Skip to content

Bump pg from 8.18.0 to 8.20.0#26

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/pg-8.20.0
Open

Bump pg from 8.18.0 to 8.20.0#26
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/pg-8.20.0

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot bot commented on behalf of github Apr 1, 2026

Bumps pg from 8.18.0 to 8.20.0.

Changelog

Sourced from pg's changelog.

pg@8.20.0

  • Add onConnect callback to pg.Pool constructor options allowing for async initialization of newly created & connected pooled clients.

pg@8.19.0

Commits
  • c9070cc Publish
  • ad36e3c fix: typo in deprecation notice for client.query() (#3618)
  • f2d7d11 Publish
  • 5a4bafc Deprecate Client's internal query queue (#3603)
  • a215bfb Typo fix in PgPass deprecation (funciton) (#3605)
  • 01e0556 fix(pg-query-stream): invoke this.callback on cursor end/error (#2810)
  • e6e3692 Pass connection parameters to password callback (#3602)
  • d80d883 test: Fix TLS connection test ending too early
  • f332f28 fix: Connection timeout handling for native clients in connected state (#3512)
  • b2e9cb1 Remove testAsync - its redundant (#3588)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump pg from 8.18.0 to 8.20.0
7b8a313 
Bumps [pg](https://github.com/brianc/node-postgres/tree/HEAD/packages/pg) from 8.18.0 to 8.20.0.
- [Changelog](https://github.com/brianc/node-postgres/blob/master/CHANGELOG.md)
- [Commits](https://github.com/brianc/node-postgres/commits/pg@8.20.0/packages/pg)

---
updated-dependencies:
- dependency-name: pg
  dependency-version: 8.20.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github
Copy link
Copy Markdown
Author

dependabot bot commented on behalf of github Apr 1, 2026

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot bot requested a review from ian14218 as a code owner April 1, 2026 18:32
bri-tong
bri-tong reviewed Apr 1, 2026
View reviewed changes
Copy link
Copy Markdown

@bri-tong bri-tong left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review: Bump pg from 8.18.0 to 8.20.0

Summary

This is a Dependabot minor version bump of the pg (node-postgres) package from 8.18.0 to 8.20.0. The change touches only server/package.json (version specifier) and package-lock.json (resolved versions and regenerated metadata). The upgrade is low-risk — the codebase uses only standard Pool and pool.query()/client.query() APIs, all of which are stable and unchanged in this release.

Blocking Issues

None.

Non-blocking Suggestions

  1. Lockfile metadata drift: The regenerated package-lock.json introduces several fields beyond the pg bump — license: "MIT" entries and engines: { "node": ">=18.0.0" } blocks in root, client, and server workspace entries. This is expected Dependabot behavior (it runs npm install which picks up metadata from workspace package.json files), but it's worth noting these are cosmetic lockfile changes, not behavioral ones.

  2. Deprecation awareness (pg 8.19.0): pg 8.19.0 deprecated the internal client query queue, meaning calling client.query() multiple times without awaiting the previous call will now emit a deprecation warning. I verified that all client.query() calls in this codebase are properly awaited (server/src/db/migrate.js, server/src/models/tournamentTeam.model.js, server/src/services/bestBall.service.js), so this deprecation does not affect you.

  3. Version specifier change: The server/package.json specifier changed from "^8.11.3" to "^8.20.0", which raises the minimum resolved version from 8.11.3 to 8.20.0 for fresh installs. This is fine since 8.x maintains backward compatibility, but it means contributors doing a fresh npm install will never resolve to anything below 8.20.0.

Questions / Clarifications

None — this is a straightforward, well-scoped dependency update.

Verdict

Safe to merge. The pg 8.18.0→8.20.0 upgrade is a minor version bump with no breaking changes. The codebase's usage patterns (Pool, pool.query(), sequential await client.query()) are fully compatible with the new version.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ian14218 ian14218 Awaiting requested review from ian14218 ian14218 is a code owner

1 more reviewer

@bri-tong bri-tong bri-tong left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@bri-tong