🗃️ Turn-key solution for signed & secure file-uploads to an S3 compliant storage service such as R2, AWS, or Minio. Built for Next.js. Generates signed URLs for uploading files directly to your storage service and optionally integrates with a database to store additional metadata about your files.
MIT License
83
stars
4
forks
source link
chore(deps): update dependency mysql2 to v3.9.4 [security] #52
Versions of the package mysql2 before 3.9.3 are vulnerable to Improper Input Validation through the keyFromFields function, resulting in cache poisoning. An attacker can inject a colon : character within a value of the attacker-crafted key.
Versions of the package mysql2 before 3.9.4 are vulnerable to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through parserFn in text_parser.js and binary_parser.js.
Versions of the package mysql2 before 3.9.4 are vulnerable to Remote Code Execution (RCE) via the readCodeFor function due to improper validation of the supportBigNumbers and bigNumberStrings values.
Release Notes
sidorares/node-mysql2 (mysql2)
### [`v3.9.4`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#394-2024-04-09)
[Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.9.3...v3.9.4)
##### Bug Fixes
- **docs:** improve the contribution guidelines ([#2552](https://togithub.com/sidorares/node-mysql2/issues/2552)) ([8a818ce](https://togithub.com/sidorares/node-mysql2/commit/8a818ce0f30654eba854759e6409c0ac856fc448))
- **security:** improve results object creation ([#2574](https://togithub.com/sidorares/node-mysql2/issues/2574)) ([4a964a3](https://togithub.com/sidorares/node-mysql2/commit/4a964a3910a4b8de008696c554ab1b492e9b4691))
- **security:** improve supportBigNumbers and bigNumberStrings sanitization ([#2572](https://togithub.com/sidorares/node-mysql2/issues/2572)) ([74abf9e](https://togithub.com/sidorares/node-mysql2/commit/74abf9ef94d76114d9a09415e28b496522a94805))
### [`v3.9.3`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#393-2024-03-26)
[Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.9.2...v3.9.3)
##### Bug Fixes
- **security:** improve cache key formation ([#2424](https://togithub.com/sidorares/node-mysql2/issues/2424)) ([0d54b0c](https://togithub.com/sidorares/node-mysql2/commit/0d54b0ca6498c823098426038162ef10df02c818))
- Fixes a potential parser cache poisoning attack vulnerability reported by Vsevolod Kokorin (Slonser) of Solidlab
- update Amazon RDS SSL CA cert ([#2131](https://togithub.com/sidorares/node-mysql2/pull/2131)) ([d9dccfd](https://togithub.com/sidorares/node-mysql2/commit/d9dccfd837d701f377574b85a05586be89015460))
### [`v3.9.2`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#392-2024-02-26)
[Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.9.1...v3.9.2)
##### Bug Fixes
- **stream:** premature close when it is paused ([#2416](https://togithub.com/sidorares/node-mysql2/issues/2416)) ([7c6bc64](https://togithub.com/sidorares/node-mysql2/commit/7c6bc642addb3e6fee1b1fdc84f83a72ff11ca4a))
- **types:** expose TypeCast types ([#2425](https://togithub.com/sidorares/node-mysql2/issues/2425)) ([336a7f1](https://togithub.com/sidorares/node-mysql2/commit/336a7f1259c63d2dfe070fe400b141e89255844e))
### [`v3.9.1`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#391-2024-01-29)
[Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.9.0...v3.9.1)
##### Bug Fixes
- **types:** support encoding for string type cast ([#2407](https://togithub.com/sidorares/node-mysql2/issues/2407)) ([1dc2011](https://togithub.com/sidorares/node-mysql2/commit/1dc201144daceab0b12193ada0f13dbb25e917f6))
### [`v3.9.0`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#390-2024-01-26)
[Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.8.0...v3.9.0)
##### Features
- introduce typeCast for `execute` method ([#2398](https://togithub.com/sidorares/node-mysql2/issues/2398)) ([baaa92a](https://togithub.com/sidorares/node-mysql2/commit/baaa92a228d32012f7da07826674f7a736e3791d))
### [`v3.8.0`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#380-2024-01-23)
[Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.7.1...v3.8.0)
##### Features
- **perf:** cache iconv decoder ([#2391](https://togithub.com/sidorares/node-mysql2/issues/2391)) ([b95b3db](https://togithub.com/sidorares/node-mysql2/commit/b95b3dbe4bb34e36d0d1be6948e4d8a169d28eed))
##### Bug Fixes
- **stream:** premature close when using `for await` ([#2389](https://togithub.com/sidorares/node-mysql2/issues/2389)) ([af47148](https://togithub.com/sidorares/node-mysql2/commit/af4714845603f70e3c1ef635f6c0750ff1987a9e))
- The removeIdleTimeoutConnectionsTimer did not clean up when the … ([#2384](https://togithub.com/sidorares/node-mysql2/issues/2384)) ([18a44f6](https://togithub.com/sidorares/node-mysql2/commit/18a44f6a0a0b7ef41cc874d7a7bb2d3db83ea533))
- **types:** add missing types to TypeCast ([#2390](https://togithub.com/sidorares/node-mysql2/issues/2390)) ([78ce495](https://togithub.com/sidorares/node-mysql2/commit/78ce4953e9c66d6cf40ffc2d252fa3701a2d4fe2))
### [`v3.7.1`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#371-2024-01-17)
[Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.7.0...v3.7.1)
##### Bug Fixes
- add condition which allows code in callback to be reachable ([#2376](https://togithub.com/sidorares/node-mysql2/issues/2376)) ([8d5b903](https://togithub.com/sidorares/node-mysql2/commit/8d5b903f5c24ef6378d4aa98d3fd4e13d39be4db))
Configuration
📅 Schedule: Branch creation - "" in timezone America/Los_Angeles, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
3.7.0
->3.9.4
GitHub Vulnerability Alerts
CVE-2024-21507
Versions of the package mysql2 before 3.9.3 are vulnerable to Improper Input Validation through the
keyFromFields
function, resulting in cache poisoning. An attacker can inject a colon:
character within a value of the attacker-crafted key.CVE-2024-21509
Versions of the package mysql2 before 3.9.4 are vulnerable to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through
parserFn
intext_parser.js
andbinary_parser.js
.CVE-2024-21508
Versions of the package mysql2 before 3.9.4 are vulnerable to Remote Code Execution (RCE) via the
readCodeFor
function due to improper validation of thesupportBigNumbers
andbigNumberStrings
values.Release Notes
sidorares/node-mysql2 (mysql2)
### [`v3.9.4`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#394-2024-04-09) [Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.9.3...v3.9.4) ##### Bug Fixes - **docs:** improve the contribution guidelines ([#2552](https://togithub.com/sidorares/node-mysql2/issues/2552)) ([8a818ce](https://togithub.com/sidorares/node-mysql2/commit/8a818ce0f30654eba854759e6409c0ac856fc448)) - **security:** improve results object creation ([#2574](https://togithub.com/sidorares/node-mysql2/issues/2574)) ([4a964a3](https://togithub.com/sidorares/node-mysql2/commit/4a964a3910a4b8de008696c554ab1b492e9b4691)) - **security:** improve supportBigNumbers and bigNumberStrings sanitization ([#2572](https://togithub.com/sidorares/node-mysql2/issues/2572)) ([74abf9e](https://togithub.com/sidorares/node-mysql2/commit/74abf9ef94d76114d9a09415e28b496522a94805)) ### [`v3.9.3`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#393-2024-03-26) [Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.9.2...v3.9.3) ##### Bug Fixes - **security:** improve cache key formation ([#2424](https://togithub.com/sidorares/node-mysql2/issues/2424)) ([0d54b0c](https://togithub.com/sidorares/node-mysql2/commit/0d54b0ca6498c823098426038162ef10df02c818)) - Fixes a potential parser cache poisoning attack vulnerability reported by Vsevolod Kokorin (Slonser) of Solidlab - update Amazon RDS SSL CA cert ([#2131](https://togithub.com/sidorares/node-mysql2/pull/2131)) ([d9dccfd](https://togithub.com/sidorares/node-mysql2/commit/d9dccfd837d701f377574b85a05586be89015460)) ### [`v3.9.2`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#392-2024-02-26) [Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.9.1...v3.9.2) ##### Bug Fixes - **stream:** premature close when it is paused ([#2416](https://togithub.com/sidorares/node-mysql2/issues/2416)) ([7c6bc64](https://togithub.com/sidorares/node-mysql2/commit/7c6bc642addb3e6fee1b1fdc84f83a72ff11ca4a)) - **types:** expose TypeCast types ([#2425](https://togithub.com/sidorares/node-mysql2/issues/2425)) ([336a7f1](https://togithub.com/sidorares/node-mysql2/commit/336a7f1259c63d2dfe070fe400b141e89255844e)) ### [`v3.9.1`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#391-2024-01-29) [Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.9.0...v3.9.1) ##### Bug Fixes - **types:** support encoding for string type cast ([#2407](https://togithub.com/sidorares/node-mysql2/issues/2407)) ([1dc2011](https://togithub.com/sidorares/node-mysql2/commit/1dc201144daceab0b12193ada0f13dbb25e917f6)) ### [`v3.9.0`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#390-2024-01-26) [Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.8.0...v3.9.0) ##### Features - introduce typeCast for `execute` method ([#2398](https://togithub.com/sidorares/node-mysql2/issues/2398)) ([baaa92a](https://togithub.com/sidorares/node-mysql2/commit/baaa92a228d32012f7da07826674f7a736e3791d)) ### [`v3.8.0`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#380-2024-01-23) [Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.7.1...v3.8.0) ##### Features - **perf:** cache iconv decoder ([#2391](https://togithub.com/sidorares/node-mysql2/issues/2391)) ([b95b3db](https://togithub.com/sidorares/node-mysql2/commit/b95b3dbe4bb34e36d0d1be6948e4d8a169d28eed)) ##### Bug Fixes - **stream:** premature close when using `for await` ([#2389](https://togithub.com/sidorares/node-mysql2/issues/2389)) ([af47148](https://togithub.com/sidorares/node-mysql2/commit/af4714845603f70e3c1ef635f6c0750ff1987a9e)) - The removeIdleTimeoutConnectionsTimer did not clean up when the … ([#2384](https://togithub.com/sidorares/node-mysql2/issues/2384)) ([18a44f6](https://togithub.com/sidorares/node-mysql2/commit/18a44f6a0a0b7ef41cc874d7a7bb2d3db83ea533)) - **types:** add missing types to TypeCast ([#2390](https://togithub.com/sidorares/node-mysql2/issues/2390)) ([78ce495](https://togithub.com/sidorares/node-mysql2/commit/78ce4953e9c66d6cf40ffc2d252fa3701a2d4fe2)) ### [`v3.7.1`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#371-2024-01-17) [Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.7.0...v3.7.1) ##### Bug Fixes - add condition which allows code in callback to be reachable ([#2376](https://togithub.com/sidorares/node-mysql2/issues/2376)) ([8d5b903](https://togithub.com/sidorares/node-mysql2/commit/8d5b903f5c24ef6378d4aa98d3fd4e13d39be4db))Configuration
📅 Schedule: Branch creation - "" in timezone America/Los_Angeles, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.