chore(deps): bump idna from 3.11 to 3.15 in /examples/example-ai-openai-agents by dependabot[bot] · Pull Request #591 · PostHog/posthog-python

dependabot · 2026-05-19T23:22:38Z

Bumps idna from 3.11 to 3.15.

Changelog

3.15 (2026-05-12)

Enforce DNS-length cap on individual labels early in check_label, short-circuiting contextual-rule processing for oversized input while staying compatible with UTS 46 usage.

Tidy core helpers: hoist bidi category sets to module-level frozensets (avoiding per-codepoint list construction), simplify length checks, and reuse the shared _unicode_dots_re from idna.core in the codec module.

Use raise ... from err for proper exception chaining and switch internal string formatting to f-strings.

Allow flit_core 4.x in the build backend.

Expand the ruff lint set (flake8-bugbear, flake8-simplify, pyupgrade, perflint) and apply the surfaced fixes; pin lint CI to Python 3.14.

Add Dependabot configuration for GitHub Actions.

Convert README and HISTORY from reStructuredText to Markdown.

Reference CVE-2026-45409 for the 3.14 advisory in place of the initial GHSA identifier.

Thanks to Felix Yan, Stan Ulbrych, and metsw24-max for contributions to this release.

3.14 (2026-05-10)

Removed opportunity to process long inputs into quadratic time by rejecting oversize inputs up-front. Closes a bypass of the CVE-2024-3651 mitigation. [CVE-2026-45409]

Thanks to Stan Ulbrych for reporting the issue.

3.13 (2026-04-22)

Correct classification error for codepoint U+A7F1

3.12 (2026-04-21)

Update to Unicode 17.0.0.

Issue a deprecation warning for the transitional argument.

Added lazy-loading to provide some performance improvements.

Removed vestiges of code related to Python 2 support, including segmentation of data structures specific to Jython.

Thanks to Rodrigo Nogueira for contributions to this release.

Commits

af30a09 Release 3.15
30314d4 Pre-release 3.15rc0
05d4b21 Merge pull request #237 from kjd/convert-docs-to-markdown
2987fdb Convert README and HISTORY from reStructuredText to Markdown
59fa800 Merge pull request #236 from kjd/dependabot/github_actions/actions-f3e34333ea
def6983 Merge branch 'master' into dependabot/github_actions/actions-f3e34333ea
bbd8004 Merge pull request #234 from StanFromIreland/patch-1
edd07c0 Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group
5557db0 Merge branch 'master' into patch-1
f11746c Merge pull request #235 from StanFromIreland/patch-2
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [idna](https://github.com/kjd/idna) from 3.11 to 3.15. - [Release notes](https://github.com/kjd/idna/releases) - [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.md) - [Commits](kjd/idna@v3.11...v3.15) --- updated-dependencies: - dependency-name: idna dependency-version: '3.15' dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

github-actions · 2026-05-20T00:41:00Z

posthog-python Compliance Report

Date: 2026-05-20 00:40:58 UTC
Duration: 4674384ms

⚠️ Some Tests Failed

29/45 tests passed, 16 failed

Capture Tests

✅ 29/29 tests passed

View Details

Test	Status	Duration
Format Validation.Event Has Required Fields	✅	518ms
Format Validation.Event Has Uuid	✅	1508ms
Format Validation.Event Has Lib Properties	✅	1507ms
Format Validation.Distinct Id Is String	✅	1506ms
Format Validation.Token Is Present	✅	1507ms
Format Validation.Custom Properties Preserved	✅	1507ms
Format Validation.Event Has Timestamp	✅	1507ms
Retry Behavior.Retries On 503	✅	9517ms
Retry Behavior.Does Not Retry On 400	✅	3508ms
Retry Behavior.Does Not Retry On 401	✅	3508ms
Retry Behavior.Respects Retry After Header	✅	9513ms
Retry Behavior.Implements Backoff	✅	23518ms
Retry Behavior.Retries On 500	✅	7514ms
Retry Behavior.Retries On 502	✅	7511ms
Retry Behavior.Retries On 504	✅	7512ms
Retry Behavior.Max Retries Respected	✅	23533ms
Deduplication.Generates Unique Uuids	✅	1496ms
Deduplication.Preserves Uuid On Retry	✅	7511ms
Deduplication.Preserves Uuid And Timestamp On Retry	✅	14526ms
Deduplication.Preserves Uuid And Timestamp On Batch Retry	✅	7509ms
Deduplication.No Duplicate Events In Batch	✅	1503ms
Deduplication.Different Events Have Different Uuids	✅	1507ms
Compression.Sends Gzip When Enabled	✅	1507ms
Batch Format.Uses Proper Batch Structure	✅	1507ms
Batch Format.Flush With No Events Sends Nothing	✅	1005ms
Batch Format.Multiple Events Batched Together	✅	1506ms
Error Handling.Does Not Retry On 403	✅	3509ms
Error Handling.Does Not Retry On 413	✅	3508ms
Error Handling.Retries On 408	✅	7509ms

Feature_Flags Tests

⚠️ 0/16 tests passed, 16 failed

View Details

Test	Status	Duration
Request Payload.Request With Person Properties Device Id	❌	509ms
Request Payload.Flags Request Uses V2 Query Param	❌	300393ms
Request Payload.Flags Request Hits Flags Path Not Decide	❌	300969ms
Request Payload.Flags Request Omits Authorization Header	❌	300969ms
Request Payload.Token In Flags Body Matches Init	❌	300974ms
Request Payload.Groups Round Trip	❌	300990ms
Request Payload.Groups Default To Empty Object	❌	301033ms
Request Payload.Person Properties Distinct Id Auto Populated When Caller Omits It	❌	301062ms
Request Payload.Disable Geoip False Propagates As Geoip Disable False	❌	301003ms
Request Payload.Disable Geoip Omitted Defaults To False	❌	300970ms
Request Payload.Flag Keys To Evaluate Contains Only Requested Key	❌	300934ms
Request Lifecycle.No Flags Request On Init Alone	❌	301047ms
Request Lifecycle.No Flags Request On Normal Capture	❌	301011ms
Request Lifecycle.Two Flag Calls Produce Two Remote Requests	❌	300997ms
Request Lifecycle.Mock Response Value Is Returned To Caller	❌	301016ms
Side Effect Events.Get Feature Flag Captures Feature Flag Called Event	❌	300952ms

Failures

request_payload.request_with_person_properties_device_id

Field 'token' not found in /flags request body at path 'token'. Available keys: ['distinct_id', 'groups', 'person_properties', 'group_properties', 'geoip_disable', 'device_id', 'flag_keys_to_evaluate', 'sentAt', 'api_key']

request_payload.flags_request_uses_v2_query_param

No error message

request_payload.flags_request_hits_flags_path_not_decide

No error message

request_payload.flags_request_omits_authorization_header

No error message

request_payload.token_in_flags_body_matches_init

No error message

request_payload.groups_round_trip

No error message

request_payload.groups_default_to_empty_object

No error message

request_payload.person_properties_distinct_id_auto_populated_when_caller_omits_it

No error message

request_payload.disable_geoip_false_propagates_as_geoip_disable_false

No error message

request_payload.disable_geoip_omitted_defaults_to_false

No error message

request_payload.flag_keys_to_evaluate_contains_only_requested_key

No error message

request_lifecycle.no_flags_request_on_init_alone

No error message

request_lifecycle.no_flags_request_on_normal_capture

No error message

request_lifecycle.two_flag_calls_produce_two_remote_requests

No error message

request_lifecycle.mock_response_value_is_returned_to_caller

No error message

side_effect_events.get_feature_flag_captures_feature_flag_called_event

No error message

marandaneto

Approving Dependabot idna security bump.

dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels May 19, 2026

dependabot Bot requested a review from a team as a code owner May 19, 2026 23:22

dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels May 19, 2026

marandaneto approved these changes May 20, 2026

View reviewed changes

marandaneto merged commit fbd0d67 into main May 20, 2026
25 of 27 checks passed

marandaneto deleted the dependabot/uv/examples/example-ai-openai-agents/idna-3.15 branch May 20, 2026 08:24

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump idna from 3.11 to 3.15 in /examples/example-ai-openai-agents#591

chore(deps): bump idna from 3.11 to 3.15 in /examples/example-ai-openai-agents#591
marandaneto merged 1 commit into
mainfrom
dependabot/uv/examples/example-ai-openai-agents/idna-3.15

dependabot Bot commented on behalf of github May 19, 2026

Uh oh!

github-actions Bot commented May 20, 2026

Failures

Uh oh!

marandaneto left a comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github May 19, 2026

3.15 (2026-05-12)

3.14 (2026-05-10)

3.13 (2026-04-22)

3.12 (2026-04-21)

Uh oh!

github-actions Bot commented May 20, 2026

posthog-python Compliance Report

⚠️ Some Tests Failed

Capture Tests

Feature_Flags Tests

Failures

Uh oh!

marandaneto left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant