[Snyk] Upgrade mysql2 from 3.6.0 to 3.11.3

[HelenaMission]

Snyk has created this PR to upgrade mysql2 from 3.6.0 to 3.11.3.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 27 versions ahead of your current version.
• The recommended version was released a month ago, on 2024-09-15.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Poisoning SNYK-JS-MYSQL2-6591084	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Proof of Concept
	Remote Code Execution (RCE) SNYK-JS-MYSQL2-6591085	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Proof of Concept
	Use of Web Browser Cache Containing Sensitive Information SNYK-JS-MYSQL2-6591300	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Proof of Concept
	Arbitrary Code Injection SNYK-JS-MYSQL2-6670046	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Proof of Concept
	Prototype Pollution SNYK-JS-MYSQL2-6861580	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: mysql2

• 3.11.3 - 2024-09-15
  

  3.11.3 (2024-09-14)

  Bug Fixes

  • typings: synchronize types of sqlstring (#3047) (81be01b)
• 3.11.3-canary.81be01b1 - 2024-09-14
• 3.11.2 - 2024-09-11
  

  3.11.2 (2024-09-11)

  Bug Fixes

  • resolve LRU conflicts, cache loss and premature engine breaking change (#2988) (2c3c858)
• 3.11.1 - 2024-09-10
  

  3.11.1 (2024-09-10)

  Bug Fixes

  • createPoolCluster: add pattern and selector to promise-based getConnection (#3017) (ab7c49f)
  • update connection cleanup process to handle expired connections and exceeding config.maxIdle (#3022) (b091cf4)
• 3.11.0 - 2024-07-27
  

  3.11.0 (2024-07-27)

  Features

  • fully support VECTOR type results (9576742 and 3659488 )
• 3.10.3 - 2024-07-15
  

  3.10.3 (2024-07-15)

  Bug Fixes

  • handshake SSL error with AWS RDS (#2857) (de071bb)
• 3.10.2 - 2024-07-01
  

  3.10.2 (2024-07-01)

  Bug Fixes

  • typeCast: ensure the same behavior for field.string() with query and execute (#2820) (27e38ea)
• 3.10.1 - 2024-06-13
  

  3.10.1 (2024-06-13)

  Bug Fixes

  • setMaxParserCache throws TypeError (#2757) (aa8604a)
• 3.10.0 - 2024-05-30
  

  3.10.0 (2024-05-30)

  Features

  • add jsonStrings option (#2642) (9820fe5)

  Bug Fixes

  • stream: reads should emit the dataset number for each dataset (#2496, #2628) (4dab4ca)
• 3.9.9 - 2024-05-29
  

  3.9.9 (2024-05-29)

  Bug Fixes

  • connection config: remove keepAliveInitialDelay default value (#2712) (688ebab)
• 3.9.8 - 2024-05-26
  

  3.9.8 (2024-05-26)

  Bug Fixes

  • security: sanitize fields and tables when using nestTables (#2702) (efe3db5)
  • support deno + caching_sha2_password FULL_AUTHENTICATION_PACKET flow (#2704) (2e03694)
  • typings: typo from jonServerPublicKey to onServerPublicKey (#2699) (8b5f691)
• 3.9.7 - 2024-04-21
• 3.9.6 - 2024-04-18
• 3.9.5 - 2024-04-17
• 3.9.4 - 2024-04-09
• 3.9.3 - 2024-03-26
• 3.9.2 - 2024-02-26
• 3.9.1 - 2024-01-29
• 3.9.0 - 2024-01-26
• 3.8.0 - 2024-01-23
• 3.7.1 - 2024-01-17
• 3.7.0 - 2024-01-07
• 3.6.5 - 2023-11-22
• 3.6.4 - 2023-11-21
• 3.6.3 - 2023-11-03
• 3.6.2 - 2023-10-15
• 3.6.1 - 2023-09-09
• 3.6.0 - 2023-08-04

from mysql2 GitHub release notes

Commit messages

Package name: mysql2

• 069fa05 chore(master): release 3.11.3 (#3053)
• aac67a6 build(deps-dev): bump eslint-plugin-react in /website (#3052)
• 4568436 build(deps): bump lucide-react from 0.439.0 to 0.441.0 in /website (#3051)
• b634c9a build(deps-dev): bump tsx from 4.19.0 to 4.19.1 in /website (#3048)
• 81be01b fix(typings): synchronize types of sqlstring (#3047)
• 3d2327d build(deps): bump lru.min from 1.0.0 to 1.1.0 (#3046)
• 7c15a44 cd: add canary deploy (#3044)
• 66b57e9 chore(master): release 3.11.2 (#3043)
• 2c3c858 fix: resolve LRU conflicts, cache loss and premature engine breaking change (#2988)
• 0b01333 build(deps-dev): bump typescript from 5.5.4 to 5.6.2 in /website (#3037)
• ab3a34b build(deps): bump send and express in /website (#3039)
• 9257a14 build(deps-dev): bump poku from 2.6.1 to 2.6.2 in /website (#3036)
• ac87cc1 build(deps-dev): bump poku from 2.6.1 to 2.6.2 (#3033)
• d2983bc build(deps-dev): bump typescript from 5.5.3 to 5.6.2 (#3032)
• 2530b62 chore(master): release 3.11.1 (#3024)
• b091cf4 fix: update connection cleanup process to handle expired connections and exceeding `config.maxIdle` (#3022)
• 3298e50 chore(npm): improve transparency by adding provenance (#3029)
• 3a2ef50 build(deps-dev): bump poku from 2.6.0 to 2.6.1 in /website (#3027)
• 5963e9e build(deps-dev): bump poku from 2.6.0 to 2.6.1 (#3026)
• ab7c49f fix(createPoolCluster): add pattern and selector to promise-based `getConnection` (#3017)
• dc3a680 build(deps): bump lucide-react from 0.438.0 to 0.439.0 in /website (#3018)
• dee0c08 build(deps-dev): bump poku from 2.5.0 to 2.6.0 in /website (#3015)
• 92c5a3a build(deps-dev): bump poku from 2.5.0 to 2.6.0 (#3014)
• 2f6e106 build(deps-dev): bump @ types/node from 22.5.3 to 22.5.4 (#3013)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs