No support for Connexion 3, so a vulnerable Werkzeug is required

[adamnovak]

The wes-service PyPI package at 4.0 depends on connexion <3.

But the latest connexion 2, 2.14.2, depends on werkzeug<2.3.

But only Werkzeug 3.0.3+ has the patch for CVE-2024-34069

So it's not possible to install wes-service with a fully patched Werkzeug, which makes it difficult to use securely.

wes-service should be updated to work with connexion 3.