chore: production deploy by supabase-cli-releaser[bot] · Pull Request #5353 · supabase/cli

supabase-cli-releaser · 2026-05-26T03:19:28Z

fix(cli): support older x64 CPUs (fix(cli): support older x64 CPUs #5339)
feat(cli): port backups list and restore to native TypeScript (feat(cli): port backups list and restore to native TypeScript #5331)
feat(cli): port ssl-enforcement to native TypeScript (feat(cli): port ssl-enforcement to native TypeScript #5340)
fix(config): interpolate env() refs before schema decode (fix(config): interpolate env() refs before schema decode #5341)

Switch the x64 Bun compile targets to baseline for the published Linux glibc, Linux musl, and Windows platform builds. Bun's default x64 targets can require newer AVX2-capable CPUs, while the baseline targets are intended for older x64 machines. Using the baseline targets avoids illegal-instruction failures on those systems without changing the published package names, release archive names, or amd64 packaging metadata. This also keeps the local release helper aligned with the production build matrix and updates libc detection so the Linux x64 musl baseline target is still classified as musl. Fixes #5338

## Summary Replaces the Phase-0 Go-proxy handlers for `supabase backups list` and `supabase backups restore` with native Effect-based implementations. Adds the supporting legacy infrastructure (`legacy/auth`, `legacy/config`, project-ref resolver, Glamour table renderer) that subsequent ports will reuse. ## Highlights - **Strict Go parity on the wire.** Byte-identical `--output json` (alphabetical struct-field order, `backups: null` for empty slices to match Go's nil-slice semantics), Glamour-styled tables verified byte-for-byte against Go test fixtures, restore stderr line preserved. - **`Output.raw(text, stream)` service method.** Handlers now route stdout/stderr writes through the `Output` service instead of calling `process.stdout/stderr.write` directly. `mockOutput` captures these into `rawChunks` + `stdoutText` / `stderrText` getters, eliminating ~30 lines of `process.*.write` monkey-patching per integration test file. - **Shared backups infrastructure.** New `backups.layers.ts` exposes a `legacyBackupsRuntimeLayer(subcommand)` factory so each subcommand wires the platform-API + project-ref stack identically. New `mapLegacyBackupHttpError` factory in `backups.errors.ts` consolidates `RESPONSE_ERROR_TAGS` + HTTP-error dispatch and truncates response bodies to 1024 chars before embedding them in tagged errors. - **Flag-type discipline.** Both `*.command.ts` files mark `config as const` and `export type LegacyBackups*Flags = CliCommand.Command.Config.Infer<typeof config>` (canonical `login.command.ts` pattern); handlers import the type instead of duplicating private interfaces. - **Spinner suppressed in non-text modes.** `output.task("Fetching backups...")` / `"Initiating PITR restore..."` only run when `output.format === "text"`, eliminating dangling `[task] start:` lines on stderr in JSON / stream-json modes. - **API contracts regenerated.** `packages/api/src/generated/contracts.ts` rebuilt from upstream OpenAPI — adds the missing `id` field on backup items, plus broader spec drift since the last sync. - **Tests + checks pass.** Unit + integration suites green, including the new `backups.encoders.unit.test.ts` and the byte-stable `--output json` assertion (against the Go fixture from `apps/cli-go/internal/backups/list/list_test.go`). Targeted e2e `--help` smoke tests for both `list` and `restore`. ## Known Gaps (documented, not blocking) - `V1RestorePitrBackupInput.recovery_time_target_unix` retains an upstream `>= 0` constraint that Go's `int64` does not enforce. A negative timestamp surfaces a local schema-decode error rather than the API's own error. Noted in `restore/SIDE_EFFECTS.md`; resolving requires an upstream OpenAPI change. ## Reviewer Notes - The handlers do not log any token, error body, or response field that isn't already part of the documented Go output. Bodies are capped at 1024 chars even though the Management API is trusted, to set the right precedent for future ports against less-trusted endpoints. - The OpenAPI regen also touches `effect-client.ts` and `openapi.json`. Diff scope is large but mechanical — all the meaningful schema deltas land in `contracts.ts`. One unrelated `next/` snapshot expectation (`platform-schema.integration.test.ts`) updated to match the new upstream description text for `v1ListAllProjects`. Closes CLI-1301

Replaces the Phase-0 Go-binary proxies for `supabase ssl-enforcement get` and `supabase ssl-enforcement update` with native Effect handlers. Output, error messages, exit codes, and filesystem side effects are byte-identical to the Go CLI. ## What changed - **`ssl-enforcement get` / `update` are now native TS** — both handlers call the typed Management API client directly, with `withCommandInstrumentation` + `withJsonErrorHandling` middleware, and honour all five Go `--output {pretty,json,yaml,toml,env}` encoders as well as the TS `--output-format {text,json,stream-json}`. - **Hoist refactor**: three artifacts move from `apps/cli/src/legacy/commands/backups/` to a new `apps/cli/src/legacy/shared/` directory because they are now reused across command families: - `legacyManagementApiRuntimeLayer` (was `legacyBackupsRuntimeLayer`) - `mapLegacyHttpError` (was `mapLegacyBackupHttpError`) — generic over the network/status error class pair - Go-compatible `encodeGoJson` / `encodeYaml` / `encodeToml` / `encodeEnv` — `encodeGoJson` now takes an optional `nullForEmptyArrays` option so backups can preserve its PITR-only `"backups": null` shape while ssl-enforcement omits it - **Backups list/restore call sites are refactored** in the same change to use the hoisted shared modules. No behaviour change for backups. ## Reviewer-relevant context - The `update` handler validates the mutually-exclusive `--enable-db-ssl-enforcement` / `--disable-db-ssl-enforcement` flags at handler entry — Effect CLI has no cobra-equivalent `MarkFlagsMutuallyExclusive`. Validation error messages are verbatim cobra strings for parity with the Go binary. - `Effect.ensuring` nesting in both handlers mirrors Go's `PersistentPostRun`: `telemetryState.flush` wraps the entire body (so it flushes even on ref-resolution failure), while `linkedProjectCache.cache(ref)` only wraps the post-resolution sub-effect (it requires a resolved ref). - The SSL-enforcement `SIDE_EFFECTS.md` files were previously stubs with wrong API paths (`/v1/projects/{ref}/config/ssl-enforcement`) and wrong response shapes (`{enforced, override_enabled}`). Both are rewritten with the correct path (`/v1/projects/{ref}/ssl-enforcement`) and response (`{currentConfig: {database}, appliedSuccessfully}`). - `encodeEnv` was hardened to escape `\n` / `\r` / `\t` (Go `%q` parity). Latent bug — boolean-only ssl-enforcement schema never triggered it, but fixing it now in the shared encoder prevents future ported commands with string fields from injecting newlines into env output that a downstream `eval` / `source` would treat as separate KEY=VALUE assignments. - `docs/go-cli-porting-status.md` flips both ssl-enforcement rows from `wrapped` to `ported`. Closes CLI-1297

Fixes the crash when `supabase/config.toml` uses `env(VAR)` on numeric or boolean fields (e.g. `analytics.port = "env(SUPABASE_ANALYTICS_PORT)"`). The strict Effect Schema decode ran immediately after raw TOML parse, with `interpolateValue` in `project.ts` only firing post-decode via `resolveProjectValue` — so it never got the chance to substitute the string before `Schema.Number` rejected it. ## What changed - **Pre-decode env() interpolation in `packages/config/src/io.ts`** — `loadProjectConfigFile` now loads the project environment (`.env`/`.env.local`/ambient) and runs a schema-aware walker on the parsed document before handing it to `Schema.decodeUnknownSync(ProjectConfigSchema)`. - **Schema-aware walker in `packages/config/src/lib/env.ts`** — traverses both the parsed document and `ProjectConfigSchema.ast` in parallel. For string leaves matching `env(VAR)`: substitutes against the env, then coerces to Number/Boolean if the schema at that path expects one. Mirrors Go's `LoadEnvHook` + mapstructure type chain (`apps/cli-go/pkg/config/decode_hooks.go:14-21` → subsequent string→type conversion hooks). - **Verbatim-on-missing semantics** — `interpolateLeafValue` in `project.ts` no longer throws `MissingProjectEnvVarError` when the referenced env var is unset. It returns the literal `env(VAR)` string, matching Go parity. The `MissingProjectEnvVarError` class and re-export are removed; `resolveProjectValue` / `resolveProjectSubtree` no longer have a failure channel. - **Fields declared with the `env()` schema helper opt out** via the `x-env-deferred` marker annotation. They still require the literal `env(VAR)` format for post-decode resolution by `resolveProjectValue` — the walker honors the marker and leaves those paths untouched. ## Reviewer-relevant context - **No schema-file edits.** Coercion lives entirely in the walker, so future fields added to any of the section schemas (`db.ts`, `analytics.ts`, `auth/*.ts`, etc.) automatically work with `env()` references — no risk of a contributor forgetting to use a coerced primitive at declaration time. - **The marker annotation lives on the check, not the outer AST.** `env() = Schema.String.check(isPattern(envRegex)).annotate({...})` attaches metadata to the resulting Filter rather than the base String AST, so `isDeferredEnvField` inspects both `node.annotations` and `node.checks[].annotations`. Caught by the `@supabase/stack` `functions.unit.test.ts` regression for `functions.<name>.env` (env() helper at a record value position). - **Missing-env semantics in `project.ts` are now non-failing.** Two existing "fails when missing env var" tests in `project.unit.test.ts:223,255` are rewritten to assert verbatim preservation. `redactValue` already skips redaction when the value is still an env reference (`!isEnvReference(value)`), so unresolved literals flow through as plain strings — no Redacted wrapping on missing secrets. - **The next/projectContextLayer workaround (PR #5281) is left in place.** That layer dropped the `loadProjectConfig` call entirely to avoid the crash; reintroducing it is a follow-up refactor since the workaround still functions correctly (it only loads env, not config). - The existing CLI-1489 regression test at `apps/cli/src/next/config/project-context.layer.unit.test.ts:30` is not modified — it asserts the workaround-era behavior of `projectContextLayer`, which is unchanged. Direct upstream regression coverage is added in `packages/config/src/io.unit.test.ts`: numeric coercion, boolean coercion, verbatim preservation, ambient fallback, and decode failure when an unset var is referenced from a numeric field. Fixes CLI-1489

…5239) Adds a new `[api].auto_expose_new_tables` configuration option to control whether newly-created tables, views, sequences, and functions in the `public` schema are reachable through the Data API roles (`anon`, `authenticated`, `service_role`) without explicit GRANTs. ## Why Cloud now exposes a "Default privileges for new entities" toggle (supabase/supabase#45329). When it is off, Studio revokes the default GRANTs on `public` at project creation so the Data API surface is opt-in per entity. Local Supabase had no equivalent: bootstrap always installed the default GRANTs, forcing users who opted in on cloud to either keep their local schema out of sync or ship a project-specific revoke migration. This adds a first-class `config.toml` flag and applies the same revoke SQL Studio runs. ## Migration design — tri-state field The field is intentionally optional today so the rollout can flip the implicit default without losing track of users who made an explicit choice: | State | Today's behaviour | 2026-05-30 | 2026-10-30 | | --- | --- | --- | --- | | unset (`init` default) | auto-expose (current local behaviour) | flips to revoke (new cloud default) | flag removed | | explicit `true` | auto-expose | auto-expose with deprecation warning | flag removed | | explicit `false` | revoke | revoke | flag removed | - Go: `api.AutoExposeNewTables` is `*bool` with `omitempty`, so unset round-trips as a missing key. `NewConfig` does not seed a value; `ApplyApiPrivileges` treats `nil` and `true` identically and runs the revoke SQL only when an explicit `false` is set. - TS: `api.auto_expose_new_tables` is `Schema.optionalKey(Schema.Boolean)` with no decoding default. The single read site (`start.command.ts`) uses `?? true`, so today's nil-as-true semantics live in one place. - The `init` config.toml template ships the field commented out with a brief timeline so users discover it without having a value injected. ## Implementation ### Config schema - `packages/config/src/api.ts`: optional boolean with timeline-bearing description. - `apps/cli-go/pkg/config/api.go`: `*bool` with `toml:",omitempty"`. - `apps/cli-go/pkg/config/templates/config.toml`: commented-out example with the rollout timeline. ### Database bootstrap - `REVOKE_DEFAULT_DATA_API_PRIVILEGES_SQL` mirrors exactly what Studio runs at cloud project creation when the toggle is off (revokes `select,insert,update,delete on tables`, `usage,select on sequences`, `execute on functions` from `anon`, `authenticated`, `service_role`). - Go (`internal/db/start/start.go`): new `ApplyApiPrivileges` runs the SQL when an explicit `false` is set. Called from `SetupDatabase` (covers v15 start, v15 reset, and v14 start via `SetupLocalDatabase`) and from `internal/db/reset/reset.go`'s `initDatabase` (covers the v14-only reset path that bypasses `SetupDatabase`). - TS (`packages/stack/src/services/postgres-init.ts`): the revoke block is appended to the postgres-init script only when the resolved `autoExposeNewTables` is false, inside the same first-init branch so `db reset` (which wipes the data dir) replays it. ### Stack wiring (TS) - `PostgresConfig` / `ResolvedPostgresConfig` gain `autoExposeNewTables`. `createStack.ts` defaults to `true` if the field is absent from the input config. - `StackBuilder.ts` passes the resolved value into `makePostgresInitService`. - `apps/cli/src/next/commands/start/start.command.ts` reads `ProjectContext.rawProjectConfig.api.auto_expose_new_tables` and threads it through, falling back to `true` when the project config or the field itself is absent. ### Tests - Go: `TestApiAutoExposeNewTablesDefault` (asserts the field stays nil on a fresh `NewConfig`), a new `TestSetupDatabase` case that mocks the exact statement ordering when the flag is `false`, refreshed `TestApiDiff/detects_differences` snapshot. - TS: `packages/config/src/project.unit.test.ts` round-trips unset/true/false through `config.toml`. `packages/stack/src/services/services.unit.test.ts` asserts the postgres-init script contains/omits the revoke block in each flag state. Existing `Stack`/`StackBuilder` fixtures updated for the new resolved field. ## Out of scope (tracked separately) - `supabase config push` round-trip to the Management API - `supabase link` drift detection for this field - Pulling the value down from a linked project - `apps/docs` config reference entry Closes: CLI-1454 https://claude.ai/code/session_011pZGRjHtkxjt1iZj5LYrqq --------- Co-authored-by: Claude <noreply@anthropic.com> Co-authored-by: Julien Goux <hi@jgoux.dev>

coveralls · 2026-05-26T07:06:49Z

Coverage Report for CI Build 26515119396

Warning

No base build found for commit b2f10f0 on main.
Coverage changes can't be calculated without a base build.
If a base build is processing, this comment will update automatically when it completes.

Coverage: 63.74%

Details

Patch coverage: No coverable lines changed in this PR.

Uncovered Changes

No uncovered changes found.

Coverage Regressions

Requires a base build to compare against. How to fix this →

Coverage Stats


Relevant Lines:	15742
Covered Lines:	10034
Line Coverage:	63.74%
Coverage Strength:	7.06 hits per line

💛 - Coveralls

## Summary - Restores Go CLI parity for the legacy TS proxy by accepting `supabase migrations ...` as an alias for `supabase migration ...`. - Adds a regression test proving the plural alias resolves through the TS command tree while forwarding canonical `migration` argv to the bundled Go binary. - Documents the alias in the legacy Go porting status. Co-authored-by: Cursor <cursoragent@cursor.com>

## What kind of change does this PR introduce? chore ## What is the current behavior? `--dry-run` could potentially display some sensitive values ## What is the new behavior? additional sensitive values are redacted

Replaces the Phase-0 Go-binary proxies for `supabase secrets list`, `secrets set`, and `secrets unset` with native Effect handlers. Output, error messages, exit codes, and filesystem side effects match the Go CLI. ## What changed - **`secrets list/set/unset` are now native TS** — typed Management API client with `withCommandInstrumentation` + `mapLegacyHttpError`, honoring all five Go `--output {pretty,json,yaml,toml,env}` encoders plus the TS `--output-format {text,json,stream-json}`. `secrets list` emits the Glamour-table ASCII output byte-for-byte. - **`secrets set` reads `[edge_runtime.secrets]` from `config.toml`** via `@supabase/config`'s `loadProjectConfig` + `resolveProjectSubtree`. Resolved secret values come back wrapped in `Redacted<string>`; unresolved `env(VAR)` literals (env var unset) stay as plain strings and are filtered at the handler — matches Go's `set.go:48-52` which skips entries whose SHA256 is empty (the SHA256 is empty when `DecryptSecretHookFunc` sees a still-literal `env(VAR)`). - **No foundational `LegacyProjectConfig` wrapper.** The original port plan (CLI-1522) introduced a tolerant subtree reader at `legacy/config/legacy-project-config.{service,layer}.ts` to bypass CLI-1489's strict-decode crash. With CLI-1489 fixed upstream in #5341, that workaround is no longer needed — handlers consume the canonical loader directly. CLI-1522 is superseded. ## Reviewer-relevant context - **Config-source filter rule:** the handler only includes secrets where `Redacted.isRedacted(value)` is true. This naturally excludes both unresolved `env(VAR)` literals (which stay as plain strings per CLI-1489's verbatim-on-missing semantics) and any pre-existing literal whose env var couldn't be resolved — equivalent to Go's empty-SHA256 filter without re-implementing the hashing pipeline. - **`LegacySecretsConfigParseError` is kept as a domain-specific wrapper.** The handler catches `ProjectConfigParseError` from `@supabase/config` and re-raises as `LegacySecretsConfigParseError` so the legacy error tag remains stable for error-message parity and the integration test's tag assertion. - **TOML format change:** integration test fixtures previously used the encoded `{ sha256, value }` envelope (modeling the original tolerant reader's storage shape). They now use the plain-string form (`KEY = "value"` / `KEY = "env(VAR)"`) which is what `@supabase/config` decodes and what users actually write. - **Smoke-tested the bundled `dist/supabase-legacy` binary** (per the `Layer.provide` sibling-sharing footgun) against a fixture with both literal and unresolved-env secret entries — no service-not-found panic, POST body contains only resolved entries, unset env() refs filtered out. - `docs/go-cli-porting-status.md` flips all three secrets rows from `wrapped` to `ported`. Fixes CLI-1291 Closes CLI-1522 --------- Co-authored-by: Julien Goux <hi@jgoux.dev>

## Summary Audit (CLI-1531) found the native legacy ports were emitting a `cli_command_executed` payload that diverged from `apps/cli-go/` in three ways: - `flags_used` (string array) + `flag_values` (allowlisted) instead of Go's single `flags` map with `"<redacted>"` for non-safe values. - `ai_tool: string` instead of `is_agent: boolean`. - Missing `env_signals` map. Since the legacy/ shell sends events to the same PostHog pipeline as the Go binary, this drift was breaking dashboards and funnels silently. ## What changed - **`shared/telemetry/event-catalog.ts`** — single literal-string source mirroring `apps/cli-go/internal/telemetry/events.go` (5 events, 18 props, 35 env-presence + 6 env-value keys, 80-char cap). - **`shared/telemetry/posthog-config.ts`** — extracted PostHog host/key constants out of `next/config/cli-config.layer.ts` so both shells' analytics layers can share them without a cross-shell import. - **`legacy/telemetry/legacy-analytics.layer.ts`** — implements `Analytics` with Go-shape base properties (`is_agent`, `env_signals`, no `ai_tool`). Loads linked-project cache from `SUPABASE_WORKDIR ?? process.cwd()` so it doesn't depend on per-command flag services. - **`legacy/telemetry/legacy-command-instrumentation.ts`** — `withLegacyCommandInstrumentation({ flags, safeFlags })` emits a single `flags` map. Booleans + explicit `safeFlags` pass through verbatim (mirrors Go's `markFlagTelemetrySafe` annotation); everything else becomes `"<redacted>"`. Flag-name sort matches Go's `sort.Slice`. - **`shared/cli/run.ts`** no longer hard-wires the analytics layer; `legacy/cli/main.ts` and `next/cli/main.ts` each provide their own. - **7 native command files** (backups/{list,restore}, secrets/{list,set,unset}, ssl-enforcement/{get,update}) switched to `withLegacyCommandInstrumentation({ flags })`. - The `next/` shell intentionally keeps the richer `ai_tool` / `flags_used` / `flag_values` payload — parity is scoped to `legacy/` only. ## Scope decision: custom events deferred Every command that emits a custom event in Go — `login` (`cli_login_completed` + Alias/Identify stitching), `link` (`cli_project_linked`), `start` (`cli_stack_started`), `sso/*` and `branches/*` (`cli_upgrade_suggested`) — is still a Phase 0 `LegacyGoProxy` in the TS shell. The Go subprocess fires those events on its own; a TS wrapper would double-count. The native ports of those commands will need to reproduce the Go calls when they land — the canonical table is now documented in `AGENTS.md § Legacy Port: Telemetry Parity` and `apps/cli/src/legacy/SIDE_EFFECTS_TEMPLATE.md`. ## Reviewer notes - Native handlers wrap with `withLegacyCommandInstrumentation`; proxy handlers stay unwrapped. - `event-catalog.ts` is exempted from `knip:check` so future-use constants (e.g. `EventLoginCompleted`) don't get pruned before they're consumed. - The legacy `AnalyticsContext` shape now carries both `flags` (legacy) and `flags_used`/`flag_values` (next); each shell's analytics layer reads only its own fields. - Bundled `dist/supabase-legacy` was smoke-tested against both a native command (`backups list --help`) and a proxy command (`init --help`) per the [[feedback-layer-provide-semantics]] memory. Fixes CLI-1531

## Summary Stabilizes the `functions dev` runtime unit test by replacing the real filesystem watcher and temp file writes with an in-memory fake `FileWatcher` layer. The test now waits for the watch stream to register, then emits synthetic file events deterministically. This removes the CI-sensitive race around native `@parcel/watcher` startup timing. --------- Co-authored-by: Cursor <cursoragent@cursor.com>

## Summary Fixes the Dependabot Docker manifest path after the Go CLI was moved under `apps/cli-go`. Dependabot was still scanning `pkg/config/templates`, so it no longer found `apps/cli-go/pkg/config/templates/Dockerfile` and stopped opening Docker image update PRs for local `supabase start` services. Co-authored-by: Cursor <cursoragent@cursor.com>

…tes (#5354) Bumps the npm-major group with 24 updates in the / directory: | Package | From | To | | --- | --- | --- | | [verdaccio](https://github.com/verdaccio/verdaccio) | `6.7.1` | `6.7.2` | | [@supabase/supabase-js](https://github.com/supabase/supabase-js/tree/HEAD/packages/core/supabase-js) | `2.105.4` | `2.106.2` | | [@types/react](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react) | `19.2.14` | `19.2.15` | | [ink](https://github.com/vadimdemedes/ink) | `7.0.3` | `7.0.4` | | [posthog-node](https://github.com/PostHog/posthog-js/tree/HEAD/packages/node) | `5.34.3` | `5.35.4` | | [semantic-release](https://github.com/semantic-release/semantic-release) | `24.2.9` | `25.0.3` | | [fumadocs-core](https://github.com/fuma-nama/fumadocs) | `16.8.11` | `16.9.1` | | [fumadocs-mdx](https://github.com/fuma-nama/fumadocs) | `15.0.6` | `15.0.8` | | [fumadocs-ui](https://github.com/fuma-nama/fumadocs) | `16.8.11` | `16.9.1` | | [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.8.0` | `25.9.1` | | [@effect/atom-react](https://github.com/Effect-TS/effect-smol/tree/HEAD/packages/atom/react) | `4.0.0-beta.67` | `4.0.0-beta.70` | | [@effect/platform-bun](https://github.com/Effect-TS/effect/tree/HEAD/packages/platform-bun) | `4.0.0-beta.67` | `4.0.0-beta.70` | | [@effect/platform-node](https://github.com/Effect-TS/effect/tree/HEAD/packages/platform-node) | `4.0.0-beta.67` | `4.0.0-beta.70` | | [@effect/vitest](https://github.com/Effect-TS/effect/tree/HEAD/packages/vitest) | `4.0.0-beta.43` | `4.0.0-beta.70` | | [@nx/devkit](https://github.com/nrwl/nx/tree/HEAD/packages/devkit) | `22.7.2` | `22.7.4` | | [@swc/core](https://github.com/swc-project/swc/tree/HEAD/packages/core) | `1.15.33` | `1.15.40` | | [@typescript/native-preview](https://github.com/microsoft/typescript-go) | `7.0.0-dev.20260518.1` | `7.0.0-dev.20260526.1` | | [@vitest/coverage-istanbul](https://github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-istanbul) | `4.1.6` | `4.1.7` | | [effect](https://github.com/Effect-TS/effect/tree/HEAD/packages/effect) | `4.0.0-beta.67` | `4.0.0-beta.70` | | [knip](https://github.com/webpro-nl/knip/tree/HEAD/packages/knip) | `6.14.1` | `6.14.2` | | [nx](https://github.com/nrwl/nx/tree/HEAD/packages/nx) | `22.7.2` | `22.7.4` | | [oxfmt](https://github.com/oxc-project/oxc/tree/HEAD/npm/oxfmt) | `0.50.0` | `0.52.0` | | [oxlint](https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint) | `1.65.0` | `1.67.0` | | [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `4.1.6` | `4.1.7` | Updates `verdaccio` from 6.7.1 to 6.7.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/verdaccio/verdaccio/releases">verdaccio's releases</a>.</em></p> <blockquote> <h2>v6.7.2</h2> <h3>Patch Changes</h3> <ul> <li>a89aca1: chore: fix unit test</li> <li>a28cf71: chore: add missing types <a href="https://redirect.github.com/verdaccio/verdaccio/issues/5889">#5889</a> by <a href="https://github.com/mbtools"><code>@mbtools</code></a></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/verdaccio/verdaccio/blob/v6.7.2/CHANGELOG.md">verdaccio's changelog</a>.</em></p> <blockquote> <h2>6.7.2</h2> <h3>Patch Changes</h3> <ul> <li>a89aca1: chore: fix unit test</li> <li>a28cf71: chore: add missing types <a href="https://redirect.github.com/verdaccio/verdaccio/issues/5889">#5889</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/verdaccio/verdaccio/commit/22dba02ff8344f5afee85bd822e8c98900d02871"><code>22dba02</code></a> chore: release 6.x (<a href="https://redirect.github.com/verdaccio/verdaccio/issues/5900">#5900</a>)</li> <li><a href="https://github.com/verdaccio/verdaccio/commit/00bd50c1efa033febfabff7a0309ef28555cb39b"><code>00bd50c</code></a> chore(deps): update yarn to v4.15.0 (<a href="https://redirect.github.com/verdaccio/verdaccio/issues/5904">#5904</a>)</li> <li><a href="https://github.com/verdaccio/verdaccio/commit/a89aca11ac1f9c15c1dc0b039f9803382589ccef"><code>a89aca1</code></a> fix(deps): update core verdaccio dependencies (6.x) (<a href="https://redirect.github.com/verdaccio/verdaccio/issues/5901">#5901</a>)</li> <li><a href="https://github.com/verdaccio/verdaccio/commit/a28cf7178481e6c8368eaf3bdb9b326a9add6269"><code>a28cf71</code></a> chore: add missing types <a href="https://redirect.github.com/verdaccio/verdaccio/issues/5889">#5889</a></li> <li><a href="https://github.com/verdaccio/verdaccio/commit/7292706e815d2ed554010038f278382835acd3a5"><code>7292706</code></a> fix: add types to 6.x changeset publish (<a href="https://redirect.github.com/verdaccio/verdaccio/issues/5895">#5895</a>)</li> <li><a href="https://github.com/verdaccio/verdaccio/commit/41578a31545dcee0b194f8ee7e974ceeea02c3c4"><code>41578a3</code></a> chore: refactor unit test</li> <li><a href="https://github.com/verdaccio/verdaccio/commit/f837c7eac55b792248b9b357d1e03d80b817cd38"><code>f837c7e</code></a> chore: fix npmMinimalAgeGate from .yarnrc.yml</li> <li><a href="https://github.com/verdaccio/verdaccio/commit/7b998023c59f1674a12c9e6ceab4a5f1935d934e"><code>7b99802</code></a> chore: add npmMinimalAgeGate configuration to .yarnrc.yml</li> <li>See full diff in <a href="https://github.com/verdaccio/verdaccio/compare/v6.7.1...v6.7.2">compare view</a></li> </ul> </details> <br /> Updates `@supabase/supabase-js` from 2.105.4 to 2.106.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/supabase/supabase-js/releases">@supabase/supabase-js's releases</a>.</em></p> <blockquote> <h2>v2.106.2</h2> <h2>2.106.2 (2026-05-25)</h2> <h3>🩹 Fixes</h3> <ul> <li><strong>auth:</strong> restore signup user response (<a href="https://redirect.github.com/supabase/supabase-js/pull/2391">#2391</a>)</li> <li><strong>misc:</strong> add react-native export condition for Hermes-safe resolution (<a href="https://redirect.github.com/supabase/supabase-js/pull/2393">#2393</a>)</li> </ul> <h3>❤️ Thank You</h3> <ul> <li>Myroslav Hryhschenko <a href="https://github.com/BLOCKMATERIAL"><code>@BLOCKMATERIAL</code></a></li> <li>Vaibhav <a href="https://github.com/7ttp"><code>@7ttp</code></a></li> </ul> <h2>v2.106.2-canary.1</h2> <h2>2.106.2-canary.1 (2026-05-22)</h2> <p>This was a version bump only, there were no code changes.</p> <h2>v2.106.2-canary.0</h2> <h2>2.106.2-canary.0 (2026-05-22)</h2> <h3>🩹 Fixes</h3> <ul> <li><strong>auth:</strong> restore signup user response (<a href="https://redirect.github.com/supabase/supabase-js/pull/2391">#2391</a>)</li> <li><strong>misc:</strong> add react-native export condition for Hermes-safe resolution (<a href="https://redirect.github.com/supabase/supabase-js/pull/2393">#2393</a>)</li> </ul> <h3>❤️ Thank You</h3> <ul> <li>Myroslav Hryhschenko <a href="https://github.com/BLOCKMATERIAL"><code>@BLOCKMATERIAL</code></a></li> <li>Vaibhav <a href="https://github.com/7ttp"><code>@7ttp</code></a></li> </ul> <h2>v2.106.2-beta.2</h2> <h2>2.106.2-beta.2 (2026-05-22)</h2> <p>This was a version bump only, there were no code changes.</p> <h2>v2.106.2-beta.0</h2> <h2>2.106.2-beta.0 (2026-05-21)</h2> <p>This was a version bump only, there were no code changes.</p> <h2>v2.106.1</h2> <h2>2.106.1 (2026-05-20)</h2> <h3>🩹 Fixes</h3> <ul> <li><strong>auth:</strong> encode client-id in oauth requests (<a href="https://redirect.github.com/supabase/supabase-js/pull/2383">#2383</a>)</li> <li><strong>misc:</strong> hide dynamic import from hermesc (<a href="https://redirect.github.com/supabase/supabase-js/pull/2381">#2381</a>)</li> </ul> <h3>❤️ Thank You</h3>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/supabase/supabase-js/blob/master/packages/core/supabase-js/CHANGELOG.md">@supabase/supabase-js's changelog</a>.</em></p> <blockquote> <h2>2.106.2 (2026-05-25)</h2> <h3>🩹 Fixes</h3> <ul> <li><strong>misc:</strong> add react-native export condition for Hermes-safe resolution (<a href="https://redirect.github.com/supabase/supabase-js/pull/2393">#2393</a>)</li> </ul> <h3>❤️ Thank You</h3> <ul> <li>Myroslav Hryhschenko <a href="https://github.com/BLOCKMATERIAL"><code>@BLOCKMATERIAL</code></a></li> </ul> <h2>2.106.1 (2026-05-20)</h2> <h3>🩹 Fixes</h3> <ul> <li><strong>misc:</strong> hide dynamic import from hermesc (<a href="https://redirect.github.com/supabase/supabase-js/pull/2381">#2381</a>)</li> </ul> <h3>❤️ Thank You</h3> <ul> <li>Katerina Skroumpelou <a href="https://github.com/mandarini"><code>@mandarini</code></a></li> </ul> <h2>2.106.0 (2026-05-18)</h2> <h3>🚀 Features</h3> <ul> <li><strong>supabase:</strong> W3C/OpenTelemetry trace context propagation (<a href="https://redirect.github.com/supabase/supabase-js/pull/2163">#2163</a>)</li> </ul> <h3>🩹 Fixes</h3> <ul> <li><strong>release:</strong> mark <code>@supabase/tracing</code> private and snapshot it for JSR (<a href="https://redirect.github.com/supabase/supabase-js/pull/2370">#2370</a>)</li> </ul> <h3>❤️ Thank You</h3> <ul> <li>Claude Sonnet 4.5</li> <li>Guilherme Souza</li> <li>Katerina Skroumpelou <a href="https://github.com/mandarini"><code>@mandarini</code></a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/supabase/supabase-js/commit/a5f09cf9a0a8c2744464a8505333ab3136e3f290"><code>a5f09cf</code></a> chore(repo): adopt pnpm catalog and clean up devDeps (<a href="https://github.com/supabase/supabase-js/tree/HEAD/packages/core/supabase-js/issues/2389">#2389</a>)</li> <li><a href="https://github.com/supabase/supabase-js/commit/c72cc5608764b8d15f58e6ce8cfc6867ebead1be"><code>c72cc56</code></a> fix(misc): add react-native export condition for Hermes-safe resolution (<a href="https://github.com/supabase/supabase-js/tree/HEAD/packages/core/supabase-js/issues/2393">#2393</a>)</li> <li><a href="https://github.com/supabase/supabase-js/commit/a7bdb236041d5a3061be856fd9e00b45d9b62f54"><code>a7bdb23</code></a> docs(supabase): expand tracePropagation tsdoc with examples (<a href="https://github.com/supabase/supabase-js/tree/HEAD/packages/core/supabase-js/issues/2388">#2388</a>)</li> <li><a href="https://github.com/supabase/supabase-js/commit/f4c149c70f0f2c4203edf47fb173cb135c59b2be"><code>f4c149c</code></a> chore(release): version 2.106.1 changelogs (<a href="https://github.com/supabase/supabase-js/tree/HEAD/packages/core/supabase-js/issues/2384">#2384</a>)</li> <li><a href="https://github.com/supabase/supabase-js/commit/3f9628af627804fbfb1a7fc7a2b5f929856a1b52"><code>3f9628a</code></a> fix(misc): hide dynamic import from hermesc (<a href="https://github.com/supabase/supabase-js/tree/HEAD/packages/core/supabase-js/issues/2381">#2381</a>)</li> <li><a href="https://github.com/supabase/supabase-js/commit/1761a621ebcd40f7bbbf4bb95d7bf4e256b250c0"><code>1761a62</code></a> chore(release): version 2.106.0 changelogs (<a href="https://github.com/supabase/supabase-js/tree/HEAD/packages/core/supabase-js/issues/2379">#2379</a>)</li> <li><a href="https://github.com/supabase/supabase-js/commit/1c48755657c5f7aac5e4a7abf3f68f27efc0c746"><code>1c48755</code></a> chore(deps): cleanups and updates (<a href="https://github.com/supabase/supabase-js/tree/HEAD/packages/core/supabase-js/issues/2371">#2371</a>)</li> <li><a href="https://github.com/supabase/supabase-js/commit/9dfba1c3d98c2c41c60f940a211950dfd3924e01"><code>9dfba1c</code></a> chore(repo): migrate to pnpm (<a href="https://github.com/supabase/supabase-js/tree/HEAD/packages/core/supabase-js/issues/2368">#2368</a>)</li> <li><a href="https://github.com/supabase/supabase-js/commit/6731c4a900135ecbb14420bb3f3fe39196a0a9db"><code>6731c4a</code></a> fix(release): mark <code>@supabase/tracing</code> private and snapshot it for JSR (<a href="https://github.com/supabase/supabase-js/tree/HEAD/packages/core/supabase-js/issues/2370">#2370</a>)</li> <li><a href="https://github.com/supabase/supabase-js/commit/2fe1801fd5e9e03dd22308bcb98854429f634dd4"><code>2fe1801</code></a> feat(supabase): W3C/OpenTelemetry trace context propagation (<a href="https://github.com/supabase/supabase-js/tree/HEAD/packages/core/supabase-js/issues/2163">#2163</a>)</li> <li>Additional commits viewable in <a href="https://github.com/supabase/supabase-js/commits/v2.106.2/packages/core/supabase-js">compare view</a></li> </ul> </details> <br /> Updates `@types/react` from 19.2.14 to 19.2.15 <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react">compare view</a></li> </ul> </details> <br /> Updates `ink` from 7.0.3 to 7.0.4 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vadimdemedes/ink/releases">ink's releases</a>.</em></p> <blockquote> <h2>v7.0.4</h2> <ul> <li>Fix: Share resize listener via <code>emitLayoutListeners</code> instead of per-hook listeners (<a href="https://redirect.github.com/vadimdemedes/ink/issues/952">#952</a>) 89d43d8</li> <li>Fix: Remove <code>useEffectEvent</code> functions from <code>useEffect</code> dependency arrays (<a href="https://redirect.github.com/vadimdemedes/ink/issues/960">#960</a>) 9d534f7</li> </ul> <hr /> <p><a href="https://github.com/vadimdemedes/ink/compare/v7.0.3...v7.0.4">https://github.com/vadimdemedes/ink/compare/v7.0.3...v7.0.4</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vadimdemedes/ink/commit/40b3a7578811fd616341ca4e31cc7748aeeff12f"><code>40b3a75</code></a> 7.0.4</li> <li><a href="https://github.com/vadimdemedes/ink/commit/89d43d8f1b0101d5e1fc2728e8aa336b39972a3e"><code>89d43d8</code></a> Fix: Share resize listener via <code>emitLayoutListeners</code> instead of per-hook list...</li> <li><a href="https://github.com/vadimdemedes/ink/commit/9d534f772ca81f7a9c796289f3e1c148a8f04aeb"><code>9d534f7</code></a> Fix: Remove <code>useEffectEvent</code> functions from <code>useEffect</code> dependency arrays (<a href="https://redirect.github.com/vadimdemedes/ink/issues/960">#960</a>)</li> <li>See full diff in <a href="https://github.com/vadimdemedes/ink/compare/v7.0.3...v7.0.4">compare view</a></li> </ul> </details> <br /> Updates `posthog-node` from 5.34.3 to 5.35.4 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/PostHog/posthog-js/releases">posthog-node's releases</a>.</em></p> <blockquote> <h2>posthog-node@5.35.4</h2> <h2>5.35.4</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies []: <ul> <li><code>@posthog/core</code><a href="https://github.com/1"><code>@1</code></a>.29.11</li> </ul> </li> </ul> <h2>posthog-node@5.35.3</h2> <h2>5.35.3</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies [<a href="https://github.com/PostHog/posthog-js/commit/5568f12f46b4ebb7539f261edddda2f695ba03a2"><code>5568f12</code></a>]: <ul> <li><code>@posthog/core</code><a href="https://github.com/1"><code>@1</code></a>.29.10</li> </ul> </li> </ul> <h2>posthog-node@5.35.2</h2> <h2>5.35.2</h2> <h3>Patch Changes</h3> <ul> <li><a href="https://redirect.github.com/PostHog/posthog-js/pull/3658">#3658</a> <a href="https://github.com/PostHog/posthog-js/commit/5d7a2d336befb9c2b7be9ff1961d674623d33901"><code>5d7a2d3</code></a> Thanks <a href="https://github.com/gustavohstrassburger"><code>@gustavohstrassburger</code></a>! - Include group context in the $feature_flag_called deduplication key in _captureFlagCalledEventIfNeeded, so events fire independently per group combination. (2026-05-25)</li> </ul> <h2>posthog-node@5.35.1</h2> <h2>5.35.1</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies [<a href="https://github.com/PostHog/posthog-js/commit/c806ccafdcc39b38e9554f8a17a8c2fbd3361dda"><code>c806cca</code></a>]: <ul> <li><code>@posthog/core</code><a href="https://github.com/1"><code>@1</code></a>.29.9</li> </ul> </li> </ul> <h2>posthog-node@5.35.0</h2> <h2>5.35.0</h2> <h3>Minor Changes</h3> <ul> <li><a href="https://redirect.github.com/PostHog/posthog-js/pull/3642">#3642</a> <a href="https://github.com/PostHog/posthog-js/commit/18ea8b53f608607075c93bc18b29be8dfd41eb3f"><code>18ea8b5</code></a> Thanks <a href="https://github.com/dustinbyrne"><code>@dustinbyrne</code></a>! - Promote feature flag definition cache provider types to the main <code>posthog-node</code> export and deprecate <code>posthog-node/experimental</code> imports. (2026-05-21)</li> </ul> <h3>Patch Changes</h3> <ul> <li>Updated dependencies []: <ul> <li><code>@posthog/core</code><a href="https://github.com/1"><code>@1</code></a>.29.8</li> </ul> </li> </ul> <h2>posthog-node@5.34.10</h2> <h2>5.34.10</h2> <h3>Patch Changes</h3>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/PostHog/posthog-js/blob/main/packages/node/CHANGELOG.md">posthog-node's changelog</a>.</em></p> <blockquote> <h2>5.35.4</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies []: <ul> <li><code>@posthog/core</code><a href="https://github.com/1"><code>@1</code></a>.29.11</li> </ul> </li> </ul> <h2>5.35.3</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies [<a href="https://github.com/PostHog/posthog-js/commit/5568f12f46b4ebb7539f261edddda2f695ba03a2"><code>5568f12</code></a>]: <ul> <li><code>@posthog/core</code><a href="https://github.com/1"><code>@1</code></a>.29.10</li> </ul> </li> </ul> <h2>5.35.2</h2> <h3>Patch Changes</h3> <ul> <li><a href="https://redirect.github.com/PostHog/posthog-js/pull/3658">#3658</a> <a href="https://github.com/PostHog/posthog-js/commit/5d7a2d336befb9c2b7be9ff1961d674623d33901"><code>5d7a2d3</code></a> Thanks <a href="https://github.com/gustavohstrassburger"><code>@gustavohstrassburger</code></a>! - Include group context in the $feature_flag_called deduplication key in _captureFlagCalledEventIfNeeded, so events fire independently per group combination. (2026-05-25)</li> </ul> <h2>5.35.1</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies [<a href="https://github.com/PostHog/posthog-js/commit/c806ccafdcc39b38e9554f8a17a8c2fbd3361dda"><code>c806cca</code></a>]: <ul> <li><code>@posthog/core</code><a href="https://github.com/1"><code>@1</code></a>.29.9</li> </ul> </li> </ul> <h2>5.35.0</h2> <h3>Minor Changes</h3> <ul> <li><a href="https://redirect.github.com/PostHog/posthog-js/pull/3642">#3642</a> <a href="https://github.com/PostHog/posthog-js/commit/18ea8b53f608607075c93bc18b29be8dfd41eb3f"><code>18ea8b5</code></a> Thanks <a href="https://github.com/dustinbyrne"><code>@dustinbyrne</code></a>! - Promote feature flag definition cache provider types to the main <code>posthog-node</code> export and deprecate <code>posthog-node/experimental</code> imports. (2026-05-21)</li> </ul> <h3>Patch Changes</h3> <ul> <li>Updated dependencies []: <ul> <li><code>@posthog/core</code><a href="https://github.com/1"><code>@1</code></a>.29.8</li> </ul> </li> </ul> <h2>5.34.10</h2> <h3>Patch Changes</h3> <ul> <li><a href="https://redirect.github.com/PostHog/posthog-js/pull/3643">#3643</a> <a href="https://github.com/PostHog/posthog-js/commit/f42f3710f8e8788ecffce742face8ad34db3ef1c"><code>f42f371</code></a> Thanks <a href="https://github.com/dmarticus"><code>@dmarticus</code></a>! - Reject semver values with leading zeros in local flag evaluation. Per semver 2.0.0 §2, numeric identifiers must not include leading zeros — values like <code>1.07.3</code> are not valid semver and should not match targeting conditions. Both override values and flag values are now validated; invalid inputs surface as <code>InconclusiveMatchError</code> so the condition does not match. (2026-05-21)</li> </ul> <h2>5.34.9</h2> <h3>Patch Changes</h3>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/PostHog/posthog-js/commit/e5a89ac32b7116f701a9e8e05bfb8361a3d8cee9"><code>e5a89ac</code></a> chore: update versions and lockfile [version bump]</li> <li><a href="https://github.com/PostHog/posthog-js/commit/55b3c42160838974e6bc4d81417c15871bd7bd07"><code>55b3c42</code></a> chore: update versions and lockfile [version bump]</li> <li><a href="https://github.com/PostHog/posthog-js/commit/1d0daf0a5c2721c0a6c600e12cb27474cfa74cc9"><code>1d0daf0</code></a> chore: update versions and lockfile [version bump]</li> <li><a href="https://github.com/PostHog/posthog-js/commit/5d7a2d336befb9c2b7be9ff1961d674623d33901"><code>5d7a2d3</code></a> fix(node): fire separate $feature_flag_called events per group context (<a href="https://github.com/PostHog/posthog-js/tree/HEAD/packages/node/issues/3658">#3658</a>)</li> <li><a href="https://github.com/PostHog/posthog-js/commit/3d41c1d9dd4cecd928e5ec5b37ec16256bc95352"><code>3d41c1d</code></a> chore: update versions and lockfile [version bump]</li> <li><a href="https://github.com/PostHog/posthog-js/commit/a05405d0ec67988715cb31634730f95729f3f27d"><code>a05405d</code></a> chore: update versions and lockfile [version bump]</li> <li><a href="https://github.com/PostHog/posthog-js/commit/18ea8b53f608607075c93bc18b29be8dfd41eb3f"><code>18ea8b5</code></a> feat(node): promote flag definition cache provider types (<a href="https://github.com/PostHog/posthog-js/tree/HEAD/packages/node/issues/3642">#3642</a>)</li> <li><a href="https://github.com/PostHog/posthog-js/commit/1fcb5aec4e578432c4e4d8df6ea2c7132b5c0c4a"><code>1fcb5ae</code></a> chore: update versions and lockfile [version bump]</li> <li><a href="https://github.com/PostHog/posthog-js/commit/f42f3710f8e8788ecffce742face8ad34db3ef1c"><code>f42f371</code></a> fix(node): reject leading-zero semver values in local evaluation (<a href="https://github.com/PostHog/posthog-js/tree/HEAD/packages/node/issues/3643">#3643</a>)</li> <li><a href="https://github.com/PostHog/posthog-js/commit/2f46fe6b91e34ec2d8a16af60bfdac7d718193bf"><code>2f46fe6</code></a> chore: update versions and lockfile [version bump]</li> <li>Additional commits viewable in <a href="https://github.com/PostHog/posthog-js/commits/posthog-node@5.35.4/packages/node">compare view</a></li> </ul> </details> <br /> Updates `semantic-release` from 24.2.9 to 25.0.3 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/semantic-release/semantic-release/releases">semantic-release's releases</a>.</em></p> <blockquote> <h2>v25.0.3</h2> <h2><a href="https://github.com/semantic-release/semantic-release/compare/v25.0.2...v25.0.3">25.0.3</a> (2026-01-30)</h2> <h3>Bug Fixes</h3> <ul> <li><strong>deps:</strong> remove deprecated semver-diff (<a href="https://redirect.github.com/semantic-release/semantic-release/issues/3980">#3980</a>) (<a href="https://github.com/semantic-release/semantic-release/commit/f4041244addfdea14558cbb11cc7211fb797943f">f404124</a>)</li> </ul> <h2>v25.0.2</h2> <h2><a href="https://github.com/semantic-release/semantic-release/compare/v25.0.1...v25.0.2">25.0.2</a> (2025-11-07)</h2> <h3>Bug Fixes</h3> <ul> <li><strong>deps:</strong> update dependency read-package-up to v12 (<a href="https://redirect.github.com/semantic-release/semantic-release/issues/3935">#3935</a>) (<a href="https://github.com/semantic-release/semantic-release/commit/1494cb99a957c3be8cd5e02b13ebe21155c83e10">1494cb9</a>)</li> </ul> <h2>v25.0.1</h2> <h2><a href="https://github.com/semantic-release/semantic-release/compare/v25.0.0...v25.0.1">25.0.1</a> (2025-10-19)</h2> <h3>Bug Fixes</h3> <ul> <li><strong>deps:</strong> update to the latest version of the npm plugin to add trusted publishing support (<a href="https://github.com/semantic-release/semantic-release/commit/fad173e5fc767c8193027e77bb04b1103eebdcd3">fad173e</a>), closes <a href="https://redirect.github.com/semantic-release/npm/issues/958">semantic-release/npm#958</a></li> </ul> <h2>v25.0.1-beta.3</h2> <h2><a href="https://github.com/semantic-release/semantic-release/compare/v25.0.1-beta.2...v25.0.1-beta.3">25.0.1-beta.3</a> (2025-10-19)</h2> <h3>Bug Fixes</h3> <ul> <li><strong>deps:</strong> update to latest npm plugin (<a href="https://github.com/semantic-release/semantic-release/commit/a96aced2e8cd75c576be40ac0e5952f9fc0245fb">a96aced</a>)</li> </ul> <h2>v25.0.1-beta.2</h2> <h2><a href="https://github.com/semantic-release/semantic-release/compare/v25.0.1-beta.1...v25.0.1-beta.2">25.0.1-beta.2</a> (2025-10-19)</h2> <h3>Bug Fixes</h3> <ul> <li><strong>deps:</strong> update to the stable version of the npm plugin to add trusted publishing support (<a href="https://github.com/semantic-release/semantic-release/commit/fad173e5fc767c8193027e77bb04b1103eebdcd3">fad173e</a>), closes <a href="https://redirect.github.com/semantic-release/npm/issues/958">semantic-release/npm#958</a></li> </ul> <h2>v25.0.1-beta.1</h2> <h2><a href="https://github.com/semantic-release/semantic-release/compare/v25.0.0...v25.0.1-beta.1">25.0.1-beta.1</a> (2025-10-16)</h2> <h3>Bug Fixes</h3> <ul> <li><strong>deps:</strong> update to the beta of the npm plugin (<a href="https://github.com/semantic-release/semantic-release/commit/c7707480184a294917543f25c1e98dcc160d61b9">c770748</a>), closes <a href="https://redirect.github.com/semantic-release/npm/issues/958">semantic-release/npm#958</a></li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/semantic-release/semantic-release/commit/f4041244addfdea14558cbb11cc7211fb797943f"><code>f404124</code></a> fix(deps): remove deprecated semver-diff (<a href="https://redirect.github.com/semantic-release/semantic-release/issues/3980">#3980</a>)</li> <li><a href="https://github.com/semantic-release/semantic-release/commit/fef7e34be9c2db3eed64441e12c5995f14730bb9"><code>fef7e34</code></a> docs: warn against using registry-url in setup-node (<a href="https://redirect.github.com/semantic-release/semantic-release/issues/4024">#4024</a>)</li> <li><a href="https://github.com/semantic-release/semantic-release/commit/699d4708e56486b8872056b010eae97ac50a88ad"><code>699d470</code></a> chore(deps): update dependency lockfile-lint to v5 (<a href="https://redirect.github.com/semantic-release/semantic-release/issues/4022">#4022</a>)</li> <li><a href="https://github.com/semantic-release/semantic-release/commit/c7c6f7ab7546ef0ff05a8269ef9f512b89861bb8"><code>c7c6f7a</code></a> chore(deps): update dependency tempy to v3.1.2 (<a href="https://redirect.github.com/semantic-release/semantic-release/issues/4021">#4021</a>)</li> <li><a href="https://github.com/semantic-release/semantic-release/commit/1ce5088534ab98995a6574e3a4c8bac07134015c"><code>1ce5088</code></a> ci(action): update github/codeql-action action to v4.32.0 (<a href="https://redirect.github.com/semantic-release/semantic-release/issues/4019">#4019</a>)</li> <li><a href="https://github.com/semantic-release/semantic-release/commit/9bb0d8735ae741c0b891becdae24a7de9c741739"><code>9bb0d87</code></a> chore(deps): lock file maintenance (<a href="https://redirect.github.com/semantic-release/semantic-release/issues/4016">#4016</a>)</li> <li><a href="https://github.com/semantic-release/semantic-release/commit/490171c060a817b880d520fc9228c5077b008c62"><code>490171c</code></a> chore(deps): update npm to v11.8.0 (<a href="https://redirect.github.com/semantic-release/semantic-release/issues/4015">#4015</a>)</li> <li><a href="https://github.com/semantic-release/semantic-release/commit/f6411e9a20916aca2a13b330163500b13dc48d13"><code>f6411e9</code></a> chore(deps): update dependency prettier to v3.8.1 (<a href="https://redirect.github.com/semantic-release/semantic-release/issues/4014">#4014</a>)</li> <li><a href="https://github.com/semantic-release/semantic-release/commit/c71c576060c90ca1bdff473b4dc89c88e90f0101"><code>c71c576</code></a> chore(deps): update dependency publint to v0.3.17 (<a href="https://redirect.github.com/semantic-release/semantic-release/issues/4013">#4013</a>)</li> <li><a href="https://github.com/semantic-release/semantic-release/commit/989e18c6c0ffea500c2fe789a9f42ac6f488dc50"><code>989e18c</code></a> chore(deps): update dependency tempy to v3.1.1 (<a href="https://redirect.github.com/semantic-release/semantic-release/issues/4012">#4012</a>)</li> <li>Additional commits viewable in <a href="https://github.com/semantic-release/semantic-release/compare/v24.2.9...v25.0.3">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~GitHub%20Actions">GitHub Actions</a>, a new releaser for semantic-release since your current version.</p> </details> <br /> Updates `fumadocs-core` from 16.8.11 to 16.9.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/fuma-nama/fumadocs/releases">fumadocs-core's releases</a>.</em></p> <blockquote> <h2>fumadocs-core@16.9.1</h2> <h3>Patch Changes</h3> <ul> <li>e77b9b3: Introduce <code>pagesIndex</code> property to explicitly define the index page for folder</li> <li>334c8fd: [i18n] support different orders of <code>preset()</code> calls</li> </ul> <h2>fumadocs-core@16.8.12</h2> <h3>Patch Changes</h3> <ul> <li>768b676: Standardize <code>structuredData</code> in page data</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/fuma-nama/fumadocs/commit/4aa30828a14af31d5dc31fcccf0419159badaf39"><code>4aa3082</code></a> Merge pull request <a href="https://redirect.github.com/fuma-nama/fumadocs/issues/3301">#3301</a> from fuma-nama/changeset-release/dev</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/e77b9b3dea6e6071b72ab558382b046d7f78e10b"><code>e77b9b3</code></a> feat(core): Introduce <code>pagesIndex</code> property to explicitly define the index pa...</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/dca5b4992926dcde9f204490a28799bb9b6f8a8c"><code>dca5b49</code></a> fix(mdx): fix compatibility with <code>?raw</code> query string</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/334c8fd19014eeae36cafb38ce8794818ce95083"><code>334c8fd</code></a> feat(core): support different orders of <code>preset()</code> calls</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/bbf936c0203869affd855293f1a44850c8b90620"><code>bbf936c</code></a> docs: introduce i18n support for story</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/07a06b41a7b00c31b909adca8011217dbecdae5a"><code>07a06b4</code></a> chore: use Waku for stackblitz example</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/97c9ad305e8a61576b25b724e56272f7b85bee73"><code>97c9ad3</code></a> Version Packages</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/da4d897c8d9357d574eebdc1fa9ac92e382ad9a0"><code>da4d897</code></a> fix CI</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/5a5e5c8a504f3673ee5174c347f8cf2226ce6d13"><code>5a5e5c8</code></a> add separate example for demo</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/e4710be8663c7f1695a30efbf6f42e8a2cbf7fec"><code>e4710be</code></a> Docs: introduce new i18n API</li> <li>Additional commits viewable in <a href="https://github.com/fuma-nama/fumadocs/compare/fumadocs-core@16.8.11...fumadocs-core@16.9.1">compare view</a></li> </ul> </details> <br /> Updates `fumadocs-mdx` from 15.0.6 to 15.0.8 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/fuma-nama/fumadocs/releases">fumadocs-mdx's releases</a>.</em></p> <blockquote> <h2>fumadocs-mdx@15.0.8</h2> <h3>Patch Changes</h3> <ul> <li>dca5b49: Fix compatibility with <code>?raw</code> query string</li> <li>Updated dependencies [e77b9b3]</li> <li>Updated dependencies [334c8fd] <ul> <li>fumadocs-core@16.9.1</li> </ul> </li> </ul> <h2>fumadocs-mdx@15.0.7</h2> <h3>Patch Changes</h3> <ul> <li>768b676: Standardize <code>structuredData</code> in page data</li> <li>Updated dependencies [768b676] <ul> <li>fumadocs-core@16.8.12</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/fuma-nama/fumadocs/commit/4aa30828a14af31d5dc31fcccf0419159badaf39"><code>4aa3082</code></a> Merge pull request <a href="https://redirect.github.com/fuma-nama/fumadocs/issues/3301">#3301</a> from fuma-nama/changeset-release/dev</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/e77b9b3dea6e6071b72ab558382b046d7f78e10b"><code>e77b9b3</code></a> feat(core): Introduce <code>pagesIndex</code> property to explicitly define the index pa...</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/dca5b4992926dcde9f204490a28799bb9b6f8a8c"><code>dca5b49</code></a> fix(mdx): fix compatibility with <code>?raw</code> query string</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/334c8fd19014eeae36cafb38ce8794818ce95083"><code>334c8fd</code></a> feat(core): support different orders of <code>preset()</code> calls</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/bbf936c0203869affd855293f1a44850c8b90620"><code>bbf936c</code></a> docs: introduce i18n support for story</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/07a06b41a7b00c31b909adca8011217dbecdae5a"><code>07a06b4</code></a> chore: use Waku for stackblitz example</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/97c9ad305e8a61576b25b724e56272f7b85bee73"><code>97c9ad3</code></a> Version Packages</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/da4d897c8d9357d574eebdc1fa9ac92e382ad9a0"><code>da4d897</code></a> fix CI</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/5a5e5c8a504f3673ee5174c347f8cf2226ce6d13"><code>5a5e5c8</code></a> add separate example for demo</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/e4710be8663c7f1695a30efbf6f42e8a2cbf7fec"><code>e4710be</code></a> Docs: introduce new i18n API</li> <li>Additional commits viewable in <a href="https://github.com/fuma-nama/fumadocs/compare/fumadocs-mdx@15.0.6...fumadocs-mdx@15.0.8">compare view</a></li> </ul> </details> <br /> Updates `fumadocs-ui` from 16.8.11 to 16.9.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/fuma-nama/fumadocs/releases">fumadocs-ui's releases</a>.</em></p> <blockquote> <h2>fumadocs-ui@16.9.1</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies [e77b9b3]</li> <li>Updated dependencies [334c8fd] <ul> <li>fumadocs-core@16.9.1</li> </ul> </li> </ul> <h2>fumadocs-ui@16.8.12</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies [768b676] <ul> <li>fumadocs-core@16.8.12</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/fuma-nama/fumadocs/commit/4aa30828a14af31d5dc31fcccf0419159badaf39"><code>4aa3082</code></a> Merge pull request <a href="https://redirect.github.com/fuma-nama/fumadocs/issues/3301">#3301</a> from fuma-nama/changeset-release/dev</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/e77b9b3dea6e6071b72ab558382b046d7f78e10b"><code>e77b9b3</code></a> feat(core): Introduce <code>pagesIndex</code> property to explicitly define the index pa...</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/dca5b4992926dcde9f204490a28799bb9b6f8a8c"><code>dca5b49</code></a> fix(mdx): fix compatibility with <code>?raw</code> query string</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/334c8fd19014eeae36cafb38ce8794818ce95083"><code>334c8fd</code></a> feat(core): support different orders of <code>preset()</code> calls</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/bbf936c0203869affd855293f1a44850c8b90620"><code>bbf936c</code></a> docs: introduce i18n support for story</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/07a06b41a7b00c31b909adca8011217dbecdae5a"><code>07a06b4</code></a> chore: use Waku for stackblitz example</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/97c9ad305e8a61576b25b724e56272f7b85bee73"><code>97c9ad3</code></a> Version Packages</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/da4d897c8d9357d574eebdc1fa9ac92e382ad9a0"><code>da4d897</code></a> fix CI</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/5a5e5c8a504f3673ee5174c347f8cf2226ce6d13"><code>5a5e5c8</code></a> add separate example for demo</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/e4710be8663c7f1695a30efbf6f42e8a2cbf7fec"><code>e4710be</code></a> Docs: introduce new i18n API</li> <li>Additional commits viewable in <a href="https://github.com/fuma-nama/fumadocs/compare/fumadocs-ui@16.8.11...fumadocs-ui@16.9.1">compare view</a></li> </ul> </details> <br /> Updates `@types/node` from 25.8.0 to 25.9.1 <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node">compare view</a></li> </ul> </details> <br /> Updates `@effect/atom-react` from 4.0.0-beta.67 to 4.0.0-beta.70 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/Effect-TS/effect-smol/releases">@effect/atom-react's releases</a>.</em></p> <blockquote> <h2><code>@effect/atom-react</code><a href="https://github.com/4"><code>@4</code></a>.0.0-beta.70</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies [<a href="https://github.com/Effect-TS/effect-smol/commit/af7782d3008d08b043f3a3f261516001514b2b4e"><code>af7782d</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/7212d701a3eee7b3553ff502e2c066126e52e839"><code>7212d70</code></a>]: <ul> <li>effect@4.0.0-beta.70</li> </ul> </li> </ul> <h2><code>@effect/atom-react</code><a href="https://github.com/4"><code>@4</code></a>.0.0-beta.69</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies [<a href="https://github.com/Effect-TS/effect-smol/commit/70ea04aa96a2a7859d738d414e1f0e3ed081a27a"><code>70ea04a</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/d0ea8b03f7d73ae076c1db12666141e480d11178"><code>d0ea8b0</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/a57674b64845e9e75a456cf907bfdcb858859118"><code>a57674b</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/59aa334fbd0a504dda3c36f6d2ef1be7449b4b8b"><code>59aa334</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/8f4208ee83bc7bdaa6793b5429847b45aab72470"><code>8f4208e</code></a>]: <ul> <li>effect@4.0.0-beta.69</li> </ul> </li> </ul> <h2><code>@effect/atom-react</code><a href="https://github.com/4"><code>@4</code></a>.0.0-beta.68</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies [<a href="https://github.com/Effect-TS/effect-smol/commit/af8267f2f3588c3fb611e9286f6f933f29ce1217"><code>af8267f</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/0176eaf3ecd7c1b99a10268f2af02d7e8ce161e5"><code>0176eaf</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/0176eaf3ecd7c1b99a10268f2af02d7e8ce161e5"><code>0176eaf</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/f136bb763048cbc6b17edd26496dba3e2415b9fa"><code>f136bb7</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/6f38f07d5941a211b251383aaab0f4f55e8a6557"><code>6f38f07</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/aec9c401a53db227f18bf5e0c84db7130ad862d6"><code>aec9c40</code></a>]: <ul> <li>effect@4.0.0-beta.68</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/Effect-TS/effect-smol/blob/main/packages/atom/react/CHANGELOG.md">@effect/atom-react's changelog</a>.</em></p> <blockquote> <h2>4.0.0-beta.70</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies [<a href="https://github.com/Effect-TS/effect-smol/commit/af7782d3008d08b043f3a3f261516001514b2b4e"><code>af7782d</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/7212d701a3eee7b3553ff502e2c066126e52e839"><code>7212d70</code></a>]: <ul> <li>effect@4.0.0-beta.70</li> </ul> </li> </ul> <h2>4.0.0-beta.69</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies [<a href="https://github.com/Effect-TS/effect-smol/commit/70ea04aa96a2a7859d738d414e1f0e3ed081a27a"><code>70ea04a</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/d0ea8b03f7d73ae076c1db12666141e480d11178"><code>d0ea8b0</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/a57674b64845e9e75a456cf907bfdcb858859118"><code>a57674b</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/59aa334fbd0a504dda3c36f6d2ef1be7449b4b8b"><code>59aa334</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/8f4208ee83bc7bdaa6793b5429847b45aab72470"><code>8f4208e</code></a>]: <ul> <li>effect@4.0.0-beta.69</li> </ul> </li> </ul> <h2>4.0.0-beta.68</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies [<a href="https://github.com/Effect-TS/effect-smol/commit/af8267f2f3588c3fb611e9286f6f933f29ce1217"><code>af8267f</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/0176eaf3ecd7c1b99a10268f2af02d7e8ce161e5"><code>0176eaf</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/0176eaf3ecd7c1b99a10268f2af02d7e8ce161e5"><code>0176eaf</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/f136bb763048cbc6b17edd26496dba3e2415b9fa"><code>f136bb7</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/6f38f07d5941a211b251383aaab0f4f55e8a6557"><code>6f38f07</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/aec9c401a53db227f18bf5e0c84db7130ad862d6"><code>aec9c40</code></a>]: <ul> <li>effect@4.0.0-beta.68</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/Effect-TS/effect-smol/commit/440505f845a7c207b8e98e3260f0bdf1690ac1c7"><code>440505f</code></a> Version Packages (beta) (<a href="https://github.com/Effect-TS/effect-smol/tree/HEAD/packages/atom/react/issues/2243">#2243</a>)</li> <li><a href="https://github.com/Effect-TS/effect-smol/commit/5805569ef5ac47db49924fa34abf03fbdc1675f3"><code>5805569</code></a> Improve jsdocs and add related skill (<a href="https://github.com/Effect-TS/effect-smol/tree/HEAD/packages/atom/react/issues/2235">#2235</a>)</li> <li><a href="https://github.com/Effect-TS/effect-smol/commit/6bc1aa829f5c00d0df67a2cff43c01b320092559"><code>6bc1aa8</code></a> Version Packages (beta) (<a href="https://github.com/Effect-TS/effect-smol/tree/HEAD/packages/atom/react/issues/2233">#2233</a>)</li> <li><a href="https://github.com/Effect-TS/effect-smol/commit/0f8d9b94585894757f1e301cbcb5816a8747ed88"><code>0f8d9b9</code></a> Version Packages (beta) (<a href="https://github.com/Effect-TS/effect-smol/tree/HEAD/packages/atom/react/issues/2208">#2208</a>)</li> <li><a href="https://github.com/Effect-TS/effect-smol/commit/4a59ec943ee01c1f811c4c1e9643c4f9659badc1"><code>4a59ec9</code></a> docs: standardize JSDoc example imports (<a href="https://github.com/Effect-TS/effect-smol/tree/HEAD/packages/atom/react/issues/2214">#2214</a>)</li> <li><a href="https://github.com/Effect-TS/effect-smol/commit/45ffb3274538743b17e3142e0747963c553a7952"><code>45ffb32</code></a> docs: normalize JSDoc category tags (<a href="https://github.com/Effect-TS/effect-smol/tree/HEAD/packages/atom/react/issues/2211">#2211</a>)</li> <li>See full diff in <a href="https://github.com/Effect-TS/effect-smol/commits/@effect/atom-react@4.0.0-beta.70/packages/atom/react">compare view</a></li> </ul> </details> <br /> Updates `@effect/platform-bun` from 4.0.0-beta.67 to 4.0.0-beta.70 <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/Effect-TS/effect/commits/HEAD/packages/platform-bun">compare view</a></li> </ul> </details> <br /> Updates `@effect/platform-node` from 4.0.0-beta.67 to 4.0.0-beta.70 <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/Effect-TS/effect/commits/HEAD/packages/platform-node">compare view</a></li> </ul> </details> <br /> Updates `@effect/vitest` from 4.0.0-beta.43 to 4.0.0-beta.70 <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/Effect-TS/effect/commits/HEAD/packages/vitest">compare view</a></li> </ul> </details> <br /> Updates `@nx/devkit` from 22.7.2 to 22.7.4 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/nrwl/nx/releases">@nx/devkit's releases</a>.</em></p> <blockquote> <h2>22.7.4 (2026-05-25)</h2> <h3>🩹 Fixes</h3> <ul> <li><strong>core:</strong> update brace-expansion and yaml (<a href="https://redirect.github.com/nrwl/nx/pull/35790">#35790</a>)</li> </ul> <h3>❤️ Thank You</h3> <ul> <li>Jack Hsu <a href="https://github.com/jaysoo"><code>@jaysoo</code></a></li> </ul> <h2>22.7.3 (2026-05-22)</h2> <h3>🚀 Features</h3> <ul> <li><strong>js:</strong> support pnpm 11.2.2 (<a href="https://redirect.github.com/nrwl/nx/pull/35772">#35772</a>)</li> </ul> <h3>🩹 Fixes</h3> <ul> <li><strong>angular:</strong> only add <code>@oxc-project/runtime</code> on the vitest-analog path (<a href="https://redirect.github.com/nrwl/nx/pull/35734">#35734</a>)</li> <li><strong>angular-rspack:</strong> exclude eslint config from tailwind v4 source scan (<a href="https://redirect.github.com/nrwl/nx/pull/35663">#35663</a>)</li> <li><strong>core:</strong> warn before installing unknown npm packages as preset (<a href="https://redirect.github.com/nrwl/nx/pull/35644">#35644</a>)</li> <li><strong>core:</strong> preserve input order in createNodes plugin results (<a href="https://redirect.github.com/nrwl/nx/pull/35595">#35595</a>)</li> <li><strong>core:</strong> resolve local plugin subpath imports from source (<a href="https://redirect.github.com/nrwl/nx/pull/35631">#35631</a>)</li> <li><strong>core:</strong> treat undefined task parallelism as parallel when scheduling (<a href="https://redirect.github.com/nrwl/nx/pull/35736">#35736</a>)</li> <li><strong>core:</strong> handle object form of bin field in getPrettierPath (<a href="https://redirect.github.com/nrwl/nx/pull/35680">#35680</a>)</li> <li><strong>core:</strong> detect vscode copilot ai agent (<a href="https://redirect.github.com/nrwl/nx/pull/35757">#35757</a>)</li> <li><strong>core:</strong> allow local plugin subpath imports without custom conditions (<a href="https://redirect.github.com/nrwl/nx/pull/35751">#35751</a>, <a href="https://redirect.github.com/nrwl/nx/issues/35631">#35631</a>)</li> <li><strong>dotnet:</strong> include Directory.<em>.</em> files in inputs (<a href="https://redirect.github.com/nrwl/nx/pull/35738">#35738</a>)</li> <li><strong>gradle:</strong> add transitive:true to all tasks (<a href="https://redirect.github.com/nrwl/nx/pull/35677">#35677</a>)</li> <li><strong>gradle:</strong> pin generated e2e project toolchain to installed JDK (<a href="https://redirect.github.com/nrwl/nx/pull/35703">#35703</a>)</li> <li><strong>js:</strong> fall back to npm publish when bun publish fails with auth error (<a href="https://redirect.github.com/nrwl/nx/pull/35756">#35756</a>)</li> <li><strong>linter:</strong> improve convert-to-flat-config output fidelity (<a href="https://redirect.github.com/nrwl/nx/pull/35330">#35330</a>)</li> <li><strong>linter:</strong> only rewrite workspace-package peer deps to workspace:* (<a href="https://redirect.github.com/nrwl/nx/pull/35423">#35423</a>, <a href="https://redirect.github.com/nrwl/nx/issues/35318">#35318</a>, <a href="https://redirect.github.com/nrwl/nx/issues/33417">#33417</a>)</li> <li><strong>misc:</strong> stop inferring <code>projects: 'self'</code> in <code>dependsOn</code> entries (<a href="https://redirect.github.com/nrwl/nx/pull/35686">#35686</a>)</li> <li><strong>misc:</strong> skip <code>$</code> escaping in file paths on windows (<a href="https://redirect.github.com/nrwl/nx/pull/35692">#35692</a>)</li> <li><strong>repo:</strong> run dotnet restore before publish (<a href="https://redirect.github.com/nrwl/nx/pull/35771">#35771</a>)</li> <li><strong>repo:</strong> run dotnet restore before macos e2e job (<a href="https://redirect.github.com/nrwl/nx/pull/35774">#35774</a>)</li> <li><strong>rsbuild:</strong> infer build outputs from distPath.root directly (<a href="https://redirect.github.com/nrwl/nx/pull/35707">#35707</a>)</li> <li><strong>rsbuild:</strong> lazy-require <code>@rsbuild/core</code> in plugin so spec mocks work after jest.resetModules (<a href="https://redirect.github.com/nrwl/nx/issues/35707">#35707</a>)</li> <li><strong>testing:</strong> correct yargs-parser import in getJestProjectsAsync (<a href="https://redirect.github.com/nrwl/nx/pull/35672">#35672</a>, <a href="https://redirect.github.com/nrwl/nx/issues/35654">#35654</a>)</li> </ul> <h3>❤️ Thank You</h3> <ul> <li>AgentEnder <a href="https://github.com/AgentEnder"><code>@AgentEnder</code></a></li> <li>Artur <a href="https://github.com/arturovt"><code>@arturovt</code></a></li> <li>Benjamin Staneck <a href="https://github.com/Stanzilla"><code>@Stanzilla</code></a></li> <li>Copilot <a href="https://github.com/Copilot"><code>@Copilot</code></a></li> <li>Craigory Coppola <a href="https://github.com/AgentEnder"><code>@AgentEnder</code></a></li> <li>FrozenPandaz <a href="https://github.com/FrozenPandaz"><code>@FrozenPandaz</code></a></li> <li>Jason Jean <a href="https://github.com/FrozenPandaz"><code>@FrozenPandaz</code></a></li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/nrwl/nx/commit/e9e447b14e3a594749555b41edacb70f38510eb6"><code>e9e447b</code></a> chore(core): remove unused replaceNrwlPackageWithNxPackage devkit utility (<a href="https://github.com/nrwl/nx/tree/HEAD/packages/devkit/issues/3">#3</a>...</li> <li>See full diff in <a href="https://github.com/nrwl/nx/commits/22.7.4/packages/devkit">compare view</a></li> </ul> </details> <br /> Updates `@swc/core` from 1.15.33 to 1.15.40 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/swc-project/swc/blob/main/CHANGELOG.md">@swc/core's changelog</a>.</em></p> <blockquote> <h2>[1.15.40] - 2026-05-23</h2> <h3>Bug Fixes</h3> <ul> <li> <p><strong>(es/minifier)</strong> Preserve args for destructured callbacks (<a href="https://redirect.github.com/swc-project/swc/issues/11830">#11830</a>) (<a href="https://github.com/swc-project/swc/commit/21873b06df3fd62d952a21cf879e14d11d4b39d7">21873b0</a>)</p> </li> <li> <p><strong>(es/minifier)</strong> Avoid generating mangled property names that collide with existing properties (<a href="https://redirect.github.com/swc-project/swc/issues/11839">#11839</a>) (<a href="https://github.com/swc-project/swc/commit/9b4fab58c90256a6da688de87ea405225a5a6fdb">9b4fab5</a>)</p> </li> <li> <p><strong>(es/minifier)</strong> Respect ecma for iife temp vars (<a href="https://redirect.github.com/swc-project/swc/issues/11873">#11873</a>) (<a href="https://github.com/swc-project/swc/commit/e481934a63c0ee891e4a770c4f0cd5ec3fd8624e">e481934</a>)</p> </li> <li> <p><strong>(es/minifier)</strong> Preserve default parameter object props (<a href="https://redirect.github.com/swc-project/swc/issues/11884">#11884</a>) (<a href="https://github.com/swc-project/swc/commit/71ff84f19762306ab9b86accb29eb6ed83c46f84">71ff84f</a>)</p> </li> <li> <p><strong>(es/parser)</strong> Reject object-rest assignment to array/object literal (<a href="https://redirect.github.com/swc-project/swc/issues/11875">#11875</a>) (<a href="https://github.com/swc-project/swc/commit/7b57d1f8717d8bf6be0b617b04bc6e219a2b3775">7b57d1f</a>)</p> </li> <li> <p><strong>(es/parser)</strong> Reject object rest assignment to literals (<a href="https://redirect.github.com/swc-project/swc/issues/11881">#11881</a>) (<a href="https://github.com/swc-project/swc/commit/4ec2eaf4d89ddd95293b8f09169a88b0434c5a13">4ec2eaf</a>)</p> </li> <li> <p><strong>(es/react)</strong> Exclude self-recursive hooks from refresh dependency array (<a href="https://redirect.github.com/swc-project/swc/issues/11838">#11838</a>) (<a href="https://github.com/swc-project/swc/commit/9101c719fa8f3f5cb410d716d4f50544650cd81e">9101c71</a>)</p> </li> <li> <p><strong>(ts/fast-dts)</strong> Strip definite assertions in dts (<a href="https://redirect.github.com/swc-project/swc/issues/11858">#11858</a>) (<a href="https://github.com/swc-project/swc/commit/2ab1b8a50f2af3d8b4c42d6c4dd4f2051940cae0">2ab1b8a</a>)</p> </li> <li> <p><strong>(ts/fast-strip)</strong> Reject unsafe assertion erasure in binary expressions (<a href="https://redirect.github.com/swc-project/swc/issues/11828">#11828</a>) (<a href="https://github.com/swc-project/swc/commit/aa5b539b277dbf4c68c87380d16f4b8713145df3">aa5b539</a>)</p> </li> <li> <p><strong>(typescript)</strong> Strip parameter binding defaults in dts (<a href="https://redirect.github.com/swc-project/swc/issues/11857">#11857</a>) (<a href="https://github.com/swc-project/swc/commit/800bc170334a74191eb5ae21e3bfc96bf6f7fe56">800bc17</a>)</p> </li> </ul> <h3>Documentation</h3> <ul> <li> <p>Update agent guidance (<a href="https://redirect.github.com/swc-project/swc/issues/11842">#11842</a>) (<a href="https://github.com/swc-project/swc/commit/bf2d0154cf8b66fdab16085585fda0086d297a64">bf2d015</a>)</p> </li> <li> <p>Add security policy (<a href="https://redirect.github.com/swc-project/swc/issues/11876">#11876</a>) (<a href="https://github.com/swc-project/swc/commit/6c43c2de9cb9d5516b0ac87101345940964e943e">6c43c2d</a>)</p> </li> <li> <p>Clarify security scope for npm packages (<a href="https://redirect.github.com/swc-project/swc/issues/11877">#11877</a>) (<a href="https://github.com/swc-project/swc/commit/4662db8fe3e503f298a285697ea63ecc1ca3b958">4662db8</a>)</p> </li> <li> <p>Clarify untrusted input security model (<a href="https://redirect.github.com/swc-project/swc/issues/11882">#11882</a>) (<a href="https://github.com/swc-project/swc/commit/546377770e164aead174404fb678319c9c56a9dc">5463777</a>)</p> </li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/swc-project/swc/commit/112729bc85239e731daf4e5f8daddbd1fe87c12d"><code>112729b</code></a> chore: Publish <code>1.15.40</code> with <code>swc_core</code> <code>v66.0.5</code></li> <li><a href="https://github.com/swc-project/swc/commit/13a5608f703f6c3e4c0f77f4534ce8f5c5d49f61"><code>13a5608</code></a> chore: Publish <code>1.15.40-nightly-20260523.1</code> with <code>swc_core</code> <code>v66.0.5</code></li> <li><a href="https://github.com/swc-project/swc/commit/bc6ee837f38b1dfb6a550fdda7366712abd582b5"><code>bc6ee83</code></a> chore: Publish <code>1.15.39-nightly-20260523.1</code> with <code>swc_core</code> <code>v66.0.5</code></li> <li><a href="https://github.com/swc-project/swc/commit/3a68ad540ce885ab9dae9344c4394e0543644900"><code>3a68ad5</code></a> chore: Publish <code>1.15.38-nightly-20260522.1</code> with <code>swc_core</code> <code>v66.0.5</code></li> <li><a href="https://github.com/swc-project/swc/commit/d0f0d5a020244b571efc963ea8c74fd6bbba9327"><code>d0f0d5a</code></a> chore: Publish <code>1.15.37-nightly-20260522.1</code> with <code>swc_core</code> <code>v66.0.5</code></li> <li><a href="https://github.com/swc-project/swc/commit/969df79007f5fca2306e8beb4acab76f45dc02f1"><code>969df79</code></a> chore: Publish <code>1.15.36-nightly-20260522.1</code> with <code>swc_core</code> <code>v66.0.5</code></li> <li><a href="https://github.com/swc-project/swc/commit/38c2a441bb7931efafec0f2286b1bcb299af2c5e"><code>38c2a44</code></a> chore: Publish <code>1.15.35-nightly-20260522.1</code> with <code>swc_core</code> <code>v66.0.4</code></li> <li><a href="https://github.com/swc-project/swc/commit/18df110b195de3ba98e50e9841aa69f1ea1eb61b"><code>18df110</code></a> chore: Publish <code>1.15.34-nightly-20260522.1</code> with <code>swc_core</code> <code>v66.0.4</code></li> <li><a href="https://github.com/swc-project/swc/commit/20d92eb3c8dee378f046a6bff839913600a1fbdb"><code>20d92eb</code></a> security: update rkyv and Rust dependencies (<a href="https://github.com/swc-project/swc/tree/HEAD/packages/core/issues/11851">#11851</a>)</li> <li><a href="https://github.com/swc-project/swc/commit/0d8e6510835c8bc4e433d92408ccd4faa4a3f721"><code>0d8e651</code></a> chore: Publish crates with <code>swc_core</code> <code>v65.0.3</code></li> <li>See full diff in <a href="https://github.com/swc-project/swc/commits/v1.15.40/packages/core">compare view</a></li> </ul> </details> <br /> Updates `@typescript/native-preview` from 7.0.0-dev.20260518.1 to 7.0.0-dev.20260526.1 <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/microsoft/typescript-go/commits">compare view</a></li> </ul> </details> <br /> Updates `@vitest/coverage-istanbul` from 4.1.6 to 4.1.7 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vitest-dev/vitest/releases">@vitest/coverage-istanbul's releases</a>.</em></p> <blockquote> <h2>v4.1.7</h2> <h3> 🐞 Bug Fixes</h3> <ul> <li><strong>runner</strong>: Limit concurrency per task branch in addition to per leaf callbacks (backport) - by <a href="https://github.com/hi-ogawa"><code>@hi-ogawa</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10384">vitest-dev/vitest#10384</a> <a href="https://github.com/vitest-dev/vitest/commit/4f0f2a1ee">(4f0f2)</a></li> </ul> <h5> <a href="https://github.com/vitest-dev/vitest/compare/v4.1.6...v4.1.7">View changes on GitHub</a></h5> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vitest-dev/vitest/commit/a09d47236e19fd3151351080c667036ca6164dc4"><code>a09d472</code></a> chore: release v4.1.7</li> <li>See full diff in <a href="https://github.com/vitest-dev/vitest/commits/v4.1.7/packages/coverage-istanbul">compare view</a></li> </ul> </details> <br /> Updates `effect` from 4.0.0-beta.67 to 4.0.0-beta.70 <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/Effect-TS/effect/commits/HEAD/packages/effect">compare view</a></li> </ul> </details> <br /> Updates `knip` from 6.14.1 to 6.14.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/webpro-nl/knip/releases">knip's releases</a>.</em></p> <blockquote> <h2>Release 6.14.2</h2> <ul> <li>Fix vscode-knip build: pin native oxc bindings to bundled JS version (1b45a4103312c9c059560ae2e1eac25d86b4e2ac)</li> <li>Release vscode-knip@2.1.5 (328892eb04e65b4702e1ef2303db3156b8f2e1a3)</li> <li>Fix Astro plugin to support both possible middleware entry points (<a href="https://github.com/webpro-nl/knip/tree/HEAD/packages/knip/issues/1749">#1749</a>) (33e0cc1a530a8cf5b6b05c8b3a3ca55f8fce8a75) - thanks <a href="https://github.com/schmalz-dmi"><code>@schmalz-dmi</code></a>!</li> <li>Fix LICENSE link (<a href="https://github.com/webpro-nl/knip/tree/HEAD/packages/knip/issues/1760">#1760</a>) (829620f9077ddea086a610c279c7c1250dd66e11) - thanks <a href="https://github.com/vortispy"><code>@vortispy</code></a>!</li> <li>Fix GraphQL Codegen script config dependencies (<a href="https://github.com/webpro-nl/knip/tree/HEAD/packages/knip/issues/1756">#1756</a>) (e841c6355e7eff240e74010bfd2be8bbb22ff2b6) - thanks <a href="https://github.com/jakeleventhal"><code>@jakeleventhal</code></a>!</li> <li>Set pnpm config via env vars, disable verify-deps in ecosystem tests (53c12248cc3e79fd79f3efde691d463fc795c40f)</li> <li>Update slonik ecosystem snapshot (f18410b34c8554364a9f003660bebae5e826de57)</li> <li>Fix Serverless TypeScript plugin dependencies (<a href="https://github.com/webpro-nl/knip/tree/HEAD/packages/knip/issues/1757">#1757</a>) (ebde7f8f3e3004db7f51fb5d60a0bdc2452116ef) - thanks <a href="https://github.com/jakeleventhal"><code>@jakeleventhal</code></a>!</li> <li>Fix extended tsconfig type dependency attribution (<a href="https://github.com/webpro-nl/knip/tree/HEAD/packages/knip/issues/1758">#1758</a>) (f600b09e562317a37844ed8cdf1b9b46e06c9405) - thanks <a href="https://github.com/jakeleventhal"><code>@jakeleventhal</code></a>!</li> <li>Fix Bun binary dependency tracking (<a href="https://github.com/webpro-nl/knip/tree/HEAD/packages/knip/issues/1759">#1759</a>) (1b289239f35ff2912195b7e39a96c667c54c1fc5) - thanks <a href="https://github.com/jakeleventhal"><code>@jakeleventhal</code></a>!</li> <li>Detect Babel plugins/presets in Vite plugin options (resolve <a href="https://github.com/webpro-nl/knip/tree/HEAD/packages/knip/issues/1761">#1761</a>) (2753d6910743a12a207fca81cb8325c00803963a)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/webpro-nl/knip/commit/e93ccaa4d8fd6df6b4e976d2b0472ba5f7d48830"><code>e93ccaa</code></a> Release knip@6.14.2</li> <li><a href="https://github.com/webpro-nl/knip/commit/2753d6910743a12a207fca81cb8325c00803963a"><code>2753d69</code></a> Detect Babel plugins/presets in Vite plugin options (resolve <a href="https://github.com/webpro-nl/knip/tree/HEAD/packages/knip/issues/1761">#1761</a>)</li> <li><a href="https://github.com/webpro-nl/knip/commit/1b289239f35ff2912195b7e39a96c667c54c1fc5"><code>1b28923</code></a> Fix Bun binary dependency tracking (<a href="https://github.com/webpro-nl/knip/tree/HEAD/packages/knip/issues/1759">#1759</a>)</li> <li><a href="https://github.com/webpro-nl/knip/commit/f600b09e562317a37844ed8cdf1b9b46e06c9405"><code>f600b09</code></a> Fix extended tsconfig type dependency attribution (<a href="https://github.com/webpro-nl/knip/tree/HEAD/packages/knip/issues/1758">#1758</a>)</li> <li><a href="https://github.com/webpro-nl/knip/commit/ebde7f8f3e3004db7f51fb5d60a0bdc2452116ef"><code>ebde7f8</code></a> Fix Serverless TypeScript plugin dependencies (<a href="https://github.com/webpro-nl/knip/tree/HEAD/packages/knip/issues/1757">#1757</a>)</li> <li><a href="https://github.com/webpro-nl/knip/commit/e841c6355e7eff240e74010bfd2be8bbb22ff2b6"><code>e841c63</code></a> Fix GraphQL Codegen script config dependencies (<a href="https://github.com/webpro-nl/knip/tree/HEAD/packages/knip/issues/1756">#1756</a>)</li> <li><a href="https://github.com/webpro-nl/knip/commit/829620f9077ddea086a610c279c7c1250dd66e11"><code>829620f</code></a> Fix LICENSE link (<a href="https://github.com/webpro-nl/knip/tree/HEAD/packages/knip/issues/1760">#1760</a>)</li> <li><a href="https://github.com/webpro-nl/knip/commit/33e0cc1a530a8cf5b6b05c8b3a3ca55f8fce8a75"><code>33e0cc1</code></a> Fix Astro plugin to support both possible middleware entry points (<a href="https://github.com/webpro-nl/knip/tree/HEAD/packages/knip/issues/1749">#1749</a>)</li> <li>See full diff in <a href="https://github.com/webpro-nl/knip/commits/knip@6.14.2/packages/knip">compare view</a></li> </ul> </details> <br /> Updates `nx` from 22.7.2 to 22.7.4 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/nrwl/nx/releases">nx's releases</a>.</em></p> <blockquote> <h2>22.7.4 (2026-05-25)</h2> <h3>🩹 Fixes</h3> <ul> <li><strong>core:</strong> update brace-expansion and yaml (<a href="https://redirect.github.com/nrwl/nx/pull/35790">#35790</a>)</li> </ul> <h3>❤️ Thank You</h3> <ul> <li>Jack Hsu <a href="https://github.com/jaysoo"><code>@jaysoo</code></a></li> </ul> <h2>22.7.3 (2026-05-22)</h2> <h3>🚀 Features</h3> <ul> <li><strong>js:</strong> support pnpm 11.2.2 (<a href="https://redirect.github.com/nrwl/nx/pull/35772">#35772</a>)</li> </ul> <h3>🩹 Fixes</h3> <ul> <li><strong>angular:</strong> only add <code>@oxc-project/runtime</code> on the vitest-analog path (<a href="https://redirect.github.com/nrwl/nx/pull/35734">#35734</a>)</li> <li><strong>angular-rspack:</strong> exclude eslint config from tailwind v4 source scan (<a href="https://redirect.github.com/nrwl/nx/pull/35663">#35663</a>)</li> <li><strong>core:</strong> warn before installing unknown npm packages as preset (<a href="https://redirect.github.com/nrwl/nx/pull/35644">#35644</a>)</li> <li><strong>core:</strong> preserve input order in createNodes plugin results (<a href="https://redirect.github.com/nrwl/nx/pull/35595">#35595</a>)</li> <li><strong>core:</strong> resolve local plugin subpath imports from source (<a href="https://redirect.github.com/nrwl/nx/pull/35631">#35631</a>)</li> <li><strong>core:</strong> treat undefined task parallelism as parallel when scheduling (<a href="https://redirect.github.com/nrwl/nx/pull/35736">#35736</a>)</li> <li><strong>core:</strong> handle object form of bin field in getPrettierPath (<a href="https://redirect.github.com/nrwl/nx/pull/35680">#35680</a>)</li> <li><strong>core:</strong> detect vscode copilot ai agent (<a href="https://redirect.github.com/nrwl/nx/pull/35757">#35757</a>)</li> <li><strong>core:</strong> allow local plugin subpath imports without custom conditions (<a href="https://redirect.github.com/nrwl/nx/pull/35751">#35751</a>, <a href="https://redirect.github.com/nrwl/nx/issues/3563…

## Summary Fixes the `Mirror Image` workflow so `repository_dispatch` runs can mirror Docker images without requiring a checked-out `apps/cli-go` directory. The workflow was failing before any mirroring because it set `defaults.run.working-directory: apps/cli-go`, but dispatch-triggered runs do not checkout the repo. This also removes an invalid `workflow_dispatch.paths` entry from the same workflow. Co-authored-by: Cursor <cursoragent@cursor.com>

- Introduced functionality to enable and manage vector buckets within the CLI. - Updated the `Run` function to check for vector bucket configuration and handle operations accordingly. - Added unit tests to validate the new vector bucket seeding process, ensuring proper interaction with the mock API. - Enhanced environment variable configuration for vector buckets in the storage container setup. This change allows users to leverage vector buckets for enhanced data storage capabilities. TODO: Pending upstream storage image to handle the vector local dev experience --------- Co-authored-by: fenos <fabri.feno@gmail.com> Co-authored-by: Julien Goux <hi@jgoux.dev>

## Current Behavior The Go CLI ships `supabase completion {bash,zsh,fish,powershell}` via Cobra. Users routinely install completions via `eval "$(supabase completion zsh)"` in their `.zshrc` (or have brew-installed `_supabase` files in their zsh `fpath`), and Cobra's generated scripts call back into `supabase __complete <args>` on every tab press to fetch dynamic completion candidates. When the TypeScript CLI replaced the Go binary on user PATHs the legacy shell dropped the `completion` subcommand entirely — Effect CLI only exposes shell completion via a `--completions` global flag, which is not what existing user setups invoke. Result: at shell startup, users hit: ``` (eval):1: _supabase: function definition file not found (eval):1: _supabase: function definition file not found (eval):1: _supabase: function definition file not found ``` ## Expected Behavior `supabase completion <shell>` succeeds and emits the same script bytes the Go CLI would. Existing `.zshrc` setups, brew-managed `_supabase` files in `fpath`, and the equivalents for bash/fish/powershell all keep working without modification. Tab completion works end-to-end, including for partial flag tokens (`supabase --de<TAB>`). ## What this PR does Scoped to the legacy shell only — `next/` keeps using the framework-provided `--completions` flag and is untouched. - Adds `supabase completion {bash,fish,powershell,zsh}` under `apps/cli/src/legacy/commands/completion/`. Each handler is a thin `LegacyGoProxy.exec(["completion", "<shell>"])` proxy, so the emitted scripts are byte-for-byte identical to Cobra's output. This is what existing user setups already have cached and depend on, and avoids the drift risk of regenerating the scripts from a different source of truth. - Adds an argv intercept in `legacy/cli/main.ts` (via `complete-passthrough.ts`) for the hidden `__complete` callback. Cobra's generated scripts call `supabase __complete <args>` on every tab press, and the args may include partial-flag tokens like `--de` that Effect's structured parser would reject. The intercept bypasses Effect entirely and proxies the raw argv to the bundled Go binary, which is the authority on completion behavior for the legacy shell. `__complete` is intentionally not registered as an Effect Command, so it stays out of `--help`. - Updates `docs/go-cli-porting-status.md`: the four `completion <shell>` rows are promoted from `partial` to `ported`, with summary/family totals adjusted. ## Verification Ran locally against a freshly-built Go binary (`SUPABASE_GO_BINARY=…`): - `supabase completion zsh` emits `#compdef supabase\ncompdef _supabase supabase ...` — byte-exact match with `go run ./apps/cli-go completion zsh`. - `supabase completion --help` lists `bash`, `fish`, `powershell`, `zsh` subcommands. - `supabase __complete mi` → `migration\t...`. - `supabase __complete --debug branches lis` → `list\t...` (verbatim flag passthrough confirmed). - `supabase --help` shows `completion` and hides `__complete`. Fixes CLI-1532

…dates (#5365) Bumps the docker-minor group with 9 updates in the /apps/cli-go/pkg/config/templates directory: | Package | From | To | | --- | --- | --- | | postgrest/postgrest | `v14.10` | `v14.12` | | supabase/postgres-meta | `v0.96.4` | `v0.96.6` | | supabase/studio | `2026.04.28-sha-89d08a2` | `2026.05.25-sha-65c570e` | | supabase/edge-runtime | `v1.73.13` | `v1.74.0` | | supabase/supavisor | `2.7.4` | `2.9.5` | | supabase/gotrue | `v2.188.1` | `v2.189.0` | | supabase/realtime | `v2.86.3` | `v2.99.0` | | supabase/storage-api | `v1.54.1` | `v1.59.0` | | supabase/logflare | `1.39.1` | `1.42.0` | Updates `postgrest/postgrest` from v14.10 to v14.12 Updates `supabase/postgres-meta` from v0.96.4 to v0.96.6 Updates `supabase/studio` from 2026.04.28-sha-89d08a2 to 2026.05.25-sha-65c570e Updates `supabase/edge-runtime` from v1.73.13 to v1.74.0 Updates `supabase/supavisor` from 2.7.4 to 2.9.5 Updates `supabase/gotrue` from v2.188.1 to v2.189.0 Updates `supabase/realtime` from v2.86.3 to v2.99.0 Updates `supabase/storage-api` from v1.54.1 to v1.59.0 Updates `supabase/logflare` from 1.39.1 to 1.42.0 Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Julien Goux <hi@jgoux.dev>

…/apps/cli-go/pkg/config/templates (#5362) Bumps supabase/postgres from 17.6.1.106 to 17.6.1.130. Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

… group (#5364) Bumps the npm-major group with 1 update: [fumadocs-mdx](https://github.com/fuma-nama/fumadocs). Updates `fumadocs-mdx` from 15.0.8 to 15.0.9 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/fuma-nama/fumadocs/releases">fumadocs-mdx's releases</a>.</em></p> <blockquote> <h2>fumadocs-mdx@15.0.9</h2> <h3>Patch Changes</h3> <ul> <li>cd04425: Support <code>_fumadocs_skipViteConfig</code> internal flag</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/fuma-nama/fumadocs/commit/35bb0efe3bf7a51d50622b39c71d2994272dde0a"><code>35bb0ef</code></a> Version Packages (<a href="https://redirect.github.com/fuma-nama/fumadocs/issues/3309">#3309</a>)</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/5c5d319331aa19dc0a576a832b4a943e7cb81fcc"><code>5c5d319</code></a> feat(story): New Vite plugin for non-RSC environment</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/93a2003df613058af9788e26141210e3be83eab3"><code>93a2003</code></a> chore: bump deps</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/2420274b072528b8f206a30089a596420bd31211"><code>2420274</code></a> fix(sanity): types</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/cec41638ce645f9333124d7f8f63dc51470f8b6f"><code>cec4163</code></a> docs: multiple orgs to one user</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/cd044251d7526974d54e5afc9b313430513a508d"><code>cd04425</code></a> feat(mdx): support <code>_fumadocs_skipViteConfig</code> flag for Vite plugin</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/2a1e0488267bc882689c57f838135cf09c852451"><code>2a1e048</code></a> Merge pull request <a href="https://redirect.github.com/fuma-nama/fumadocs/issues/3307">#3307</a> from fuma-nama/changeset-release/dev</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/66426c76f69d59dcf7aa5bfde58b73bbcb9f6036"><code>66426c7</code></a> fix(sanity): sanity peer deps</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/5e19560cf398e6349778045ef1780788bb54b476"><code>5e19560</code></a> docs: introduce <code>pagesIndex</code></li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/afe04307a9374139585c71276c3ba8d01d6d2ab3"><code>afe0430</code></a> docs: update sponsors</li> <li>Additional commits viewable in <a href="https://github.com/fuma-nama/fumadocs/compare/fumadocs-mdx@15.0.8...fumadocs-mdx@15.0.9">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=fumadocs-mdx&package-manager=npm_and_yarn&previous-version=15.0.8&new-version=15.0.9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Julien Goux <hi@jgoux.dev>

…5367) Replaces the Phase-0 Go-binary proxies for `supabase network-restrictions get` and `network-restrictions update` with native Effect handlers. Output, error messages, exit codes, request shapes, and filesystem side effects match the Go CLI. ## What changed - **`network-restrictions get/update` are now native TS** — typed Management API client, `withLegacyCommandInstrumentation` + `withJsonErrorHandling` + `mapLegacyHttpError`, honoring both Go's `--output {pretty,json,yaml,toml,env}` and the TS `--output-format {text,json,stream-json}` (note: Go's `restrictions` package itself does NOT honor `--output`; the TS port honors both per the legacy CLAUDE.md dual-flag rule). - **Two API paths in `update`** — default POSTs `/v1/projects/{ref}/network-restrictions/apply` with `{ dbAllowedCidrs, dbAllowedCidrsV6 }`; `--append=true` PATCHes `/v1/projects/{ref}/network-restrictions` with `{ add: { ... } }`. The PATCH response uses the V2 shape (`config.dbAllowedCidrs: Array<{address, type: "v4"|"v6"}>`) and gets partitioned back into the two flat arrays for the text formatter. - **CIDR validation runs locally before any I/O** — Go's `update.go:20-33` parses every `--db-allow-cidr` via `net.ParseCIDR`, rejects RFC-1918 / RFC-4193 private inputs unless `--bypass-cidr-checks=true`, and partitions into v4/v6. The TS port matches this order so a malformed CIDR short-circuits without resolving the project ref or writing `linked-project.json` (telemetry still flushes via the outermost `Effect.ensuring`). - **Text output is byte-exact with Go's `fmt.Printf("%+v", ...)` slice rendering** — `<nil>` when the API omits the field, `&[]` when the field is present but empty, `&[a b c]` (single-space separated, no quotes) when populated. GET/POST handlers print the response field directly (so the tri-state surfaces); PATCH wraps via `&localSlice` (always renders `&[]` or `&[...]`). - **New shared test infrastructure at `apps/cli/tests/helpers/legacy-mocks.ts`** — every Phase-1+ legacy integration test was independently re-implementing ~100 LoC of mock setup (no-op cache/telemetry layers, state-tracking variants, `mockCliConfig`, `httpClientLayer`/`jsonResponse`, `mockPlatformApi`, `VALID_REF`/`VALID_TOKEN`, `let tempRoot` + `beforeEach/afterEach`, and a `Layer.mergeAll` that re-built the easy-to-mis-wire `legacyProjectRefLayer.pipe(Layer.provide(...))` subgraph). The new file exports `LEGACY_VALID_REF`/`LEGACY_VALID_TOKEN`, the two no-op layers, `mockLegacy{Telemetry,LinkedProjectCache}Tracked()`, `mockLegacyCliConfig`, `mockLegacyPlatformApi` (hybrid `response` / `byMethod` / `handler` surface), `useLegacyTempWorkdir(prefix)`, and a one-shot `buildLegacyTestRuntime` composer. All 9 existing native-port integration test files (`backups/{list,restore}`, `network-restrictions/{get,update}`, `secrets/{list,set,unset}`, `ssl-enforcement/{get,update}`) migrate to use the helpers in this PR. - **Cidr unit tests moved to their proper sibling file** — the `parseCidr`, `isPrivateCidr`, and `validateAndPartitionCidrs` tests now live in `network-restrictions.cidr.unit.test.ts` next to their source, not bundled into `update.unit.test.ts`. ## Reviewer-relevant context - **IPv4-mapped IPv6 detection** — Go's `net.IP.IsPrivate()` first calls `To4()`, which unwraps `::ffff:a.b.c.d` to its v4 form before the private-range check. Without that, `::ffff:10.0.0.0/104` would slip past the TS check because the IPv6 first byte is `0x00`, not `0xfc`. `parseCidr` now detects the IPv4-mapped form (short `::ffff:a.b.c.d` and long `0:0:0:0:0:ffff:a.b.c.d`) and reclassifies as `kind: "v4"` with a `v4MappedAddress` field; `isPrivateCidr` uses the unwrapped octets, and `validateAndPartitionCidrs` routes the original input string into the v4 request bucket (matching Go's `if ip.To4() != nil { append to v4 }` branch). - **Error body sanitisation in `legacy-http-errors.ts`** — `mapLegacyHttpError` now strips ASCII control characters (except `\t`/`\n`) from response bodies before embedding them in error messages. Defense-in-depth against log-injection if the Management API ever echoes user-controlled content in error responses; the existing 1024-byte cap is unchanged. - **`secrets/set` and `secrets/unset` need extra services** — `secrets/set` reads `process.env` for `env(VAR)` resolution and needs `RuntimeInfo` for CWD; `secrets/unset` consumes `LegacyYesFlag`. Those tests compose the extras on top of `buildLegacyTestRuntime` via `Layer.mergeAll(...)` rather than expanding the helper's options surface. - **Smoke-tested the bundled `dist/supabase-legacy` binary** (per the `Layer.provide` sibling-sharing footgun) — `--help` for `network-restrictions {get,update}`, `ssl-enforcement {get,update}`, and `backups list` all resolve cleanly, so the centralised runtime wiring doesn't regress production layer composition. - **`docs/go-cli-porting-status.md` flips both `network-restrictions` rows** from `wrapped` to `ported`. Fixes CLI-1296 --------- Co-authored-by: Julien Goux <hi@jgoux.dev>

jgoux and others added 4 commits May 22, 2026 11:21

supabase-cli-releaser Bot requested a review from a team as a code owner May 26, 2026 03:19

supabase-cli-releaser Bot added the do not merge label May 26, 2026

jgoux and others added 14 commits May 26, 2026 10:12

chore: adds additional sensitive keys (#5356)

524ea4e

## What kind of change does this PR introduce? chore ## What is the current behavior? `--dry-run` could potentially display some sensitive values ## What is the new behavior? additional sensitive values are redacted

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore: production deploy#5353

chore: production deploy#5353
supabase-cli-releaser[bot] wants to merge 19 commits into
mainfrom
develop

supabase-cli-releaser Bot commented May 26, 2026

Uh oh!

coveralls commented May 26, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

Conversation

supabase-cli-releaser Bot commented May 26, 2026

Uh oh!

coveralls commented May 26, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Coverage Report for CI Build 26515119396

Coverage: 63.74%

Details

Uncovered Changes

Coverage Regressions

Coverage Stats

💛 - Coveralls

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

coveralls commented May 26, 2026 •

edited

Loading