14]

Hmm ok, I see that this issue has been discussed at length in the past. Considering the last bump of werkzeug was over a year ago, could there be plans to test bumping it again?

[alexcjohnson]

Absolutely - part of deciding to restrict it was that then it’s incumbent on us as maintainers to keep up with new versions and this one has been waiting too long. I’ll have to defer to @T4rk1n and @gvwilson, who are focused on getting v3 released shortly, but I would imagine this can be prioritized soon after that.

[marcstern14]

Sounds great! All your work is much appreciated – looking forward to tracking the progress.

[yuvashrikarunakaran]

Issue Description
Current Constraint: The werkzeug dependency has an upper bound set to <3.1.
Problem: This constraint:
Blocks the use of more recent, compatible versions of werkzeug.
Causes challenges in dependency management for applications that integrate with this project.
Triggers vulnerabilities in older versions of werkzeug, such as those reported by Snyk (e.g., SNYK-PYTHON-WERKZEUG-8309092).
Proposed Solution
Remove Upper Bound: Update the dependency requirements to werkzeug>=3.0.6, allowing for greater flexibility while addressing security vulnerabilities.
Pull Request: A PR (#3095) has been submitted to implement this change.
Advantages of This Change
Enhanced Security: Ensures users can adopt patched and secure versions of werkzeug.
Improved Compatibility: Allows the project to integrate with a wider range of dependencies, avoiding conflicts in modern Flask applications.
Future-Proofing: Reduces the risk of frequent updates being needed for dependency constraints.
Action Items
Review PR #3095: Verify the compatibility of newer werkzeug versions with the project.
Run Tests: Confirm that the change does not introduce regressions or unexpected behavior.
Merge & Release: If tests pass, approve and merge the PR, and release a new version of the project with the updated dependencies.