chore(master): release mysql2 3.17.0

[github-actions]

🤖 I have created a release beep boop

3.17.0 (2026-04-19)

Features

• add Symbol.dispose and Symbol.asyncDispose support for Connections, Pools, and Pool Clusters (#4112) (1e612dc)
• add support for query attributes (#4223) (d732f78)
• add TracingChannel support for native APM instrumentation (#4178) (c06afc2)
• BaseConnection: add state getter to track connection lifecycle (#3958) (a394487)
• disable mysql_clear_password plugin by default (#4236) (884bec5), closes #1617
• gracefully end pool connections #3148 (#3776) (e72247f)
• implement COM_RESET_CONNECTION with pool integration (#4148) (49a64cc)
• types: export ExecuteValues and QueryValues from entry point (9fafd6f)
• use server's preferred auth method to eliminate auth switch roundtrip (#4140) (b57c671)

Bug Fixes

• add missing charset encoding for UTF8MB4_0900_BIN (#3855) (c9a0dcd)
• async stack traces not pointing to correct source, regression introduced by #4257 (#4265) (5b6206c)
• bound null-terminated string read to packet end (fixes a potential OOB read reported by Doruk Tan Ozturk (peaktwilight)) (#4161) (91c5229)
• constants: remove unsupported CLIENT_DEPRECATE_EOF flag from constants (#4033) (46c3f60)
• deps: include @types/node as a peer dependency (#4108) (5f8ac97)
• destroy connection when stream errors (#3769) (cc34a83)
• distinguish delimiters in queries from SQL comments (#4084) (454ba10)
• expand object params after ON DUPLICATE KEY UPDATE preceded by SET (#4076) (4d2b930)
• explicitly specify in auth plugins (#4175) (#4187) (5ac5563)
• fix PoolConnection.end callback and promise resolution (#3937) (18ff2c6)
• fix backpressure when using TLS (#1752) (64ea4cd)
• fix precision loss for large decimal values (#4135) (099beea)
• fix sha256_password to work correctly over a TLS connection (#3809) (fb9eae1)
• fix wrong length number write to packet (#3177) (0e06e02)
• handle malformed geometry payloads (fixes a potential DoS vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#4164) (1869215)
• limit client flags to server capabilities (#4227) (e1930b8)
• named-placeholders: improve handling of mixed/nested quotes in query parsing (#4011) (3e00cd7)
• packet: return INVALID_DATE for zero dates with numeric timezone offset (#1019) (#4258) (cb5adcc)
• pass columnType to readDateTimeString (#3700) (1ee48cc)
• pool: discard connection on error 1290 (Aurora read-only failure) (#4075) (9188963)
• pool: handle all read-only errors during Aurora failover (#4082) (ce98d8e)
• pool: resolve potential memory leak (#4111) (8aa2052)
• prevent double release from corrupting the connection pool (#4186) (7e57db6)
• prevent query param override of URL-defined connection options (fixes a potential config injection vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#4162) (3123b4e)
• resolve parser cache collision with dual typeCast connections (#3644) (ce2ad75)
• restore PoolConnection as subclass of Connection (#4183) (97855a6)
• security: resolve a potential SQL injection bypass through objects (#4054) (7f133cc)
• skip SNI for IP addresses in TLS connection (#3835) (6000eb2)
• stream: resume connection when stream errors or is destroyed (#3775) (9642a1e)
• types for query values (#3985) (a9c8d09)
• types: add supportBigNumbers, bigNumberStrings, dateStrings, and timezone options to QueryOptions (#4127) (b274e72)
• types: add missing ConnectionState type to Promise Connection interface (#4034) (2927949)
• types: ensure optional params in query and execute methods (#4123) (3f4bbca)
• types: extend QueryValues to callback-based methods (#4129) (2ad5f0b)
• types: improve ExecuteValues "nested" params (#4133) (3f94950)
• types: restrict StreamOptions.objectMode to true (#3686) (#3784) (c091f1b)
• types: support Raw and Uint8Array params (#4132) (bde9aec)
• typings: missing callback to PoolCluster.end() (#3819) (53a9bc2)
• use Number.isSafeInteger for supportBigNumbers boundary check (#4225) (295264b)
• validate buffer bounds in geometry parser (fixes a potential DoS vulnerability reported by Doruk Tan Ozturk (peaktwilight)) (#4159) (7c2ae00)

Performance Improvements

• defer Error object creation to error handlers in promise wrappers (#4257) (ab131de)

Miscellaneous Chores

• release 3.14.1 (9d097f8)
• release 3.17.0 (a140424)

---

This PR was generated with Release Please. See documentation.

[sidorares]

@wellwelwel I might broke something with #4268 , likely by adding
not sure why version 3.17.0 - previous release was v3.22.1
Likely due to added .release-please-manifest.json and release-please-config.json files.
What would be your advise - revert, just remove manifest + config or something else?

[wellwelwel]

What would be your advise

@sidorares, maybe release-please isn't loading the configuration files, for example:

• https://github.com/wellwelwel/poku/blob/211307f4f79e50967e2612b30354cf2f1607455e/.github/workflows/cd_publish.yml#L21-L27

Also, we can use "include-component-in-tag": false to keep the previous pattern/consistency in releases, for example:

• https://github.com/wellwelwel/poku/blob/211307f4f79e50967e2612b30354cf2f1607455e/.github/release/config.json#L5

[wellwelwel]

I adjusted the settings (#4270), closed the current PR, and as expected, no new release PR was created, since there are no commits pending ✨