chore(deps): update dependency pymysql to v1.1.1 #13

Merged

group_2759636_bot_1c34751f7eccad09e089ac15ee7bd902 merged 1 commits from renovate/pymysql-1.x into master 2024-05-21 14:38:38 +00:00

Conversation 1 Commits 1 Files Changed 1

+1 -1

group_2759636_bot_1c34751f7eccad09e089ac15ee7bd902 commented 2024-05-21 13:57:51 +00:00 (Migrated from gitlab.com)

Copy Link

Copy Source

This MR contains the following updates:

Package	Update	Change
PyMySQL	patch	==1.1.0 -> ==1.1.1

---

Release Notes

PyMySQL/PyMySQL (PyMySQL)

v1.1.1

Compare Source

Release date: 2024-05-21

[!WARNING]
This release fixes a vulnerability (CVE-2024-36039).
All users are recommended to update to this version.

If you can not update soon, check the input value from
untrusted source has an expected type. Only dict input
from untrusted source can be an attack vector.

• Prohibit dict parameter for Cursor.execute(). It didn't produce valid SQL
  and might cause SQL injection. (CVE-2024-36039)
• Added ssl_key_password param. #​1145

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

---

• If you want to rebase/retry this MR, check this box

---

This MR has been generated by Renovate Bot.

This MR contains the following updates: | Package | Update | Change | |---|---|---| | [PyMySQL](https://github.com/PyMySQL/PyMySQL) | patch | `==1.1.0` -> `==1.1.1` | --- ### Release Notes <details> <summary>PyMySQL/PyMySQL (PyMySQL)</summary> ### [`v1.1.1`](https://github.com/PyMySQL/PyMySQL/blob/HEAD/CHANGELOG.md#v111) [Compare Source](https://github.com/PyMySQL/PyMySQL/compare/v1.1.0...v1.1.1) Release date: 2024-05-21 > \[!WARNING] > This release fixes a vulnerability (CVE-2024-36039). > All users are recommended to update to this version. > > If you can not update soon, check the input value from > untrusted source has an expected type. Only dict input > from untrusted source can be an attack vector. - Prohibit dict parameter for `Cursor.execute()`. It didn't produce valid SQL and might cause SQL injection. (CVE-2024-36039) - Added ssl_key_password param. [#&#8203;1145](https://github.com/PyMySQL/PyMySQL/issues/1145) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this MR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box --- This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zNjkuMCIsInVwZGF0ZWRJblZlciI6IjM3LjM2OS4wIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbXX0=-->

group_2759636_bot_1c34751f7eccad09e089ac15ee7bd902 commented 2024-05-21 13:57:52 +00:00 (Migrated from gitlab.com)

Copy Link

Copy Source

mentioned in issue #3

mentioned in issue #3

argoyle (Migrated from gitlab.com) merged commit into master 2024-05-21 14:38:38 +00:00

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

No items

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

acctest (Shiny Acctest) argoyle (Joakim Olsson) buildtools (Buildtools) kubernetes (Kubernetes) releaser (Unbound Releaser) renovate (Renovate Bot)

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: unboundsoftware/robotframework#13