chore(deps): bump webob from 1.8.7 to 1.8.8

[dependabot]

Bumps webob from 1.8.7 to 1.8.8.

Changelog

Sourced from webob's changelog.

Unreleased

Security Fix

- The use of WebOb's Response object to redirect a request to a new location
  can lead to an open redirect if the Location header is not a full URI.
See GHSA-mg3v-6m49-jhp3

and CVE-2024-42353
Thanks to Sara Gao for the report
(This fix was released in WebOb 1.8.8)
Feature

- Rename "master" git branch to "main"


Add support for Python 3.12.


Add Request.remote_host, exposing REMOTE_HOST environment variable.


Added acceptparse.Accept.parse_offer to codify what types of offers

are compatible with acceptparse.AcceptValidHeader.acceptable_offers,

acceptparse.AcceptMissingHeader.acceptable_offers, and

acceptparse.AcceptInvalidHeader.acceptable_offers. This API also

normalizes the offer with lowercased type/subtype and parameter names.

See support a standard api for parsing media types Pylons/webob#376 and

support passing around AcceptOffer objects Pylons/webob#379


Compatibility

</code></pre>

<p>Backwards Incompatibilities</p>

<pre><code>

Drop support for Python 2.7, 3.4, 3.5, 3.6, and 3.7.

Experimental Features




The SameSite value now includes a new option named "None", this is a new

change that was introduced in

https://tools.ietf.org/html/draft-west-cookie-incrementalism-00
Please be aware that older clients are incompatible with this change:

</tr></table>

... (truncated)

Commits

• f2bdd83 Merge commit from fork
• 913fa2c Update CHANGES.txt
• f2e92f3 WebOb version revised to 1.8.8
• a06856a Build the latest version from tox
• 819f43c Add MANIFEST.in to build source tarball
• 411df96 s/isAlive/is_alive/
• 5ae9b5d Update for newer versions of tox/sphinx
• 2a2da92 Support for Python 2.7 requires an old version of virtualenv
• f689bcf Add fix for open redirect
• See full diff in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.