Bump pymysql from 1.1.2 to 1.1.3 by dependabot[bot] · Pull Request #109 · GitTimeraider/Subscription-Tracker-docker

dependabot · 2026-05-04T09:40:11Z

Bumps pymysql from 1.1.2 to 1.1.3.

Release notes

v1.1.3

What's Changed

callproc: escape procname by @methane in PyMySQL/PyMySQL#1225

use ubuntu-slim and dependabot by @methane in PyMySQL/PyMySQL#1226

Bump actions/checkout from 4 to 6 by @dependabot[bot] in PyMySQL/PyMySQL#1227

Bump codecov/codecov-action from 5 to 6 by @dependabot[bot] in PyMySQL/PyMySQL#1228

Bump actions/setup-python from 5 to 6 by @dependabot[bot] in PyMySQL/PyMySQL#1229

release 1.1.3 by @methane in PyMySQL/PyMySQL#1230

New Contributors

@dependabot[bot] made their first contribution in PyMySQL/PyMySQL#1227

Full Changelog: PyMySQL/PyMySQL@v1.1.2...v1.1.3

Changelog

Sourced from pymysql's changelog.

v1.1.3

Release date: 2026-05-01

Security

Fix Cursor.callproc() didn't escape procedure name. (#1206) There was a possibility of SQL injection when calling a procedure with a string received from an untrusted source as the procedure name.

NOTICE: This change may cause backward compatibility issues. If you specified a procedure name like "dbname.funcname", the previous version called CALL dbname.funcname, but from this version, it will call CALL `dbname.funcname` so you cannot specify procedure name with database name anymore.

Commits

5613187 release 1.1.3 (#1230)
d498f5e Bump actions/setup-python from 5 to 6 (#1229)
a38d40f Bump codecov/codecov-action from 5 to 6 (#1228)
d37c7df Bump actions/checkout from 4 to 6 (#1227)
b157d4f dependabot: enable grouping
61b30d8 use ubuntu-slim and dependabot (#1226)
8116389 callproc: escape procname (#1225)
See full diff in compare view

Bumps [pymysql](https://github.com/PyMySQL/PyMySQL) from 1.1.2 to 1.1.3. - [Release notes](https://github.com/PyMySQL/PyMySQL/releases) - [Changelog](https://github.com/PyMySQL/PyMySQL/blob/main/CHANGELOG.md) - [Commits](PyMySQL/PyMySQL@v1.1.2...v1.1.3) --- updated-dependencies: - dependency-name: pymysql dependency-version: 1.1.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels May 4, 2026

dependabot Bot force-pushed the dependabot/pip/develop/pymysql-1.1.3 branch from 72f126c to 5e0cbe9 Compare May 12, 2026 06:56

GitTimeraider merged commit 61c742d into develop May 12, 2026
2 checks passed

dependabot Bot deleted the dependabot/pip/develop/pymysql-1.1.3 branch May 12, 2026 06:57

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump pymysql from 1.1.2 to 1.1.3#109

Bump pymysql from 1.1.2 to 1.1.3#109
GitTimeraider merged 1 commit into
developfrom
dependabot/pip/develop/pymysql-1.1.3

dependabot Bot commented on behalf of github May 4, 2026 •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github May 4, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v1.1.3

What's Changed

New Contributors

v1.1.3

Security

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dependabot Bot commented on behalf of github May 4, 2026 •

edited

Loading