chore(deps): update dependency idna to v3.15

renovate-bot commented

2024-06-04 13:31:40 +05:30

Member

This PR contains the following updates:

Package	Change	Age	Confidence
idna (changelog)	`==3.6` -> `==3.15`

Release Notes

kjd/idna (idna)

`v3.15`

Compare Source

Enforce DNS-length cap on individual labels early in check_label,
short-circuiting contextual-rule processing for oversized input
while staying compatible with UTS 46 usage.
Tidy core helpers: hoist bidi category sets to module-level
frozensets (avoiding per-codepoint list construction), simplify
length checks, and reuse the shared _unicode_dots_re from
idna.core in the codec module.
Use raise ... from err for proper exception chaining and
switch internal string formatting to f-strings.
Allow flit_core 4.x in the build backend.
Expand the ruff lint set (flake8-bugbear, flake8-simplify,
pyupgrade, perflint) and apply the surfaced fixes; pin lint CI
to Python 3.14.
Add Dependabot configuration for GitHub Actions.
Convert README and HISTORY from reStructuredText to Markdown.
Reference CVE-2026-45409 for the 3.14 advisory in place of the
initial GHSA identifier.

Thanks to Felix Yan, Stan Ulbrych, and metsw24-max for
contributions to this release.

`v3.14`

Compare Source

Removed opportunity to process long inputs into quadratic
time by rejecting oversize inputs up-front. Closes a bypass
of the CVE-2024-3651 mitigation. [CVE-2026-45409]

Thanks to Stan Ulbrych for reporting the issue.

`v3.13`

Compare Source

Correct classification error for codepoint U+A7F1

`v3.12`

Compare Source

Update to Unicode 17.0.0.
Issue a deprecation warning for the transitional argument.
Added lazy-loading to provide some performance improvements.
Removed vestiges of code related to Python 2 support, including
segmentation of data structures specific to Jython.

Thanks to Rodrigo Nogueira for contributions to this release.

`v3.11`

Compare Source

Update to Unicode 16.0.0, including significant changes to UTS46
processing. As a result of Unicode ending support for it, transitional
processing no longer has an effect and returns the same result.
Add support for Python 3.14, lowest supported version is Python 3.8.
Various updates to packaging, including PEP 740 support.

`v3.10`

Compare Source

Reverted to Unicode 15.1.0 data. Unicode 16 has some significant changes
to UTS46 processing that will require more work to properly implement.

`v3.9`

Compare Source

Update to Unicode 16.0.0
Deprecate setup.cfg in favour of pyproject.toml
Use ruff for code formatting

Thanks to Waket Zheng for contributions to this release.

`v3.8`

Compare Source

Fix regression where IDNAError exception was not being produced for
certain inputs.
Add support for Python 3.13, drop support for Python 3.5 as it is no
longer testable.
Documentation improvements
Updates to package testing using Github actions

Thanks to Hugo van Kemenade for contributions to this release.

`v3.7`

Compare Source

Fix issue where specially crafted inputs to encode() could
take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [idna](https://github.com/kjd/idna) ([changelog](https://github.com/kjd/idna/blob/master/HISTORY.md)) | `==3.6` -> `==3.15` | ![age](https://developer.mend.io/api/mc/badges/age/pypi/idna/3.15?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/idna/3.6/3.15?slim=true) | --- ### Release Notes <details> <summary>kjd/idna (idna)</summary> ### [`v3.15`](https://github.com/kjd/idna/blob/HEAD/HISTORY.md#315-2026-05-12) [Compare Source](https://github.com/kjd/idna/compare/v3.14...v3.15) - Enforce DNS-length cap on individual labels early in `check_label`, short-circuiting contextual-rule processing for oversized input while staying compatible with UTS 46 usage. - Tidy core helpers: hoist bidi category sets to module-level frozensets (avoiding per-codepoint list construction), simplify length checks, and reuse the shared `_unicode_dots_re` from `idna.core` in the codec module. - Use `raise ... from err` for proper exception chaining and switch internal string formatting to f-strings. - Allow `flit_core` 4.x in the build backend. - Expand the ruff lint set (flake8-bugbear, flake8-simplify, pyupgrade, perflint) and apply the surfaced fixes; pin lint CI to Python 3.14. - Add Dependabot configuration for GitHub Actions. - Convert README and HISTORY from reStructuredText to Markdown. - Reference CVE-2026-45409 for the 3.14 advisory in place of the initial GHSA identifier. Thanks to Felix Yan, Stan Ulbrych, and metsw24-max for contributions to this release. ### [`v3.14`](https://github.com/kjd/idna/blob/HEAD/HISTORY.md#314-2026-05-10) [Compare Source](https://github.com/kjd/idna/compare/v3.13...v3.14) - Removed opportunity to process long inputs into quadratic time by rejecting oversize inputs up-front. Closes a bypass of the CVE-2024-3651 mitigation. \[CVE-2026-45409] Thanks to Stan Ulbrych for reporting the issue. ### [`v3.13`](https://github.com/kjd/idna/blob/HEAD/HISTORY.md#313-2026-04-22) [Compare Source](https://github.com/kjd/idna/compare/v3.12...v3.13) - Correct classification error for codepoint U+A7F1 ### [`v3.12`](https://github.com/kjd/idna/blob/HEAD/HISTORY.md#312-2026-04-21) [Compare Source](https://github.com/kjd/idna/compare/v3.11...v3.12) - Update to Unicode 17.0.0. - Issue a deprecation warning for the transitional argument. - Added lazy-loading to provide some performance improvements. - Removed vestiges of code related to Python 2 support, including segmentation of data structures specific to Jython. Thanks to Rodrigo Nogueira for contributions to this release. ### [`v3.11`](https://github.com/kjd/idna/blob/HEAD/HISTORY.md#311-2025-10-12) [Compare Source](https://github.com/kjd/idna/compare/v3.10...v3.11) - Update to Unicode 16.0.0, including significant changes to UTS46 processing. As a result of Unicode ending support for it, transitional processing no longer has an effect and returns the same result. - Add support for Python 3.14, lowest supported version is Python 3.8. - Various updates to packaging, including PEP 740 support. ### [`v3.10`](https://github.com/kjd/idna/blob/HEAD/HISTORY.md#310-2024-09-15) [Compare Source](https://github.com/kjd/idna/compare/v3.9...v3.10) - Reverted to Unicode 15.1.0 data. Unicode 16 has some significant changes to UTS46 processing that will require more work to properly implement. ### [`v3.9`](https://github.com/kjd/idna/blob/HEAD/HISTORY.md#39-2024-09-13) [Compare Source](https://github.com/kjd/idna/compare/v3.8...v3.9) - Update to Unicode 16.0.0 - Deprecate setup.cfg in favour of pyproject.toml - Use ruff for code formatting Thanks to Waket Zheng for contributions to this release. ### [`v3.8`](https://github.com/kjd/idna/blob/HEAD/HISTORY.md#38-2024-08-23) [Compare Source](https://github.com/kjd/idna/compare/v3.7...v3.8) - Fix regression where IDNAError exception was not being produced for certain inputs. - Add support for Python 3.13, drop support for Python 3.5 as it is no longer testable. - Documentation improvements - Updates to package testing using Github actions Thanks to Hugo van Kemenade for contributions to this release. ### [`v3.7`](https://github.com/kjd/idna/blob/HEAD/HISTORY.md#37-2024-04-11) [Compare Source](https://github.com/kjd/idna/compare/v3.6...v3.7) - Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. \[CVE-2024-3651] Thanks to Guido Vranken for reporting the issue. </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).

renovate-bot added the

renovate-bot

label

2024-06-04 13:31:40 +05:30

renovate-bot changed title from ~~chore(deps): update dependency idna to v3.7~~ to chore(deps): update dependency idna to v3.8

2024-08-23 22:01:29 +05:30

renovate-bot force-pushed renovate/idna-3.x from 20b524cde2 to b9d9d13276

2024-08-23 22:01:32 +05:30

Compare

renovate-bot force-pushed renovate/idna-3.x from b9d9d13276 to e7dacd8f6a

2024-09-14 08:33:24 +05:30

Compare

renovate-bot changed title from ~~chore(deps): update dependency idna to v3.8~~ to chore(deps): update dependency idna to v3.9

2024-09-14 08:33:25 +05:30

renovate-bot changed title from ~~chore(deps): update dependency idna to v3.9~~ to chore(deps): update dependency idna to v3.10

2024-09-16 00:02:31 +05:30

renovate-bot force-pushed renovate/idna-3.x from e7dacd8f6a to 7593c9fbfe

2024-09-16 00:02:31 +05:30

Compare

renovate-bot force-pushed renovate/idna-3.x from 7593c9fbfe to 3beb5acc4e

2025-10-13 05:12:32 +05:30

Compare

renovate-bot changed title from ~~chore(deps): update dependency idna to v3.10~~ to chore(deps): update dependency idna to v3.11

2025-10-13 05:12:34 +05:30

renovate-bot force-pushed renovate/idna-3.x from 3beb5acc4e to e4e86d3199

2026-04-27 05:07:02 +05:30

Compare

renovate-bot changed title from ~~chore(deps): update dependency idna to v3.11~~ to chore(deps): update dependency idna to v3.13

2026-04-27 05:07:04 +05:30

renovate-bot force-pushed renovate/idna-3.x from e4e86d3199 to 8b8d0505b9

2026-05-11 05:07:22 +05:30

Compare

renovate-bot changed title from ~~chore(deps): update dependency idna to v3.13~~ to chore(deps): update dependency idna to v3.14

2026-05-11 05:07:22 +05:30

renovate-bot force-pushed renovate/idna-3.x from 8b8d0505b9 to 60ef4f99d2

2026-05-18 05:07:27 +05:30

Compare

renovate-bot changed title from ~~chore(deps): update dependency idna to v3.14~~ to chore(deps): update dependency idna to v3.15

2026-05-18 05:07:29 +05:30

This pull request can be merged automatically.

You are not authorized to merge this pull request.

View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.

git fetch -u origin renovate/idna-3.x:renovate/idna-3.x

git switch renovate/idna-3.x

Merge

Merge the changes and update on Forgejo.

Warning: The "Autodetect manual merge" setting is not enabled for this repository, you will have to mark this pull request as manually merged afterwards.

git switch master

git merge --no-ff renovate/idna-3.x

git switch renovate/idna-3.x

git rebase master

git switch master

git merge --ff-only renovate/idna-3.x

git switch renovate/idna-3.x

git rebase master

git switch master

git merge --no-ff renovate/idna-3.x

git switch master

git merge --squash renovate/idna-3.x

git switch master

git merge --ff-only renovate/idna-3.x

git switch master

git merge renovate/idna-3.x

git push origin master

Rows
Columns

chore(deps): update dependency idna to v3.15 #7

Release Notes

Configuration

Checkout

Merge