kompetenzinventar/ki-backend
5
6
Fork 7
Code Issues Pull Requests 13 Packages Projects Releases 1 Activity

Update dependency pymysql to v1.1.1 #90

Merged
Brain merged 1 commits from renovate/pymysql-1.x into main 2024-08-28 15:43:18 +02:00
Conversation 0 Commits 1 Files Changed 2 +5 -5
renovate-bot commented 2024-08-22 15:35:39 +02:00
Member
Copy Link

This PR contains the following updates:

Package Type Update Change
pymysql packages minor ==1.0.3 -> ==1.1.1

Release Notes

PyMySQL/PyMySQL (pymysql)

v1.1.1

Compare Source

Release date: 2024-05-21

!WARNING]
This release fixes a vulnerability (CVE-2024-36039).
All users are recommended to update to this version.

If you can not update soon, check the input value from
untrusted source has an expected type. Only dict input
from untrusted source can be an attack vector.
  • Prohibit dict parameter for Cursor.execute(). It didn't produce valid SQL
    and might cause SQL injection. (CVE-2024-36039)
  • Added ssl_key_password param. #​1145

v1.1.0

Compare Source

Release date: 2023-06-26

  • Fixed SSCursor raising OperationalError for query timeouts on wrong statement (#​1032)
  • Exposed Cursor.warning_count to check for warnings without additional query (#​1056)
  • Make Cursor iterator (#​995)
  • Support '_' in key name in my.cnf (#​1114)
  • Cursor.fetchall() returns empty list instead of tuple (#​1115). Note that Cursor.fetchmany() still return empty tuple after reading all rows for compatibility with Django.
  • Deprecate Error classes in Cursor class (#​1117)
  • Add Connection.set_character_set(charset, collation=None). This method is compatible with mysqlclient. (#​1119)
  • Deprecate Connection.set_charset(charset) (#​1119)
  • New connection always send "SET NAMES charset [COLLATE collation]" query. (#​1119)
    Since collation table is vary on MySQL server versions, collation in handshake is fragile.
  • Support charset="utf8mb3" option (#​1127)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [pymysql](https://github.com/PyMySQL/PyMySQL) | packages | minor | `==1.0.3` -> `==1.1.1` | --- ### Release Notes <details> <summary>PyMySQL/PyMySQL (pymysql)</summary> ### [`v1.1.1`](https://github.com/PyMySQL/PyMySQL/blob/HEAD/CHANGELOG.md#v111) [Compare Source](https://github.com/PyMySQL/PyMySQL/compare/v1.1.0...v1.1.1) Release date: 2024-05-21 > \[!WARNING] > This release fixes a vulnerability (CVE-2024-36039). > All users are recommended to update to this version. > > If you can not update soon, check the input value from > untrusted source has an expected type. Only dict input > from untrusted source can be an attack vector. - Prohibit dict parameter for `Cursor.execute()`. It didn't produce valid SQL and might cause SQL injection. (CVE-2024-36039) - Added ssl_key_password param. [#&#8203;1145](https://github.com/PyMySQL/PyMySQL/issues/1145) ### [`v1.1.0`](https://github.com/PyMySQL/PyMySQL/blob/HEAD/CHANGELOG.md#v110) [Compare Source](https://github.com/PyMySQL/PyMySQL/compare/v1.0.3...v1.1.0) Release date: 2023-06-26 - Fixed SSCursor raising OperationalError for query timeouts on wrong statement ([#&#8203;1032](https://github.com/PyMySQL/PyMySQL/issues/1032)) - Exposed `Cursor.warning_count` to check for warnings without additional query ([#&#8203;1056](https://github.com/PyMySQL/PyMySQL/issues/1056)) - Make Cursor iterator ([#&#8203;995](https://github.com/PyMySQL/PyMySQL/issues/995)) - Support '\_' in key name in my.cnf ([#&#8203;1114](https://github.com/PyMySQL/PyMySQL/issues/1114)) - `Cursor.fetchall()` returns empty list instead of tuple ([#&#8203;1115](https://github.com/PyMySQL/PyMySQL/issues/1115)). Note that `Cursor.fetchmany()` still return empty tuple after reading all rows for compatibility with Django. - Deprecate Error classes in Cursor class ([#&#8203;1117](https://github.com/PyMySQL/PyMySQL/issues/1117)) - Add `Connection.set_character_set(charset, collation=None)`. This method is compatible with mysqlclient. ([#&#8203;1119](https://github.com/PyMySQL/PyMySQL/issues/1119)) - Deprecate `Connection.set_charset(charset)` ([#&#8203;1119](https://github.com/PyMySQL/PyMySQL/issues/1119)) - New connection always send "SET NAMES charset \[COLLATE collation]" query. ([#&#8203;1119](https://github.com/PyMySQL/PyMySQL/issues/1119)) Since collation table is vary on MySQL server versions, collation in handshake is fragile. - Support `charset="utf8mb3"` option ([#&#8203;1127](https://github.com/PyMySQL/PyMySQL/issues/1127)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40NDAuNyIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
renovate-bot added 1 commit 2024-08-22 15:35:39 +02:00
Update dependency pymysql to v1.1.1
All checks were successful
continuous-integration/drone/pr Build is passing
Details
2354c23b93
renovate-bot force-pushed renovate/pymysql-1.x from 2354c23b93 to f671f7a902 2024-08-22 20:36:26 +02:00 Compare
renovate-bot force-pushed renovate/pymysql-1.x from f671f7a902 to 2a2ac16d66 2024-08-23 12:36:26 +02:00 Compare
renovate-bot force-pushed renovate/pymysql-1.x from 2a2ac16d66 to 6ccdab21c0 2024-08-23 15:35:55 +02:00 Compare
renovate-bot force-pushed renovate/pymysql-1.x from 6ccdab21c0 to f8afc36528 2024-08-27 19:37:30 +02:00 Compare
renovate-bot force-pushed renovate/pymysql-1.x from f8afc36528 to a9536b71b3 2024-08-28 14:36:29 +02:00 Compare
Brain added the
security
 label 2024-08-28 15:20:14 +02:00
renovate-bot force-pushed renovate/pymysql-1.x from a9536b71b3 to 8c3fe3fe7d 2024-08-28 15:36:14 +02:00 Compare
Brain merged commit b46ac5e379 into main 2024-08-28 15:43:18 +02:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
bug

Something is not working

  
doing

   
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
help wanted

Need some help

  
invalid

Something is wrong

  
question

More information is needed

  
ready

Bereit für Release

  
review

   
security

   
wontfix

This won't be fixed

No Label
bug
doing
duplicate
enhancement
help wanted
invalid
question
ready
review
security
wontfix
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: kompetenzinventar/ki-backend#90
No description provided.
Delete Branch "renovate/pymysql-1.x"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?