chore(deps): bump idna 3.11 -> 3.15 (CVE-2026-45409)

Adds PR #205 to the bundle. idna 3.14 fixed CVE-2026-45409, a
quadratic-time DoS vector via oversized inputs that bypassed the earlier
CVE-2024-3651 mitigation. 3.15 adds DNS-length cap enforcement at
check_label() entry plus assorted perf tidying.

This is a security-motivated upgrade, not just version-currentness
hygiene -- worth calling out in the CHANGELOG.

Verified clean through Socket Firewall (sfw); idna 3.15 was already
in the resolved tree during the requests 2.33.0 sfw probe earlier
in this branch's history.

Closes #205.

Signed-off-by: lelia <2418071+lelia@users.noreply.github.com>

Author: lelia

CHANGELOG.md

@@ -43,10 +43,14 @@ error section auto-expands in the Buildkite UI, along with a tip on using
 
 ### Dependencies
 
-Bundles eight Dependabot main-app upgrades (closes #175, #177, #181, #184, #188,
-#190, #198, #200) and three e2e fixture upgrades (closes #186, #187, #196).
+Bundles nine Dependabot main-app upgrades (closes #175, #177, #181, #184, #188,
+#190, #198, #200, #205) and three e2e fixture upgrades (closes #186, #187, #196).
 All target versions verified through Socket Firewall (`sfw`).
 
+Of note: `idna` 3.11 -> 3.15 includes the fix for **CVE-2026-45409** (released
+in `idna` 3.14), a quadratic-time DoS vector via oversized inputs that bypassed
+the earlier CVE-2024-3651 mitigation.
+
 ### Fixed
 
 The following fixes were originally drafted on the unreleased 2.2.87 branch