[pull] master from supabase:master#815
Merged
pull[bot] merged 20 commits intocode:masterfrom Apr 7, 2026
Merged
Conversation
## Problem The Audit Logs filtering by project doesn't work. Filtering by one or several projects hides all logs ## Solution It appears the API returns a `ref` property and not a `project_ref` <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit ## Release Notes * **Bug Fixes** * Fixed project filtering in audit logs to correctly match against the appropriate metadata field, ensuring accurate results when selecting specific projects. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
…adcn_ (#44520) ## I have read the [CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md) file. YES ## What kind of change does this PR introduce? Refactor ## What is the current behavior? Studio uses `react-contexify` (an imperative, ID-based context menu library) for right-click menus in the Table Editor grid, Log Table, and Storage file explorer. This requires `createPortal` workarounds, a separate CSS file, and has known bugs with fragment rendering. ## What is the new behavior? All context menus now use the declarative `ContextMenu_Shadcn_` (Radix-based) component that is already the standard across Studio. Each context menu wraps its trigger element directly, removing the need for imperative `show()` calls, portal hacks, and menu ID constants. The `react-contexify` dependency and all associated styles are removed. **Changes by area:** - **Grid row context menu**: `RowRenderer` wraps each `<Row>` with `ContextMenu_Shadcn_`. `RowContextMenu` refactored to accept `row` directly as a prop instead of looking it up by index. - **Log table**: Row renderer wraps each row with a context menu for "Copy event message". Removes `cellPosition` state and `createPortal`. - **Storage**: `FileExplorerRow` reuses its existing `rowOptions` array for both the dropdown and context menu. `FileExplorerColumn` inlines the column menu (new folder, select all, view/sort submenus). Three standalone context menu files deleted. - **Cleanup**: Removed `react-contexify` from `package.json`, deleted `contextMenu.scss`, removed styles from `grid.scss`. ## Additional context Net -370 lines. Follows the TODO comment in `CellContextMenuWrapper.tsx` and the existing eslint ban on `react-contexify` imports. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Refactor** * Replaced legacy right-click menus with a unified shadcn-style context menu across grids, logs, and the storage explorer. * Simplified row/column/item context menu behavior and copy actions; menus now mount and trigger more reliably. * **New Features** * Added row-level context menu providers to ensure consistent triggering and positioning for row actions. * **Chores** * Removed legacy context-menu styles and deprecated menu components. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
## I have read the [CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md) file. YES ## What kind of change does this PR introduce? Bug fix. ## What is the current behavior? Running `make` in `apps/docs/spec` (used by the `docs-js-libs-update` workflow) fails with: ``` ERR_PNPM_RECURSIVE_EXEC_FIRST_FAIL Command "redocly" not found make: *** [Makefile:56: dereference.api.v1] Error 254 ``` This regression was introduced in #44428, which removed `@redocly/cli` from `packages/generator/package.json` as an "unused" dependency. It was previously placed there because the Makefile ran `cd packages/generator && pnpm exec redocly` — but that directory had no logical ownership of the dependency. ## What is the new behavior? - `@redocly/cli` is now a devDependency of `apps/docs`, which is the package that owns the spec generation workflow. - The Makefile no longer `cd`s into `packages/generator` for the redocly calls. It runs `pnpm exec redocly` directly from `apps/docs/spec`, where the binary is now available. - The `tsdoc:dereference` targets are unchanged and still `cd` into `packages/generator` to run scripts defined there. ## Additional context The `cd packages/generator` pattern for redocly was introduced in #42987 to fix a peer dependency resolution issue with `npx @redocly/cli`. The fix was correct but placed the dependency in the wrong package. This PR moves it to its logical home. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Chores** * Added documentation processing tool as a development dependency. * Updated documentation generation configuration to optimize command execution paths. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
This PR updates @supabase/*-js libraries to version 2.102.1. **Source**: supabase-js-stable-release **Changes**: - Updated @supabase/supabase-js to 2.102.1 - Updated @supabase/auth-js to 2.102.1 - Updated @supabase/realtime-js to 2.102.1 - Updated @supabase/postgest-js to 2.102.1 - Refreshed pnpm-lock.yaml --- ## Release Notes ## v2.102.1 ## 2.102.1 (2026-04-07) ### 🩹 Fixes - **functions:** add toJSON to FunctionsError for correct JSON serialization ([#2226](supabase/supabase-js#2226)) ### ❤️ Thank You - oniani1 ## v2.102.0 ## 2.102.0 (2026-04-07) ### 🚀 Features - **postgrest:** add automatic retries for transient errors ([#2072](supabase/supabase-js#2072)) - **postgrest:** add success discriminator field to PostgREST response types ([#2198](supabase/supabase-js#2198)) - **supabase:** export PostgrestFilterBuilder and StorageApiError from supabase-js ([#2222](supabase/supabase-js#2222)) ### 🩹 Fixes - **auth:** downgrade console.error to console.warn for missing session ([#2214](supabase/supabase-js#2214)) - **ci:** add --ignore-scripts to platform test installs to block post install attacks ([#2206](supabase/supabase-js#2206)) - **postgrest:** add toJSON to PostgrestError for correct JSON serialization ([#2212](supabase/supabase-js#2212)) - **postgrest:** reject excess properties in insert, update, and upsert ([#2186](supabase/supabase-js#2186)) - **storage:** set correct content-type for uploads ([#2211](supabase/supabase-js#2211)) - **storage:** avoid duplicate content-type headers in vector requests ([#2220](supabase/supabase-js#2220)) ### ❤️ Thank You - Clay - Guilherme Souza - Katerina Skroumpelou @mandarini - oniani1 - Vaibhav @7ttp ## v2.101.1 ## 2.101.1 (2026-03-31) ### 🩹 Fixes - **storage:** support exactOptionalPropertyTypes ([#2200](supabase/supabase-js#2200)) ### ❤️ Thank You - Vaibhav @7ttp This PR was created automatically. Co-authored-by: supabase-workflow-trigger[bot] <266661614+supabase-workflow-trigger[bot]@users.noreply.github.com>
## I have read the [CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md) file. YES ## What kind of change does this PR introduce? Similar to the Advisor, this adds an admonition enabling the user to disable a public RLS select via dashboard. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Detect public buckets that have removable SELECT policies and show a contextual warning on the bucket page. * Let users remove the policy via a confirmation dialog that previews the removal action. * Show success/error feedback and automatically refresh storage views after removal. * Adjust page layout to surface the warning above the storage explorer. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Charis Lam <26616127+charislam@users.noreply.github.com>
## Problem We currently have 3 different libraries for drag & drop, two of which are not actively maintained anymore. ## Solution Migrate all usage of the two unmaintained libraries to DndKit. This PR focuses on using DndKit instead of `react-beautiful-dnd` for table editor columns sorting ## Screencast https://github.com/user-attachments/assets/7c0bd298-4115-4c41-9dac-644c546d2c80 <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Improvements** * Redesigned column drag handle with clearer grab affordance, hover and disabled states. * More reliable column reordering — drag-and-drop behaves consistently, including edge cases when moving columns. * Smoother drag interactions and improved visual feedback while moving columns. * **Chores** * Replaced legacy drag-and-drop implementation with a streamlined, modern reorder system. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Problem We currently have 3 different libraries for drag & drop, two of which are not actively maintained anymore. ## Solution Migrate all usage of the two unmaintained libraries to DndKit. This PR focuses on using DndKit instead of `react-dnd` for the row sorting popover in the table editor ## Screencast https://github.com/user-attachments/assets/9d5cf43c-fbbd-4e5e-8b5a-e9e803b71421 <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Enhanced sorting functionality with drag-and-drop support to reorder sort rules. * **Improvements** * Updated drag handle styling for better visual clarity and usability. * Simplified sorting interface architecture. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Problem The Report Blocks section (custom dashboards) has four visual and UX bugs: tooltip content overflows its container, Y-axis labels with 5+ digits get clipped (e.g. `10000` renders as `0000`), action buttons become unreachable when a block title is long, and scrolling inside a scrollable block also scrolls the parent page. ## Fix - Remove the fixed `w-[200px]` class from `ChartTooltipContent` in `ChartBlock` so tooltips auto-size to their content instead of overflowing. - Compute a dynamic Y-axis width in `ChartBlock` based on the string length of the maximum data value, replacing the `undefined` default that caused clipping. - Add `min-w-0` to the label container and `shrink-0` to the actions container in `ReportBlockContainer` so the truncation works correctly and action buttons are never pushed off-screen. - Add `overscroll-contain` to the scrollable SQL code and results table divs in `QueryBlock` to stop scroll events from propagating to the page. ## How to test - Navigate to a custom Report with multiple blocks - Hover over a chart bar on a block with a long metric name. The tooltip should be fully visible with no text overflow. - Find or create a block whose Y-axis values exceed 9999 (e.g. disk IOPS). The full number should appear on the Y-axis without any leading digits being clipped. - Use a block on a read replica so the label appends "of replica", making it long. The chart-type toggle, log scale toggle, and remove buttons should all remain visible and clickable. - Add a SQL snippet block that returns a large table of results. Scroll within the results table. The page should not scroll while the inner table is scrolling. ## Before <img width="1166" height="680" alt="CleanShot 2026-04-07 at 15 36 45@2x" src="https://github.com/user-attachments/assets/8e7bd3c9-8319-47c9-b2d9-b194d2803809" /> ## After <img width="1166" height="680" alt="CleanShot 2026-04-07 at 15 36 15@2x" src="https://github.com/user-attachments/assets/6ca5873a-cd09-4001-9cd0-932c12b6536e" /> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Style** * More consistent Y-axis sizing with dynamic widths for better label fit. * Improved Y-axis number formatting (K/M suffixes, sensible decimals) for clearer tick labels. * Simplified, more flexible chart tooltips (min-width applied; removed fixed widths). * Tighter report header layout so labels truncate predictably and actions keep their size. * Added overscroll containment to query results and SQL view to reduce unwanted scrolling. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Fixes #44586 The `enabled` field in `useGetIndexAdvisorResult` had an OR branch that bypassed the `enabled` prop for queries starting with `with pgrst_source`. This meant the query could fire even when `enabled: false` was passed (e.g. when the index_advisor extension isn't installed or the result is already prefetched). Restructures the logic to match the sibling hook in `retrieve-index-from-select-query.ts`, which correctly ANDs `enabled` with all conditions using an extracted `isValidQueryForIndexing` variable. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Bug Fixes** * Improved query validation in index advisor to more reliably handle SQL query normalization and ensure consistent query processing. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
Updates JS sdk documentation following stable release. Ran `make` in apps/docs/spec to regenerate tsdoc files. **Details:** - **Version:** `2.102.1` - **Source:** `manual` - **Changes:** Regenerated tsdoc files from latest spec files 🤖 Auto-generated from @supabase/supabase-js stable release. Co-authored-by: mandarini <6603745+mandarini@users.noreply.github.com>
## I have read the [CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md) file. YES ## What kind of change does this PR introduce? Docs update. This behaviour wasn't previously documented and causes confusion for customers wondering what data state their project will be restored to. ## Additional context Ref slack (Paul at Infra Data): https://supabase.slack.com/archives/C091448H1AM/p1767813291309359?thread_ts=1765466738731989&cid=C091448H1AM <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Documentation** * Strengthened pause-and-restore guidance to explicitly state downtime occurs during pausing. * Updated pause wording to indicate users are redirected “in the meantime” (removed explicit duration). * Clarified restore is performed from a physical backup and that users will receive an email when complete. * Replaced detailed teardown caveat with a concise note: restoration time depends on database size; contact support if it fails. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
## TL;DR fixes scrolling for dropdowns in `Authentication -> Policies` ## Before https://github.com/user-attachments/assets/2ed08426-701b-4639-b2f2-702f2072e0c1 ## After https://github.com/user-attachments/assets/f53c8cbf-4fae-4099-a4da-915188026959 ## Related - closes #44567 <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Bug Fixes** * Fixed unintended scroll behavior in dropdown menus and selection components when scrolling with the mouse wheel, preventing the scroll from affecting underlying page content. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
…44492) * **Refactor** * Updated SQL handling across the pg-meta package to use a new type-safe SQL construction approach throughout helper functions and query builders. * Modified return types for query methods in column privileges, foreign tables, materialized views, tables, and views modules.
## I have read the [CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md) file. YES ## What kind of change does this PR introduce? Ability to view things beneath the sheet, such as edge function logs while testing. | Before | After | |--------|--------| | <img width="1203" height="842" alt="Screenshot 2026-04-07 at 13 33 57" src="https://github.com/user-attachments/assets/90423650-fcf0-4a88-aadd-dbbb373e2a33" /> | <img width="1206" height="838" alt="Screenshot 2026-04-07 at 13 30 53" src="https://github.com/user-attachments/assets/103a05a6-eaed-4985-a83d-4aa4b945ee9f" /> | <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Style** * Improved the visual appearance of the edge function tester sheet by removing the overlay effect, providing a cleaner interface. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Summary
- Passes billing address and tax ID from the payment form to the
subscription preview endpoint, so taxes are recalculated live as the
user updates their details
- Debounces address/tax ID changes (1s) in `NewPaymentMethodElement` to
avoid excessive API calls while typing
- Decouples the preview refetch from the payment form's mount state -
uses `keepPreviousData` so the form stays mounted and the breakdown dims
with `opacity-50` instead of unmounting/remounting during refetches.
Shimmer skeleton only shows on initial load.
- Disables the "Confirm upgrade" button while a refetch is in progress
to prevent submitting with stale tax data
- Respects the "Use address as my org's billing address" checkbox: the
preview should mirror what will actually happen - if the checkbox is
unchecked, the address won't be saved to Orb, so it shouldn't be used
for the tax estimate either. Otherwise the user sees one price and gets
charged another. The logic for this lives in `PlanUpdateSidePanel`
``` mermaid
flowchart TD
A[User opens upgrade dialog] --> B[Fetch subscription preview]
B --> C[Show payment form + price breakdown]
C --> D[User edits address or tax ID]
D -->|1s debounce| E{Use as billing address?}
E -->|Yes| F[Re-fetch preview with new address]
E -->|No| G[Re-fetch preview without address override]
F --> H[Update breakdown — form stays mounted]
G --> H
H --> C
```
## Test plan
- [x] Open the plan upgrade dialog, verify the payment form and
breakdown load normally on first open
- [x] Change the billing address country - verify the breakdown dims
briefly and updates with new tax amounts without the payment form
unmounting
- [x] Toggle the tax ID on/off and change its value - verify the
preview refreshes after ~1s debounce
- [x] Confirm the upgrade button is disabled while the preview is
refetching
- [x] Uncheck "Use address as my org's billing address" - verify the
preview refetches without address/tax overrides
- [x] Re-check the checkbox - verify the preview refetches again with
the current form address
- [x] Assert that adding a new billing address in the CreditTopUp form
works and saves the address
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Payment and subscription flows now propagate billing address and tax
ID via new callbacks; subscription preview requests include these values
and preserve prior results while fetching.
* Preview updates are debounced to reduce noise; loading state disables
confirm actions and visually dims charge breakdown.
* **UX**
* Address input emits complete normalized address updates (empty second
line cleared).
* Tax ID input emits updates and explicit clears (null).
* “Use address as my org's billing address” is now controlled and
reports changes.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
github-actions
bot
added
the
documentation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
14 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )