Update dependency mysql-connector-python to v9 [SECURITY]

[renovate]

Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs from Renovate will soon appear from 'Mend'. Learn more here.

This PR contains the following updates:

Package	Change	Age	Confidence
mysql-connector-python (changelog)	==8.0.28 -> ==9.1.0

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

GitHub Vulnerability Alerts

CVE-2024-21272

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python). Supported versions that are affected are 9.0.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).

---

Release Notes

mysql/mysql-connector-python (mysql-connector-python)

v9.1.0

Compare Source

======

• WL#16452: Bundle all installable authentication plugins when building the C-extension
• WL#16444: Drop build support for DEB packages
• WL#16442: Upgrade gssapi version to 1.8.3
• WL#16411: Improve wheel metadata information for Classic and XDevAPI connectors
• WL#16341: OpenID Connect (Oauth2 - JWT) Authentication Support
• WL#16307: Remove Python 3.8 support
• WL#16306: Add support for Python 3.13
• BUG#37055435: Connection fails during the TLS negotiation when specifying TLSv1.3 ciphers
• BUG#37013057: mysql-connector-python Parameterized query SQL injection
• BUG#36765200: python mysql connector 8.3.0 raise %-.100s:%u when input a wrong host
• BUG#36577957: Update charset/collation description indicate this is 16 bits

v9.0.0

Compare Source

======

• WL#16350: Update dnspython version
• WL#16318: Deprecate Cursors Prepared Raw and Named Tuple
• WL#16284: Update the Python Protobuf version
• WL#16283: Remove OpenTelemetry Bundled Installation
• BUG#36664998: Packets out of order error is raised while changing user in aio
• BUG#36611371: Update dnspython required versions to allow latest 2.6.1
• BUG#36570707: Collation set on connect using C-Extension is ignored
• BUG#36476195: Incorrect escaping in pure Python mode if sql_mode includes NO_BACKSLASH_ESCAPES
• BUG#36289767: MySQLCursorBufferedRaw does not skip conversion

v8.4.0

Compare Source

======

• WL#16203: GPL License Exception Update
• WL#16173: Update allowed cipher and cipher-suite lists
• WL#16164: Implement support for new vector data type
• WL#16127: Remove the FIDO authentication mechanism
• WL#16053: Support GSSAPI/Kerberos authentication on Windows using authentication_ldap_sasl_client plug-in for C-extension
• BUG#36227964: Improve OpenTelemetry span coverage
• BUG#36167880: Massive memory leak mysqlx native Protobuf adding to collection

v8.3.0

Compare Source

======

• WL#16015: Remove use of removed COM_ commands
• WL#15985: Support GSSAPI/Kerberos authentication on Windows using authentication_ldap_sasl_client plug-in for Pure Python
• WL#15983: Stop using mysql_ssl_set api
• WL#15982: Remove use of mysql_shutdown
• WL#15950: Support query parameters for prepared statements
• WL#15942: Improve type hints and standardize byte type handling
• WL#15836: Split mysql and mysqlx into different packages
• WL#15523: Support Python DB API asynchronous execution
• BUG#35912790: Binary strings are converted when using prepared statements
• BUG#35832148: Fix Django timezone.utc deprecation warning
• BUG#35710145: Bad MySQLCursor.statement and result when query text contains code comments
• BUG#21390859: STATEMENTS GET OUT OF SYNCH WITH RESULT SETS

v8.2.0

Compare Source

======

• WL#15664: Add support for Python 3.12
• WL#15623: Improve the authentication module
• WL#15218: Support WebAuthn authentication
• BUG#35755852: Django config raise_on_warnings is ignored without isolation_level
• BUG#35733608: Server stmt spans right after the cnx aren't related to the connector's cnx span
• BUG#35547876: C/Python 8.1.0 type check build fails in the pb2 branch
• BUG#35544123: Kerberos unit tests configuration is outdated
• BUG#35503506: Query on information_schema.columns returns bytes
• BUG#35503377: First connected to server v8, then any v5 connections fail with utf8mb4 charset
• BUG#35141645: Memory leak in the mysqlx C extension

v8.1.0

Compare Source

======

• WL#15749: Remove DMG and MSI support
• WL#15672: Upgrade Python Protobuf version to 4.21.12
• WL#15630: Remove Python 3.7 support
• WL#15629: Add OpenTelemetry tracing
• WL#15591: Improve the network module
• BUG#35425076: Fix deallocating None error
• BUG#35349093: Compression doesn't work with C extension API
• BUG#35338384: PIP installs incompatible Connector/Python packages
• BUG#35318413: Fix charset mapping for MySQL 8.1.0
• BUG#35278365: Fix UnicodeDecodeError with a long field name alias (c-ext)
• BUG#35212199: Check for identifier quotes in the database name
• BUG#35140271: Regex split hanging in cursor.execute(..., multi=True) for complex queries
• BUG#29115406: CONTRIBUTION - FIX RECV COMPRESS BUG

v8.0.33

Compare Source

=======

• WL#15528: Add docker build/test support for existing server
• WL#15483: Support OCI ephemeral key-based authentication
• WL#15435: Improve the logging system
• WL#15401: Support for type hints in module mysqlx
• BUG#35233031: Connector/Python should not default to mysql_native_password
• BUG#35015758: COM_QUIT should not be called in the connection phase
• BUG#34984850: Fix binary conversion with NO_BACKSLASH_ESCAPES mode
• BUG#31355895: Fix slow executemany() with insert statements
• BUG#30103652: Connector/Python ClientFlag SESION_TRACK is a misspelling
• BUG#27489972: Several COM_% commands have been deprecated
• BUG#27359063: Support for dictionary, named_tuple, and raw to prepared statements cursor
• BUG#21476351: Too small chunks when sending huge parameters with COM_STMT_SEND_LONG_DATA

v8.0.32

Compare Source

=======

• WL#15348: Support MIT Kerberos library on Windows
• WL#15036: Support for type hints
• WL#14861: Remove distutils support
• BUG#34773422: Connector/Python 8.0.31 installation fails if Python version is 3.11.0
• BUG#34727432: Fix Django datetime error when USE_TZ=True in settings
• BUG#34710366: Django implementation does not pass unit tests
• BUG#34695103: Remove debug messages that shows authentication data
• BUG#34690501: Connector/Python depends on outdated protobuf
• BUG#34689812: Fix datetime conversion when using prepared cursors
• BUG#34675508: Character set 'utf8' unsupported in python mysql connector when using MariaDB
• BUG#34655520: Wrong MySQLCursor.statement values in the results of cursor.execute(..., multi=True)
• BUG#34556157: Kerberos authorization fails when using SSPI as security interface
• BUG#34499578: MySQLCursor.executemany() fails to correctly identify BULK data loading ops
• BUG#34467201: Add init_command connection option
• BUG#33904362: mysqlx (X DevAPI) does not work properly with Russian characters
• BUG#32625155: Tests fail against group replication cluster
• BUG#30089671: Fix decoding VARBINARY columns when using a prepared cursor
• BUG#28020811: Fix multiple reference leaks in the C extension
• BUG#27426532: Reduce callproc roundtrip time
• BUG#24364556: Improve warning behavior
• BUG#23342572: Allow dictionaries as parameters in prepared statements
• BUG#23339387: Add MySQLCursorPreparedDict option
• BUG#22906307: MySQLConverter.escape() does not work for dates
• BUG#20504804: cursor.executemany() fails with INSERT IGNORE

v8.0.31

Compare Source

=======

• WL#15156: Add support for Python 3.11
• BUG#34373612: Fix the assumption that gcc is the default compiler
• BUG#34283402: Binary data starting with 0x00 are returned as empty string
• BUG#34217492: Exec of stored procedures with args fails when db prefix used
• BUG#33987119: TEXT and with a _bin collation (e.g: utf8mb4_bin) are considered as bytes object
• BUG#28491115: Connector/Python crashes on 0 time value
• BUG#28295478: Align exception types raised by pure Python and c-ext
• BUG#27634910: Add warning count method to cursors
• BUG#21529893: Resultset handling not proper in C-Python with c-ext
• BUG#21463298: Fix weakly-referenced object no longer exists exception
• BUG#21402805: Unbound local error when charset name is given as empty to set_charset_collation()

v8.0.30

Compare Source

=======

• WL#15212: Update collation mappings
• WL#15151: Increase to 88 characters per line
• WL#15137: Fix linting issues
• WL#15035: Enforce PEP 7 and PEP 8 coding style
• WL#14822: Refactor the authentication plugin mechanism
• WL#14815: Support OpenSSL 3.0
• BUG#34260344: Disallow empty strings in collection fields
• BUG#34231226: Generated classes do not work with the latest Protobuf
• BUG#34228442: Fix NO_BACKSLASH_ESCAPES SQL mode support in c-ext
• BUG#34223015: Invalidate the usage of non-compatible cursor types
• BUG#34127959: Add isolation level support in Django backend
• BUG#33923516: Allow tuple of dictionaries as "failover" argument
• BUG#28821983: Fix rounding errors for decimal values
• BUG#28295504: Disable SSL when using Unix socket connections

v8.0.29

Compare Source

=======

• WL#14860: Support FIDO authentication (c-ext)
• WL#14852: Align TLS option checking across connectors
• WL#14824: Remove Python 3.6 support
• WL#14679: Allow custom class for data type conversion in Django backend
• WL#14665: SSPI Kerberos authentication for Windows (pure-python)
• BUG#33861549: Replace SHOW VARIABLES inefficient statements
• BUG#33747585: Fix error when using an expression as a column without an alias
• BUG#33729842: Character set 'utf8mb3' support
• BUG#33481203: OverflowError for MySQL BIGINT on c-ext
• BUG#33203161: Exception is thrown on close connection with pooling
• BUG#30203754: Prepared stmt fails on cext with BIGINTS
• BUG#28877987: Return bytes or bytearray if decoding fails
• BUG#27634914: Remove mention of unsupported functionality in Session docstring
• BUG#23338623: Add support for Decimal parsing in protocol.py
• BUG#23324748: Guarantee file closing of input files in optionfile
• BUG#21528553: Fix API inconsistency when using consume_results=True
• BUG#21498719: Fix conversion of Python bytearray (c-ext)
• BUG#20065830: NaN is not supported

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.