Mysql2 dependency update needed

chill117 / express-mysql-session

A MySQL session store for the express framework in node

MIT License

313 stars 106 forks source link

Closed Nickk4 closed 2 months ago

Nickk4 commented 2 months ago

Mysql2 dependency has a critical security warning and needs to be updated to 3.9.4 or higher: https://github.com/advisories/GHSA-fpw7-j2hg-69v5

pfiadDi commented 2 months ago

Bump!

chill117 commented 2 months ago

Updated mysql2 and a few dev dependencies to latest versions. Release version v3.0.1 now available.

Bump!

I don't think bumping is needed only a few hours after the issue was posted ;)

Nickk4 commented 2 months ago

Sorry, @chill117 , but there seems to be another critical security issue with mysql2: https://github.com/advisories/GHSA-4rch-2fh8-94vw Now it needs to be updated to 3.9.7 or higher...

chill117 commented 2 months ago

Updated

chriscant commented 1 month ago

Hello @chill117 another security update for mysql2 is required: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-21512 Can you please bump to 3.9.8 or later thanks