[Snyk] Upgrade mysql2 from 3.7.0 to 3.9.7

[anand-py]

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade mysql2 from 3.7.0 to 3.9.7.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 10 versions ahead of your current version.

• The recommended version was released on a month ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Prototype Poisoning SNYK-JS-MYSQL2-6591084	646	Proof of Concept
	Remote Code Execution (RCE) SNYK-JS-MYSQL2-6591085	646	Proof of Concept
	Improper Input Validation SNYK-JS-MYSQL2-6591300	646	Proof of Concept
	Arbitrary Code Injection SNYK-JS-MYSQL2-6670046	646	Proof of Concept

Release notes

Package name: mysql2

• 3.9.7 - 2024-04-21
  

  3.9.7 (2024-04-21)

  Bug Fixes

  • security: sanitize timezone parameter value to prevent code injection - report by zhaoyudi (Nebulalab) (#2608) (7d4b098)
• 3.9.6 - 2024-04-18
  

  3.9.6 (2024-04-18)

  Bug Fixes

  • binary parser sometimes reads out of packet bounds when results contain null and typecast is false (#2601) (705835d)
• 3.9.5 - 2024-04-17
  

  3.9.5 (2024-04-17)

  Bug Fixes

  • revert breaking change in results creation (#2591) (f7c60d0)
• 3.9.4 - 2024-04-09
  

  3.9.4 (2024-04-09)

  Bug Fixes

  • SSL: separate each certificate into an individual item #2542 (63f1055)
  • security: improve supportBigNumbers and bigNumberStrings sanitization (#2572) (74abf9e)
    • Fixes a potential RCE attack vulnerability reported by Vsevolod Kokorin (Slonser) of Solidlab
  • security: improve results object creation (#2574) (4a964a3)
    • Fixes a potential Prototype Pollution attack vulnerability reported by Vsevolod Kokorin (Slonser) of Solidlab
  • docs: improve the contribution guidelines (#2552) (8a818ce)
• 3.9.3 - 2024-03-26
  

  3.9.3 (2024-03-26)

  Bug Fixes

  • security: improve cache key formation (#2424) (0d54b0c)
    • Fixes a potential parser cache poisoning attack vulnerability reported by Vsevolod Kokorin (Slonser) of Solidlab
  • update Amazon RDS SSL CA cert (#2131) (d9dccfd)
• 3.9.2 - 2024-02-26
  

  3.9.2 (2024-02-26)

  Bug Fixes

  • stream: premature close when it is paused (#2416) (7c6bc64)
  • types: expose TypeCast types (#2425) (336a7f1)
• 3.9.1 - 2024-01-29
  

  3.9.1 (2024-01-29)

  Bug Fixes

  • types: support encoding for string type cast (#2407) (1dc2011)
• 3.9.0 - 2024-01-26
  

  3.9.0 (2024-01-26)

  Features

  • introduce typeCast for execute method (#2398) (baaa92a)
• 3.8.0 - 2024-01-23
  

  3.8.0 (2024-01-23)

  Features

  • perf: cache iconv decoder (#2391) (b95b3db)

  Bug Fixes

  • stream: premature close when using for await (#2389) (af47148)
  • types: add missing types to TypeCast (#2390) (78ce495)
  • removeIdleTimeoutConnectionsTimer isn't cleared on pool close (#2384) (18a44f6)
• 3.7.1 - 2024-01-17
  

  3.7.1 (2024-01-17)

  Bug Fixes

  • add condition which allows code in callback to be reachable (#2376) (8d5b903)
• 3.7.0 - 2024-01-07

from mysql2 GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs