[pull] master from supabase:master#807
Merged
Merged
Conversation
## I have read the [CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md) file. YES ## What kind of change does this PR introduce? Docs update to `humans.txt` to add `Dimitrios Liappis` ## What is the current behavior? `Dimitrios Liappis` does not exist in `humans.txt` ## What is the new behavior? `Dimitrios Liappis` exists in `humans.txt` <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Chores** * Updated contributor information. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
This PR changes the `next` version in the main catalog which switches `design-system` and `ui-library` apps to next v16.
* **New Features** * Added new SQL formatting utilities including keyword validation and safe SQL composition functions * Introduced type-safe SQL fragment handling with branded types to prevent SQL injection vulnerabilities * Expanded available exports for improved code organization and accessibility * Enhanced SQL query building capabilities with improved validation and composition support
## Summary - Adds a new GitHub Actions workflow that sends a Slack alert when Studio E2E tests or unit tests fail on master - Uses `workflow_run` trigger so no changes needed to existing CI workflows - Reuses the existing `SLACK_DASHBOARD_WEBHOOK_URL` secret Closes FE-2883 <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Chores** * Implemented automated Slack notifications to alert when master branch build failures occur, including build run details, commit information, and commit author. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
…4382) ## I have read the [CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md) file. YES ## Summary - Fix `ToggleLegacyApiKeysPanel` being permanently hidden for users with project-level admin access but no org-level access - The `useAuthorizedAppsQuery` calls an org-level endpoint (`/platform/organizations/{slug}/oauth/apps`) which returns 403 for project-only admins, causing `isAuthorizedAppsSuccess` to never become `true` and the entire panel to never render - When the authorized apps query fails, show a fallback warning directing users to verify their org's OAuth apps before disabling legacy keys ## What changed - Removed `isAuthorizedAppsSuccess` from the rendering guard, the panel now renders once legacy keys status and permissions resolve - When the authorized apps query errors (e.g. 403), the button still opens a warning dialog with appropriate copy before proceeding to the confirmation modal ## Behavior | User type | Authorized apps query | Button click | |---|---|---| | Org-level access, has apps | Success, apps > 0 | Warning → confirm modal | | Org-level access, no apps | Success, apps = 0 | Confirm modal directly | | Project-only admin | 403 error | Fallback warning → confirm modal | ## Current behavior <img width="1461" height="707" alt="image-IcxHfCX0" src="https://github.com/user-attachments/assets/2fd124cd-02eb-46c0-816e-178fe3ce99b0" /> Project admins can't view the button ## Changed behaaviour <img width="1455" height="704" alt="image-YW1k6GQe" src="https://github.com/user-attachments/assets/8c428c63-f1de-4b84-a1f2-6af7ff064e50" /> Projects admins can view the disable button and when clicked views a warning about oauth apps: <img width="451" height="250" alt="image-yu4bux3l" src="https://github.com/user-attachments/assets/5a314329-350b-4207-b8e4-311d0c827e6f" /> and when they visit oauth apps, there is warning to contact with project owner <img width="1453" height="578" alt="image-pppzfksn" src="https://github.com/user-attachments/assets/489ba3ba-c94e-4efb-923b-a989eebb2fc4" />
## I have read the [CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md) file. YES ## What kind of change does this PR introduce? Bug fix ## What is the current behavior? When enabling Apple Sign-in in Studio, the form requires a valid JWT secret key whenever a client ID is provided. This blocks users who only use Apple native sign-in (iOS, macOS, watchOS, tvOS), where only the client ID (bundle ID) is needed and no secret is required. Resolves AUTH-1138 ## What is the new behavior? The secret key field is now optional, matching Google's provider behavior. JWT format validation still applies when a secret is provided, but leaving it empty is allowed. This supports native-only Apple sign-in configurations. ## Additional context The validation was simplified from two `.when` clauses (dependent on both `ENABLED` and `CLIENT_ID`) to a single `.when` (dependent only on `ENABLED`), matching the pattern used by the Google provider.
## Summary - Coerces `before`/`after` cost values to `Number()` in `QueryPanelScoreSection` and `calculateImprovement` before any comparison or arithmetic - Fixes contradictory index advisor display where correct cost numbers showed 0% improvement and wrong arrow direction ## Root Cause When `index_advisor_result` is prefetched from the Reports SQL query (via `json_build_object`), cost values can arrive as strings instead of numbers. JavaScript string comparison is lexicographic, producing wrong results: | Expression | Numbers | Strings | |---|---|---| | `after > before` (arrow) | `50 > 100` → `false` ✅ | `"50" > "100"` → `true` ❌ | | `costBefore <= costAfter` (improvement calc) | `100 <= 50` → `false` ✅ | `"100" <= "50"` → `true` ❌ | The direct fetch path (`retrieve-index-advisor-result-query.ts`) validates through Zod and is unaffected. Only the prefetched path lacks validation. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Bug Fixes** * Improved numeric value handling in query performance calculations to ensure more accurate and reliable improvement metrics. * **Refactor** * Enhanced type safety and numeric coercion for query performance score comparisons, resulting in more consistent and robust metric calculations. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
This pull request refactors the Turbo build configuration by moving each app's build settings from the root `turbo.json` file into their own dedicated `turbo.jsonc` files within each app's directory. The root configuration is simplified to only include generic tasks, improving maintainability and clarity. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Chores** * Updated Turbo to v2.9.3 to improve build performance and stability. * Reorganized and added per-app build pipeline configurations to streamline builds and caching across the workspace. * Removed a Tailwind container-queries plugin from one app's styling setup. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the [CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md) file. YES <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Documentation** * Updated all quickstart guides and tutorials to reference publishable keys instead of anon keys for Supabase client initialization. * Simplified environment variable setup instructions across multiple framework guides by removing anon key configuration requirements. * Clarified usage of publishable keys in step-by-step setup documentation for various frameworks and platforms. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: fadymak <dev@fadymak.com>
github-actions
Bot
added
the
documentation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
7 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )