generated from canonical/template-operator
-
Notifications
You must be signed in to change notification settings - Fork 7
Commit a210cde
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?v=4&size=40){kind=avatar}
Update dependency mysql-connector-python to v9 [SECURITY] (#331)
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
|
[mysql-connector-python](https://redirect.github.com/mysql/mysql-connector-python)
([changelog](https://dev.mysql.com/doc/relnotes/connector-python/en/)) |
`~8.0.33` -> `~9.1.0` |
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
### GitHub Vulnerability Alerts
#### [CVE-2024-21272](https://nvd.nist.gov/vuln/detail/CVE-2024-21272)
Vulnerability in the MySQL Connectors product of Oracle MySQL
(component: Connector/Python). Supported versions that are affected are
9.0.0 and prior. Difficult to exploit vulnerability allows low
privileged attacker with network access via multiple protocols to
compromise MySQL Connectors. Successful attacks of this vulnerability
can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 7.5
(Confidentiality, Integrity and Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).
---
### Release Notes
<details>
<summary>mysql/mysql-connector-python (mysql-connector-python)</summary>
###
[`v9.1.0`](https://redirect.github.com/mysql/mysql-connector-python/blob/HEAD/CHANGES.txt#v910)
[Compare
Source](https://redirect.github.com/mysql/mysql-connector-python/compare/9.0.0...9.1.0)
\======
-
[WL#16452](https://redirect.github.com/WL/mysql-connector-python/issues/16452):
Bundle all installable authentication plugins when building the
C-extension
-
[WL#16444](https://redirect.github.com/WL/mysql-connector-python/issues/16444):
Drop build support for DEB packages
-
[WL#16442](https://redirect.github.com/WL/mysql-connector-python/issues/16442):
Upgrade gssapi version to 1.8.3
-
[WL#16411](https://redirect.github.com/WL/mysql-connector-python/issues/16411):
Improve wheel metadata information for Classic and XDevAPI connectors
-
[WL#16341](https://redirect.github.com/WL/mysql-connector-python/issues/16341):
OpenID Connect (Oauth2 - JWT) Authentication Support
-
[WL#16307](https://redirect.github.com/WL/mysql-connector-python/issues/16307):
Remove Python 3.8 support
-
[WL#16306](https://redirect.github.com/WL/mysql-connector-python/issues/16306):
Add support for Python 3.13
-
[BUG#37055435](https://redirect.github.com/BUG/mysql-connector-python/issues/37055435):
Connection fails during the TLS negotiation when specifying TLSv1.3
ciphers
-
[BUG#37013057](https://redirect.github.com/BUG/mysql-connector-python/issues/37013057):
mysql-connector-python Parameterized query SQL injection
-
[BUG#36765200](https://redirect.github.com/BUG/mysql-connector-python/issues/36765200):
python mysql connector 8.3.0 raise %-.100s:%u when input a wrong host
-
[BUG#36577957](https://redirect.github.com/BUG/mysql-connector-python/issues/36577957):
Update charset/collation description indicate this is 16 bits
###
[`v9.0.0`](https://redirect.github.com/mysql/mysql-connector-python/blob/HEAD/CHANGES.txt#v900)
[Compare
Source](https://redirect.github.com/mysql/mysql-connector-python/compare/8.4.0...9.0.0)
\======
-
[WL#16350](https://redirect.github.com/WL/mysql-connector-python/issues/16350):
Update dnspython version
-
[WL#16318](https://redirect.github.com/WL/mysql-connector-python/issues/16318):
Deprecate Cursors Prepared Raw and Named Tuple
-
[WL#16284](https://redirect.github.com/WL/mysql-connector-python/issues/16284):
Update the Python Protobuf version
-
[WL#16283](https://redirect.github.com/WL/mysql-connector-python/issues/16283):
Remove OpenTelemetry Bundled Installation
-
[BUG#36664998](https://redirect.github.com/BUG/mysql-connector-python/issues/36664998):
Packets out of order error is raised while changing user in aio
-
[BUG#36611371](https://redirect.github.com/BUG/mysql-connector-python/issues/36611371):
Update dnspython required versions to allow latest 2.6.1
-
[BUG#36570707](https://redirect.github.com/BUG/mysql-connector-python/issues/36570707):
Collation set on connect using C-Extension is ignored
-
[BUG#36476195](https://redirect.github.com/BUG/mysql-connector-python/issues/36476195):
Incorrect escaping in pure Python mode if sql_mode includes
NO_BACKSLASH_ESCAPES
-
[BUG#36289767](https://redirect.github.com/BUG/mysql-connector-python/issues/36289767):
MySQLCursorBufferedRaw does not skip conversion
###
[`v8.4.0`](https://redirect.github.com/mysql/mysql-connector-python/blob/HEAD/CHANGES.txt#v840)
[Compare
Source](https://redirect.github.com/mysql/mysql-connector-python/compare/8.3.0...8.4.0)
\======
-
[WL#16203](https://redirect.github.com/WL/mysql-connector-python/issues/16203):
GPL License Exception Update
-
[WL#16173](https://redirect.github.com/WL/mysql-connector-python/issues/16173):
Update allowed cipher and cipher-suite lists
-
[WL#16164](https://redirect.github.com/WL/mysql-connector-python/issues/16164):
Implement support for new vector data type
-
[WL#16127](https://redirect.github.com/WL/mysql-connector-python/issues/16127):
Remove the FIDO authentication mechanism
-
[WL#16053](https://redirect.github.com/WL/mysql-connector-python/issues/16053):
Support GSSAPI/Kerberos authentication on Windows using
authentication_ldap_sasl_client plug-in for C-extension
-
[BUG#36227964](https://redirect.github.com/BUG/mysql-connector-python/issues/36227964):
Improve OpenTelemetry span coverage
-
[BUG#36167880](https://redirect.github.com/BUG/mysql-connector-python/issues/36167880):
Massive memory leak mysqlx native Protobuf adding to collection
###
[`v8.3.0`](https://redirect.github.com/mysql/mysql-connector-python/blob/HEAD/CHANGES.txt#v830)
[Compare
Source](https://redirect.github.com/mysql/mysql-connector-python/compare/8.2.0...8.3.0)
\======
-
[WL#16015](https://redirect.github.com/WL/mysql-connector-python/issues/16015):
Remove use of removed COM\_ commands
-
[WL#15985](https://redirect.github.com/WL/mysql-connector-python/issues/15985):
Support GSSAPI/Kerberos authentication on Windows using
authentication_ldap_sasl_client plug-in for Pure Python
-
[WL#15983](https://redirect.github.com/WL/mysql-connector-python/issues/15983):
Stop using mysql_ssl_set api
-
[WL#15982](https://redirect.github.com/WL/mysql-connector-python/issues/15982):
Remove use of mysql_shutdown
-
[WL#15950](https://redirect.github.com/WL/mysql-connector-python/issues/15950):
Support query parameters for prepared statements
-
[WL#15942](https://redirect.github.com/WL/mysql-connector-python/issues/15942):
Improve type hints and standardize byte type handling
-
[WL#15836](https://redirect.github.com/WL/mysql-connector-python/issues/15836):
Split mysql and mysqlx into different packages
-
[WL#15523](https://redirect.github.com/WL/mysql-connector-python/issues/15523):
Support Python DB API asynchronous execution
-
[BUG#35912790](https://redirect.github.com/BUG/mysql-connector-python/issues/35912790):
Binary strings are converted when using prepared statements
-
[BUG#35832148](https://redirect.github.com/BUG/mysql-connector-python/issues/35832148):
Fix Django timezone.utc deprecation warning
-
[BUG#35710145](https://redirect.github.com/BUG/mysql-connector-python/issues/35710145):
Bad MySQLCursor.statement and result when query text contains code
comments
-
[BUG#21390859](https://redirect.github.com/BUG/mysql-connector-python/issues/21390859):
STATEMENTS GET OUT OF SYNCH WITH RESULT SETS
###
[`v8.2.0`](https://redirect.github.com/mysql/mysql-connector-python/blob/HEAD/CHANGES.txt#v820)
[Compare
Source](https://redirect.github.com/mysql/mysql-connector-python/compare/8.1.0...8.2.0)
\======
-
[WL#15664](https://redirect.github.com/WL/mysql-connector-python/issues/15664):
Add support for Python 3.12
-
[WL#15623](https://redirect.github.com/WL/mysql-connector-python/issues/15623):
Improve the authentication module
-
[WL#15218](https://redirect.github.com/WL/mysql-connector-python/issues/15218):
Support WebAuthn authentication
-
[BUG#35755852](https://redirect.github.com/BUG/mysql-connector-python/issues/35755852):
Django config raise_on_warnings is ignored without isolation_level
-
[BUG#35733608](https://redirect.github.com/BUG/mysql-connector-python/issues/35733608):
Server stmt spans right after the cnx aren't related to the connector's
cnx span
-
[BUG#35547876](https://redirect.github.com/BUG/mysql-connector-python/issues/35547876):
C/Python 8.1.0 type check build fails in the pb2 branch
-
[BUG#35544123](https://redirect.github.com/BUG/mysql-connector-python/issues/35544123):
Kerberos unit tests configuration is outdated
-
[BUG#35503506](https://redirect.github.com/BUG/mysql-connector-python/issues/35503506):
Query on information_schema.columns returns bytes
-
[BUG#35503377](https://redirect.github.com/BUG/mysql-connector-python/issues/35503377):
First connected to server v8, then any v5 connections fail with utf8mb4
charset
-
[BUG#35141645](https://redirect.github.com/BUG/mysql-connector-python/issues/35141645):
Memory leak in the mysqlx C extension
###
[`v8.1.0`](https://redirect.github.com/mysql/mysql-connector-python/blob/HEAD/CHANGES.txt#v810)
[Compare
Source](https://redirect.github.com/mysql/mysql-connector-python/compare/8.0.33...8.1.0)
\======
-
[WL#15749](https://redirect.github.com/WL/mysql-connector-python/issues/15749):
Remove DMG and MSI support
-
[WL#15672](https://redirect.github.com/WL/mysql-connector-python/issues/15672):
Upgrade Python Protobuf version to 4.21.12
-
[WL#15630](https://redirect.github.com/WL/mysql-connector-python/issues/15630):
Remove Python 3.7 support
-
[WL#15629](https://redirect.github.com/WL/mysql-connector-python/issues/15629):
Add OpenTelemetry tracing
-
[WL#15591](https://redirect.github.com/WL/mysql-connector-python/issues/15591):
Improve the network module
-
[BUG#35425076](https://redirect.github.com/BUG/mysql-connector-python/issues/35425076):
Fix deallocating None error
-
[BUG#35349093](https://redirect.github.com/BUG/mysql-connector-python/issues/35349093):
Compression doesn't work with C extension API
-
[BUG#35338384](https://redirect.github.com/BUG/mysql-connector-python/issues/35338384):
PIP installs incompatible Connector/Python packages
-
[BUG#35318413](https://redirect.github.com/BUG/mysql-connector-python/issues/35318413):
Fix charset mapping for MySQL 8.1.0
-
[BUG#35278365](https://redirect.github.com/BUG/mysql-connector-python/issues/35278365):
Fix UnicodeDecodeError with a long field name alias (c-ext)
-
[BUG#35212199](https://redirect.github.com/BUG/mysql-connector-python/issues/35212199):
Check for identifier quotes in the database name
-
[BUG#35140271](https://redirect.github.com/BUG/mysql-connector-python/issues/35140271):
Regex split hanging in cursor.execute(..., multi=True) for complex
queries
-
[BUG#29115406](https://redirect.github.com/BUG/mysql-connector-python/issues/29115406):
CONTRIBUTION - FIX RECV COMPRESS BUG
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" in timezone Etc/UTC, Automerge - At
any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/canonical/mysql-router-k8s-operator).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4xMjAuMSIsInVwZGF0ZWRJblZlciI6IjM4LjEyMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Carl Csaposs <[email protected]>1 parent e4a6c9a commit a210cdeCopy full SHA for a210cde
2 files changed
+54
-65
lines changed
0 commit comments