This repository was archived by the owner on Mar 6, 2026. It is now read-only.
Commit d5cc42b
authored
chore(deps): update dependency geopandas to v1.1.2 [security] (#2411)
This PR contains the following updates:
| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [geopandas](https://redirect.github.com/geopandas/geopandas) |
`==1.1.1` → `==1.1.2` |
|
|
### GitHub Vulnerability Alerts
#### [CVE-2025-69662](https://nvd.nist.gov/vuln/detail/CVE-2025-69662)
SQL injection vulnerability in geopandas before v.1.1.2 allows an
attacker to obtain sensitive information via the to_postgis()` function
being used to write GeoDataFrames to a PostgreSQL database.
---
### Release Notes
<details>
<summary>geopandas/geopandas (geopandas)</summary>
###
[`v1.1.2`](https://redirect.github.com/geopandas/geopandas/blob/HEAD/CHANGELOG.md#Version-112-December-22-2025)
[Compare
Source](https://redirect.github.com/geopandas/geopandas/compare/v1.1.1...v1.1.2)
Bug fixes:
- Fix an issue that caused an error in `GeoDataFrame.from_features` when
there is no `properties` field
([#​3599](https://redirect.github.com/geopandas/geopandas/issues/3599)).
- Fix `read_file` and `to_file` errors
([#​3682](https://redirect.github.com/geopandas/geopandas/issues/3682))
- Fix `read_parquet` with `to_pandas_kwargs` for complex (list/struct)
arrow types
([#​3640](https://redirect.github.com/geopandas/geopandas/issues/3640))
- `value_counts` on GeoSeries now preserves CRS in index
([#​3669](https://redirect.github.com/geopandas/geopandas/issues/3669))
- Fix f-string placeholders appearing in error messages when `pyogrio`
cannot be imported
([#​3682](https://redirect.github.com/geopandas/geopandas/issues/3682)).
- Fix `read_parquet` with `to_pandas_kwargs` for complex (list/struct)
arrow types
([#​3640](https://redirect.github.com/geopandas/geopandas/issues/3640)).
- `.to_json` now provides a clearer error message when called on a
GeoDataFrame without an active geometry
column
([#​3648](https://redirect.github.com/geopandas/geopandas/issues/3648)).
- Calling `del gdf["geometry"]` now will downcast to a `pd.DataFrame` if
there are no geometry columns left
in the dataframe
([#​3648](https://redirect.github.com/geopandas/geopandas/issues/3648)).
- Fix SQL injection in `to_postgis` via geometry column name
([#​3681](https://redirect.github.com/geopandas/geopandas/issues/3681)).
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no
schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/googleapis/python-bigquery).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi45Mi4xIiwidXBkYXRlZEluVmVyIjoiNDIuOTIuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->1 parent 24d45d0 commit d5cc42b
1 file changed
+1
-1
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
10 | 10 | | |
11 | 11 | | |
12 | 12 | | |
13 | | - | |
| 13 | + | |
14 | 14 | | |
15 | 15 | | |
16 | 16 | | |
| |||
0 commit comments