Skip to content

chore(deps)(deps): bump idna from 3.6 to 3.13#62

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/idna-3.13
Open

chore(deps)(deps): bump idna from 3.6 to 3.13#62
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/idna-3.13

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 23, 2026

Bumps idna from 3.6 to 3.13.

Release notes

Sourced from idna's releases.

v3.13

No release notes provided.

v3.12

No release notes provided.

v3.11

No release notes provided.

v3.10

No release notes provided.

v3.9

No release notes provided.

v3.8

What's Changed

  • Fix regression where IDNAError exception was not being produced for certain inputs.
  • Add support for Python 3.13, drop support for Python 3.5 as it is no longer testable.
  • Documentation improvements
  • Updates to package testing using Github actions

Thanks to Hugo van Kemenade for contributions to this release.

Full Changelog: kjd/idna@v3.7...v3.8

v3.7

What's Changed

  • Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

Full Changelog: kjd/idna@v3.6...v3.7

Changelog

Sourced from idna's changelog.

3.13 (2026-04-22) +++++++++++++++++

  • Correct classification error for codepoint U+A7F1

3.12 (2026-04-21) +++++++++++++++++

  • Update to Unicode 17.0.0.
  • Issue a deprecation warning for the transitional argument.
  • Added lazy-loading to provide some performance improvements.
  • Removed vestiges of code related to Python 2 support, including segmentation of data structures specific to Jython.

Thanks to Rodrigo Nogueira for contributions to this release.

3.11 (2025-10-12) +++++++++++++++++

  • Update to Unicode 16.0.0, including significant changes to UTS46 processing. As a result of Unicode ending support for it, transitional processing no longer has an effect and returns the same result.
  • Add support for Python 3.14, lowest supported version is Python 3.8.
  • Various updates to packaging, including PEP 740 support.

3.10 (2024-09-15) +++++++++++++++++

  • Reverted to Unicode 15.1.0 data. Unicode 16 has some significant changes to UTS46 processing that will require more work to properly implement.

3.9 (2024-09-13) ++++++++++++++++

  • Update to Unicode 16.0.0
  • Deprecate setup.cfg in favour of pyproject.toml
  • Use ruff for code formatting

Thanks to Waket Zheng for contributions to this release.

3.8 (2024-08-23) ++++++++++++++++

  • Fix regression where IDNAError exception was not being produced for certain inputs.
  • Add support for Python 3.13, drop support for Python 3.5 as it is no longer testable.
  • Documentation improvements
  • Updates to package testing using Github actions

... (truncated)

Commits
  • 89cdfd2 Release v3.13
  • 1eb0686 Pre-release 3.13
  • 5f20d1e Merge pull request #220 from kjd/unicode-next
  • 4ea8425 Regenerate idnadata.py with correct NFKC_CF data
  • fd47341 Use NFKC_CF from Unicode data files instead of Python's unicodedata module
  • a5304a4 Merge pull request #219 from kjd/release-3.12
  • d80d6f9 Release v3.12
  • 1bb44dd Merge pull request #218 from kjd/release-candidate-3.12rc0
  • 909c49d Release candidate for 3.12
  • c5459a1 Merge pull request #217 from kjd/housekeeping-2
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps)(deps): bump idna from 3.6 to 3.13
a423123 
Bumps [idna](https://github.com/kjd/idna) from 3.6 to 3.13.
- [Release notes](https://github.com/kjd/idna/releases)
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst)
- [Commits](kjd/idna@v3.6...v3.13)

---
updated-dependencies:
- dependency-name: idna
  dependency-version: '3.13'
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot mentioned this pull request Apr 23, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies python security

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants