[Snyk] Upgrade mysql2 from 2.3.3 to 3.12.0 #1092

q1blue · 2025-01-13T16:41:38Z

Snyk has created this PR to upgrade mysql2 from 2.3.3 to 3.12.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

The recommended version is 62 versions ahead of your current version.
The recommended version was released 21 days ago.

Issues fixed by the recommended upgrade:

Issue	Score	Exploit Maturity
Prototype Pollution SNYK-JS-MYSQL2-6861580	264	Proof of Concept
Prototype Poisoning SNYK-JS-MYSQL2-6591084	264	Proof of Concept
Remote Code Execution (RCE) SNYK-JS-MYSQL2-6591085	264	Proof of Concept
Use of Web Browser Cache Containing Sensitive Information SNYK-JS-MYSQL2-6591300	264	Proof of Concept
Arbitrary Code Injection SNYK-JS-MYSQL2-6670046	264	Proof of Concept

Release notes

Package name: mysql2

3.12.0 - 2024-12-23
3.12.0 (2024-12-23)

Features
- PoolCluster: restoreNodeTimeout implementation (#3218) (9a38601)
3.11.6-canary.9a386018 - 2024-12-04
3.11.5 - 2024-11-28
3.11.5 (2024-11-28)

Bug Fixes
- fix datetime fields returned without time part when time is 00:00:00 (#3204) (bded498)
- resolve circular dependencies (#3081) (d5a76e6)
- Deno v2 requires commonjs type explicitly (#3209) (cdc9415)
3.11.5-canary.d5a76e6c - 2024-11-13
3.11.5-canary.cdc9415c - 2024-11-15
3.11.5-canary.bded4980 - 2024-11-14
3.11.4 - 2024-11-05
3.11.4 (2024-11-05)

Bug Fixes
- types: correct TypeCast's Next callback to return unknown (#3129) (401db79)
3.11.4-canary.401db79b - 2024-10-31
3.11.3 - 2024-09-15
3.11.3 (2024-09-14)

Bug Fixes
- typings: synchronize types of sqlstring (#3047) (81be01b)
3.11.3-canary.81be01b1 - 2024-09-14
3.11.2 - 2024-09-11
3.11.2 (2024-09-11)

Bug Fixes
- resolve LRU conflicts, cache loss and premature engine breaking change (#2988) (2c3c858)
3.11.1 - 2024-09-10
3.11.1 (2024-09-10)

Bug Fixes
- createPoolCluster: add pattern and selector to promise-based getConnection (#3017) (ab7c49f)
- update connection cleanup process to handle expired connections and exceeding config.maxIdle (#3022) (b091cf4)
3.11.0 - 2024-07-27
3.11.0 (2024-07-27)

Features
- fully support VECTOR type results (9576742 and 3659488 )
3.10.3 - 2024-07-15
3.10.3 (2024-07-15)

Bug Fixes
- handshake SSL error with AWS RDS (#2857) (de071bb)
3.10.2 - 2024-07-01
3.10.2 (2024-07-01)

Bug Fixes
- typeCast: ensure the same behavior for field.string() with query and execute (#2820) (27e38ea)
3.10.1 - 2024-06-13
3.10.1 (2024-06-13)

Bug Fixes
- setMaxParserCache throws TypeError (#2757) (aa8604a)
3.10.0 - 2024-05-30
3.9.9 - 2024-05-29
3.9.8 - 2024-05-26
3.9.7 - 2024-04-21
3.9.6 - 2024-04-18
3.9.5 - 2024-04-17
3.9.4 - 2024-04-09
3.9.3 - 2024-03-26
3.9.2 - 2024-02-26
3.9.1 - 2024-01-29
3.9.0 - 2024-01-26
3.8.0 - 2024-01-23
3.7.1 - 2024-01-17
3.7.0 - 2024-01-07
3.6.5 - 2023-11-22
3.6.4 - 2023-11-21
3.6.3 - 2023-11-03
3.6.2 - 2023-10-15
3.6.1 - 2023-09-09
3.6.0 - 2023-08-04
3.5.2 - 2023-07-17
3.5.1 - 2023-07-10
3.5.0 - 2023-07-06
3.4.5 - 2023-07-05
3.4.4 - 2023-07-04
3.4.3 - 2023-06-30
3.4.2 - 2023-06-26
3.4.1 - 2023-06-24
3.4.0 - 2023-06-19
3.3.5 - 2023-06-13
3.3.4 - 2023-06-11
3.3.3 - 2023-05-27
3.3.2 - 2023-05-23
3.3.1 - 2023-05-11
3.3.0 - 2023-05-06
3.2.4 - 2023-04-25
3.2.3 - 2023-04-16
3.2.2 - 2023-04-16
3.2.1 - 2023-04-13
3.2.0 - 2023-03-03
3.1.2 - 2023-02-08
3.1.1 - 2023-02-07
3.1.0 - 2023-01-30
3.0.1 - 2023-01-13
3.0.0 - 2023-01-12
3.0.0-rc.1 - 2022-11-06
2.3.3 - 2021-11-14

from mysql2 GitHub release notes

Important

Warning: This PR contains a major version upgrade, and may be a breaking change.
Check the changes in this PR to ensure they won't cause issues with your project.
This PR was automatically created by Snyk using the credentials of a real user.
Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

📜 Customise PR templates

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade mysql2 from 2.3.3 to 3.12.0. See this package in npm: mysql2 See this project in Snyk: https://app.snyk.io/org/q1blue-rxw/project/061589ad-3276-41ad-ab3d-5cb52331031e?utm_source=github&utm_medium=referral&page=upgrade-pr

changeset-bot · 2025-01-13T16:41:42Z

⚠️ No Changeset found

Latest commit: 42194c4

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

socket-security · 2025-01-13T16:43:10Z

New, updated, and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@babel/[email protected]	None	`0`	49.5 kB	nicolo-ribaudo
npm/@babel/[email protected]	environment, filesystem, unsafe	`0`	176 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	118 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	2.68 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	3.39 kB	nicolo-ribaudo
npm/@babel/[email protected]	Transitive: environment, filesystem	`+1`	85.5 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	52 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	7.54 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	202 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	4.32 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	6.47 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	2.54 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	3.45 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	49.6 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	16.3 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	39.8 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	3.29 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	4.42 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	4.25 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	9.86 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	5.01 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	3.24 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	4.33 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	19 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	4.53 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	5.3 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`+1`	240 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	4.87 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	1.65 MB	nicolo-ribaudo
npm/@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression@7.16.2	None	`0`	7.66 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	9.87 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	7.45 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	3.32 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	4.3 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	3.65 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	4.22 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	3.42 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	4.52 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	4.38 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	3.28 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	21.2 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	3.21 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	30.5 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	3.15 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	7.17 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	3.46 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	2.47 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	2.62 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	3.16 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	4.02 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	3.71 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	27.2 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	26.1 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	7.69 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	20.8 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	3.11 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	4.24 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	3.31 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	14.7 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	3.39 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	3.02 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	3.26 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	7.87 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	9.82 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	20.7 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	9.37 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	3.25 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	4.42 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	3.65 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	17.9 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	3.13 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	2.58 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	2.94 kB	nicolo-ribaudo
npm/@babel/[email protected]	unsafe	`0`	13.4 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	3.94 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	7.61 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	3.08 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	6.14 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	4.89 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	5.99 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	2.94 kB	nicolo-ribaudo
npm/@babel/[email protected]	environment	`0`	49.4 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	38.8 kB	developit
npm/@babel/[email protected]	None	`+1`	177 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	`0`	21.4 kB	nicolo-ribaudo
npm/@babel/[email protected]	environment	`0`	1.03 MB	nicolo-ribaudo
npm/@csstools/[email protected]	None	`0`	63.2 kB	jonathantneal
npm/@gar/[email protected]	None	`0`	3.1 kB	gar
npm/@npmcli/[email protected]	filesystem	`+1`	112 kB	nlf
npm/@npmcli/[email protected]	filesystem	`0`	7.89 kB	nlf
npm/@rails/[email protected]	None	`0`	40.3 kB	rafaelfranca
npm/@rails/[email protected]	None	`0`	63.5 kB	rafaelfranca
npm/@rails/[email protected]	None	`0`	40.4 kB	rafaelfranca
npm/@rails/[email protected]	environment, filesystem, network	`0`	61.3 kB	dhh
npm/@types/[email protected]	None	`0`	6.61 kB	types
npm/@types/[email protected] 🔁 npm/@types/[email protected]	None	`0`	32.2 kB	types
npm/@types/[email protected]	None	`0`	8.2 kB	types
npm/@types/[email protected]	None	`0`	1.65 MB	types
npm/@types/[email protected] 🔁 npm/@types/[email protected]	None	`0`	2.74 kB	types
npm/@types/[email protected]	None	`0`	32.2 kB	types
npm/@webassemblyjs/[email protected]	None	`0`	180 kB	xtuc
npm/@webassemblyjs/[email protected]	None	`0`	6.37 kB	xtuc
npm/@webassemblyjs/[email protected]	None	`0`	6.1 kB	xtuc
npm/@webassemblyjs/[email protected]	None	`0`	8.7 kB	xtuc
npm/@webassemblyjs/[email protected]	None	`0`	4.28 kB	xtuc
npm/@webassemblyjs/[email protected]	None	`0`	9.07 kB	xtuc
npm/@webassemblyjs/[email protected]	None	`0`	29.8 kB	xtuc
npm/@webassemblyjs/[email protected]	None	`0`	24.2 kB	xtuc
npm/@webassemblyjs/[email protected]	None	`0`	19 kB	xtuc
npm/@webassemblyjs/[email protected]	None	`0`	5.19 kB	xtuc
npm/@webassemblyjs/[email protected]	None	`0`	46.1 kB	xtuc
npm/@webassemblyjs/[email protected]	None	`0`	11.2 kB	xtuc
npm/@webassemblyjs/[email protected]	None	`0`	29.4 kB	xtuc
npm/@webassemblyjs/[email protected]	None	`0`	23.9 kB	xtuc
npm/@webassemblyjs/[email protected]	None	`0`	9.34 kB	xtuc
npm/@webassemblyjs/[email protected]	None	`0`	122 kB	xtuc
npm/@webassemblyjs/[email protected]	None	`0`	137 kB	xtuc
npm/@webassemblyjs/[email protected]	None	`0`	37.3 kB	xtuc
npm/@xtuc/[email protected]	None	`0`	8.57 kB	xtuc
npm/@xtuc/[email protected]	None	`0`	190 kB	xtuc
npm/[email protected]	None	`+1`	34.7 kB	dougwilson
npm/[email protected]	None	`0`	1.19 MB	marijn
npm/[email protected]	None	`0`	6.69 kB	sindresorhus
npm/[email protected]	None	`0`	41.7 kB	esp
npm/[email protected]	None	`0`	72.9 kB	esp
npm/[email protected]	eval	`0`	929 kB	esp
npm/[email protected]	None	`0`	6.4 kB	trysound
npm/[email protected]	environment	`0`	21.2 kB	jonschlinkert
npm/[email protected]	None	`0`	20.1 kB	mahdyar
npm/[email protected]	None	`0`	5.14 kB	sindresorhus
npm/[email protected]	None	`0`	9.37 kB	sindresorhus
npm/[email protected]	None	`0`	9.54 kB	paulmillr
npm/[email protected]	None	`0`	8.18 kB	iarna
npm/[email protected]	None	`0`	7.9 kB	jonschlinkert
npm/[email protected]	None	`0`	6.88 kB	jonschlinkert
npm/[email protected]	None	`0`	6.66 kB	jonschlinkert
npm/[email protected]	None	`0`	6.24 kB	blakeembrey
npm/[email protected]	None	`0`	2.47 kB	sindresorhus
npm/[email protected]	None	`0`	3.57 kB	sindresorhus
npm/[email protected]	None	`0`	7.16 kB	jonschlinkert
npm/[email protected]	Transitive: environment	`+2`	84.3 kB	goto-bus-stop
npm/[email protected]	None	`0`	5.85 kB	phated
npm/[email protected]	None	`0`	3.95 kB	paulmillr
npm/[email protected]	None	`0`	6.9 kB	strml
npm/[email protected]	None	`0`	541 kB	aearly
npm/[email protected]	None	`0`	36.2 kB	coolaj86
npm/[email protected]	environment	`+1`	1.71 MB	ai
npm/[email protected]	filesystem	`0`	41.7 kB	nicolo-ribaudo

🚮 Removed packages: npm/@goparrot/[email protected], npm/@koa/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/[email protected]

View full report↗︎

socket-security · 2025-01-13T16:43:12Z

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source	CI
Critical CVE	npm/@babel/[email protected]	CVE: GHSA-67hx-6x53-jw92 Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code (CRITICAL) Affected versions: < 7.23.2 Patched version: 7.23.2	`etl/yarn.lock`	⚠︎

View full report↗︎

Next steps

What is a critical CVE?

Contains a Critical Common Vulnerability and Exposure (CVE).

Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

@SocketSecurity ignore npm/@babel/[email protected]

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade mysql2 from 2.3.3 to 3.12.0 #1092

[Snyk] Upgrade mysql2 from 2.3.3 to 3.12.0 #1092

q1blue commented Jan 13, 2025

3.12.0 (2024-12-23)

Features

3.11.5 (2024-11-28)

Bug Fixes

3.11.4 (2024-11-05)

Bug Fixes

3.11.3 (2024-09-14)

Bug Fixes

3.11.2 (2024-09-11)

Bug Fixes

3.11.1 (2024-09-10)

Bug Fixes

3.11.0 (2024-07-27)

Features

3.10.3 (2024-07-15)

Bug Fixes

3.10.2 (2024-07-01)

Bug Fixes

3.10.1 (2024-06-13)

Bug Fixes

changeset-bot bot commented Jan 13, 2025

socket-security bot commented Jan 13, 2025

socket-security bot commented Jan 13, 2025

[Snyk] Upgrade mysql2 from 2.3.3 to 3.12.0 #1092

Are you sure you want to change the base?

[Snyk] Upgrade mysql2 from 2.3.3 to 3.12.0 #1092

Conversation

q1blue commented Jan 13, 2025

Snyk has created this PR to upgrade mysql2 from 2.3.3 to 3.12.0.

Issues fixed by the recommended upgrade:

3.12.0 (2024-12-23)

Features

3.11.5 (2024-11-28)

Bug Fixes

3.11.4 (2024-11-05)

Bug Fixes

3.11.3 (2024-09-14)

Bug Fixes

3.11.2 (2024-09-11)

Bug Fixes

3.11.1 (2024-09-10)

Bug Fixes

3.11.0 (2024-07-27)

Features

3.10.3 (2024-07-15)

Bug Fixes

3.10.2 (2024-07-01)

Bug Fixes

3.10.1 (2024-06-13)

Bug Fixes

changeset-bot bot commented Jan 13, 2025

⚠️ No Changeset found

socket-security bot commented Jan 13, 2025

socket-security bot commented Jan 13, 2025

Next steps