FIXES #15343 FIXES #15321:- fix(test-utils, link-modules): encode URL credentials and fix schema-qualified RENAME TO

[Ultron03]

FIXES #15343,FIXES #15321
fix(test-utils, link-modules): encode URL credentials and fix schema-qualified RENAME TO

• getDatabaseURL now wraps DB_USERNAME and DB_PASSWORD in encodeURIComponent so passwords containing #, @, :, or / produce a valid URL instead of TypeError: Invalid URL
• MigrationsExecutionPlanner.renameOldTable emits an unqualified identifier after RENAME TO, fixing PostgreSQL ERROR 42601 caused by a schema-qualified target
• adds unit tests for getDatabaseURL special-character encoding
• adds unit and integration tests for the rename SQL fix

Summary

What — What changes are introduced in this PR?
Two bug fixes across two packages:

1. @medusajs/test-utils — getDatabaseURL now wraps DB_USERNAME and DB_PASSWORD in encodeURIComponent before interpolating them into the connection URL string.
2. @medusajs/link-modules — MigrationsExecutionPlanner.renameOldTable now emits an unqualified table identifier after RENAME TO instead of a schema-qualified one ("schema"."name").

Why — Why are these changes relevant or necessary?

1. Passwords containing URL-reserved characters (#, @, :, /) produced a malformed clientUrl that MikroORM rejected with TypeError: Invalid URL before any connection was attempted. The # case is the most destructive —
   Node's WHATWG URL parser treats it as the fragment separator and silently strips everything after it from the authority, making integration tests fail immediately for any developer whose Postgres password contains it.
2. PostgreSQL's ALTER TABLE grammar requires an unqualified name after RENAME TO. The previous code passed a schema-qualified target ("public"."new_table_name"), which PostgreSQL rejects with ERROR 42601: syntax error
   at or near ".". This caused db:sync-links to crash whenever a tracked link table needed to be renamed.

How — How have these changes been implemented?

1. In packages/medusa-test-utils/src/database.ts, getDatabaseURL now calls encodeURIComponent(DB_USERNAME) and encodeURIComponent(DB_PASSWORD). The pgGodCredentials object (used by pg-god) is passed as a plain config
   object — not a URL — so it continues to use the raw values unchanged.
2. In packages/modules/link-modules/src/migration/index.ts, the SQL template in renameOldTable was changed from:
   ALTER TABLE "schema"."old_name" RENAME TO "schema"."new_name";
   to:
   ALTER TABLE "schema"."old_name" RENAME TO "new_name";
3. The source is still schema-qualified (correct); only the target is now unqualified (as PostgreSQL requires).

Testing — How have these changes been tested, or how can the reviewer test the feature?

Unit tests added:

• packages/medusa-test-utils/src/tests/database.spec.ts — 8 cases covering plain credentials, empty password, and each URL-special character (#, @, :, /) in both username and password. Each asserts the URL parses
  without throwing and that decodeURIComponent round-trips back to the original value.
• packages/modules/link-modules/src/migration/tests/rename-old-table.spec.ts — 3 cases using a mock ORM to assert the generated SQL uses an unqualified RENAME TO target, schema-qualifies the source, and updates the
  tracking table correctly.

Integration test added:

• packages/modules/link-modules/integration-tests/tests/rename-migration.spec.ts — seeds a real Postgres database with a stale tracked table name, runs MigrationsExecutionPlanner.createPlan(), and asserts the plan
  produces a rename action (not a create) without throwing a PostgreSQL syntax error.

To reproduce the bugs manually before the fix:

Bug 1

DB_USERNAME=postgres DB_PASSWORD='pass#word' yarn test:integration

Bug 2

cd packages/modules/link-modules && yarn test:integration

---

Checklist

Please ensure the following before requesting a review:

• I have added a changeset for this PR
  • Every non-breaking change should be marked as a patch
  • To add a changeset, run yarn changeset and follow the prompts
• The changes are covered by relevant tests
• I have verified the code works as intended locally
• I have linked the related issue(s) if applicable

---

[changeset-bot]

🦋 Changeset detected

Latest commit: 73d7ccd

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 78 packages

Name	Type
@medusajs/link-modules	Patch
@medusajs/test-utils	Patch
@medusajs/medusa	Patch
@medusajs/analytics	Patch
@medusajs/api-key	Patch
@medusajs/auth	Patch
@medusajs/caching	Patch
@medusajs/cart	Patch
@medusajs/currency	Patch
@medusajs/customer	Patch
@medusajs/file	Patch
@medusajs/fulfillment	Patch
@medusajs/index	Patch
@medusajs/inventory	Patch
@medusajs/locking	Patch
@medusajs/notification	Patch
@medusajs/order	Patch
@medusajs/payment	Patch
@medusajs/pricing	Patch
@medusajs/product	Patch
@medusajs/promotion	Patch
@medusajs/rbac	Patch
@medusajs/region	Patch
@medusajs/sales-channel	Patch
@medusajs/settings	Patch
@medusajs/stock-location	Patch
@medusajs/store	Patch
@medusajs/tax	Patch
@medusajs/translation	Patch
@medusajs/user	Patch
@medusajs/workflow-engine-inmemory	Patch
@medusajs/workflow-engine-redis	Patch
@medusajs/draft-order	Patch
@medusajs/loyalty-plugin	Patch
integration-tests-http	Patch
@medusajs/medusa-oas-cli	Patch
@medusajs/oas-github-ci	Patch
@medusajs/cache-inmemory	Patch
@medusajs/cache-redis	Patch
@medusajs/event-bus-local	Patch
@medusajs/event-bus-redis	Patch
@medusajs/analytics-local	Patch
@medusajs/analytics-posthog	Patch
@medusajs/auth-emailpass	Patch
@medusajs/auth-github	Patch
@medusajs/auth-google	Patch
@medusajs/caching-redis	Patch
@medusajs/file-local	Patch
@medusajs/file-s3	Patch
@medusajs/fulfillment-manual	Patch
@medusajs/locking-postgres	Patch
@medusajs/locking-redis	Patch
@medusajs/notification-local	Patch
@medusajs/notification-sendgrid	Patch
@medusajs/payment-stripe	Patch
@medusajs/core-flows	Patch
@medusajs/framework	Patch
@medusajs/js-sdk	Patch
@medusajs/modules-sdk	Patch
@medusajs/orchestration	Patch
@medusajs/types	Patch
@medusajs/utils	Patch
@medusajs/workflows-sdk	Patch
@medusajs/http-types-generator	Patch
@medusajs/cli	Patch
@medusajs/deps	Patch
@medusajs/telemetry	Patch
@medusajs/admin-bundler	Patch
@medusajs/admin-sdk	Patch
@medusajs/admin-shared	Patch
@medusajs/admin-vite-plugin	Patch
@medusajs/dashboard	Patch
@medusajs/icons	Patch
@medusajs/toolbox	Patch
@medusajs/ui-preset	Patch
create-medusa-app	Patch
medusa-dev-cli	Patch
@medusajs/ui	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[vercel]

@Ultron03 is attempting to deploy a commit to the medusajs Team on Vercel.

A member of the Team first needs to authorize it.

[medusa-os-bot]

Thank you for your contribution, @Ultron03! 🎉

After an initial review, this PR looks good to us. Here's a summary:

✅ PR template is complete
✅ Linked to verified open issues (#15343, #15321)
✅ Follows contribution guidelines
✅ Tests included (unit tests for both fixes + integration test for the rename fix)
✅ Changesets included with correct format
✅ Follows Medusa's conventions

Fix 1 — URL credential encoding (packages/medusa-test-utils/src/database.ts)
The change correctly scopes encodeURIComponent to the URL-building path in getDatabaseURL, while leaving the raw values in pgGodCredentials (passed as a plain config object) untouched. The default schema in MigrationsExecutionPlanner is "public", so the unit test assertions are correct.

Fix 2 — Schema-qualified RENAME TO target (packages/modules/link-modules/src/migration/index.ts)
The change is minimal and correct — PostgreSQL's ALTER TABLE ... RENAME TO grammar requires an unqualified identifier after RENAME TO, so dropping "schema". from the target is the right fix. this.#schema defaults to "public" when no schema option is passed, which aligns with the unit test expectations.

A team member will do a final review before this is merged. We appreciate your patience!

Triggered by: new PR opened

[medusa-os-bot]

Thank you for the updated description, @Ultron03!

The expanded explanation in the What, Why, How, and Testing sections accurately reflects the implementation. Nothing in the description update changes the earlier assessment — the fixes are correct, the changesets are properly formatted, and the tests cover the key scenarios.

This PR retains initial-approval. A team member will do a final review before it's merged.

Triggered by: PR description updated

[medusa-os-bot]

Thank you for the updated description, @Ultron03!

The PR template is now thoroughly completed — the What, Why, How, and Testing sections are clear and detailed. Everything from the previous review still holds:

✅ PR template is complete
✅ Linked to verified open issues (#15343, #15321)
✅ Changesets included with correct fix(…) message format
✅ Unit and integration tests cover both fixes
✅ Follows Medusa's conventions

The two fixes are minimal and correct:

• encodeURIComponent is correctly scoped to the URL-building path in getDatabaseURL, leaving pgGodCredentials (a plain config object) untouched.
• Dropping the schema qualifier from the RENAME TO target is the right PostgreSQL fix, and the renameOldTable method is protected, so the test subclass pattern is valid.

A team member will do a final review before this is merged. We appreciate your patience!

Triggered by: PR description updated

[medusa-os-bot]

Thank you for your contribution, @Ultron03!

After reviewing the updated description and the code changes, this PR continues to look good to us. Here's a summary:

✅ PR template is complete
✅ Linked to verified open issues (#15343, #15321)
✅ Follows contribution guidelines
✅ Tests included (unit tests for both fixes + integration test for the rename fix)
✅ Changesets included with correct format (patch for both @medusajs/link-modules and @medusajs/test-utils)
✅ Follows Medusa's conventions

Fix 1 — URL credential encoding (packages/medusa-test-utils/src/database.ts)
encodeURIComponent is correctly scoped to the URL-building path in getDatabaseURL. The pgGodCredentials object (passed as a plain config, not a URL) correctly continues to use the raw values.

Fix 2 — Schema-qualified RENAME TO target (packages/modules/link-modules/src/migration/index.ts)
The fix is minimal and correct — dropping the schema prefix from the RENAME TO target is exactly what PostgreSQL's ALTER TABLE ... RENAME TO grammar requires.

A team member will do a final review before this is merged. We appreciate your patience!

Triggered by: PR description updated

[medusa-os-bot]

Thank you for the updated description, @Ultron03!

The prior review stands — this PR is well-scoped, correct, and test-covered. Quick re-confirmation after the description update:

✅ PR template is complete
✅ Linked to verified open issues (#15343, #15321)
✅ Follows contribution guidelines
✅ Tests included (unit tests for both fixes + integration test for the rename fix)
✅ Changesets included with correct format (fix(...) prefix, patch bump)
✅ Follows Medusa's conventions

Fix 1 — URL credential encoding (packages/medusa-test-utils/src/database.ts)
encodeURIComponent is correctly scoped to the URL-building path only. The pgGodCredentials object (a plain config, not a URL) retains raw values — intentional and correct.

Fix 2 — Schema-qualified RENAME TO target (packages/modules/link-modules/src/migration/index.ts)
PostgreSQL requires an unqualified identifier after RENAME TO. The one-line change is minimal and correct. The source table remains schema-qualified; only the target is unqualified.

Integration test (integration-tests/__tests__/rename-migration.spec.ts)
Fixture imports (User, Car, UserModule, CarModule, etc.) resolve correctly from the existing integration-tests/__fixtures__/migrations.ts. The seed-then-plan approach faithfully reproduces the pre-upgrade DB state.

A team member will do a final review before this is merged. We appreciate your patience!

Triggered by: PR description updated