Skip to content

chore(deps): bump pg from 8.11.3 to 8.20.0#244

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/pg-8.20.0
Open

chore(deps): bump pg from 8.11.3 to 8.20.0#244
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/pg-8.20.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 7, 2026
edited
Loading

Bumps pg from 8.11.3 to 8.20.0.

Changelog

Sourced from pg's changelog.

pg@8.20.0

  • Add onConnect callback to pg.Pool constructor options allowing for async initialization of newly created & connected pooled clients.

pg@8.19.0

pg@8.18.0

pg@8.17.0

  • Throw correct error if database URL parsing fails.

pg@8.16.0

pg@8.15.0

  • Add support for esm importing. CommonJS importing is still also supported.

pg@8.14.0

pg@8.13.0

pg@8.12.0

pg-pool@8.10.0

  • Emit release event when client is returned to the pool.

pg@8.9.0

pg@8.8.0

... (truncated)

Commits
  • c9070cc Publish
  • ad36e3c fix: typo in deprecation notice for client.query() (#3618)
  • f2d7d11 Publish
  • 5a4bafc Deprecate Client's internal query queue (#3603)
  • a215bfb Typo fix in PgPass deprecation (funciton) (#3605)
  • 01e0556 fix(pg-query-stream): invoke this.callback on cursor end/error (#2810)
  • e6e3692 Pass connection parameters to password callback (#3602)
  • d80d883 test: Fix TLS connection test ending too early
  • f332f28 fix: Connection timeout handling for native clients in connected state (#3512)
  • b2e9cb1 Remove testAsync - its redundant (#3588)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label May 7, 2026
@dependabot dependabot Bot requested a review from aamoghS as a code owner May 7, 2026 12:49
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label May 7, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 7, 2026

@dependabot merge

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 7, 2026
edited
Loading

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
npm/pg 8.20.0 🟢 5.3
Details
CheckScoreReason
Code-Review🟢 5Found 15/28 approved changesets -- score normalized to 5
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Maintained🟢 1030 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/pg 8.20.0 🟢 5.3
Details
CheckScoreReason
Code-Review🟢 5Found 15/28 approved changesets -- score normalized to 5
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Maintained🟢 1030 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0

Scanned Files

  • packages/db/package.json
  • pnpm-lock.yaml

@dependabot
chore(deps): bump pg from 8.11.3 to 8.20.0
d0a8919 
Bumps [pg](https://github.com/brianc/node-postgres/tree/HEAD/packages/pg) from 8.11.3 to 8.20.0.
- [Changelog](https://github.com/brianc/node-postgres/blob/master/CHANGELOG.md)
- [Commits](https://github.com/brianc/node-postgres/commits/pg@8.20.0/packages/pg)

---
updated-dependencies:
- dependency-name: pg
  dependency-version: 8.20.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title Bump pg from 8.11.3 to 8.20.0 chore(deps): bump pg from 8.11.3 to 8.20.0 May 12, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/pg-8.20.0 branch from d2e3d68 to d0a8919 Compare May 12, 2026 03:10
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 12, 2026

@dependabot merge

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aamoghS aamoghS Awaiting requested review from aamoghS aamoghS is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants