From 66cd6cf37c09a5fc50906271dfdaca0bdafec7b3 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 12 Apr 2024 04:35:34 +0000
Subject: [PATCH 1/2] Bump idna from 3.6 to 3.7 in /src

Bumps [idna](https://github.com/kjd/idna) from 3.6 to 3.7.
- [Release notes](https://github.com/kjd/idna/releases)
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst)
- [Commits](https://github.com/kjd/idna/compare/v3.6...v3.7)

---
updated-dependencies:
- dependency-name: idna
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 src/requirements-dev.txt | 2 +-
 src/requirements.txt     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/requirements-dev.txt b/src/requirements-dev.txt
index 7d955bd4..03392b9d 100644
--- a/src/requirements-dev.txt
+++ b/src/requirements-dev.txt
@@ -119,7 +119,7 @@ gunicorn==20.1.0
     # via -r requirements.txt
 identify==2.5.32
     # via pre-commit
-idna==3.6
+idna==3.7
     # via
     #   -r requirements.txt
     #   requests
diff --git a/src/requirements.txt b/src/requirements.txt
index 363648b3..25ad290c 100644
--- a/src/requirements.txt
+++ b/src/requirements.txt
@@ -59,7 +59,7 @@ grpcio==1.59.3
     #   ray
 gunicorn==20.1.0
     # via -r requirements.in
-idna==3.6
+idna==3.7
     # via requests
 importlib-resources==6.1.1
     # via

From 15d9106270e3bfbb00dce7e5e043dd63e8e54c42 Mon Sep 17 00:00:00 2001
From: Anthony Romaniello <aromaniello@ntia.gov>
Date: Fri, 10 May 2024 07:12:46 -0600
Subject: [PATCH 2/2] Require idna>=3.7 in requirements.in

---
 src/requirements-dev.txt | 4 +++-
 src/requirements.in      | 1 +
 src/requirements.txt     | 4 +++-
 3 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/requirements-dev.txt b/src/requirements-dev.txt
index 03392b9d..9d022799 100644
--- a/src/requirements-dev.txt
+++ b/src/requirements-dev.txt
@@ -59,7 +59,9 @@ colorama==0.4.6
 colorful==0.5.5
     # via ray
 coverage[toml]==7.3.2
-    # via pytest-cov
+    # via
+    #   coverage
+    #   pytest-cov
 cryptography==42.0.4
     # via -r requirements.txt
 defusedxml==0.7.1
diff --git a/src/requirements.in b/src/requirements.in
index 01179100..af81daea 100644
--- a/src/requirements.in
+++ b/src/requirements.in
@@ -16,6 +16,7 @@ scos_tekrsa @ git+https://github.com/NTIA/scos-tekrsa@6.0.0
 # The following are sub-dependencies for which SCOS Sensor enforces a
 # higher minimum patch version than the dependencies which require them.
 # This is done to ensure the inclusion of specific security patches.
+idna>=3.7             # CVE-2024-3651
 pyyaml>=5.4.0         # CVE-2020-14343
 grpcio>=1.53.0        # CVE-2023-32732, CVE-2023-32731, CVE-2023-1428
 urllib3>=1.26.18      # CVE-2023-45803
diff --git a/src/requirements.txt b/src/requirements.txt
index 25ad290c..09783e0b 100644
--- a/src/requirements.txt
+++ b/src/requirements.txt
@@ -60,7 +60,9 @@ grpcio==1.59.3
 gunicorn==20.1.0
     # via -r requirements.in
 idna==3.7
-    # via requests
+    # via
+    #   -r requirements.in
+    #   requests
 importlib-resources==6.1.1
     # via
     #   jsonschema