chore: update postgres

Author: vxsx

config/database.ts

@@ -36,17 +36,22 @@ export default ({ env }) => {
         database: env('DATABASE_NAME', 'strapi'),
         user: env('DATABASE_USERNAME', 'strapi'),
         password: env('DATABASE_PASSWORD', 'strapi'),
-        ssl: env.bool('DATABASE_SSL', false) && {
-          key: env('DATABASE_SSL_KEY', undefined),
-          cert: env('DATABASE_SSL_CERT', undefined),
-          ca: env('DATABASE_SSL_CA', undefined),
-          capath: env('DATABASE_SSL_CAPATH', undefined),
-          cipher: env('DATABASE_SSL_CIPHER', undefined),
-          rejectUnauthorized: env.bool(
-            'DATABASE_SSL_REJECT_UNAUTHORIZED',
-            true
-          ),
-        },
+        // When DATABASE_SSL is unset, leave `ssl` undefined so node-postgres
+        // honours `sslmode=require` (or any other sslmode) embedded in
+        // DATABASE_URL. Explicitly setting `ssl: false` would override it.
+        ssl: env.bool('DATABASE_SSL', false)
+          ? {
+              key: env('DATABASE_SSL_KEY', undefined),
+              cert: env('DATABASE_SSL_CERT', undefined),
+              ca: env('DATABASE_SSL_CA', undefined),
+              capath: env('DATABASE_SSL_CAPATH', undefined),
+              cipher: env('DATABASE_SSL_CIPHER', undefined),
+              rejectUnauthorized: env.bool(
+                'DATABASE_SSL_REJECT_UNAUTHORIZED',
+                true
+              ),
+            }
+          : undefined,
         schema: env('DATABASE_SCHEMA', 'public'),
       },
       pool: {

docker-compose.yml

@@ -19,7 +19,7 @@ services:
     command: 'npm run develop'
 
   database_default:
-    image: postgres:15.7-alpine
+    image: postgres:18-alpine
     environment:
       POSTGRES_DB: 'db'
       POSTGRES_HOST_AUTH_METHOD: 'trust'