[Snyk] Upgrade mysql2 from 3.6.0 to 3.9.5

[HelenaMission]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade mysql2 from 3.6.0 to 3.9.5.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 14 versions ahead of your current version.
• The recommended version was released 21 days ago, on 2024-04-17.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Poisoning SNYK-JS-MYSQL2-6591084	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Proof of Concept
	Remote Code Execution (RCE) SNYK-JS-MYSQL2-6591085	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Proof of Concept
	Improper Input Validation SNYK-JS-MYSQL2-6591300	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: mysql2

• 3.9.5 - 2024-04-17
  

  3.9.5 (2024-04-17)

  Bug Fixes

  • revert breaking change in results creation (#2591) (f7c60d0)
• 3.9.4 - 2024-04-09
  

  3.9.4 (2024-04-09)

  Bug Fixes

  • SSL: separate each certificate into an individual item #2542 (63f1055)
  • security: improve supportBigNumbers and bigNumberStrings sanitization (#2572) (74abf9e)
    • Fixes a potential RCE attack vulnerability reported by Vsevolod Kokorin (Slonser) of Solidlab
  • security: improve results object creation (#2574) (4a964a3)
    • Fixes a potential Prototype Pollution attack vulnerability reported by Vsevolod Kokorin (Slonser) of Solidlab
  • docs: improve the contribution guidelines (#2552) (8a818ce)
• 3.9.3 - 2024-03-26
  

  3.9.3 (2024-03-26)

  Bug Fixes

  • security: improve cache key formation (#2424) (0d54b0c)
    • Fixes a potential parser cache poisoning attack vulnerability reported by Vsevolod Kokorin (Slonser) of Solidlab
  • update Amazon RDS SSL CA cert (#2131) (d9dccfd)
• 3.9.2 - 2024-02-26
  

  3.9.2 (2024-02-26)

  Bug Fixes

  • stream: premature close when it is paused (#2416) (7c6bc64)
  • types: expose TypeCast types (#2425) (336a7f1)
• 3.9.1 - 2024-01-29
  

  3.9.1 (2024-01-29)

  Bug Fixes

  • types: support encoding for string type cast (#2407) (1dc2011)
• 3.9.0 - 2024-01-26
  

  3.9.0 (2024-01-26)

  Features

  • introduce typeCast for execute method (#2398) (baaa92a)
• 3.8.0 - 2024-01-23
  

  3.8.0 (2024-01-23)

  Features

  • perf: cache iconv decoder (#2391) (b95b3db)

  Bug Fixes

  • stream: premature close when using for await (#2389) (af47148)
  • types: add missing types to TypeCast (#2390) (78ce495)
  • removeIdleTimeoutConnectionsTimer isn't cleared on pool close (#2384) (18a44f6)
• 3.7.1 - 2024-01-17
  

  3.7.1 (2024-01-17)

  Bug Fixes

  • add condition which allows code in callback to be reachable (#2376) (8d5b903)
• 3.7.0 - 2024-01-07
  

  3.7.0 (2024-01-07)

  Features

  • docs: release documentation website (#2339) (c0d77c0)
• 3.6.5 - 2023-11-22
  

  3.6.5 (2023-11-22)

  Bug Fixes

  • add decodeuricomponent to parse uri encoded special characters in host, username, password and datbase keys (#2277) (fe573ad)
• 3.6.4 - 2023-11-21
• 3.6.3 - 2023-11-03
• 3.6.2 - 2023-10-15
• 3.6.1 - 2023-09-09
• 3.6.0 - 2023-08-04

from mysql2 GitHub release notes

Commit messages

Package name: mysql2

• 2129818 chore(master): release 3.9.5 (#2600)
• f7c60d0 fix: revert breaking change in results creation (#2591)
• 7f5b395 build(deps-dev): bump @ typescript-eslint/eslint-plugin in /website (#2596)
• a770052 build(deps-dev): bump @ typescript-eslint/parser in /website (#2595)
• 6dccf55 build(deps): bump lucide-react from 0.367.0 to 0.368.0 in /website (#2590)
• 9190db9 build(deps): bump sass from 1.74.1 to 1.75.0 in /website (#2589)
• 00f483f build(deps-dev): bump typescript from 5.4.4 to 5.4.5 (#2587)
• c95d661 build(deps-dev): bump typescript from 5.4.3 to 5.4.5 in /website (#2586)
• b72cac3 build(deps): bump lucide-react from 0.364.0 to 0.367.0 in /website (#2583)
• c45fb6f build(deps-dev): bump @ types/node from 20.12.4 to 20.12.7 (#2582)
• 407b9eb build(deps-dev): bump @ typescript-eslint/parser in /website (#2579)
• ad7de60 build(deps-dev): bump @ typescript-eslint/eslint-plugin in /website (#2578)
• cf3fa60 chore(master): release 3.9.4 (#2566)
• 4a964a3 fix(security): improve results object creation (#2574)
• 71115d8 ci: improve parser tests (#2573)
• 74abf9e fix(security): improve supportBigNumbers and bigNumberStrings sanitization (#2572)
• 8a818ce fix(docs): improve the contribution guidelines (#2552)
• 0f08c7c build(deps-dev): bump @ docusaurus/tsconfig in /website (#2563)
• 165c4d6 build(deps-dev): bump @ docusaurus/eslint-plugin in /website (#2564)
• 9b5ed7b build(deps): bump @ docusaurus/preset-classic in /website (#2562)
• 096db64 build(deps-dev): bump typescript from 5.4.3 to 5.4.4 (#2561)
• b91fd16 build(deps-dev): bump tsx from 4.7.1 to 4.7.2 in /website (#2557)
• 8e68d02 build(deps-dev): bump @ types/node from 20.12.3 to 20.12.4 (#2558)
• 0f2b89f build(deps): bump sass from 1.72.0 to 1.74.1 in /website (#2556)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs