chore(deps): bump drizzle-orm from 1.0.0-beta.16-ea816b6 to 1.0.0-beta.20 in /packages/opencode

[dependabot]

Bumps drizzle-orm from 1.0.0-beta.16-ea816b6 to 1.0.0-beta.20.

Release notes

Sourced from drizzle-orm's releases.

1.0.0-beta.20

• Fixed sql.identifier(), sql.as() escaping issues. Previously all the values passed to this functions were not properly escaped causing a possible SQL Injection (CWE-89) vulnerability

Thanks to @​EthanKim88, @​0x90sh and @​wgoodall01 for reaching out to us with a reproduction and suggested fix

v1.0.0-beta.19

New Features

sqlcommenter support for PostgreSQL and MySQL

You can now add custom tags to the query. These tags will be appended to the end of each query, helping the database add metadata/tags to it. This will be especially useful with PlanetScale’s new Database Traffic Control feature

// raw string support
db.select().from().comment("key='val'");
db.select().from().comment("my_first_tag");
// developer friendly dedicated to tags
db.select().from().comment({ key: 'val' });

Example:

db.select().from(comments).comment({ priority: 'high', category: "analytics" });

select "id", "name" from "comments" /*priority='high',category='analytics'*/

The only limitation is that you can't use comments with a prepared statement:

// can't be used
const p = db.select().from().prepare();
// ❌
p.comment({ key: 'val' }).execute();

Bug fixes

• Fixed error message for the defineRelations function
• [BUG]: drizzle-kit push attempts to drop policies in excluded schemas (e.g. cron) despite schemaFilter: ["public"]
• [BUG]: error attempting to drizzle-kit migrate table with char array field generated using drizzle-kit generate
• [BUG]: Ignore Vim *.swp files in drizzle-kit generate
• [BUG]: drizzle-kit pull outputs access method name instead of operator class for ivfflat indexes
• [BUG]: drizzle-kit pull generates not enough data provided to build the relation
• drizzle-kit push fails with Turso/libSQL on table recreation: "cannot commit - no transaction is active"
• [BUG]: Cannot read properties of undefined (reading 'requestLayout') when running drizzle-kit introspect (MySQL)

... (truncated)

Commits

• See full diff in compare view

[claude]

Claude Code Review

This repository is configured for manual code reviews. Comment @claude review to trigger a review and subscribe this PR to future pushes, or @claude review once for a one-time review.

_{Tip: disable this comment in your organization's Code Review settings.}

[github-actions]

This PR doesn't fully meet our contributing guidelines and PR template.

What needs to be fixed:

• PR description is missing required template sections. Please use the PR template.

Please edit this PR description to address the above within 2 hours, or it will be automatically closed.

If you believe this was flagged incorrectly, please let a maintainer know.

[github-actions]

Thanks for your contribution!

This PR doesn't have a linked issue. All PRs must reference an existing issue.

Please:

1. Open an issue describing the bug/feature (if one doesn't exist)
2. Add Fixes #<number> or Closes #<number> to this PR description

See CONTRIBUTING.md for details.

[cubic-dev-ai]

1 issue found across 1 file

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="packages/opencode/package.json">

<violation number="1" location="packages/opencode/package.json:50">
P2: `drizzle-kit` is still pinned to `1.0.0-beta.16-ea816b6` while `drizzle-orm` is bumped to `1.0.0-beta.20`. These packages are released in lockstep and the beta.19 release notes include drizzle-kit bug fixes that depend on matching ORM internals. The version skew can break `bun run db generate` or `bun run db push`. Bump `drizzle-kit` to `1.0.0-beta.20` as well.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review, or fix all with cubic.}

[cubic-dev-ai]

P2: drizzle-kit is still pinned to 1.0.0-beta.16-ea816b6 while drizzle-orm is bumped to 1.0.0-beta.20. These packages are released in lockstep and the beta.19 release notes include drizzle-kit bug fixes that depend on matching ORM internals. The version skew can break bun run db generate or bun run db push. Bump drizzle-kit to 1.0.0-beta.20 as well.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At packages/opencode/package.json, line 50:

<comment>`drizzle-kit` is still pinned to `1.0.0-beta.16-ea816b6` while `drizzle-orm` is bumped to `1.0.0-beta.20`. These packages are released in lockstep and the beta.19 release notes include drizzle-kit bug fixes that depend on matching ORM internals. The version skew can break `bun run db generate` or `bun run db push`. Bump `drizzle-kit` to `1.0.0-beta.20` as well.</comment>

<file context>
@@ -47,7 +47,7 @@
     "@typescript/native-preview": "catalog:",
     "drizzle-kit": "1.0.0-beta.16-ea816b6",
-    "drizzle-orm": "1.0.0-beta.16-ea816b6",
+    "drizzle-orm": "1.0.0-beta.20",
     "duckdb": "1.4.4",
     "playwright-core": "1.58.2",
</file context>