Skip to content

Bump mysql2 from 3.22.4 to 3.22.5#356

Draft
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/mysql2-3.22.5
Draft

Bump mysql2 from 3.22.4 to 3.22.5#356
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/mysql2-3.22.5

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 8, 2026

Copy link
Copy Markdown
Contributor

Bumps mysql2 from 3.22.4 to 3.22.5.

Release notes

Sourced from mysql2's releases.

v3.22.5

3.22.5 (2026-06-06)

Bug Fixes

  • keep 00:00:00 time for TIMESTAMP in binary protocol with dateStrings (#4327) (2af33a1)
Changelog

Sourced from mysql2's changelog.

3.22.5 (2026-06-06)

Bug Fixes

  • keep 00:00:00 time for TIMESTAMP in binary protocol with dateStrings (#4327) (2af33a1)
Commits
  • 14a479b chore(master): release 3.22.5 (#4328)
  • 2af33a1 fix: keep 00:00:00 time for TIMESTAMP in binary protocol with dateStrings (#4...
  • f3ce399 docs: add Cursor Cloud development environment instructions
  • b895afe build(deps-dev): bump rollup in the dev-dependencies group (#4326)
  • b8131c5 build(deps-dev): bump the dev-dependencies group with 5 updates (#4322)
  • 63a8803 build(deps): bump the react group across 1 directory with 2 updates (#4323)
  • 188a342 build(deps-dev): bump tsx (#4324)
  • 8fc97ba build(deps): bump @​easyops-cn/docusaurus-search-local in /website (#4325)
  • dd1fc93 build(deps-dev): bump eslint-plugin-prettier (#4318)
  • 3fbadbd build(deps): bump postcss from 8.5.6 to 8.5.15 in /website (#4320)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Greptile Summary

This PR bumps the MySQL client dependency. The main changes are:

  • mysql2 updated from 3.22.4 to 3.22.5 in package.json.
  • npm lockfile metadata updated for the new mysql2 tarball.
  • pnpm lockfile refreshed for mysql2 and related resolved dependencies.

Confidence Score: 4/5

This looks mostly safe, but the pnpm lockfile should be narrowed before merging.

  • The direct npm dependency bump is coherent.

  • pnpm installs would pick up several dependency upgrades beyond the described mysql2 patch.

  • No security issues were found in the changed files.

  • pnpm-lock.yaml

Important Files Changed

Filename Overview
package.json Updates the direct mysql2 dependency to 3.22.5.
package-lock.json Updates npm lock metadata for mysql2 3.22.5.
pnpm-lock.yaml Refreshes pnpm resolutions for mysql2 and several other runtime dependencies.
Prompt To Fix All With AI
Fix the following 1 code review issue. Work through them one at a time, proposing concise fixes.

---

### Issue 1 of 1
pnpm-lock.yaml:20-49
**Unrelated dependency upgrades**

This PR is described as a `mysql2` patch bump, but the pnpm lockfile also changes the resolved root dependencies for `consolidate`, `mongoose`, `passport`, and `typeorm`. A deployment or developer using pnpm will now install major runtime changes such as `typeorm` `1.0.0` and `mongoose` `9.6.3` along with the mysql2 patch, while the npm lockfile only changes mysql2. This can make pnpm-based installs exercise a much larger dependency upgrade than the PR title, release notes, and validation cover.

Reviews (1): Last reviewed commit: "Bump mysql2 from 3.22.4 to 3.22.5" | Re-trigger Greptile

Greptile also left 1 inline comment on this PR.

Bumps [mysql2](https://github.com/sidorares/node-mysql2) from 3.22.4 to 3.22.5.
- [Release notes](https://github.com/sidorares/node-mysql2/releases)
- [Changelog](https://github.com/sidorares/node-mysql2/blob/master/Changelog.md)
- [Commits](sidorares/node-mysql2@v3.22.4...v3.22.5)

---
updated-dependencies:
- dependency-name: mysql2
  dependency-version: 3.22.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jun 8, 2026
@dependabot dependabot Bot requested a review from a team as a code owner June 8, 2026 10:13
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jun 8, 2026
@sallainternalbot sallainternalbot Bot marked this pull request as draft June 8, 2026 10:13
@codacy-production

Copy link
Copy Markdown

Not up to standards ⛔

🔴 Issues 2 medium

Alerts:

⚠ 2 issues (≤ 0 issues of at least minor severity)

Results:
2 new issues

Category Results
Security 2 medium

View in Codacy

🟢 Metrics 0 complexity · 0 duplication

Metric Results
Complexity 0
Duplication 0 (≤ 2 duplication)

View in Codacy

AI Reviewer: run a review on demand. To trigger the first review automatically, go to your organization or repository integration settings. AI can make mistakes. Always validate suggestions.

Run reviewer

TIP This summary will be updated as you push new changes.

Comment thread pnpm-lock.yaml
Comment on lines 20 to +49
@@ -30,23 +30,23 @@ importers:
specifier: 1.19.0
version: 1.19.0
mongoose:
specifier: 8.16.0
version: 8.16.0
specifier: 9.6.3
version: 9.6.3
mysql2:
specifier: 3.22.1
version: 3.22.1(@types/node@24.0.3)
specifier: 3.22.5
version: 3.22.5(@types/node@24.0.3)
nunjucks:
specifier: ^3.2.4
version: 3.2.4
passport:
specifier: ~0.6.0
version: 0.6.0
specifier: ~0.7.0
version: 0.7.0
sequelize:
specifier: 6.37.8
version: 6.37.8(mysql2@3.22.1(@types/node@24.0.3))
version: 6.37.8(mysql2@3.22.5(@types/node@24.0.3))
typeorm:
specifier: 0.3.22
version: 0.3.22(mongodb@6.17.0)(mysql2@3.22.1(@types/node@24.0.3))(reflect-metadata@0.2.2)
specifier: 1.0.0
version: 1.0.0(mongodb@7.2.0)(mysql2@3.22.5(@types/node@24.0.3))

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Unrelated dependency upgrades

This PR is described as a mysql2 patch bump, but the pnpm lockfile also changes the resolved root dependencies for consolidate, mongoose, passport, and typeorm. A deployment or developer using pnpm will now install major runtime changes such as typeorm 1.0.0 and mongoose 9.6.3 along with the mysql2 patch, while the npm lockfile only changes mysql2. This can make pnpm-based installs exercise a much larger dependency upgrade than the PR title, release notes, and validation cover.

Prompt To Fix With AI
This is a comment left during a code review.
Path: pnpm-lock.yaml
Line: 20-49

Comment:
**Unrelated dependency upgrades**

This PR is described as a `mysql2` patch bump, but the pnpm lockfile also changes the resolved root dependencies for `consolidate`, `mongoose`, `passport`, and `typeorm`. A deployment or developer using pnpm will now install major runtime changes such as `typeorm` `1.0.0` and `mongoose` `9.6.3` along with the mysql2 patch, while the npm lockfile only changes mysql2. This can make pnpm-based installs exercise a much larger dependency upgrade than the PR title, release notes, and validation cover.

How can I resolve this? If you propose a fix, please make it concise.

Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants