chore(deps): update dependency idna to v3.18

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
idna (changelog)	==3.10 → ==3.18

---

Release Notes

kjd/idna (idna)

v3.18

Compare Source

• When decoding a domain, add a display argument that will pass
  through invalid labels rather than raising an exception.

v3.17

Compare Source

• Substantial 75% reduction in memory usage through new data
  structures and some optimization in processing speed.
• Added a general 1024-character input length cap to the public
  validation, conversion, and codec entry points. This is well above
  any legitimate domain or label and guards against pathological
  inputs.

v3.16

Compare Source

• Add a command-line interface (python -m idna, also available as
  the idna script). Encodes or decodes one or more domains supplied
  as arguments or on standard input, with options to select A-label
  or U-label output and control error handling.
• Raise the minimum supported Python version to 3.9
• Various code quality improvements

v3.15

Compare Source

• Enforce DNS-length cap on individual labels early in check_label,
  short-circuiting contextual-rule processing for oversized input
  while staying compatible with UTS 46 usage.
• Tidy core helpers: hoist bidi category sets to module-level
  frozensets (avoiding per-codepoint list construction), simplify
  length checks, and reuse the shared _unicode_dots_re from
  idna.core in the codec module.
• Use raise ... from err for proper exception chaining and
  switch internal string formatting to f-strings.
• Allow flit_core 4.x in the build backend.
• Expand the ruff lint set (flake8-bugbear, flake8-simplify,
  pyupgrade, perflint) and apply the surfaced fixes; pin lint CI
  to Python 3.14.
• Add Dependabot configuration for GitHub Actions.
• Convert README and HISTORY from reStructuredText to Markdown.
• Reference CVE-2026-45409 for the 3.14 advisory in place of the
  initial GHSA identifier.

Thanks to Felix Yan, Stan Ulbrych, and metsw24-max for
contributions to this release.

v3.14

Compare Source

• Removed opportunity to process long inputs into quadratic
  time by rejecting oversize inputs up-front. Closes a bypass
  of the CVE-2024-3651 mitigation. [CVE-2026-45409]

Thanks to Stan Ulbrych for reporting the issue.

v3.13

Compare Source

v3.12

Compare Source

v3.11

Compare Source

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.