[Snyk] Security upgrade mysql2 from 2.3.3 to 3.9.7

[reconsumeralization]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • packages/cli/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	883/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 9.8	Arbitrary Code Injection SNYK-JS-MYSQL2-6670046	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: mysql2

The new version differs by 250 commits.

• 2d3cad8 chore(master): release 3.9.7 ((feat) add aws-firehose node  n8n-io/n8n#2609)
• 7d4b098 fix(security): sanitize timezone parameter value to prevent code injection ((feat) add eventbrite node n8n-io/n8n#2608)
• 2efd6ab build(deps): bump lucide-react from 0.371.0 to 0.372.0 in /website (⚡ Always stringify data of Function-Nodes n8n-io/n8n#2606)
• e3391ed build(deps): bump lucide-react from 0.368.0 to 0.371.0 in /website (⚡ Improve telemetry n8n-io/n8n#2604)
• 4f58caa chore(master): release 3.9.6 (⚡ Improve telemetry n8n-io/n8n#2603)
• 705835d fix: binary parser sometimes reads out of packet bounds when results contain null and typecast is false (Feature/odoo node N8N-2714 n8n-io/n8n#2601)
• 2129818 chore(master): release 3.9.5 (Duplicating nodes doubling 1111... index instead of 1, 2, 3 n8n-io/n8n#2600)
• f7c60d0 fix: revert breaking change in results creation (#2590: Add missing gitlab trigger event types n8n-io/n8n#2591)
• 7f5b395 build(deps-dev): bump @ typescript-eslint/eslint-plugin in /website (N8N-2679 Templates search n8n-io/n8n#2596)
• a770052 build(deps-dev): bump @ typescript-eslint/parser in /website (Individual Workflow Template Page / Part I n8n-io/n8n#2595)
• 6dccf55 build(deps): bump lucide-react from 0.367.0 to 0.368.0 in /website (GitLab Trigger: unable to trigger from some event types (Release, Deployment, ...) n8n-io/n8n#2590)
• 9190db9 build(deps): bump sass from 1.74.1 to 1.75.0 in /website (remove multiple blanks line n8n-io/n8n#2589)
• 00f483f build(deps-dev): bump typescript from 5.4.4 to 5.4.5 (Enable support for AWS temporary credentials - N8N-3209 n8n-io/n8n#2587)
• c95d661 build(deps-dev): bump typescript from 5.4.3 to 5.4.5 in /website (Deprecate step size and node color n8n-io/n8n#2586)
• b72cac3 build(deps): bump lucide-react from 0.364.0 to 0.367.0 in /website (Fix i18n executions list n8n-io/n8n#2583)
• c45fb6f build(deps-dev): bump @ types/node from 20.12.4 to 20.12.7 (Strava node: adding getStreams operation n8n-io/n8n#2582)
• 407b9eb build(deps-dev): bump @ typescript-eslint/parser in /website (Add SpaceID in Create Work Item for Kitemaker n8n-io/n8n#2579)
• ad7de60 build(deps-dev): bump @ typescript-eslint/eslint-plugin in /website (The paused nodes are crossed n8n-io/n8n#2578)
• cf3fa60 chore(master): release 3.9.4 (Add codex files for DHL, Google Calendar Trigger, and Grafana node n8n-io/n8n#2566)
• 4a964a3 fix(security): improve results object creation ([Snyk] Upgrade typescript from 4.3.5 to 4.5.2 n8n-io/n8n#2574)
• 71115d8 ci: improve parser tests (Add Variables JSON to Mailjet Batch send n8n-io/n8n#2573)
• 74abf9e fix(security): improve supportBigNumbers and bigNumberStrings sanitization (Plivo connector: added header(user-agent)  n8n-io/n8n#2572)
• 8a818ce fix(docs): improve the contribution guidelines (Add query support to people:getAll - Google Contacts n8n-io/n8n#2552)
• 0f08c7c build(deps-dev): bump @ docusaurus/tsconfig in /website (N8N-2675 Fixed UpdatedPanel Not closing n8n-io/n8n#2563)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Arbitrary Code Injection

[height]

Link Height tasks by mentioning a task ID in the pull request title or commit messages, or description and comments with the keyword link (e.g. "Link T-123").

💡Tip: You can also use "Close T-X" to automatically close a task when the pull request is merged.

[sourcery-ai]

We have skipped reviewing this pull request. Here's why:

• It seems to have been created by a bot ('[Snyk]' found in title). We assume it knows what it's doing!
• We don't review packaging changes - Let us know if you'd like us to change this.

[github-actions]

Great PR! Please pay attention to the following items before merging:

Files matching packages/**:

• If fixing bug, added test to cover scenario.
• If addressing forum or Github issue, added link to description.

Make sure to check off this list before asking for review.