Bump idna from 3.11 to 3.13 in /doc

[dependabot]

Bumps idna from 3.11 to 3.13.

Changelog

Sourced from idna's changelog.

3.13 (2026-04-22) +++++++++++++++++

• Correct classification error for codepoint U+A7F1

3.12 (2026-04-21) +++++++++++++++++

• Update to Unicode 17.0.0.
• Issue a deprecation warning for the transitional argument.
• Added lazy-loading to provide some performance improvements.
• Removed vestiges of code related to Python 2 support, including segmentation of data structures specific to Jython.

Thanks to Rodrigo Nogueira for contributions to this release.

Commits

• 89cdfd2 Release v3.13
• 1eb0686 Pre-release 3.13
• 5f20d1e Merge pull request #220 from kjd/unicode-next
• 4ea8425 Regenerate idnadata.py with correct NFKC_CF data
• fd47341 Use NFKC_CF from Unicode data files instead of Python's unicodedata module
• a5304a4 Merge pull request #219 from kjd/release-3.12
• d80d6f9 Release v3.12
• 1bb44dd Merge pull request #218 from kjd/release-candidate-3.12rc0
• 909c49d Release candidate for 3.12
• c5459a1 Merge pull request #217 from kjd/housekeeping-2
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[ulysses4ever]

We badly need

• Configure Dependabot to batch GitHub Actions updates #11358

for uv. @philderbeast maybe?

[philderbeast]

Yes, idna is outdated.

$ uv pip list --outdated
Package             Version  Latest    Type
------------------- -------- --------- -----
babel               2.17.0   2.18.0    wheel
certifi             2026.1.4 2026.4.22 wheel
charset-normalizer  3.4.4    3.4.7     wheel
docutils            0.21.2   0.22.4    wheel
idna                3.11     3.13      wheel
imagesize           1.4.1    2.0.0     wheel
jsonpointer         3.0.0    3.1.1     wheel
packaging           25.0     26.2      wheel
pydata-sphinx-theme 0.16.1   0.17.1    wheel
pygments            2.19.2   2.20.0    wheel
requests            2.32.5   2.33.1    wheel
sphinx              8.2.3    9.1.0     wheel
sphinx-rtd-theme    3.0.2    3.1.0     wheel

[philderbeast]

Should we go with this dependabot PR or hand-roll one with something like the following along with changes to lower limits in doc/pyproject.toml?

$ uv sync --upgrade
warning: No `requires-python` value found in the workspace. Defaulting to `>=3.12`.
Resolved 29 packages in 256ms
Prepared 12 packages in 191ms
Uninstalled 19 packages in 42ms
Installed 12 packages in 33ms
 - accessible-pygments==0.0.5
 - babel==2.17.0
 + babel==2.18.0
 - beautifulsoup4==4.14.3
 - certifi==2026.1.4
 + certifi==2026.4.22
 - charset-normalizer==3.4.4
 + charset-normalizer==3.4.7
 - docutils==0.21.2
 + docutils==0.22.4
 - idna==3.11
 + idna==3.13
 - imagesize==1.4.1
 + imagesize==2.0.0
 - jsonpointer==3.0.0
 + jsonpointer==3.1.1
 - packaging==25.0
 + packaging==26.2
 - pydata-sphinx-theme==0.16.1
 - pygments==2.19.2
 + pygments==2.20.0
 - requests==2.32.5
 + requests==2.33.1
 - roman-numerals-py==4.1.0
 - soupsieve==2.8.3
 - sphinx==8.2.3
 + sphinx==9.1.0
 - sphinx-book-theme==1.2.0
 - sphinx-rtd-theme==3.0.2
 + sphinx-rtd-theme==3.1.0
 - typing-extensions==4.15.0

[philderbeast]

I'd be happy to accept the dependabot PRs that bump minimum bounds but worry we are going to see conflicts and it might take a while to get them all in with the imposed two day delay before merging. Does dependabot do rebasing?

[ulysses4ever]

@philderbeast this is bit too dense for me. I meant a simple change that i ended up submitting myself here: #11812 I'd appreciate your review...