search

celo-org / celo-monorepo

Official repository for core projects comprising the Celo platform
https://celo.org
Apache License 2.0
684 stars 360 forks source link

fix(deps): update dependency mysql2 to v3 [security] (release/core-contracts/10) - autoclosed #11053

Closed renovate[bot] closed 2 weeks ago

renovate[bot] commented 2 weeks ago

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
mysql2 (source) ^2.1.0 -> ^3.0.0 age adoption passing confidence

mysql2 cache poisoning vulnerability

CVE-2024-21507 / GHSA-mqr2-w7wj-jjgr

More information #### Details Versions of the package mysql2 before 3.9.3 are vulnerable to Improper Input Validation through the `keyFromFields` function, resulting in cache poisoning. An attacker can inject a colon `:` character within a value of the attacker-crafted key. #### Severity - CVSS Score: 6.5 / 10 (Medium) - Vector String: `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L` #### References - [https://nvd.nist.gov/vuln/detail/CVE-2024-21507](https://nvd.nist.gov/vuln/detail/CVE-2024-21507) - [https://github.com/sidorares/node-mysql2/pull/2424](https://togithub.com/sidorares/node-mysql2/pull/2424) - [https://github.com/sidorares/node-mysql2/commit/0d54b0ca6498c823098426038162ef10df02c818](https://togithub.com/sidorares/node-mysql2/commit/0d54b0ca6498c823098426038162ef10df02c818) - [https://blog.slonser.info/posts/mysql2-attacker-configuration](https://blog.slonser.info/posts/mysql2-attacker-configuration) - [https://github.com/sidorares/node-mysql2](https://togithub.com/sidorares/node-mysql2) - [https://security.snyk.io/vuln/SNYK-JS-MYSQL2-6591300](https://security.snyk.io/vuln/SNYK-JS-MYSQL2-6591300) This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-mqr2-w7wj-jjgr) and the [GitHub Advisory Database](https://togithub.com/github/advisory-database) ([CC-BY 4.0](https://togithub.com/github/advisory-database/blob/main/LICENSE.md)).

mysql2 vulnerable to Prototype Poisoning

CVE-2024-21509 / GHSA-49j4-86m8-q2jw

More information #### Details Versions of the package mysql2 before 3.9.4 are vulnerable to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through `parserFn` in `text_parser.js` and `binary_parser.js`. #### Severity - CVSS Score: 6.5 / 10 (Medium) - Vector String: `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L` #### References - [https://nvd.nist.gov/vuln/detail/CVE-2024-21509](https://nvd.nist.gov/vuln/detail/CVE-2024-21509) - [https://github.com/sidorares/node-mysql2/pull/2574](https://togithub.com/sidorares/node-mysql2/pull/2574) - [https://github.com/sidorares/node-mysql2/commit/4a964a3910a4b8de008696c554ab1b492e9b4691](https://togithub.com/sidorares/node-mysql2/commit/4a964a3910a4b8de008696c554ab1b492e9b4691) - [https://blog.slonser.info/posts/mysql2-attacker-configuration](https://blog.slonser.info/posts/mysql2-attacker-configuration) - [https://github.com/sidorares/node-mysql2](https://togithub.com/sidorares/node-mysql2) - [https://github.com/sidorares/node-mysql2/blob/fd3d117da82cc5c5fa5a3701d7b33ca77691bc61/lib/parsers/text_parser.js%23L134](https://togithub.com/sidorares/node-mysql2/blob/fd3d117da82cc5c5fa5a3701d7b33ca77691bc61/lib/parsers/text_parser.js%23L134) - [https://github.com/sidorares/node-mysql2/releases/tag/v3.9.4](https://togithub.com/sidorares/node-mysql2/releases/tag/v3.9.4) - [https://security.snyk.io/vuln/SNYK-JS-MYSQL2-6591084](https://security.snyk.io/vuln/SNYK-JS-MYSQL2-6591084) This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-49j4-86m8-q2jw) and the [GitHub Advisory Database](https://togithub.com/github/advisory-database) ([CC-BY 4.0](https://togithub.com/github/advisory-database/blob/main/LICENSE.md)).

mysql2 Remote Code Execution (RCE) via the readCodeFor function

CVE-2024-21508 / GHSA-fpw7-j2hg-69v5

More information #### Details Versions of the package mysql2 before 3.9.4 are vulnerable to Remote Code Execution (RCE) via the `readCodeFor` function due to improper validation of the `supportBigNumbers` and `bigNumberStrings` values. #### Severity - CVSS Score: 9.8 / 10 (Critical) - Vector String: `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H` #### References - [https://nvd.nist.gov/vuln/detail/CVE-2024-21508](https://nvd.nist.gov/vuln/detail/CVE-2024-21508) - [https://github.com/sidorares/node-mysql2/pull/2572](https://togithub.com/sidorares/node-mysql2/pull/2572) - [https://github.com/sidorares/node-mysql2/commit/74abf9ef94d76114d9a09415e28b496522a94805](https://togithub.com/sidorares/node-mysql2/commit/74abf9ef94d76114d9a09415e28b496522a94805) - [https://blog.slonser.info/posts/mysql2-attacker-configuration](https://blog.slonser.info/posts/mysql2-attacker-configuration) - [https://github.com/sidorares/node-mysql2](https://togithub.com/sidorares/node-mysql2) - [https://github.com/sidorares/node-mysql2/blob/1609b5393516d72a4ae47196837317fbe75e0c13/lib/parsers/text_parser.js%23L14C10-L14C21](https://togithub.com/sidorares/node-mysql2/blob/1609b5393516d72a4ae47196837317fbe75e0c13/lib/parsers/text_parser.js%23L14C10-L14C21) - [https://github.com/sidorares/node-mysql2/releases/tag/v3.9.4](https://togithub.com/sidorares/node-mysql2/releases/tag/v3.9.4) - [https://security.snyk.io/vuln/SNYK-JS-MYSQL2-6591085](https://security.snyk.io/vuln/SNYK-JS-MYSQL2-6591085) This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-fpw7-j2hg-69v5) and the [GitHub Advisory Database](https://togithub.com/github/advisory-database) ([CC-BY 4.0](https://togithub.com/github/advisory-database/blob/main/LICENSE.md)).

MySQL2 for Node Arbitrary Code Injection

CVE-2024-21511 / GHSA-4rch-2fh8-94vw

More information #### Details Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function. #### Severity - CVSS Score: 9.8 / 10 (Critical) - Vector String: `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H` #### References - [https://nvd.nist.gov/vuln/detail/CVE-2024-21511](https://nvd.nist.gov/vuln/detail/CVE-2024-21511) - [https://github.com/sidorares/node-mysql2/pull/2608](https://togithub.com/sidorares/node-mysql2/pull/2608) - [https://github.com/sidorares/node-mysql2/commit/7d4b098c7e29d5a6cb9eac2633bfcc2f0f1db713](https://togithub.com/sidorares/node-mysql2/commit/7d4b098c7e29d5a6cb9eac2633bfcc2f0f1db713) - [https://github.com/sidorares/node-mysql2](https://togithub.com/sidorares/node-mysql2) - [https://github.com/sidorares/node-mysql2/releases/tag/v3.9.7](https://togithub.com/sidorares/node-mysql2/releases/tag/v3.9.7) - [https://security.snyk.io/vuln/SNYK-JS-MYSQL2-6670046](https://security.snyk.io/vuln/SNYK-JS-MYSQL2-6670046) This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-4rch-2fh8-94vw) and the [GitHub Advisory Database](https://togithub.com/github/advisory-database) ([CC-BY 4.0](https://togithub.com/github/advisory-database/blob/main/LICENSE.md)).

mysql2 vulnerable to Prototype Pollution

CGA-3mh2-3mv5-jfp3 / CVE-2024-21512 / GHSA-pmh2-wpjm-fj45

More information #### Details Versions of the package mysql2 before 3.9.8 are vulnerable to Prototype Pollution due to improper user input sanitization passed to fields and tables when using nestTables. #### Severity - CVSS Score: 8.2 / 10 (High) - Vector String: `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L` #### References - [https://nvd.nist.gov/vuln/detail/CVE-2024-21512](https://nvd.nist.gov/vuln/detail/CVE-2024-21512) - [https://github.com/sidorares/node-mysql2/pull/2702](https://togithub.com/sidorares/node-mysql2/pull/2702) - [https://github.com/sidorares/node-mysql2/commit/efe3db527a2c94a63c2d14045baba8dfefe922bc](https://togithub.com/sidorares/node-mysql2/commit/efe3db527a2c94a63c2d14045baba8dfefe922bc) - [https://gist.github.com/domdomi3/e9f0f9b9b1ed6bfbbc0bea87c5ca1e4a](https://gist.github.com/domdomi3/e9f0f9b9b1ed6bfbbc0bea87c5ca1e4a) - [https://github.com/sidorares/node-mysql2](https://togithub.com/sidorares/node-mysql2) - [https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-7176010](https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-7176010) - [https://security.snyk.io/vuln/SNYK-JS-MYSQL2-6861580](https://security.snyk.io/vuln/SNYK-JS-MYSQL2-6861580) This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-pmh2-wpjm-fj45) and the [GitHub Advisory Database](https://togithub.com/github/advisory-database) ([CC-BY 4.0](https://togithub.com/github/advisory-database/blob/main/LICENSE.md)).

Release Notes

sidorares/node-mysql2 (mysql2) ### [`v3.9.8`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#398-2024-05-26) [Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.9.7...v3.9.8) ##### Bug Fixes - **security:** sanitize fields and tables when using nestTables ([#​2702](https://togithub.com/sidorares/node-mysql2/issues/2702)) ([efe3db5](https://togithub.com/sidorares/node-mysql2/commit/efe3db527a2c94a63c2d14045baba8dfefe922bc)) - support deno + caching_sha2\_password FULL_AUTHENTICATION_PACKET flow ([#​2704](https://togithub.com/sidorares/node-mysql2/issues/2704)) ([2e03694](https://togithub.com/sidorares/node-mysql2/commit/2e0369445ba1581b427f78689a935ac3debfbf07)) - **typings:** typo from `jonServerPublicKey` to `onServerPublicKey` ([#​2699](https://togithub.com/sidorares/node-mysql2/issues/2699)) ([8b5f691](https://togithub.com/sidorares/node-mysql2/commit/8b5f6911b69b766a3732fa160049d263460da74b)) ### [`v3.9.7`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#397-2024-04-21) [Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.9.6...v3.9.7) ##### Bug Fixes - **security:** sanitize timezone parameter value to prevent code injection ([#​2608](https://togithub.com/sidorares/node-mysql2/issues/2608)) ([7d4b098](https://togithub.com/sidorares/node-mysql2/commit/7d4b098c7e29d5a6cb9eac2633bfcc2f0f1db713)) ### [`v3.9.6`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#396-2024-04-18) [Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.9.5...v3.9.6) ##### Bug Fixes - binary parser sometimes reads out of packet bounds when results contain null and typecast is false ([#​2601](https://togithub.com/sidorares/node-mysql2/issues/2601)) ([705835d](https://togithub.com/sidorares/node-mysql2/commit/705835d06ff437cf0bf3169dac0a5f68002c4f87)) ### [`v3.9.5`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#395-2024-04-17) [Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.9.4...v3.9.5) ##### Bug Fixes - revert breaking change in results creation ([#​2591](https://togithub.com/sidorares/node-mysql2/issues/2591)) ([f7c60d0](https://togithub.com/sidorares/node-mysql2/commit/f7c60d01a49666130f51d3847ccfdd3d6e3d33e9)) ### [`v3.9.4`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#394-2024-04-09) [Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.9.3...v3.9.4) ##### Bug Fixes - **docs:** improve the contribution guidelines ([#​2552](https://togithub.com/sidorares/node-mysql2/issues/2552)) ([8a818ce](https://togithub.com/sidorares/node-mysql2/commit/8a818ce0f30654eba854759e6409c0ac856fc448)) - **security:** improve results object creation ([#​2574](https://togithub.com/sidorares/node-mysql2/issues/2574)) ([4a964a3](https://togithub.com/sidorares/node-mysql2/commit/4a964a3910a4b8de008696c554ab1b492e9b4691)) - **security:** improve supportBigNumbers and bigNumberStrings sanitization ([#​2572](https://togithub.com/sidorares/node-mysql2/issues/2572)) ([74abf9e](https://togithub.com/sidorares/node-mysql2/commit/74abf9ef94d76114d9a09415e28b496522a94805)) ### [`v3.9.3`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#393-2024-03-26) [Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.9.2...v3.9.3) ##### Bug Fixes - **security:** improve cache key formation ([#​2424](https://togithub.com/sidorares/node-mysql2/issues/2424)) ([0d54b0c](https://togithub.com/sidorares/node-mysql2/commit/0d54b0ca6498c823098426038162ef10df02c818)) - Fixes a potential parser cache poisoning attack vulnerability reported by Vsevolod Kokorin (Slonser) of Solidlab - update Amazon RDS SSL CA cert ([#​2131](https://togithub.com/sidorares/node-mysql2/pull/2131)) ([d9dccfd](https://togithub.com/sidorares/node-mysql2/commit/d9dccfd837d701f377574b85a05586be89015460)) ### [`v3.9.2`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#392-2024-02-26) [Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.9.1...v3.9.2) ##### Bug Fixes - **stream:** premature close when it is paused ([#​2416](https://togithub.com/sidorares/node-mysql2/issues/2416)) ([7c6bc64](https://togithub.com/sidorares/node-mysql2/commit/7c6bc642addb3e6fee1b1fdc84f83a72ff11ca4a)) - **types:** expose TypeCast types ([#​2425](https://togithub.com/sidorares/node-mysql2/issues/2425)) ([336a7f1](https://togithub.com/sidorares/node-mysql2/commit/336a7f1259c63d2dfe070fe400b141e89255844e)) ### [`v3.9.1`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#391-2024-01-29) [Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.9.0...v3.9.1) ##### Bug Fixes - **types:** support encoding for string type cast ([#​2407](https://togithub.com/sidorares/node-mysql2/issues/2407)) ([1dc2011](https://togithub.com/sidorares/node-mysql2/commit/1dc201144daceab0b12193ada0f13dbb25e917f6)) ### [`v3.9.0`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#390-2024-01-26) [Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.8.0...v3.9.0) ##### Features - introduce typeCast for `execute` method ([#​2398](https://togithub.com/sidorares/node-mysql2/issues/2398)) ([baaa92a](https://togithub.com/sidorares/node-mysql2/commit/baaa92a228d32012f7da07826674f7a736e3791d)) ### [`v3.8.0`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#380-2024-01-23) [Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.7.1...v3.8.0) ##### Features - **perf:** cache iconv decoder ([#​2391](https://togithub.com/sidorares/node-mysql2/issues/2391)) ([b95b3db](https://togithub.com/sidorares/node-mysql2/commit/b95b3dbe4bb34e36d0d1be6948e4d8a169d28eed)) ##### Bug Fixes - **stream:** premature close when using `for await` ([#​2389](https://togithub.com/sidorares/node-mysql2/issues/2389)) ([af47148](https://togithub.com/sidorares/node-mysql2/commit/af4714845603f70e3c1ef635f6c0750ff1987a9e)) - The removeIdleTimeoutConnectionsTimer did not clean up when the … ([#​2384](https://togithub.com/sidorares/node-mysql2/issues/2384)) ([18a44f6](https://togithub.com/sidorares/node-mysql2/commit/18a44f6a0a0b7ef41cc874d7a7bb2d3db83ea533)) - **types:** add missing types to TypeCast ([#​2390](https://togithub.com/sidorares/node-mysql2/issues/2390)) ([78ce495](https://togithub.com/sidorares/node-mysql2/commit/78ce4953e9c66d6cf40ffc2d252fa3701a2d4fe2)) ### [`v3.7.1`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#371-2024-01-17) [Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.7.0...v3.7.1) ##### Bug Fixes - add condition which allows code in callback to be reachable ([#​2376](https://togithub.com/sidorares/node-mysql2/issues/2376)) ([8d5b903](https://togithub.com/sidorares/node-mysql2/commit/8d5b903f5c24ef6378d4aa98d3fd4e13d39be4db)) ### [`v3.7.0`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#370-2024-01-07) [Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.6.5...v3.7.0) ##### Features - **docs:** release documentation website ([#​2339](https://togithub.com/sidorares/node-mysql2/issues/2339)) ([c0d77c0](https://togithub.com/sidorares/node-mysql2/commit/c0d77c02d2f4ad22b46a712d270fc2654d26de4e)) ### [`v3.6.5`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#365-2023-11-22) [Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.6.4...v3.6.5) ##### Bug Fixes - add decodeuricomponent to parse uri encoded special characters in host, username, password and datbase keys ([#​2277](https://togithub.com/sidorares/node-mysql2/issues/2277)) ([fe573ad](https://togithub.com/sidorares/node-mysql2/commit/fe573addffa64a842ae37994fcd8879cefa933f2)) ### [`v3.6.4`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#364-2023-11-21) [Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.6.3...v3.6.4) ##### Bug Fixes - malformed FieldPacket ([#​2280](https://togithub.com/sidorares/node-mysql2/issues/2280)) ([8831e09](https://togithub.com/sidorares/node-mysql2/commit/8831e092024f8d26fe9272adec8e1a5f115735aa)) - move missing options to ` ConnectionOptions ` ([#​2288](https://togithub.com/sidorares/node-mysql2/issues/2288)) ([5cd7639](https://togithub.com/sidorares/node-mysql2/commit/5cd76396d962da070452800597a6f86829b35bd4)) ### [`v3.6.3`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#363-2023-11-03) [Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.6.2...v3.6.3) ##### Bug Fixes - correctly pass values when used with sql-template-strings library ([#​2266](https://togithub.com/sidorares/node-mysql2/issues/2266)) ([6444f99](https://togithub.com/sidorares/node-mysql2/commit/6444f9953ddb08b1b98cd0d7eb0d939d25d3971a)) ### [`v3.6.2`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#362-2023-10-15) [Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.6.1...v3.6.2) ##### Bug Fixes - sql-template-strings/tag compatibility ([#​2238](https://togithub.com/sidorares/node-mysql2/issues/2238)) ([f2efe5a](https://togithub.com/sidorares/node-mysql2/commit/f2efe5a2ddf9e10a83bf24da2af744061b2ae597)) ### [`v3.6.1`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#361-2023-09-06) [Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.6.0...v3.6.1) ##### Bug Fixes - EventEmitter on method signatures to use spread syntax ([#​2200](https://togithub.com/sidorares/node-mysql2/issues/2200)) ([5d21b81](https://togithub.com/sidorares/node-mysql2/commit/5d21b8127b8b6aa4b0308b6482d707d150403990)) ### [`v3.6.0`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#360-2023-08-04) [Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.5.2...v3.6.0) ##### Features - add conn-level `infileStreamFactory` option ([#​2159](https://togithub.com/sidorares/node-mysql2/issues/2159)) ([5bed0f8](https://togithub.com/sidorares/node-mysql2/commit/5bed0f8f195f615844d5dbe322ebfe47b76ba2f5)) ### [`v3.5.2`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#352-2023-07-14) [Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.5.1...v3.5.2) ##### Bug Fixes - Update events that are propagated from pool cluster to include remove ([#​2114](https://togithub.com/sidorares/node-mysql2/issues/2114)) ([927d209](https://togithub.com/sidorares/node-mysql2/commit/927d20945d664c55209fd95b05b2c68904f51acc)) ### [`v3.5.1`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#351-2023-07-10) [Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.5.0...v3.5.1) ##### Bug Fixes - improvements to allow to use Bun and tls ([#​2119](https://togithub.com/sidorares/node-mysql2/issues/2119)) ([fd44a2a](https://togithub.com/sidorares/node-mysql2/commit/fd44a2ab9c08961a898edcfef5ba0035467a28ce)) - missing `ResultSetHeader[]` to `query` and `execute` ([f649486](https://togithub.com/sidorares/node-mysql2/commit/f649486fdd0e95ad9f46c002e385986b52224f68)) ### [`v3.5.0`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#350-2023-07-06) [Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.4.5...v3.5.0) ##### Features - improved inspection of columns ([#​2112](https://togithub.com/sidorares/node-mysql2/issues/2112)) ([69277aa](https://togithub.com/sidorares/node-mysql2/commit/69277aa0430d951d61c485d2cd228c3cd9d4a33c)) ### [`v3.4.5`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#345-2023-07-05) [Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.4.4...v3.4.5) ##### Bug Fixes - handle prepare response with actual number of parameter definition less than reported in the prepare header. Fixes [#​2052](https://togithub.com/sidorares/node-mysql2/issues/2052) ([b658be0](https://togithub.com/sidorares/node-mysql2/commit/b658be0cfbfdec378d71a9d9e70de4a52180cd2d)) ### [`v3.4.4`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#344-2023-07-04) [Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.4.3...v3.4.4) ##### Bug Fixes - add `ProcedureCallPacket` to `execute` overloads ([3566ef7](https://togithub.com/sidorares/node-mysql2/commit/3566ef77a1a45d2cb18b1e32e0a5f4fc325a26cd)) - add `ProcedureCallPacket` to `query` overloads ([352c3bc](https://togithub.com/sidorares/node-mysql2/commit/352c3bc5504d6cb8d9837771a2fa8673db7eb001)) - add `ProcedureCallPacket` to promise-based `execute` overloads ([8292416](https://togithub.com/sidorares/node-mysql2/commit/829241604cfd4cd45b6f5bfd7c36082287da5ca0)) - add `ProcedureCallPacket` to promise-based `query` overloads ([0f31a41](https://togithub.com/sidorares/node-mysql2/commit/0f31a41dcfe65d2953447c7f1a8b5c892f2ceed9)) - create `ProcedureCallPacket` typings ([09ad1d2](https://togithub.com/sidorares/node-mysql2/commit/09ad1d276fcad6c9e3963d54b56c39c26a57b690)) ### [`v3.4.3`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#343-2023-06-30) [Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.4.2...v3.4.3) ##### Bug Fixes - remove acquireTimeout invalid option ([#​2095](https://togithub.com/sidorares/node-mysql2/issues/2095)) ([eb311db](https://togithub.com/sidorares/node-mysql2/commit/eb311dbb988a4d3adada9774d43a79806a453745)) ### [`v3.4.2`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#342-2023-06-26) [Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.4.1...v3.4.2) ##### Bug Fixes - changing type files to declaration type files ([98e6f3a](https://togithub.com/sidorares/node-mysql2/commit/98e6f3a0b1f2d523dc8cb62c67e49d9589c469eb)) ### [`v3.4.1`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#341-2023-06-24) [Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.4.0...v3.4.1) ##### Bug Fixes - `createPool` uri overload ([98623dd](https://togithub.com/sidorares/node-mysql2/commit/98623dd7fc82cfbe556fc4b92828d382b86625d8)) - `PoolCluster` typings ([3902ca6](https://togithub.com/sidorares/node-mysql2/commit/3902ca6534fd64a798c5b2dc29402fe396d4a67c)) - create promise-based `PoolCluster` typings ([7f38496](https://togithub.com/sidorares/node-mysql2/commit/7f38496097fa6d9cfbced604fe0ddc392b1b1979)) - missing `parserCache` in `promise.js` ([7f35cf5](https://togithub.com/sidorares/node-mysql2/commit/7f35cf5f6e69cc8aa3d2008bf5b0434c4d7ee5ac)) - missing constants in `promise.js` ([4ce2c70](https://togithub.com/sidorares/node-mysql2/commit/4ce2c70313ecbe2c4c5fd73f34b4ce7d32a9c83c)) - missing keys for `Types` constant ([86655ec](https://togithub.com/sidorares/node-mysql2/commit/86655ec6ad8ab8deae11a3c4919ae2ee553f4120)) - missing typings for `Charsets` constants ([01f77a0](https://togithub.com/sidorares/node-mysql2/commit/01f77a0db471682e7c4f523bde1189fc5d11d43d)) - missing typings for `CharsetToEncoding` constants ([609229a](https://togithub.com/sidorares/node-mysql2/commit/609229a973031615cb93b5678b5932cf3714480f)) - missing typings for `parserCache` ([891a523](https://togithub.com/sidorares/node-mysql2/commit/891a523939120666e8d85db634262889657aff45)) - missing typings for `Types` constant ([04601dd](https://togithub.com/sidorares/node-mysql2/commit/04601ddbd1430b37a7a7ab8d8d63ad27bd00bb54)) - rename file of typings `Charsets` constants ([51c4196](https://togithub.com/sidorares/node-mysql2/commit/51c4196d50472eb18e440ea0291f2b571a3e7585)) ### [`v3.4.0`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#340-2023-06-19) [Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.3.5...v3.4.0) ##### Features - support STATE_GTIDS session track information ([2b1520f](https://togithub.com/sidorares/node-mysql2/commit/2b1520f4c5c11cda30d69e8b8b20ff03ec469099)) ### [`v3.3.5`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#335-2023-06-12) [Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.3.4...v3.3.5) ##### Bug Fixes - `createPool` `promise` as `PromisePool` ([#​2060](https://togithub.com/sidorares/node-mysql2/issues/2060)) ([ff3c36c](https://togithub.com/sidorares/node-mysql2/commit/ff3c36ca8b092f8ab16fc81400f6c63524cd971d)) - keepAliveInitialDelay not taking effect ([#​2043](https://togithub.com/sidorares/node-mysql2/issues/2043)) ([585911c](https://togithub.com/sidorares/node-mysql2/commit/585911c5d5d4b933e32e5a646574af222b63f530)) ### [`v3.3.4`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#334-2023-06-11) [Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.3.3...v3.3.4) ##### Bug Fixes - `PromisePoolConnection` import name ([76db54a](https://togithub.com/sidorares/node-mysql2/commit/76db54a91e2f9861605d5975158701233879d02c)) - `releaseConnection` types and promise ([4aac9d6](https://togithub.com/sidorares/node-mysql2/commit/4aac9d6a1b379253fa90195ffdc98886b3b87a1b)) ### [`v3.3.3`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#333-2023-05-27) [Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.3.2...v3.3.3) ##### Bug Fixes - add package.json to exports ([#​2026](https://togithub.com/sidorares/node-mysql2/issues/2026)) ([09fd305](https://togithub.com/sidorares/node-mysql2/commit/09fd3059cd91c655e494e40dc4365e58ed069b13)) ### [`v3.3.2`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#332-2023-05-23) [Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.3.1...v3.3.2) ##### Bug Fixes - respect enableKeepAlive option ([#​2016](https://togithub.com/sidorares/node-mysql2/issues/2016)) ([f465c3e](https://togithub.com/sidorares/node-mysql2/commit/f465c3edc707d34a11d9b1796b9472824fdb35df)) ### [`v3.3.1`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#331-2023-05-11) [Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.3.0...v3.3.1) ##### Bug Fixes - LRU constructor ([#​2004](https://togithub.com/sidorares/node-mysql2/issues/2004)) ([fd3d117](https://togithub.com/sidorares/node-mysql2/commit/fd3d117da82cc5c5fa5a3701d7b33ca77691bc61)) - Missing types in "mysql" import ([#​1995](https://togithub.com/sidorares/node-mysql2/issues/1995)) ([b8c79d0](https://togithub.com/sidorares/node-mysql2/commit/b8c79d055762e927da147d08fb375cd11d303868)) ### [`v3.3.0`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#330-2023-05-06) [Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.2.4...v3.3.0) ##### Features - Added updated/new error codes gathered from MySQL 8.0 source code ([#​1990](https://togithub.com/sidorares/node-mysql2/issues/1990)) ([85dc6e5](https://togithub.com/sidorares/node-mysql2/commit/85dc6e56310db1d78078588f48714f574873eec3)) ### [`v3.2.4`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#324-2023-04-25) [Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.2.3...v3.2.4) ##### Bug Fixes - **server:** Added missing encoding argument to server-handshake ([#​1976](https://togithub.com/sidorares/node-mysql2/issues/1976)) ([a4b6b22](https://togithub.com/sidorares/node-mysql2/commit/a4b6b223434d1cbdb5af9141cf3bd085459bb6b8)) ### [`v3.2.3`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#323-2023-04-16) [Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.2.2...v3.2.3) ##### Bug Fixes - **types:** add decimalNumbers to createConnection/createPool typings. fixes [#​1803](https://togithub.com/sidorares/node-mysql2/issues/1803) ([#​1817](https://togithub.com/sidorares/node-mysql2/issues/1817)) ([bb48462](https://togithub.com/sidorares/node-mysql2/commit/bb48462db7b83bd4825a3d53e192e5363139ec3c)) ### [`v3.2.2`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#322-2023-04-16) [Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.2.1...v3.2.2) ##### Bug Fixes - `ConnectionOptions` conflict between `mysql` and `mysql/promise` ([#​1955](https://togithub.com/sidorares/node-mysql2/issues/1955)) ([eca8bda](https://togithub.com/sidorares/node-mysql2/commit/eca8bda9305ab07cf0e46f16f3f13bf1fd82787d)) ### [`v3.2.1`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#321-2023-04-13) [Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.2.0...v3.2.1) ##### Bug Fixes - Add typings for Connection.promise(). ([#​1949](https://togithub.com/sidorares/node-mysql2/issues/1949)) ([e3ca310](https://togithub.com/sidorares/node-mysql2/commit/e3ca3107cbae0050d307f02514598aff4e8ecd60)) - PoolConnection redundancy when extending Connection interface in TypeScript ([7c62d11](https://togithub.com/sidorares/node-mysql2/commit/7c62d1177e79b5063a11fa15a2ac4e3dc3e2a2ed)) ### [`v3.2.0`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#320-2023-03-03) [Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.1.2...v3.2.0) ##### Features - maxVersion ssl option to tls.createSecureContext ([0c40ef9](https://togithub.com/sidorares/node-mysql2/commit/0c40ef9f596fa3bc4f046f523c3595fe7065fde3)) ### [`v3.1.2`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#312-2023-02-08) [Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.1.1...v3.1.2) ##### Bug Fixes - update `lru-cache` reset method to clear ([114f266](https://togithub.com/sidorares/node-mysql2/commit/114f266b18802e52d6b130c2cf379f61a996c2b0)) ### [`v3.1.1`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#311-2023-02-07) [Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.1.0...v3.1.1) ##### Bug Fixes - remove accidental log in caching_sha2\_password.js ([c1202b6](https://togithub.com/sidorares/node-mysql2/commit/c1202b673c8ba9f709c3ebc0d1717ccffca1bd4b)) ### [`v3.1.0`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#310-2023-01-30) [Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.0.1...v3.1.0) ##### Features - cleanup buffer/string conversions in hashing/xor helpers that were failing in Bun ([a2392e2](https://togithub.com/sidorares/node-mysql2/commit/a2392e27de64630affb6e3f6af26f5c59e2e95f9)) ##### Bug Fixes - when port is pased as a string convert it to a number (Bun's net.connect does not automatically convert this) ([703ecb2](https://togithub.com/sidorares/node-mysql2/commit/703ecb2f788cf32acb1b49c7786ff6845640e215)) ### [`v3.0.1`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#301-2023-01-13) [Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v3.0.0...v3.0.1) ##### Miscellaneous Chores - release 3.0.1 ([d5a6b2c](https://togithub.com/sidorares/node-mysql2/commit/d5a6b2ccccc7db4176c880e83c70ccd0be4ad81e)) ### [`v3.0.0`](https://togithub.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#300-2023-01-12) [Compare Source](https://togithub.com/sidorares/node-mysql2/compare/v2.3.3...v3.0.0) - named-placeholders library is updated to use newer `lru-cache` dependency, allowing it do dedupe and be shared between mysql2 and named-placeholders - [https://github.com/sidorares/node-mysql2/issues/1711](https://togithub.com/sidorares/node-mysql2/issues/1711), [https://github.com/mysqljs/named-placeholders/pull/19](https://togithub.com/mysqljs/named-placeholders/pull/19) - `chai` and `mocha` moved to devDependencies [#​1774](https://togithub.com/sidorares/node-mysql2/issues/1774) - Amazon RDS ssl certificates updated including AWS China [#​1754](https://togithub.com/sidorares/node-mysql2/issues/1754) - `TCP_NODELAY` flag enabled, avoiding long connect timeout in some scenarios [#​1751](https://togithub.com/sidorares/node-mysql2/issues/1751) - typing improvements: [#​1675](https://togithub.com/sidorares/node-mysql2/issues/1675), [#​1674](https://togithub.com/sidorares/node-mysql2/issues/1674) - fix: ensure pooled connections get released [#​1666](https://togithub.com/sidorares/node-mysql2/issues/1666) ##### Miscellaneous Chores - release 3.0.0 ([11692b2](https://togithub.com/sidorares/node-mysql2/commit/11692b223ff26784089f444ca6291295bd0e405e))

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Mend Renovate. View repository job log here.

socket-security[bot] commented 2 weeks ago

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/mysql2@3.10.1 environment, network +5 1.74 MB sidorares

🚮 Removed packages: npm/mysql2@2.3.3

View full report↗︎