Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(security): sanitize timezone parameter value to prevent code injection #2608

Merged
merged 2 commits into from
Apr 21, 2024

Conversation

sidorares
Copy link
Owner

No description provided.

Copy link

codecov bot commented Apr 21, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 90.32%. Comparing base (e3391ed) to head (21f6344).
Report is 1 commits behind head on master.

Additional details and impacted files
@@           Coverage Diff           @@
##           master    #2608   +/-   ##
=======================================
  Coverage   90.32%   90.32%           
=======================================
  Files          71       71           
  Lines       15727    15727           
  Branches     1339     1339           
=======================================
  Hits        14206    14206           
  Misses       1521     1521           
Flag Coverage Δ
compression-0 90.32% <100.00%> (ø)
compression-1 90.32% <100.00%> (ø)
tls-0 89.85% <100.00%> (ø)
tls-1 90.15% <100.00%> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@sidorares sidorares marked this pull request as ready for review April 21, 2024 10:45
@wellwelwel
Copy link
Collaborator

All the examples I had stopped working 🔐

@sidorares sidorares merged commit 7d4b098 into master Apr 21, 2024
64 checks passed
@sidorares sidorares deleted the timezone-sanitisation branch April 21, 2024 10:59
Vylpes pushed a commit to Vylpes/Droplet that referenced this pull request May 28, 2024
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [mysql2](https://sidorares.github.io/node-mysql2/docs) ([source](https://github.com/sidorares/node-mysql2)) | dependencies | patch | [`3.9.3` -> `3.9.7`](https://renovatebot.com/diffs/npm/mysql2/3.9.3/3.9.7) |

---

### Release Notes

<details>
<summary>sidorares/node-mysql2 (mysql2)</summary>

### [`v3.9.7`](https://github.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#397-2024-04-21)

[Compare Source](sidorares/node-mysql2@v3.9.6...v3.9.7)

##### Bug Fixes

-   **security:** sanitize timezone parameter value to prevent code injection ([#&#8203;2608](sidorares/node-mysql2#2608)) ([7d4b098](sidorares/node-mysql2@7d4b098))

### [`v3.9.6`](https://github.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#396-2024-04-18)

[Compare Source](sidorares/node-mysql2@v3.9.5...v3.9.6)

##### Bug Fixes

-   binary parser sometimes reads out of packet bounds when results contain null and typecast is false ([#&#8203;2601](sidorares/node-mysql2#2601)) ([705835d](sidorares/node-mysql2@705835d))

### [`v3.9.5`](https://github.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#395-2024-04-17)

[Compare Source](sidorares/node-mysql2@v3.9.4...v3.9.5)

##### Bug Fixes

-   revert breaking change in results creation ([#&#8203;2591](sidorares/node-mysql2#2591)) ([f7c60d0](sidorares/node-mysql2@f7c60d0))

### [`v3.9.4`](https://github.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#394-2024-04-09)

[Compare Source](sidorares/node-mysql2@v3.9.3...v3.9.4)

##### Bug Fixes

-   **docs:** improve the contribution guidelines ([#&#8203;2552](sidorares/node-mysql2#2552)) ([8a818ce](sidorares/node-mysql2@8a818ce))
-   **security:** improve results object creation ([#&#8203;2574](sidorares/node-mysql2#2574)) ([4a964a3](sidorares/node-mysql2@4a964a3))
-   **security:** improve supportBigNumbers and bigNumberStrings sanitization ([#&#8203;2572](sidorares/node-mysql2#2572)) ([74abf9e](sidorares/node-mysql2@74abf9e))

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4wLjAiLCJ1cGRhdGVkSW5WZXIiOiIzNy4wLjAiLCJ0YXJnZXRCcmFuY2giOiJkZXZlbG9wIn0=-->

Reviewed-on: https://git.vylpes.xyz/RabbitLabs/Droplet/pulls/304
Co-authored-by: Renovate Bot <renovate@vylpes.com>
Co-committed-by: Renovate Bot <renovate@vylpes.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants