From 25582a64df89743c9179add69dc63f1cd57e1e78 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 10 May 2024 07:22:00 -0600
Subject: [PATCH] Bump idna from 3.6 to 3.7 in /src (#284)

* Bump idna from 3.6 to 3.7 in /src

Bumps [idna](https://github.com/kjd/idna) from 3.6 to 3.7.
- [Release notes](https://github.com/kjd/idna/releases)
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst)
- [Commits](https://github.com/kjd/idna/compare/v3.6...v3.7)

---
updated-dependencies:
- dependency-name: idna
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

* Require idna>=3.7 in requirements.in

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Anthony Romaniello <aromaniello@ntia.gov>
---
 src/requirements-dev.txt | 6 ++++--
 src/requirements.in      | 1 +
 src/requirements.txt     | 6 ++++--
 3 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/src/requirements-dev.txt b/src/requirements-dev.txt
index 7d955bd4..9d022799 100644
--- a/src/requirements-dev.txt
+++ b/src/requirements-dev.txt
@@ -59,7 +59,9 @@ colorama==0.4.6
 colorful==0.5.5
     # via ray
 coverage[toml]==7.3.2
-    # via pytest-cov
+    # via
+    #   coverage
+    #   pytest-cov
 cryptography==42.0.4
     # via -r requirements.txt
 defusedxml==0.7.1
@@ -119,7 +121,7 @@ gunicorn==20.1.0
     # via -r requirements.txt
 identify==2.5.32
     # via pre-commit
-idna==3.6
+idna==3.7
     # via
     #   -r requirements.txt
     #   requests
diff --git a/src/requirements.in b/src/requirements.in
index 01179100..af81daea 100644
--- a/src/requirements.in
+++ b/src/requirements.in
@@ -16,6 +16,7 @@ scos_tekrsa @ git+https://github.com/NTIA/scos-tekrsa@6.0.0
 # The following are sub-dependencies for which SCOS Sensor enforces a
 # higher minimum patch version than the dependencies which require them.
 # This is done to ensure the inclusion of specific security patches.
+idna>=3.7             # CVE-2024-3651
 pyyaml>=5.4.0         # CVE-2020-14343
 grpcio>=1.53.0        # CVE-2023-32732, CVE-2023-32731, CVE-2023-1428
 urllib3>=1.26.18      # CVE-2023-45803
diff --git a/src/requirements.txt b/src/requirements.txt
index 363648b3..09783e0b 100644
--- a/src/requirements.txt
+++ b/src/requirements.txt
@@ -59,8 +59,10 @@ grpcio==1.59.3
     #   ray
 gunicorn==20.1.0
     # via -r requirements.in
-idna==3.6
-    # via requests
+idna==3.7
+    # via
+    #   -r requirements.in
+    #   requests
 importlib-resources==6.1.1
     # via
     #   jsonschema