[Snyk] Upgrade mysql2 from 3.10.1 to 3.20.0

[madisonmay]

Snyk has created this PR to upgrade mysql2 from 3.10.1 to 3.20.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 89 versions ahead of your current version.

• The recommended version was released a month ago.

Release notes

Package name: mysql2

• 3.20.0 - 2026-03-15
  

  3.20.0 (2026-03-15)

  Features

  • add TracingChannel support for native APM instrumentation (#4178) (c06afc2)

  Bug Fixes

  • explicitly specify in auth plugins (#4175) (#4187) (5ac5563)
  • prevent double release from corrupting the connection pool (#4186) (7e57db6)
  • restore PoolConnection as subclass of Connection (#4183) (97855a6)
• 3.19.2-canary.f4ce16ab - 2026-03-15
• 3.19.2-canary.c06afc25 - 2026-03-14
• 3.19.2-canary.97855a60 - 2026-03-15
• 3.19.2-canary.90a06776 - 2026-03-14
• 3.19.2-canary.7e57db62 - 2026-03-15
• 3.19.2-canary.5ac5563c - 2026-03-15
• 3.19.1 - 2026-03-09
  

  3.19.1 (2026-03-09)

  Security Bug Fixes

  • bound null-terminated string read to packet end (fixes a potential OOB read reported by Doruk Tan Ozturk (peaktwilight)) (#4161) (91c5229)
  • handle malformed geometry payloads (fixes a potential DoS vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#4164) (1869215)
  • prevent query param override of URL-defined connection options (fixes a potential config injection vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#4162) (3123b4e)
  • validate buffer bounds in geometry parser (fixes a potential DoS vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#4159) (7c2ae00)
• 3.19.1-canary.91c5229d - 2026-03-08
• 3.19.1-canary.7c2ae002 - 2026-03-08
• 3.19.1-canary.3123b4e6 - 2026-03-08
• 3.19.1-canary.18692157 - 2026-03-09
• 3.19.0 - 2026-03-05
  

  3.19.0 (2026-03-05)

  Features

  • use server's preferred auth method to eliminate auth switch roundtrip (#4140) (b57c671)

  Bug Fixes

  • fix precision loss for large decimal values (#4135) (099beea)
• 3.18.3-canary.b57c671c - 2026-03-03
• 3.18.3-canary.099beeae - 2026-03-02
• 3.18.2 - 2026-02-26
  

  3.18.2 (2026-02-26)

  Bug Fixes

  • types: add supportBigNumbers, bigNumberStrings, dateStrings, and timezone options to QueryOptions (#4127) (b274e72)
  • types: extend QueryValues to callback-based methods (#4129) (2ad5f0b)
  • types: improve ExecuteValues "nested" params (#4133) (3f94950)
  • types: support Raw and Uint8Array params (#4132) (bde9aec)
• 3.18.2-canary.bde9aec8 - 2026-02-26
• 3.18.2-canary.b274e725 - 2026-02-26
• 3.18.2-canary.3f94950d - 2026-02-26
• 3.18.2-canary.2ad5f0b2 - 2026-02-26
• 3.18.1 - 2026-02-25
• 3.18.1-canary.3f4bbca3 - 2026-02-25
• 3.18.0 - 2026-02-23
• 3.17.6-canary.1e612dc6 - 2026-02-23
• 3.17.5 - 2026-02-23
• 3.17.5-canary.c4efc90a - 2026-02-20
• 3.17.5-canary.8aa20522 - 2026-02-21
• 3.17.5-canary.5f8ac971 - 2026-02-20
• 3.17.5-canary.0e06e02e - 2026-02-21
• 3.17.4 - 2026-02-20
• 3.17.3 - 2026-02-19
• 3.17.2 - 2026-02-16
• 3.17.1 - 2026-02-13
• 3.17.0 - 2026-02-11
• 3.16.3 - 2026-02-03
• 3.16.3-canary.46c3f603 - 2026-01-30
• 3.16.2 - 2026-01-26
• 3.16.2-canary.2927949d - 2026-01-26
• 3.16.2-canary.089a628c - 2026-01-17
• 3.16.1 - 2026-01-16
• 3.16.1-canary.3e00cd75 - 2026-01-15
• 3.16.0 - 2025-12-16
• 3.15.4-canary.a3944878 - 2025-12-16
• 3.15.3 - 2025-10-21
• 3.15.3-canary.6000eb2f - 2025-10-14
• 3.15.2 - 2025-10-08
• 3.15.2-canary.fb9eae11 - 2025-10-03
• 3.15.1 - 2025-09-24
• 3.15.1-canary.53a9bc24 - 2025-09-24
• 3.15.1-canary.288d757b - 2025-09-18
• 3.15.0 - 2025-09-16
• 3.14.6-canary.e72247f7 - 2025-09-09
• 3.14.5 - 2025-09-08
• 3.14.5-canary.c091f1ba - 2025-09-08
• 3.14.4 - 2025-09-01
• 3.14.4-canary.cc34a833 - 2025-08-27
• 3.14.4-canary.9642a1e5 - 2025-08-27
• 3.14.4-canary.64ea4cdd - 2025-09-01
• 3.14.3 - 2025-07-29
• 3.14.3-canary.ce2ad75a - 2025-07-26
• 3.14.2 - 2025-07-10
• 3.14.2-canary.1ee48cce - 2025-07-10
• 3.14.1 - 2025-04-27
• 3.14.1-canary.9d097f8d - 2025-04-27
• 3.14.1-canary.0617813d - 2025-04-26
• 3.14.0 - 2025-03-20
• 3.13.1-canary.2d5050d5 - 2025-03-11
• 3.13.0 - 2025-03-06
• 3.12.1-canary.fe3a11c4 - 2025-03-05
• 3.12.1-canary.e70160b7 - 2025-03-05
• 3.12.1-canary.be22202e - 2025-03-05
• 3.12.1-canary.a79253d1 - 2025-03-06
• 3.12.1-canary.603c2463 - 2025-02-05
• 3.12.1-canary.51da6534 - 2025-02-05
• 3.12.0 - 2024-12-23
• 3.11.6-canary.9a386018 - 2024-12-04
• 3.11.5 - 2024-11-28
• 3.11.5-canary.d5a76e6c - 2024-11-13
• 3.11.5-canary.cdc9415c - 2024-11-15
• 3.11.5-canary.bded4980 - 2024-11-14
• 3.11.4 - 2024-11-05
• 3.11.4-canary.401db79b - 2024-10-31
• 3.11.3 - 2024-09-15
• 3.11.3-canary.81be01b1 - 2024-09-14
• 3.11.2 - 2024-09-11
• 3.11.1 - 2024-09-10
• 3.11.0 - 2024-07-27
• 3.10.3 - 2024-07-15
• 3.10.2 - 2024-07-01
• 3.10.1 - 2024-06-13

from mysql2 GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

---

Note

Medium Risk
Moderate risk because this updates the MySQL client library, which can change connection/auth/pooling behavior and impact SQL-backed persistence paths. No application code changes are included, but runtime behavior may shift via new transitive dependencies.

Overview
Updates dependency mysql2 from 3.10.1 to 3.20.0.

Regenerates package-lock.json to reflect mysql2’s updated transitive dependencies (adds aws-ssl-profiles, lru.min, sql-escaper; removes seq-queue/sqlstring and bumps supporting libs like iconv-lite and long).

^{Reviewed by Cursor Bugbot for commit b2f6c71. Bugbot is set up for automated code reviews on this repo. Configure here.}