mirror of
https://github.com/openwrt/packages.git
synced 2026-05-31 06:51:51 +08:00
Alexandru Ardelean
24f5b1039c
Security fix: - Fix Cursor.callproc() to escape procedure name, preventing SQL injection when calling a procedure with a string received from an untrusted source - NOTICE: Backward compatibility change - procedure names like "dbname.funcname" are now backtick-quoted: ``CALL \`dbname.funcname\` `` Other changes: - CI: use ubuntu-slim, add dependabot for GitHub Actions - Bump GitHub Actions (checkout v4→v6, setup-python v5→v6, codecov v5→v6) - Add publish.yml workflow (copied from psf/requests) - Upgrade dependencies: cryptography>=46.0.7, PyNaCl>=1.6.2 - Drop Python 3.8, require Python 3.9+ Changelog: https://github.com/PyMySQL/PyMySQL/releases/tag/v1.1.3 NOTE: added test.sh for basic validation. Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>