The mysql-test package with the currently released 4.0.2 version references old version mysql2@2.3.3. In order to get the newer version of mysql2, the version must be overridden in the the package.json, as there are a bunch of high and critical security issues in older mysql2 versions:
https://nvd.nist.gov/vuln/detail/CVE-2024-21508
https://nvd.nist.gov/vuln/detail/CVE-2024-21512
https://nvd.nist.gov/vuln/detail/CVE-2024-21511
The mysql-test should be released to a new version, so overriding the version manually is not required anymore and to prevent, that people accidentally use old and vulnerable versions or mysql2.
This might also applies for other mysql-* dependencies.
The mysql-test package with the currently released
4.0.2version references old versionmysql2@2.3.3. In order to get the newer version of mysql2, the version must be overridden in the thepackage.json, as there are a bunch of high and critical security issues in older mysql2 versions:https://nvd.nist.gov/vuln/detail/CVE-2024-21508
https://nvd.nist.gov/vuln/detail/CVE-2024-21512
https://nvd.nist.gov/vuln/detail/CVE-2024-21511
The
mysql-testshould be released to a new version, so overriding the version manually is not required anymore and to prevent, that people accidentally use old and vulnerable versions or mysql2.This might also applies for other
mysql-*dependencies.