|
| 1 | +## 2020-02-25 |
| 2 | + |
| 3 | + |
| 4 | + |
| 5 | +`[email protected]` is [being released ](https://github.com/brianc/node-postgres/pull/2117) which contains a handful of breaking changes. |
| 6 | + |
| 7 | +I will outline each breaking change here and try to give some historical context on them. Most of them are small and subtle and likely wont impact you; __however__, there is one larger breaking change you will likely run into: |
| 8 | + |
| 9 | +___ |
| 10 | + |
| 11 | +#### Support all `tls.connect` [options](https://nodejs.org/api/tls.html#tls_tls_connect_options_callback) being passed to the client/pool constructor under the `ssl` option. |
| 12 | + |
| 13 | +Previously we white listed the parameters passed here and did slight massaging of some of them. The main __breaking__ change here is that now if you do this: |
| 14 | + |
| 15 | +``` |
| 16 | +const client = new Client({ ssl: true }) |
| 17 | +``` |
| 18 | + |
| 19 | +<div class="alert alert-danger" style="margin-top: 20px"> |
| 20 | +Now we will use the default ssl options to tls.connect which includes `rejectUnauthorized` being enabled. This means your connection attempt may fail if you are using a self-signed cert. To use the old behavior you should do this: |
| 21 | +</div> |
| 22 | + |
| 23 | +``` |
| 24 | +const client = new Client({ ssl: { rejectUnauthorized: false }}) |
| 25 | +``` |
| 26 | + |
| 27 | +This makes pg a bit more secure "out of the box" while still enabling you to opt in to the old behavior. |
| 28 | + |
| 29 | +___ |
| 30 | + |
| 31 | +The rest of the changes are relatively minor & you likely wont need to do anything, but good to be aware none the less! |
| 32 | + |
| 33 | +#### drop support for versions of node older than 8.0 |
| 34 | + |
| 35 | +[email protected] has been out of LTS for quite some time now, and I've removed it from our test matrix. `[email protected]` _may _ still work on older versions of node, but it isn't a goal of the project anymore. [email protected] is actually no longer in the LTS support line, but pg will continue to test against and support 8.0 until there is a compelling reason to drop support for it. Any security vulnerability issues which come up I will back-port fixes to the `[email protected]` line and do a release, but any other fixes or improvments will not be back ported. |
| 36 | + |
| 37 | +#### prevent password from being logged accidentally |
| 38 | + |
| 39 | +`[email protected]` makes the password field on the pool and client non-enumerable. This means when you do `console.log(client)` you wont have your database password printed out unintenionally. You can still do `console.log(client.password)` if you really want to see it! |
| 40 | + |
| 41 | +#### make `pg.native` non-enumerable |
| 42 | + |
| 43 | +You can use `pg.native.Client` to access the native client. The first time you access the `pg.native` getter it imports the native bindings...which must be installed. In some cases (such as webpacking the pg code for lambda deployment) the `.native` property would be traversed and trigger an import of the native bindings as a side-effect. Making this property non-enumerable will fix this issue. An easy fix, but its technically a breaking change in cases where people _are_ relying on this side effect for any reason. |
| 44 | + |
| 45 | +#### make `pg.Pool` an es6 class |
| 46 | + |
| 47 | +This makes extending `pg.Pool` possible. Previously it was not a "proper" es6 class and `class MyPool extends pg.Pool` wouldn't work. |
| 48 | + |
| 49 | +#### make `Notice` messages _not_ an instance of a JavaScript error |
| 50 | + |
| 51 | +The code path for parsing `notice` and `error` messages from the postgres backend is the same. Previously created a JavaScript `Error` instance for _both_ of these message types. Now, only actual `errors` from the postgres backend will be an instance of an `Error`. The _shape_ and _properties_ of the two messages did not change outside of this. |
| 52 | + |
| 53 | +#### monorepo |
| 54 | + |
| 55 | +While not technically a breaking change for the module itself, I have begun the process of [consolidating](https://github.com/brianc/node-pg-query-stream) [separate](https://github.com/brianc/node-pg-cursor/) [repos](https://github.com/brianc/node-pg-pool) into the main [repo](https://github.com/brianc/node-postgres) and converted it into a monorepo managed by lerna. This will help me stay on top of issues better (it was hard to bounce between 3-4 separate repos) and coordinate bug fixes and changes between dependant modules. |
| 56 | + |
| 57 | + |
| 58 | +Thanks for reading that! pg tries to be super pedantic about not breaking backwards-compatibility in non semver major releases....even for seemingly small things. If you ever notice a breaking change on a semver minor/patch release please stop by the [repo](https://github.com/brianc/node-postgres) and open an issue! |
| 59 | + |
1 | 60 | ## 2019-07-18 |
2 | 61 |
|
3 | 62 | ### New documentation |
|
0 commit comments