Bump mysql2 from 3.22.4 to 3.22.5#356
Conversation
Bumps [mysql2](https://github.com/sidorares/node-mysql2) from 3.22.4 to 3.22.5. - [Release notes](https://github.com/sidorares/node-mysql2/releases) - [Changelog](https://github.com/sidorares/node-mysql2/blob/master/Changelog.md) - [Commits](sidorares/node-mysql2@v3.22.4...v3.22.5) --- updated-dependencies: - dependency-name: mysql2 dependency-version: 3.22.5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Not up to standards ⛔🔴 Issues
|
| Category | Results |
|---|---|
| Security | 2 medium |
🟢 Metrics 0 complexity · 0 duplication
Metric Results Complexity 0 Duplication ✅ 0 (≤ 2 duplication)
AI Reviewer: run a review on demand. To trigger the first review automatically, go to your organization or repository integration settings. AI can make mistakes. Always validate suggestions.
TIP This summary will be updated as you push new changes.
| @@ -30,23 +30,23 @@ importers: | |||
| specifier: 1.19.0 | |||
| version: 1.19.0 | |||
| mongoose: | |||
| specifier: 8.16.0 | |||
| version: 8.16.0 | |||
| specifier: 9.6.3 | |||
| version: 9.6.3 | |||
| mysql2: | |||
| specifier: 3.22.1 | |||
| version: 3.22.1(@types/node@24.0.3) | |||
| specifier: 3.22.5 | |||
| version: 3.22.5(@types/node@24.0.3) | |||
| nunjucks: | |||
| specifier: ^3.2.4 | |||
| version: 3.2.4 | |||
| passport: | |||
| specifier: ~0.6.0 | |||
| version: 0.6.0 | |||
| specifier: ~0.7.0 | |||
| version: 0.7.0 | |||
| sequelize: | |||
| specifier: 6.37.8 | |||
| version: 6.37.8(mysql2@3.22.1(@types/node@24.0.3)) | |||
| version: 6.37.8(mysql2@3.22.5(@types/node@24.0.3)) | |||
| typeorm: | |||
| specifier: 0.3.22 | |||
| version: 0.3.22(mongodb@6.17.0)(mysql2@3.22.1(@types/node@24.0.3))(reflect-metadata@0.2.2) | |||
| specifier: 1.0.0 | |||
| version: 1.0.0(mongodb@7.2.0)(mysql2@3.22.5(@types/node@24.0.3)) | |||
There was a problem hiding this comment.
This PR is described as a mysql2 patch bump, but the pnpm lockfile also changes the resolved root dependencies for consolidate, mongoose, passport, and typeorm. A deployment or developer using pnpm will now install major runtime changes such as typeorm 1.0.0 and mongoose 9.6.3 along with the mysql2 patch, while the npm lockfile only changes mysql2. This can make pnpm-based installs exercise a much larger dependency upgrade than the PR title, release notes, and validation cover.
Prompt To Fix With AI
This is a comment left during a code review.
Path: pnpm-lock.yaml
Line: 20-49
Comment:
**Unrelated dependency upgrades**
This PR is described as a `mysql2` patch bump, but the pnpm lockfile also changes the resolved root dependencies for `consolidate`, `mongoose`, `passport`, and `typeorm`. A deployment or developer using pnpm will now install major runtime changes such as `typeorm` `1.0.0` and `mongoose` `9.6.3` along with the mysql2 patch, while the npm lockfile only changes mysql2. This can make pnpm-based installs exercise a much larger dependency upgrade than the PR title, release notes, and validation cover.
How can I resolve this? If you propose a fix, please make it concise.Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!
Bumps mysql2 from 3.22.4 to 3.22.5.
Release notes
Sourced from mysql2's releases.
Changelog
Sourced from mysql2's changelog.
Commits
14a479bchore(master): release 3.22.5 (#4328)2af33a1fix: keep 00:00:00 time for TIMESTAMP in binary protocol with dateStrings (#4...f3ce399docs: add Cursor Cloud development environment instructionsb895afebuild(deps-dev): bump rollup in the dev-dependencies group (#4326)b8131c5build(deps-dev): bump the dev-dependencies group with 5 updates (#4322)63a8803build(deps): bump the react group across 1 directory with 2 updates (#4323)188a342build(deps-dev): bump tsx (#4324)8fc97babuild(deps): bump@easyops-cn/docusaurus-search-localin /website (#4325)dd1fc93build(deps-dev): bump eslint-plugin-prettier (#4318)3fbadbdbuild(deps): bump postcss from 8.5.6 to 8.5.15 in /website (#4320)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)Greptile Summary
This PR bumps the MySQL client dependency. The main changes are:
mysql2updated from3.22.4to3.22.5inpackage.json.mysql2tarball.mysql2and related resolved dependencies.Confidence Score: 4/5
This looks mostly safe, but the pnpm lockfile should be narrowed before merging.
The direct npm dependency bump is coherent.
pnpm installs would pick up several dependency upgrades beyond the described mysql2 patch.
No security issues were found in the changed files.
pnpm-lock.yamlImportant Files Changed
mysql2dependency to3.22.5.mysql23.22.5.Prompt To Fix All With AI
Reviews (1): Last reviewed commit: "Bump mysql2 from 3.22.4 to 3.22.5" | Re-trigger Greptile