Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency mysql2 to v3.9.4 [SECURITY] #20017

Closed
wants to merge 1 commit into from
Closed

Update dependency mysql2 to v3.9.4 [SECURITY] #20017

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Apr 12, 2024
edited
Loading

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
mysql2 (source) 3.9.3 -> 3.9.4 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2024-21509

Versions of the package mysql2 before 3.9.4 are vulnerable to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through parserFn in text_parser.js and binary_parser.js.

CVE-2024-21508

Versions of the package mysql2 before 3.9.4 are vulnerable to Remote Code Execution (RCE) via the readCodeFor function due to improper validation of the supportBigNumbers and bigNumberStrings values.

Release Notes

sidorares/node-mysql2 (mysql2)

v3.9.4

Compare Source

Bug Fixes

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Never, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot enabled auto-merge (rebase) April 12, 2024 18:38
@renovate renovate bot force-pushed the renovate/npm-mysql2-vulnerability branch from 4ff0f2f to 19167b6 Compare April 12, 2024 20:42
@daniellockyer
Copy link
Member

I think tests are failing because of sidorares/node-mysql2#2585

@renovate renovate bot force-pushed the renovate/npm-mysql2-vulnerability branch from 19167b6 to cb96df3 Compare April 18, 2024 11:00
@renovate renovate bot force-pushed the renovate/npm-mysql2-vulnerability branch from cb96df3 to a08e5ff Compare April 18, 2024 11:14
auto-merge was automatically disabled April 18, 2024 14:53

Pull request was closed

@daniellockyer daniellockyer deleted the renovate/npm-mysql2-vulnerability branch April 18, 2024 14:53
@renovate Renovate
Copy link
Contributor Author

renovate bot commented Apr 18, 2024

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update (3.9.4). You will get a PR once a newer version is released. To ignore this dependency forever, add it to the ignoreDeps array of your Renovate config.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
blocked
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@daniellockyer