fix(deps): update dependency pg-native to v3 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
pg-native (source)	^1.10.0 → ^3.0.1

GitHub Vulnerability Alerts

CVE-2022-25852

pg-native before 3.0.1 and libpq before 1.8.10 are vulnerable to Denial of Service (DoS) when the addons attempt to cast the second argument to an array and fail. This happens for every non-array argument passed. Note: pg-native is a mere binding to npm's libpq library, which in turn has the addons and bindings to the actual C libpq library. This means that problems found in pg-native may transitively impact npm's libpq.

---

Release Notes

brianc/node-postgres (pg-native)

v3.0.1

Compare Source

v3.0.0

Compare Source

• Rewrote stream internals to better conform to node stream semantics. This should make pg-query-stream much better at respecting highWaterMark and getting rid of some edge case bugs when using pg-query-stream as an async iterator. Due to the size and nature of this change (effectively a full re-write) it's safest to bump the semver major here, though almost all tests remain untouched and still passing, which brings us to a breaking change to the API....
• Changed stream.close to stream.destroy which is the official way to terminate a readable stream. This is a breaking change if you rely on the stream.close method on pg-query-stream...though should be just a find/replace type operation to upgrade as the semantics remain very similar (not exactly the same, since internals are rewritten, but more in line with how streams are "supposed" to behave).
• Unified the config.batchSize and config.highWaterMark to both do the same thing: control how many rows are buffered in memory. The ReadableStream will manage exactly how many rows are requested from the cursor at a time. This should give better out of the box performance and help with efficient async iteration.

v2.2.0

Compare Source

• Switch internal protocol parser & serializer to pg-protocol. The change is backwards compatible but results in a significant performance improvement across the board, with some queries as much as 50% faster.

v2.0.1

Compare Source

v2.0.0

Compare Source

• Properly handle various PostgreSQL to JavaScript type conversions to avoid data loss:

PostgreSQL | pg@v2.0 JavaScript | pg@v1.0 JavaScript
--------------------------------|----------------
float4     | number (float)     | string
float8     | number (float)     | string
int8       | string             | number (int)
numeric    | string             | number (float)
decimal    | string             | number (float)

For more information see #​353
If you are unhappy with these changes you can always override the built in type parsing fairly easily.

v1.10.1

Compare Source

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.