Update mysql2 version

[nicholas-lockhart]

Which service(blob, file, queue, table) does this issue concern?

N/A

Which version of the Azurite was used?

Azurite 3.30.0

Where do you get Azurite? (npm, DockerHub, NuGet, Visual Studio Code Extension)

DockerHub mcr.microsoft.com/azure-storage/azurite:3.30.0

What's the Node.js version?

v20.10.0

What problem was encountered?

I noticed that the version of mysql2 (3.7.0) being used is several months old. I know that there were a couple of significant CVEs that were resolved in 3.9.7, and there was a new version created not too long ago (3.10.0).

When do we think that Azurite will be using a newer version of mysql2 for testing?

Steps to reproduce the issue?

N/A

Have you found a mitigation/solution?

[blueww]

@nicholas-lockhart

Thanks for raising the issue! Could you please help to clarify which mysql2 version do you mean?

Do you mean mysql client, Azurite currently refer to "mysql2": "^3.2.0", see link.

We are currently working on some other new features and improvements, so this might won't be our recent priority.

Azurite welcome contribution! It would be great if you could raise a PR to update mysql2 version!

[nicholas-lockhart]

@blueww

Yes, the mysql client is the dependency in question. You can see here that is resolves to 3.7.0 for this project. Looking at NPM's versions available, it can be seen that there is now a 3.10.1 version available which has been a popular download, assuming it fixed some security issues based on the download count trends.

[blueww]

Hi @nicholas-lockhart

Azurite welcome contribution! It would be great if you could raise a PR to update mysql2 version!

We are currently working on some other new features and improvements, so this might won't be our recent priority.

[nicholas-lockhart]

@blueww, PR opened https://github.com/Azure/Azurite/pull/2418

[blueww]

Close as the fix PR is merged. https://github.com/Azure/Azurite/pull/2418 The fix will be in the next Azurite release.