Bump the dependabot group with 3 updates

[dependabot]

Bumps the dependabot group with 3 updates: idna, markdown-it-py and requests.

Updates idna from 3.13 to 3.14

Changelog

Sourced from idna's changelog.

3.14 (2026-05-10) +++++++++++++++++

• Removed opportunity to process long inputs into quadratic time by rejecting oversize inputs up-front. Closes a bypass of the CVE-2024-3651 mitigation. [GHSA-65pc-fj4g-8rjx]

Thanks to Stan Ulbrych for reporting the issue.

Commits

• 37b6b74 Release v3.14
• 628fef8 Use valid_string_length() for early oversized-input check
• 1e26c7f Tweak release wording
• ab5668f Pre-release 3.14
• c0dda45 Merge commit from fork
• b7391f4 Add docstrings to package (#226)
• 0f4a28d Raise IDNAError on non-string input to encode/decode (#224)
• 7e6df71 Address type issues found by ty (#225)
• 6ebfaab Merge pull request #221 from kjd/release-3.13
• See full diff in compare view

Updates markdown-it-py from 4.0.0 to 4.2.0

Release notes

Sourced from markdown-it-py's releases.

v4.2.0

What's Changed

• ✨ Add make_fence_rule() factory for configurable fence markers by @​chrisjsewell in executablebooks/markdown-it-py#394
• 🚀 RELEASE v4.2.0 by @​chrisjsewell in executablebooks/markdown-it-py#395

Full Changelog: executablebooks/markdown-it-py@v4.1.0...v4.2.0

v4.1.0

What's Changed

• ✨ Add --stdin option to CLI by @​mcepl in executablebooks/markdown-it-py#379
• Add AGENTS.md and copilot-setup-steps workflow by @​Copilot in executablebooks/markdown-it-py#380
• 🔧 Add typing to Scanner by @​Alunderin in executablebooks/markdown-it-py#382
• 👌 Fix quadratic complexity in fragments_join / text_join by @​petricevich in executablebooks/markdown-it-py#389
• ✨Allow plugins to register inline terminator characters by @​Copilot in executablebooks/markdown-it-py#391
• ✨ Add gfm-like2 preset with task lists, alerts, and single-tilde strikethrough by @​chrisjsewell in executablebooks/markdown-it-py#388
• 🔧 Update pre-commit hooks by @​chrisjsewell in executablebooks/markdown-it-py#392
• 🚀 RELEASE v4.1.0 by @​chrisjsewell in executablebooks/markdown-it-py#393

New Contributors

• @​mcepl made their first contribution in executablebooks/markdown-it-py#379
• @​Copilot made their first contribution in executablebooks/markdown-it-py#380
• @​Alunderin made their first contribution in executablebooks/markdown-it-py#382
• @​petricevich made their first contribution in executablebooks/markdown-it-py#389

Full Changelog: executablebooks/markdown-it-py@v4.0.0...v4.1.0

Changelog

Sourced from markdown-it-py's changelog.

4.2.0 - 2026-05-07

• ✨ Add make_fence_rule() factory for configurable fence markers in #394

4.1.0 - 2025-05-06

• ✨ Add gfm-like2 preset with task lists, alerts, and single-tilde strikethrough core plugins in #388
• ✨ Allow plugins to register inline terminator characters in #391
• 👌 Fix quadratic complexity in fragments_join / text_join in #389, thanks to @​petricevich
• 👌 Add --stdin option to CLI for reading Markdown from standard input in #379, thanks to @​mcepl
• 🔧 Add typing to Scanner in #382, thanks to @​Alunderin

Full Changelog: executablebooks/markdown-it-py@v4.0.0...v4.1.0

Commits

• 36c5f54 🚀 RELEASE v4.2.0 (#395)
• 96cf077 ✨ Add make_fence_rule() factory for configurable fence markers (#394)
• 3b4ff6d 🚀 RELEASE v4.1.0 (#393)
• 8951f26 🔧 Update pre-commit hooks (#392)
• 693bb24 ✨ Add gfm-like2 preset with task lists, alerts, and single-tilde strikethro...
• df6fd36 ✨Allow plugins to register inline terminator characters (#391)
• d4ea0ca 👌 Fix quadratic complexity in fragments_join / text_join (#389)
• 8933147 🔧 Add typing to Scanner (#382)
• 2f6ae10 🔧 Add AGENTS.md and copilot-setup-steps workflow (#380)
• 49043e4 Add --stdin option to CLI for reading Markdown from standard input (#379)
• See full diff in compare view

Updates requests from 2.33.0 to 2.34.0

Release notes

Sourced from requests's releases.

v2.34.0

2.34.0 (2026-05-11)

Announcements

• Requests 2.34.0 introduces inline types, replacing those provided by typeshed. Public API types should be fully compatible with mypy, pyright, and ty. We believe types are comprehensive but if you find issues, please report them to the pinned tracking issue.

  Special thanks to @​bastimeyer, @​cthoyt, @​edgarrmondragon, and @​srittau for helping review and test the types ahead of the release. (#7272)

Improvements

• Digest Auth hashing algorithms have added usedforsecurity=False to clarify security considerations. (#7310)
• Requests added support for Python 3.15 based on beta1. Downstream projects should be able to start testing prior to its release in October. (#7422)
• Requests added support for Python 3.14t. (#7419)

Bugfixes

• Response.history no longer contains a reference to itself, preventing accidental looping when traversing the history list. (#7328)
• Requests no longer performs greedy matching on no_proxy domains. The proxy_bypass implementation has been updated with CPython's fix from bpo-39057. (#7427)
• Requests no longer incorrectly strips duplicate leading slashes in URI paths. This should address user issues with specific presigned URLs. Note the full fix requires urllib3 2.7.0+. (#7315)

New Contributors

• @​cjriches made their first contribution in psf/requests#7365
• @​dsanader made their first contribution in psf/requests#7376
• @​DimitriPapadopoulos made their first contribution in psf/requests#7393
• @​joshua-51 made their first contribution in psf/requests#7416
• @​eggsort made their first contribution in psf/requests#7421
• @​typhon8 made their first contribution in psf/requests#7315
• @​bastimeyer made their first contribution in psf/requests#7425

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2340-2026-05-11

v2.33.1

2.33.1 (2026-03-30)

Bugfixes

• Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. (#7305)
• Fixed Content-Type header parsing for malformed values. (#7309)
• Improved error consistency for malformed header values. (#7308)

... (truncated)

Changelog

Sourced from requests's changelog.

2.34.0 (2026-05-11)

Announcements

• Requests 2.34.0 introduces inline types, replacing those provided by typeshed. Public API types should be fully compatible with mypy, pyright, and ty. We believe types are comprehensive but if you find issues, please report them to the pinned tracking issue.

  Special thanks to @​bastimeyer, @​cthoyt, @​edgarrmondragon, and @​srittau for helping review and test the types ahead of the release. (#7272)

Improvements

• Digest Auth hashing algorithms have added usedforsecurity=False to clarify security considerations. (#7310)
• Requests added support for Python 3.15 based on beta1. Downstream projects should be able to start testing prior to its release in October. (#7422)
• Requests added support for Python 3.14t. (#7419)

Bugfixes

• Response.history no longer contains a reference to itself, preventing accidental looping when traversing the history list. (#7328)
• Requests no longer performs greedy matching on no_proxy domains. The proxy_bypass implementation has been updated with CPython's fix from bpo-39057. (#7427)
• Requests no longer incorrectly strips duplicate leading slashes in URI paths. This should address user issues with specific presigned URLs. Note the full fix requires urllib3 2.7.0+. (#7315)

2.33.1 (2026-03-30)

Bugfixes

• Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. (#7305)
• Fixed Content-Type header parsing for malformed values. (#7309)
• Improved error consistency for malformed header values. (#7308)

Commits

• 0b401c7 v2.34.0
• 86b378d Align Session.get parameters with requests.get (#7429)
• a4f9a59 Port bpo-39057 to Requests (#7427)
• 3816cfa Parameterize SupportsItems to handle Mapping key invariance (#7426)
• b684dcb sessions: fix hooks type (#7425)
• dc9dbdf Formalize 3.15 support (#7422)
• 25340eb Clear proxy env vars before every test run (#7423)
• fd62809 Preserve leading slashes in request path_url (#7315)
• e8d2c01 docs: Fix missing hook output in docs example (#7421)
• eb173bc Add 3.14t support to CI (#7419)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[coveralls]

Coverage Report for CI Build 25732542389

Warning

No base build found for commit b6d7623 on main.
Coverage changes can't be calculated without a base build.
If a base build is processing, this comment will update automatically when it completes.

Coverage: 86.632%

Details

• Patch coverage: No coverable lines changed in this PR.

Uncovered Changes

No uncovered changes found.

Coverage Regressions

Requires a base build to compare against. How to fix this →

---

Coverage Stats

Relevant Lines:	3643
Covered Lines:	3156
Line Coverage:	86.63%
Coverage Strength:	0.87 hits per line

---

💛 - Coveralls