Skip to content

Bump idna from 3.13 to 3.15#216

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/idna-3.15
Closed

Bump idna from 3.13 to 3.15#216
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/idna-3.15

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 19, 2026
edited
Loading

Copy link
Copy Markdown

Bumps idna from 3.13 to 3.15.

Changelog

Sourced from idna's changelog.

3.15 (2026-05-12)

  • Enforce DNS-length cap on individual labels early in check_label, short-circuiting contextual-rule processing for oversized input while staying compatible with UTS 46 usage.
  • Tidy core helpers: hoist bidi category sets to module-level frozensets (avoiding per-codepoint list construction), simplify length checks, and reuse the shared _unicode_dots_re from idna.core in the codec module.
  • Use raise ... from err for proper exception chaining and switch internal string formatting to f-strings.
  • Allow flit_core 4.x in the build backend.
  • Expand the ruff lint set (flake8-bugbear, flake8-simplify, pyupgrade, perflint) and apply the surfaced fixes; pin lint CI to Python 3.14.
  • Add Dependabot configuration for GitHub Actions.
  • Convert README and HISTORY from reStructuredText to Markdown.
  • Reference CVE-2026-45409 for the 3.14 advisory in place of the initial GHSA identifier.

Thanks to Felix Yan, Stan Ulbrych, and metsw24-max for contributions to this release.

3.14 (2026-05-10)

  • Removed opportunity to process long inputs into quadratic time by rejecting oversize inputs up-front. Closes a bypass of the CVE-2024-3651 mitigation. [CVE-2026-45409]

Thanks to Stan Ulbrych for reporting the issue.

Commits
  • af30a09 Release 3.15
  • 30314d4 Pre-release 3.15rc0
  • 05d4b21 Merge pull request #237 from kjd/convert-docs-to-markdown
  • 2987fdb Convert README and HISTORY from reStructuredText to Markdown
  • 59fa800 Merge pull request #236 from kjd/dependabot/github_actions/actions-f3e34333ea
  • def6983 Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea
  • bbd8004 Merge pull request #234 from StanFromIreland/patch-1
  • edd07c0 Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group
  • 5557db0 Merge branch 'master' into patch-1
  • f11746c Merge pull request #235 from StanFromIreland/patch-2
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Change in dependencies python Pull requests that update python code labels May 19, 2026
@dependabot dependabot Bot had a problem deploying to manual-approval May 19, 2026 23:42 Failure
@dependabot dependabot Bot force-pushed the dependabot/pip/idna-3.15 branch from 5d06f71 to 7d4c69a Compare May 29, 2026 08:40
@dependabot dependabot Bot requested a deployment to manual-approval May 29, 2026 08:40 Waiting
@dependabot dependabot Bot force-pushed the dependabot/pip/idna-3.15 branch from 7d4c69a to 6281068 Compare June 3, 2026 12:04
@dependabot dependabot Bot requested a deployment to manual-approval June 3, 2026 12:04 Waiting
@dependabot dependabot Bot force-pushed the dependabot/pip/idna-3.15 branch from 6281068 to 576f64c Compare June 4, 2026 14:41
@dependabot dependabot Bot requested a deployment to manual-approval June 4, 2026 14:41 Waiting
@dependabot dependabot Bot force-pushed the dependabot/pip/idna-3.15 branch from 576f64c to 4d68064 Compare June 8, 2026 06:54
@dependabot dependabot Bot requested a deployment to manual-approval June 8, 2026 06:54 Waiting
@dependabot
Bump idna from 3.13 to 3.15
af58ffc 
Bumps [idna](https://github.com/kjd/idna) from 3.13 to 3.15.
- [Release notes](https://github.com/kjd/idna/releases)
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.md)
- [Commits](kjd/idna@v3.13...v3.15)

---
updated-dependencies:
- dependency-name: idna
  dependency-version: '3.15'
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/pip/idna-3.15 branch from 4d68064 to af58ffc Compare June 11, 2026 05:02
@dependabot dependabot Bot requested a deployment to manual-approval June 11, 2026 05:02 Waiting
@dependabot @github

dependabot Bot commented on behalf of github Jun 12, 2026

Copy link
Copy Markdown
Author

Looks like idna is up-to-date now, so this is no longer needed.

@dependabot dependabot Bot closed this Jun 12, 2026
@dependabot dependabot Bot deleted the dependabot/pip/idna-3.15 branch June 12, 2026 07:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Change in dependencies python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants