chore: bump werkzeug to address vulnerability

[dpgaspar]

SUMMARY

Bump werkzeug to address vulnerabilities:
https://www.cve.org/CVERecord?id=CVE-2024-49767
https://www.cve.org/CVERecord?id=CVE-2024-49766

BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF

TESTING INSTRUCTIONS

ADDITIONAL INFORMATION

• Has associated issue:
• Required feature flags:
• Changes UI
• Includes DB Migration (follow approval process in SIP-59)
  • Migration is atomic, supports rollback & is backwards-compatible
  • Confirm DB migration upgrade and downgrade tested
  • Runtime estimates and downtime expectations provided
• Introduces new feature or API
• Removes existing feature or API

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 83.91%. Comparing base (76d897e) to head (b77a662).
Report is 1094 commits behind head on master.

Additional details and impacted files

@@             Coverage Diff             @@
##           master   #30729       +/-   ##
===========================================
+ Coverage   60.48%   83.91%   +23.43%     
===========================================
  Files        1931      534     -1397     
  Lines       76236    38730    -37506     
  Branches     8568        0     -8568     
===========================================
- Hits        46114    32502    -13612     
+ Misses      28017     6228    -21789     
+ Partials     2105        0     -2105     

Flag	Coverage Δ
hive	48.94% <ø> (-0.23%)	⬇️
javascript	?
mysql	76.73% <ø> (?)
postgres	76.86% <ø> (?)
presto	53.41% <ø> (-0.40%)	⬇️
python	83.91% <ø> (+20.43%)	⬆️
sqlite	76.31% <ø> (?)
unit	60.90% <ø> (+3.27%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[michael-s-molina]

🙏🏼

[sadpandajoe]

Do we have to change requirements/base.in too? Looks like it's doing >= 3.0.1 so if someone does a pip-compile, this can be downgraded again, right?