[pull] master from supabase:master#821
Merged
pull[bot] merged 12 commits intocode:masterfrom Apr 9, 2026
Merged
Conversation
smol follow up to: - supabase/supabase-js#2234 <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Documentation** * Improved Smart CDN documentation with updated cache-bypass instructions. The guidance now uses the `cacheNonce` query parameter to clarify how to force the CDN to fetch fresh content from origin. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
This PR updates @supabase/*-js libraries to version 2.103.0. **Source**: supabase-js-stable-release **Changes**: - Updated @supabase/supabase-js to 2.103.0 - Updated @supabase/auth-js to 2.103.0 - Updated @supabase/realtime-js to 2.103.0 - Updated @supabase/postgest-js to 2.103.0 - Refreshed pnpm-lock.yaml --- ## Release Notes ## v2.103.0 ## 2.103.0 (2026-04-09) ### 🚀 Features - **postgrest:** add stripNulls method for null value stripping ([#2189](supabase/supabase-js#2189)) - **storage:** add cacheNonce parameter for download ([#2234](supabase/supabase-js#2234)) ### 🩹 Fixes - **postgrest:** fix scalar computed column type inference for isNotNullable and SETOF scalar ([#2224](supabase/supabase-js#2224)) ### ❤️ Thank You - Katerina Skroumpelou @mandarini - Seydi Charyyev @TheSeydiCharyyev - Vaibhav @7ttp This PR was created automatically. Co-authored-by: supabase-workflow-trigger[bot] <266661614+supabase-workflow-trigger[bot]@users.noreply.github.com>
## Problem Foreign wrapper forms still use `formik` but we now use `react-hook-form` everywhere and we'd like to reduce our dependencies. ## Solution - [x] Write e2e tests for wrappers - [x] Migrate to `react-hook-form` ## Notes I tried to cover the 3 cases I identified for foreign wrappers with e2e tests: - Add all available tables to a new schema (stripe) - Add selected tables to a new table (stripe) - Create dynamic columns (s3 wrapper) However, they are not exhaustive as I can't test the integration actually works, only that it was created successfully. Besides, I can't test the Iceberg wrapper case as it needs actual S3 buckets. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Enhanced column-type selector with searchable combobox, enum support, icons, and optional recommendation prompts. * **Refactor** * Migrated many wrapper/table/editor forms to a schema-driven form system with stronger validation, dynamic field arrays, and consistent form controls. * Updated input field integration to work with the new form control model. * **Bug Fixes** * Improved handling of missing wrapper/error states during wrapper loading. * **Tests** * Added unit tests for form schemas and end-to-end tests for wrapper creation flows. * **Chores** * Removed legacy dynamic-columns component. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
Bump font-size to 16px for inputs and textareas on mobile viewports to avoid auto zoom-in when focusing the inputs on ios.
Removes the temporary killswitch that was blocking tracing in production environments. Note this still excludes from tracing projects that are any of the following: - HIPAA sensitive - Hosted in EU regions - Within orgs where some owner previously signed our DPA See [approval message](https://supabase.slack.com/archives/C051L8U2EJF/p1775526578561789?thread_ts=1775144006.270549&cid=C051L8U2EJF) for context. Closes AI-450 <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Bug Fixes** * Tracing enablement now depends solely on the presence of required API credentials instead of environment-based restrictions, enabling diagnostic tracing functionality across all environments. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
The Connect Sheet install step only listed `@supabase/supabase-js`, but the generated code for Next.js (app router) and Remix imports from `@supabase/ssr` – so users following the steps immediately hit import errors. **Added:** - `EXTRA_PACKAGES` map in `connect.schema.ts` – frameworks declare additional packages on top of the base library install, keyed by `framework/variant` for granularity (e.g. `nextjs/app` gets `@supabase/ssr`, `nextjs/pages` does not) - Install content component appends extras automatically - Step title pluralises to "Install packages" when extras are present - Tests for extra packages, variant-specific install commands, and step titles **Changed:** - Next.js steps now branch on `frameworkVariant` so app router and pages router can have different install steps - Remix gets an explicit entry in the step tree (previously fell through to DEFAULT) ## To test - Open Connect Sheet → Framework → Next.js → App Router - Install step should say "Install packages" and show `npm install @supabase/supabase-js @supabase/ssr` - Switch to Pages Router - Install step should say "Install package" and show `npm install @supabase/supabase-js` - Switch to Remix - Install step should say "Install packages" and show `npm install @supabase/supabase-js @supabase/ssr` - Other frameworks (Vue, SvelteKit, etc.) should be unchanged <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit ## Release Notes * **New Features** * Enhanced package installation guidance to include framework-specific additional packages (e.g., @supabase/ssr for Next.js App Router and Remix). * Installation step labels now accurately reflect the number of packages being installed. <!-- end of auto-generated comment: release notes by coderabbit.ai --> Co-authored-by: Alaister Young <10985857+alaister@users.noreply.github.com>
## Summary Removes `_DEFAULT` from the publishable key env var name across all Connect and ConnectSheet framework content, so that e.g. `NEXT_PUBLIC_SUPABASE_PUBLISHABLE_DEFAULT_KEY` becomes `NEXT_PUBLIC_SUPABASE_PUBLISHABLE_KEY`. This matches the docs and sample apps. ### Connect - Next.js (App Router) - Next.js (Pages Router) - React (Create React App) - React (Vite) - Remix - SolidJS - SvelteKit ### ConnectSheet - Next.js (App Router) - Next.js (Pages Router) - React (Create React App) - React (Vite) - Remix - SolidJS - SvelteKit - Vue.js - shadcn env step Resolves FE-2934 <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Bug Fixes** * Standardized environment variable names in generated connection/setup instructions: when a publishable key is present the templates now reference the publishable env var (e.g., NEXT_PUBLIC_SUPABASE_PUBLISHABLE_KEY, VITE_SUPABASE_PUBLISHABLE_KEY, REACT_APP_SUPABASE_PUBLISHABLE_KEY, etc.) with unchanged anon-key fallback behavior. * Updated cURL/tab placeholders to reflect the new publishable-key identifier when hiding keys. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
Cleanup task following #43194 I noticed the run of `braintrust-scorers-deploy.yml` included the branch prefix on scorers in Assistant. This is unnecessary since there's only one copy of scorers in the "Assistant" project, unlike "Assistant (Staging Scorers)" which uses prefixes to disambiguate branches. <img width="502" height="262" alt="CleanShot 2026-03-09 at 15 45 19@2x" src="https://github.com/user-attachments/assets/214ec1e8-5f40-411f-8d2a-71cc4a5fc294" /> This is a small housekeeping correction so scorers in the main "Assistant" project don't include branch prefixes, whereas scorers from PRs deployed to "Assistant (Staging Scorers)" remain prefixed. https://docs.github.com/en/actions/reference/variables-reference <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Chores** * Updated CI deployment configuration for scorer branch/prefix handling to optimize behavior across different GitHub event types (PR vs. push/dispatch events). <!-- end of auto-generated comment: release notes by coderabbit.ai -->
…41783) Show OAuth server endpoints in oauth server settings page. Preview: [OAuth Server settings](https://studio-staging-git-chore-show-oauth-server-endpoints-supabase.vercel.app/dashboard/project/_/auth/oauth-server) <img width="1138" height="496" alt="Screenshot 2026-01-09 at 12 00 31" src="https://github.com/user-attachments/assets/eeca7726-0426-4abe-990d-271b702e4f7b" /> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added an OAuth endpoints table showing Authorization, Token, JWKS, and Discovery/OpenID URLs with copy-to-clipboard and a masked preview mode. * Inline preview of the Authorization URL when an authorization path is set. * **Improvements** * Reorganized OAuth server settings for clearer enable/disable flow, conditional field visibility, and disable confirmation. * Dynamic loading of the endpoints table, improved loading skeletons, layout refinements, and form reset to reflect saved defaults. <sub>✏️ Tip: You can customize this high-level summary in your review settings.</sub> <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Ali Waseem <waseema393@gmail.com>
## What kind of change does this PR introduce? Docs update ## Additional context The Smart CDN documentation lacked clarity around caching behavior for signed URLs used with private bucket assets. This update adds that missing detail. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Documentation** * Added a Smart CDN guide section on signed URL caching at the CDN edge: each unique signed URL is a separate cache key. * Explained cache behavior: first request for a specific signed URL is a miss; subsequent identical requests are cache hits; cached responses remain until CDN cache expiry. * Clarified access-control interactions: revoking/expiring a token does not purge cached content; deleting the object invalidates cached entries (propagates within ~60s). <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: ferhat elmas <elmas.ferhat@gmail.com>
## Problem Foreign wrapper forms still use `formik` but we now use `react-hook-form` everywhere and we'd like to reduce our dependencies. ## Solution This PR focuses on migrating the OAuth apps form to `react-hook-form` <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Refactor** * Reworked the OAuth app publish form to use schema-driven validation and managed callback URL fields. * Replaced bespoke URL state/handlers with add/remove field array logic; consolidated error rendering. * Submission, loading and preview now reflect real-time form state and reset correctly when the panel or selection changes. * **Bug Fixes** * Improved URL validation to handle localhost cases and optional HTTPS-only enforcement. * **Tests** * Extended URL validation tests to cover localhost, HTTP/HTTPS and HTTPS-only scenarios. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
github-actions
bot
added
the
documentation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
7 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )