chore(deps): update dependency mysql2 to v3 - autoclosed

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
mysql2 (source)	^1.1.2 → ^3.0.0

---

Release Notes

sidorares/node-mysql2 (mysql2)

v3.20.0

Compare Source

Features

• add TracingChannel support for native APM instrumentation (#​4178) (c06afc2)

Bug Fixes

• explicitly specify in auth plugins (#​4175) (#​4187) (5ac5563)
• prevent double release from corrupting the connection pool (#​4186) (7e57db6)
• restore PoolConnection as subclass of Connection (#​4183) (97855a6)

v3.19.1

Compare Source

Bug Fixes

• bound null-terminated string read to packet end (fixes a potential OOB read reported by Doruk Tan Ozturk (peaktwilight)) (#​4161) (91c5229)
• handle malformed geometry payloads (fixes a potential DoS vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#​4164) (1869215)
• prevent query param override of URL-defined connection options (fixes a potential config injection vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#​4162) (3123b4e)
• validate buffer bounds in geometry parser (fixes a potential DoS vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#​4159) (7c2ae00)

v3.19.0

Compare Source

Features

• use server's preferred auth method to eliminate auth switch roundtrip (#​4140) (b57c671)

Bug Fixes

• fix precision loss for large decimal values (#​4135) (099beea)

v3.18.2

Compare Source

Bug Fixes

• types: add supportBigNumbers, bigNumberStrings, dateStrings, and timezone options to QueryOptions (#​4127) (b274e72)
• types: extend QueryValues to callback-based methods (#​4129) (2ad5f0b)
• types: improve ExecuteValues "nested" params (#​4133) (3f94950)
• types: support Raw and Uint8Array params (#​4132) (bde9aec)

v3.18.1

Compare Source

Bug Fixes

• types: ensure optional params in query and execute methods (#​4123) (3f4bbca)

v3.18.0

Compare Source

Features

• add Symbol.dispose and Symbol.asyncDispose support for Connections, Pools, and Pool Clusters (#​4112) (1e612dc)

v3.17.5

Compare Source

Bug Fixes

• add missing charset encoding for UTF8MB4_0900_BIN (#​3855) (c9a0dcd)
• deps: include @types/node as a peer dependency (#​4108) (5f8ac97)
• fix wrong length number write to packet (#​3177) (0e06e02)
• pool: resolve potential memory leak (#​4111) (8aa2052)

v3.17.4

Compare Source

Bug Fixes

• types for query values (#​3985) (a9c8d09)

v3.17.3

Compare Source

Bug Fixes

• fix PoolConnection.end callback and promise resolution (#​3937) (18ff2c6)

v3.17.2

Compare Source

Bug Fixes

• distinguish delimiters in queries from SQL comments (#​4084) (454ba10)
• pool: discard connection on error 1290 (Aurora read-only failure) (#​4075) (9188963)
• pool: handle all read-only errors during Aurora failover (#​4082) (ce98d8e)

v3.17.1

Compare Source

Bug Fixes

• expand object params after ON DUPLICATE KEY UPDATE preceded by SET (#​4076) (4d2b930)

v3.17.0

Compare Source

Bug Fixes

• security: resolve a potential SQL injection bypass through objects (#​4054) (7f133cc)

v3.16.3

Compare Source

Bug Fixes

• constants: remove unsupported CLIENT_DEPRECATE_EOF flag from constants (#​4033) (46c3f60)

v3.16.2

Compare Source

Bug Fixes

• types: add missing ConnectionState type to Promise Connection interface (#​4034) (2927949)

v3.16.1

Compare Source

Bug Fixes

• named-placeholders: improve handling of mixed/nested quotes in query parsing (#​4011) (3e00cd7)

v3.16.0

Compare Source

Features

• BaseConnection: add state getter to track connection lifecycle (#​3958) (a394487)

v3.15.3

Compare Source

Bug Fixes

• skip SNI for IP addresses in TLS connection (#​3835) (6000eb2)

v3.15.2

Compare Source

Bug Fixes

• fix sha256_password to work correctly over a TLS connection (#​3809) (fb9eae1)

v3.15.1

Compare Source

Bug Fixes

• typings: missing callback to PoolCluster.end() (#​3819) (53a9bc2)

v3.15.0

Compare Source

Features

• gracefully end pool connections #​3148 (#​3776) (e72247f)

v3.14.5

Compare Source

Bug Fixes

• types: restrict StreamOptions.objectMode to true (#​3686) (#​3784) (c091f1b)

v3.14.4

Compare Source

Bug Fixes

• destroy connection when stream errors (#​3769) (cc34a83)
• fix backpressure when using TLS (#​1752) (64ea4cd)
• stream: resume connection when stream errors or is destroyed (#​3775) (9642a1e)

v3.14.3

Compare Source

Bug Fixes

• resolve parser cache collision with dual typeCast connections (#​3644) (ce2ad75)

v3.14.2

Compare Source

Bug Fixes

• pass columnType to readDateTimeString (#​3700) (1ee48cc)

v3.14.1

Compare Source

Miscellaneous Chores

• release 3.14.1 (9d097f8)

v3.14.0

Compare Source

Features

• add RegExp support to PoolCluster (#​3451) (2d5050d)

v3.13.0

Compare Source

Features

• disableEval: add static parsers (#​3365) (51da653)
• support Cloudflare Workers (#​2289) (a79253d)

Bug Fixes

• PromisePoolCluster.of returns PromisePoolCluster instead of PoolNamespace (#​3261) (be22202)
• query: support VECTOR packets in static parser (#​3379) (603c246)

v3.12.0

Compare Source

Features

• PoolCluster: restoreNodeTimeout implementation (#​3218) (9a38601)

v3.11.5

Compare Source

Bug Fixes

• 1040 datetime fields returned without time part when time is 00:00:00 (#​3204) (bded498)
• circular dependencies (#​3081) (d5a76e6)
• Deno v2 requires commonjs type explicitly (#​3209) (cdc9415)

v3.11.4

Compare Source

Bug Fixes

• types: correct TypeCast's Next callback to return unknown (#​3129) (401db79)

v3.11.3

Compare Source

Bug Fixes

• typings: synchronize types of sqlstring (#​3047) (81be01b)

v3.11.2

Compare Source

Bug Fixes

• resolve LRU conflicts, cache loss and premature engine breaking change (#​2988) (2c3c858)

v3.11.1

Compare Source

Bug Fixes

• createPoolCluster: add pattern and selector to promise-based getConnection (#​3017) (ab7c49f), closes #​1381
• update connection cleanup process to handle expired connections and exceeding config.maxIdle (#​3022) (b091cf4)

v3.11.0

Compare Source

Features

• fully support VECTOR type results (9576742)

v3.10.3

Compare Source

Bug Fixes

• handshake SSL error with AWS RDS (#​2857) (de071bb)

v3.10.2

Compare Source

Bug Fixes

• typeCast: ensure the same behavior for field.string() with query and execute (#​2820) (27e38ea)

v3.10.1

Compare Source

Bug Fixes

• setMaxParserCache throws TypeError (#​2757) (aa8604a)

v3.10.0

Compare Source

Features

• add jsonStrings option (#​2642) (9820fe5)

Bug Fixes

• stream: reads should emit the dataset number for each dataset (#​2628) (4dab4ca)

v3.9.9

Compare Source

Bug Fixes

• connection config: remove keepAliveInitialDelay default value (#​2712) (688ebab)

v3.9.8

Compare Source

Bug Fixes

• security: sanitize fields and tables when using nestTables (#​2702) (efe3db5)
• support deno + caching_sha2_password FULL_AUTHENTICATION_PACKET flow (#​2704) (2e03694)
• typings: typo from jonServerPublicKey to onServerPublicKey (#​2699) (8b5f691)

v3.9.7

Compare Source

Bug Fixes

• security: sanitize timezone parameter value to prevent code injection (#​2608) (7d4b098)

v3.9.6

Compare Source

Bug Fixes

• binary parser sometimes reads out of packet bounds when results contain null and typecast is false (#​2601) (705835d)

v3.9.5

Compare Source

Bug Fixes

• revert breaking change in results creation (#​2591) (f7c60d0)

v3.9.4

Compare Source

Bug Fixes

• docs: improve the contribution guidelines (#​2552) (8a818ce)
• security: improve results object creation (#​2574) (4a964a3)
• security: improve supportBigNumbers and bigNumberStrings sanitization (#​2572) (74abf9e)

v3.9.3

Compare Source

Bug Fixes

• security: improve cache key formation (#​2424) (0d54b0c)
  • Fixes a potential parser cache poisoning attack vulnerability reported by Vsevolod Kokorin (Slonser) of Solidlab
• update Amazon RDS SSL CA cert (#​2131) (d9dccfd)

v3.9.2

Compare Source

Bug Fixes

• stream: premature close when it is paused (#​2416) (7c6bc64)
• types: expose TypeCast types (#​2425) (336a7f1)

v3.9.1

Compare Source

Bug Fixes

• types: support encoding for string type cast (#​2407) (1dc2011)

v3.9.0

Compare Source

Features

• introduce typeCast for execute method (#​2398) (baaa92a)

v3.8.0

Compare Source

Features

• perf: cache iconv decoder (#​2391) (b95b3db)

Bug Fixes

• stream: premature close when using for await (#​2389) (af47148)
• The removeIdleTimeoutConnectionsTimer did not clean up when the … (#​2384) (18a44f6)
• types: add missing types to TypeCast (#​2390) (78ce495)

v3.7.1

Compare Source

Bug Fixes

• add condition which allows code in callback to be reachable (#​2376) (8d5b903)

v3.7.0

Compare Source

Features

• docs: release documentation website (#​2339) (c0d77c0)

v3.6.5

Compare Source

Bug Fixes

• add decodeuricomponent to parse uri encoded special characters in host, username, password and datbase keys (#​2277) (fe573ad)

v3.6.4

Compare Source

Bug Fixes

• malformed FieldPacket (#​2280) (8831e09)
• move missing options to ConnectionOptions (#​2288) (5cd7639)

v3.6.3

Compare Source

Bug Fixes

• correctly pass values when used with sql-template-strings library (#​2266) (6444f99)

v3.6.2

Compare Source

Bug Fixes

• sql-template-strings/tag compatibility (#​2238) (f2efe5a)

v3.6.1

Compare Source

Bug Fixes

• EventEmitter on method signatures to use spread syntax (#​2200) (5d21b81)

v3.6.0

Compare Source

Features

• add conn-level infileStreamFactory option (#​2159) (5bed0f8)

v3.5.2

Compare Source

Bug Fixes

• Update events that are propagated from pool cluster to include remove (#​2114) (927d209)

v3.5.1

Compare Source

Bug Fixes

• improvements to allow to use Bun and tls (#​2119) (fd44a2a)
• missing ResultSetHeader[] to query and execute (f649486)

v3.5.0

Compare Source

Features

• improved inspection of columns (#​2112) (69277aa)

v3.4.5

Compare Source

Bug Fixes

• handle prepare response with actual number of parameter definition less than reported in the prepare header. Fixes #​2052 (b658be0)

v3.4.4

Compare Source

Bug Fixes

• add ProcedureCallPacket to execute overloads (3566ef7)
• add ProcedureCallPacket to query overloads (352c3bc)
• add ProcedureCallPacket to promise-based execute overloads (8292416)
• add ProcedureCallPacket to promise-based query overloads (0f31a41)
• create ProcedureCallPacket typings (09ad1d2)

v3.4.3

Compare Source

Bug Fixes

• remove acquireTimeout invalid option (#​2095) (eb311db)

v3.4.2

Compare Source

Bug Fixes

• changing type files to declaration type files (98e6f3a)

v3.4.1

Compare Source

Bug Fixes

• createPool uri overload (98623dd)
• PoolCluster typings (3902ca6)
• create promise-based PoolCluster typings (7f38496)
• missing parserCache in promise.js (7f35cf5)
• missing constants in promise.js (4ce2c70)
• missing keys for Types constant (86655ec)
• missing typings for Charsets constants (01f77a0)
• missing typings for CharsetToEncoding constants (609229a)
• missing typings for parserCache (891a523)
• missing typings for Types constant (04601dd)
• rename file of typings Charsets constants (51c4196)

v3.4.0

Compare Source

Features

• support STATE_GTIDS session track information (2b1520f)

v3.3.5

Compare Source

Bug Fixes

• createPool promise as PromisePool (#​2060) (ff3c36c)
• keepAliveInitialDelay not taking effect (#​2043) (585911c)

v3.3.4

Compare Source

Bug Fixes

• PromisePoolConnection import name (76db54a)
• releaseConnection types and promise (4aac9d6)

v3.3.3

Compare Source

Bug Fixes

• add package.json to exports (#​2026) (09fd305)

v3.3.2

Compare Source

Bug Fixes

• respect enableKeepAlive option (#​2016) (f465c3e)

v3.3.1

Compare Source

Bug Fixes

• LRU constructor (#​2004) (fd3d117)
• Missing types in "mysql" import (#​1995) (b8c79d0)

v3.3.0

Compare Source

Features

• Added updated/new error codes gathered from MySQL 8.0 source code (#​1990) (85dc6e5)

v3.2.4

Compare Source

Bug Fixes

• server: Added missing encoding argument to server-handshake (#​1976) (a4b6b22)

v3.2.3

Compare Source

Bug Fixes

• types: add decimalNumbers to createConnection/createPool typings. fixes #​1803 (#​1817) (bb48462)

v3.2.2

Compare Source

Bug Fixes

• ConnectionOptions conflict between mysql and mysql/promise (#​1955) (eca8bda)

v3.2.1

Compare Source

Bug Fixes

• Add typings for Connection.promise(). (#​1949) (e3ca310)
• PoolConnection redundancy when extending Connection interface in TypeScript (7c62d11)

v3.2.0

Compare Source

Features

• maxVersion ssl option to tls.createSecureContext (0c40ef9)

v3.1.2

Compare Source

Bug Fixes

• update lru-cache reset method to clear (114f266)

v3.1.1

Compare Source

Bug Fixes

• remove accidental log in caching_sha2_password.js (c1202b6)

v3.1.0

Compare Source

Features

• cleanup buffer/string conversions in hashing/xor helpers that were failing in Bun (a2392e2)

Bug Fixes

• when port is pased as a string convert it to a number (Bun's net.connect does not automatically convert this) (703ecb2)

v3.0.1

Compare Source

Miscellaneous Chores

• release 3.0.1 (d5a6b2c)

v3.0.0

Compare Source

• named-placeholders library is updated to use newer lru-cache dependency, allowing it do dedupe and be shared between mysql2 and named-placeholders - #​1711, mysqljs/named-placeholders#19
• chai and mocha moved to devDependencies #​1774
• Amazon RDS ssl certificates updated including AWS China #​1754
• TCP_NODELAY flag enabled, avoiding long connect timeout in some scenarios #​1751
• typing improvements: #​1675, #​1674
• fix: ensure pooled connections get released #​1666

Miscellaneous Chores

• release 3.0.0 (11692b2)

v2.3.3

Compare Source

v2.3.2

Compare Source

v2.3.1

Compare Source

v2.3.0

Compare Source

v2.2.5

Compare Source

v2.2.4

Compare Source

v2.2.3

Compare Source

v2.2.2

Compare Source

v2.2.1

Compare Source

v2.2.0

Compare Source

v2.1.0

Compare Source

v2.0.2

Compare Source

v2.0.1

Compare Source

v2.0.0

Compare Source

v1.7.0

Compare Source

v1.6.6

Compare Source

v1.6.5

Compare Source

v1.6.4

Compare Source

v1.6.3

Compare Source

v1.6.2

Compare Source

v1.6.1

Compare Source

v1.6.0

Compare Source

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.