UNCLASSIFIED - NO CUI

Skip to content

Update dependency pymysql to v1.1.1

Ghost User requested to merge renovate/pymysql-1.x into development

This MR contains the following updates:

Package Update Change
pymysql patch ==1.1.0 -> ==1.1.1

Release Notes

PyMySQL/PyMySQL (pymysql)

v1.1.1

Compare Source

Release date: 2024-05-21

[!WARNING] This release fixes a vulnerability (CVE-2024-36039). All users are recommended to update to this version.

If you can not update soon, check the input value from untrusted source has an expected type. Only dict input from untrusted source can be an attack vector.

  • Prohibit dict parameter for Cursor.execute(). It didn't produce valid SQL and might cause SQL injection. (CVE-2024-36039)
  • Added ssl_key_password param. #​1145

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.


  • If you want to rebase/retry this MR, check this box

This MR has been generated by Renovate Bot.

Merge request reports