[Snyk] Security upgrade mssql from 9.0.1 to 10.0.0

[decompil3d]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	534/1000 Why? Has a fix available, CVSS 6.4	Improper Authentication SNYK-JS-JSONWEBTOKEN-3180022	Yes	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Improper Restriction of Security Token Assignment SNYK-JS-JSONWEBTOKEN-3180024	Yes	No Known Exploit
	554/1000 Why? Has a fix available, CVSS 6.8	Use of a Broken or Risky Cryptographic Algorithm SNYK-JS-JSONWEBTOKEN-3180026	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: mssql

The new version differs by 94 commits.

• 4688d61 Merge pull request #1547 from dhensby/pulls/tedious-upgrade
• 825692e docs: update changelog
• cd0bc02 feat: upgrade tedious to v16 and drop Node 14 support
• 4968b3b chore(deps): bump tedious from 15.0.1 to 16.4.0
• cb6f8e2 fix: force patch release
• 8a677c8 Merge pull request #1546 from tediousjs/revert-1518-dependabot/npm_and_yarn/tedious-16.4.0
• 86d3276 Revert "chore(deps): bump tedious from 15.0.1 to 16.4.0"
• 31bdaca Merge branch '9.3.x'
• a702724 Merge remote-tracking branch 'origin/9.2.x' into 9.x
• 53fc9ea Merge pull request #1543 from partik-mis/1542-fix
• ff05cce docs: update changelog
• eb3e4d0 fix: msnodesqlv8 connection string uses correct instance name
• 1e12437 Merge pull request #1518 from tediousjs/dependabot/npm_and_yarn/tedious-16.4.0
• b5cf976 Merge pull request #1461 from Shin-Aska/feature/aad-integration-conn-string
• 59aea21 feat: add AAD authentication support to connection strings
• 17b4962 feat!: upgrade tedious to v16 and drop Node 14 support
• 4d01ef7 chore(deps): bump tedious from 15.0.1 to 16.4.0
• 0c9ce86 Merge pull request #1541 from dhensby/pulls/sqlserver-action
• 9a08da0 ci: use sqlserver action in CI
• e736c67 Merge pull request #1538 from tediousjs/dependabot/npm_and_yarn/release-tools-569e119392
• 9645d56 chore(deps-dev): bump the release-tools group with 3 updates
• ed01abc Merge pull request #1537 from dhensby/pulls/dependabot-update
• f6fd19b ci: update dependabot to use groups
• f1bfc99 Merge pull request #1532 from tediousjs/dependabot/npm_and_yarn/semantic-release/npm-10.0.5

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Improper Authentication
🦉 Use of a Broken or Risky Cryptographic Algorithm
🦉 Regular Expression Denial of Service (ReDoS)