Bump mysql2 from 3.19.0 to 3.19.1 in /forge-sql-orm-cli
Closed
Number: #1732
Type: Pull Request
State: Closed
Type: Pull Request
State: Closed
Author:
![dependabot[bot]](https://github.com/dependabot.png)
dependabot[bot]
Association: Unknown
Comments: 2
dependabot[bot]Association: Unknown
Comments: 2
Created:
March 09, 2026 at 05:18 PM UTC
(3 months ago)
(3 months ago)
Updated:
March 12, 2026 at 06:17 AM UTC
(3 months ago)
(3 months ago)
Closed:
March 12, 2026 at 06:17 AM UTC
(3 months ago)
(3 months ago)
Time to Close:
3 days
Labels:
dependencies
dependencies
Description:
Bumps mysql2 from 3.19.0 to 3.19.1.
Release notes
Sourced from mysql2's releases.
v3.19.1
3.19.1 (2026-03-09)
Security Bug Fixes
- bound
null-terminated string read to packet end (fixes a potential OOB read reported by Doruk Tan Ozturk (peaktwilight)) (#4161) (91c5229)- handle malformed geometry payloads (fixes a potential DoS vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#4164) (1869215)
- prevent query param override of
URL-defined connection options (fixes a potential config injection vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#4162) (3123b4e)- validate buffer bounds in geometry parser (fixes a potential DoS vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#4159) (7c2ae00)
Changelog
Sourced from mysql2's changelog.
3.19.1 (2026-03-09)
Bug Fixes
- bound
null-terminated string read to packet end (fixes a potential OOB read reported by Doruk Tan Ozturk (peaktwilight)) (#4161) (91c5229)- handle malformed geometry payloads (fixes a potential DoS vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#4164) (1869215)
- prevent query param override of
URL-defined connection options (fixes a potential config injection vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#4162) (3123b4e)- validate buffer bounds in geometry parser (fixes a potential DoS vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#4159) (7c2ae00)
Commits
fa06903chore(master): release 3.19.1 (#4160)1869215fix: handle malformed geometry payloads (fixes a potential DoS vulnerability ...3123b4efix: prevent query param override ofURL-defined connection options (fixes ...91c5229fix: boundnull-terminated string read to packet end (fixes a potential OOB...7c2ae00fix: validate buffer bounds in geometry parser (fixes a potential DoS vulnera...1490783build(deps-dev): bump@types/nodefrom 25.3.3 to 25.3.5 in /website (#4157)9708848build(deps-dev): bump@types/nodefrom 25.3.3 to 25.3.5 (#4155)d8d69c4build(deps-dev): bump poku from 3.0.2 to 4.0.0 in /website (#4158)d207686ci: define a timeout for tests (#4154)- See full diff in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Package Dependencies
Package:
mysql2
Ecosystem:
npm
npm
Version Change:
3.19.0 → 3.19.1
Update Type:
Patch
Patch
Path:
/forge-sql-orm-cli
Technical Details
| ID: | 14554570 |
| UUID: | 4046865560 |
| Node ID: | PR_kwDOOA9enM7JI3Ap |
| Host: | GitHub |
| Repository: | forge-sql-orm/forge-sql-orm |