Update dependency pymysql to v1.1.1 (!159) · Merge requests · Iron Bank Containers / Opensource / Jupyter / jupyterhub-k8s-hub

Ghost User requested to merge renovate/pymysql-1.x into development May 22, 2024

This MR contains the following updates:

Package	Update	Change
pymysql	patch	`==1.1.0` -> `==1.1.1`

Release Notes

PyMySQL/PyMySQL (pymysql)

`v1.1.1`

Compare Source

Release date: 2024-05-21

[!WARNING] This release fixes a vulnerability (CVE-2024-36039). All users are recommended to update to this version.

If you can not update soon, check the input value from untrusted source has an expected type. Only dict input from untrusted source can be an attack vector.

Prohibit dict parameter for Cursor.execute(). It didn't produce valid SQL and might cause SQL injection. (CVE-2024-36039)
Added ssl_key_password param. #1145

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

If you want to rebase/retry this MR, check this box

This MR has been generated by Renovate Bot.

Admin message

Update dependency pymysql to v1.1.1

Release Notes

v1.1.1

Configuration

Merge request reports

`v1.1.1`