Skip to content

build(deps): bump idna from 3.11 to 3.14#2963

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/pip/idna-3.14
Open

build(deps): bump idna from 3.11 to 3.14#2963
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/pip/idna-3.14

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 11, 2026
edited
Loading

Bumps idna from 3.11 to 3.14.

Changelog

Sourced from idna's changelog.

3.14 (2026-05-10) +++++++++++++++++

  • Removed opportunity to process long inputs into quadratic time by rejecting oversize inputs up-front. Closes a bypass of the CVE-2024-3651 mitigation. [GHSA-65pc-fj4g-8rjx]

Thanks to Stan Ulbrych for reporting the issue.

3.13 (2026-04-22) +++++++++++++++++

  • Correct classification error for codepoint U+A7F1

3.12 (2026-04-21) +++++++++++++++++

  • Update to Unicode 17.0.0.
  • Issue a deprecation warning for the transitional argument.
  • Added lazy-loading to provide some performance improvements.
  • Removed vestiges of code related to Python 2 support, including segmentation of data structures specific to Jython.

Thanks to Rodrigo Nogueira for contributions to this release.

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels May 11, 2026
@dependabot dependabot Bot requested a review from rewtd as a code owner May 11, 2026 08:26
@dependabot dependabot Bot added the python Pull requests that update Python code label May 11, 2026
@dependabot dependabot Bot requested review from cw-owasp and sydseter as code owners May 11, 2026 08:26
@dependabot dependabot Bot force-pushed the dependabot/pip/idna-3.14 branch from 934b543 to 933a873 Compare May 11, 2026 20:40
@sydseter
Copy link
Copy Markdown
Collaborator

sydseter commented May 11, 2026

@dependabot rebase

@dependabot
build(deps): bump idna from 3.11 to 3.14
9cae658 
Bumps [idna](https://github.com/kjd/idna) from 3.11 to 3.14.
- [Release notes](https://github.com/kjd/idna/releases)
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst)
- [Commits](kjd/idna@v3.11...v3.14)

---
updated-dependencies:
- dependency-name: idna
  dependency-version: '3.14'
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/pip/idna-3.14 branch from 933a873 to 9cae658 Compare May 11, 2026 20:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rewtd rewtd Awaiting requested review from rewtd rewtd is a code owner

@sydseter sydseter Awaiting requested review from sydseter sydseter is a code owner

@cw-owasp cw-owasp Awaiting requested review from cw-owasp cw-owasp is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@sydseter