Bump idna from 3.6 to 3.7 in /src (#284)

* Bump idna from 3.6 to 3.7 in /src

Bumps [idna](https://github.com/kjd/idna) from 3.6 to 3.7.
- [Release notes](https://github.com/kjd/idna/releases)
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst)
- [Commits](kjd/idna@v3.6...v3.7)

---
updated-dependencies:
- dependency-name: idna
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>

* Require idna>=3.7 in requirements.in

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Anthony Romaniello <[email protected]>

src/requirements-dev.txt

@@ -59,7 +59,9 @@ colorama==0.4.6
 colorful==0.5.5
     # via ray
 coverage[toml]==7.3.2
-    # via pytest-cov
+    # via
+    #   coverage
+    #   pytest-cov
 cryptography==42.0.4
     # via -r requirements.txt
 defusedxml==0.7.1
@@ -119,7 +121,7 @@ gunicorn==20.1.0
     # via -r requirements.txt
 identify==2.5.32
     # via pre-commit
-idna==3.6
+idna==3.7
     # via
     #   -r requirements.txt
     #   requests

src/requirements.in

@@ -16,6 +16,7 @@ scos_tekrsa @ git+https://github.com/NTIA/[email protected]
 # The following are sub-dependencies for which SCOS Sensor enforces a
 # higher minimum patch version than the dependencies which require them.
 # This is done to ensure the inclusion of specific security patches.
+idna>=3.7             # CVE-2024-3651
 pyyaml>=5.4.0         # CVE-2020-14343
 grpcio>=1.53.0        # CVE-2023-32732, CVE-2023-32731, CVE-2023-1428
 urllib3>=1.26.18      # CVE-2023-45803

src/requirements.txt

@@ -59,8 +59,10 @@ grpcio==1.59.3
     #   ray
 gunicorn==20.1.0
     # via -r requirements.in
-idna==3.6
-    # via requests
+idna==3.7
+    # via
+    #   -r requirements.in
+    #   requests
 importlib-resources==6.1.1
     # via
     #   jsonschema