This repository was archived by the owner on Dec 17, 2025. It is now read-only.
[Snyk] Upgrade mariadb from 2.1.1 to 3.0.1 #15
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Snyk has created this PR to upgrade mariadb from 2.1.1 to 3.0.1. See this package in npm: https://www.npmjs.com/package/mariadb See this project in Snyk: https://app.snyk.io/org/contentstack-ecosystem/project/8731bd1d-1c59-4b22-87eb-dbf0ca829844?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade mariadb from 2.1.1 to 3.0.1.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
Warning: This is a major version upgrade, and may be a breaking change.
The recommended version fixes:
SNYK-JS-MOMENT-2944238
Why? Proof of Concept exploit, CVSS 7.5
SNYK-JS-MOMENT-2440688
Why? Proof of Concept exploit, CVSS 7.5
(*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: mariadb
-
3.0.1 - 2022-07-26
- Error description improvement
- Pool might return a common error ‘retrieve connection from pool timeout after XXXms’ in place of real error.[CONJS-200]
- [CONJS-209] Trace option now works when using pool/cluster. It is recommended to activate the trace option in development Since driver is asynchronous, enabling this option to save initial stack when calling any driver methods. This allows having the caller method and line in the error stack, permitting error easy debugging. The problem is this error stack is created using Error.captureStackTrace that is very very slow. To give an idea, this slows down by 10% a query like 'select * from mysql.user LIMIT 1', so not recommended in production.
- Pool error description is improved indicating pool information, like [CONJS-208]:
- node.js 18 supported [CONJS-197]
- New option
- Performance enhancement for multi-rows resultset. Internal benchmarks show improved performance by 10% for a result-set of 1000 rows.[CONJS-210]
- Wrong error returned "Cannot read properties of undefined… … (reading 'charset')" when error during handshake [CONJS-193]
- [CONJS-194] Charset change using parameterized query fails with "Uncaught TypeError: opts.emit is not a function"
- [CONJS-195] Error "cannot mix BigInt and other types" when parsing negative bigint
- [CONJS-196] connection.close() is now really an alias or connection.release()
- [CONJS-199] wrong return type for batch() on typescript
- [CONJS-201] typecast geometry parsing error
- [CONJS-202] support pre 4.1 error format for 'too many connection' error
- [CONJS-203] encoding error for connection attributes when using changeUser with connection attributes
- [CONJS-206] possible race condition on connection destroy when no other connection can be created
- [CONJS-204] handle password array when using authentication plugin “pam_use_cleartext_plugin”
- [CONJS-205] query hanging when using batch with option timeout in place of error thrown
-
3.0.0 - 2022-03-01
- [CONJS-153] support Prepared statement with 10.6 new feature metadata skip
- [CONJS-165] Adding initial message error value on Error object
- [CONJS-166] Restrict authentication plugin list
- [CONJS-167] Permit custom logger configuration
- [CONJS-168] correct stream backpressure
option
description
type
default
insertIdAsNumber
Whether the query should return last insert id from INSERT/UPDATE command as BigInt or Number. default return BigInt
boolean
false
decimalAsNumber
Whether the query should return decimal as Number. If enable, this might return approximate values.
boolean
false
bigIntAsNumber
Whether the query should return BigInt data type as Number. If enable, this might return approximate values.
boolean
false
logger
Permit custom logger configuration. For more information, see the
mixed
prepareCacheLength
Define prepare LRU cache length. 0 means no cache
int
256
- permit streaming parameters
- execute use by default a prepared cache that hasn't infinite length.
- implement mariadb 10.6 skipping metadata when possible for better performance
- Doesn't have a unprepare methods.
-
3.0.0-rc.0 - 2021-10-20
-
3.0.0-beta - 2021-06-21
-
2.5.6 - 2022-02-17
- [CONJS-181] Local infile file validation doesn't take in account escaped value
- [CONJS-183] change default connection timeout value 1 second to permit pools to send correct error
- update documentation with for-await-of use #189
- correct character_set_client unexpect error parsing OK_Packet #177
-
2.5.5 - 2021-10-20
- [CONJS-170] Pool.query(undefined) never release connection
- [CONJS-173] not permitting providing null as a value without an array
- [CONJS-175] Missing leakDetectionTimeout option in Typescript description
-
2.5.4 - 2021-06-21
- [CONJS-163] Authentication plugin failing doesn't always return error
- [CONJS-164] Add API that list options default value
- [CONJS-161] Runtime error on escape() method when escaping array parameter type
- update iconv-lite dependency to 0.6.3
-
2.5.3 - 2021-02-16
- [CONJS-157] Batch error when setting maxAllowedPacket less than an insert parameter value
- [CONJS-158] use BigInt constructor in place of literal to ensure maximum compatibility
- [CONJS-160] Wrong definition for typescript PoolConnection.release
- [CONJS-159] test 10.6 server latest build
-
2.5.2 - 2020-12-04
- [CONJS-151] bulk batch error (parameter truncation) #137
- [CONJS-152] correction when enabling the
- [CONJS-154] Timezone support correction and clarification
- [CONJS-155] correction to support for node.js 10.13 to 10.19
- [CONJS-156] Ensure setting capability PLUGIN_AUTH only if server has it
-
2.5.1 - 2020-10-23
- CONJS-149 correcting possible TypeError [ERR_UNKNOWN_ENCODING], Node v15 compatibility
-
2.5.0 - 2020-10-15
-
2.4.2 - 2020-07-23
-
2.4.1 - 2020-07-01
-
2.4.0 - 2020-05-25
-
2.3.1 - 2020-03-20
-
2.3.0 - 2020-03-20
-
2.2.0 - 2020-02-04
-
2.1.5 - 2020-01-07
-
2.1.4 - 2019-12-02
-
2.1.3 - 2019-11-14
-
2.1.2 - 2019-10-17
-
2.1.1 - 2019-09-06
from mariadb GitHub release notes3.0.1 (Jul 2022)
Full Changelog
Notable changes
checkNumberRange. When used in conjunction ofdecimalAsNumber,insertIdAsNumberorbigIntAsNumber, if conversion to number is not exact, connector will throw an error [CONJS-198]. This permits easier compatibility with mysql/mysql2 and 2.x version driver version.Issues Fixed
3.0.0-beta (11 Jun 2021)
Full Changelog
Migrating from 2.x or mysql/mysql2 driver have some breaking changes, see dedicated part documentation.
New Connection options
loggeroption documentation.new Connection methods
connection.prepare(sql) → Promise: Prepares a query.connection.execute(sql[, values]) → Promise: Prepare and Executes a query.This methods are compatible with mysql2 with some differences:
2.5.6 (Jan 2022)
Full Changelog
2.5.5 (19 Oct 2021)
Full Changelog
2.5.4 (08 Jun 2021)
Full Changelog
This version is a correction release (Stable (GA)).
Full Changelog
This version is a correction release (Stable (GA)).
Full Changelog
permitLocalInfileoption and some initial commandsdocumentation improvement
This version is a correction release (Stable (GA)).
Full Changelog
Commit messages
Package name: mariadb
Compare
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs