chore(deps): update dependency pymongo to v4 [security] #5427

renovate · 2025-08-13T12:50:54Z

This PR contains the following updates:

Package	Change	Age	Confidence
pymongo	`==3.7.1` -> `==4.6.3`

GitHub Vulnerability Alerts

CVE-2024-5629

Versions of the package pymongo before 4.6.3 are vulnerable to Out-of-bounds Read in the bson module. Using the crafted payload the attacker could force the parser to deserialize unmanaged memory. The parser tries to interpret bytes next to buffer and throws an exception with string. If the following bytes are not printable UTF-8 the parser throws an exception with a single byte.

Release Notes

mongodb/mongo-python-driver (pymongo)

Version 3.10.1 fixes the following issues discovered since the release of 3.10.0:

Fix a TypeError logged to stderr that could be triggered during server maintenance or during pymongo.mongo_client.MongoClient.close().
Avoid creating new connections during pymongo.mongo_client.MongoClient.close().

Documentation - https://pymongo.readthedocs.io/en/3.10.1/
Changelog - https://pymongo.readthedocs.io/en/3.10.1/changelog.html
Installation - https://pymongo.readthedocs.io/en/3.10.1/installation.html

`v3.10.0`

Compare Source

Support for Client-Side Field Level Encryption with MongoDB 4.2 and support for Python 3.8.

Documentation - https://pymongo.readthedocs.io/en/3.10.0/
Changelog - https://pymongo.readthedocs.io/en/3.10.0/changelog.html
Installation - https://pymongo.readthedocs.io/en/3.10.0/installation.html

`v3.9.0`

Compare Source

MongoDB 4.2 support.

Documentation - https://pymongo.readthedocs.io/en/3.9.0/
Changelog - https://pymongo.readthedocs.io/en/3.9.0/changelog.html
Installation - https://pymongo.readthedocs.io/en/3.9.0/installation.html

`v3.8.0`

Compare Source

`v3.7.2`

Compare Source

Configuration

📅 Schedule: Branch creation - "" in timezone US/Eastern, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate bot force-pushed the renovate/pypi-pymongo-vulnerability branch from 5ef57e3 to 067d11d Compare August 21, 2025 15:09

renovate bot force-pushed the renovate/pypi-pymongo-vulnerability branch from 067d11d to aff6b23 Compare October 8, 2025 21:34

renovate bot changed the title ~~chore(deps): update dependency pymongo to v4 [security]~~ chore(deps): update dependency pymongo to v4 [security] - autoclosed Oct 15, 2025

renovate bot closed this Oct 15, 2025

renovate bot deleted the renovate/pypi-pymongo-vulnerability branch October 15, 2025 23:12

chore(deps): update dependency pymongo to v4 [security]

4bbdf6c

renovate bot changed the title ~~chore(deps): update dependency pymongo to v4 [security] - autoclosed~~ chore(deps): update dependency pymongo to v4 [security] Oct 18, 2025

renovate bot reopened this Oct 18, 2025

renovate bot force-pushed the renovate/pypi-pymongo-vulnerability branch 2 times, most recently from aff6b23 to 4bbdf6c Compare October 18, 2025 02:42

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

chore(deps): update dependency pymongo to v4 [security] #5427

chore(deps): update dependency pymongo to v4 [security] #5427

Uh oh!

renovate bot commented Aug 13, 2025 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Uh oh!

chore(deps): update dependency pymongo to v4 [security] #5427

Are you sure you want to change the base?

chore(deps): update dependency pymongo to v4 [security] #5427

Uh oh!

Conversation

renovate bot commented Aug 13, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

GitHub Vulnerability Alerts

Release Notes

v4.6.3: PyMongo 4.6.3

v4.6.2: PyMongo 4.6.2

v4.6.1: PyMongo 4.6.1

v4.6.0: PyMongo 4.6.0

v4.5.0: PyMongo 4.5.0

v4.4.1: PyMongo 4.4.1

v4.4.0: PyMongo 4.4.0

v4.3.3: PyMongo 4.3.3

v4.3.2: PyMongo 4.3.2

v4.2.0: PyMongo 4.2.0

v4.1.1: PyMongo 4.1.1

v4.1.0: PyMongo 4.1.0

v4.0.2: PyMongo 4.0.2

v4.0.1: PyMongo 4.0.1

v4.0: PyMongo 4.0

v3.13.0: PyMongo 3.13.0

v3.12.3: PyMongo 3.12.3

v3.12.0: PyMongo 3.12.0 - MongoDB 5.0 Support

v3.11.4: PyMongo 3.11.4

v3.11.2: PyMongo 3.11.2

v3.11.1: PyMongo 3.11.1

PyMongo 3.11.0 - Add support for MongoDB 4.4

Configuration

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

renovate bot commented Aug 13, 2025 •

edited

Loading

`v4.6.3`: PyMongo 4.6.3

`v4.6.2`: PyMongo 4.6.2

`v4.6.1`: PyMongo 4.6.1

`v4.6.0`: PyMongo 4.6.0

`v4.5.0`: PyMongo 4.5.0

`v4.4.1`: PyMongo 4.4.1

`v4.4.0`: PyMongo 4.4.0

`v4.3.3`: PyMongo 4.3.3

`v4.3.2`: PyMongo 4.3.2

`v4.2.0`: PyMongo 4.2.0

`v4.1.1`: PyMongo 4.1.1

`v4.1.0`: PyMongo 4.1.0

`v4.0.2`: PyMongo 4.0.2

`v4.0.1`: PyMongo 4.0.1

`v4.0`: PyMongo 4.0

`v3.13.0`: PyMongo 3.13.0

`v3.12.3`: PyMongo 3.12.3

`v3.12.0`: PyMongo 3.12.0 - MongoDB 5.0 Support

`v3.11.4`: PyMongo 3.11.4

`v3.11.2`: PyMongo 3.11.2

`v3.11.1`: PyMongo 3.11.1