chore(deps): bump mysql from 8.0 to 9.7 in /docker

[dependabot]

Bumps mysql from 8.0 to 9.7.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[lml2468]

[REQUEST_CHANGES] Breaking change: --default-authentication-plugin was removed in MySQL 8.4+ and does not exist in MySQL 9.x. This will prevent the container from starting.

🔴 Blocking issue

docker/docker-compose.yaml passes --default-authentication-plugin=mysql_native_password to the MySQL command:

command:
  - --default-authentication-plugin=mysql_native_password

This option was:

• Deprecated in MySQL 8.0.34
• Removed in MySQL 8.4 (the current LTS)
• Not present in MySQL 9.x ("Innovation" track)

MySQL 9.7 will refuse to start with [ERROR] unknown variable 'default-authentication-plugin=mysql_native_password'.

Additional concern

MySQL 9.x is on the Innovation release track, not the LTS track. The current LTS is MySQL 8.4. For a production deployment repo, LTS is the safer choice.

Recommended fix

Option A (recommended) — upgrade to MySQL 8.4 LTS, remove deprecated flag:

mysql:
  image: mysql:8.4
  command:
    - --character-set-server=utf8mb4
    - --collation-server=utf8mb4_unicode_ci
    # --default-authentication-plugin removed; caching_sha2_password is the 8.4 default

Option B — stay on MySQL 8.0 and close this PR until the auth plugin flag is replaced.

The caching_sha2_password default in MySQL 8.4+ is compatible with any MySQL client library that supports MySQL 8.0 (connector/j ≥ 8.0.8, mysqlx ≥ 8.x, go-sql-driver ≥ 1.6). Verify octo-server's MySQL driver version before merging.

[Jerry-Xin]

Summary: The PR is relevant to this repository, but the MySQL 9.7 bump is not merge-ready because the current compose configuration still uses removed MySQL 9.x authentication behavior and does not define a safe 8.0-to-9.x upgrade path.

🔴 Blocking

🔴 Critical — docker/docker-compose.yaml:161: The service still starts MySQL with --default-authentication-plugin=mysql_native_password. mysql_native_password was removed in MySQL 9.0, so this major-version bump can prevent the database container from starting or make authentication setup invalid. Because octo-server, octo-matter, and summary services gate on mysql: condition: service_healthy, a MySQL startup/auth failure blocks the stack. Remove this flag and verify all bundled clients/images support the MySQL 9 default authentication plugin before upgrading. (blogs.oracle.com)

🔴 Critical — docker/docker-compose.yaml:158: This changes persistent deployments from mysql:8.0 directly to mysql:9.7 without any documented or automated migration path for existing mysql-data volumes. MySQL’s release model requires upgrades through the appropriate LTS path rather than skipping directly across incompatible series; for an existing 8.0 volume, this needs an explicit migration plan, pre-upgrade checks, backup/rollback guidance, and validation in this repo’s setup flow. (dev.mysql.com)

💬 Non-blocking

🟡 Warning — docker/README.md:171 and docker/README.zh.md:93: The Docker docs still mention pulling mysql:8, which will become stale if this upgrade proceeds. Update the deployment docs together with the compose change.

✅ Highlights

Project relevance gate passed: this PR modifies the Docker deployment stack for Mininglamp-OSS/octo-deployment.

The change is intentionally scoped to the MySQL service image, which makes the compatibility issue easy to isolate once the auth and migration plan are fixed.

[lml2468]

Review at b900c88

CHANGES_REQUESTED — this PR will break the stack.

🔴 P0 — Server won't start

docker-compose.yaml:161 still passes --default-authentication-plugin=mysql_native_password. This option was removed in MySQL 9.0. MySQL 9.7 will refuse to start with an unrecognized server option, taking down the entire stack.

🔴 P0 — Unsupported upgrade path

MySQL does not support skipping major versions during upgrade. The supported path is 8.0 → 8.4 → 9.x. Direct 8.0 → 9.7 on an existing data volume will fail at startup with InnoDB upgrade checks, potentially corrupting data.

🔴 P0 — Authentication incompatibility

MySQL 9.x dropped mysql_native_password entirely. All client DSNs must negotiate caching_sha2_password. The Go MySQL driver (go-sql-driver/mysql) supports this, but:

• Requires TLS or a secure connection for the initial handshake (or AllowNativePasswords=false + AllowCleartextPasswords=true on localhost)
• Existing user accounts created with mysql_native_password must be migrated with ALTER USER ... IDENTIFIED WITH caching_sha2_password

Recommendation

Close this PR. MySQL major version bumps require coordinated changes across:

1. Remove --default-authentication-plugin flag
2. Step-wise upgrade (8.0 → 8.4 → 9.x) with tested migration path
3. Client DSN / driver compatibility verification
4. User auth plugin migration script
5. Helm chart alignment

This is not a safe Dependabot auto-bump.