Update idna to 3.18

[pyup-bot]

This PR updates idna from 3.4 to 3.18.

Changelog

3.18

- When decoding a domain, add a `display` argument that will pass
through invalid labels rather than raising an exception.

3.17

- Substantial 75% reduction in memory usage through new data
structures and some optimization in processing speed.
- Added a general 1024-character input length cap to the public
validation, conversion, and codec entry points. This is well above
any legitimate domain or label and guards against pathological
inputs.

3.16

- Add a command-line interface (`python -m idna`, also available as
the `idna` script). Encodes or decodes one or more domains supplied
as arguments or on standard input, with options to select A-label
or U-label output and control error handling.
- Raise the minimum supported Python version to 3.9
- Various code quality improvements

3.15

- Enforce DNS-length cap on individual labels early in `check_label`,
short-circuiting contextual-rule processing for oversized input
while staying compatible with UTS 46 usage.
- Tidy core helpers: hoist bidi category sets to module-level
frozensets (avoiding per-codepoint list construction), simplify
length checks, and reuse the shared `_unicode_dots_re` from
`idna.core` in the codec module.
- Use `raise ... from err` for proper exception chaining and
switch internal string formatting to f-strings.
- Allow `flit_core` 4.x in the build backend.
- Expand the ruff lint set (flake8-bugbear, flake8-simplify,
pyupgrade, perflint) and apply the surfaced fixes; pin lint CI
to Python 3.14.
- Add Dependabot configuration for GitHub Actions.
- Convert README and HISTORY from reStructuredText to Markdown.
- Reference CVE-2026-45409 for the 3.14 advisory in place of the
initial GHSA identifier.

Thanks to Felix Yan, Stan Ulbrych, and metsw24-max for
contributions to this release.

3.14

- Removed opportunity to process long inputs into quadratic
time by rejecting oversize inputs up-front. Closes a bypass
of the CVE-2024-3651 mitigation. [CVE-2026-45409]

Thanks to Stan Ulbrych for reporting the issue.

3.13

- Correct classification error for codepoint U+A7F1

3.12

- Update to Unicode 17.0.0.
- Issue a deprecation warning for the transitional argument.
- Added lazy-loading to provide some performance improvements.
- Removed vestiges of code related to Python 2 support, including
segmentation of data structures specific to Jython.

Thanks to Rodrigo Nogueira for contributions to this release.

3.11

- Update to Unicode 16.0.0, including significant changes to UTS46
processing. As a result of Unicode ending support for it, transitional
processing no longer has an effect and returns the same result.
- Add support for Python 3.14, lowest supported version is Python 3.8.
- Various updates to packaging, including PEP 740 support.

3.10

- Reverted to Unicode 15.1.0 data. Unicode 16 has some significant changes
to UTS46 processing that will require more work to properly implement.

3.9

- Update to Unicode 16.0.0
- Deprecate setup.cfg in favour of pyproject.toml
- Use ruff for code formatting

Thanks to Waket Zheng for contributions to this release.

3.8

- Fix regression where IDNAError exception was not being produced for
certain inputs.
- Add support for Python 3.13, drop support for Python 3.5 as it is no
longer testable.
- Documentation improvements
- Updates to package testing using Github actions

Thanks to Hugo van Kemenade for contributions to this release.

3.7

- Fix issue where specially crafted inputs to encode() could
take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

3.6

- Fix regression to include tests in source distribution.

3.5

- Update to Unicode 15.1.0
- String codec name is now "idna2008" as overriding the system codec
"idna" was not working.
- Fix typing error for codec encoding
- "setup.cfg" has been added for this release due to some downstream
lack of adherence to PEP 517. Should be removed in a future release
so please prepare accordingly.
- Removed reliance on a symlink for the "idna-data" tool to comport
with PEP 517 and the Python Packaging User Guide for sdist archives.
- Added security reporting protocol for project

Thanks Jon Ribbens, Diogo Teles Sant'Anna, Wu Tingfeng for contributions
to this release.

Links

• PyPI: https://pypi.org/project/idna
• Changelog: https://data.safetycli.com/changelogs/idna/

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (5f02dc7) to head (6e22e0e).

Additional details and impacted files

@@            Coverage Diff            @@
##            master      #648   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files           12        12           
  Lines          126       126           
=========================================
  Hits           126       126           

Flag	Coverage Δ
	?

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.