Pull Request Explorer

Summary

Set persist-credentials true for revert commit

Fixes permission issues in the revert-commit workflow by enabling credential persistence, ensuring smooth CI operations.

Health Assessment

• • Quick fix with minimal changes, fast review and merge.

Summary

CI pipeline fix

Corrects missing APP_CLIENT_ID in the Supabase JS CI workflow, preventing build failures and ensuring reliable CI runs.

Health Assessment

• • Rapid, single‑commit fix with minimal code changes and no impact on production features.

Summary

Update changelogs for version 2.107.0

Ensures release notes accurately reflect new features and fixes for users and developers.

Health Assessment

• • Quick automated changelog update with minimal review, typical for release maintenance.

Summary

Document lockless coordination timing impact

Adds timing and concurrency notes for downstream consumers, clarifying microtask behavior and mock patterns.

Health Assessment

• • Quick documentation update with minimal review, indicating low complexity and high confidence.

Summary

Fix legacy mirror publish via pnpm

Ensures @supabase/gotrue-js legacy mirror publishes correctly, preventing 404 errors and improving CI notification accuracy.

Health Assessment

• • Rapid review and merge indicates a straightforward fix with minimal risk.

Summary

Fix JSR canary publish by pinning workspace dependencies

Ensures reliable publishing to JSR and surfaces silent failures, improving release stability.

Health Assessment

• • Rapid resolution of a release issue with minimal code changes and swift review, indicating low complexity and risk.

Summary

Document error.hint as key error field

Enhances error handling by exposing actionable hint field in Supabase JS client, improving developer debugging experience.

Health Assessment

• • Fast review and merge with minimal changes, indicating low complexity and risk.

Summary

Revert breaking auth client-id encoding change

Reverts a recent change that broke OAuth client ID handling, restoring previous behavior to prevent user issues.

Health Assessment

• • Quick revert of a breaking change, resolved within minutes with minimal code churn.

Summary

Remove navigator.locks-based mutex

Replace mutex with lighter primitives for synchronization, reducing contention and deadlocks.

Health Assessment

• • The PR has a large scope with many changes, which may increase the risk of introducing new bugs or issues.
• • The review process took a significant amount of time, which may indicate that the changes were complex or required significant discussion.

Summary

Rename env to runtime and add runtime-version

The SDK now reports runtime and runtime-version in X-Client-Info, enabling more accurate environment tracking. This improves analytics and debugging across Node, Deno, and browser clients.

Health Assessment

• • Quick turnaround with minimal rework; PR merged within 20 minutes, indicating high confidence and low complexity.

Summary

Add hardening to CI actions

Improves CI workflow security and reliability by applying best practice changes.

Health Assessment

• • Rapid review and merge with minimal changes indicates straightforward CI hardening.

Summary

Add binary payload support to httpSend

Enables sending binary data over realtime channels, expanding use cases for media and file transfer.

Health Assessment

• • Quick turnaround with immediate review and a single commit indicates a straightforward change with minimal friction.

Summary

Fix implicit grant redirect error handling

Ensures OAuth implicit grant redirects with error parameters are correctly processed, improving authentication reliability for users.

Health Assessment

• • Fast review and merge, minimal code changes, low risk to production.

Summary

Fix structured error handling for non-JSON responses

Improves client robustness by handling non-JSON bodies in successful responses, ensuring consistent error contracts and preserving HTTP status.

Health Assessment

• • PR required over two days for review but only one round of changes, indicating a focused and well-scoped bug fix.

Summary

Pin Windows Runner and Migrate GitHub App Token

Updates CI workflows to avoid runner image changes and switch to client-id for GitHub App token, ensuring future compatibility.

Health Assessment

• • Quick review and merge with minimal changes, indicating low complexity and high confidence in CI updates.

Summary

Bump actions/stale action to 10.3.0

Updates the stale GitHub Actions workflow to the latest patch, improving reliability and security.

Health Assessment

• • Quick dependency update with minimal changes, merged within 15 hours.

Summary

Fix Auth getClaims expired JWT error

Ensures getClaims returns a consistent error object for expired JWTs, aligning with the documented contract and preventing crashes.

Health Assessment

• • PR took over 5 days to merge with a single review, indicating a slow review process but minimal code changes.

Summary

Bump ws dependency to 8.21.0

Updates the ws library to address a critical security vulnerability, ensuring safer WebSocket communication for all users.

Health Assessment

• • Rapid merge with minimal changes, typical dependabot update.

Summary

Move npm security guide to supabase.com/docs

End‑user security guide relocated to the official Supabase docs site, updating references and adding a redirect stub.

Health Assessment

• • Rapid merge with minimal review, reflecting a straightforward documentation update.

Summary

Ship per-package AGENTS.md and migrations via npm

Adds per-package agent discoverability and migration notes, improving developer experience and reducing duplication.

Health Assessment

• • Fast cycle time and minimal review indicate a smooth process; the large line count reflects extensive documentation cleanup rather than code changes.

Summary

Update changelogs for version 2.106.2

Automated update of release notes to reflect new version, ensuring accurate documentation for users.

Health Assessment

• • Fast cycle time and minimal changes indicate low risk and straightforward documentation update.

Summary

Adopt pnpm catalog and clean devDeps

Streamlines dependency management and reduces lockfile size, improving build reliability and developer experience.

Health Assessment

• • The PR involved extensive lockfile and dependency cleanup across multiple packages, requiring several incremental commits but was merged within a day, indicating efficient review and low friction.

Summary

Add react-native export condition for Hermes-safe resolution

Fixes build failures in React Native Expo SDK 55+ by ensuring Hermes-compatible bundle is selected. This prevents runtime errors and improves developer experience.

Health Assessment

• • The PR was reviewed and merged within 14 hours, with a single commit and minimal rework, indicating a straightforward bug fix with low complexity.

Summary

Restore signup user response

Fixes a regression where signUp() could drop a valid user response, ensuring correct user data is returned.

Health Assessment

• • Quick fix with minimal changes, resolved in a single review cycle.

Summary

Expand tracePropagation TSDoc with examples

Adds example usage for trace propagation in Supabase client documentation.

Health Assessment

• • Quick review and merge, minimal changes, straightforward documentation update.

Summary

Add documentation for npm supply chain protection

Provides guidance for users to mitigate npm supply chain attacks, enhancing security posture.

Health Assessment

• • PR took 45 hours to merge with a single review after 26 hours, indicating moderate review delay but minimal rework.

Summary

Gate npm publish and deprecate workflows behind environments

Adds environment gating to npm publish and deprecate workflows, requiring manual approval to harden against supply‑chain attacks.

Health Assessment

• • Quick approval and merge after minimal review, indicating a straightforward change with low risk.

Summary

Update changelogs for version 2.106.1

Changelog updates for the new release, ensuring accurate release notes for users and developers.

Health Assessment

• • Automated release PR merged immediately with no review or comments, typical of routine changelog updates.

Summary

Hide dynamic import to support Hermes

Ensures React Native release builds succeed by removing unsafe dynamic imports, improving developer experience and preventing build failures.

Health Assessment

• • The PR required multiple iterations after the initial review, indicating some complexity in addressing bundler compatibility issues, but the overall cycle time remained under a day, showing efficient resolution.

Summary

Fix client-id encoding in OAuth requests

Ensures client‑id is URL‑encoded to prevent security issues when forming OAuth URLs.

Health Assessment

• • Single commit, quick review, minimal changes, low risk.

Summary

Update changelogs for version 2.106.0

Automated update of release notes to reflect new version, ensuring accurate documentation for users.

Health Assessment

• • Rapid merge with minimal changes indicates a straightforward documentation update.

Summary

Fix StreamDownloadBuilder Promise implementation

Ensures consistent promise behavior and prevents duplicate fetches, improving reliability of storage downloads.

Health Assessment

• • The PR experienced a long review cycle (over 5 days) and a high review time, indicating significant review friction, but the change was small and straightforward, resulting in a single commit and a single approval.

Summary

Fix null user/session on email change verifyOtp

Ensures verifyOtp correctly returns null user and session when secure email change is enabled, preventing incorrect data exposure. Adds comprehensive tests to validate behavior.

Health Assessment

• • Quick fix with minimal changes and fast review, indicating low complexity.

Summary

chore(deps): bump the actions-minor-and-patch group with 4 updates

Updates GitHub Actions dependencies to newer patch versions, ensuring CI workflows use the latest stable releases.

Health Assessment

• • PR was merged after 115 hours with no review, indicating a straightforward dependency update with minimal risk.

Summary

Bump actions/github-script dependency to v9

Updates the GitHub Actions script dependency to v9, enabling new features and addressing breaking changes.

Health Assessment

• • Dependabot auto‑merged after a long cycle; minimal code changes; low risk to production.

Summary

Bump protobufjs dependency to 8.3.0

Updates protobufjs to the latest patch, improving compatibility and bug fixes for the test-tracing package.

Health Assessment

• • Quick merge with minimal changes, no review friction.

Summary

Update protobufjs and opentelemetry dependencies

Bumps protobufjs and @opentelemetry/exporter-prometheus to newer patch releases, applying security and bug fixes.

Health Assessment

• • PR merged after a single review with no rework, typical for automated dependency updates.

Summary

Dependency cleanup and updates

This PR removes outdated dependencies, updates tooling, and modernizes linting to reduce security risk and improve maintainability.

Health Assessment

• • The PR was merged quickly with minimal review, indicating a straightforward dependency cleanup with low complexity.

Summary

Migrate workspace package manager to pnpm

Switches the repository from npm to pnpm, adding supply‑chain hardening, improving CI performance, and removing large lockfiles without breaking consumer APIs.

Health Assessment

• • Fast 7‑hour cycle, minimal review friction, large diff driven by lockfile removal, no functional impact.

Summary

Mark internal tracing package private and snapshot for JSR

Ensures internal tracing package is not published to npm or JSR, preventing release failures and making supabase-js JSR artifact self-contained.

Health Assessment

• • Quick fix with minimal changes, resolved release pipeline issue promptly.

Summary

Add workflow for reverting commit

Adds a GitHub Actions workflow that automates creating a revert pull request for commits in master, enabling quick rollback by SDK, admin, or security teams.

Health Assessment

• • Fast review and minimal changes indicate low complexity and risk.

Summary

Correct CI actor detection to fix dispatch gate

Fixes CI workflow actor resolution, ensuring authorized dispatches succeed.

Health Assessment

• • Quick fix to CI actor detection resolved dispatch gate failures after GitHub actions update.

Summary

Bump nrwl/nx-set-shas dependency

Updates the nrwl/nx-set-shas dependency to the latest patch, ensuring CI pipelines run with the updated Node runtime and formatting tools, reducing build failures.

Health Assessment

• • Quick dependency bump with minimal changes, merged within 2.3 hours, indicating efficient review and low risk.

Summary

Bump actions/github-script to v9.0.0

Updates the GitHub Actions script dependency to the latest version, enabling new features and bug fixes for CI workflows.

Health Assessment

• • Quick merge with minimal changes indicates low risk and efficient CI maintenance.

Summary

Bump actions/download-artifact to v8.0.1

Updates the GitHub Actions dependency to the latest version, incorporating security and compatibility fixes for CI workflows.

Health Assessment

• • Quick dependency bump with minimal code changes and a single review cycle, indicating low risk and efficient process.

Summary

Bump actions/upload-artifact to v7.0.1

Updates the CI artifact upload action to the latest version, improving compatibility and performance for CI pipelines.

Health Assessment

• • Quick dependency update with minimal changes, merged within 1.4 hours.

Summary

Bump actions-minor-and-patch dependencies

Updates GitHub Actions to newer versions, improving CI reliability and security.

Health Assessment

• • Quick merge with minimal review, indicating routine dependency update.

Summary

Harden npm install security in CI

Adds supply‑chain hardening to npm installs, preventing malicious dependency attacks and cache poisoning in release workflows, ensuring safer package publishing.

Health Assessment

• • Fast cycle time and minimal rework indicate a smooth review process; security hardening delivered quickly with low impact on the codebase.

Summary

Clean up REST broadcast example

Fixes example to properly clean up channels, preventing resource leaks and improving reliability.

Health Assessment

• • The PR was merged within a day after a single review, indicating minimal friction.
• • The small change size and lack of rework suggest low risk.

Summary

Warn about .neq() not matching NULL rows

Adds a warning to the PostgrestFilterBuilder documentation about .neq() not matching NULL rows and suggests using .is(column, null) instead.

Health Assessment

• • The PR was merged quickly, indicating a straightforward change.
• • The small scope and low number of changed lines suggest a low-risk change.