ποΈ Turn-key solution for signed & secure file-uploads to an S3 compliant storage service such as R2, AWS, or Minio. Built for Next.js. Generates signed URLs for uploading files directly to your storage service and optionally integrates with a database to store additional metadata about your files.
MIT License
83
stars
4
forks
source link
chore(deps): update dependency mysql2 to v3.9.8 [security] #57
Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function.
Versions of the package mysql2 before 3.9.8 are vulnerable to Prototype Pollution due to improper user input sanitization passed to fields and tables when using nestTables.
Release Notes
sidorares/node-mysql2 (mysql2)
### [`v3.9.8`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#398-2024-05-26)
[Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.9.7...v3.9.8)
##### Bug Fixes
- **security:** sanitize fields and tables when using nestTables ([#2702](https://togithub.com/sidorares/node-mysql2/issues/2702)) ([efe3db5](https://togithub.com/sidorares/node-mysql2/commit/efe3db527a2c94a63c2d14045baba8dfefe922bc))
- support deno + caching_sha2\_password FULL_AUTHENTICATION_PACKET flow ([#2704](https://togithub.com/sidorares/node-mysql2/issues/2704)) ([2e03694](https://togithub.com/sidorares/node-mysql2/commit/2e0369445ba1581b427f78689a935ac3debfbf07))
- **typings:** typo from `jonServerPublicKey` to `onServerPublicKey` ([#2699](https://togithub.com/sidorares/node-mysql2/issues/2699)) ([8b5f691](https://togithub.com/sidorares/node-mysql2/commit/8b5f6911b69b766a3732fa160049d263460da74b))
### [`v3.9.7`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#397-2024-04-21)
[Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.9.6...v3.9.7)
##### Bug Fixes
- **security:** sanitize timezone parameter value to prevent code injection ([#2608](https://togithub.com/sidorares/node-mysql2/issues/2608)) ([7d4b098](https://togithub.com/sidorares/node-mysql2/commit/7d4b098c7e29d5a6cb9eac2633bfcc2f0f1db713))
### [`v3.9.6`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#396-2024-04-18)
[Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.9.5...v3.9.6)
##### Bug Fixes
- binary parser sometimes reads out of packet bounds when results contain null and typecast is false ([#2601](https://togithub.com/sidorares/node-mysql2/issues/2601)) ([705835d](https://togithub.com/sidorares/node-mysql2/commit/705835d06ff437cf0bf3169dac0a5f68002c4f87))
### [`v3.9.5`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#395-2024-04-17)
[Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.9.4...v3.9.5)
##### Bug Fixes
- revert breaking change in results creation ([#2591](https://togithub.com/sidorares/node-mysql2/issues/2591)) ([f7c60d0](https://togithub.com/sidorares/node-mysql2/commit/f7c60d01a49666130f51d3847ccfdd3d6e3d33e9))
Configuration
π Schedule: Branch creation - "" in timezone America/Los_Angeles, Automerge - At any time (no schedule defined).
π¦ Automerge: Disabled by config. Please merge this manually once you are satisfied.
β» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
π Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
3.9.4
->3.9.8
GitHub Vulnerability Alerts
CVE-2024-21511
Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function.
CVE-2024-21512
Versions of the package mysql2 before 3.9.8 are vulnerable to Prototype Pollution due to improper user input sanitization passed to fields and tables when using nestTables.
Release Notes
sidorares/node-mysql2 (mysql2)
### [`v3.9.8`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#398-2024-05-26) [Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.9.7...v3.9.8) ##### Bug Fixes - **security:** sanitize fields and tables when using nestTables ([#2702](https://togithub.com/sidorares/node-mysql2/issues/2702)) ([efe3db5](https://togithub.com/sidorares/node-mysql2/commit/efe3db527a2c94a63c2d14045baba8dfefe922bc)) - support deno + caching_sha2\_password FULL_AUTHENTICATION_PACKET flow ([#2704](https://togithub.com/sidorares/node-mysql2/issues/2704)) ([2e03694](https://togithub.com/sidorares/node-mysql2/commit/2e0369445ba1581b427f78689a935ac3debfbf07)) - **typings:** typo from `jonServerPublicKey` to `onServerPublicKey` ([#2699](https://togithub.com/sidorares/node-mysql2/issues/2699)) ([8b5f691](https://togithub.com/sidorares/node-mysql2/commit/8b5f6911b69b766a3732fa160049d263460da74b)) ### [`v3.9.7`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#397-2024-04-21) [Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.9.6...v3.9.7) ##### Bug Fixes - **security:** sanitize timezone parameter value to prevent code injection ([#2608](https://togithub.com/sidorares/node-mysql2/issues/2608)) ([7d4b098](https://togithub.com/sidorares/node-mysql2/commit/7d4b098c7e29d5a6cb9eac2633bfcc2f0f1db713)) ### [`v3.9.6`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#396-2024-04-18) [Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.9.5...v3.9.6) ##### Bug Fixes - binary parser sometimes reads out of packet bounds when results contain null and typecast is false ([#2601](https://togithub.com/sidorares/node-mysql2/issues/2601)) ([705835d](https://togithub.com/sidorares/node-mysql2/commit/705835d06ff437cf0bf3169dac0a5f68002c4f87)) ### [`v3.9.5`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#395-2024-04-17) [Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.9.4...v3.9.5) ##### Bug Fixes - revert breaking change in results creation ([#2591](https://togithub.com/sidorares/node-mysql2/issues/2591)) ([f7c60d0](https://togithub.com/sidorares/node-mysql2/commit/f7c60d01a49666130f51d3847ccfdd3d6e3d33e9))Configuration
π Schedule: Branch creation - "" in timezone America/Los_Angeles, Automerge - At any time (no schedule defined).
π¦ Automerge: Disabled by config. Please merge this manually once you are satisfied.
β» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
π Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.