chore(deps): bump idna from 3.13 to 3.14

[dependabot]

Bumps idna from 3.13 to 3.14.

Changelog

Sourced from idna's changelog.

3.14 (2026-05-10) +++++++++++++++++

• Removed opportunity to process long inputs into quadratic time by rejecting oversize inputs up-front. Closes a bypass of the CVE-2024-3651 mitigation. [GHSA-65pc-fj4g-8rjx]

Thanks to Stan Ulbrych for reporting the issue.

Commits

• 37b6b74 Release v3.14
• 628fef8 Use valid_string_length() for early oversized-input check
• 1e26c7f Tweak release wording
• ab5668f Pre-release 3.14
• c0dda45 Merge commit from fork
• b7391f4 Add docstrings to package (#226)
• 0f4a28d Raise IDNAError on non-string input to encode/decode (#224)
• 7e6df71 Address type issues found by ty (#225)
• 6ebfaab Merge pull request #221 from kjd/release-3.13
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)