next-upload
next-upload copied to clipboard
TimMikeladze
chore(deps): update dependency mysql2 to v3.9.8 [security]
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| mysql2 (source) | 3.9.4 -> 3.9.8 |
GitHub Vulnerability Alerts
CVE-2024-21511
Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function.
CVE-2024-21512
Versions of the package mysql2 before 3.9.8 are vulnerable to Prototype Pollution due to improper user input sanitization passed to fields and tables when using nestTables.
Release Notes
sidorares/node-mysql2 (mysql2)
v3.9.8
Bug Fixes
- security: sanitize fields and tables when using nestTables (#2702) (efe3db5)
- support deno + caching_sha2_password FULL_AUTHENTICATION_PACKET flow (#2704) (2e03694)
- typings: typo from
jonServerPublicKeytoonServerPublicKey(#2699) (8b5f691)
v3.9.7
Bug Fixes
v3.9.6
Bug Fixes
- binary parser sometimes reads out of packet bounds when results contain null and typecast is false (#2601) (705835d)
v3.9.5
Bug Fixes
Configuration
📅 Schedule: Branch creation - "" in timezone America/Los_Angeles, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
- [ ] If you want to rebase/retry this PR, check this box
This PR was generated by Mend Renovate. View the repository job log.
![renovate[bot] avatar](https://avatars.githubusercontent.com/in/2740?v=4 "Published by a pub.dev verified publisher"){kind=small}