[pull] master from supabase:master#985
Merged
Merged
Conversation
## I have read the [CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md) file. YES ## What kind of change does this PR introduce? Docs update ## What is the current behavior? Auth hooks documentation doesn't explicitly state that the hook name configured in `config.toml` must correspond to available hooks to prevent errors, which has caused confusion for some users. ## What is the new behavior? Doc includes mention that hook name must correspond to available hooks. ## Additional context <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Documentation** * Added clarification note regarding authentication hook configuration requirements, specifying that hook names in configuration files must correspond to available hook types. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
## Problem The PostgREST observability page crashes for some projects with `URIError: URI malformed`. The route renderer calls `decodeURIComponent` directly on the request query string, which is user-controlled. A malformed percent-sequence (for example a literal `%` in `?discount=100%`) makes `decodeURIComponent` throw during render, taking down the whole page via the global error boundary. Tracked in Sentry issue 7536581822. ## Fix Add a `safeDecodeURIComponent` helper that wraps `decodeURIComponent` in a try/catch and falls back to the raw string on failure. Use it in the route renderer. The sibling `queryParamsToObject` call is unaffected since `URLSearchParams` already tolerates malformed escapes. ## How to test - Open a project's PostgREST observability report (`/project/[ref]/observability/postgrest`). - Ensure a request with a malformed query string (e.g. a path containing a bare `%`) appears in the data. - Expected result: the row renders with the raw search string instead of crashing the page. - Unit tests for `safeDecodeURIComponent` cover valid decode, malformed input, and empty string. --------- Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
## I have read the [CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md) file. YES <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Chores** * Reorganized REST API documentation navigation to consolidate debugging resources under a dedicated subsection for improved discoverability. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
…ned (#46737) The `Update JS Client Libraries Docs` workflow's "Refresh reference-content snapshot" step fails because `npx vitest run --update scripts/build-reference-content.test.ts` is treated as a filter, not a restriction, under Vitest 4, so all docs tests run. `CodeSample.test.ts` then fails with ENOENT on `apps/docs/examples/_internal/fixtures/*` because the workflow bypasses the `pretest` npm hook that runs `codegen:examples`. This is a regression of #44943 (commit 28ef62c), reintroduced by #46163 when the snapshot step was renamed and rewritten back to the file-path form. Fixes: - Workflow: use `--dir scripts` so only the snapshot test runs. - Tests: add a vitest globalSetup that mirrors `codegen:examples`, so `npx vitest`, `pnpm test:local`, and IDE single-test runs no longer depend on the `pretest` lifecycle hook being triggered first. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Chores** * Updated test infrastructure configuration and initialization process for improved test suite management. * Refined test execution workflow to efficiently manage test discovery and execution across project directories. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
This PR syncs the latest troubleshooting guides from the supabase/troubleshooting repository. --------- Co-authored-by: github-docs-bot <github-docs-bot@supabase.com> Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
…6733) ## Problem The org Audit Log Drains page fires the same `log_drain_save_button_clicked` and `log_drain_removed` telemetry events as the project Log Drains page, even though they are distinct features (project product logs vs. the org audit log). Org-scoped events should have their own names and drop the project group. ## Fix Add dedicated org-scoped events and use them in the org container: - `audit_log_drain_save_button_clicked` - `audit_log_drain_removed` Both declare `groups: Omit<TelemetryGroups, 'project'>` (no project group), matching the convention used by other org-scoped events (e.g. the documents page events). The project Log Drains page keeps the original `log_drain_*` events unchanged. ## How to test - Open `/org/{slug}/audit-log-drains` (with the `auditLogsLogDrain` flag enabled). - Create a drain and confirm `audit_log_drain_save_button_clicked` fires (with the destination type, org group, no project group). - Delete a drain and confirm `audit_log_drain_removed` fires. - Confirm the project Log Drains page still fires `log_drain_*` events. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Chores** * Updated internal telemetry tracking for audit log drain operations to improve monitoring and analytics of system behavior. <!-- end of auto-generated comment: release notes by coderabbit.ai --> Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
) ## I have read the [CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md) file. YES ## What kind of change does this PR introduce? Subtle improvement to charts that cannot load data. Less floaty. | Before | After | |--------|--------| | <img width="731" height="323" alt="Screenshot 2026-06-08 at 11 46 21" src="https://github.com/user-attachments/assets/14c87766-dfe3-448d-8c9c-f3176b658d08" /> | <img width="791" height="333" alt="Screenshot 2026-06-08 at 11 46 01" src="https://github.com/user-attachments/assets/d0e33b91-2990-41d2-b14c-25065b1f0c12" /> | <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit ## Release Notes **Style** - Improved visual styling for chart error and loading states. Chart placeholders now feature increased height and enhanced border presentation with dashed borders and rounded corners, providing clearer visual distinction when data is unavailable or unable to load. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
This PR updates @supabase/*-js libraries to version 2.108.0. **Source**: manual **Changes**: - Updated @supabase/supabase-js to 2.108.0 - Updated @supabase/auth-js to 2.108.0 - Updated @supabase/realtime-js to 2.108.0 - Updated @supabase/postgest-js to 2.108.0 - Refreshed pnpm-lock.yaml --- ## Release Notes ## v2.108.0 ## 2.108.0 (2026-06-08) ### 🚀 Features - **auth:** auth.resend() consistent confirmation flow ([#2144](supabase/supabase-js#2144)) ### 🩹 Fixes - **auth:** do not console.error AuthApiError already returned through contract ([#2428](supabase/supabase-js#2428)) - **postgrest:** pass request headers as plain object for RN/custom-fetch compatibility ([#2414](supabase/supabase-js#2414)) ### ❤️ Thank You - Katerina Skroumpelou @mandarini - Lawrence Li @weilirs - MaitreyeeDeshmukh This PR was created automatically. Co-authored-by: supabase-workflow-trigger[bot] <266661614+supabase-workflow-trigger[bot]@users.noreply.github.com>
## Context As per PR title <img width="500" alt="image" src="https://github.com/user-attachments/assets/4cf07471-a0c1-449d-9759-a0ccb3456e09" /> Also resolves FE-3565 Closes mobile menu when a link is clicked <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Improvements** * Mobile menu now closes reliably when selecting more navigation items (Modules, various Developers/Solutions links and footer links). * Enhanced link focus and interaction behavior in the mobile menu for clearer keyboard/touch feedback. * **New Features** * Navigation links can now accept optional click handlers, enabling custom onClick behavior. * **Refactor** * Internal reorganization of mobile menu styling and link composition to simplify maintenance. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
smol fix :D - closes #46730 <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Bug Fixes** * Corrected table count in footer to show the proper number and singular/plural wording when pagination is active. * Ensured table lists refresh correctly after deleting a table so paginated/infinite lists update properly. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the [CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md) file. YES/ <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit ## Documentation * Updated project variables guidance to include publishable and secret keys alongside existing options. * Updated code examples across multiple frameworks to use publishable keys instead of anon keys. * Updated tool descriptions to reflect publishable key terminology. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Problem 1. Users can't resync/rebase production branches but those could get stuck too 2. We currently check for branches health state to allow resync/rebase, preventing to unblock some cases ## Solution 1. Add an menu item to resync/rebase production branches 2. Remove the unnecessary health checks <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added resync/retrigger for production (main) branches with a confirmation dialog and loading state. * **Improvements** * Simplified and clarified branch action tooltip messaging. * Refined availability and disabled logic for branch actions (permission and in-flight handling). * Improved UX for switching between preview and persistent branches, including adjusted messaging for upgrade entitlements. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
Before: <img width="1440" height="1437" alt="image" src="https://github.com/user-attachments/assets/43b336bc-c52f-4b82-8177-69c9b959a38e" /> After: <img width="365" height="434" alt="image" src="https://github.com/user-attachments/assets/c14777e2-e65f-4a1f-8804-1042eb2d1246" /> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Style** * Updated the pricing callout to use a responsive layout so the price and accompanying text stack on small screens and align side-by-side on larger screens for improved spacing and readability. * Adjusted the price badge to prevent text wrapping, ensuring the “$10” label remains visible and consistent across devices. * Tuned margins and vertical spacing for better alignment across breakpoints. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Summary Update Gemini CLI Extension repo URL from https://github.com/supabase-community/gemini-extension to https://github.com/supabase-community/supabase-plugin. Closes [AI-807](https://linear.app/supabase/issue/AI-807/update-gemini-cli-installation-command-with-the-new-github-repo-in-our) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Documentation** * Updated Gemini CLI plugin configuration to reference the Supabase community plugin repository * Updated installation instructions and repository links to reflect the new plugin location <!-- end of auto-generated comment: release notes by coderabbit.ai --> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Reading through the guides and troubleshooting docs I found a set of
code examples that don't parse or run as written. Each is a small,
self-contained fix:
- **troubleshooting/postgres-logs**: the `regexp_contains(...)` call was
missing its closing parenthesis.
- **troubleshooting/rls-performance**: the PL/pgSQL `return` statement
was missing its terminating semicolon.
- **troubleshooting/supavisor-faq**: the `CREATE USER ... WITH PASSWORD`
string literal was unterminated (missing closing quote).
- **troubleshooting/google-auth-fails**: missing comma between
`provider` and `options` in the `signInWithOAuth` object literal.
- **integrations/supabase-for-platforms**,
**database/extensions/pg_graphql**,
**deployment/branching/working-with-branches**: missing commas between
JSON properties.
- **database/extensions/pgjwt**: the default algorithm was written
`'HSA256'`; the real default is `'HS256'` (used in both `sign` and
`verify`).
- **auth/auth-email-passwordless** (Dart): `signinwithotp` should be
`signInWithOtp`.
- **auth/third-party/firebase-auth**: `async function
setRoleCustomClaim() => {` mixed a function declaration with arrow
syntax.
- **storage/management/copy-move-objects**: the storage helper is
`storage.foldername(name)`, not `storage.folder(name)`.
- **troubleshooting/hsnw-index**: prose referred to
`maintance_work_mem`; the setting is `maintenance_work_mem` (the SQL in
the same file spells it correctly).
- **troubleshooting/pgcron-debugging**: a stray double quote inside the
`cron.job_run_details` code span.
13 files, all one-line fixes. Happy to split if you'd prefer.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Corrected code examples across authentication, database, storage, and
troubleshooting guides
* Fixed method naming and syntax errors in code snippets (Dart auth,
Node.js Firebase, SQL functions)
* Updated API signatures and variable names for accuracy
* Improved JSON formatting in example payloads
* Corrected typos in documentation text
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Chris Chinchilla <chris@chrischinchilla.com>
Automated weekly decrease of ESLint ratchet baselines. Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Regenerates types for marketplace schema bindings to remove deprecated RPC functions.
- Broken by: #45504 - closes: #46744 <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Style** * Refined the footer layout to improve alignment of view and table toggle controls. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
## TL;DR fixes export hydration so it stays under the active impersonated role in table Editor ## Example: while viewing as `anon` | Before | After | | --- | --- | | <img width="653" height="234" alt="before: hydration query wrapped with anon impersonation" src="https://github.com/user-attachments/assets/0a7b9b21-b5b5-4eac-94f4-1bffe7238eee" /> | <img width="518" height="226" alt="after: plain select without impersonation wrapper" src="https://github.com/user-attachments/assets/b4228a1a-2972-4ed6-87c7-85f85f61f8ca" /> | PS: The `Export` path was skipping the active impersonation context and issuing the query without the `anon` role wrapper ## ref - closes #46423 <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Bug Fixes** * Export functionality now includes role impersonation context for both full dataset and selected row exports, ensuring consistent behavior across all export operations. <!-- review_stack_entry_start --> [](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/46426?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack) <!-- review_stack_entry_end --> <!-- end of auto-generated comment: release notes by coderabbit.ai -->
> [!CAUTION] > The `do-not-merge` label has been applied because this contains mocks for easier review and testing. I'll remove those mocks before merging. ## What kind of change does this PR introduce? Feature. Part of the shared Connect UI (interstitial) rollout. Previous slices: #46058, #45909, #45862. ## What is the current behavior? The `/authorize` MCP/OAuth consent screen uses the old `Card`/`Alert` layout. ## What is the new behavior? - Wraps all `/authorize` states in `InterstitialLayout` (the shared full-screen centered card used across Connect flows) - Shows a quiet footnote below the Cancel button ("Authorizing will redirect you to \<url\>") for non-localhost redirect URIs, so users can verify the destination before approving. No extra friction for localhost flows (local MCP servers) | Before | After | | --- | --- | | <img width="692" height="997" alt="Authorize API access Supabase-F6C3747A-5077-43D8-A509-3E16B1DDC168" src="https://github.com/user-attachments/assets/e86dde34-94cb-48ef-b026-66aac9122df6" /> | <img width="692" height="997" alt="Authorize API Access Supabase-FE6FD8B3-1159-4EA5-94D7-EA5CEA7A25F3" src="https://github.com/user-attachments/assets/c1a94a44-51d9-40d8-8046-f3104a27b929" /> | | <img width="692" height="997" alt="Authorize API access Supabase-86742351-3521-4B62-AF87-403CB7E7F4F5" src="https://github.com/user-attachments/assets/41cff7af-b9e4-4a20-a979-7148b4220265" /> | <img width="692" height="997" alt="Authorize Cursor Supabase-B665B4A4-600F-462B-8C97-84B171EC3103" src="https://github.com/user-attachments/assets/804286f2-ce51-45ab-bb3f-315f8ac62445" /> | | <img width="692" height="997" alt="Authorize API access Supabase-C73DC3D0-8646-4E6E-A259-3E84AE46DAF2" src="https://github.com/user-attachments/assets/8f285edb-438f-4262-9faa-f1133c679ed4" /> | <img width="692" height="997" alt="Authorize Cursor Supabase-FEA86625-27D5-4DB5-B4D4-1A2CB804E56E" src="https://github.com/user-attachments/assets/b54f2ceb-e1cf-4c7e-be3f-8e1b0942e9a4" /> | | <img width="692" height="997" alt="Authorize API access Supabase-48E0C7CB-DDDD-4305-B821-F3BEB52C4A4E" src="https://github.com/user-attachments/assets/7d123c57-e05d-408c-8df9-d747a3afd714" /> | <img width="692" height="997" alt="Authorize Cursor Supabase-CE8F9905-FAE0-4C06-B77A-9F269B2100FE" src="https://github.com/user-attachments/assets/9f403b83-5de3-43c8-a592-c3022e041243" /> | | <img width="692" height="997" alt="Authorize API access Supabase-E37D2CD5-476F-4F49-A5FB-631B265025DC" src="https://github.com/user-attachments/assets/3d235315-d7c0-4279-b23f-e8b595888511" /> | <img width="692" height="997" alt="Authorize Cursor Supabase-DF078AEB-BB78-4647-9FA2-5D5403CCA5D6" src="https://github.com/user-attachments/assets/53d51718-8707-4b97-9cbe-8e523f4ce0e0" /> | | <img width="692" height="997" alt="Authorize API access Supabase-D6F6817F-D8DD-4D55-85BB-A15100814AAB" src="https://github.com/user-attachments/assets/c80c5579-772a-4dfe-a247-b0b9772b9690" /> | <img width="692" height="997" alt="Authorize Cursor Supabase-E457B580-9786-43AD-9CF9-FE4F5BB8E785" src="https://github.com/user-attachments/assets/30c47b05-edf5-4380-a2f1-aedb99482540" /> | | <img width="692" height="997" alt="Authorize API access Supabase-4F3D6AA4-E2E3-4526-B391-49B6E0861911" src="https://github.com/user-attachments/assets/ffbe5b65-6eef-49d7-95f1-c29072c320b8" /> | <img width="692" height="997" alt="Authorize Cursor Supabase-CA9FFCC9-4CA2-4718-AD49-B02D86C6EF6A" src="https://github.com/user-attachments/assets/8fd7ff39-19f5-4414-af13-3821290735b2" /> | | <img width="692" height="997" alt="Authorize API access Supabase-E507B7A5-9AD0-4F17-8743-63A7B47D171A" src="https://github.com/user-attachments/assets/1639b5cc-69c4-4a43-b049-6f989e2cdbb1" /> | <img width="692" height="997" alt="Authorize Cursor Supabase-9844BB27-2429-4BA6-BD36-1AB54099F44F" src="https://github.com/user-attachments/assets/a94b88e2-9c2f-4941-840a-5182342bb335" /> | | <img width="692" height="997" alt="Authorize API access Supabase-27684173-9DBB-4F6E-9F7F-87EFD4E10A5F" src="https://github.com/user-attachments/assets/91794c96-8a81-4d83-9c97-01d134639676" /> | <img width="692" height="997" alt="Authorize Cursor Supabase-04E31F7B-D098-4814-A394-01CE3D3E5A51" src="https://github.com/user-attachments/assets/ba0284a3-363c-4aa5-9e4a-c378aed9c42c" /> | | <img width="692" height="997" alt="Authorize API access Supabase-207CBC69-4957-499C-92E8-163F2B34C8AD" src="https://github.com/user-attachments/assets/1bafedd2-bba8-473c-ba57-637289f1c940" /> | <img width="692" height="997" alt="Authorize API Access Supabase-C1627071-4AE2-4012-8F7C-4E6D883618A3" src="https://github.com/user-attachments/assets/a6fc6125-3c1e-4b8c-821a-c3c9f32f3cc0" /> | ## To test A mock toolbar is included for easy local testing. Navigate to `/authorize?mock=loading` and then switch between the following variants: | State | What to check | | --- | --- | | `loading` | Shimmer skeleton inside the card | | `ready` | Regular waiting state | | `approving` | Authorize button shows spinner, both buttons disabled | | `approved` | Success admonition: "Authorization approved" | | `expired` | Warning admonition: "Authorization request expired", no action buttons | | `organizations-loading` | Org selector shimmer, no action buttons | | `organizations-error` | "Unable to load organizations" admonition, no action buttons | | `empty` | "No organizations found" admonition, no action buttons | | `not-member` | "Organization unavailable" admonition, no action buttons | | `error` | "Unable to load authorization" error screen | Then please test the `organization_slug` prefill: `/authorize?mock=ready&organization_slug=<your-org-name-here>`. That org selector should be pre-selected and locked. To test against a real OAuth app, use a registered app on `supabase.green` — the mock states cover all edge cases but a live round-trip confirms the approve/decline API calls. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit ## Release Notes * **New Features** * Added mock preview functionality for testing API authorization and Connect flows * Introduced collapsible, grouped permissions view for OAuth authorization requests * **Refactor** * Redesigned API authorization screens with improved layout and messaging * Restructured permissions display for better organization and clarity * **Bug Fixes** * Fixed inline link underline decoration color * **Tests** * Updated authorization flow test assertions to match new UI behavior <!-- review_stack_entry_start --> [](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/46359?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack) <!-- review_stack_entry_end --> <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> Co-authored-by: Ali Waseem <waseema393@gmail.com>
Two-part fix for the Update JS Client Libraries Docs workflow. First, the `make` invocation was narrowed to `make download.tsdoc.v2` so the workflow no longer re-downloads unrelated Management and Storage REST openapi specs alongside the JS TypeDoc files, which was the source of the noise in #46738. Second, the `build-reference-content` snapshot test now serializes to a JSON file via `toMatchFileSnapshot` with a cycle-breaker, because the previous `toMatchSnapshot` of a raw object was being collapsed to `[Object]` placeholders by pretty-format (533 of them), hiding every param rename, JSDoc edit, return-type change, and signature tweak. Verified against supabase-js v2.108.0: the `count` to `rows` rename in `PostgrestTransformBuilder.{limit,maxAffected}` now shows up in the snapshot diff as expected. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Chores** * Updated documentation generation workflow to run a more targeted build command. * Added ignore rule for test snapshot files and refreshed the autogenerated PR description/reference snapshot. * **Tests** * Improved test snapshot strategy to use file-based snapshots and robust handling of circular structures for more reliable assertions. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
…6656) ## What Migrates the Edge Functions **documentation** from the legacy `Deno.serve` + manual `createClient` pattern to the [`@supabase/server`](https://github.com/supabase/server) `withSupabase` wrapper. This is the part of [COM-269](https://linear.app/supabase/issue/COM-269) that AI coding assistants index, so it's split out to ship first; the standalone `examples/` functions follow in a second PR. ## Canonical pattern ```ts import { withSupabase } from 'npm:@supabase/server@1' export default { fetch: withSupabase({ auth: 'user' }, async (req, ctx) => { const { data } = await ctx.supabase.from('countries').select('*') return Response.json({ data }) }), } ``` - `export default { fetch }` object shape (not `Deno.serve`, not a bare default export), versioned `npm:@supabase/server@1`. - `auth` mode picks the caller: `user` → `ctx.supabase` (RLS); `secret`/`publishable`/`none` → set `verify_jwt = false`, `secret` uses `ctx.supabaseAdmin`. - `Response.json(...)` over `new Response(JSON.stringify(...))`. ## Changes - **AI prompt** (`examples/prompts/edge-functions.md`) — rewritten to lead with `withSupabase` as the default; `auth`-mode table; `@supabase/server@1`. Highest AI-indexing impact. - **connect-to-postgres** — "Using supabase-js" now uses `ctx.supabase` (+ its CodeSample deps `postgres-on-the-edge`, `drizzle`). - **Example pages** — semantic-search, push-notifications, amazon-bedrock, cloudflare-turnstile, og-image, send-emails, slack-bot-mention, auth-send-email-hook. - **Guides** — ai-models, background-tasks, routing (+ `restful-tasks` dep), kysely-postgres, sentry-monitoring, upstash-redis, elevenlabs ×2, websockets, cors (reframed: CORS is automatic with `withSupabase`). ## Notable fixes - **websockets**: the JWT-auth examples had a latent bug — handler wasn't `async` and called `getClaims()` without the extracted token. Now `await supabase.auth.getUser(jwt)`. (`withSupabase` can't authenticate WebSocket clients since they can't send headers — noted in the page.) - **restful-tasks**: fixed a broken `npm:supabase-js` import → `npm:@supabase/supabase-js`. ## Follow-ups (not in this PR) - The ~42 standalone `examples/` edge functions → second PR. - A dedicated `withSupabase` intro page (today it's only documented inside the auth-framed "Securing Edge Functions" page). - `.claude/skills/supabase-server/SKILL.md` is stale (`allow:` vs `auth:`). <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Documentation** * Updated Edge Function examples to the modern withSupabase + exported fetch handler pattern across guides and examples. * Standardized JSON response/error handling (uses built-in JSON helpers) and preserved streaming/SSE behaviors where applicable. * Clarified auth modes, context clients (user vs admin), and automatic CORS handling; removed manual preflight boilerplate. * Updated local serve/deploy instructions to include --no-verify-jwt for relevant examples. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
When multiple toasts stack up, Sonner compresses background toasts. The text content in these collapsed toasts was overflowing past the boundary and leaking into the page layout. This adds `data-[expanded=false]:overflow-hidden` to clip the overflowing text. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Style** * Updated toast notification styling to better handle content overflow behavior when toasts are in a collapsed state. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/46426?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack){kind=link}
](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/46359?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack){kind=link}
github-actions
Bot
added
the
documentation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
17 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )