fix(deps): update dependency mysql2 to v3

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
mysql2 (source)	^2.2.5 → ^3.0.0

---

Release Notes

sidorares/node-mysql2 (mysql2)

v3.22.3

Compare Source

Bug Fixes

• allow resetOnRelease in connection config validation (#​4278) (e72f923)

v3.22.2

Compare Source

Bug Fixes

• promise: point rejection stacks at caller for promise API (#​4267) (c79a3f3)

v3.22.1

Compare Source

Bug Fixes

• async stack traces not pointing to correct source, regression introduced by #​4257 (#​4265) (5b6206c)
• packet: return INVALID_DATE for zero dates with numeric timezone offset (#​1019) (#​4258) (cb5adcc)

v3.22.0

Compare Source

Features

• disable mysql_clear_password plugin by default (#​4236) (884bec5), closes #​1617
• implement COM_RESET_CONNECTION with pool integration (#​4148) (49a64cc)

Performance Improvements

• defer Error object creation to error handlers in promise wrappers (#​4257) (ab131de)

v3.21.1

Compare Source

Bug Fixes

• limit client flags to server capabilities (#​4227) (e1930b8)
• use Number.isSafeInteger for supportBigNumbers boundary check (#​4225) (295264b)

v3.21.0

Compare Source

Features

• add support for query attributes (#​4223) (d732f78)
• types: export ExecuteValues and QueryValues from entry point (9fafd6f)

v3.20.0

Compare Source

Features

• add TracingChannel support for native APM instrumentation (#​4178) (c06afc2)

Bug Fixes

• explicitly specify in auth plugins (#​4175) (#​4187) (5ac5563)
• prevent double release from corrupting the connection pool (#​4186) (7e57db6)
• restore PoolConnection as subclass of Connection (#​4183) (97855a6)

v3.19.1

Compare Source

Bug Fixes

• bound null-terminated string read to packet end (fixes a potential OOB read reported by Doruk Tan Ozturk (peaktwilight)) (#​4161) (91c5229)
• handle malformed geometry payloads (fixes a potential DoS vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#​4164) (1869215)
• prevent query param override of URL-defined connection options (fixes a potential config injection vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#​4162) (3123b4e)
• validate buffer bounds in geometry parser (fixes a potential DoS vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#​4159) (7c2ae00)

v3.19.0

Compare Source

Features

• use server's preferred auth method to eliminate auth switch roundtrip (#​4140) (b57c671)

Bug Fixes

• fix precision loss for large decimal values (#​4135) (099beea)

v3.18.2

Compare Source

Bug Fixes

• types: add supportBigNumbers, bigNumberStrings, dateStrings, and timezone options to QueryOptions (#​4127) (b274e72)
• types: extend QueryValues to callback-based methods (#​4129) (2ad5f0b)
• types: improve ExecuteValues "nested" params (#​4133) (3f94950)
• types: support Raw and Uint8Array params (#​4132) (bde9aec)

v3.18.1

Compare Source

Bug Fixes

• types: ensure optional params in query and execute methods (#​4123) (3f4bbca)

v3.18.0

Compare Source

Features

• add Symbol.dispose and Symbol.asyncDispose support for Connections, Pools, and Pool Clusters (#​4112) (1e612dc)

v3.17.5

Compare Source

Bug Fixes

• add missing charset encoding for UTF8MB4_0900_BIN (#​3855) (c9a0dcd)
• deps: include @types/node as a peer dependency (#​4108) (5f8ac97)
• fix wrong length number write to packet (#​3177) (0e06e02)
• pool: resolve potential memory leak (#​4111) (8aa2052)

v3.17.4

Compare Source

Bug Fixes

• types for query values (#​3985) (a9c8d09)

v3.17.3

Compare Source

Bug Fixes

• fix PoolConnection.end callback and promise resolution (#​3937) (18ff2c6)

v3.17.2

Compare Source

Bug Fixes

• distinguish delimiters in queries from SQL comments (#​4084) (454ba10)
• pool: discard connection on error 1290 (Aurora read-only failure) (#​4075) (9188963)
• pool: handle all read-only errors during Aurora failover (#​4082) (ce98d8e)

v3.17.1

Compare Source

Bug Fixes

• expand object params after ON DUPLICATE KEY UPDATE preceded by SET (#​4076) (4d2b930)

v3.17.0

Compare Source

Bug Fixes

• security: resolve a potential SQL injection bypass through objects (#​4054) (7f133cc)

v3.16.3

Compare Source

Bug Fixes

• constants: remove unsupported CLIENT_DEPRECATE_EOF flag from constants (#​4033) (46c3f60)

v3.16.2

Compare Source

Bug Fixes

• types: add missing ConnectionState type to Promise Connection interface (#​4034) (2927949)

v3.16.1

Compare Source

Bug Fixes

• named-placeholders: improve handling of mixed/nested quotes in query parsing (#​4011) (3e00cd7)

v3.16.0

Compare Source

Features

• BaseConnection: add state getter to track connection lifecycle (#​3958) (a394487)

v3.15.3

Compare Source

Bug Fixes

• skip SNI for IP addresses in TLS connection (#​3835) (6000eb2)

v3.15.2

Compare Source

Bug Fixes

• fix sha256_password to work correctly over a TLS connection (#​3809) (fb9eae1)

v3.15.1

Compare Source

Bug Fixes

• typings: missing callback to PoolCluster.end() (#​3819) (53a9bc2)

v3.15.0

Compare Source

Features

• gracefully end pool connections #​3148 (#​3776) (e72247f)

v3.14.5

Compare Source

Bug Fixes

• types: restrict StreamOptions.objectMode to true (#​3686) (#​3784) (c091f1b)

v3.14.4

Compare Source

Bug Fixes

• destroy connection when stream errors (#​3769) (cc34a83)
• fix backpressure when using TLS (#​1752) (64ea4cd)
• stream: resume connection when stream errors or is destroyed (#​3775) (9642a1e)

v3.14.3

Compare Source

Bug Fixes

• resolve parser cache collision with dual typeCast connections (#​3644) (ce2ad75)

v3.14.2

Compare Source

Bug Fixes

• pass columnType to readDateTimeString (#​3700) (1ee48cc)

v3.14.1

Compare Source

Miscellaneous Chores

• release 3.14.1 (9d097f8)

v3.14.0

Compare Source

Features

• add RegExp support to PoolCluster (#​3451) (2d5050d)

v3.13.0

Compare Source

Features

• disableEval: add static parsers (#​3365) (51da653)
• support Cloudflare Workers (#​2289) (a79253d)

Bug Fixes

• PromisePoolCluster.of returns PromisePoolCluster instead of PoolNamespace (#​3261) (be22202)
• query: support VECTOR packets in static parser (#​3379) (603c246)

v3.12.0

Compare Source

Features

• PoolCluster: restoreNodeTimeout implementation (#​3218) (9a38601)

v3.11.5

Compare Source

Bug Fixes

• 1040 datetime fields returned without time part when time is 00:00:00 (#​3204) (bded498)
• circular dependencies (#​3081) (d5a76e6)
• Deno v2 requires commonjs type explicitly (#​3209) (cdc9415)

v3.11.4

Compare Source

Bug Fixes

• types: correct TypeCast's Next callback to return unknown (#​3129) (401db79)

v3.11.3

Compare Source

Bug Fixes

• typings: synchronize types of sqlstring (#​3047) (81be01b)

v3.11.2

Compare Source

Bug Fixes

• resolve LRU conflicts, cache loss and premature engine breaking change (#​2988) (2c3c858)

v3.11.1

Compare Source

Bug Fixes

• createPoolCluster: add pattern and selector to promise-based getConnection (#​3017) (ab7c49f), closes #​1381
• update connection cleanup process to handle expired connections and exceeding config.maxIdle (#​3022) (b091cf4)

v3.11.0

Compare Source

Features

• fully support VECTOR type results (9576742)

v3.10.3

Compare Source

Bug Fixes

• handshake SSL error with AWS RDS (#​2857) (de071bb)

v3.10.2

Compare Source

Bug Fixes

• typeCast: ensure the same behavior for field.string() with query and execute (#​2820) (27e38ea)

v3.10.1

Compare Source

Bug Fixes

• setMaxParserCache throws TypeError (#​2757) (aa8604a)

v3.10.0

Compare Source

Features

• add jsonStrings option (#​2642) (9820fe5)

Bug Fixes

• stream: reads should emit the dataset number for each dataset (#​2628) (4dab4ca)

v3.9.9

Compare Source

Bug Fixes

• connection config: remove keepAliveInitialDelay default value (#​2712) (688ebab)

v3.9.8

Compare Source

Bug Fixes

• security: sanitize fields and tables when using nestTables (#​2702) (efe3db5)
• support deno + caching_sha2_password FULL_AUTHENTICATION_PACKET flow (#​2704) (2e03694)
• typings: typo from jonServerPublicKey to onServerPublicKey (#​2699) (8b5f691)

v3.9.7

Compare Source

Bug Fixes

• security: sanitize timezone parameter value to prevent code injection (#​2608) (7d4b098)

v3.9.6

Compare Source

Bug Fixes

• binary parser sometimes reads out of packet bounds when results contain null and typecast is false (#​2601) (705835d)

v3.9.5

Compare Source

Bug Fixes

• revert breaking change in results creation (#​2591) (f7c60d0)

v3.9.4

Compare Source

Bug Fixes

• docs: improve the contribution guidelines (#​2552) (8a818ce)
• security: improve results object creation (#​2574) (4a964a3)
• security: improve supportBigNumbers and bigNumberStrings sanitization (#​2572) (74abf9e)

v3.9.3

Compare Source

Bug Fixes

• security: improve cache key formation (#​2424) (0d54b0c)
  • Fixes a potential parser cache poisoning attack vulnerability reported by Vsevolod Kokorin (Slonser) of Solidlab
• update Amazon RDS SSL CA cert (#​2131) (d9dccfd)

v3.9.2

Compare Source

Bug Fixes

• stream: premature close when it is paused (#​2416) (7c6bc64)
• types: expose TypeCast types (#​2425) (336a7f1)

v3.9.1

Compare Source

Bug Fixes

• types: support encoding for string type cast (#​2407) (1dc2011)

v3.9.0

Compare Source

Features

• introduce typeCast for execute method (#​2398) (baaa92a)

v3.8.0

Compare Source

Features

• perf: cache iconv decoder (#​2391) (b95b3db)

Bug Fixes

• stream: premature close when using for await (#​2389) (af47148)
• The removeIdleTimeoutConnectionsTimer did not clean up when the … (#​2384) (18a44f6)
• types: add missing types to TypeCast (#​2390) (78ce495)

v3.7.1

Compare Source

Bug Fixes

• add condition which allows code in callback to be reachable (#​2376) (8d5b903)

v3.7.0

Compare Source

Features

• docs: release documentation website (#​2339) (c0d77c0)

v3.6.5

Compare Source

Bug Fixes

• add decodeuricomponent to parse uri encoded special characters in host, username, password and datbase keys (#​2277) (fe573ad)

v3.6.4

Compare Source

Bug Fixes

• malformed FieldPacket (#​2280) (8831e09)
• move missing options to ConnectionOptions (#​2288) (5cd7639)

v3.6.3

Compare Source

Bug Fixes

• correctly pass values when used with sql-template-strings library (#​2266) (6444f99)

v3.6.2

Compare Source

Bug Fixes

• sql-template-strings/tag compatibility (#​2238) (f2efe5a)

v3.6.1

Compare Source

Bug Fixes

• EventEmitter on method signatures to use spread syntax (#​2200) (5d21b81)

v3.6.0

Compare Source

Features

• add conn-level infileStreamFactory option (#​2159) (5bed0f8)

v3.5.2

Compare Source

Bug Fixes

• Update events that are propagated from pool cluster to include remove (#​2114) (927d209)

v3.5.1

Compare Source

Bug Fixes

• improvements to allow to use Bun and tls (#​2119) (fd44a2a)
• missing ResultSetHeader[] to query and execute (f649486)

v3.5.0

Compare Source

Features

• improved inspection of columns (#​2112) (69277aa)

v3.4.5

Compare Source

Bug Fixes

• handle prepare response with actual number of parameter definition less than reported in the prepare header. Fixes #​2052 (b658be0)

v3.4.4

Compare Source

Bug Fixes

• add ProcedureCallPacket to execute overloads (3566ef7)
• add ProcedureCallPacket to query overloads (352c3bc)
• add ProcedureCallPacket to promise-based execute overloads (8292416)
• add ProcedureCallPacket to promise-based query overloads (0f31a41)
• create ProcedureCallPacket typings (09ad1d2)

v3.4.3

Compare Source

Bug Fixes

• remove acquireTimeout invalid option (#​2095) (eb311db)

v3.4.2

Compare Source

Bug Fixes

• changing type files to declaration type files (98e6f3a)

v3.4.1

Compare Source

Bug Fixes

• createPool uri overload (98623dd)
• PoolCluster typings (3902ca6)
• create promise-based PoolCluster typings (7f38496)
• missing parserCache in promise.js (7f35cf5)
• missing constants in promise.js (4ce2c70)
• missing keys for Types constant (86655ec)
• missing typings for Charsets constants (01f77a0)
• missing typings for CharsetToEncoding constants (609229a)
• missing typings for parserCache (891a523)
• missing typings for Types constant (04601dd)
• rename file of typings Charsets constants (51c4196)

v3.4.0

Compare Source

Features

• support STATE_GTIDS session track information (2b1520f)

v3.3.5

Compare Source

Bug Fixes

• createPool promise as PromisePool (#​2060) (ff3c36c)
• keepAliveInitialDelay not taking effect (#​2043) (585911c)

v3.3.4

Compare Source

Bug Fixes

• PromisePoolConnection import name (76db54a)
• releaseConnection types and promise (4aac9d6)

v3.3.3

Compare Source

Bug Fixes

• add package.json to exports (#​2026) (09fd305)

v3.3.2

Compare Source

Bug Fixes

• respect enableKeepAlive option (#​2016) (f465c3e)

v3.3.1

Compare Source

Bug Fixes

• LRU constructor (#​2004) (fd3d117)
• Missing types in "mysql" import (#​1995) (b8c79d0)

v3.3.0

Compare Source

Features

• Added updated/new error codes gathered from MySQL 8.0 source code (#​1990) (85dc6e5)

v3.2.4

Compare Source

Bug Fixes

• server: Added missing encoding argument to server-handshake (#​1976) (a4b6b22)

v3.2.3

Compare Source

Bug Fixes

• types: add decimalNumbers to createConnection/createPool typings. fixes #​1803 (#​1817) (bb48462)

v3.2.2

Compare Source

Bug Fixes

• ConnectionOptions conflict between mysql and mysql/promise (#​1955) (eca8bda)

v3.2.1

Compare Source

Bug Fixes

• Add typings for Connection.promise(). (#​1949) (e3ca310)
• PoolConnection redundancy when extending Connection interface in TypeScript (7c62d11)

v3.2.0

Compare Source

Features

• maxVersion ssl option to tls.createSecureContext (0c40ef9)

v3.1.2

Compare Source

Bug Fixes

• update lru-cache reset method to clear (114f266)

v3.1.1

Compare Source

Bug Fixes

• remove accidental log in caching_sha2_password.js (c1202b6)

v3.1.0

Compare Source

Features

• cleanup buffer/string conversions in hashing/xor helpers that were failing in Bun (a2392e2)

Bug Fixes

• when port is pased as a string convert it to a number (Bun's net.connect does not automatically convert this) (703ecb2)

v3.0.1

Compare Source

Miscellaneous Chores

• release 3.0.1 (d5a6b2c)

v3.0.0

Compare Source

• named-placeholders library is updated to use newer lru-cache dependency, allowing it do dedupe and be shared between mysql2 and named-placeholders - #​1711, mysqljs/named-placeholders#19
• chai and mocha moved to devDependencies #​1774
• Amazon RDS ssl certificates updated including AWS China #​1754
• TCP_NODELAY flag enabled, avoiding long connect timeout in some scenarios #​1751
• typing improvements: #​1675, #​1674
• fix: ensure pooled connections get released #​1666

Miscellaneous Chores

• release 3.0.0 (11692b2)

v2.3.3

Compare Source

v2.3.2

Compare Source

v2.3.1

Compare Source

v2.3.0

Compare Source

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: yarn.lock

Error response from daemon: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit