fix(deps): update dependency mysql2 to v3.22.5

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
mysql2 (source)	3.15.3 → 3.22.5

---

Release Notes

sidorares/node-mysql2 (mysql2)

v3.22.5

Compare Source

Bug Fixes

• keep 00:00:00 time for TIMESTAMP in binary protocol with dateStrings (#​4327) (2af33a1)

v3.22.4

Compare Source

Bug Fixes

• pool: reject queued requests on end (#​4291) (fbff09c)

v3.22.3

Compare Source

Bug Fixes

• allow resetOnRelease in connection config validation (#​4278) (e72f923)

v3.22.2

Compare Source

Bug Fixes

• promise: point rejection stacks at caller for promise API (#​4267) (c79a3f3)

v3.22.1

Compare Source

Bug Fixes

• async stack traces not pointing to correct source, regression introduced by #​4257 (#​4265) (5b6206c)
• packet: return INVALID_DATE for zero dates with numeric timezone offset (#​1019) (#​4258) (cb5adcc)

v3.22.0

Compare Source

Features

• disable mysql_clear_password plugin by default (#​4236) (884bec5), closes #​1617
• implement COM_RESET_CONNECTION with pool integration (#​4148) (49a64cc)

Performance Improvements

• defer Error object creation to error handlers in promise wrappers (#​4257) (ab131de)

v3.21.1

Compare Source

Bug Fixes

• limit client flags to server capabilities (#​4227) (e1930b8)
• use Number.isSafeInteger for supportBigNumbers boundary check (#​4225) (295264b)

v3.21.0

Compare Source

Features

• add support for query attributes (#​4223) (d732f78)
• types: export ExecuteValues and QueryValues from entry point (9fafd6f)

v3.20.0

Compare Source

Features

• add TracingChannel support for native APM instrumentation (#​4178) (c06afc2)

Bug Fixes

• explicitly specify in auth plugins (#​4175) (#​4187) (5ac5563)
• prevent double release from corrupting the connection pool (#​4186) (7e57db6)
• restore PoolConnection as subclass of Connection (#​4183) (97855a6)

v3.19.1

Compare Source

Bug Fixes

• bound null-terminated string read to packet end (fixes a potential OOB read reported by Doruk Tan Ozturk (peaktwilight)) (#​4161) (91c5229)
• handle malformed geometry payloads (fixes a potential DoS vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#​4164) (1869215)
• prevent query param override of URL-defined connection options (fixes a potential config injection vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#​4162) (3123b4e)
• validate buffer bounds in geometry parser (fixes a potential DoS vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#​4159) (7c2ae00)

v3.19.0

Compare Source

Features

• use server's preferred auth method to eliminate auth switch roundtrip (#​4140) (b57c671)

Bug Fixes

• fix precision loss for large decimal values (#​4135) (099beea)

v3.18.2

Compare Source

Bug Fixes

• types: add supportBigNumbers, bigNumberStrings, dateStrings, and timezone options to QueryOptions (#​4127) (b274e72)
• types: extend QueryValues to callback-based methods (#​4129) (2ad5f0b)
• types: improve ExecuteValues "nested" params (#​4133) (3f94950)
• types: support Raw and Uint8Array params (#​4132) (bde9aec)

v3.18.1

Compare Source

Bug Fixes

• types: ensure optional params in query and execute methods (#​4123) (3f4bbca)

v3.18.0

Compare Source

Features

• add Symbol.dispose and Symbol.asyncDispose support for Connections, Pools, and Pool Clusters (#​4112) (1e612dc)

v3.17.5

Compare Source

Bug Fixes

• add missing charset encoding for UTF8MB4_0900_BIN (#​3855) (c9a0dcd)
• deps: include @types/node as a peer dependency (#​4108) (5f8ac97)
• fix wrong length number write to packet (#​3177) (0e06e02)
• pool: resolve potential memory leak (#​4111) (8aa2052)

v3.17.4

Compare Source

Bug Fixes

• types for query values (#​3985) (a9c8d09)

v3.17.3

Compare Source

Bug Fixes

• fix PoolConnection.end callback and promise resolution (#​3937) (18ff2c6)

v3.17.2

Compare Source

Bug Fixes

• distinguish delimiters in queries from SQL comments (#​4084) (454ba10)
• pool: discard connection on error 1290 (Aurora read-only failure) (#​4075) (9188963)
• pool: handle all read-only errors during Aurora failover (#​4082) (ce98d8e)

v3.17.1

Compare Source

Bug Fixes

• expand object params after ON DUPLICATE KEY UPDATE preceded by SET (#​4076) (4d2b930)

v3.17.0

Compare Source

Bug Fixes

• security: resolve a potential SQL injection bypass through objects (#​4054) (7f133cc)

v3.16.3

Compare Source

Bug Fixes

• constants: remove unsupported CLIENT_DEPRECATE_EOF flag from constants (#​4033) (46c3f60)

v3.16.2

Compare Source

Bug Fixes

• types: add missing ConnectionState type to Promise Connection interface (#​4034) (2927949)

v3.16.1

Compare Source

Bug Fixes

• named-placeholders: improve handling of mixed/nested quotes in query parsing (#​4011) (3e00cd7)

v3.16.0

Compare Source

Features

• BaseConnection: add state getter to track connection lifecycle (#​3958) (a394487)

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.