Skip to content

Update dependency mysql2 to v3.9.8 [SECURITY]#144

Open
renovate[bot] wants to merge 1 commit intomasterfrom
renovate/npm-mysql2-vulnerability
Open

Update dependency mysql2 to v3.9.8 [SECURITY]#144
renovate[bot] wants to merge 1 commit intomasterfrom
renovate/npm-mysql2-vulnerability

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Apr 12, 2024
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
mysql2 (source) 3.9.33.9.8 age confidence

GitHub Vulnerability Alerts

CVE-2024-21509

Versions of the package mysql2 before 3.9.4 are vulnerable to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through parserFn in text_parser.js and binary_parser.js.

CVE-2024-21508

Versions of the package mysql2 before 3.9.4 are vulnerable to Remote Code Execution (RCE) via the readCodeFor function due to improper validation of the supportBigNumbers and bigNumberStrings values.

CVE-2024-21511

Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function.

CVE-2024-21512

Versions of the package mysql2 before 3.9.8 are vulnerable to Prototype Pollution due to improper user input sanitization passed to fields and tables when using nestTables.

Release Notes

sidorares/node-mysql2 (mysql2)

v3.9.8

Compare Source

Bug Fixes
  • security: sanitize fields and tables when using nestTables (#​2702) (efe3db5)
  • support deno + caching_sha2_password FULL_AUTHENTICATION_PACKET flow (#​2704) (2e03694)
  • typings: typo from jonServerPublicKey to onServerPublicKey (#​2699) (8b5f691)

v3.9.7

Compare Source

Bug Fixes
  • security: sanitize timezone parameter value to prevent code injection (#​2608) (7d4b098)

v3.9.6

Compare Source

Bug Fixes
  • binary parser sometimes reads out of packet bounds when results contain null and typecast is false (#​2601) (705835d)

v3.9.5

Compare Source

Bug Fixes

v3.9.4

Compare Source

Bug Fixes

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot force-pushed the renovate/npm-mysql2-vulnerability branch from 9c9ce61 to c472e32 Compare April 22, 2024 03:52
@renovate renovate bot changed the title Update dependency mysql2 to v3.9.4 [SECURITY] Update dependency mysql2 to v3.9.7 [SECURITY] Apr 24, 2024
@renovate renovate bot force-pushed the renovate/npm-mysql2-vulnerability branch 2 times, most recently from 6d8151d to b1d1dd8 Compare April 29, 2024 04:02
@renovate renovate bot force-pushed the renovate/npm-mysql2-vulnerability branch from b1d1dd8 to 982577c Compare May 6, 2024 04:41
@renovate renovate bot force-pushed the renovate/npm-mysql2-vulnerability branch from 982577c to 0811205 Compare May 13, 2024 09:10
@renovate renovate bot force-pushed the renovate/npm-mysql2-vulnerability branch from 0811205 to a6f5b30 Compare May 27, 2024 05:01
@renovate renovate bot changed the title Update dependency mysql2 to v3.9.7 [SECURITY] Update dependency mysql2 to v3.9.8 [SECURITY] May 30, 2024
@renovate renovate bot force-pushed the renovate/npm-mysql2-vulnerability branch 2 times, most recently from 0b8f3b7 to 3f58da5 Compare June 3, 2024 03:07
@renovate renovate bot force-pushed the renovate/npm-mysql2-vulnerability branch 2 times, most recently from e28cd08 to a204a59 Compare June 17, 2024 06:35
@renovate renovate bot force-pushed the renovate/npm-mysql2-vulnerability branch 2 times, most recently from d558833 to 75942fc Compare July 8, 2024 03:53
@renovate renovate bot force-pushed the renovate/npm-mysql2-vulnerability branch from 75942fc to 151c113 Compare July 15, 2024 08:13
@renovate renovate bot force-pushed the renovate/npm-mysql2-vulnerability branch from 151c113 to 4642c83 Compare July 29, 2024 06:13
@renovate renovate bot force-pushed the renovate/npm-mysql2-vulnerability branch from 4642c83 to 69de1f5 Compare August 12, 2024 08:04
@renovate renovate bot force-pushed the renovate/npm-mysql2-vulnerability branch 2 times, most recently from 2be24ec to d6ebbcb Compare September 2, 2024 04:41
@renovate renovate bot force-pushed the renovate/npm-mysql2-vulnerability branch 2 times, most recently from d72586e to 549d282 Compare September 16, 2024 03:11
@renovate renovate bot force-pushed the renovate/npm-mysql2-vulnerability branch from 549d282 to 0d565bf Compare September 23, 2024 07:48
@renovate renovate bot force-pushed the renovate/npm-mysql2-vulnerability branch from 0d565bf to 7dcd813 Compare October 7, 2024 03:13
@renovate renovate bot force-pushed the renovate/npm-mysql2-vulnerability branch from 7dcd813 to ebb3780 Compare October 14, 2024 06:09
@renovate renovate bot force-pushed the renovate/npm-mysql2-vulnerability branch from ebb3780 to fb29eb7 Compare October 28, 2024 08:10
@renovate renovate bot force-pushed the renovate/npm-mysql2-vulnerability branch from fb29eb7 to 7871fc8 Compare November 11, 2024 03:47
@renovate renovate bot force-pushed the renovate/npm-mysql2-vulnerability branch from 7871fc8 to 15e45df Compare November 18, 2024 07:49
@renovate renovate bot force-pushed the renovate/npm-mysql2-vulnerability branch from 15e45df to b1038c2 Compare December 2, 2024 07:50
@renovate renovate bot changed the title Update dependency mysql2 to v3.9.8 [SECURITY] Update dependency mysql2 to v3.9.8 [SECURITY] - autoclosed Dec 8, 2024
@renovate renovate bot closed this Dec 8, 2024
@renovate renovate bot force-pushed the renovate/npm-mysql2-vulnerability branch from a4e9ec5 to 7b66aab Compare March 3, 2025 07:30
@renovate renovate bot force-pushed the renovate/npm-mysql2-vulnerability branch from 7b66aab to 5f1da44 Compare March 10, 2025 12:12
@renovate renovate bot force-pushed the renovate/npm-mysql2-vulnerability branch from 5f1da44 to 4676b4a Compare March 24, 2025 12:42
@renovate renovate bot force-pushed the renovate/npm-mysql2-vulnerability branch from 4676b4a to ae98e68 Compare April 7, 2025 05:32
@renovate renovate bot force-pushed the renovate/npm-mysql2-vulnerability branch from ae98e68 to ee1efd8 Compare April 14, 2025 11:34
@renovate renovate bot force-pushed the renovate/npm-mysql2-vulnerability branch from ee1efd8 to 39a116a Compare May 5, 2025 06:17
@renovate renovate bot force-pushed the renovate/npm-mysql2-vulnerability branch from 39a116a to e306a64 Compare May 12, 2025 10:23
@renovate renovate bot force-pushed the renovate/npm-mysql2-vulnerability branch 2 times, most recently from 703e2f6 to bf620fa Compare June 2, 2025 04:31
@renovate renovate bot force-pushed the renovate/npm-mysql2-vulnerability branch from bf620fa to c5214ab Compare June 9, 2025 05:27
@renovate renovate bot force-pushed the renovate/npm-mysql2-vulnerability branch from c5214ab to b168bb1 Compare June 23, 2025 11:41
@renovate renovate bot force-pushed the renovate/npm-mysql2-vulnerability branch from b168bb1 to 2260445 Compare July 7, 2025 10:10
@renovate renovate bot force-pushed the renovate/npm-mysql2-vulnerability branch from 2260445 to 0b72cda Compare July 21, 2025 12:08
@renovate renovate bot force-pushed the renovate/npm-mysql2-vulnerability branch 2 times, most recently from 53da44d to ff2e40e Compare August 11, 2025 05:00
@renovate renovate bot force-pushed the renovate/npm-mysql2-vulnerability branch from ff2e40e to d888767 Compare August 18, 2025 05:12
@renovate renovate bot force-pushed the renovate/npm-mysql2-vulnerability branch from d888767 to 40d8a96 Compare August 25, 2025 11:02
@renovate renovate bot force-pushed the renovate/npm-mysql2-vulnerability branch from 40d8a96 to a7a5b74 Compare September 15, 2025 05:43
@renovate renovate bot force-pushed the renovate/npm-mysql2-vulnerability branch 2 times, most recently from 2bf22ae to 29d41f9 Compare September 25, 2025 20:32
@renovate renovate bot force-pushed the renovate/npm-mysql2-vulnerability branch from 29d41f9 to f51f3c7 Compare October 6, 2025 08:48
@renovate renovate bot force-pushed the renovate/npm-mysql2-vulnerability branch from f51f3c7 to 0da5bed Compare October 20, 2025 04:39
@renovate renovate bot force-pushed the renovate/npm-mysql2-vulnerability branch from 0da5bed to 9fac06a Compare October 27, 2025 11:38
@renovate renovate bot force-pushed the renovate/npm-mysql2-vulnerability branch from 9fac06a to 7f85a78 Compare November 10, 2025 10:42
@renovate renovate bot force-pushed the renovate/npm-mysql2-vulnerability branch from 7f85a78 to 583178f Compare November 24, 2025 04:51
@renovate renovate bot force-pushed the renovate/npm-mysql2-vulnerability branch from 583178f to 0e80104 Compare December 1, 2025 14:00
@renovate renovate bot force-pushed the renovate/npm-mysql2-vulnerability branch from 0e80104 to b64c84f Compare December 15, 2025 04:50
@renovate renovate bot force-pushed the renovate/npm-mysql2-vulnerability branch from b64c84f to fe7a334 Compare February 12, 2026 11:36
@renovate renovate bot force-pushed the renovate/npm-mysql2-vulnerability branch from fe7a334 to 7606d85 Compare March 5, 2026 20:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants