dependabot has flagged a vulnerability in the package idna. We should refresh our lock file.