From 7345ce4c4391a120bf0de360e4623ee91b0750e9 Mon Sep 17 00:00:00 2001
From: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
Date: Sun, 24 May 2026 05:58:09 +0000
Subject: [PATCH] fix: pin idna>=3.15 to address medium Dependabot alert (SSRF
 via malformed Unicode)

idna is a transitive dependency via requests. Pinning to >=3.15,<4 ensures

the fix for CVE-2025-46816 is installed for all downstream users.

Co-Authored-By: Noy Arie <noyarie1992@gmail.com>
---
 pyproject.toml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pyproject.toml b/pyproject.toml
index 90999901b..c2f9c5c53 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -28,6 +28,7 @@ click = ">=7.0,<9.0"
 dbt-core = ">=1.8,<2.0.0"
 requests = ">=2.28.1,<3.0.0"
 urllib3 = ">=2.7.0,<3.0.0"
+idna = ">=3.15,<4"
 beautifulsoup4 = "<5.0.0"
 ratelimit = "*"
 posthog = "<3.0.0"