fix: revert pnpm patch, use inline JSON fix for scanSync upstream bug

Instead of patching @libpg-query/parser via pnpm patch (which caused
CI issues with pnpm v9/v10 lockfile incompatibility), handle the
upstream JSON serialization bug inline in scanner.ts.

The approach: try scanSync normally, and if it throws due to unescaped
control characters in the JSON output, retry with a temporarily
monkey-patched JSON.parse that escapes control chars before parsing.
This is synchronous so there are no concurrency concerns.

All 28 tests pass. No changes to lockfile format or workspace config.

Author: pyramation

package.json

@@ -23,11 +23,6 @@
     "bump-versions": "ts-node scripts/bump-versions.ts",
     "update-workspace": "makage update-workspace"
   },
-  "pnpm": {
-    "patchedDependencies": {
-      "@libpg-query/parser@17.6.3": "patches/@libpg-query__parser@17.6.3.patch"
-    }
-  },
   "devDependencies": {
     "@types/jest": "^30.0.0",
     "@types/node": "^20.12.7",

packages/parse/src/scanner.ts

@@ -9,11 +9,50 @@
  *
  * Note: @libpg-query/parser has an upstream JSON serialization bug in
  * _wasm_scan where literal control characters in token text are not
- * escaped. This is fixed via a pnpm patch (see patches/ directory).
+ * escaped. We work around this by retrying with a patched JSON.parse
+ * that escapes control characters before parsing.
  */
 
 import { scanSync, type ScanToken } from '@libpg-query/parser';
 
+/**
+ * Escape unescaped control characters inside JSON string values.
+ * The upstream _wasm_scan emits raw \n, \r, \t in token text fields,
+ * which breaks JSON.parse. This replaces them with their escape sequences.
+ */
+function fixScanJson(raw: string): string {
+  return raw.replace(
+    /"(?:[^"\\]|\\.)*"/g,
+    (match) =>
+      match
+        .replace(/\t/g, '\\t')
+        .replace(/\n/g, '\\n')
+        .replace(/\r/g, '\\r')
+  );
+}
+
+/**
+ * Call scanSync with a workaround for the upstream JSON serialization bug.
+ * First tries the normal path; if JSON.parse throws, retries with a
+ * temporarily patched JSON.parse that escapes control characters.
+ * This is synchronous so there are no concurrency concerns.
+ */
+function safeScanSync(sql: string): { tokens: ScanToken[] } {
+  try {
+    return scanSync(sql);
+  } catch {
+    // Retry with patched JSON.parse to handle unescaped control chars
+    const origParse = JSON.parse;
+    try {
+      JSON.parse = ((text: string, reviver?: Parameters<typeof JSON.parse>[1]) =>
+        origParse(fixScanJson(text), reviver)) as typeof JSON.parse;
+      return scanSync(sql);
+    } finally {
+      JSON.parse = origParse;
+    }
+  }
+}
+
 /** Token type for -- line comments from PostgreSQL's lexer */
 const SQL_COMMENT = 275;
 
@@ -66,7 +105,7 @@ export function scanComments(sql: string): ScannedElement[] {
 
   let tokens: ScanToken[];
   try {
-    const scanResult = scanSync(sql);
+    const scanResult = safeScanSync(sql);
     tokens = scanResult.tokens;
   } catch {
     return [];