kompetenzinventar/ki-backend
6
7
Fork 4
Code Issues Pull Requests 11 Packages Projects Releases 2 Activity

Update dependency pymysql to v1.1.1 #90

Merged
Brain merged 1 commits from renovate/pymysql-1.x into main 2024-08-28 15:43:18 +02:00
Conversation 0 Commits 1 Files Changed 2 +5 -5
renovate-bot commented 2024-08-22 15:35:39 +02:00
Member
Copy Link

This PR contains the following updates:

Package Type Update Change
pymysql packages minor ==1.0.3 -> ==1.1.1

Release Notes

PyMySQL/PyMySQL (pymysql)

v1.1.1

Compare Source

Release date: 2024-05-21

[!WARNING]
This release fixes a vulnerability (CVE-2024-36039).
All users are recommended to update to this version.

If you can not update soon, check the input value from
untrusted source has an expected type. Only dict input
from untrusted source can be an attack vector.

  • Prohibit dict parameter for Cursor.execute(). It didn't produce valid SQL
    and might cause SQL injection. (CVE-2024-36039)
  • Added ssl_key_password param. #​1145

v1.1.0

Compare Source

Release date: 2023-06-26

  • Fixed SSCursor raising OperationalError for query timeouts on wrong statement (#​1032)
  • Exposed Cursor.warning_count to check for warnings without additional query (#​1056)
  • Make Cursor iterator (#​995)
  • Support '_' in key name in my.cnf (#​1114)
  • Cursor.fetchall() returns empty list instead of tuple (#​1115). Note that Cursor.fetchmany() still return empty tuple after reading all rows for compatibility with Django.
  • Deprecate Error classes in Cursor class (#​1117)
  • Add Connection.set_character_set(charset, collation=None). This method is compatible with mysqlclient. (#​1119)
  • Deprecate Connection.set_charset(charset) (#​1119)
  • New connection always send "SET NAMES charset [COLLATE collation]" query. (#​1119)
    Since collation table is vary on MySQL server versions, collation in handshake is fragile.
  • Support charset="utf8mb3" option (#​1127)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [pymysql](https://github.com/PyMySQL/PyMySQL) | packages | minor | `==1.0.3` -> `==1.1.1` | --- ### Release Notes <details> <summary>PyMySQL/PyMySQL (pymysql)</summary> ### [`v1.1.1`](https://github.com/PyMySQL/PyMySQL/blob/HEAD/CHANGELOG.md#v111) [Compare Source](https://github.com/PyMySQL/PyMySQL/compare/v1.1.0...v1.1.1) Release date: 2024-05-21 > \[!WARNING] > This release fixes a vulnerability (CVE-2024-36039). > All users are recommended to update to this version. > > If you can not update soon, check the input value from > untrusted source has an expected type. Only dict input > from untrusted source can be an attack vector. - Prohibit dict parameter for `Cursor.execute()`. It didn't produce valid SQL and might cause SQL injection. (CVE-2024-36039) - Added ssl_key_password param. [#&#8203;1145](https://github.com/PyMySQL/PyMySQL/issues/1145) ### [`v1.1.0`](https://github.com/PyMySQL/PyMySQL/blob/HEAD/CHANGELOG.md#v110) [Compare Source](https://github.com/PyMySQL/PyMySQL/compare/v1.0.3...v1.1.0) Release date: 2023-06-26 - Fixed SSCursor raising OperationalError for query timeouts on wrong statement ([#&#8203;1032](https://github.com/PyMySQL/PyMySQL/issues/1032)) - Exposed `Cursor.warning_count` to check for warnings without additional query ([#&#8203;1056](https://github.com/PyMySQL/PyMySQL/issues/1056)) - Make Cursor iterator ([#&#8203;995](https://github.com/PyMySQL/PyMySQL/issues/995)) - Support '\_' in key name in my.cnf ([#&#8203;1114](https://github.com/PyMySQL/PyMySQL/issues/1114)) - `Cursor.fetchall()` returns empty list instead of tuple ([#&#8203;1115](https://github.com/PyMySQL/PyMySQL/issues/1115)). Note that `Cursor.fetchmany()` still return empty tuple after reading all rows for compatibility with Django. - Deprecate Error classes in Cursor class ([#&#8203;1117](https://github.com/PyMySQL/PyMySQL/issues/1117)) - Add `Connection.set_character_set(charset, collation=None)`. This method is compatible with mysqlclient. ([#&#8203;1119](https://github.com/PyMySQL/PyMySQL/issues/1119)) - Deprecate `Connection.set_charset(charset)` ([#&#8203;1119](https://github.com/PyMySQL/PyMySQL/issues/1119)) - New connection always send "SET NAMES charset \[COLLATE collation]" query. ([#&#8203;1119](https://github.com/PyMySQL/PyMySQL/issues/1119)) Since collation table is vary on MySQL server versions, collation in handshake is fragile. - Support `charset="utf8mb3"` option ([#&#8203;1127](https://github.com/PyMySQL/PyMySQL/issues/1127)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40NDAuNyIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
renovate-bot added 1 commit 2024-08-22 15:35:39 +02:00
Update dependency pymysql to v1.1.1
All checks were successful
continuous-integration/drone/pr Build is passing
Details
2354c23b93
renovate-bot force-pushed renovate/pymysql-1.x from 2354c23b93 to f671f7a902 2024-08-22 20:36:26 +02:00 Compare
renovate-bot force-pushed renovate/pymysql-1.x from f671f7a902 to 2a2ac16d66 2024-08-23 12:36:26 +02:00 Compare
renovate-bot force-pushed renovate/pymysql-1.x from 2a2ac16d66 to 6ccdab21c0 2024-08-23 15:35:55 +02:00 Compare
renovate-bot force-pushed renovate/pymysql-1.x from 6ccdab21c0 to f8afc36528 2024-08-27 19:37:30 +02:00 Compare
renovate-bot force-pushed renovate/pymysql-1.x from f8afc36528 to a9536b71b3 2024-08-28 14:36:29 +02:00 Compare
Brain added the
security
 label 2024-08-28 15:20:14 +02:00
renovate-bot force-pushed renovate/pymysql-1.x from a9536b71b3 to 8c3fe3fe7d 2024-08-28 15:36:14 +02:00 Compare
Brain merged commit b46ac5e379 into main 2024-08-28 15:43:18 +02:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
bug
Something is not working
doing
duplicate
This issue or pull request already exists
enhancement
New feature
help wanted
Need some help
invalid
Something is wrong
question
More information is needed
ready
Bereit für Release
review
security
wontfix
This won't be fixed
No Label
security
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
Brain drone-bot frlan gulliver igk Lasagne marei Nikolai renovate-bot scammo srsh weeman
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: kompetenzinventar/ki-backend#90
No description provided.
Delete Branch "renovate/pymysql-1.x"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?