build(deps): bump idna from 3.13 to 3.14 #1142 (lando@main)
| Warnings |
|
|---|---|
| Blockers |
|
| Branches | dependabot/pip/idna-3.14 -> main |
| Repo | lando@main (git) (git://github.com/mozilla-conduit/lando.git) |
| Author | dependabot[bot] |
| State | open |
| Commit Title | build(deps): bump idna from 3.13 to 3.14 |
| Commit Body | Bumps [idna](https://github.com/kjd/idna) from 3.13 to 3.14. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/kjd/idna/blob/master/HISTORY.rst">idna's changelog</a>.</em></p> <blockquote> <p>3.14 (2026-05-10) +++++++++++++++++</p> <ul> <li>Removed opportunity to process long inputs into quadratic time by rejecting oversize inputs up-front. Closes a bypass of the CVE-2024-3651 mitigation. [GHSA-65pc-fj4g-8rjx]</li> </ul> <p>Thanks to Stan Ulbrych for reporting the issue.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/kjd/idna/commit/37b6b7497aee4805f7a74a7d86206ac05be9669a"><code>37b6b74</code></a> Release v3.14</li> <li><a href="https://github.com/kjd/idna/commit/628fef84d3eda59321c21127e73dcd873db23ead"><code>628fef8</code></a> Use valid_string_length() for early oversized-input check</li> <li><a href="https://github.com/kjd/idna/commit/1e26c7fd93c67995422af9d1f071f45ee6433fd0"><code>1e26c7f</code></a> Tweak release wording</li> <li><a href="https://github.com/kjd/idna/commit/ab5668fb6eaf4254d91d6993c0b23e98e21202fb"><code>ab5668f</code></a> Pre-release 3.14</li> <li><a href="https://github.com/kjd/idna/commit/c0dda4501df5d91c3181ce6f962dc5de74e82cc1"><code>c0dda45</code></a> Merge commit from fork</li> <li><a href="https://github.com/kjd/idna/commit/b7391f4c240bf2eae80eaed0a2ef7c2e0496af96"><code>b7391f4</code></a> Add docstrings to package (<a href="https://redirect.github.com/kjd/idna/issues/226">#226</a>)</li> <li><a href="https://github.com/kjd/idna/commit/0f4a28d88f8cce54269f0b6a42edf5e6a5424319"><code>0f4a28d</code></a> Raise IDNAError on non-string input to encode/decode (<a href="https://redirect.github.com/kjd/idna/issues/224">#224</a>)</li> <li><a href="https://github.com/kjd/idna/commit/7e6df7196e6396b5b84b9530eab8272b5ad51898"><code>7e6df71</code></a> Address type issues found by <code>ty</code> (<a href="https://redirect.github.com/kjd/idna/issues/225">#225</a>)</li> <li><a href="https://github.com/kjd/idna/commit/6ebfaab9ea718dce38a7c17ddafd7fb28b0468d4"><code>6ebfaab</code></a> Merge pull request <a href="https://redirect.github.com/kjd/idna/issues/221">#221</a> from kjd/release-3.13</li> <li>See full diff in <a href="https://github.com/kjd/idna/compare/v3.13...v3.14">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> |
Landings
Not yet Landed
There has been no attempt to land revisions in this stack.