chore(deps): update dependency pymysql to v1.1.3 #337

2026-05-04T11:08:38Z

renovate commented

2026-05-04 11:08:38 +00:00

This PR contains the following updates:

Package	Change	Age	Confidence
PyMySQL (changelog)	`==1.1.2` → `==1.1.3`

Release Notes

PyMySQL/PyMySQL (PyMySQL)

`v1.1.3`

Compare Source

Release date: 2026-05-01

Security

Fix Cursor.callproc() didn't escape procedure name. (#1206)
There was a possibility of SQL injection when calling a procedure with a string received from an untrusted source as the procedure name.

NOTICE: This change may cause backward compatibility issues. If you specified a procedure name like "dbname.funcname", the previous version called CALL dbname.funcname, but from this version, it will call CALL `dbname.funcname` so you cannot specify procedure name with database name anymore.

Configuration

📅 Schedule: (UTC)

Branch creation
- At any time (no schedule defined)
Automerge
- At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [PyMySQL](https://github.com/PyMySQL/PyMySQL) ([changelog](https://github.com/PyMySQL/PyMySQL/blob/main/CHANGELOG.md)) | `==1.1.2` → `==1.1.3` | ![age](https://developer.mend.io/api/mc/badges/age/pypi/pymysql/1.1.3?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/pymysql/1.1.2/1.1.3?slim=true) | --- ### Release Notes <details> <summary>PyMySQL/PyMySQL (PyMySQL)</summary> ### [`v1.1.3`](https://github.com/PyMySQL/PyMySQL/blob/HEAD/CHANGELOG.md#v113) [Compare Source](https://github.com/PyMySQL/PyMySQL/compare/v1.1.2...v1.1.3) Release date: 2026-05-01 ##### Security - Fix `Cursor.callproc()` didn't escape procedure name. ([#1206](https://github.com/PyMySQL/PyMySQL/issues/1206)) There was a possibility of SQL injection when calling a procedure with a string received from an untrusted source as the procedure name. NOTICE: This change may cause backward compatibility issues. If you specified a procedure name like `"dbname.funcname"`, the previous version called `CALL dbname.funcname`, but from this version, it will call ``CALL `dbname.funcname` `` so you cannot specify procedure name with database name anymore. </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate).

renovate added 1 commit 2026-05-04 11:08:39 +00:00

chore(deps): update dependency pymysql to v1.1.3

renovate/stability-days Updates have met minimum release age requirement

Details

robotframework / build (pull_request) Successful in 7m49s

Details

295fc0593a

renovate scheduled this pull request to auto merge when all checks succeed 2026-05-04 11:08:40 +00:00

renovate merged commit ee770f8ddc into main

2026-05-04 11:20:30 +00:00

renovate deleted branch renovate/pymysql-1.x

2026-05-04 11:20:31 +00:00