Updated knex and postgres dependencies

[Vultraz]

Should resolve #2849 as requested.

[changeset-bot]

🦋 Changeset is good to go

Latest commit: fc9fb29

We got this.

This PR includes changesets to release 8 packages

Name	Type
@keystonejs/adapter-knex	Major
create-keystone-app	Patch
@keystonejs/fields-auto-increment	Patch
@keystonejs/fields-datetime-utc	Patch
@keystonejs/fields-mongoid	Patch
@keystonejs/fields	Patch
@keystonejs/test-utils	Patch
@keystonejs/benchmarks	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[timleslie]

I think this may be a major breaking change. We need to see if any of the breaking changes to pg are directly exposed to users of the adapter-knex package which could cause breakage if they pull this new version.

[thekevinbrown]

@timleslie The one called out in the original issue is enough to justify a breaking change in my opinion:

Now we will use the default ssl options to tls.connect which includes rejectUnauthorized being enabled. This means your connection attempt may fail if you are using a self-signed cert. This makes pg a bit more secure "out of the box" while still enabling you to opt in to the old behavior.

[molomby]

@timleslie will leave this to you to go through in detail. My 2c below --

pg@7.17.0 to pg@8.0.3

Based on the pg change log and a quick peruse of the code, it this jump shouldn't be especially disruptive; really just that ssl issue @thekevinbrown called out. Some devs may need to update a connection string or config option.

knex@0.20.6 to knex@0.21.1

Change log. Looks quite safe. The only two things that jumped out at me were...

• Knex returns native JS promises instead of Bluebird ones. This means that you no longer use such methods as map, spread and reduce on QueryBuilder instance.
• Breaking upstream change in pg-query-stream: Changed stream.close to stream.destroy which is the official way to terminate a readable stream. This is a breaking change if you rely on the stream.close method on pg-query-stream...though should be just a find/replace type operation to upgrade as the semantics remain very similar (not exactly the same, since internals are rewritten, but more in line with how streams are "supposed" to behave).

And of course you'd only hit them if you were using Keystones knex instance for some pretty specific stuff.

[timleslie]

I think if we explicitly call out the versions being upgraded then we can push this one through 👍

[Vultraz]

Committed your suggestion.

[timleslie]

👍

[andyfcx]

Finally!