Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade mysql2 from 3.6.0 to 3.11.3 #43

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

HelenaMission
Copy link
Owner

Snyk has created this PR to upgrade mysql2 from 3.6.0 to 3.11.3.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 27 versions ahead of your current version.
  • The recommended version was released a month ago, on 2024-09-15.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Prototype Poisoning
SNYK-JS-MYSQL2-6591084
646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5
Proof of Concept
Remote Code Execution (RCE)
SNYK-JS-MYSQL2-6591085
646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5
Proof of Concept
Use of Web Browser Cache Containing Sensitive Information
SNYK-JS-MYSQL2-6591300
646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5
Proof of Concept
Arbitrary Code Injection
SNYK-JS-MYSQL2-6670046
646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5
Proof of Concept
Prototype Pollution
SNYK-JS-MYSQL2-6861580
646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5
Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: mysql2
  • 3.11.3 - 2024-09-15

    3.11.3 (2024-09-14)

    Bug Fixes

  • 3.11.3-canary.81be01b1 - 2024-09-14
  • 3.11.2 - 2024-09-11

    3.11.2 (2024-09-11)

    Bug Fixes

    • resolve LRU conflicts, cache loss and premature engine breaking change (#2988) (2c3c858)
  • 3.11.1 - 2024-09-10

    3.11.1 (2024-09-10)

    Bug Fixes

    • createPoolCluster: add pattern and selector to promise-based getConnection (#3017) (ab7c49f)
    • update connection cleanup process to handle expired connections and exceeding config.maxIdle (#3022) (b091cf4)
  • 3.11.0 - 2024-07-27

    3.11.0 (2024-07-27)

    Features

  • 3.10.3 - 2024-07-15

    3.10.3 (2024-07-15)

    Bug Fixes

  • 3.10.2 - 2024-07-01

    3.10.2 (2024-07-01)

    Bug Fixes

    • typeCast: ensure the same behavior for field.string() with query and execute (#2820) (27e38ea)
  • 3.10.1 - 2024-06-13

    3.10.1 (2024-06-13)

    Bug Fixes

  • 3.10.0 - 2024-05-30

    3.10.0 (2024-05-30)

    Features

    Bug Fixes

    • stream: reads should emit the dataset number for each dataset (#2496, #2628) (4dab4ca)
  • 3.9.9 - 2024-05-29

    3.9.9 (2024-05-29)

    Bug Fixes

    • connection config: remove keepAliveInitialDelay default value (#2712) (688ebab)
  • 3.9.8 - 2024-05-26

    3.9.8 (2024-05-26)

    Bug Fixes

    • security: sanitize fields and tables when using nestTables (#2702) (efe3db5)
    • support deno + caching_sha2_password FULL_AUTHENTICATION_PACKET flow (#2704) (2e03694)
    • typings: typo from jonServerPublicKey to onServerPublicKey (#2699) (8b5f691)
  • 3.9.7 - 2024-04-21
  • 3.9.6 - 2024-04-18
  • 3.9.5 - 2024-04-17
  • 3.9.4 - 2024-04-09
  • 3.9.3 - 2024-03-26
  • 3.9.2 - 2024-02-26
  • 3.9.1 - 2024-01-29
  • 3.9.0 - 2024-01-26
  • 3.8.0 - 2024-01-23
  • 3.7.1 - 2024-01-17
  • 3.7.0 - 2024-01-07
  • 3.6.5 - 2023-11-22
  • 3.6.4 - 2023-11-21
  • 3.6.3 - 2023-11-03
  • 3.6.2 - 2023-10-15
  • 3.6.1 - 2023-09-09
  • 3.6.0 - 2023-08-04
from mysql2 GitHub release notes
Commit messages
Package name: mysql2
  • 069fa05 chore(master): release 3.11.3 (#3053)
  • aac67a6 build(deps-dev): bump eslint-plugin-react in /website (#3052)
  • 4568436 build(deps): bump lucide-react from 0.439.0 to 0.441.0 in /website (#3051)
  • b634c9a build(deps-dev): bump tsx from 4.19.0 to 4.19.1 in /website (#3048)
  • 81be01b fix(typings): synchronize types of sqlstring (#3047)
  • 3d2327d build(deps): bump lru.min from 1.0.0 to 1.1.0 (#3046)
  • 7c15a44 cd: add canary deploy (#3044)
  • 66b57e9 chore(master): release 3.11.2 (#3043)
  • 2c3c858 fix: resolve LRU conflicts, cache loss and premature engine breaking change (#2988)
  • 0b01333 build(deps-dev): bump typescript from 5.5.4 to 5.6.2 in /website (#3037)
  • ab3a34b build(deps): bump send and express in /website (#3039)
  • 9257a14 build(deps-dev): bump poku from 2.6.1 to 2.6.2 in /website (#3036)
  • ac87cc1 build(deps-dev): bump poku from 2.6.1 to 2.6.2 (#3033)
  • d2983bc build(deps-dev): bump typescript from 5.5.3 to 5.6.2 (#3032)
  • 2530b62 chore(master): release 3.11.1 (#3024)
  • b091cf4 fix: update connection cleanup process to handle expired connections and exceeding `config.maxIdle` (#3022)
  • 3298e50 chore(npm): improve transparency by adding provenance (#3029)
  • 3a2ef50 build(deps-dev): bump poku from 2.6.0 to 2.6.1 in /website (#3027)
  • 5963e9e build(deps-dev): bump poku from 2.6.0 to 2.6.1 (#3026)
  • ab7c49f fix(createPoolCluster): add pattern and selector to promise-based `getConnection` (#3017)
  • dc3a680 build(deps): bump lucide-react from 0.438.0 to 0.439.0 in /website (#3018)
  • dee0c08 build(deps-dev): bump poku from 2.5.0 to 2.6.0 in /website (#3015)
  • 92c5a3a build(deps-dev): bump poku from 2.5.0 to 2.6.0 (#3014)
  • 2f6e106 build(deps-dev): bump @ types/node from 22.5.3 to 22.5.4 (#3013)

Compare


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants