From 21a09a86ab4118b99b6d107a9fcedabec07399ac Mon Sep 17 00:00:00 2001
From: Igor Lukanin <igor@cube.dev>
Date: Mon, 22 Dec 2025 16:40:43 +0100
Subject: [PATCH 1/3] fix: tmp package vulnerability fixed via yarn resolution

---
 package.json |  3 ++-
 yarn.lock    | 27 ++++-----------------------
 2 files changed, 6 insertions(+), 24 deletions(-)

diff --git a/package.json b/package.json
index 15665cfbdda6d..05a549170fb75 100644
--- a/package.json
+++ b/package.json
@@ -71,7 +71,8 @@
     "lodash": "^4.17.0",
     "@types/node": "^20",
     "@types/ramda": "0.27.40",
-    "thrift": "0.20.0"
+    "thrift": "0.20.0",
+    "tmp": "0.2.4"
   },
   "license": "MIT",
   "packageManager": "yarn@1.22.19"
diff --git a/yarn.lock b/yarn.lock
index cbfa77472f79f..1e1e43ce90701 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -21447,11 +21447,6 @@ ordered-binary@^1.4.1:
   resolved "https://registry.yarnpkg.com/ordered-binary/-/ordered-binary-1.5.3.tgz#8bee2aa7a82c3439caeb1e80c272fd4cf51170fb"
   integrity sha512-oGFr3T+pYdTGJ+YFEILMpS3es+GiIbs9h/XQrclBXUtd44ey7XwfsMzM31f64I1SQOawDoDr/D823kNCADI8TA==
 
-os-tmpdir@~1.0.2:
-  version "1.0.2"
-  resolved "https://registry.yarnpkg.com/os-tmpdir/-/os-tmpdir-1.0.2.tgz#bbe67406c79aa85c5cfec766fe5734555dfa1274"
-  integrity sha1-u+Z0BseaqFxc/sdm/lc0VV36EnQ=
-
 ospath@^1.2.2:
   version "1.2.2"
   resolved "https://registry.yarnpkg.com/ospath/-/ospath-1.2.2.tgz#1276639774a3f8ef2572f7fe4280e0ea4550c07b"
@@ -26071,24 +26066,10 @@ tldts@^6.1.32:
   dependencies:
     tldts-core "^6.1.74"
 
-tmp@^0.0.33:
-  version "0.0.33"
-  resolved "https://registry.yarnpkg.com/tmp/-/tmp-0.0.33.tgz#6d34335889768d21b2bcda0aa277ced3b1bfadf9"
-  integrity sha512-jRCJlojKnZ3addtTOjdIqoRuPEKBvNXcGYqzO6zWZX8KfKEpnGY5jfggJQ3EjKuu8D4bJRr0y+cYJFmYbImXGw==
-  dependencies:
-    os-tmpdir "~1.0.2"
-
-tmp@^0.1.0:
-  version "0.1.0"
-  resolved "https://registry.yarnpkg.com/tmp/-/tmp-0.1.0.tgz#ee434a4e22543082e294ba6201dcc6eafefa2877"
-  integrity sha512-J7Z2K08jbGcdA1kkQpJSqLF6T0tdQqpR2pnSUXsIchbPdTI9v3e85cLW0d6WDhwuAleOV71j2xWs8qMPfK7nKw==
-  dependencies:
-    rimraf "^2.6.3"
-
-tmp@^0.2.3, tmp@~0.2.1, tmp@~0.2.3:
-  version "0.2.3"
-  resolved "https://registry.yarnpkg.com/tmp/-/tmp-0.2.3.tgz#eb783cc22bc1e8bebd0671476d46ea4eb32a79ae"
-  integrity sha512-nZD7m9iCPC5g0pYmcaxogYKggSfLsdxl8of3Q/oIbqCqLLIO9IAF0GWjX1z9NZRHPiXv8Wex4yDCaZsgEw0Y8w==
+tmp@0.2.4, tmp@^0.0.33, tmp@^0.1.0, tmp@^0.2.3, tmp@~0.2.1, tmp@~0.2.3:
+  version "0.2.4"
+  resolved "https://registry.yarnpkg.com/tmp/-/tmp-0.2.4.tgz#c6db987a2ccc97f812f17137b36af2b6521b0d13"
+  integrity sha512-UdiSoX6ypifLmrfQ/XfiawN6hkjSBpCjhKxxZcWlUUmoXLaCKQU0bx4HF/tdDK2uzRuchf1txGvrWBzYREssoQ==
 
 tmpl@1.0.5:
   version "1.0.5"

From 246061c4596bfb5845f749a64828aa86bec5926f Mon Sep 17 00:00:00 2001
From: Igor Lukanin <igor@cube.dev>
Date: Mon, 22 Dec 2025 17:11:30 +0100
Subject: [PATCH 2/3] fix(postgres-driver): handle connection termination
 errors gracefully

Add error handlers to pool clients to prevent unhandled error events
from crashing the process when PostgreSQL connections are terminated
unexpectedly (e.g., when max connections are reached).

Fixes #10142
---
 .../cubejs-postgres-driver/src/PostgresDriver.ts | 16 +++++++++++++++-
 .../cubejs-questdb-driver/src/QuestDriver.ts     |  9 ++++++++-
 2 files changed, 23 insertions(+), 2 deletions(-)

diff --git a/packages/cubejs-postgres-driver/src/PostgresDriver.ts b/packages/cubejs-postgres-driver/src/PostgresDriver.ts
index 3a6d0c6f25cb0..6c482cd5b4ec5 100644
--- a/packages/cubejs-postgres-driver/src/PostgresDriver.ts
+++ b/packages/cubejs-postgres-driver/src/PostgresDriver.ts
@@ -132,7 +132,7 @@ export class PostgresDriver<Config extends PostgresDriverConfiguration = Postgre
       ...config
     });
     this.pool.on('error', (err) => {
-      console.log(`Unexpected error on idle client: ${err.stack || err}`); // TODO
+      this.databasePoolError(err);
     });
     this.config = <Partial<Config>>{
       ...this.getInitialConfiguration(dataSource),
@@ -298,6 +298,13 @@ export class PostgresDriver<Config extends PostgresDriverConfiguration = Postgre
 
     const conn = await this.pool.connect();
 
+    // Attach error handler to the client to prevent unhandled error events
+    // from crashing the process when connections are terminated unexpectedly.
+    // See: https://github.com/brianc/node-postgres/issues/2112
+    conn.on('error', (err) => {
+      this.databasePoolError(err);
+    });
+
     try {
       await this.prepareConnection(conn);
 
@@ -342,6 +349,13 @@ export class PostgresDriver<Config extends PostgresDriverConfiguration = Postgre
 
     const conn = await this.pool.connect();
 
+    // Attach error handler to the client to prevent unhandled error events
+    // from crashing the process when connections are terminated unexpectedly.
+    // See: https://github.com/brianc/node-postgres/issues/2112
+    conn.on('error', (err) => {
+      this.databasePoolError(err);
+    });
+
     try {
       await this.prepareConnection(conn);
 
diff --git a/packages/cubejs-questdb-driver/src/QuestDriver.ts b/packages/cubejs-questdb-driver/src/QuestDriver.ts
index 015f028757b61..83329682a09f0 100644
--- a/packages/cubejs-questdb-driver/src/QuestDriver.ts
+++ b/packages/cubejs-questdb-driver/src/QuestDriver.ts
@@ -99,7 +99,7 @@ export class QuestDriver<Config extends QuestDriverConfiguration = QuestDriverCo
       ...config
     });
     this.pool.on('error', (err) => {
-      console.log(`Unexpected error on idle client: ${err.stack || err}`);
+      this.databasePoolError(err);
     });
     this.config = <Partial<Config>>{
       ...this.getInitialConfiguration(),
@@ -144,6 +144,13 @@ export class QuestDriver<Config extends QuestDriverConfiguration = QuestDriverCo
   private async queryResponse(query: string, values: unknown[]) {
     const conn = await this.pool.connect();
 
+    // Attach error handler to the client to prevent unhandled error events
+    // from crashing the process when connections are terminated unexpectedly.
+    // See: https://github.com/brianc/node-postgres/issues/2112
+    conn.on('error', (err) => {
+      this.databasePoolError(err);
+    });
+
     try {
       const res = await conn.query({
         text: query,

From 3cca7118672f6564c23a817d31377ba40e6ec6fd Mon Sep 17 00:00:00 2001
From: Igor Lukanin <igor@cube.dev>
Date: Mon, 22 Dec 2025 17:12:36 +0100
Subject: [PATCH 3/3] Revert "fix(postgres-driver): handle connection
 termination errors gracefully"

This reverts commit 246061c4596bfb5845f749a64828aa86bec5926f.
---
 .../cubejs-postgres-driver/src/PostgresDriver.ts | 16 +---------------
 .../cubejs-questdb-driver/src/QuestDriver.ts     |  9 +--------
 2 files changed, 2 insertions(+), 23 deletions(-)

diff --git a/packages/cubejs-postgres-driver/src/PostgresDriver.ts b/packages/cubejs-postgres-driver/src/PostgresDriver.ts
index 6c482cd5b4ec5..3a6d0c6f25cb0 100644
--- a/packages/cubejs-postgres-driver/src/PostgresDriver.ts
+++ b/packages/cubejs-postgres-driver/src/PostgresDriver.ts
@@ -132,7 +132,7 @@ export class PostgresDriver<Config extends PostgresDriverConfiguration = Postgre
       ...config
     });
     this.pool.on('error', (err) => {
-      this.databasePoolError(err);
+      console.log(`Unexpected error on idle client: ${err.stack || err}`); // TODO
     });
     this.config = <Partial<Config>>{
       ...this.getInitialConfiguration(dataSource),
@@ -298,13 +298,6 @@ export class PostgresDriver<Config extends PostgresDriverConfiguration = Postgre
 
     const conn = await this.pool.connect();
 
-    // Attach error handler to the client to prevent unhandled error events
-    // from crashing the process when connections are terminated unexpectedly.
-    // See: https://github.com/brianc/node-postgres/issues/2112
-    conn.on('error', (err) => {
-      this.databasePoolError(err);
-    });
-
     try {
       await this.prepareConnection(conn);
 
@@ -349,13 +342,6 @@ export class PostgresDriver<Config extends PostgresDriverConfiguration = Postgre
 
     const conn = await this.pool.connect();
 
-    // Attach error handler to the client to prevent unhandled error events
-    // from crashing the process when connections are terminated unexpectedly.
-    // See: https://github.com/brianc/node-postgres/issues/2112
-    conn.on('error', (err) => {
-      this.databasePoolError(err);
-    });
-
     try {
       await this.prepareConnection(conn);
 
diff --git a/packages/cubejs-questdb-driver/src/QuestDriver.ts b/packages/cubejs-questdb-driver/src/QuestDriver.ts
index 83329682a09f0..015f028757b61 100644
--- a/packages/cubejs-questdb-driver/src/QuestDriver.ts
+++ b/packages/cubejs-questdb-driver/src/QuestDriver.ts
@@ -99,7 +99,7 @@ export class QuestDriver<Config extends QuestDriverConfiguration = QuestDriverCo
       ...config
     });
     this.pool.on('error', (err) => {
-      this.databasePoolError(err);
+      console.log(`Unexpected error on idle client: ${err.stack || err}`);
     });
     this.config = <Partial<Config>>{
       ...this.getInitialConfiguration(),
@@ -144,13 +144,6 @@ export class QuestDriver<Config extends QuestDriverConfiguration = QuestDriverCo
   private async queryResponse(query: string, values: unknown[]) {
     const conn = await this.pool.connect();
 
-    // Attach error handler to the client to prevent unhandled error events
-    // from crashing the process when connections are terminated unexpectedly.
-    // See: https://github.com/brianc/node-postgres/issues/2112
-    conn.on('error', (err) => {
-      this.databasePoolError(err);
-    });
-
     try {
       const res = await conn.query({
         text: query,