Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[Snyk] Upgrade mysql2 from 2.3.3 to 3.11.0 #891

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Upgrade mysql2 from 2.3.3 to 3.11.0 #891

wants to merge 1 commit into from

Conversation

q1blue
Copy link
Collaborator

@q1blue q1blue commented Sep 23, 2024

snyk-top-banner

Snyk has created this PR to upgrade mysql2 from 2.3.3 to 3.11.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

  • The recommended version is 50 versions ahead of your current version.

  • The recommended version was released on 2 months ago.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Prototype Pollution
SNYK-JS-MYSQL2-6861580		 264 Proof of Concept
medium severity Prototype Poisoning
SNYK-JS-MYSQL2-6591084		 264 Proof of Concept
critical severity Remote Code Execution (RCE)
SNYK-JS-MYSQL2-6591085		 264 Proof of Concept
medium severity Use of Web Browser Cache Containing Sensitive Information
SNYK-JS-MYSQL2-6591300		 264 Proof of Concept
critical severity Arbitrary Code Injection
SNYK-JS-MYSQL2-6670046		 264 Proof of Concept
Release notes
Package name: mysql2
  • 3.11.0 - 2024-07-27

    3.11.0 (2024-07-27)

    Features

  • 3.10.3 - 2024-07-15

    3.10.3 (2024-07-15)

    Bug Fixes

  • 3.10.2 - 2024-07-01

    3.10.2 (2024-07-01)

    Bug Fixes

    • typeCast: ensure the same behavior for field.string() with query and execute (#2820) (27e38ea)
  • 3.10.1 - 2024-06-13

    3.10.1 (2024-06-13)

    Bug Fixes

  • 3.10.0 - 2024-05-30

    3.10.0 (2024-05-30)

    Features

    Bug Fixes

    • stream: reads should emit the dataset number for each dataset (#2496, #2628) (4dab4ca)
  • 3.9.9 - 2024-05-29

    3.9.9 (2024-05-29)

    Bug Fixes

    • connection config: remove keepAliveInitialDelay default value (#2712) (688ebab)
  • 3.9.8 - 2024-05-26

    3.9.8 (2024-05-26)

    Bug Fixes

    • security: sanitize fields and tables when using nestTables (#2702) (efe3db5)
    • support deno + caching_sha2_password FULL_AUTHENTICATION_PACKET flow (#2704) (2e03694)
    • typings: typo from jonServerPublicKey to onServerPublicKey (#2699) (8b5f691)
  • 3.9.7 - 2024-04-21

    3.9.7 (2024-04-21)

    Bug Fixes

    • security: sanitize timezone parameter value to prevent code injection - report by zhaoyudi (Nebulalab) (#2608) (7d4b098)
  • 3.9.6 - 2024-04-18

    3.9.6 (2024-04-18)

    Bug Fixes

    • binary parser sometimes reads out of packet bounds when results contain null and typecast is false (#2601) (705835d)
  • 3.9.5 - 2024-04-17

    3.9.5 (2024-04-17)

    Bug Fixes

    • revert breaking change in results creation (#2591) (f7c60d0)
  • 3.9.4 - 2024-04-09
  • 3.9.3 - 2024-03-26
  • 3.9.2 - 2024-02-26
  • 3.9.1 - 2024-01-29
  • 3.9.0 - 2024-01-26
  • 3.8.0 - 2024-01-23
  • 3.7.1 - 2024-01-17
  • 3.7.0 - 2024-01-07
  • 3.6.5 - 2023-11-22
  • 3.6.4 - 2023-11-21
  • 3.6.3 - 2023-11-03
  • 3.6.2 - 2023-10-15
  • 3.6.1 - 2023-09-09
  • 3.6.0 - 2023-08-04
  • 3.5.2 - 2023-07-17
  • 3.5.1 - 2023-07-10
  • 3.5.0 - 2023-07-06
  • 3.4.5 - 2023-07-05
  • 3.4.4 - 2023-07-04
  • 3.4.3 - 2023-06-30
  • 3.4.2 - 2023-06-26
  • 3.4.1 - 2023-06-24
  • 3.4.0 - 2023-06-19
  • 3.3.5 - 2023-06-13
  • 3.3.4 - 2023-06-11
  • 3.3.3 - 2023-05-27
  • 3.3.2 - 2023-05-23
  • 3.3.1 - 2023-05-11
  • 3.3.0 - 2023-05-06
  • 3.2.4 - 2023-04-25
  • 3.2.3 - 2023-04-16
  • 3.2.2 - 2023-04-16
  • 3.2.1 - 2023-04-13
  • 3.2.0 - 2023-03-03
  • 3.1.2 - 2023-02-08
  • 3.1.1 - 2023-02-07
  • 3.1.0 - 2023-01-30
  • 3.0.1 - 2023-01-13
  • 3.0.0 - 2023-01-12
  • 3.0.0-rc.1 - 2022-11-06
  • 2.3.3 - 2021-11-14
from mysql2 GitHub release notes

Important

  • Warning: This PR contains a major version upgrade, and may be a breaking change.
  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

@snyk-bot
feat: upgrade mysql2 from 2.3.3 to 3.11.0
85f8b89 
Snyk has created this PR to upgrade mysql2 from 2.3.3 to 3.11.0.

See this package in npm:
mysql2

See this project in Snyk:
https://app.snyk.io/org/q1blue-rxw/project/f47ee56b-aa30-4f69-ad51-7f8788c338a3?utm_source=github&utm_medium=referral&page=upgrade-pr
@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Sep 23, 2024

⚠️ No Changeset found

Latest commit: 85f8b89

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@socket-security Socket Security
Copy link

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/chalk@5.3.0 None 0 43.7 kB sindresorhus
npm/emoji-regex@10.4.0 None 0 32 kB google-wombot
npm/fastify-tsconfig@2.0.0 None 0 6.08 kB fox1t
npm/get-stream@8.0.1 None 0 25.2 kB ehmicky
npm/is-stream@3.0.0 None 0 6.23 kB sindresorhus
npm/uglify-js@3.19.3 environment, eval, filesystem 0 1.3 MB alexlamsl

🚮 Removed packages: npm/@fastify/auth@4.6.1, npm/@fastify/cookie@10.0.1, npm/@fastify/cors@10.0.1, npm/@fastify/env@5.0.1, npm/@fastify/jwt@5.0.0, npm/@fastify/mysql@5.0.1, npm/@fastify/oauth2@8.0.1, npm/@fastify/redis@6.2.0, npm/@fastify/sensible@6.0.1, npm/@fastify/swagger@9.0.0, npm/@fastify/type-provider-json-schema-to-ts@4.0.0, npm/@fastify/websocket@11.0.1, npm/@goparrot/geocoder@4.5.0, npm/@koa/cors@5.0.0, npm/@mgcrea/fastify-request-logger@1.7.1, npm/@octokit/core@6.1.2, npm/@octokit/plugin-throttling@9.3.1, npm/@octokit/rest@21.0.2, npm/@types/chance@1.1.6, npm/@types/generic-pool@3.8.1, npm/@types/glob@8.1.0, npm/@types/jest@29.5.13, npm/@types/koa-router@7.4.8, npm/@types/koa-static@4.0.4, npm/@types/koa@2.15.0, npm/@types/koa__cors@5.0.0, npm/@types/mysql@2.15.26, npm/@types/node-schedule@2.1.7, npm/@types/node@22.6.1, npm/@types/tail@2.2.3, npm/@types/tiny-async-pool@2.0.3, npm/@types/validator@13.12.2, npm/@types/ws@8.5.12, npm/ajv-cli@5.0.0, npm/axios@1.7.7, npm/bullmq@3.15.8, npm/chance@1.1.12, npm/commander@12.1.0, npm/concurrently@9.0.1, npm/cron-parser@4.9.0, npm/fastify-cli@7.0.1, npm/fastify-metrics@12.1.0, npm/fastify-socket.io@5.1.0, npm/fastify@5.0.0, npm/jest@29.7.0, npm/json-schema-to-typescript@15.0.2, npm/koa-body@6.0.1, npm/koa-router@13.0.1, npm/koa-static@5.0.0, npm/koa@2.15.3, npm/mysql2@3.11.3, npm/mysql@2.18.1, npm/node-schedule@2.1.1, npm/node-sql-parser@5.3.2, npm/octokit@4.0.2, npm/openapi3-ts@4.4.0, npm/p-queue@8.0.1, npm/pinyin@3.0.0-alpha.5, npm/prom-client@15.1.3, npm/reflect-metadata@0.2.2, npm/socket.io@4.8.0, npm/table@6.8.2, npm/tail@2.2.6, npm/tiny-async-pool@2.1.0, npm/ts-node@10.9.2

View full report↗︎

# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@q1blue @snyk-bot