Update aiosmtplib requirement from <4,>=3.0 to >=3.0,<6 in /backend

[dependabot]

Updates the requirements on aiosmtplib to permit the latest version.

Release notes

Sourced from aiosmtplib's releases.

5.1.1

What's Changed

• Security: Reject control characters (the C0 range 0x00-0x1F and DEL 0x7F, including CR, LF, and NUL) in SMTP command arguments, preventing command injection via input passed to mail(), rcpt(), vrfy(), expn() or sendmail(). Such input now raises ValueError before anything is written to the connection. More details: GHSA-v3q9-hj7j-63hq Thanks to @​tonghuaroot for the report.
• Bugfix: SMTP.quit() no longer hangs until the read timeout when the peer drops the transport with an exception after QUIT is sent but before the 221 reply is parsed (e.g. AWS SES closing TLS without close_notify). Contributed by @​yamaaaaaa31

New Contributors

• @​yamaaaaaa31 made their first contribution in cole/aiosmtplib#346

Full Changelog: cole/aiosmtplib@v5.1.0...v5.1.1

Changelog

Sourced from aiosmtplib's changelog.

5.1.1

• Security: Reject control characters (the C0 range 0x00-0x1F and DEL 0x7F, including CR, LF, and NUL) in SMTP command arguments, preventing command injection via input passed to mail(), rcpt(), vrfy(), expn() or sendmail(). Such input now raises ValueError before anything is written to the connection. More details: GHSA-v3q9-hj7j-63hq Thanks to @​tonghuaroot for the report.
• Bugfix: SMTP.quit() no longer hangs until the read timeout when the peer drops the transport with an exception after QUIT is sent but before the 221 reply is parsed (e.g. AWS SES closing TLS without close_notify).

5.1.0

• Feature: Add XOAUTH2 authentication support

5.0.0

• BREAKING: Drop Python 3.9 support

4.0.2

• Bugfix: correct aexit signature to comply with async context manager protocol (thanks @​oliverlambson)

4.0.1

• Bugfix: Always clear the connect lock on connection lost, allowing client reconnect

4.0.0

• BREAKING: Drop Python 3.8 support
• Bugfix: Run socket.getfqdn in thread to avoid blocking event loop if local_hostname not provided (thanks @​Raidzin)
• Bugfix: Clear connect lock on connection lost, allowing client reconnect
• Bugfix: Allow socket connections to use TLS by providing hostname and use_tls=True

... (truncated)

Commits

• b18d293 fix: failing test on pypy
• 5a5365c chore: v5.1.1
• 8eaf6ef fix: command injection via address control chars
• e9d57bc chore: ignore pycache
• 185232d ci: pre-commit autoupdate
• 1096fed fix: resolve quit response waiter on connection_lost
• 14d9cab ci: pre-commit autoupdate
• 40d48d8 ci: pre-commit autoupdate
• eb59588 chore: v5.1.0
• d8100f8 feat: xoauth2
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.