[pull] master from supabase:master#822
Merged
Merged
Conversation
## Summary - [**SUPABASE-APP-E2R**](https://supabase.sentry.io/issues/SUPABASE-APP-E2R): Guard against undefined entries in notifications array in `AdvisorButton` (optional chaining on `.some()` callbacks) - [**SUPABASE-APP-EBA**](https://supabase.sentry.io/issues/SUPABASE-APP-EBA): Remove render-time `handleError()` throw in `useEdgeFunctionsDiff` — the hook already handles missing body data gracefully - [**SUPABASE-APP-BVN**](https://supabase.sentry.io/issues/SUPABASE-APP-BVN) / [**SUPABASE-APP-BTV**](https://supabase.sentry.io/issues/SUPABASE-APP-BTV): Guard `localStorage` access in `FeaturePreviewContext` with try-catch, matching the established pattern in `useLocalStorage.ts` (Safari private browsing) - [**SUPABASE-APP-AV3**](https://supabase.sentry.io/issues/SUPABASE-APP-AV3): Filter stale folder IDs before passing `expandedIds` to `react-accessible-treeview` in the SQL editor nav ## Test plan - [x] Verify AdvisorButton renders without errors when notifications data has sparse pages - [x] Verify branch merge page loads when edge function body fetch fails - [x] Verify feature previews initialize correctly in Safari private browsing - [x] Verify SQL editor folder expand/collapse works after deleting a folder <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Bug Fixes** * Feature preview now falls back safely when browser storage is unavailable * Notifications display updated to tolerate missing entries without errors * Private snippets navigation no longer preserves expansion state for removed nodes * **Refactor** * Streamlined error aggregation in edge functions diff processing <!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the [CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md) file. YES ## What kind of change does this PR introduce? docs update ## What is the new behavior? SSL modes table reference <img width="1000" height="567" alt="CleanShot 2026-04-05 at 15 39 27" src="https://github.com/user-attachments/assets/ed05d05b-b559-4554-aef1-d70038f520b9" /> ## Additional context While there is a table available in postgres docs, other providers do include simplified versions of that table. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Documentation** * Added a clear reference table for Postgres client-side SSL modes (disable, allow, prefer, require, verify-ca, verify-full), summarizing encryption, certificate authority validation, hostname verification, and connection behavior for each mode. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Problem #44677 modified the previous behaviour on callback URLs. It used to prevent users to remove the URL if only one was provided. ## Solution Restore the previous behaviour. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Bug Fixes** * Fixed the Remove button behavior for OAuth callback URLs. The button now only appears when multiple callback URLs are configured, preventing accidental deletion of the only redirect URI. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Refactor** * Standardized SQL construction across the pg-meta package to use parameter-safe SQL fragments instead of raw string assembly, improving safety for dynamic values (filters, limits, offsets, identifiers) and unifying how exported SQL constants and query helpers are produced. No functional query behavior changes expected. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
We are currently migrating to the safeSql utility for all SQL arguments of executeSql. During the migration, executeSql will continue to accept plain strings for backwards compatibility. Adding a custom ESLint rule so we can ratchet this and prevent new calls of executeSql with plain strings. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added SQL safety validation throughout the application to enforce secure query construction and prevent SQL-related vulnerabilities * Introduced type-aware linting to identify and catch type-related issues during development and continuous integration processes * **Chores** * Enhanced continuous integration pipeline with improved code quality enforcement <!-- end of auto-generated comment: release notes by coderabbit.ai -->
github-actions
Bot
added
the
documentation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )