Skip to content

Update dependency idna to v3#10

Open
dev-mend-for-github-com[bot] wants to merge 1 commit into
masterfrom
whitesource-remediate/idna-3.x
Open

Update dependency idna to v3#10
dev-mend-for-github-com[bot] wants to merge 1 commit into
masterfrom
whitesource-remediate/idna-3.x

Conversation

@dev-mend-for-github-com

Copy link
Copy Markdown

This PR contains the following updates:

Package Update Change
idna (changelog) major ==2.8==3.7

By merging this PR, the below vulnerabilities will be automatically resolved:

Severity CVSS Score Vulnerability
Medium Medium 6.2 CVE-2024-3651

Release Notes

kjd/idna (idna)

v3.7

Compare Source

  • Fix issue where specially crafted inputs to encode() could
    take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

v3.6

Compare Source

  • Fix regression to include tests in source distribution.

v3.5

Compare Source

  • Update to Unicode 15.1.0
  • String codec name is now "idna2008" as overriding the system codec
    "idna" was not working.
  • Fix typing error for codec encoding
  • "setup.cfg" has been added for this release due to some downstream
    lack of adherence to PEP 517. Should be removed in a future release
    so please prepare accordingly.
  • Removed reliance on a symlink for the "idna-data" tool to comport
    with PEP 517 and the Python Packaging User Guide for sdist archives.
  • Added security reporting protocol for project

Thanks Jon Ribbens, Diogo Teles Sant'Anna, Wu Tingfeng for contributions
to this release.

v3.4

Compare Source

  • Update to Unicode 15.0.0
  • Migrate to pyproject.toml for build information (PEP 621)
  • Correct another instance where generic exception was raised instead of
    IDNAError for malformed input
  • Source distribution uses zeroized file ownership for improved
    reproducibility

Thanks to Seth Michael Larson for contributions to this release.

v3.3

Compare Source

  • Update to Unicode 14.0.0
  • Update to in-line type annotations
  • Throw IDNAError exception correctly for some malformed input
  • Advertise support for Python 3.10
  • Improve testing regime on Github
  • Fix Russian typo in documentation

Thanks to Jon Defresne, Hugo van Kemenade, Seth Michael Larson,
Patrick Ventuzelo and Boris Verhovsky for contributions to this
release.

v3.2

Compare Source

  • Add type hints (Thanks, Seth Michael Larson!)
  • Remove support for Python 3.4

v3.1

Compare Source

  • When decoding a domain, add a display argument that will pass
    through invalid labels rather than raising an exception.

v3.0

Compare Source

  • Python 2 is no longer supported (the 2.x branch supports Python 2,
    use "idna<3" in your requirements file if you need Python 2 support)
  • Support for V2 UTS 46 test vectors.

v2.10

Compare Source

  • Update to Unicode 13.0.0.
  • Throws a more specific exception if "xn--" is provided as a label.
  • This is expected to be the last version that supports Python 2.

v2.9

Compare Source

  • Update to Unicode 12.1.0.
  • Prohibit A-labels ending with a hyphen (Thanks, Julien Bernard!)
  • Future-proofing: Test on Python 3.7 and 3.8, don't immediately
    fail should Python 4 come along.
  • Made BSD 3-clause license clearer

  • If you want to rebase/retry this PR, check this box

@dev-mend-for-github-com dev-mend-for-github-com Bot added the security fix Security fix generated by Mend label Jun 26, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

security fix Security fix generated by Mend

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants