我正在为我的webapp编写一个帮助函数，它可以根据从外部API获取的一些信息（不是用户输入的）更新数据库。我有以下代码，但它被Bandit python包标记为“不安全”。
理想情况下，我可以编写一个函数，使要更新的列是硬编码的，但我认为它也应该是动态的。
这是一个安全的方式（没有sql注入的可能性）来更新表吗？

import mysql.connector as database

def update_message_by_uid(uid: str, update_dict: dict) -> None:

    # Fetches the previous entry from the database using the unique identifier
    message_info_dict = get_message_by_uid(uid)

    # check that all the keys of the update dict are also in the original dict
    assert set(update_dict.keys()) <= set(
        message_info_dict.keys()
    ), "Some of the keys in the dictionary passed are not valid database columns"

    # We update the entry for all entries in the dictionary containing the updates
    statement = 'UPDATE messages SET {}  WHERE uid = %s'.format(", ".join('{}=%s'.format(k) for k in update_dict))

    # Concatenates the values of the dict with the unique identifier to pass it to the execution method as one variable
    data = list(update_dict.values()) + [uid]

    cursor.execute(statement, data)