Update django-cors-headers requirement from <4.0,>=3.11.0 to >=3.11.0,<5.0

[dependabot]

Updates the requirements on django-cors-headers to permit the latest version.

Changelog

Sourced from django-cors-headers's changelog.

4.0.0 (2023-05-12)

• Add CORS_ALLOW_PRIVATE_NETWORK_ACCESS setting, which enables support for the Local Network Access draft specification.

  Thanks to Issac Kelly in PR [#745](https://github.com/adamchainz/django-cors-headers/issues/745) <https://github.com/adamchainz/django-cors-headers/pull/745>__ and jjurgens0 in PR [#833](https://github.com/adamchainz/django-cors-headers/issues/833) <https://github.com/adamchainz/django-cors-headers/pull/833>__.

• Remove three headers from the default "accept list": accept-encoding, dnt, and origin. These are Forbidden header names <https://developer.mozilla.org/en-US/docs/Glossary/Forbidden_header_name>__, which means requests JavaScript can never set them. Consequently, allowing them via CORS has no effect.

  Thanks to jub0bs for the report in Issue [#842](https://github.com/adamchainz/django-cors-headers/issues/842) <https://github.com/adamchainz/django-cors-headers/issues/842>__.

• Drop the CORS_REPLACE_HTTPS_REFERER setting and CorsPostCsrfMiddleware. Since Django 1.9, the CSRF_TRUSTED_ORIGINS setting has been the preferred solution to making CSRF checks pass for CORS requests. The removed setting and middleware only existed as a workaround for Django versions before 1.9.

• Add async support to the middleware, reducing overhead on async views.

3.14.0 (2023-02-25)

• Support Django 4.2.

• Switch from urlparse() to urlsplit() for URL parsing, reducing the middleware runtime up to 5%. This changes the type passed to origin_found_in_white_lists(), so if you have subclassed the middleware to override this method, you should check it is compatible (it most likely is).

  Thanks to Thibaut Decombe in PR [#793](https://github.com/adamchainz/django-cors-headers/issues/793) <https://github.com/adamchainz/django-cors-headers/pull/793>__.

3.13.0 (2022-06-05)

• Support Python 3.11.

• Support Django 4.1.

3.12.0 (2022-05-10)

• Drop support for Django 2.2, 3.0, and 3.1.

3.11.0 (2022-01-10)

• Drop Python 3.6 support.

3.10.1 (2021-12-05)

• Prevent a crash when an invalid Origin header is sent.

... (truncated)

Commits

• e97a976 Version 4.0.0
• 1580ab1 Improve unreleased CHANGELOG entries and order
• 54b8ac6 [pre-commit.ci] pre-commit autoupdate (#860)
• 71557f7 Add Local Network Access support (#833)
• 404ddfa Upgrade requirements (#859)
• 806adad [pre-commit.ci] pre-commit autoupdate (#858)
• 11e91d0 Tidy test views (#857)
• 0418c2d Use HTTPS URLs everywhere (#856)
• 0ab5847 Remove forbidden headers from tests (#855)
• 01a7beb Improve allow methods docs and default (#854)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[sonarcloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
No Duplication information

[codecov-commenter]

Codecov Report

Merging #938 (4ff1812) into develop (43fef1e) will increase coverage by 10.55%.
The diff coverage is n/a.

❗ Current head 4ff1812 differs from pull request most recent head f8d1b9f. Consider uploading reports for the commit f8d1b9f to get more accurate results

@@             Coverage Diff              @@
##           develop     #938       +/-   ##
============================================
+ Coverage    46.33%   56.89%   +10.55%     
============================================
  Files          195      129       -66     
  Lines         7059     1965     -5094     
  Branches       522      522               
============================================
- Hits          3271     1118     -2153     
+ Misses        3684      743     -2941     
  Partials       104      104               

see 66 files with indirect coverage changes

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more