chore(deps): bump idna from 3.10 to 3.15#3337
Conversation
dependabot
Bot
added
dependencies
github-actions
Bot
added
the
release-note-required
Python API breakage checks — ✅ PASSEDResult: ✅ PASSED |
REST API breakage checks (OpenAPI) — ✅ PASSEDResult: ✅ PASSED |
Coverage Report •
|
all-hands-bot
left a comment
all-hands-bot
left a comment
There was a problem hiding this comment.
🟢 Good taste — lock-only Dependabot update; idna 3.15 was uploaded on 2026-05-12T22:45:55.733Z, which is outside the repo's 7-day freshness window.
[RISK ASSESSMENT]
- [Overall PR]
⚠️ Risk Assessment: 🟢 LOW
Dependency-only lockfile update; no agent behavior, API, or runtime logic changes.
VERDICT: ✅ Worth merging
This review was generated by an AI agent (OpenHands) on behalf of the requester.
Was this automated review useful? React with 👍 or 👎 to this review to help us measure review quality.
Workflow run: https://github.com/OpenHands/software-agent-sdk/actions/runs/26196484205
all-hands-bot
left a comment
all-hands-bot
left a comment
There was a problem hiding this comment.
✅ QA Report: PASS
Verified the dependency bump in a real locked environment: the PR installs idna==3.15, IDNA encode/decode behavior works, oversized labels are rejected, and a basic OpenHands SDK object path still constructs successfully.
Does this PR achieve its stated goal?
Yes. The stated goal is to bump idna from 3.10 to 3.15; the baseline branch installed 3.10, while the PR branch installed 3.15 from the lockfile. Real idna API calls for Unicode domains and an OpenHands SDK Agent/LLM construction path both succeeded on the PR branch, so I did not find a functional regression from the upgrade.
| Phase | Result |
|---|---|
| Environment Setup | ✅ uv sync --frozen succeeded on origin/main and the PR branch |
| CI Status | ✅ Passing checks observed; only qa-changes was still in progress for this review run |
| Functional Verification | ✅ PR environment uses idna==3.15 and real IDNA + SDK operations completed |
Functional Verification
Test 1: Locked dependency install and real IDNA/API usage
Step 1 — Reproduce / establish baseline (without the fix):
Ran git checkout --detach origin/main && uv sync --frozen && uv run --frozen python /tmp/qa_idna_probe.py:
installed_idna=3.10
domain=bücher.example ascii=xn--bcher-kva.example decoded=bücher.example
domain=faß.de ascii=xn--fa-hia.de decoded=faß.de
domain=例え.テスト ascii=xn--r8jz45g.xn--zckzah decoded=例え.テスト
oversized_label_error=IDNAError: Label too long
oversized_label_elapsed_ms=0.050
sdk_agent_constructed=openai/test-model
This establishes the pre-PR state: the locked environment installs idna==3.10, and the same real IDNA operations plus SDK construction path work there.
Step 2 — Apply the PR's changes:
Checked out dependabot/uv/idna-3.15 at 452225667d1c26fff9d9ef1d36bf79dbc4ea7c5d and recreated the locked environment with uv sync --frozen.
Step 3 — Re-run with the fix in place:
Ran git checkout dependabot/uv/idna-3.15 && uv sync --frozen && uv run --frozen python /tmp/qa_idna_probe.py:
installed_idna=3.15
domain=bücher.example ascii=xn--bcher-kva.example decoded=bücher.example
domain=faß.de ascii=xn--fa-hia.de decoded=faß.de
domain=例え.テスト ascii=xn--r8jz45g.xn--zckzah decoded=例え.テスト
oversized_label_error=IDNAError: Label too long
oversized_label_elapsed_ms=0.050
sdk_agent_constructed=openai/test-model
This confirms the PR's lockfile installs idna==3.15, Unicode IDNA encode/decode behavior remains functional, oversized labels are rejected, and a basic OpenHands SDK construction path still works in the updated environment.
Issues Found
None.
This review was created by an AI agent (OpenHands) on behalf of the user.
Bumps [idna](https://github.com/kjd/idna) from 3.10 to 3.15. - [Release notes](https://github.com/kjd/idna/releases) - [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.md) - [Commits](kjd/idna@v3.10...v3.15) --- updated-dependencies: - dependency-name: idna dependency-version: '3.15' dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
force-pushed
the
dependabot/uv/idna-3.15
branch
from
4522256 to
7ccdad5
Compare
github-actions
Bot
removed
the
release-note-required
|
@OpenHands I notice that beyond updating idna we are also changing
is this change needed for this PR? shouldn't we keep 2026-05-12T18:17:37.961907255Z ? |
|
I'm on it! juanmichelini can track my progress at all-hands.dev |
|
@juanmichelini Good question — I looked into it. That change isn't something Dependabot intentionally introduced for the idna bump; it's an artifact of Background: our repo-root exclude-newer = "0001-01-01T00:00:00Z" # sentinel, has no effect
exclude-newer-span = "P7D" # the actual constraintThe I verified locally: running
So my recommendation is to leave the change as-is rather than hand-editing the lockfile back to the old timestamp. Happy to revert if you'd still prefer the minimal diff, but it would only be cosmetic. This comment was created by an AI agent (OpenHands) on behalf of the requester. |
SummaryI answered @juanmichelini's question on PR #3337 without making any code changes. Question: Is the Answer (posted to the PR): No, that change isn't specifically needed for the idna bump — but we also shouldn't try to restore the old timestamp. Here's why:
Recommendation: leave the change as-is. Comment link: #3337 (comment) No code, lockfile, or branch changes were made. |
2 participants
Bumps idna from 3.10 to 3.15.
Changelog
Sourced from idna's changelog.
... (truncated)
Commits
af30a09Release 3.1530314d4Pre-release 3.15rc005d4b21Merge pull request #237 from kjd/convert-docs-to-markdown2987fdbConvert README and HISTORY from reStructuredText to Markdown59fa800Merge pull request #236 from kjd/dependabot/github_actions/actions-f3e34333eadef6983Merge branch 'master' into dependabot/github_actions/actions-f3e34333eabbd8004Merge pull request #234 from StanFromIreland/patch-1edd07c0Bump github/codeql-action from 3.35.2 to 4.35.2 in the actions group5557db0Merge branch 'master' into patch-1f11746cMerge pull request #235 from StanFromIreland/patch-2Agent Server images for this PR
• GHCR package: https://github.com/OpenHands/agent-sdk/pkgs/container/agent-server
Variants & Base Images
eclipse-temurin:17-jdknikolaik/python-nodejs:python3.13-nodejs22-slimgolang:1.21-bookwormPull (multi-arch manifest)
# Each variant is a multi-arch manifest supporting both amd64 and arm64 docker pull ghcr.io/openhands/agent-server:7ccdad5-pythonRun
All tags pushed for this build
About Multi-Architecture Support
7ccdad5-python) is a multi-arch manifest supporting both amd64 and arm647ccdad5-python-amd64) are also available if needed