chore(deps): update dependency mysql2 to v3.9.8 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
mysql2 (source)	3.9.7 -> 3.9.8

GitHub Vulnerability Alerts

CVE-2024-21512

Versions of the package mysql2 before 3.9.8 are vulnerable to Prototype Pollution due to improper user input sanitization passed to fields and tables when using nestTables.

---

Release Notes

sidorares/node-mysql2 (mysql2)

v3.9.8

Compare Source

Bug Fixes

• security: sanitize fields and tables when using nestTables (#​2702) (efe3db5)
• support deno + caching_sha2_password FULL_AUTHENTICATION_PACKET flow (#​2704) (2e03694)
• typings: typo from jonServerPublicKey to onServerPublicKey (#​2699) (8b5f691)

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
npm/mysql2	3.9.7	🟢 6.4	Details Check Score Reason Code-Review 🟢 3 Found 1/3 approved changesets -- score normalized to 3 Maintained 🟢 10 30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits Vulnerabilities 🟢 10 0 existing vulnerabilities detected Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4
npm/mysql2	3.9.8	🟢 6.4	Details Check Score Reason Code-Review 🟢 3 Found 1/3 approved changesets -- score normalized to 3 Maintained 🟢 10 30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits Vulnerabilities 🟢 10 0 existing vulnerabilities detected Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4

Scanned Manifest Files

package-lock.json

• [email protected]
• [email protected]

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud