build(deps): bump idna from 3.10 to 3.15#257
Conversation
Bumps [idna](https://github.com/kjd/idna) from 3.10 to 3.15. - [Release notes](https://github.com/kjd/idna/releases) - [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.md) - [Commits](kjd/idna@v3.10...v3.15) --- updated-dependencies: - dependency-name: idna dependency-version: '3.15' dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
![lifeomic-review-bot[bot]](https://avatars.githubusercontent.com/u/29172293?s=60&v=4){kind=small}
There was a problem hiding this comment.
Scope
Lockfile-only Dependabot update that pins idna from 3.10 to 3.15 via poetry.lock; no application or runtime source files appear in the canonical change list.
CI
Checks were pending in the gathered snapshot with no completed status rows yet; merge should still wait on branch protection and required checks without this review restating failures.
Bugbot: no blocking threads — no action.
Regression risk
Several idna minors between 3.10 and 3.15 refine Unicode/IDNA handling and include security-related hardening in upstream notes, so the main realistic risk is subtle internationalized hostname edge-case differences rather than obvious API breakage within major version 3.
Upstream
Upstream: kjd/idna (repository linked in the PR description; use upstream HISTORY/releases for CVE and behavioral detail rather than inferring issue numbers here).
Residual risks / follow-ups
None — because the diff is lockfile-only with no first-party code edits; residual exposure is limited to transitive idna semantics—if this SDK validates user-supplied hosts, run your usual post-merge smoke on IDNA-heavy paths after CI finishes, which is ordinary hygiene rather than a merge-bar gap for this PR.
This review was generated by review-bot.
Bumps idna from 3.10 to 3.15.
Changelog
Sourced from idna's changelog.
... (truncated)
Commits
af30a09Release 3.1530314d4Pre-release 3.15rc005d4b21Merge pull request #237 from kjd/convert-docs-to-markdown2987fdbConvert README and HISTORY from reStructuredText to Markdown59fa800Merge pull request #236 from kjd/dependabot/github_actions/actions-f3e34333eadef6983Merge branch 'master' into dependabot/github_actions/actions-f3e34333eabbd8004Merge pull request #234 from StanFromIreland/patch-1edd07c0Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group5557db0Merge branch 'master' into patch-1f11746cMerge pull request #235 from StanFromIreland/patch-2Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.