The vulnerability description clearly points to idna.encode() as the entry point for the DoS. The provided commit 1d365e17e10d72d0b7876316fc7b9ca0eebdd38d is a release commit. By comparing the tags v3.6 (last vulnerable) and v3.7 (first patched), I identified commit 5beb28b9dd77912c0dd656d8b0fdba3eb80222e7 as the key patch. This commit modifies idna.core.valid_contextj and idna.core.check_label (which calls valid_contextj). The commit message for 5beb28b9dd77912c0dd656d8b0fdba3eb80222e7 explicitly states it's for "More efficient resolution of joiner contexts" to handle "pathological cases" faster, which aligns with the DoS vulnerability caused by resource exhaustion. The changes in idna.idnadata.joining_types support this by providing a more comprehensive and potentially optimized lookup for character joining types. The idna.encode function calls check_label, making it part of the vulnerable call chain. idna.core.alabel was also modified between the versions and calls check_label, so it's included with medium confidence as it's part of the encoding pipeline that was changed.