Closed fengmk2 closed 2 months ago
The update in the package.json
file involves upgrading the mysql2
package from version ^2.3.0
to ^3.9.4
for security reasons. Additionally, the adjustment in the workflow configuration removes Node.js version 16 from the versions tested against.
File(s) | Change Summary |
---|---|
package.json |
Increased mysql2 version from ^2.3.0 to ^3.9.4 . |
.github/workflows/nodejs.yml |
Removed Node.js version 16 from the supported versions in the workflow. |
Objective | Addressed | Explanation |
---|---|---|
Use mysql2 v3 for security update (#668) | ✅ |
🐰✨ Hopping through the code, with a swift, joyful tweak, Updated a line, now the future's not bleak. Security's tight, with version three-nine, Now safer we are, with this change so fine! Cheers to the devs, with carrots to seek! 🥕 🐰✨
.github/workflows/nodejs.yml (1)
`35-35`: Updated Node.js versions to 18, 20, and 21, removing version 16 due to compatibility issues. Ensure that the application is fully compatible with these newer versions.
New and removed dependencies detected. Learn more about Socket for GitHub ↗︎
Package | New capabilities | Transitives | Size | Publisher |
---|---|---|---|---|
npm/mysql2@3.9.4 | environment, network Transitive: eval | +6 |
1.84 MB | sidorares |
🚮 Removed packages: npm/mysql2@2.3.3, npm/s3-cnpmcore@1.1.2, npm/semver@7.6.0, npm/ssri@8.0.1, npm/type-fest@2.19.0, npm/typescript@5.2.2, npm/ua-parser-js@1.0.37, npm/validate-npm-package-name@3.0.0
/opt/hostedtoolcache/node/16.20.2/x64/bin/node: Error: Attempt to revert an unknown CVE [CVE-2023-46809]
@killagu 看起来得判断一下,在 node 16 不能 revert 了
closes https://github.com/cnpm/cnpmcore/issues/668
Summary by CodeRabbit