[Snyk] Upgrade mariadb from 3.0.0 to 3.2.2 #1
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Snyk has created this PR to upgrade mariadb from 3.0.0 to 3.2.2. See this package in npm: https://www.npmjs.com/package/mariadb See this project in Snyk: https://app.snyk.io/org/snyk-apprisk-essentials-closed-beta-demo-group/project/3e78bc97-6598-413b-bb8d-d0d211c5be2c?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade mariadb from 3.0.0 to 3.2.2.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version fixes:
SNYK-JS-MOMENT-2944238
Why? Proof of Concept exploit, CVSS 7.5
(*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: mariadb
-
3.2.2 - 2023-10-16
- CONJS-270 Always send connection attributes, even when connectAttributes is not set
- CONJS-269 avoid useless "set names utf8mb4" on connection creation if not needed
- CONJS-268 importFile method doesn't always throw error when imported commands fails #253
- CONJS-267 Ensure that option collation with id > 255 are respected
-
3.2.1 - 2023-09-14
- CONJS-262 Binary result-set parsing performance improvement, avoiding to chromium slow issue https://bugs.chromium.org/p/v8/issues/detail?id=7161
- CONJS-265 permit configuration of console warning message to be exported
- CONJS-266 Option
- CONJS-261 TypeScript missing logParam connection option
- CONJS-263 ensure respecting server collation
-
3.2.0 - 2023-06-19
- CONJS-250 'undefined' parameters are now permitted, for compatibility with mysql/mysql2 behavior
- CONJS-257 permit to import sql file directly
- CONSJ-252 missing deprecated option supportBigNumbers and bigNumberStrings in Typescript
- CONJS-254 ensuring option connectTimeout is respected : timeout is removed when socket is successfully established, in place of returning connection object. Wasn't set when using pipe/unix socket
- CONJS-255 In some case, pipelining was use even option explicitly disable it
- CONJS-256 method changeUser can lead to error when using multi-authentication and pipelining
- CONJS-258 All eventEmitters methods are not available on connections
-
3.1.2 - 2023-05-03
- CONJS-249 add connection.listeners function to permit TypeORM compatibility
- CONJS-247 Improve error message when having set named parameter option and executing standard question mark command
- CONJS-248 Ensuring not using importing file after pool.end()
-
3.1.1 - 2023-03-17
- CONJS-246 pool not listening to 'error' event might exit application on error
- CONJS-240 Repeating calling the same procedure gets a release prepare error.
- CONJS-244 correction for node.js 12 compatibility
- CONJS-245 batch failing when using bulk and metaAsArray
-
3.1.0 - 2023-02-15
- CONJS-230 better metadata parsing performance
- CONJS-229 performance improvement when parsing lots of parameter
- CONJS-238 faster execution for known length packet
- CONJS-225 Make result set's meta property non-enumerable
- CONJS-235 Allow to pass TypeScript generic types without need of "as"
- CONJS-231 executing batch and when parameter can be too long to fit in one mysql packet, parameter can have 4 byte missing
- CONJS-236 datatype TIME wrong binary decoding when not having microseconds
- CONJS-239 When using connection with callback, pre-commands (like
- CONJS-232 in case of a long query running, connection.destroy() will close connection, but leaving server still running query for some time
- CONJS-240 adding a Prepare result wrapper to avoid multiple close issue with cache
- CONJS-241 metaAsArray missing option in typescript description
-
3.0.2 - 2022-10-27
- CONJS-222 permit streaming prepare statement result
- CONJS-223 Metadata column name gets sporadic corrupted
- CONJS-211 Session timezone unset on connection re-use with connection pool
- CONJS-212 when throwing an error when using option
- CONJS-217 caching_sha2_password never succeed using FAST AUTHENTICATION. With correction, one less exchanges is done when connecting to a MySQL server
- CONJS-219 prepare cache was not limited to
- CONJS-228 improving prepare cache performance
- CONJS-226 missing typescript metaAsArray option and documentation
- CONJS-213 update error code with recent MariaDB server
- CONJS-215 Executing after prepare close throw an undescriptive error
- CONJS-221 option debugLen and logParam are not documented
- CONJS-227 Allow setting idleTimeout to 0
- CONJS-214 missing pool.closed typescript definition
- CONJS-216 remove please-upgrade-node dependency
- CONJS-224 missing typescript checkNumberRange option definition
-
3.0.1 - 2022-07-26
- Error description improvement
- Pool might return a common error ‘retrieve connection from pool timeout after XXXms’ in place of real error.[CONJS-200]
- [CONJS-209] Trace option now works when using pool/cluster. It is recommended to activate the trace option in development Since driver is asynchronous, enabling this option to save initial stack when calling any driver methods. This allows having the caller method and line in the error stack, permitting error easy debugging. The problem is this error stack is created using Error.captureStackTrace that is very very slow. To give an idea, this slows down by 10% a query like 'select * from mysql.user LIMIT 1', so not recommended in production.
- Pool error description is improved indicating pool information, like [CONJS-208]:
- node.js 18 supported [CONJS-197]
- New option
- Performance enhancement for multi-rows resultset. Internal benchmarks show improved performance by 10% for a result-set of 1000 rows.[CONJS-210]
- Wrong error returned "Cannot read properties of undefined… … (reading 'charset')" when error during handshake [CONJS-193]
- [CONJS-194] Charset change using parameterized query fails with "Uncaught TypeError: opts.emit is not a function"
- [CONJS-195] Error "cannot mix BigInt and other types" when parsing negative bigint
- [CONJS-196] connection.close() is now really an alias or connection.release()
- [CONJS-199] wrong return type for batch() on typescript
- [CONJS-201] typecast geometry parsing error
- [CONJS-202] support pre 4.1 error format for 'too many connection' error
- [CONJS-203] encoding error for connection attributes when using changeUser with connection attributes
- [CONJS-206] possible race condition on connection destroy when no other connection can be created
- [CONJS-204] handle password array when using authentication plugin “pam_use_cleartext_plugin”
- [CONJS-205] query hanging when using batch with option timeout in place of error thrown
-
3.0.0 - 2022-03-01
from mariadb GitHub release notes3.2.2 (Oct 2023)
Full Changelog
Issues Fixed
3.2.1 (Sep 2023)
Full Changelog
Notable changes
infileStreamFactoryaddition for compatibilityIssues Fixed
3.2.0 (Jun 2023)
Full Changelog
Notable changes
new APIs:
importFile(options) → Promise
connection.importFile({file:'...', 'database': '...'}) → Promise
pool.importFile({file:'...', 'database': '...'}) → Promise
example:
Issues Fixed
3.1.2 (May 2023)
Full Changelog
Notable changes
Issues Fixed
3.1.1 (Mar 2023)
Full Changelog
Issues Fixed
3.1.0 (Feb 2023)
Full Changelog
Notable changes
Timezone handling (CONJS-237)
Connector now set session timezone, solving issue with time function,
removing needs of client side conversion.
This requires that when using timezone options, to having server TZ data filled in case client timezone differ from server.
Performance
Other changes
Issues Fixed
initSql) might not always be executed first3.0.2 (Oct 2022)
Full Changelog
Notable changes
example :
Issues Fixed
leakDetectionTimeout, might result in throwing wrong error withCannot read properties of null (reading 'leaked')prepareCacheLengthbut can increase up to 2x theprepareCacheLengthvalue, leading to possible ER_MAX_PREPARED_STMT_COUNT_REACHED3.0.1 (Jul 2022)
Full Changelog
Notable changes
checkNumberRange. When used in conjunction ofdecimalAsNumber,insertIdAsNumberorbigIntAsNumber, if conversion to number is not exact, connector will throw an error [CONJS-198]. This permits easier compatibility with mysql/mysql2 and 2.x version driver version.Issues Fixed
Commit messages
Package name: mariadb
Compare
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs