deps: pin idna>=3.15 (CVE-2024-3651) — incorporates Snyk PR #530

MrMasterbay · MrMasterbay · commit f0e260b7950f · 2026-06-05T14:24:24.000+02:00
Transitive via requests; idna&lt;3.7 has a ReDoS/DoS. Added in the same
transitive-pins block as setuptools/zipp with the CVE named (Snyk's auto-PR
left a generic comment). Verified: 3.15-3.18 exist on PyPI, requests allows
idna&lt;4, dry-run resolves.
diff --git a/requirements.txt b/requirements.txt
@@ -101,3 +101,4 @@ defusedxml>=0.7.1
 # floor that doesn't carry known CVEs. Newer versions are pulled automatically.
 setuptools>=78.1.1  # CVE-2024-6345 RCE in package_index, CVE-2025-47273 ReDoS
 zipp>=3.19.1        # CVE-2024-5569 infinite loop in Path._next
+idna>=3.15          # CVE-2024-3651 ReDoS/DoS in idna<3.7 (transitive via requests; Snyk PR #530)
