Bump websockets from 4.0.1 to 5.0

[dependabot-preview]

Bumps websockets from 4.0.1 to 5.0.

Changelog

Sourced from websockets's changelog.

5.0
...

.. note::

**Version 5.0 fixes a security issue introduced in version 4.0.**

websockets 4.0 was vulnerable to denial of service by memory exhaustion
because it didn't enforce ``max_size`` when decompressing compressed
messages.

.. warning::

**Version 5.0 adds a** ``user_info`` **field to the return value of**
:func:`~uri.parse_uri` **and** :class:`~uri.WebSocketURI` **.**

If you're unpacking :class:`~websockets.WebSocketURI` into four variables,
adjust your code to account for that fifth field.

Also:

• Added compatibility with Python 3.7.

• :func:~client.connect() performs HTTP Basic Auth when the URI contains
  credentials.

• Iterating on incoming messages no longer raises an exception when the
  connection terminates with code 1001 (going away).

• A plain HTTP request now receives a 426 Upgrade Required response and
  doesn't log a stack trace.

• :func:~server.unix_serve can be used as an asynchronous context manager on
  Python ≥ 3.5.1.

• Added :meth:~protocol.WebSocketCommonProtocol.closed property.

• If a :meth:~protocol.WebSocketCommonProtocol.ping doesn't receive a pong,
  it's cancelled when the connection is closed.

• Reported the cause of :exc:~exceptions.ConnectionClosed exceptions.

• Added new examples in the documentation.

• Updated documentation with new features from Python 3.6.

• Improved several other sections of the documentation.

• Fixed missing close code, which caused :exc:TypeError on connection close.

... (truncated)

Commits

• c08a318 Bump version number.
• 414a514 Fix regression from b07b8895.
• b6a25ce Security fix: defend against zip bombs.
• 2b89213 Ignore a warning added in Python 3.7.
• 7da5f40 Declare await as coroutine.
• 595e3f0 Add missing entries in the changelog.
• b32a44a Report cause of ConnectionClosed exception.
• a28d147 Don't call fail_connection on closed connections.
• 0a1b76a Fail the connection before the opening handshake.
• a11fa66 Improve failing the WebSocket connection.
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use (this|these) label[s] will set the current labels as the default for future PRs for this repo and language
• @dependabot use (this|these) reviewer[s] will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use (this|these) assignee[s] will set the current assignees as the default for future PRs for this repo and language

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.

[dependabot-preview]

Superseded by #86.