python3-idna: Upgrade 3.13 -> 3.17

* 3.17 (2026-05-28)

- Substantial 75% reduction in memory usage through new data
  structures and some optimization in processing speed.
- Added a general 1024-character input length cap to the public
  validation, conversion, and codec entry points. This is well above
  any legitimate domain or label and guards against pathological
  inputs.

* 3.16 (2026-05-22)

- Add a command-line interface (`python -m idna`, also available as
  the `idna` script). Encodes or decodes one or more domains supplied
  as arguments or on standard input, with options to select A-label
  or U-label output and control error handling.
- Raise the minimum supported Python version to 3.9
- Various code quality improvements

* 3.15 (2026-05-12)

- Enforce DNS-length cap on individual labels early in `check_label`,
  short-circuiting contextual-rule processing for oversized input
  while staying compatible with UTS 46 usage.
- Tidy core helpers: hoist bidi category sets to module-level
  frozensets (avoiding per-codepoint list construction), simplify
  length checks, and reuse the shared `_unicode_dots_re` from
  `idna.core` in the codec module.
- Use `raise ... from err` for proper exception chaining and
  switch internal string formatting to f-strings.
- Allow `flit_core` 4.x in the build backend.
- Expand the ruff lint set (flake8-bugbear, flake8-simplify,
  pyupgrade, perflint) and apply the surfaced fixes; pin lint CI
  to Python 3.14.
- Add Dependabot configuration for GitHub Actions.
- Convert README and HISTORY from reStructuredText to Markdown.
- Reference CVE-2026-45409 for the 3.14 advisory in place of the
  initial GHSA identifier.

Thanks to Felix Yan, Stan Ulbrych, and metsw24-max for
contributions to this release.

* 3.14 (2026-05-10)

- Removed opportunity to process long inputs into quadratic
  time by rejecting oversize inputs up-front. Closes a bypass
  of the CVE-2024-3651 mitigation. [CVE-2026-45409]

Thanks to Stan Ulbrych for reporting the issue.

Signed-off-by: Jörg Sommer <joerg.sommer@navimatix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

diff --git a/meta/recipes-devtools/python/python3-idna_3.13.bb b/meta/recipes-devtools/python/python3-idna_3.17.bb
similarity index 82%
rename from meta/recipes-devtools/python/python3-idna_3.13.bb
rename to meta/recipes-devtools/python/python3-idna_3.17.bb
index 339abb89c2d950a5095d59f66e3d7cf3cf5c0506..bf91b8627d0e558a102995fe55592c9c40a23e4e 100644 (file)
--- a/meta/recipes-devtools/python/python3-idna_3.13.bb
+++ b/meta/recipes-devtools/python/python3-idna_3.17.bb
@@ -3,7 +3,7 @@ HOMEPAGE = "https://github.com/kjd/idna"
 LICENSE = "BSD-3-Clause & Python-2.0 & Unicode-TOU"
 LIC_FILES_CHKSUM = "file://LICENSE.md;md5=9a6c29079fc90c29d80332f44d2625f2"
 
-SRC_URI[sha256sum] = "585ea8fe5d69b9181ec1afba340451fba6ba764af97026f92a91d4eef164a242"
+SRC_URI[sha256sum] = "5eb0cb53bc467c12eadcf6de83163ad8527cec9416f44b9b61b19caedad2b87f"
 
 inherit pypi python_flit_core ptest-python-pytest