Bump idna from 3.3 to 3.10

[dependabot]

Bumps idna from 3.3 to 3.10.

Release notes

Sourced from idna's releases.

v3.10

No release notes provided.

v3.9

No release notes provided.

v3.8

What's Changed

• Fix regression where IDNAError exception was not being produced for certain inputs.
• Add support for Python 3.13, drop support for Python 3.5 as it is no longer testable.
• Documentation improvements
• Updates to package testing using Github actions

Thanks to Hugo van Kemenade for contributions to this release.

Full Changelog: kjd/idna@v3.7...v3.8

v3.7

What's Changed

• Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

Full Changelog: kjd/idna@v3.6...v3.7

Changelog

Sourced from idna's changelog.

3.10 (2024-09-15) +++++++++++++++++

• Reverted to Unicode 15.1.0 data. Unicode 16 has some significant changes to UTS46 processing that will require more work to properly implement.

3.9 (2024-09-13) ++++++++++++++++

• Update to Unicode 16.0.0
• Deprecate setup.cfg in favour of pyproject.toml
• Use ruff for code formatting

Thanks to Waket Zheng for contributions to this release.

3.8 (2024-08-23) ++++++++++++++++

• Fix regression where IDNAError exception was not being produced for certain inputs.
• Add support for Python 3.13, drop support for Python 3.5 as it is no longer testable.
• Documentation improvements
• Updates to package testing using Github actions

Thanks to Hugo van Kemenade for contributions to this release.

3.7 (2024-04-11) ++++++++++++++++

• Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

3.6 (2023-11-25) ++++++++++++++++

• Fix regression to include tests in source distribution.

3.5 (2023-11-24) ++++++++++++++++

• Update to Unicode 15.1.0
• String codec name is now "idna2008" as overriding the system codec "idna" was not working.
• Fix typing error for codec encoding
• "setup.cfg" has been added for this release due to some downstream lack of adherence to PEP 517. Should be removed in a future release so please prepare accordingly.

... (truncated)

Commits

• 729225d Release v3.10
• 3eef168 Merge pull request #194 from kjd/revert-unicode-16
• ceca619 Revert Unicode 16.0.0 data updates
• c43ac75 Merge pull request #191 from kjd/release-3.9
• 1b8800a Release v3.9
• a1fd168 Merge pull request #190 from kjd/unicode-16
• 7732c61 Merge branch 'master' into unicode-16
• 4ed183d Refactor membership test
• 762216b Format with ruff
• 580ece9 Implement changes to UTS46 algorithm
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codspeed-hq]

CodSpeed Performance Report

Merging #10255 will not alter performance

_{Comparing dependabot/pip/3.12/idna-3.10 (534e0ca) with 3.12 (d3ca8b1)}

Summary

✅ 47 untouched benchmarks

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 98.07%. Comparing base (d3ca8b1) to head (534e0ca).
Report is 26 commits behind head on 3.12.

✅ All tests successful. No failed tests found.

Additional details and impacted files

@@            Coverage Diff            @@
##             3.12   #10255     +/-   ##
=========================================
  Coverage   98.06%   98.07%             
=========================================
  Files         123      123             
  Lines       37228    37228             
  Branches     4477     2111   -2366     
=========================================
+ Hits        36509    36510      +1     
- Misses        542      546      +4     
+ Partials      177      172      -5     

Flag	Coverage Δ
CI-GHA	97.97% <ø> (+0.01%)	⬆️
OS-Linux	97.63% <ø> (-0.03%)	⬇️
OS-Windows	94.51% <ø> (-0.08%)	⬇️
OS-macOS	96.81% <ø> (+0.03%)	⬆️
Py-3.10.11	96.69% <ø> (+0.05%)	⬆️
Py-3.10.15	97.27% <ø> (+0.06%)	⬆️
Py-3.11.11	97.36% <ø> (+0.07%)	⬆️
Py-3.11.9	96.80% <ø> (+0.09%)	⬆️
Py-3.12.8	96.61% <ø> (-1.13%)	⬇️
Py-3.13.1	96.60% <ø> (-1.12%)	⬇️
Py-3.9.13	96.31% <ø> (-0.25%)	⬇️
Py-3.9.20	97.17% <ø> (+0.04%)	⬆️
Py-pypy7.3.16	?
VM-macos	96.81% <ø> (+0.03%)	⬆️
VM-ubuntu	97.63% <ø> (-0.03%)	⬇️
VM-windows	94.51% <ø> (-0.08%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[asvetlov]

Interesting.
A test for aiohttp import time fails; looks like import idna for idna 3.10 takes much longer than for previous versions.
I think we have no choice but should bump the limit.
@Dreamsorcerer @bdraco @webknjaz what do you think?

[Dreamsorcerer]

Interesting. A test for aiohttp import time fails; looks like import idna for idna 3.10 takes much longer than for previous versions. I think we have no choice but should bump the limit. @Dreamsorcerer @bdraco @webknjaz what do you think?

I mentioned it on the last PR. It's a regression, hopefully will be fixed: kjd/idna#188