Skip to content

fix(core): Avoid parse-time SyntaxError on Safari <16.4 in postgresjs #20498

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
logaretm wants to merge 3 commits into
base: develop
Choose a base branch
from
+10 −1
Open

fix(core): Avoid parse-time SyntaxError on Safari <16.4 in postgresjs #20498

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
72afd61
fix(core): Avoid parse-time SyntaxError on Safari <16.4 in postgresjs
logaretm Apr 24, 2026
9f8d834
refactor(core): Lazy-init integer literal regex
logaretm Apr 24, 2026
e25324c
refactor(core): Use if-guard instead of ??= for regex lazy init
logaretm Apr 24, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 10 additions & 1 deletion packages/core/src/integrations/postgresjs.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -342,6 +342,8 @@ export function _reconstructQuery(strings: string[] | undefined): string | undef
return strings.reduce((acc, str, i) => (i === 0 ? str : `${acc}$${i}${str}`), '');
}

let integerLiteralRE: RegExp | undefined;

/**
* Sanitize SQL query as per the OTEL semantic conventions
* https://opentelemetry.io/docs/specs/semconv/database/database-spans/#sanitization-of-dbquerytext
Expand All @@ -356,6 +358,13 @@ export function _sanitizeSqlQuery(sqlQuery: string | undefined): string {
return 'Unknown SQL Query';
}

// Lazy init: constructing this at module scope would evaluate the lookbehind
// on import and crash Safari <16.4 browser bundles that reach this file via
// the core barrel. Building it on first call keeps the cost off the import path.
if (!integerLiteralRE) {
integerLiteralRE = new RegExp('(?<!\\$)-?\\b\\d+\\b', 'g');
}
Copy link
Copy Markdown

@cursor cursor Bot Apr 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fix PR missing regression test

Low Severity

This fix PR does not include a new test covering the regression it addresses. While the Safari parse-time behavior is difficult to reproduce in a Node.js test runner, it would still be valuable to add a test verifying that integerLiteralRE is constructed correctly and that _sanitizeSqlQuery works with the lazily-initialized RegExp constructor form (e.g., confirming $n placeholders remain intact and integer literals are replaced). Existing tests may cover this behavior, but the rules recommend at least one explicit test accompanying a fix.

Fix in Cursor Fix in Web

Triggered by project rule: PR Review Guidelines for Cursor Bot

Reviewed by Cursor Bugbot for commit e25324c. Configure here.


return (
sqlQuery
// Remove comments first (they may contain newlines and extra spaces)
Expand All @@ -378,7 +387,7 @@ export function _sanitizeSqlQuery(sqlQuery: string | undefined): string {
.replace(/-?\b\d+\.?\d*[eE][+-]?\d+\b/g, '?') // Scientific notation
.replace(/-?\b\d+\.\d+\b/g, '?') // Decimals
.replace(/-?\.\d+\b/g, '?') // Decimals starting with dot
.replace(/(?<!\$)-?\b\d+\b/g, '?') // Integers (NOT $n placeholders)
.replace(integerLiteralRE, '?') // Integers (NOT $n placeholders)
// Collapse IN clauses for cardinality (both ? and $n variants)
.replace(/\bIN\b\s*\(\s*\?(?:\s*,\s*\?)*\s*\)/gi, 'IN (?)')
.replace(/\bIN\b\s*\(\s*\$\d+(?:\s*,\s*\$\d+)*\s*\)/gi, 'IN ($?)')
Expand Down
Loading