Skip to content

Update dependency geopandas to >=1.1.2,<=1.1.2 [SECURITY] - autoclosed#567

Closed
renovate[bot] wants to merge 1 commit intodevelopfrom
renovate/pypi-geopandas-vulnerability
Closed

Update dependency geopandas to >=1.1.2,<=1.1.2 [SECURITY] - autoclosed#567
renovate[bot] wants to merge 1 commit intodevelopfrom
renovate/pypi-geopandas-vulnerability

Conversation

@renovate
Copy link

@renovate renovate bot commented Feb 23, 2026

This PR contains the following updates:

Package Change Age Confidence
geopandas >=1.0.0,<=1.1.2>=1.1.2,<=1.1.2 age confidence

GitHub Vulnerability Alerts

CVE-2025-69662

SQL injection vulnerability in geopandas before v.1.1.2 allows an attacker to obtain sensitive information via the to_postgis()` function being used to write GeoDataFrames to a PostgreSQL database.

Release Notes

geopandas/geopandas (geopandas)

v1.1.2

Compare Source

Bug fixes:

  • Fix an issue that caused an error in GeoDataFrame.from_features when there is no properties field (#​3599).
  • Fix read_file and to_file errors (#​3682)
  • Fix read_parquet with to_pandas_kwargs for complex (list/struct) arrow types (#​3640)
  • value_counts on GeoSeries now preserves CRS in index (#​3669)
  • Fix f-string placeholders appearing in error messages when pyogrio cannot be imported (#​3682).
  • Fix read_parquet with to_pandas_kwargs for complex (list/struct) arrow types (#​3640).
  • .to_json now provides a clearer error message when called on a GeoDataFrame without an active geometry
    column (#​3648).
  • Calling del gdf["geometry"] now will downcast to a pd.DataFrame if there are no geometry columns left
    in the dataframe (#​3648).
  • Fix SQL injection in to_postgis via geometry column name (#​3681).

v1.1.1

Compare Source

Bug fixes:

  • Fix regression in the GeoDataFrame constructor when np.nan is given as an only geometry (#​3591).
  • Fix regression in overlay with how="identity" when input dataframes have column
    names that are equal (#​3596).

v1.1.0

Compare Source

Notes on dependencies:

  • GeoPandas 1.1 now requires Python 3.10 or greater and pandas 2.0, numpy 1.24, pyproj 3.5,
    are now the minimum required version for these dependencies.
    Furthermore, the minimum tested version for optional dependencies has been updated to
    fiona 1.8.21, scipy 1.9, matplotlib 3.7, mapclassify 2.5, folium 0.12 and
    SQLAlchemy 2.0. Older versions of these libraries may continue to work, but are no longer
    considered supported (#​3371).

New features and improvements:

  • Added options to return the result of SpatialIndex.query in a form of a dense or a
    sparse boolean array. This adds optional dependency on scipy for the sparse output.
    Note that this also changes the previously undocumented behaviour of the output_format
    keyword (#​1674).
  • Add grid_size parameter to union_all and dissolve (#​3445).
  • GeoDataFrame.plot now supports pd.Index as an input for the column keyword (#​3463).
  • Added disjoint_subset union algorithm for union_all and dissolve (#​3534).
  • Added constrained_delaunay_triangles method to GeoSeries/GeoDataFrame (#​3552).
  • Added to_pandas_kwargs argument to from_arrow, read_parquet and read_feather
    to allow better control of conversion of non-geometric Arrow data to DataFrames (#​3466).
  • Added is_valid_coverage and invalid_coverage_edges to GeoSeries/GeoDataFrame to
    allow validation of polygonal coverage (#​3545).
  • Added maximum_inscribed_circle method from shapely to GeoSeries/GeoDataFrame (#​3544).
  • Added minimum_clearance_line method from shapely to GeoSeries/GeoDataFrame (#​3543).
  • Added orient_polygons method from shapely to GeoSeries/GeoDataFrame (#​3559).
  • Added method and keep_collapsed argument to make_valid (#​3548).
  • Added simplify_coverage method for topological simplification of polygonal coverages
    to GeoSeries/GeoDataFrame (#​3541).
  • Added initial support of M coordinates (m and has_m properties, include_m in get_coordinates) (#​3561).
  • Added geom_equals_identical method exposing equals_identical from shapely to GeoSeries/GeoDataFrame (#​3560).
  • GeoPandas now attempts to use a range request when reading from an URL even if the header
    does not directly indicate its support (#​3572).
  • Added geopandas.accessors module. Import this module to register a
    pandas.Series.geo accessor, which exposes GeoSeries methods via pandas's
    extension mechanism (#​3272).
  • Improve performance of overlay with how=identity (#​3504).
  • A warning message is raised in read_file when a GeoDataFrame or GeoSeries mask
    and/or the source dataset is missing a defined CRS (#​3464).
  • GeoDataFrame no longer hard-codes the class internally, allowing easier subclassing (#​3505).

Bug fixes:

  • Fix an issue that showed numpy dtypes in bbox in to_geo_dict and __geo_interface__. (#​3436).
  • Fix an issue in sample_points that could occasionally result in non-uniform distribution (#​3470).
  • Fix unspecified layer warning being emitted while reading multilayer datasets, even
    when layer is specified when using the mask or bbox keywords (#​3378).
  • Properly support named aggregations over a geometry column in GroupBy.agg (#​3368).
  • Support GeoDataFrame constructor receiving arguments to geometry which are not
    (Geo)Series, but instead should be interpreted as column names, like Enums (#​3384).
  • Fix regression where constructing a GeoSeries from a pd.Series with GeometryDtype values
    failed when crs was provided (#​3383).
  • Fix regression where overlay with keep_geom_type returns wrong results if the
    input contains invalid geometries (#​3395).
  • Fix the dtype of the GeometryArray backing data being incorrect for zero length
    GeoDataFrames causing errors in overlay (#​3424).
  • Fix regression where constructing a GeoSeries from a pd.Series with GeometryDtype values
    failed when crs was provided (#​3383).
  • Fix plotting of polygons with holes by normalizing the coordinate order prior to plotting (#​3483).
  • Fix an issue in plotting when polygon patches were not closed (#​3576).
  • Fix ambiguous error when GeoDataFrame is initialised with a column called "crs" (#​3502).
  • Avoid change of the plot aspect when plotting missing values (#​3438).

Deprecations and compatibility notes:

  • The GeoSeries.select method wrapping the pandas Series.select method has been removed.
    The upstream method no longer exists in all supported version of pandas (#​3394).
  • The deprecated geom_almost_equals method has been removed. Use
    geom_equals_exact instead (#​3522).

v1.0.1

Compare Source

Bug fixes:

  • Support a named datetime or object dtype index in explore() (#​3360, #​3364).
  • Fix a regression preventing a Series as an argument for geometric methods (#​3363).

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot changed the title Update dependency geopandas to >=1.1.2,<=1.1.2 [SECURITY] Update dependency geopandas to >=1.1.2,<=1.1.2 [SECURITY] - autoclosed Feb 23, 2026
@renovate renovate bot closed this Feb 23, 2026
@renovate renovate bot deleted the renovate/pypi-geopandas-vulnerability branch February 23, 2026 22:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants