cube
cube copied to clipboard
chore(deps): bump mysql2 from 2.3.3 to 3.9.8
Bumps mysql2 from 2.3.3 to 3.9.8.
Release notes
Sourced from mysql2's releases.
v3.9.8
3.9.8 (2024-05-26)
Bug Fixes
- security: sanitize fields and tables when using nestTables (#2702) (efe3db5)
- support deno + caching_sha2_password FULL_AUTHENTICATION_PACKET flow (#2704) (2e03694)
- typings: typo from
jonServerPublicKey
toonServerPublicKey
(#2699) (8b5f691)v3.9.7
3.9.7 (2024-04-21)
Bug Fixes
- security: sanitize timezone parameter value to prevent code injection - report by zhaoyudi (Nebulalab) (#2608) (7d4b098)
v3.9.6
3.9.6 (2024-04-18)
Bug Fixes
- binary parser sometimes reads out of packet bounds when results contain null and typecast is false (#2601) (705835d)
v3.9.5
3.9.5 (2024-04-17)
Bug Fixes
v3.9.4
3.9.4 (2024-04-09)
Bug Fixes
- SSL: separate each certificate into an individual item #2542 (63f1055)
- security: improve supportBigNumbers and bigNumberStrings sanitization (#2572) (74abf9e)
- Fixes a potential RCE attack vulnerability reported by Vsevolod Kokorin (Slonser) of Solidlab
- security: improve results object creation (#2574) (4a964a3)
- Fixes a potential Prototype Pollution attack vulnerability reported by Vsevolod Kokorin (Slonser) of Solidlab
- docs: improve the contribution guidelines (#2552) (8a818ce)
v3.9.3
3.9.3 (2024-03-26)
... (truncated)
Changelog
Sourced from mysql2's changelog.
3.9.8 (2024-05-26)
Bug Fixes
- security: sanitize fields and tables when using nestTables (#2702) (efe3db5)
- support deno + caching_sha2_password FULL_AUTHENTICATION_PACKET flow (#2704) (2e03694)
- typings: typo from
jonServerPublicKey
toonServerPublicKey
(#2699) (8b5f691)3.9.7 (2024-04-21)
Bug Fixes
3.9.6 (2024-04-18)
Bug Fixes
- binary parser sometimes reads out of packet bounds when results contain null and typecast is false (#2601) (705835d)
3.9.5 (2024-04-17)
Bug Fixes
3.9.4 (2024-04-09)
Bug Fixes
- docs: improve the contribution guidelines (#2552) (8a818ce)
- security: improve results object creation (#2574) (4a964a3)
- security: improve supportBigNumbers and bigNumberStrings sanitization (#2572) (74abf9e)
3.9.3 (2024-03-26)
Bug Fixes
- security: improve cache key formation (#2424) (0d54b0c)
- Fixes a potential parser cache poisoning attack vulnerability reported by Vsevolod Kokorin (Slonser) of Solidlab
- update Amazon RDS SSL CA cert (#2131) (d9dccfd)
3.9.2 (2024-02-26)
... (truncated)
Commits
f637d3f
chore(master): release 3.9.8 (#2700)efe3db5
fix(security): sanitize fields and tables when using nestTables (#2702)2e03694
fix: support deno + caching_sha2_password FULL_AUTHENTICATION_PACKET flow (#2...8b5f691
fix(typings): typo fromjonServerPublicKey
toonServerPublicKey
(#2699)5c75802
build(deps-dev): bump tsx from 4.10.5 to 4.11.0 in /website (#2695)179769f
build(deps): bump@​easyops-cn/docusaurus-search-local
in /website (#2696)56289e2
build(deps-dev): bump poku from 1.12.1 to 1.13.0 (#2698)b029308
build(deps-dev): bump poku from 1.12.1 to 1.13.0 in /website (#2697)539acb8
build(deps): bump lucide-react from 0.378.0 to 0.379.0 in /website (#2693)dc80580
build(deps-dev): bump@​typescript-eslint/eslint-plugin
from 7.9.0 to 7.10.0 i...- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
-
@dependabot rebase
will rebase this PR -
@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it -
@dependabot merge
will merge this PR after your CI passes on it -
@dependabot squash and merge
will squash and merge this PR after your CI passes on it -
@dependabot cancel merge
will cancel a previously requested merge and block automerging -
@dependabot reopen
will reopen this PR if it is closed -
@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually -
@dependabot show <dependency name> ignore conditions
will show all of the ignore conditions of the specified dependency -
@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.