Skip to content

Bump mysql2 from 3.19.0 to 3.20.0 in /backend#6385

Merged
mononaut merged 1 commit intomasterfrom
dependabot/npm_and_yarn/backend/mysql2-3.20.0
Mar 19, 2026
Merged

Bump mysql2 from 3.19.0 to 3.20.0 in /backend#6385
mononaut merged 1 commit intomasterfrom
dependabot/npm_and_yarn/backend/mysql2-3.20.0

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 16, 2026

Bumps mysql2 from 3.19.0 to 3.20.0.

Release notes

Sourced from mysql2's releases.

v3.20.0

3.20.0 (2026-03-15)

Features

  • add TracingChannel support for native APM instrumentation (#4178) (c06afc2)

Bug Fixes

  • explicitly specify in auth plugins (#4175) (#4187) (5ac5563)
  • prevent double release from corrupting the connection pool (#4186) (7e57db6)
  • restore PoolConnection as subclass of Connection (#4183) (97855a6)

v3.19.1

3.19.1 (2026-03-09)

Security Bug Fixes

  • bound null-terminated string read to packet end (fixes a potential OOB read reported by Doruk Tan Ozturk (peaktwilight)) (#4161) (91c5229)
  • handle malformed geometry payloads (fixes a potential DoS vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#4164) (1869215)
  • prevent query param override of URL-defined connection options (fixes a potential config injection vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#4162) (3123b4e)
  • validate buffer bounds in geometry parser (fixes a potential DoS vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#4159) (7c2ae00)
Changelog

Sourced from mysql2's changelog.

3.20.0 (2026-03-15)

Features

  • add TracingChannel support for native APM instrumentation (#4178) (c06afc2)

Bug Fixes

  • explicitly specify in auth plugins (#4175) (#4187) (5ac5563)
  • prevent double release from corrupting the connection pool (#4186) (7e57db6)
  • restore PoolConnection as subclass of Connection (#4183) (97855a6)

3.19.1 (2026-03-09)

Bug Fixes

  • bound null-terminated string read to packet end (fixes a potential OOB read reported by Doruk Tan Ozturk (peaktwilight)) (#4161) (91c5229)
  • handle malformed geometry payloads (fixes a potential DoS vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#4164) (1869215)
  • prevent query param override of URL-defined connection options (fixes a potential config injection vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#4162) (3123b4e)
  • validate buffer bounds in geometry parser (fixes a potential DoS vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#4159) (7c2ae00)
Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump mysql2 from 3.19.0 to 3.20.0 in /backend
0608771 
Bumps [mysql2](https://github.com/sidorares/node-mysql2) from 3.19.0 to 3.20.0.
- [Release notes](https://github.com/sidorares/node-mysql2/releases)
- [Changelog](https://github.com/sidorares/node-mysql2/blob/master/Changelog.md)
- [Commits](sidorares/node-mysql2@v3.19.0...v3.20.0)

---
updated-dependencies:
- dependency-name: mysql2
  dependency-version: 3.20.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Mar 16, 2026
@cla-bot cla-bot bot added the cla-signed label Mar 16, 2026
@dependabot dependabot bot requested review from Copilot and removed request for Copilot March 16, 2026 02:02
mononaut
mononaut approved these changes Mar 19, 2026
View reviewed changes
Copy link
Contributor

@mononaut mononaut left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested ACK @ [0608771]

@mononaut mononaut merged commit e92bfc9 into master Mar 19, 2026
39 of 40 checks passed
@mononaut mononaut deleted the dependabot/npm_and_yarn/backend/mysql2-3.20.0 branch March 19, 2026 08:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mononaut mononaut mononaut approved these changes

Assignees

No one assigned

Labels

cla-signed dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mononaut