Update dependency PyMySQL to v1 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
PyMySQL	==0.10.1 -> ==1.1.1
pymysql	0.9.3 -> 1.1.1

GitHub Vulnerability Alerts

CVE-2024-36039

PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escape_dict.

---

Release Notes

PyMySQL/PyMySQL (PyMySQL)

v1.1.1

Compare Source

Release date: 2024-05-21

[!WARNING]
This release fixes a vulnerability (CVE-2024-36039).
All users are recommended to update to this version.

If you can not update soon, check the input value from
untrusted source has an expected type. Only dict input
from untrusted source can be an attack vector.

• Prohibit dict parameter for Cursor.execute(). It didn't produce valid SQL
  and might cause SQL injection. (CVE-2024-36039)
• Added ssl_key_password param. #​1145

v1.1.0

Compare Source

Release date: 2023-06-26

• Fixed SSCursor raising OperationalError for query timeouts on wrong statement (#​1032)
• Exposed Cursor.warning_count to check for warnings without additional query (#​1056)
• Make Cursor iterator (#​995)
• Support '_' in key name in my.cnf (#​1114)
• Cursor.fetchall() returns empty list instead of tuple (#​1115). Note that Cursor.fetchmany() still return empty tuple after reading all rows for compatibility with Django.
• Deprecate Error classes in Cursor class (#​1117)
• Add Connection.set_character_set(charset, collation=None). This method is compatible with mysqlclient. (#​1119)
• Deprecate Connection.set_charset(charset) (#​1119)
• New connection always send "SET NAMES charset [COLLATE collation]" query. (#​1119)
  Since collation table is vary on MySQL server versions, collation in handshake is fragile.
• Support charset="utf8mb3" option (#​1127)

v1.0.3

Compare Source

Release date: 2023-03-28

• Dropped support of end of life MySQL version 5.6
• Dropped support of end of life MariaDB versions below 10.3
• Dropped support of end of life Python version 3.6
• Removed _last_executed because of duplication with _executed by @​rajat315315 in https://github.com/PyMySQL/PyMySQL/pull/948
• Fix generating authentication response with long strings by @​netch80 in https://github.com/PyMySQL/PyMySQL/pull/988
• update pymysql.constants.CR by @​Nothing4You in https://github.com/PyMySQL/PyMySQL/pull/1029
• Document that the ssl connection parameter can be an SSLContext by @​cakemanny in https://github.com/PyMySQL/PyMySQL/pull/1045
• Raise ProgrammingError on -np.inf in addition to np.inf by @​cdcadman in https://github.com/PyMySQL/PyMySQL/pull/1067
• Use Python 3.11 release instead of -dev in tests by @​Nothing4You in https://github.com/PyMySQL/PyMySQL/pull/1076

v1.0.2

Compare Source

Release date: 2021-01-09

• Fix user, password, host, database are still positional arguments.
  All arguments of connect() are now keyword-only. (#​941)

v1.0.1

Compare Source

Release date: 2021-01-08

• Stop emitting DeprecationWarning for use of db and passwd.
  Note that they are still deprecated. (#​939)
• Add python_requires=">=3.6" to setup.py. (#​936)

v1.0.0

Compare Source

Release date: 2021-01-07

Backward incompatible changes:

• Python 2.7 and 3.5 are not supported.
• connect() uses keyword-only arguments. User must use keyword argument.
• connect() kwargs db and passwd are now deprecated; Use database and password instead.
• old_password authentication method (used by MySQL older than 4.1) is not supported.
• MySQL 5.5 and MariaDB 5.5 are not officially supported, although it may still works.
• Removed escape_dict, escape_sequence, and escape_string from pymysql
  module. They are still in pymysql.converters.

Other changes:

• Connection supports context manager API. __exit__ closes the connection. (#​886)
• Add MySQL Connector/Python compatible TLS options (#​903)
• Major code cleanup; PyMySQL now uses black and flake8.

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: poetry.lock

The "poetry.dev-dependencies" section is deprecated and will be removed in a future version. Use "poetry.group.dev.dependencies" instead.
Creating virtualenv pandas-sqlalchemy-tutorial-6xgi_csz-py3.13 in /home/ubuntu/.cache/pypoetry/virtualenvs

The lock file is not compatible with the current version of Poetry.
Regenerate the lock file with the `poetry lock` command.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud