chore(main): release 0.12.0 (#247)

🤖 I have created a release *beep* *boop*
---


## [0.12.0](v0.11.0...v0.12.0)
(2026-06-09)


### Features

* adds `cookies.encode` option allowing minimal cookie sizes
([#126](#126))
([cf38b22](cf38b22))
* bump `cookie` to 1.0.2
([#113](#113))
([b4a77b4](b4a77b4))
* **cookies:** add clearAuthCookiesAtScopes migration helper
([#240](#240))
([4e47249](4e47249))
* full rewrite using `getAll` and `setAll` cookie methods
([#1](#1))
([b6ae192](b6ae192))
* improve cookie chunk handling via base64url+length encoding
([#90](#90))
([6deb687](6deb687))
* pass cache headers to setAll to prevent CDN caching of auth responses
([#176](#176))
([14962d2](14962d2))
* publish SSR under deprecated auth-helpers package names
([#127](#127))
([e8b6102](e8b6102))
* release workflow RC versioning and publish reliability
([#164](#164))
([81e68f4](81e68f4))
* update CI so it runs on release as well
([#33](#33))
([4517996](4517996))
* update supabase-js to latest
([#133](#133))
([d65044d](d65044d))
* update supabase-js to latest
([#145](#145))
([08bf7d6](08bf7d6))
* upgrade cookie dependency and cleanup imports
([#77](#77))
([9524528](9524528))


### Bug Fixes

* add @types/cookies to dependencies
([#63](#63))
([47e5f16](47e5f16))
* add `create*Client` string in `x-client-info`
([#85](#85))
([f271acc](f271acc))
* allow cookies encode without getAll/setAll on browser client
([#213](#213))
([89f3f28](89f3f28)),
closes [#170](#170)
* allow use of `createBrowserClient` without `window` present
([#20](#20))
([27d868d](27d868d))
* **auth:** respect user-provided auth options in createBrowserClient
([#167](#167))
([5f04837](5f04837))
* check chunkedCookie is string in server client
([#57](#57))
([549fe62](549fe62))
* **ci:** remove packageManager field
([#197](#197))
([6bf0226](6bf0226))
* cookies console warnings
([#136](#136))
([64ff6b3](64ff6b3))
* deprecate `parse`, `serialize` exports for more useful functions
([#14](#14))
([0b5f881](0b5f881))
* enable tree-shaking for browser bundles
([#216](#216))
([f009d71](f009d71))
* fix `createBrowserClient` deprecation tsdoc
([#17](#17))
([1df70ad](1df70ad))
* force release ([#98](#98))
([66710e8](66710e8))
* re-apply update CI so it runs on release as well
([#49](#49))
([51d5a43](51d5a43))
* **release:** pin npm to 11.5.2 so OIDC trusted publisher works
([#249](#249))
([4af89f7](4af89f7))
* remove optional dependencies
([#41](#41))
([a48fe6f](a48fe6f))
* remove usage of internal type params
([#123](#123))
([8f3e89e](8f3e89e))
* revert "update CI so it runs on release as well"
([#44](#44))
([9d0e859](9d0e859))
* **revert:** "feat: improve cookie chunk handling via base64url+length
encoding ([#90](#90))"
([#100](#100))
([2ea8e23](2ea8e23))
* set `max-age` default cookie option to 400 days
([#54](#54))
([f4ed2e0](f4ed2e0))
* set cookies for password recovery event
([#32](#32))
([7dc1837](7dc1837))
* set cookies when mfa challenge is verified
([#27](#27))
([c217f53](c217f53))
* **tsconfig:** set explicit rootDir to silence TS6059 in consumer IDEs
([#211](#211))
([a77ee8a](a77ee8a)),
closes [#209](#209)
* update conventional commits ci to use main instead of master
([#31](#31))
([bebce89](bebce89))
* update README session docs
([#159](#159))
([b859905](b859905))
* update type, remove unused imports, define AuthEvent type
([#47](#47))
([4f4a375](4f4a375))
* use skipAutoInitialize to prevent SSR token refresh race condition
([#131](#131))
([0b7be28](0b7be28))
* validate base64-prefixed chunked cookies decode to valid JSON
([#210](#210))
([302cc0e](302cc0e))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: supabase-releaser[bot] <223506987+supabase-releaser[bot]@users.noreply.github.com>

Author: supabase-releaser[bot]

.release-please-manifest.json

@@ -1,3 +1,3 @@
 {
-  ".": "0.11.0"
+  ".": "0.12.0"
 }

CHANGELOG.md

@@ -1,5 +1,54 @@
 # @supabase/ssr
 
+## [0.12.0](https://github.com/supabase/ssr/compare/v0.11.0...v0.12.0) (2026-06-09)
+
+
+### Features
+
+* adds `cookies.encode` option allowing minimal cookie sizes ([#126](https://github.com/supabase/ssr/issues/126)) ([cf38b22](https://github.com/supabase/ssr/commit/cf38b2268f0c6ea1a9b8df9edf16adb9d72ca8d5))
+* bump `cookie` to 1.0.2 ([#113](https://github.com/supabase/ssr/issues/113)) ([b4a77b4](https://github.com/supabase/ssr/commit/b4a77b460fb40053d0e01efd7d0bbcfb387abd16))
+* **cookies:** add clearAuthCookiesAtScopes migration helper ([#240](https://github.com/supabase/ssr/issues/240)) ([4e47249](https://github.com/supabase/ssr/commit/4e472499a2e5b6b8b3dea353519eb989a26f7979))
+* full rewrite using `getAll` and `setAll` cookie methods ([#1](https://github.com/supabase/ssr/issues/1)) ([b6ae192](https://github.com/supabase/ssr/commit/b6ae192aeb37ac6948637955cf1d3d6179b90065))
+* improve cookie chunk handling via base64url+length encoding ([#90](https://github.com/supabase/ssr/issues/90)) ([6deb687](https://github.com/supabase/ssr/commit/6deb6871caa09bcc27496371df6eb1a5e5882534))
+* pass cache headers to setAll to prevent CDN caching of auth responses ([#176](https://github.com/supabase/ssr/issues/176)) ([14962d2](https://github.com/supabase/ssr/commit/14962d2d64483b6fbbfe828099a552029c591d54))
+* publish SSR under deprecated auth-helpers package names ([#127](https://github.com/supabase/ssr/issues/127)) ([e8b6102](https://github.com/supabase/ssr/commit/e8b61021f3d3cea8973b5298f0380e312976de90))
+* release workflow RC versioning and publish reliability ([#164](https://github.com/supabase/ssr/issues/164)) ([81e68f4](https://github.com/supabase/ssr/commit/81e68f4f30ae6e905ba92667221c4a7512b91c81))
+* update CI so it runs on release as well ([#33](https://github.com/supabase/ssr/issues/33)) ([4517996](https://github.com/supabase/ssr/commit/4517996a4eea6d41b8ad07c769c78a10b9ee63aa))
+* update supabase-js to latest ([#133](https://github.com/supabase/ssr/issues/133)) ([d65044d](https://github.com/supabase/ssr/commit/d65044d9c39940ff9187057bb157fa1ce7e8ffea))
+* update supabase-js to latest ([#145](https://github.com/supabase/ssr/issues/145)) ([08bf7d6](https://github.com/supabase/ssr/commit/08bf7d6d3c471cb1569b7cb459bd9acebdb9e3f0))
+* upgrade cookie dependency and cleanup imports ([#77](https://github.com/supabase/ssr/issues/77)) ([9524528](https://github.com/supabase/ssr/commit/95245282e67ce649b58504e3a98200797b7cd8f1))
+
+
+### Bug Fixes
+
+* add @types/cookies to dependencies ([#63](https://github.com/supabase/ssr/issues/63)) ([47e5f16](https://github.com/supabase/ssr/commit/47e5f16b48e4ffbe889339410f50630aba734eac))
+* add `create*Client` string in `x-client-info` ([#85](https://github.com/supabase/ssr/issues/85)) ([f271acc](https://github.com/supabase/ssr/commit/f271accfea0454b965abc8b9b7e9bb5d55d72053))
+* allow cookies encode without getAll/setAll on browser client ([#213](https://github.com/supabase/ssr/issues/213)) ([89f3f28](https://github.com/supabase/ssr/commit/89f3f28e1df80835d0c72e505d9e5e0d3cb75141)), closes [#170](https://github.com/supabase/ssr/issues/170)
+* allow use of `createBrowserClient` without `window` present ([#20](https://github.com/supabase/ssr/issues/20)) ([27d868d](https://github.com/supabase/ssr/commit/27d868d530925805fe2f3577ae716ece40dd3ab6))
+* **auth:** respect user-provided auth options in createBrowserClient ([#167](https://github.com/supabase/ssr/issues/167)) ([5f04837](https://github.com/supabase/ssr/commit/5f04837780699519471bbca432f095cad7c21e81))
+* check chunkedCookie is string in server client ([#57](https://github.com/supabase/ssr/issues/57)) ([549fe62](https://github.com/supabase/ssr/commit/549fe62813fb9c7277f7eda9e46ee0420f8e0b5f))
+* **ci:** remove packageManager field ([#197](https://github.com/supabase/ssr/issues/197)) ([6bf0226](https://github.com/supabase/ssr/commit/6bf0226b31e68507daee164d75a2f4c93df73d60))
+* cookies console warnings ([#136](https://github.com/supabase/ssr/issues/136)) ([64ff6b3](https://github.com/supabase/ssr/commit/64ff6b3abaa76d9425eaec03a834981765c0dab9))
+* deprecate `parse`, `serialize` exports for more useful functions ([#14](https://github.com/supabase/ssr/issues/14)) ([0b5f881](https://github.com/supabase/ssr/commit/0b5f881e90b7836f2b98b733aac1cc9f916286cb))
+* enable tree-shaking for browser bundles ([#216](https://github.com/supabase/ssr/issues/216)) ([f009d71](https://github.com/supabase/ssr/commit/f009d71bbf9b8b8ec1804f9489c1eeb601a91b49))
+* fix `createBrowserClient` deprecation tsdoc ([#17](https://github.com/supabase/ssr/issues/17)) ([1df70ad](https://github.com/supabase/ssr/commit/1df70ad51e65caab46cbc00342dbb42f6d498c32))
+* force release ([#98](https://github.com/supabase/ssr/issues/98)) ([66710e8](https://github.com/supabase/ssr/commit/66710e82aab5106f464e6754f2e75641a951c941))
+* re-apply update CI so it runs on release as well ([#49](https://github.com/supabase/ssr/issues/49)) ([51d5a43](https://github.com/supabase/ssr/commit/51d5a43e2300f46560dc22c67c61f95a6b8d1b3b))
+* **release:** pin npm to 11.5.2 so OIDC trusted publisher works ([#249](https://github.com/supabase/ssr/issues/249)) ([4af89f7](https://github.com/supabase/ssr/commit/4af89f75a497570624d6090854a3c27b8ba25023))
+* remove optional dependencies ([#41](https://github.com/supabase/ssr/issues/41)) ([a48fe6f](https://github.com/supabase/ssr/commit/a48fe6fd9754786d0ec673ff1418b833a8cfbc70))
+* remove usage of internal type params ([#123](https://github.com/supabase/ssr/issues/123)) ([8f3e89e](https://github.com/supabase/ssr/commit/8f3e89ed29d0c9622b4d9d1c84b4d586c4c5a9ce))
+* revert "update CI so it runs on release as well" ([#44](https://github.com/supabase/ssr/issues/44)) ([9d0e859](https://github.com/supabase/ssr/commit/9d0e859cb18b7669f452bc955c6d1c4897873f93))
+* **revert:** "feat: improve cookie chunk handling via base64url+length encoding ([#90](https://github.com/supabase/ssr/issues/90))" ([#100](https://github.com/supabase/ssr/issues/100)) ([2ea8e23](https://github.com/supabase/ssr/commit/2ea8e23525f7e36e88bca3f9ae1fbce892c683e4))
+* set `max-age` default cookie option to 400 days ([#54](https://github.com/supabase/ssr/issues/54)) ([f4ed2e0](https://github.com/supabase/ssr/commit/f4ed2e0a29445781857c4526f84673693ca9679c))
+* set cookies for password recovery event ([#32](https://github.com/supabase/ssr/issues/32)) ([7dc1837](https://github.com/supabase/ssr/commit/7dc1837dc4aba870b32792586969316df980ce07))
+* set cookies when mfa challenge is verified ([#27](https://github.com/supabase/ssr/issues/27)) ([c217f53](https://github.com/supabase/ssr/commit/c217f5392b17a80a8e30709445c239e860a107d6))
+* **tsconfig:** set explicit rootDir to silence TS6059 in consumer IDEs ([#211](https://github.com/supabase/ssr/issues/211)) ([a77ee8a](https://github.com/supabase/ssr/commit/a77ee8a476597a7b08025a6a1722f83af900ba29)), closes [#209](https://github.com/supabase/ssr/issues/209)
+* update conventional commits ci to use main instead of master ([#31](https://github.com/supabase/ssr/issues/31)) ([bebce89](https://github.com/supabase/ssr/commit/bebce8999d9b2ae554daa2aaffdaf37d972b7fe4))
+* update README session docs ([#159](https://github.com/supabase/ssr/issues/159)) ([b859905](https://github.com/supabase/ssr/commit/b859905b355e1629f9069ff4bf8837b77f4577ce))
+* update type, remove unused imports, define AuthEvent type ([#47](https://github.com/supabase/ssr/issues/47)) ([4f4a375](https://github.com/supabase/ssr/commit/4f4a375ab3df0274980718b7ad98cd4841a52cc4))
+* use skipAutoInitialize to prevent SSR token refresh race condition ([#131](https://github.com/supabase/ssr/issues/131)) ([0b7be28](https://github.com/supabase/ssr/commit/0b7be2871f470234a5f2d18fd4b71c522696c83d))
+* validate base64-prefixed chunked cookies decode to valid JSON ([#210](https://github.com/supabase/ssr/issues/210)) ([302cc0e](https://github.com/supabase/ssr/commit/302cc0e5ae39aad08d52bd6e428544a9228c443d))
+
 ## [0.11.0](https://github.com/supabase/ssr/compare/v0.10.3...v0.11.0) (2026-06-05)
 
 

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@supabase/ssr",
-  "version": "0.11.0",
+  "version": "0.12.0",
   "description": "Use the Supabase JavaScript library in popular server-side rendering (SSR) frameworks.",
   "main": "dist/main/index.js",
   "module": "dist/module/index.js",