search

GoogleCloudPlatform / cloud-sql-nodejs-connector

A JavaScript library for connecting securely to your Cloud SQL instances
Apache License 2.0
67 stars 8 forks source link

deps: Update dependency mysql2 to v3.9.4 [SECURITY] - autoclosed #325

Closed renovate-bot closed 4 months ago

renovate-bot commented 5 months ago

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
mysql2 (source) 3.6.3 -> 3.9.4 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2024-21507

Versions of the package mysql2 before 3.9.3 are vulnerable to Improper Input Validation through the keyFromFields function, resulting in cache poisoning. An attacker can inject a colon : character within a value of the attacker-crafted key.

CVE-2024-21508

Versions of the package mysql2 before 3.9.4 are vulnerable to Remote Code Execution (RCE) via the readCodeFor function due to improper validation of the supportBigNumbers and bigNumberStrings values.

CVE-2024-21509

Versions of the package mysql2 before 3.9.4 are vulnerable to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through parserFn in text_parser.js and binary_parser.js.

Release Notes

sidorares/node-mysql2 (mysql2) ### [`v3.9.4`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#394-2024-04-09) [Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.9.3...v3.9.4) ##### Bug Fixes - **docs:** improve the contribution guidelines ([#​2552](https://togithub.com/sidorares/node-mysql2/issues/2552)) ([8a818ce](https://togithub.com/sidorares/node-mysql2/commit/8a818ce0f30654eba854759e6409c0ac856fc448)) - **security:** improve results object creation ([#​2574](https://togithub.com/sidorares/node-mysql2/issues/2574)) ([4a964a3](https://togithub.com/sidorares/node-mysql2/commit/4a964a3910a4b8de008696c554ab1b492e9b4691)) - **security:** improve supportBigNumbers and bigNumberStrings sanitization ([#​2572](https://togithub.com/sidorares/node-mysql2/issues/2572)) ([74abf9e](https://togithub.com/sidorares/node-mysql2/commit/74abf9ef94d76114d9a09415e28b496522a94805)) ### [`v3.9.3`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#393-2024-03-26) [Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.9.2...v3.9.3) ##### Bug Fixes - **security:** improve cache key formation ([#​2424](https://togithub.com/sidorares/node-mysql2/issues/2424)) ([0d54b0c](https://togithub.com/sidorares/node-mysql2/commit/0d54b0ca6498c823098426038162ef10df02c818)) - Fixes a potential parser cache poisoning attack vulnerability reported by Vsevolod Kokorin (Slonser) of Solidlab - update Amazon RDS SSL CA cert ([#​2131](https://togithub.com/sidorares/node-mysql2/pull/2131)) ([d9dccfd](https://togithub.com/sidorares/node-mysql2/commit/d9dccfd837d701f377574b85a05586be89015460)) ### [`v3.9.2`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#392-2024-02-26) [Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.9.1...v3.9.2) ##### Bug Fixes - **stream:** premature close when it is paused ([#​2416](https://togithub.com/sidorares/node-mysql2/issues/2416)) ([7c6bc64](https://togithub.com/sidorares/node-mysql2/commit/7c6bc642addb3e6fee1b1fdc84f83a72ff11ca4a)) - **types:** expose TypeCast types ([#​2425](https://togithub.com/sidorares/node-mysql2/issues/2425)) ([336a7f1](https://togithub.com/sidorares/node-mysql2/commit/336a7f1259c63d2dfe070fe400b141e89255844e)) ### [`v3.9.1`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#391-2024-01-29) [Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.9.0...v3.9.1) ##### Bug Fixes - **types:** support encoding for string type cast ([#​2407](https://togithub.com/sidorares/node-mysql2/issues/2407)) ([1dc2011](https://togithub.com/sidorares/node-mysql2/commit/1dc201144daceab0b12193ada0f13dbb25e917f6)) ### [`v3.9.0`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#390-2024-01-26) [Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.8.0...v3.9.0) ##### Features - introduce typeCast for `execute` method ([#​2398](https://togithub.com/sidorares/node-mysql2/issues/2398)) ([baaa92a](https://togithub.com/sidorares/node-mysql2/commit/baaa92a228d32012f7da07826674f7a736e3791d)) ### [`v3.8.0`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#380-2024-01-23) [Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.7.1...v3.8.0) ##### Features - **perf:** cache iconv decoder ([#​2391](https://togithub.com/sidorares/node-mysql2/issues/2391)) ([b95b3db](https://togithub.com/sidorares/node-mysql2/commit/b95b3dbe4bb34e36d0d1be6948e4d8a169d28eed)) ##### Bug Fixes - **stream:** premature close when using `for await` ([#​2389](https://togithub.com/sidorares/node-mysql2/issues/2389)) ([af47148](https://togithub.com/sidorares/node-mysql2/commit/af4714845603f70e3c1ef635f6c0750ff1987a9e)) - The removeIdleTimeoutConnectionsTimer did not clean up when the … ([#​2384](https://togithub.com/sidorares/node-mysql2/issues/2384)) ([18a44f6](https://togithub.com/sidorares/node-mysql2/commit/18a44f6a0a0b7ef41cc874d7a7bb2d3db83ea533)) - **types:** add missing types to TypeCast ([#​2390](https://togithub.com/sidorares/node-mysql2/issues/2390)) ([78ce495](https://togithub.com/sidorares/node-mysql2/commit/78ce4953e9c66d6cf40ffc2d252fa3701a2d4fe2)) ### [`v3.7.1`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#371-2024-01-17) [Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.7.0...v3.7.1) ##### Bug Fixes - add condition which allows code in callback to be reachable ([#​2376](https://togithub.com/sidorares/node-mysql2/issues/2376)) ([8d5b903](https://togithub.com/sidorares/node-mysql2/commit/8d5b903f5c24ef6378d4aa98d3fd4e13d39be4db)) ### [`v3.7.0`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#370-2024-01-07) [Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.6.5...v3.7.0) ##### Features - **docs:** release documentation website ([#​2339](https://togithub.com/sidorares/node-mysql2/issues/2339)) ([c0d77c0](https://togithub.com/sidorares/node-mysql2/commit/c0d77c02d2f4ad22b46a712d270fc2654d26de4e)) ### [`v3.6.5`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#365-2023-11-22) [Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.6.4...v3.6.5) ##### Bug Fixes - add decodeuricomponent to parse uri encoded special characters in host, username, password and datbase keys ([#​2277](https://togithub.com/sidorares/node-mysql2/issues/2277)) ([fe573ad](https://togithub.com/sidorares/node-mysql2/commit/fe573addffa64a842ae37994fcd8879cefa933f2)) ### [`v3.6.4`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#364-2023-11-21) [Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.6.3...v3.6.4) ##### Bug Fixes - malformed FieldPacket ([#​2280](https://togithub.com/sidorares/node-mysql2/issues/2280)) ([8831e09](https://togithub.com/sidorares/node-mysql2/commit/8831e092024f8d26fe9272adec8e1a5f115735aa)) - move missing options to ` ConnectionOptions ` ([#​2288](https://togithub.com/sidorares/node-mysql2/issues/2288)) ([5cd7639](https://togithub.com/sidorares/node-mysql2/commit/5cd76396d962da070452800597a6f86829b35bd4))

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

â™» Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Mend Renovate. View repository job log here.