ForbesLindesay/atdatabases

Update mysql2 to >=v3.9.4

crisward opened this issue · 1 comments

mysql2 <=3.9.3
Severity: critical
mysql2 Remote Code Execution (RCE) via the readCodeFor function - GHSA-fpw7-j2hg-69v5
mysql2 vulnerable to Prototype Poisoning - GHSA-49j4-86m8-q2jw
mysql2 cache poisoning vulnerability - GHSA-mqr2-w7wj-jjgr

Thanks.

Got the same due to using @databases/mysql-test (4.0.2).
Will there be an update or is the package stale?