chore: sync upstream/master + bump @supabase/pg to 8.21.0, pg-protocol to 1.13.1#31
Merged
Conversation
* Add docs for * Add docs for max uses * Clean up casing and grammar in comments * Add more docs on pool sizing * Grammar * Add better footer * Final updates
* Update readme text slightly * Better words
…c#3660) Removes the warning: ``` WARN[0000] .../node-postgres/.devcontainer/docker-compose.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion ``` The `version` attribute has been removed as of v2 of the docker compose plugin (https://github.com/compose-spec/compose-spec/blob/main/spec.md#version-top-level-element-obsolete).
* Upgrade eslint and typescript * eslint: Port config to new flat config format * Fix preserve-caught-error eslint warning * Drop unused eslint-disable-line * pg-cloudflare: Fix typescript errors - rootDir defaults have changed, so we need to specify it manually now - baseUrl is no longer supported - types no longer loads everything in @types by default, so we have to specify that we want node types - Pin @types/node to 16.* because we support node16 and above * pg-cloudflare: Workaround typescript bug regarding Buffer.from Fixes the following error: % yarn build yarn run v1.22.19 $ tsc --build packages/pg-cloudflare/src/index.ts:156:29 - error TS2769: No overload matches this call. The last overload gave the following error. Argument of type 'ArrayBuffer | Uint8Array<ArrayBufferLike>' is not assignable to parameter of type 'WithImplicitCoercion<string> | { [Symbol.toPrimitive](hint: "string"): string; }'. Type 'ArrayBuffer' is not assignable to type 'WithImplicitCoercion<string> | { [Symbol.toPrimitive](hint: "string"): string; }'. 156 const hex = Buffer.from(data).toString('hex') ~~~~ node_modules/@types/node/buffer.buffer.d.ts:83:13 83 from( ~~~~~ 84 str: ~~~~~~~~~~~~~~~~~~~~ ... 89 encoding?: BufferEncoding, ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 90 ): Buffer<ArrayBuffer>; ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The last overload is declared here. Found 1 error. See microsoft/TypeScript#63447 for more info * Fix tsconfig for pg-protocol and pg-query-stream * Standardize @types/node on ^16 Fixes the following typescript error: node_modules/typescript/lib/lib.esnext.intl.d.ts:26:135 - error TS2552: Cannot find name 'DateTimeRangeFormatPart'. Did you mean 'DateTimeFormatPart'? 26 formatRangeToParts(startDate: FormattableTemporalObject | Date | number, endDate: FormattableTemporalObject | Date | number): DateTimeRangeFormatPart[]; * pg-protocol: Narrow type of BufferReader.encoding `BufferReader.encoding` to `BufferEncoding` from `string` to match the new signature of `Buffer.toString`. * pg-query-stream: Bump eslint-plugin-promise to fix unmet peer dependency * Run eslint on its own config
* chore: update libpq to 1.11.0 * chore: add node 26
) * fix(pg-connection-string): prototype pollution via query strings * fix(pg): prototype pollution via server-supplied column names Fixes brianc#3654
…anc#3648) Bumps [eslint-plugin-prettier](https://github.com/prettier/eslint-plugin-prettier) from 5.5.1 to 5.5.5. - [Release notes](https://github.com/prettier/eslint-plugin-prettier/releases) - [Changelog](https://github.com/prettier/eslint-plugin-prettier/blob/main/CHANGELOG.md) - [Commits](prettier/eslint-plugin-prettier@v5.5.1...v5.5.5) --- updated-dependencies: - dependency-name: eslint-plugin-prettier dependency-version: 5.5.5 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* feat: add new client.getTransactionStatus() method Adds a new public method to retrieve the current transaction status of the client connection. Returns 'I' (idle), 'T' (in transaction), 'E' (error/aborted), or null (initial state/native client). The transaction status is tracked from PostgreSQL's ReadyForQuery message after each query completes. Native client returns null as it does not support this feature yet. * feat: add native client support for getTransactionStatus() - Add getTransactionStatus() to pg-native using libpq's PQtransactionStatus() with status mapping (0->I, 2->T, 3->E) - Update pg native client wrapper to delegate to pg-native - Remove native guard from txstatus tests (now runs in both modes) - Bump libpq to ^1.10.0 for transactionStatus() binding support * docs * Tests * fix: docs * clear docs --------- Co-authored-by: Brian C <brian.m.carlson@gmail.com>
Add proper error handling for SCRAM-SERVER-FINAL-MESSAGE error attribute. The SCRAM specification allows servers to return error messages via the 'e' attribute in the server final message. Currently, these errors are ignored and authentication fails later during signature verification. Postgres typically doesn't return this error (see [here](https://github.com/postgres/postgres/blob/2047ad068139f0b8c6da73d0b845ca9ba30fb33d/src/backend/libpq/auth-scram.c#L423) on why), but poolers, or other applications using the postgres protocol might, and it's part of the SCRAM spec, so it probably makes sense for node-postgres to handle it. Aligns behaviour with psql, postgrex, and somewhat with pgJDBC (pgJDBC in particular is stricter with scram errors). For reference: - libpq handling it: https://github.com/postgres/postgres/blob/2047ad068139f0b8c6da73d0b845ca9ba30fb33d/src/interfaces/libpq/fe-auth-scram.c#L708
* Add error handling for non-function callback catch callback not a function earlier to get a proper callstack. later when executing the callback the stack may be wrong/insufficient. * fix: lint * fix: lint * fix: test * feat: add test for new error
…a function & style fix. Follow-up to brianc#3561.
…l to 1.13.1 Pulls in 16 upstream commits since the pg@8.20.0 tag we synced to in #29. Most notable: - 7674d8c Fix pg prototype pollution via server supplied column names (brianc#3656) — security fix, primary motivation for this sync. - 939725e feat: add new client.getTransactionStatus() method (brianc#3645) - 7ba4efe Handle SASL SCRAM server error responses (brianc#3521) - 3bb9fba Add error handling for non-function callback (brianc#3561) - 0f56b76 Throw TypeError instead of base Error when query callback is not a function - 1025d12 Node JS 26 (brianc#3667) - 02367b8 Upgrade eslint and typescript (brianc#3662) — replaces .eslintrc with eslint.config.mjs, bumps @typescript-eslint/* to ^8, eslint to ^10, typescript to ^6 in root devDependencies. - Various docs / tests / dependabot bumps. Merge mechanics: a plain `git merge upstream/master` resolved cleanly with one trivial conflict — upstream modified the .github/workflows/ ci.yml file we previously deleted. We kept it deleted (the deploy-pg.yml + deploy-pg-protocol.yml workflows on master remain the publish path; we don't run upstream's test matrix). All five fork patches (rebrand + CI workflows + maxResultSize + parser try/catch + URL/README/packageManager restorations) auto-merged without conflict because upstream's edits were in different files or different hunks. Versioning: upstream has not published a new tag since pg@8.20.0, so this is a pick-up of unreleased upstream master rather than an align-with-upstream-tag bump like #29 was. Chose: - @supabase/pg-protocol@1.13.1 (patch — only buffer-reader.ts saw a one-line change plus tsconfig + eslint config tweaks; no API change) - @supabase/pg@8.21.0 (minor — adds public client.getTransactionStatus method per semver)
soedirgo
approved these changes
May 12, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
12 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Pulls in 16 upstream commits accumulated since the
pg@8.20.0tag we synced to in #29. Bumps:@supabase/pg-protocol→ 1.13.1 (patch — onlybuffer-reader.tssaw a one-line change plus tsconfig + eslint config tweaks; no API change)@supabase/pg→ 8.21.0 (minor — adds publicclient.getTransactionStatus()method, per semver)Why
Upstream has not published a new tag since
pg@8.20.0, so this picks up unreleased upstream master rather than aligning with a published tag like #29 did. Worth shipping anyway because of:7674d8c2Fix pg prototype pollution via server supplied column names (Fix pg prototype pollution via server supplied column names brianc/node-postgres#3656) — security fix, primary motivation.939725e0feat: add newclient.getTransactionStatus()method (feat: add new client.getTransactionStatus() method brianc/node-postgres#3645) — new public API.7ba4efe2Handle SASL SCRAM server error responses (Handle SASL SCRAM server error responses brianc/node-postgres#3521) — robustness fix inlib/crypto/sasl.js.3bb9fbaaAdd error handling for non-function callback (Add error handling for non-function callback brianc/node-postgres#3561) +0f56b76dThrowTypeErrorinstead of baseErrorwhen query callback is not a function — better error semantics.1025d12bNode JS 26 (Node JS 26 brianc/node-postgres#3667) — adds Node 26 to the test matrix (we don't run that matrix here, but the version bump inpg/package.jsonengines field is preserved).02367b83Upgrade eslint and typescript (Upgrade eslint and typescript brianc/node-postgres#3662) — replaces.eslintrcwitheslint.config.mjs(flat config), bumps@typescript-eslint/*to^8,eslintto^10,typescriptto^6in root devDependencies.How (merge mechanics)
A plain
git merge upstream/masterresolved cleanly with one trivial conflict: upstream modified the.github/workflows/ci.ymlfile we previously deleted. Kept it deleted (thedeploy-pg.yml+deploy-pg-protocol.ymlworkflows on master remain the publish path; we don't run upstream's test matrix).All five fork patches auto-merged with no conflict because upstream's edits were in different files or different hunks:
@supabase/*rebrand (root + pg + pg-protocol package.json)maxResultSizeinpg/lib/connection.jsmaxResultSizeinpg/lib/client.jsgetTransactionStatusin different hunk)maxResultSize+ connection back-ref inpg/lib/native/client.jsgetTransactionStatusin different hunk)maxResultSizeinpg/lib/native/query.jsmaxResultSizeinpg/lib/defaults.jsmaxResultSize-tests.jspg-protocol/src/parser.tsbuffer-reader.ts)pg/README.mdnpm install @supabase/pgpackage.jsonpackageManagerfieldValidation
packages/pg-protocol:npm install --workspaces=false --prefix .+npm run buildsucceeds → 74 unit tests pass.packages/pg:node --checkpasses on every modifiedlib/*.js,lib/native/*.js,lib/crypto/sasl.js(the upstream-changed file).npm publish --dry-runsucceeds for both packages, producing the expectedsupabase-pg-protocol-1.13.1.tgzandsupabase-pg-8.21.0.tgz.pgintegration tests will run post-publish viapostgres-metaCI, same pattern as chore: upgrade fork to upstream pg@8.20.0 #29.This PR must merge AFTER #30 (
fix(ci): make deploy workflows self-bootstrapping).If merged first, the deploy workflows on the merge commit will hit the same
Couldn't find any versions for "@supabase/pg-protocol" that matches "^1.13.1"install failure that broke the post-#29 publishes (the chicken-and-egg fixed by #30).After #30 lands and this PR merges, both
deploy-pg.ymlanddeploy-pg-protocol.ymlwill trigger automatically (bothpackages/pg/**andpackages/pg-protocol/**paths changed) and successfully publish@supabase/pg-protocol@1.13.1and@supabase/pg@8.21.0to npm.Test plan
Deploy pg-protocol packageworkflow runs and succeeds →@supabase/pg-protocol@1.13.1on npmDeploy pg packageworkflow runs and succeeds →@supabase/pg@8.21.0on npmpostgres-metato@supabase/pg@8.21.0to confirm full integration tests pass downstream