supabase · soedirgo · Sep 16, 2025 · Sep 16, 2025 · Sep 16, 2025
diff --git a/lints/0022_extension_versions_outdated.sql b/lints/0022_extension_versions_outdated.sql
@@ -26,9 +26,14 @@ select
     ) as cache_key
 from
     pg_catalog.pg_available_extensions ext
+join
+    -- ignore versions not in pg_available_extension_versions
+    -- e.g. residue of pg_upgrade
+    pg_catalog.pg_available_extension_versions extv
+    on extv.name = ext.name and extv.installed
 where
     ext.installed_version is not null
     and ext.default_version is not null
     and ext.installed_version != ext.default_version
 order by
-    ext.name;
+    ext.name;
diff --git a/splinter.sql b/splinter.sql
@@ -1137,6 +1137,11 @@ select
     ) as cache_key
 from
     pg_catalog.pg_available_extensions ext
+join
+    -- ignore versions not in pg_available_extension_versions
+    -- e.g. residue of pg_upgrade
+    pg_catalog.pg_available_extension_versions extv
+    on extv.name = ext.name and extv.installed
 where
     ext.installed_version is not null
     and ext.default_version is not null

diff --git a/test/expected/0022_extension_versions_outdated.out b/test/expected/0022_extension_versions_outdated.out
@@ -5,23 +5,39 @@ begin;
 ------+-------+-------+--------+------------+-------------+--------+-------------+----------+-----------
 (0 rows)
 
-  -- Note: We cannot easily create a test that shows outdated extensions
-  -- because we cannot install older versions of extensions in a test environment.
-  -- Our test image doesn't have multiple extension versions available.
-  -- The test will primarily verify that the query executes without error
-  -- and returns the expected column structure.
-  -- This lint was tested manually with real outdated extensions.
+  create extension amcheck version '1.0';
   -- Verify the query structure and column names
   select
     count(*) as total_outdated_extensions
   from lint."0022_extension_versions_outdated";
  total_outdated_extensions 
 ---------------------------
-                         0
+                         1
 (1 row)
 
   -- Test that the query returns proper column structure
   -- This will help ensure the lint is properly formed
+  select
+    name,
+    title,
+    level,
+    facing,
+    categories,
+    description,
+    detail,
+    remediation,
+    metadata,
+    cache_key
+  from lint."0022_extension_versions_outdated";
+            name             |            title            | level |  facing  | categories |                               description                                |                                                                              detail                                                                               |                                           remediation                                           |                                      metadata                                       |                cache_key                
+-----------------------------+-----------------------------+-------+----------+------------+--------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------+-----------------------------------------
+ extension_versions_outdated | Extension Versions Outdated | WARN  | EXTERNAL | {SECURITY} | Detects extensions that are not using the default (recommended) version. | Extension `amcheck` is using version `1.0` but version `1.3` is available. Using outdated extension versions may expose the database to security vulnerabilities. | https://supabase.com/docs/guides/database/database-linter?lint=0022_extension_versions_outdated | {"extension_name": "amcheck", "default_version": "1.3", "installed_version": "1.0"} | extension_versions_outdated_amcheck_1.0
+(1 row)
+
+  drop extension amcheck;
+  -- Versions that aren't in pg_available_extension_versions are ignored
+  create extension amcheck;
+  update pg_extension set extversion = 'foo' where extname = 'amcheck';
   select
     name,
     title,
@@ -38,4 +54,5 @@ begin;
 ------+-------+-------+--------+------------+-------------+--------+-------------+----------+-----------
 (0 rows)
 
+  drop extension amcheck;
 rollback;
diff --git a/test/sql/0022_extension_versions_outdated.sql b/test/sql/0022_extension_versions_outdated.sql
@@ -3,12 +3,7 @@ begin;
   -- 0 issues initially (all extensions should be up to date)
   select * from lint."0022_extension_versions_outdated";
 
-  -- Note: We cannot easily create a test that shows outdated extensions
-  -- because we cannot install older versions of extensions in a test environment.
-  -- Our test image doesn't have multiple extension versions available.
-  -- The test will primarily verify that the query executes without error
-  -- and returns the expected column structure.
-  -- This lint was tested manually with real outdated extensions.
+  create extension amcheck version '1.0';
 
   -- Verify the query structure and column names
   select
@@ -30,4 +25,24 @@ begin;
     cache_key
   from lint."0022_extension_versions_outdated";
 
-rollback;
+  drop extension amcheck;
+
+  -- Versions that aren't in pg_available_extension_versions are ignored
+  create extension amcheck;
+  update pg_extension set extversion = 'foo' where extname = 'amcheck';
+
+  select
+    name,
+    title,
+    level,
+    facing,
+    categories,
+    description,
+    detail,
+    remediation,
+    metadata,
+    cache_key
+  from lint."0022_extension_versions_outdated";
+
+  drop extension amcheck;
+rollback;