- supabase: add canonical CORS headers export for edge functions (#2071)
- realtime: removeChannel when unsubscribe successfully (#2091)
- storage: expose fetch parameters in download method (#2090)
- Eduardo Gurgel
- Katerina Skroumpelou @mandarini
- supabase: add canonical CORS headers export for edge functions (#2071)
- realtime: removeChannel when unsubscribe successfully (#2091)
- storage: expose fetch parameters in download method (#2090)
- Eduardo Gurgel
- Katerina Skroumpelou @mandarini
- auth: correct OAuth authorization types to match API responses (#2088)
- Katerina Skroumpelou @mandarini
- postgrest: add URL length validation and timeout protection (#2078)
- ci: handle missing git auth header in release-canary script (#2077)
- Katerina Skroumpelou @mandarini
- auth: add webauthn tests and fix fallback naming (#1763)
- ci: add persist-credentials: false to release job checkouts (#2074)
- storage: handle empty 200 responses in vector operations (#2073)
- Katerina Skroumpelou @mandarini
- supabase: revert client platform and runtime detection headers (#2067)
- Guilherme Souza
- realtime: revert validate table filter in postgres_changes event dispatch (#2060)
- Katerina Skroumpelou @mandarini
- auth: add optional jwt parameter to getAuthenticatorAssuranceLevel (#1940)
- supabase: add missing HTTP headers for client platform and runtime detection (#2046)
- auth: handle uncaught promise rejections during initialization (#2032)
- auth: clear local storage on signOut when session is already missing (#2026)
- realtime: send heartbeat for initial connection error (#1746)
- realtime: add generic overload for postgres_changes event type (#1984)
- storage: expose status and statusCode on StorageError base class (#2018)
- supabase: safe environment detection node v browser (#2053)
- Katerina Skroumpelou @mandarini
- Vaibhav @7ttp
- auth: restore SSR OAuth functionality broken in v2.91.0 (#2039)
- Vaibhav @7ttp
- realtime: set default serializer to 2.0.0 (#2034)
- auth: defer subscriber notification in exchangeCodeForSession to prevent deadlock (#2014)
- auth: clarify updateUserById applies changes directly (#2031)
- supabase: resolve Firefox extension cross-context Promise error (#2033)
- Eduardo Gurgel
- Vaibhav @7ttp
- postgrest: prevent shared state between query builder operations (#1978)
- realtime: validate table filter in postgres_changes event dispatch (#1999)
- Vaibhav @7ttp
- realtime: expose heartbeat latency on heartbeat callback (#1982)
- auth: add banned_until property to user type (#1989)
- auth: add last_challenged_at property to factor type (#1990)
- auth: clear initial setTimeout in stopAutoRefresh (#1993)
- auth: preserve session when magic link is clicked twice (#1996)
- auth: add configurable lock acquisition timeout to prevent deadlocks (#1962)
- functions: auto-stringify object body when custom Content-Type header is provided (#1988)
- postgrest: use post with return minimal for rpc head requests with object args (#1994)
- supabase: split type-only exports to avoid unused import warnings (#1979)
- supabase: inline string literal in databasewithoutinternals type (#1986)
- supabase: avoid edge runtime warnings in next.js (#1998)
- Eduardo Gurgel
- Nico Kempe @nicokempe
- Vaibhav @7ttp
- yoshifumi kondo @yoshifumi-kondo
- auth: add X (OAuth 2.0) provider (#1960)
- auth: add string array support for AMR claims (#1967)
- supabase: export DatabaseWithoutInternals utility type (#1935)
- Cemal Kılıç @cemalkilic
- issuedat @issuedat
- Vaibhav @7ttp
- auth: allow custom predicate for detectSessionInUrl option (#1958)
- postgrest: add notin filter (#1957)
- repo: migrate build system to tsdown for proper ESM/CJS support (#1961)
- realtime: handle websocket race condition in node.js (#1946)
- realtime: omit authorization header when no access token exists (#1937)
- Katerina Skroumpelou @mandarini
- Vaibhav @7ttp
- supabase: resolve jsDelivr CDN ESM import failure with .js extensions (#1953)
- Katerina Skroumpelou @mandarini
- auth: add helpful error when PKCE code verifier is missing (#1931)
- realtime: terminate web worker on disconnect to prevent memory leak (#1907)
- supabase: resolve jsDelivr CDN ESM import failure (#1950)
- Katerina Skroumpelou @mandarini
- Tanmay Sharma @tanmaysharma2001
- auth: skip navigator lock when persistSession is false (#1928)
- realtime: preserve custom JWT tokens across channel resubscribe (#1908)
- realtime: handle null values in postgres changes filter comparison (#1918)
- Liam
- Vaibhav @7ttp
- storage: align analytics from method with { data, error } pattern (#1927)
- repo: update lock file after dependabot to use npm 11 (#1926)
- Katerina Skroumpelou @mandarini
- storage: correct QueryVectorsResponse to use vectors instead of matches (#1922)
- Katerina Skroumpelou @mandarini
- auth: suppress getsession warning when getuser is called first (#1898)
- auth: code verifier remains in storage during edge cases (#1759)
- postgrest: cross-schema rpc setof type inference (#1900)
- repo: update lock file (#1910)
- repo: lock file issues (#1919)
- repo: update npm and install again (#1920)
- supabase: add esm wrapper to resolve module not found error in nuxt (#1914)
- Katerina Skroumpelou @mandarini
- Vaibhav @7ttp
- storage: install iceberg-js and add from method (#1881)
- Katerina Skroumpelou @mandarini
- realtime: add metadata to realtime user broadcast push (#1894)
- auth: oauth minor fixes on types (#1891)
- Cemal Kılıç @cemalkilic
- Eduardo Gurgel
- postgrest: add isdistinct and regex pattern matching operators (#1875)
- postgrest: validate empty or invalid relation names in Postgrest… (#1863)
- realtime: simplify serializer by removing unnecessary types of messages (#1871)
- Eduardo Gurgel
- Katerina Skroumpelou @mandarini
- Soufiane Radouane @sofmega
- storage: rename StorageAnalyticsApi to StorageAnalyticsClient (#1869)
- Katerina Skroumpelou @mandarini
- auth: add OAuth grant listing and revocation endpoints (#1833)
- postgrest: bubble up fetch error causes and codes (#1856)
- realtime: account for null refs when encoding messages (#1862)
- storage: analytics bucket prop (#1852)
- Cemal Kılıç @cemalkilic
- Eduardo Gurgel
- Fabrizio @fenos
- Katerina Skroumpelou @mandarini
- auth: use Symbols for callback IDs to resolve Next.js 16 compatibility (#1847)
- auth: add automatic browser redirect to signInWithSSO (#1849)
- realtime: setAuth not required on custom jwt token (#1826)
- Filipe Cabaço @filipecabaco
- Katerina Skroumpelou @mandarini
- realtime: implement V2 serializer (#1829)
- auth: make webauthn param optional and move register params to webauthn (#1765)
- auth: add providers type to UserAppMetadata interface (#1760)
- auth: use direct attestation for registration/authentication (#1764)
- functions: add configurable timeout and normalize abort/timeout errors as FunctionsFetchError (#1837)
- realtime: ensure WebSocket connections are properly closed in teardown (#1841)
- Eduardo Gurgel
- Katerina Skroumpelou @mandarini
- Tanmay Sharma @tanmaysharma2001
- auth: add TypeScript types for documented JWT claims fields (#1802)
- auth: only warn if multiple clients share a storage-key (#1767)
- Steve Hall @sh41
- Sumit Kumar @Software-Engineering-Project-Team-Bob
- auth: support throwing errors instead of returning them (#1766)
- repo: remove node-fetch dependency, require Node.js 20+ (#1830)
- Katerina Skroumpelou @mandarini
- auth: add OAuth 2.1 authorization consent management API calls (#1793)
- auth: add OAuth client update support (#1812)
- auth: refactor getAuthenticatorAssuranceLevel method (#1822)
- auth: remove redirection in
getAuthorizationDetails(#1811) - auth: move session warning proxy from session to user object (#1817)
- Cemal Kılıç @cemalkilic
- Katerina Skroumpelou @mandarini
- Stojan Dimitrovski @hf
- auth: add OAuth 2.1 authorization consent management API calls (#1793)
- auth: add OAuth client update support (#1812)
- storage: add support for bucket pagination and sorting (#1790)
- auth: handle 204 No Content response in OAuth client delete (#1786)
- auth: remove redirection in
getAuthorizationDetails(#1811) - postgrest: add incoming major 14 support (#1807)
- repo: add missing tslib dependency to core packages (#1789)
- repo: cleanup package-lock.json and bun.lock (#1799)
- storage: remove unnecessary filter (#1809)
- precompile RegExp (#1806)
- Andrew Valleteau @avallete
- Cemal Kılıç @cemalkilic
- Fabrizio @fenos
- Katerina Skroumpelou @mandarini
- Kevin Grüneberg @kevcodez
- Lenny @itslenny
- repo: add missing tslib dependency to core packages (#1789)
- Katerina Skroumpelou @mandarini
- realtime: realtime explicit REST call (#1751)
- realtime: enhance RealtimeChannel type (#1747)
- storage: storage vectors and analytics in storage-js (#1752)
- functions: missing body when Content-Type header supplied by dev (#1758)
- functions: add application/pdf response parsing to FunctionsClient (#1757)
- realtime: manipulate URLs using URL object (#1769)
- repo: convert postbuild to explicit codegen (#1778)
- storage: correct list v2 types to correctly match data returned from api (#1761)
- storage: use backward compatible return type in download function (#1750)
- storage: api types (#1784)
- Fabrizio @fenos
- Filipe Cabaço @filipecabaco
- Guilherme Souza
- Katerina Skroumpelou @mandarini
- Lenny @itslenny
- storage: use backward compatible return type in download function (#1750)
- Lenny @itslenny
- postgrest: add embeded functions type inference (#1632)
- Andrew Valleteau @avallete
- auth: add deprecation notice to
onAuthStateChangewith async function (#1580) - auth: add OAuth 2.1 client admin endpoints (#1582)
- docs: explicitly mark options as optional (#1622)
- realtime: add support to configure Broadcast Replay (#1623)
- release: enable trusted publishing (#1592)
- storage: add support for sorting to list v2 (#1606)
- storage: remove trailing slash from baseUrl normalization (#1589)
- Cemal Kılıç @cemalkilic
- Doğukan Akkaya
- Eduardo Gurgel
- Etienne Stalmans @staaldraad
- Lenny @itslenny
- Stojan Dimitrovski @hf
- Taketo Yoshida