chore: production deploy by supabase-cli-releaser[bot] · Pull Request #5519 · supabase/cli

supabase-cli-releaser · 2026-06-09T03:19:16Z

fix(deps): bump github.com/posthog/posthog-go from 1.13.0 to 1.13.1 in /apps/cli-go in the go-minor group across 1 directory (fix(deps): bump github.com/posthog/posthog-go from 1.13.0 to 1.13.1 in /apps/cli-go in the go-minor group across 1 directory #5482)
feat(cli): port services (feat(cli): port services #5468)
feat(cli): port bootstrap command to native TypeScript (feat(cli): port bootstrap command to native TypeScript #5470)
fix(cli): tolerate missing SSO SAML IDs (fix(cli): tolerate missing SSO SAML IDs #5485)
ci(deps): auto-merge all Dependabot updates (ci(deps): auto-merge all Dependabot updates #5486)
test(stack): stabilize e2e warmup tests (test(stack): stabilize e2e warmup tests #5487)
test(cli): remove Docker manifest alignment check (test(cli): remove Docker manifest alignment check #5488)
fix(docker): bump the docker-minor group in /apps/cli-go/pkg/config/templates with 3 updates (fix(docker): bump the docker-minor group in /apps/cli-go/pkg/config/templates with 3 updates #5484)
fix(deps-dev): bump the npm-major group across 1 directory with 3 updates (fix(deps-dev): bump the npm-major group across 1 directory with 3 updates #5483)
chore(cli): align scoop manifest with Main bucket conventions (chore(cli): align scoop manifest with Main bucket conventions #5490)
fix(docker): bump supabase/storage-api from v1.60.4 to v1.60.8 in /apps/cli-go/pkg/config/templates in the docker-minor group (fix(docker): bump supabase/storage-api from v1.60.4 to v1.60.8 in /apps/cli-go/pkg/config/templates in the docker-minor group #5494)
fix(deps): bump github.com/go-playground/validator/v10 from 10.30.2 to 10.30.3 in /apps/cli-go in the go-minor group across 1 directory (fix(deps): bump github.com/go-playground/validator/v10 from 10.30.2 to 10.30.3 in /apps/cli-go in the go-minor group across 1 directory #5496)
chore(ci): bump aws-actions/configure-aws-credentials from 6.1.3 to 6.2.0 in the actions-major group (chore(ci): bump aws-actions/configure-aws-credentials from 6.1.3 to 6.2.0 in the actions-major group #5502)
chore: sync API types from infrastructure (chore: sync API types from infrastructure #5504)
feat(cli): add --git-branch flag to branches create command (feat(cli): add --git-branch flag to branches create command #5250)
fix(cli): warn when vector buckets are unavailable (fix(cli): warn when vector buckets are unavailable #5508)
feat(cli): port gen signing-key (feat(cli): port gen signing-key #5501)
feat(cli): port config push (feat(cli): port config push #5489)
fix(deps): bump the npm-major group across 1 directory with 9 updates (fix(deps): bump the npm-major group across 1 directory with 9 updates #5503)
fix(cli): skip pg_dump in db pull when using pg-delta diff engine (fix(cli): skip pg_dump in db pull when using pg-delta diff engine #5255)
chore(ci): bump the actions-major group with 2 updates (chore(ci): bump the actions-major group with 2 updates #5516)

…n /apps/cli-go in the go-minor group across 1 directory (#5482) Bumps the go-minor group with 1 update in the /apps/cli-go directory: [github.com/posthog/posthog-go](https://github.com/posthog/posthog-go). Updates `github.com/posthog/posthog-go` from 1.13.0 to 1.13.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/posthog/posthog-go/releases">github.com/posthog/posthog-go's releases</a>.</em></p> <blockquote> <h2>1.13.1</h2> <h2>Unreleased</h2> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/PostHog/posthog-go/blob/main/CHANGELOG.md">github.com/posthog/posthog-go's changelog</a>.</em></p> <blockquote> <h2>1.13.1</h2> <h3>Patch Changes</h3> <ul> <li>541b82f: Include group context in the <code>$feature_flag_called</code> LRU dedupe key so group-scoped flags fire a separate event for each group a user is evaluated under, instead of being dedup-ed against the first group context the same <code>(distinct_id, flag, device_id)</code> was seen under.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/PostHog/posthog-go/commit/f68c74f31334c42921039fa6f19c64620a916548"><code>f68c74f</code></a> chore: release v1.13.1 [version bump] [skip ci]</li> <li><a href="https://github.com/PostHog/posthog-go/commit/541b82f623cb60016d4a628d180e056707def137"><code>541b82f</code></a> fix: include group context in $feature_flag_called dedupe key (<a href="https://redirect.github.com/posthog/posthog-go/issues/206">#206</a>)</li> <li><a href="https://github.com/PostHog/posthog-go/commit/4650ca24c595a4e0a3de29c36047e19c8d0e0677"><code>4650ca2</code></a> chore: use shared semantic PR title workflow (<a href="https://redirect.github.com/posthog/posthog-go/issues/210">#210</a>)</li> <li><a href="https://github.com/PostHog/posthog-go/commit/ba838c81f0390d57d050de33df952c69537b1fb4"><code>ba838c8</code></a> chore: validate PR titles with conventional commits (<a href="https://redirect.github.com/posthog/posthog-go/issues/209">#209</a>)</li> <li><a href="https://github.com/PostHog/posthog-go/commit/8ceb0de90586cfcb3ebb1a92bd8f5a70e40a01f0"><code>8ceb0de</code></a> docs: document public APIs and hide testing-only flag definitions method (<a href="https://redirect.github.com/posthog/posthog-go/issues/208">#208</a>)</li> <li><a href="https://github.com/PostHog/posthog-go/commit/1ce09487804d3c37b1d40152a4508d4bff08c21b"><code>1ce0948</code></a> chore: update PostHog/.github pins (<a href="https://redirect.github.com/posthog/posthog-go/issues/207">#207</a>)</li> <li>See full diff in <a href="https://github.com/posthog/posthog-go/compare/v1.13.0...v1.13.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/posthog/posthog-go&package-manager=go_modules&previous-version=1.13.0&new-version=1.13.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

## TL;DR ports `supabase services` to native ts ## What’s introduced adds native TS implementations for services moves the local service version rendering and linked version lookup into shared command logic, adds integration coverage for text/json output and linked version fallback behavior ## Ref - closes CLI-1307 --------- Co-authored-by: Colum Ferry <cferry09@gmail.com>

## What changed Replaces the Phase-0 Go proxy for `supabase bootstrap` with a native TypeScript implementation in the legacy shell. `bootstrap` is a meta-orchestrator that chains: workdir resolve/prompt → template list/download → blank `init` → ensure-login → `projects create` → `projects api-keys` (backoff) → `link` services → health poll (backoff) → write `.env` → `db push` → start suggestion. Per the "hoist before you duplicate" policy, the shared orchestration is extracted from the already-ported `login` / `projects create` / `projects api-keys` / `link` handlers into `legacy/shared/`, and those handlers are refactored to delegate (no behavior change — their existing tests still pass): - `legacy-ensure-login` (browser login flow + post-login telemetry) - `legacy-project-create-core` - `legacy-get-api-keys` - `legacy-link-services-core` - `legacy-tenant-keys` (`legacyExtractServiceKeys`) - the login api/crypto layers move to `legacy/shared/` so `bootstrap` can compose them without a cross-command import ## Why Phase 1+ native port of `bootstrap` (the last Quick-Start command still proxied), unblocking native machine output (`--output-format json|stream-json`) and removing the Go dependency for everything except the migration push. ## Reviewer-relevant context - **`db push` is delegated to the bundled Go binary (interim).** It is the only non-native step, pending a separate native `db push` port. `LegacyGoProxy.exec` exits the process on a non-zero exit rather than returning a failure, so Go's push backoff cannot be reproduced from the proxy (single attempt). Documented in `SIDE_EFFECTS.md`. - **Go-parity decisions worth a look:** - No `cli_project_linked` telemetry — Go's `bootstrap` calls `link.LinkServices` (services-only), **not** `link.Run`, so it deliberately skips the project-linked event, status check, and `linked-project.json` temp write. - API keys are fetched **without** `reveal` (Go's `RunGetApiKeys` uses empty params). - Workdir / DB password env vars are read **prefixed** (`SUPABASE_WORKDIR`, `SUPABASE_DB_PASSWORD`) to match Go's `viper.SetEnvPrefix("SUPABASE")`. - `Using workdir …` prints only when the resolved workdir differs from the cwd (matches Go's `ChangeWorkDir` guard). - **Hardening:** template download rejects entries that would escape the target directory; GitHub and health error bodies are sanitized before surfacing. - `docs/go-cli-porting-status.md` flips `bootstrap` `wrapped` → `ported` with the interim-db-push note. ## Follow-ups (out of scope) - Native `db push` port will remove the proxy delegation (eliminating the single-attempt and transient `--password`-in-process-table limitations). - `bootstrap.e2e.test.ts` deferred — integration coverage is comprehensive; e2e needs replayed API fixtures plus handling of the real Go `db push` subprocess.

This updates the OpenAPI download flow to apply explicit JSON Patch overrides before writing the generated spec. The override corrects the SSO list response schema so items[].saml.id is optional while entity_id remains required, matching the live API response shape. The API artifacts are regenerated from the corrected OpenAPI document, and the CLI SSO list integration coverage now includes a provider whose SAML descriptor omits id.

Dependabot PRs should be approved and placed into auto-merge regardless of semver update type. This removes the semver gate from the auto-merge workflow so branch protection and required CI checks are the only merge gate for dependency updates.

## What changed - Make the warmup failure-path unit tests inject the Docker availability probe instead of touching the real Docker daemon. - Add a short timeout to the real `docker info` probe used by stack e2e warmup. ## Why The failing CI job timed out in the warmup failure-path test. Those tests were meant to exercise mocked prefetch failures, but they still ran the real Docker daemon probe first. If that probe stalls on a CI runner, the test never reaches the mocked failure path. Keeping the probe injected in those unit tests makes them hermetic, while the timeout prevents e2e warmup from hanging indefinitely on an unhealthy Docker socket.

Removes the unit test that compared the TypeScript services image matrix with the Go Dockerfile manifest. That assertion caused Docker-only Dependabot PRs to fail CI whenever Dependabot updated the Dockerfile but not the TypeScript mirror. Keeping the check out of the unit suite lets those automated dependency bumps merge when CI is otherwise green. Also broadens the CLI e2e parity normalizer so two-component Docker tags like `v14.13` are treated as volatile version output, matching the existing behavior for three-component tags. This prevents Go/TypeScript parity from failing solely because Dependabot bumped a Docker image tag. Finally narrows `LOCAL_SERVICE_IMAGES` to module scope now that tests no longer import it.

…emplates with 3 updates (#5484) Bumps the docker-minor group in /apps/cli-go/pkg/config/templates with 3 updates: postgrest/postgrest, supabase/realtime and supabase/logflare. Updates `postgrest/postgrest` from v14.12 to v14.13 Updates `supabase/realtime` from v2.103.2 to v2.103.4 Updates `supabase/logflare` from 1.43.3 to 1.43.4 Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Julien Goux <hi@jgoux.dev>

…ates (#5483) Bumps the npm-major group with 3 updates in the / directory: [@anthropic-ai/claude-agent-sdk](https://github.com/anthropics/claude-agent-sdk-typescript), [@anthropic-ai/sdk](https://github.com/anthropics/anthropic-sdk-typescript) and [posthog-node](https://github.com/PostHog/posthog-js/tree/HEAD/packages/node). Updates `@anthropic-ai/claude-agent-sdk` from 0.3.146 to 0.3.156 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/anthropics/claude-agent-sdk-typescript/releases">@anthropic-ai/claude-agent-sdk's releases</a>.</em></p> <blockquote> <h2>v0.3.156</h2> <h2>What's changed</h2> <ul> <li>Updated to parity with Claude Code v2.1.156</li> </ul> <h2>Update</h2> <pre lang="sh"><code>npm install @anthropic-ai/claude-agent-sdk@0.3.156 # or yarn add @anthropic-ai/claude-agent-sdk@0.3.156 # or pnpm add @anthropic-ai/claude-agent-sdk@0.3.156 # or bun add @anthropic-ai/claude-agent-sdk@0.3.156 </code></pre> <h2>v0.3.154</h2> <h2>What's changed</h2> <ul> <li>Fixed stdio MCP servers being incorrectly restarted on every reconcile pass due to config-equality false positives</li> </ul> <h2>Update</h2> <pre lang="sh"><code>npm install @anthropic-ai/claude-agent-sdk@0.3.154 # or yarn add @anthropic-ai/claude-agent-sdk@0.3.154 # or pnpm add @anthropic-ai/claude-agent-sdk@0.3.154 # or bun add @anthropic-ai/claude-agent-sdk@0.3.154 </code></pre> <h2>v0.3.153</h2> <h2>What's changed</h2> <ul> <li>Updated to parity with Claude Code v2.1.153</li> </ul> <h2>Update</h2> <pre lang="sh"><code>npm install @anthropic-ai/claude-agent-sdk@0.3.153 # or yarn add @anthropic-ai/claude-agent-sdk@0.3.153 # or pnpm add @anthropic-ai/claude-agent-sdk@0.3.153 # or bun add @anthropic-ai/claude-agent-sdk@0.3.153 </code></pre>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/anthropics/claude-agent-sdk-typescript/blob/main/CHANGELOG.md">@anthropic-ai/claude-agent-sdk's changelog</a>.</em></p> <blockquote> <h2>0.3.156</h2> <ul> <li>Updated to parity with Claude Code v2.1.156</li> </ul> <h2>0.3.155</h2> <ul> <li>Updated to parity with Claude Code v2.1.155</li> </ul> <h2>0.3.154</h2> <ul> <li>Fixed stdio MCP servers being incorrectly restarted on every reconcile pass due to config-equality false positives</li> </ul> <h2>0.3.153</h2> <ul> <li>Updated to parity with Claude Code v2.1.153</li> </ul> <h2>0.3.152</h2> <ul> <li><code>SessionStart</code> hooks can now return <code>reloadSkills: true</code> to trigger a skill re-scan, and set the session title via <code>hookSpecificOutput.sessionTitle</code></li> <li>Added a <code>MessageDisplay</code> hook event that lets hooks transform or hide assistant message text as it is displayed</li> </ul> <h2>0.3.151</h2> <ul> <li>Updated to parity with Claude Code v2.1.151</li> </ul> <h2>0.3.150</h2> <ul> <li>The <code>api_retry</code> system message now reports <code>error: 'overloaded'</code> for 529 responses, instead of <code>'rate_limit'</code> (which is now reserved for 429). Consumers that handled 529 via <code>error === 'rate_limit'</code> should also match <code>'overloaded'</code>, or switch to <code>error_status === 529</code>.</li> <li>Updated to parity with Claude Code v2.1.150</li> </ul> <h2>0.3.149</h2> <ul> <li>Fixed <code>options.env</code> dropping <code>CLAUDE_AGENT_SDK_VERSION</code> (used for <code>User-Agent</code> and telemetry) when a custom environment is supplied, and corrected the <code>Options.env</code> docs to state that the value replaces the subprocess environment rather than merging with <code>process.env</code></li> </ul> <h2>0.3.148</h2> <ul> <li>Updated to parity with Claude Code v2.1.148</li> </ul> <h2>0.3.147</h2> <ul> <li>Updated to parity with Claude Code v2.1.147</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/anthropics/claude-agent-sdk-typescript/commit/0d871c8bd74bcf5902f49b329eff3c23ae8e14df"><code>0d871c8</code></a> chore: Update CHANGELOG.md</li> <li><a href="https://github.com/anthropics/claude-agent-sdk-typescript/commit/7f73ab1b54878340d4a7ab7f35a1c2b6cc7de490"><code>7f73ab1</code></a> chore: Update CHANGELOG.md</li> <li><a href="https://github.com/anthropics/claude-agent-sdk-typescript/commit/8039cb08921ab09047d34b61388771d76c7c1c9b"><code>8039cb0</code></a> chore: Update CHANGELOG.md</li> <li><a href="https://github.com/anthropics/claude-agent-sdk-typescript/commit/33218719ae7669f46e7d6fec91dba8a10435ee37"><code>3321871</code></a> chore: Update CHANGELOG.md</li> <li><a href="https://github.com/anthropics/claude-agent-sdk-typescript/commit/4fed972a4e1e8c8cf09a03b3562da78664703859"><code>4fed972</code></a> chore: Update CHANGELOG.md</li> <li><a href="https://github.com/anthropics/claude-agent-sdk-typescript/commit/c15f6e270b5240290eefb91db016a7c0c1e46566"><code>c15f6e2</code></a> Use workload identity federation for Claude auth in issue triage (<a href="https://redirect.github.com/anthropics/claude-agent-sdk-typescript/issues/335">#335</a>)</li> <li><a href="https://github.com/anthropics/claude-agent-sdk-typescript/commit/fb2636c6ece0689638a8cf67c3d27318a172fa96"><code>fb2636c</code></a> chore: Update CHANGELOG.md</li> <li><a href="https://github.com/anthropics/claude-agent-sdk-typescript/commit/321a1055052a79f3703aa06bff7d550a371c115b"><code>321a105</code></a> chore: Update CHANGELOG.md</li> <li><a href="https://github.com/anthropics/claude-agent-sdk-typescript/commit/bf61f4ab9ab71a14496cedae439e435521b32575"><code>bf61f4a</code></a> chore: Update CHANGELOG.md</li> <li>See full diff in <a href="https://github.com/anthropics/claude-agent-sdk-typescript/compare/v0.3.146...v0.3.156">compare view</a></li> </ul> </details> <br /> Updates `@anthropic-ai/sdk` from 0.97.1 to 0.100.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/anthropics/anthropic-sdk-typescript/releases">@anthropic-ai/sdk's releases</a>.</em></p> <blockquote> <h2>sdk: v0.100.0</h2> <h2>0.100.0 (2026-05-28)</h2> <p>Full Changelog: <a href="https://github.com/anthropics/anthropic-sdk-typescript/compare/sdk-v0.99.0...sdk-v0.100.0">sdk-v0.99.0...sdk-v0.100.0</a></p> <h3>Features</h3> <ul> <li><strong>api:</strong> Add support for claude-opus-4-8, mid-conversation system blocks, and usage.output_tokens_details (<a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/bb0bf278ea0afdf383b6ea711cadf3ab788ea84a">bb0bf27</a>)</li> </ul> <h3>Documentation</h3> <ul> <li>replace literal newlines (<a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/66ba1421737231e50bcef295b4437ce60cc90be2">66ba142</a>)</li> </ul> <h2>sdk: v0.99.0</h2> <h2>0.99.0 (2026-05-27)</h2> <p>Full Changelog: <a href="https://github.com/anthropics/anthropic-sdk-typescript/compare/sdk-v0.98.1...sdk-v0.99.0">sdk-v0.98.1...sdk-v0.99.0</a></p> <h3>Features</h3> <ul> <li>support custom file size caps (<a href="https://redirect.github.com/anthropics/anthropic-sdk-typescript/issues/1029">#1029</a>) (<a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/814cd4c6b5b01e9640d52738d87fa61fc62991e7">814cd4c</a>)</li> </ul> <h3>Bug Fixes</h3> <ul> <li><strong>streaming:</strong> carry stop_details through message_delta accumulation (<a href="https://redirect.github.com/anthropics/anthropic-sdk-typescript/issues/1027">#1027</a>) (<a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/198bc277fdfccabe5e9f8a7723a2aa191b46af33">198bc27</a>)</li> </ul> <h2>sdk: v0.98.1</h2> <h2>0.98.1 (2026-05-26)</h2> <p>Full Changelog: <a href="https://github.com/anthropics/anthropic-sdk-typescript/compare/sdk-v0.98.0...sdk-v0.98.1">sdk-v0.98.0...sdk-v0.98.1</a></p> <h3>Bug Fixes</h3> <ul> <li><strong>client:</strong> preserve directory prefix in skills.versions.create uploads (<a href="https://redirect.github.com/anthropics/anthropic-sdk-typescript/issues/1024">#1024</a>) (<a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/abbcd6a47d84bc6efcf259f0f803158847f255cf">abbcd6a</a>)</li> </ul> <h3>Chores</h3> <ul> <li><strong>client:</strong> swap to using Trusted Publishing (<a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/821a50ef1fd64270e09c026a3235a34c647cdfab">821a50e</a>)</li> <li><strong>examples:</strong> rename managed-agents private-sandbox-worker example to self-hosted-sandbox-worker (<a href="https://redirect.github.com/anthropics/anthropic-sdk-typescript/issues/1023">#1023</a>) (<a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/49fe221fe444a72715a16e4ea2e318e54ba91d4a">49fe221</a>)</li> </ul> <h2>sdk: v0.98.0</h2> <h2>0.98.0 (2026-05-21)</h2> <p>Full Changelog: <a href="https://github.com/anthropics/anthropic-sdk-typescript/compare/sdk-v0.97.1...sdk-v0.98.0">sdk-v0.97.1...sdk-v0.98.0</a></p> <h3>Features</h3>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/anthropics/anthropic-sdk-typescript/blob/main/CHANGELOG.md">@anthropic-ai/sdk's changelog</a>.</em></p> <blockquote> <h2>0.100.0 (2026-05-28)</h2> <p>Full Changelog: <a href="https://github.com/anthropics/anthropic-sdk-typescript/compare/sdk-v0.99.0...sdk-v0.100.0">sdk-v0.99.0...sdk-v0.100.0</a></p> <h3>Features</h3> <ul> <li><strong>api:</strong> Add support for claude-opus-4-8, mid-conversation system blocks, and usage.output_tokens_details (<a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/bb0bf278ea0afdf383b6ea711cadf3ab788ea84a">bb0bf27</a>)</li> </ul> <h3>Documentation</h3> <ul> <li>replace literal newlines (<a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/66ba1421737231e50bcef295b4437ce60cc90be2">66ba142</a>)</li> </ul> <h2>0.99.0 (2026-05-27)</h2> <p>Full Changelog: <a href="https://github.com/anthropics/anthropic-sdk-typescript/compare/sdk-v0.98.1...sdk-v0.99.0">sdk-v0.98.1...sdk-v0.99.0</a></p> <h3>Features</h3> <ul> <li>support custom file size caps (<a href="https://redirect.github.com/anthropics/anthropic-sdk-typescript/issues/1029">#1029</a>) (<a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/814cd4c6b5b01e9640d52738d87fa61fc62991e7">814cd4c</a>)</li> </ul> <h3>Bug Fixes</h3> <ul> <li><strong>streaming:</strong> carry stop_details through message_delta accumulation (<a href="https://redirect.github.com/anthropics/anthropic-sdk-typescript/issues/1027">#1027</a>) (<a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/198bc277fdfccabe5e9f8a7723a2aa191b46af33">198bc27</a>)</li> </ul> <h2>0.98.1 (2026-05-26)</h2> <p>Full Changelog: <a href="https://github.com/anthropics/anthropic-sdk-typescript/compare/sdk-v0.98.0...sdk-v0.98.1">sdk-v0.98.0...sdk-v0.98.1</a></p> <h3>Bug Fixes</h3> <ul> <li><strong>client:</strong> preserve directory prefix in skills.versions.create uploads (<a href="https://redirect.github.com/anthropics/anthropic-sdk-typescript/issues/1024">#1024</a>) (<a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/abbcd6a47d84bc6efcf259f0f803158847f255cf">abbcd6a</a>)</li> </ul> <h3>Chores</h3> <ul> <li><strong>client:</strong> swap to using Trusted Publishing (<a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/821a50ef1fd64270e09c026a3235a34c647cdfab">821a50e</a>)</li> <li><strong>examples:</strong> rename managed-agents private-sandbox-worker example to self-hosted-sandbox-worker (<a href="https://redirect.github.com/anthropics/anthropic-sdk-typescript/issues/1023">#1023</a>) (<a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/49fe221fe444a72715a16e4ea2e318e54ba91d4a">49fe221</a>)</li> </ul> <h2>0.98.0 (2026-05-21)</h2> <p>Full Changelog: <a href="https://github.com/anthropics/anthropic-sdk-typescript/compare/sdk-v0.97.1...sdk-v0.98.0">sdk-v0.97.1...sdk-v0.98.0</a></p> <h3>Features</h3> <ul> <li><strong>api:</strong> Add support for thinking-token-count beta for estimated tokens in thinking block deltas when streaming (<a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/0528d47b0a390ee7f88d72f85ffe6079ae1c6c00">0528d47</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/6f97c4d68c67aa15aa96064e6bfdce14c6ca1452"><code>6f97c4d</code></a> chore: release main</li> <li><a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/1fd7ec701aa19bf83a6253b38cda2a9be972a00b"><code>1fd7ec7</code></a> feat(api): Add support for claude-opus-4-8, mid-conversation system blocks, a...</li> <li><a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/f5bfc105efc5fedad786ccf683d5e09532de02fc"><code>f5bfc10</code></a> docs: replace literal newlines</li> <li><a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/1b2500dcae08afdac762df4986b295708c21af66"><code>1b2500d</code></a> chore: release main</li> <li><a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/05304ab0ace3612c52de729bd259066dcb2dc5c6"><code>05304ab</code></a> ci: pin detect-breaking-changes actions to commit SHAs (<a href="https://redirect.github.com/anthropics/anthropic-sdk-typescript/issues/1022">#1022</a>)</li> <li><a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/1ec38204c89a2f2c29e818f13bf86dda7a61e5da"><code>1ec3820</code></a> fix(streaming): carry stop_details through message_delta accumulation (<a href="https://redirect.github.com/anthropics/anthropic-sdk-typescript/issues/1027">#1027</a>)</li> <li><a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/8bb6782c9548e3f38bd17e148690be093d626aca"><code>8bb6782</code></a> feat: support custom file size caps (<a href="https://redirect.github.com/anthropics/anthropic-sdk-typescript/issues/1029">#1029</a>)</li> <li><a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/1fe87f37472318a18d37025d3981ccf942d6f1d8"><code>1fe87f3</code></a> chore: release main</li> <li><a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/a654489537d06068e54dacac2406c42333e95bd3"><code>a654489</code></a> chore(client): swap to using Trusted Publishing</li> <li><a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/9c5c09856ece89df4023e1e0ed1dc97ea72d642e"><code>9c5c098</code></a> fix(client): preserve directory prefix in skills.versions.create uploads (<a href="https://redirect.github.com/anthropics/anthropic-sdk-typescript/issues/1024">#1024</a>)</li> <li>Additional commits viewable in <a href="https://github.com/anthropics/anthropic-sdk-typescript/compare/sdk-v0.97.1...sdk-v0.100.0">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~GitHub%20Actions">GitHub Actions</a>, a new releaser for <code>@anthropic-ai/sdk</code> since your current version.</p> </details> <br /> Updates `posthog-node` from 5.35.5 to 5.35.6 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/PostHog/posthog-js/blob/main/packages/node/CHANGELOG.md">posthog-node's changelog</a>.</em></p> <blockquote> <h2>5.35.6</h2> <h3>Patch Changes</h3> <ul> <li><a href="https://redirect.github.com/PostHog/posthog-js/pull/3681">#3681</a> <a href="https://github.com/PostHog/posthog-js/commit/7b84b7599d076c9c3c86f923f7d56cf937ad9874"><code>7b84b75</code></a> Thanks <a href="https://github.com/ablaszkiewicz"><code>@ablaszkiewicz</code></a>! - unify captureException in posthog core (2026-05-28)</li> <li>Updated dependencies [<a href="https://github.com/PostHog/posthog-js/commit/7b84b7599d076c9c3c86f923f7d56cf937ad9874"><code>7b84b75</code></a>]: <ul> <li><code>@posthog/core</code><a href="https://github.com/1"><code>@1</code></a>.29.13</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/PostHog/posthog-js/commit/a12207094c7e7a9b72dbdb513ade41d46df0dcda"><code>a122070</code></a> chore: update versions and lockfile [version bump]</li> <li><a href="https://github.com/PostHog/posthog-js/commit/7b84b7599d076c9c3c86f923f7d56cf937ad9874"><code>7b84b75</code></a> fix: unify capture exception (<a href="https://github.com/PostHog/posthog-js/tree/HEAD/packages/node/issues/3681">#3681</a>)</li> <li>See full diff in <a href="https://github.com/PostHog/posthog-js/commits/posthog-node@5.35.6/packages/node">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Julien Goux <hi@jgoux.dev>

## Summary Updates `update-scoop.ts` so manifests pushed to `supabase/scoop-bucket` follow the same structure as the official Scoop/Main bucket entry, while keeping our bucket-specific description. - Switch Windows artifacts from versioned `.zip` URLs to unversioned `.tar.gz` URLs (`supabase_windows_amd64.tar.gz` / `supabase_windows_arm64.tar.gz`), matching Main and the unversioned aliases already published on GitHub Releases. - Move `bin` to the top level as a string (`"bin": "supabase.exe"`) instead of per-architecture array entries. - Add the Main-style `autoupdate.hash` block pointing at `$baseurl/supabase_$version_checksums.txt`. - Keep `"description": "Supabase CLI"` rather than Main's Firebase tagline. - Preserve `--local` behavior by continuing to reference versioned tarballs from `dist/`, since local builds do not create unversioned aliases. ## Context The previous manifest layout (zip URLs, `bin` inside `architecture`) was the only one in our bucket with that shape and diverged from Scoop maintainer conventions. This aligns the generated JSON with what Main reviewers expect, without changing the installed binary name or release artifact contents.

…ps/cli-go/pkg/config/templates in the docker-minor group (#5494) Bumps the docker-minor group in /apps/cli-go/pkg/config/templates with 1 update: supabase/storage-api. Updates `supabase/storage-api` from v1.60.4 to v1.60.8 [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=supabase/storage-api&package-manager=docker&previous-version=v1.60.4&new-version=v1.60.8)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

This PR was automatically created to sync API types from the infrastructure repository. Changes were detected in the generated API code after syncing with the latest spec from infrastructure. Co-authored-by: supabase-cli-releaser[bot] <246109035+supabase-cli-releaser[bot]@users.noreply.github.com>

Adds support for explicitly specifying a git branch to associate with a new preview branch via the `--git-branch` flag in the `supabase branches create` command. ## Changes - **TypeScript CLI (next)**: Added `gitBranch` flag to the `create` command config with optional string value. The flag prefers explicitly provided values over auto-detected git branches from environment variables. - **TypeScript CLI (legacy)**: Added `gitBranch` flag to the legacy branches create command for backward compatibility. - **Go CLI**: Added `--git-branch` flag support to the branches create command, respecting explicit values over auto-detected branches. - **API integration**: Updated the branch creation API request to include the `git_branch` field when provided. - **Documentation**: Updated `SIDE_EFFECTS.md` to reflect the new `git_branch` parameter in the API request body and added the flag to the documented command flags. - **Tests**: Added integration test coverage for the new flag and verified that explicit `--git-branch` values take precedence over auto-detected branches. ## Implementation Details The implementation follows a preference hierarchy: explicitly provided `--git-branch` flag values take precedence over auto-detected git branches (from `GITHUB_HEAD_REF` or local git state). This allows users to override auto-detection when needed while maintaining backward compatibility for existing workflows that rely on auto-detection. https://claude.ai/code/session_01Vsgo83p6eooc7QUXuZXJVx Closes: CLI-1465 --------- Co-authored-by: Claude <noreply@anthropic.com>

## Summary `seed buckets` no longer calls vector bucket APIs just because `[storage.vector]` is enabled in the default config. It now reconciles vector buckets only when `[storage.vector.buckets.*]` entries are declared. When configured vector buckets hit `FeatureNotEnabled`, the CLI warns that vector buckets are not available in the project region yet and continues instead of failing the whole command.

## TL;DR ports `supabase gen signing-key` to ts ## whats introduced This adds a native ts implementation for `supabase gen signing-key` preserves the existing behavior for `--algorithm` and `--append`, generates JWK signing keys, loads `auth.signing_keys_path` from `supabase/config.toml`, resolves the configured path the same way as go did, handles overwrite vs append flows, writes the signing keys file directly, keeps the existing stdout/stderr split so the generated key stays shell friendly also added integration coverage... ## ref: closes CLI-1311 --------- Co-authored-by: Colum Ferry <cferry09@gmail.com>

## What Replaces the Phase-0 Go proxy for `supabase config push` with a native Effect implementation in the legacy shell (CLI-1305). It pushes the local `supabase/config.toml` to the linked project's Management API across all five services — **api**, **db** (settings / network_restrictions / ssl_enforcement), **auth**, **storage**, **experimental.webhooks** — in Go's order, with the per-service `GET → diff → confirm → PATCH/PUT/POST` flow from `pkg/config/updater.go`. ## Why `config push` was the last `config` subcommand still proxying to the bundled Go binary. It rests on essentially the whole Go `pkg/config` package (schema + per-service diff + update-body machinery). ## How it stays byte-exact with Go The output contract is strict 1:1 — same stderr text, same unified-diff bytes, same API routes, same exit codes. The parity-critical engine lives in `config-sync/` and is locked by golden fixtures generated from the Go binary: - **`config-sync.diff.ts`** — port of Go `pkg/diff` (anchored/patience unified diff). - **`config-sync.toml.ts`** — BurntSushi-parity TOML encoder driven by explicit per-service ordered field descriptors (ordering, `omitempty`, depth-1 blank lines, map sorting). - **`config-sync.units.ts` / `.duration.ts` / `.secret.ts`** — ports of `docker/go-units` (`RAMInBytes`/`BytesSize`), `time.ParseDuration`/`Duration.String`, and the `Secret` HMAC-SHA256 hashing. - **`{api,db,storage,experimental,auth}.sync.ts`** — push-subset projections + `FromRemote` + diff + update-body, one module per service. ## Orchestration - `push.handler.ts` — native orchestrator: cost-aware confirmation prompts, the auth MFA addon cost filter, telemetry + linked-project-cache flush on success **and** failure, and `--output-format json` / `stream-json` structured summaries. - `push.cost-matrix.ts` / `push.raw-presence.ts` — use raw HTTP / raw TOML where the typed client or decoded config can't express Go's behaviour: the generated addon `type` is a closed enum (Go uses a plain string), and `@supabase/config` defaults the nil-pointer sections `db.ssl_enforcement` / `storage.image_transformation` / `storage.s3_protocol` to present, so raw-key detection recovers Go's skip-when-absent semantics. ## `@supabase/api` schema corrections `config push` is the first native command to decode the auth and network-restrictions `GET` responses, which surfaced spots where the generated schema is stricter than the real API. Corrected via the test-guarded `openapi-overrides.json` + synced `contracts.ts`: - `AuthConfigResponse.nimbus_oauth_email_optional` → optional. The spec marks it `required`, but the live API omits the key. - `AuthConfigResponse.smtp_admin_email` / `sms_test_otp_valid_until` → nullable. The spec marks them `nullable: true`, but the generated schema dropped `Schema.Null` for these `format`-annotated fields; the live API returns them as `null`. Two `config-push` cli-e2e replay scenarios also had a recorded `GET /network-restrictions` body missing `status`; it's added to match the live API and the per-endpoint recorded fixtures. ## Reviewer notes - **Secrets:** the diff serialises the `hash:<sha256>` form (Go `Secret.MarshalText`), but the **update body sends the raw plaintext** value (Go `Secret.Value`), gated by hash presence. Covered by a regression test. - `requestWithAuth` is hoisted to `legacy/shared/legacy-raw-http.ts` and shared with `postgres-config`. - **Known gaps (documented in `SIDE_EFFECTS.md`):** a matched `[remotes.*]` block aborts with exit 1 rather than overlaying a defaulted subtree; `encrypted:` dotenvx secret decryption is not reproduced (such secrets are skipped, not pushed as ciphertext). - `docs/go-cli-porting-status.md` flips `config push` → `ported`.

…#5503) Bumps the npm-major group with 9 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@anthropic-ai/claude-agent-sdk](https://github.com/anthropics/claude-agent-sdk-typescript) | `0.3.156` | `0.3.159` | | [@anthropic-ai/sdk](https://github.com/anthropics/anthropic-sdk-typescript) | `0.100.0` | `0.100.1` | | [@clack/prompts](https://github.com/bombshell-dev/clack/tree/HEAD/packages/prompts) | `1.4.0` | `1.5.0` | | [ink](https://github.com/vadimdemedes/ink) | `7.0.4` | `7.0.5` | | [posthog-node](https://github.com/PostHog/posthog-js/tree/HEAD/packages/node) | `5.35.6` | `5.35.8` | | [fumadocs-core](https://github.com/fuma-nama/fumadocs) | `16.9.2` | `16.9.3` | | [fumadocs-mdx](https://github.com/fuma-nama/fumadocs) | `15.0.9` | `15.0.10` | | [fumadocs-ui](https://github.com/fuma-nama/fumadocs) | `16.9.2` | `16.9.3` | | [knip](https://github.com/webpro-nl/knip/tree/HEAD/packages/knip) | `6.14.2` | `6.15.0` | Updates `@anthropic-ai/claude-agent-sdk` from 0.3.156 to 0.3.159 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/anthropics/claude-agent-sdk-typescript/releases">@anthropic-ai/claude-agent-sdk's releases</a>.</em></p> <blockquote> <h2>v0.3.159</h2> <h2>What's changed</h2> <ul> <li>Updated to parity with Claude Code v2.1.159</li> </ul> <h2>Update</h2> <pre lang="sh"><code>npm install @anthropic-ai/claude-agent-sdk@0.3.159 # or yarn add @anthropic-ai/claude-agent-sdk@0.3.159 # or pnpm add @anthropic-ai/claude-agent-sdk@0.3.159 # or bun add @anthropic-ai/claude-agent-sdk@0.3.159 </code></pre> <h2>v0.3.158</h2> <h2>What's changed</h2> <ul> <li>Updated to parity with Claude Code v2.1.158</li> </ul> <h2>Update</h2> <pre lang="sh"><code>npm install @anthropic-ai/claude-agent-sdk@0.3.158 # or yarn add @anthropic-ai/claude-agent-sdk@0.3.158 # or pnpm add @anthropic-ai/claude-agent-sdk@0.3.158 # or bun add @anthropic-ai/claude-agent-sdk@0.3.158 </code></pre> <h2>v0.3.157</h2> <h2>What's changed</h2> <ul> <li>Updated to parity with Claude Code v2.1.157</li> </ul> <h2>Update</h2> <pre lang="sh"><code>npm install @anthropic-ai/claude-agent-sdk@0.3.157 # or yarn add @anthropic-ai/claude-agent-sdk@0.3.157 # or pnpm add @anthropic-ai/claude-agent-sdk@0.3.157 # or bun add @anthropic-ai/claude-agent-sdk@0.3.157 </code></pre> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/anthropics/claude-agent-sdk-typescript/blob/main/CHANGELOG.md">@anthropic-ai/claude-agent-sdk's changelog</a>.</em></p> <blockquote> <h2>0.3.159</h2> <ul> <li>Updated to parity with Claude Code v2.1.159</li> </ul> <h2>0.3.158</h2> <ul> <li>Updated to parity with Claude Code v2.1.158</li> </ul> <h2>0.3.157</h2> <ul> <li>Updated to parity with Claude Code v2.1.157</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/anthropics/claude-agent-sdk-typescript/commit/e3a20564b59d8ca10f8c3a4dc71ef37b9cf97bca"><code>e3a2056</code></a> chore: Update CHANGELOG.md</li> <li><a href="https://github.com/anthropics/claude-agent-sdk-typescript/commit/7337b9fdd2b968b8d9101cebb069628defc5467d"><code>7337b9f</code></a> chore: Update CHANGELOG.md</li> <li><a href="https://github.com/anthropics/claude-agent-sdk-typescript/commit/80b644339f601b7c0805471bf189b6f7e6194107"><code>80b6443</code></a> chore: Update CHANGELOG.md</li> <li>See full diff in <a href="https://github.com/anthropics/claude-agent-sdk-typescript/compare/v0.3.156...v0.3.159">compare view</a></li> </ul> </details> <br /> Updates `@anthropic-ai/sdk` from 0.100.0 to 0.100.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/anthropics/anthropic-sdk-typescript/releases">@anthropic-ai/sdk's releases</a>.</em></p> <blockquote> <h2>sdk: v0.100.1</h2> <h2>0.100.1 (2026-05-29)</h2> <p>Full Changelog: <a href="https://github.com/anthropics/anthropic-sdk-typescript/compare/sdk-v0.100.0...sdk-v0.100.1">sdk-v0.100.0...sdk-v0.100.1</a></p> <h3>Bug Fixes</h3> <ul> <li><strong>streaming:</strong> carry encrypted_content on beta compaction blocks (<a href="https://redirect.github.com/anthropics/anthropic-sdk-typescript/issues/1025">#1025</a>) (<a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/eccddf3ed28645bceed2f3b6eb7826466377f1e8">eccddf3</a>)</li> </ul> <h3>Chores</h3> <ul> <li><strong>client:</strong> update lockfiles to have proper dependencies on standardwebhooks (<a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/5e9b5237e53aefda65637bd11eb0d07f50bbc952">5e9b523</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/anthropics/anthropic-sdk-typescript/blob/main/CHANGELOG.md">@anthropic-ai/sdk's changelog</a>.</em></p> <blockquote> <h2>0.100.1 (2026-05-29)</h2> <p>Full Changelog: <a href="https://github.com/anthropics/anthropic-sdk-typescript/compare/sdk-v0.100.0...sdk-v0.100.1">sdk-v0.100.0...sdk-v0.100.1</a></p> <h3>Bug Fixes</h3> <ul> <li><strong>streaming:</strong> carry encrypted_content on beta compaction blocks (<a href="https://redirect.github.com/anthropics/anthropic-sdk-typescript/issues/1025">#1025</a>) (<a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/eccddf3ed28645bceed2f3b6eb7826466377f1e8">eccddf3</a>)</li> </ul> <h3>Chores</h3> <ul> <li><strong>client:</strong> update lockfiles to have proper dependencies on standardwebhooks (<a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/5e9b5237e53aefda65637bd11eb0d07f50bbc952">5e9b523</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/512605fa9b5c703d8b523fe62abed37e47a90d98"><code>512605f</code></a> chore: release main</li> <li><a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/d0148df1881f492caa9709cfca7002de6ad06740"><code>d0148df</code></a> codegen metadata</li> <li><a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/4d836b47ef5a6a54ff066eb0be9a076b60e4002d"><code>4d836b4</code></a> codegen metadata</li> <li><a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/323e350620ededff964b2b6930a6d182e3167521"><code>323e350</code></a> codegen metadata</li> <li><a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/ea36df73efb2439fc82a86f7c3782e8ca5726048"><code>ea36df7</code></a> chore(client): update lockfiles to have proper dependencies on standardwebhooks</li> <li><a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/0ea1922fadab460f103f94fd39b975170cf6ee0a"><code>0ea1922</code></a> codegen metadata</li> <li><a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/991d88f14b7bd92b63dfc902ee5029dfa265273e"><code>991d88f</code></a> fix(streaming): carry encrypted_content on beta compaction blocks (<a href="https://redirect.github.com/anthropics/anthropic-sdk-typescript/issues/1025">#1025</a>)</li> <li>See full diff in <a href="https://github.com/anthropics/anthropic-sdk-typescript/compare/sdk-v0.100.0...sdk-v0.100.1">compare view</a></li> </ul> </details> <br /> Updates `@clack/prompts` from 1.4.0 to 1.5.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/bombshell-dev/clack/releases">@clack/prompts's releases</a>.</em></p> <blockquote> <h2><code>@clack/prompts</code><a href="https://github.com/1"><code>@1</code></a>.5.0</h2> <h3>Minor Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/bombshell-dev/clack/pull/543">#543</a> <a href="https://github.com/bombshell-dev/clack/commit/83428ac6d8bc5eda87615cc7b1f14e0c8b16e1b6"><code>83428ac</code></a> Thanks <a href="https://github.com/florian-lefebvre"><code>@florian-lefebvre</code></a>! - Adds support for Standard Schema validation</p> <p>Prompts accept an optional <code>validate()</code> function to validate user input. While a function provides more flexibility and customization over your validation, it can be a bit verbose. To help solve this, there are libraries that provide schema-based validation to make shorthand and type-strict validation substantially easier.</p> <p>Libraries following the <a href="https://github.com/standard-schema/standard-schema">Standard Schema specification</a> are now natively supported. For example, using <a href="https://arktype.io/">Arktype</a>:</p> <pre lang="diff"><code>import { text } from '@clack/prompts'; import { type } from 'arktype'; <p>const name = await text({ message: 'Enter your email',</p> <ul> <li>validate: type('string.email').describe('Invalid email'), }); </code></pre></li> </ul> </li> </ul> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/bombshell-dev/clack/pull/542">#542</a> <a href="https://github.com/bombshell-dev/clack/commit/adb6af9f5fb39408934323a7415beb46b63ecd9a"><code>adb6af9</code></a> Thanks <a href="https://github.com/ghostdevv"><code>@ghostdevv</code></a>! - docs: add jsdoc for <code>box</code>, <code>group</code>, and <code>group-multi-select</code></p> </li> <li> <p><a href="https://redirect.github.com/bombshell-dev/clack/pull/534">#534</a> <a href="https://github.com/bombshell-dev/clack/commit/3dcb31a7d63827d95a5a52ac630cbd48e3a68364"><code>3dcb31a</code></a> Thanks <a href="https://github.com/MattStypa"><code>@MattStypa</code></a>! - Fixed spaces and uppercase characters in multiline prompt</p> </li> <li> <p><a href="https://redirect.github.com/bombshell-dev/clack/pull/540">#540</a> <a href="https://github.com/bombshell-dev/clack/commit/3170ed94dc2a6ed7973228d46c664fb7461969ad"><code>3170ed9</code></a> Thanks <a href="https://github.com/ghostdevv"><code>@ghostdevv</code></a>! - docs: add jsdoc for <code>autocomplete</code>, <code>confirm</code>, and <code>path</code> prompts</p> </li> <li> <p>Updated dependencies [<a href="https://github.com/bombshell-dev/clack/commit/83428ac6d8bc5eda87615cc7b1f14e0c8b16e1b6"><code>83428ac</code></a>, <a href="https://github.com/bombshell-dev/clack/commit/3dcb31a7d63827d95a5a52ac630cbd48e3a68364"><code>3dcb31a</code></a>]:</p> <ul> <li><code>@clack/core</code><a href="https://github.com/1"><code>@1</code></a>.4.0</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/bombshell-dev/clack/blob/main/packages/prompts/CHANGELOG.md">@clack/prompts's changelog</a>.</em></p> <blockquote> <h2>1.5.0</h2> <h3>Minor Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/bombshell-dev/clack/pull/543">#543</a> <a href="https://github.com/bombshell-dev/clack/commit/83428ac6d8bc5eda87615cc7b1f14e0c8b16e1b6"><code>83428ac</code></a> Thanks <a href="https://github.com/florian-lefebvre"><code>@florian-lefebvre</code></a>! - Adds support for Standard Schema validation</p> <p>Prompts accept an optional <code>validate()</code> function to validate user input. While a function provides more flexibility and customization over your validation, it can be a bit verbose. To help solve this, there are libraries that provide schema-based validation to make shorthand and type-strict validation substantially easier.</p> <p>Libraries following the <a href="https://github.com/standard-schema/standard-schema">Standard Schema specification</a> are now natively supported. For example, using <a href="https://arktype.io/">Arktype</a>:</p> <pre lang="diff"><code>import { text } from '@clack/prompts'; import { type } from 'arktype'; <p>const name = await text({ message: 'Enter your email',</p> <ul> <li>validate: type('string.email').describe('Invalid email'), }); </code></pre></li> </ul> </li> </ul> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/bombshell-dev/clack/pull/542">#542</a> <a href="https://github.com/bombshell-dev/clack/commit/adb6af9f5fb39408934323a7415beb46b63ecd9a"><code>adb6af9</code></a> Thanks <a href="https://github.com/ghostdevv"><code>@ghostdevv</code></a>! - docs: add jsdoc for <code>box</code>, <code>group</code>, and <code>group-multi-select</code></p> </li> <li> <p><a href="https://redirect.github.com/bombshell-dev/clack/pull/534">#534</a> <a href="https://github.com/bombshell-dev/clack/commit/3dcb31a7d63827d95a5a52ac630cbd48e3a68364"><code>3dcb31a</code></a> Thanks <a href="https://github.com/MattStypa"><code>@MattStypa</code></a>! - Fixed spaces and uppercase characters in multiline prompt</p> </li> <li> <p><a href="https://redirect.github.com/bombshell-dev/clack/pull/540">#540</a> <a href="https://github.com/bombshell-dev/clack/commit/3170ed94dc2a6ed7973228d46c664fb7461969ad"><code>3170ed9</code></a> Thanks <a href="https://github.com/ghostdevv"><code>@ghostdevv</code></a>! - docs: add jsdoc for <code>autocomplete</code>, <code>confirm</code>, and <code>path</code> prompts</p> </li> <li> <p>Updated dependencies [<a href="https://github.com/bombshell-dev/clack/commit/83428ac6d8bc5eda87615cc7b1f14e0c8b16e1b6"><code>83428ac</code></a>, <a href="https://github.com/bombshell-dev/clack/commit/3dcb31a7d63827d95a5a52ac630cbd48e3a68364"><code>3dcb31a</code></a>]:</p> <ul> <li><code>@clack/core</code><a href="https://github.com/1"><code>@1</code></a>.4.0</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/bombshell-dev/clack/commit/030ba4d776e5985050c0e2712da7008bd93b8847"><code>030ba4d</code></a> [ci] release (<a href="https://github.com/bombshell-dev/clack/tree/HEAD/packages/prompts/issues/539">#539</a>)</li> <li><a href="https://github.com/bombshell-dev/clack/commit/83428ac6d8bc5eda87615cc7b1f14e0c8b16e1b6"><code>83428ac</code></a> feat: standard schema for validation (<a href="https://github.com/bombshell-dev/clack/tree/HEAD/packages/prompts/issues/543">#543</a>)</li> <li><a href="https://github.com/bombshell-dev/clack/commit/adb6af9f5fb39408934323a7415beb46b63ecd9a"><code>adb6af9</code></a> docs: add jsdoc for <code>box</code>, <code>group</code>, and <code>group-multi-select</code> (<a href="https://github.com/bombshell-dev/clack/tree/HEAD/packages/prompts/issues/542">#542</a>)</li> <li><a href="https://github.com/bombshell-dev/clack/commit/3170ed94dc2a6ed7973228d46c664fb7461969ad"><code>3170ed9</code></a> docs: add jsdoc for <code>autocomplete</code>, <code>confirm</code>, and <code>path</code> prompts (<a href="https://github.com/bombshell-dev/clack/tree/HEAD/packages/prompts/issues/540">#540</a>)</li> <li><a href="https://github.com/bombshell-dev/clack/commit/3dcb31a7d63827d95a5a52ac630cbd48e3a68364"><code>3dcb31a</code></a> fix: spaces and uppercase characters in multiline input (<a href="https://github.com/bombshell-dev/clack/tree/HEAD/packages/prompts/issues/534">#534</a>)</li> <li>See full diff in <a href="https://github.com/bombshell-dev/clack/commits/@clack/prompts@1.5.0/packages/prompts">compare view</a></li> </ul> </details> <br /> Updates `ink` from 7.0.4 to 7.0.5 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vadimdemedes/ink/releases">ink's releases</a>.</em></p> <blockquote> <h2>v7.0.5</h2> <ul> <li>Fix: Handle incomplete stack frames in error overview (<a href="https://redirect.github.com/vadimdemedes/ink/issues/965">#965</a>) b2350c1</li> </ul> <hr /> <p><a href="https://github.com/vadimdemedes/ink/compare/v7.0.4...v7.0.5">https://github.com/vadimdemedes/ink/compare/v7.0.4...v7.0.5</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vadimdemedes/ink/commit/cb222feec2bd4a70ec2e559997f73f6119d21329"><code>cb222fe</code></a> 7.0.5</li> <li><a href="https://github.com/vadimdemedes/ink/commit/dca5c06b8bc37688d406e1a65589e24315762d30"><code>dca5c06</code></a> Fix: Update to xo 2 (<a href="https://redirect.github.com/vadimdemedes/ink/issues/962">#962</a>)</li> <li><a href="https://github.com/vadimdemedes/ink/commit/b2350c1e800ab5aadb14c0140ffb2797038e75f3"><code>b2350c1</code></a> Fix: Handle incomplete stack frames in error overview (<a href="https://redirect.github.com/vadimdemedes/ink/issues/965">#965</a>)</li> <li>See full diff in <a href="https://github.com/vadimdemedes/ink/compare/v7.0.4...v7.0.5">compare view</a></li> </ul> </details> <br /> Updates `posthog-node` from 5.35.6 to 5.35.8 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/PostHog/posthog-js/blob/main/packages/node/CHANGELOG.md">posthog-node's changelog</a>.</em></p> <blockquote> <h2>5.35.8</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies []: <ul> <li><code>@posthog/core</code><a href="https://github.com/1"><code>@1</code></a>.29.15</li> </ul> </li> </ul> <h2>5.35.7</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies [<a href="https://github.com/PostHog/posthog-js/commit/d9ad1993d320ffc899dd57ce2f1cf1787e9c6635"><code>d9ad199</code></a>]: <ul> <li><code>@posthog/core</code><a href="https://github.com/1"><code>@1</code></a>.29.14</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/PostHog/posthog-js/commit/88bd500cb0af9317d76342f24d84c70bbf790111"><code>88bd500</code></a> chore: update versions and lockfile [version bump]</li> <li><a href="https://github.com/PostHog/posthog-js/commit/af69e9c924b6f37719e848448fa4b3472859154f"><code>af69e9c</code></a> chore: update versions and lockfile [version bump]</li> <li><a href="https://github.com/PostHog/posthog-js/commit/4eb54169fc1880e02163127882ff2c74e17166c0"><code>4eb5416</code></a> test(node): drain promise queue in captureException context tests (<a href="https://github.com/PostHog/posthog-js/tree/HEAD/packages/node/issues/3696">#3696</a>)</li> <li>See full diff in <a href="https://github.com/PostHog/posthog-js/commits/posthog-node@5.35.8/packages/node">compare view</a></li> </ul> </details> <br /> Updates `fumadocs-core` from 16.9.2 to 16.9.3 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/fuma-nama/fumadocs/releases">fumadocs-core's releases</a>.</em></p> <blockquote> <h2>fumadocs-core@16.9.3</h2> <h3>Patch Changes</h3> <ul> <li>42f0255: Support <code>invalidate</code> & <code>revalidate</code> on dynamic loader</li> <li>a807798: Improve source API utils & types</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/fuma-nama/fumadocs/commits/fumadocs-core@16.9.3">compare view</a></li> </ul> </details> <br /> Updates `fumadocs-mdx` from 15.0.9 to 15.0.10 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/fuma-nama/fumadocs/releases">fumadocs-mdx's releases</a>.</em></p> <blockquote> <h2>fumadocs-mdx@15.0.10</h2> <h3>Patch Changes</h3> <ul> <li>d35d0d6: Respect <code>root</code> in Vite config</li> <li>Updated dependencies [42f0255]</li> <li>Updated dependencies [a807798] <ul> <li>fumadocs-core@16.9.3</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/fuma-nama/fumadocs/commit/34b75a0cfb8fd345f0ad04799630f8b329c2fe92"><code>34b75a0</code></a> Version Packages (<a href="https://redirect.github.com/fuma-nama/fumadocs/issues/3324">#3324</a>)</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/73b9cec605ecd7f17b7faff8e9aafdb0d1ecab71"><code>73b9cec</code></a> docs: fix build</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/d35d0d6a43492f8a185889d92fa8af8a991761f2"><code>d35d0d6</code></a> fix(mdx): respect <code>root</code> in Vite config</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/a9f95ffbd913deac945bb420b6fb77589b7a7c8d"><code>a9f95ff</code></a> chore: bump deps</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/783c048904305b4769293b047c27f9bd2ad9e31f"><code>783c048</code></a> fix(preview): fix invalid content type in <code>/img</code> endpoint</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/42f02559dabd35137b28c29597c10bd7dad90fea"><code>42f0255</code></a> feat(core): support <code>invalidate</code> & <code>revalidate</code> on dynamic loader</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/a8077981c657305fe72b4db859768d4daa4f0488"><code>a807798</code></a> fix(core): improve source API utils & types</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/8b1701942c336148141b9a8dd80bb110a4227f70"><code>8b17019</code></a> docs: document LLM_GATEWAY_MODEL for Ask AI (<a href="https://redirect.github.com/fuma-nama/fumadocs/issues/3319">#3319</a>)</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/cad622e541bdd38d552224f621f7ec1f5a257e25"><code>cad622e</code></a> Merge pull request <a href="https://redirect.github.com/fuma-nama/fumadocs/issues/3318">#3318</a> from smakosh/feat/llmgateway-ai-provider</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/ee98724b9a13df85331016f1f7079e4e41d82e40"><code>ee98724</code></a> fix(openapi): newer scalar client</li> <li>Additional commits viewable in <a href="https://github.com/fuma-nama/fumadocs/compare/fumadocs-mdx@15.0.9...fumadocs-mdx@15.0.10">compare view</a></li> </ul> </details> <br /> Updates `fumadocs-ui` from 16.9.2 to 16.9.3 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/fuma-nama/fumadocs/releases">fumadocs-ui's releases</a>.</em></p> <blockquote> <h2>fumadocs-ui@16.9.3</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies [42f0255]</li> <li>Updated dependencies [a807798] <ul> <li>fumadocs-core@16.9.3</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/fuma-nama/fumadocs/commits/fumadocs-ui@16.9.3">compare view</a></li> </ul> </details> <br /> Updates `knip` from 6.14.2 to 6.15.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/webpro-nl/knip/releases">knip's releases</a>.</em></p> <blockquote> <h2>Release 6.15.0</h2> <ul> <li>Report exported type used only in inferred-return function body (resolve <a href="https://github.com/webpro-nl/knip/tree/HEAD/packages/knip/issues/1765">#1765</a>) (2413408753f7abc7a9dfdba520990afd18c53ee0)</li> <li>Work that EXPORTS.md again (7e13451fab7ad85362fb63a4715ea450690aedef)</li> <li>Update npmx ecosystem snapshot (dfc401145a880f156c66eb83ea1622a99540304a)</li> <li>Link <code>dependencies</code> key with notes (closes <a href="https://github.com/webpro-nl/knip/tree/HEAD/packages/knip/issues/1764">#1764</a>) (e3e66cea9e946558940bf8705129efea3f23b3ba)</li> <li>Resolve tsconfig paths when loading plugin configs (<a href="https://github.com/webpro-nl/knip/tree/HEAD/packages/knip/issues/1762">#1762</a>) (0177c7466559e2ae99b5e1cd1e3a8043ca494edc) - thanks <a href="https://github.com/jakeleventhal"><code>@jakeleventhal</code></a>!</li> <li>Avoid caching failed plugin config loads (<a href="https://github.com/webpro-nl/knip/tree/HEAD/packages/knip/issues/1768">#1768</a>) (5e201cde9b1ba2568ead2ae790ab888c966828ae) - thanks <a href="https://github.com/jakeleventhal"><code>@jakeleventhal</code></a>!</li> <li>Resolve extensionless .sass imports in SCSS compiler (<a href="https://github.com/webpro-nl/knip/tree/HEAD/packages/knip/issues/1770">#1770</a>) (30c22835383b2355787cc2a871b22de80ff75544) - thanks <a href="https://github.com/sebacardello"><code>@sebacardello</code></a>!</li> <li>fix(vite): detect inline module script entry points in index.html (<a href="https://github.com/webpro-nl/knip/tree/HEAD/packages/knip/issues/1772">#1772</a>) (51f4eddc9e1b2fed1ba25e81fc596e9fb514ce01) - thanks <a href="https://github.com/lucas-spin"><code>@lucas-spin</code></a>!</li> <li>Harden vite inline module script import detection (b8abcfd2f4f5486aea08a934514bc55de86be030)</li> <li>Use RecordableHistogram for timerified function stats (d575c6905704af1b0b4620edd874fc09bc86ed28)</li> <li>Add orval plugin (resolves <a href="https://github.com/webpro-nl/knip/tree/HEAD/packages/knip/issues/1751">#1751</a>) (4c82aa82c2a02fbda27a316389f210d11621f8cb)</li> <li>Add treatTagHintsAsErrors and --no-tag-hints (resolves <a href="https://github.com/webpro-nl/knip/tree/HEAD/packages/knip/issues/1767">#1767</a>) (4b6a573e0c1e0daf65c76c32f7336ea71db6bb64)</li> <li>Add nano-spawn plugin (resolves <a href="https://github.com/webpro-nl/knip/tree/HEAD/packages/knip/issues/1769">#1769</a>) (b2cad06dfd9958485537c5545c6c497fc8823ac3)</li> <li>Simplify glob cache validation and ignore-list assembly (df1a9603a5ea8ed7bad9588bf13672cedf37c90e)</li> <li>Dedupe ignore-pattern collection and dependency fixing (d49b626ad6736d7123d44568ef8c42a3e1d28aa3)</li> <li>Simplify installed-binaries collection in manifest metadata (55143941eebbc8dac12c79b77c1f65a8b61dfbef)</li> <li>Flatten control flow in ConfigurationChief (010d5709b0f9a3adc5ebe6e7169b9f5c4f29abc5)</li> <li>Inline trivial installed-binaries and types-included accessors (b5afb9f29e3474eee4bf276c1de83cb0682a5663)</li> <li>Format (eb4b178d5d90a719cdc576d644766f8f95a47876)</li> <li>Replace <code>@wdio/types</code> dev dep with inline types (a3747d61ee0e594854e5da0ca6cb7597e0096b99)</li> <li>Bump dependencies (822ab3905cb7b5a216404231607a7820105930a2)</li> <li>Work AGENTS.md, etcetera (361bd4803934a01e01b08170565f8374e4e49eb2)</li> <li>Remove rootDirs workaround resolved by oxc-resolver 11.20.0 (e190a9fec22db41975cf9568a31970a05c86e66b)</li> <li>Add nuxt no-root-tsconfig fixture guarding alias resolution (e3e5bc94d5f7b6ffdbc89b18d7c8d5acbb5a9008)</li> <li>Allow extra args for release-it (f9c59952fa2c8c4c13bd42edc0935610900d1980)</li> <li>Add <a href="https://github.com/vercel"><code>@vercel</code></a> as platinum sponsor (c4c06a9149c986680f0d1aa74b57a46ff1f88601)</li> <li>Overhaul & improve --trace functionailty (60df0b05f364c8d841c0f784a06bab2a3215a32f)</li> <li>Re-gen plugins.md (0f9d044d312053154498a562e3a9422a4f44afe6)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/webpro-nl/knip/commit/3f3769e37b75e3d35e3713e8435735adc00df52b"><code>3f3769e</code></a> Release knip@6.15.0</li> <li><a href="https://github.com/webpro-nl/knip/commit/60df0b05f364c8d841c0f784a06bab2a3215a32f"><code>60df0b0</code></a> Overhaul & improve --trace functionailty</li> <li><a href="https://github.com/webpro-nl/knip/commit/e3e5bc94d5f7b6ffdbc89b18d7c8d5acbb5a9008"><code>e3e5bc9</code></a> Add nuxt no-root-tsconfig fixture guarding alias resolution</li> <li><a href="https://github.com/webpro-nl/knip/commit/e190a9fec22db41975cf9568a31970a05c86e66b"><code>e190a9f</code></a> Remove rootDirs workaround resolved by oxc-resolver 11.20.0</li> <li><a href="https://github.com/webpro-nl/knip/commit/822ab3905cb7b5a216404231607a7820105930a2"><code>822ab39</code></a> Bump dependencies</li> <li><a href="https://github.com/webpro-nl/knip/commit/a3747d61ee0e594854e5da0ca6cb7597e0096b99"><code>a3747d6</code></a> Replace <code>@wdio/types</code> dev dep with inline types</li> <li><a href="https://github.com/webpro-nl/knip/commit/eb4b178d5d90a719cdc576d644766f8f95a47876"><code>eb4b178</code></a> Format</li> <li><a href="https://github.com/webpro-nl/knip/commit/b5afb9f29e3474eee4bf276c1de83cb0682a5663"><code>b5afb9f</code></a> Inline trivial installed-binaries and types-included accessors</li> <li><a href="https://github.com/webpro-nl/knip/commit/010d5709b0f9a3adc5ebe6e7169b9f5c4f29abc5"><code>010d570</code></a> Flatten control flow in ConfigurationChief</li> <li><a href="https://github.com/webpro-nl/knip/commit/55143941eebbc8dac12c79b77c1f65a8b61dfbef"><code>5514394</code></a> Simplify installed-binaries collection in manifest metadata</li> <li>Additional commits viewable in <a href="https://github.com/webpro-nl/knip/commits/knip@6.15.0/packages/knip">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Julien Goux <hi@jgoux.dev>

) ## What Switches `supabase db pull --diff-engine pg-delta` to drive its initial pull from pg-delta's catalog diff instead of `pg_dump`, and lands the supporting plumbing (remote TLS handling, debug bundles, and a local pg-delta dev workflow) needed to make that path reliable against Cloud. Closes CLI-1472. ## Why The legacy initial-pull pipeline is `pg_dump` → restore into a local shadow → diff. That round-trip silently destroys ownership for any object the local `postgres` role can't assume: `pg_dump` emits `ALTER ... OWNER TO supabase_admin` (etc.), the restore runs as a non-superuser so the owner is dropped, and every restored object then reports `owner = postgres`. pg-delta's supabase integration filter drops platform-managed objects by `owner ∈ SUPABASE_SYSTEM_ROLES`, so once the owner signal is gone those objects leak into the user's migration file and break `supabase db reset` (CLI-1469 FDW ACLs, CLI-1470 Wasm wrappers). pg-delta already speaks `pg_catalog` directly via `extractCatalog`, preserving ownership, so diffing the remote catalog against an empty shadow produces a clean initial migration without `pg_dump` in the loop. ## What changed ### Initial-pull routing - `db pull` no longer runs `dumpRemoteSchema` on the initial pull when the pg-delta diff engine is selected; the shadow diff is the sole producer of the migration file (`internal/db/pull/pull.go`, `cmd/db.go`). - `shouldUseDeclarativePgDeltaPull` makes explicit `--diff-engine pg-delta` keep the migration-file workflow even when `[experimental.pgdelta] enabled = true` would otherwise default to the declarative export path. - New `swallowInitialInSync` / `ensureMigrationWritten` helpers distinguish "pg-delta produced no statements" from "pg_dump already wrote content", so an empty pg-delta result still surfaces `No schema changes found` correctly. ### Diff plumbing - `DiffDatabase` now returns a `DatabaseDiff` struct (`SQL` plus an optional debug capture) rather than a bare string; callers in `diff.go` and `pull.go` updated accordingly. - Removed the now-unused `diffWithStream` and its golangci exclusion. - The diff template (`templates/pgdelta.ts`) sets `skipDefaultPrivilegeSubtraction: true` and emits structured diagnostics under `PGDELTA_DEBUG`. ### Remote TLS handling for pg-delta - New `internal/gen/types/pgdelta_conn.go`: `PreparePgDeltaPostgresRef` writes the CA bundle into the workspace, forces `sslmode=verify-ca` + `sslrootcert`, and always uses the embedded bundle for Supabase-hosted hosts even when the SSL probe is skipped (e.g. `--debug`). Source/target now use distinct `PGDELTA_SOURCE_SSLROOTCERT` / `PGDELTA_TARGET_SSLROOTCERT` env vars. `pgdelta.go` and `pgcache/cache.go` refactored onto this helper. ### Debug bundles for empty pulls - New `PGDELTA_DEBUG` flag (separate from `--debug`; keeps SSL on). When a pg-delta pull returns zero statements, the CLI writes a bundle under `supabase/.temp/pgdelta/debug/<timestamp>/`: `source-catalog.json`, `target-catalog.json`, `pgdelta-stderr.txt`, `connection.txt` (redacted), and `error.txt`, plus a per-schema catalog object summary to stderr (`internal/db/diff/pgdelta_debug.go`, `internal/db/pull/pgdelta_pull_debug.go`). - `DiffPgDeltaRefDetailed` surfaces edge-runtime stderr; `declarative.DebugBundle` gains inline-catalog, stderr, and connection-info fields. ### Local pg-delta dev workflow - `PGDELTA_NPM_REGISTRY` (`pkg/config/pgdelta_local.go`, `internal/utils/pgdelta_local.go`) routes Deno's `npm:@supabase/pg-delta` resolution through a local Verdaccio registry. The edge-runtime helper gained composable `WithExtraFile` / `WithExtraEnv` options to drop a scoped `.npmrc` and forward `NPM_CONFIG_REGISTRY`; all pg-delta edge-runtime calls now pass `PgDeltaNpmRegistryOption()`. Documented in `CONTRIBUTING.md`. ### Version, build, and docs - `DefaultPgDeltaNpmVersion` bumped to `1.0.0-alpha.27`. - `apps/cli/package.json` adds a `build:go-sidecar` step that copies the Go binary into `dist/`. - `docs/supabase/db/pull.md` documents the new initial-pull behavior, the experimental declarative default, the direct-connection recommendation for `--db-url`, and the `PGDELTA_DEBUG` workflow. ## Reviewer notes - The FDW/server ACL and `CREATE FOREIGN DATA WRAPPER` suppression rules in `@supabase/pg-delta` become defense-in-depth on this path rather than load-bearing. - Scope is schema-only / migration generation: `supabase db dump` and the declarative export path still use `pg_dump` / the existing flows. https://claude.ai/code/session_016o7U7hiut6dkkhfbSJgKv4 --------- Co-authored-by: Claude <noreply@anthropic.com> Co-authored-by: Julien Goux <hi@jgoux.dev>

Bumps the actions-major group with 2 updates: [actions/checkout](https://github.com/actions/checkout) and [github/codeql-action](https://github.com/github/codeql-action). Updates `actions/checkout` from 6.0.2 to 6.0.3 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/releases">actions/checkout's releases</a>.</em></p> <blockquote> <h2>v6.0.3</h2> <h2>What's Changed</h2> <ul> <li>Update changelog by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2357">actions/checkout#2357</a></li> <li>fix: expand merge commit SHA regex and add SHA-256 test cases by <a href="https://github.com/yaananth"><code>@yaananth</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2414">actions/checkout#2414</a></li> <li>Fix checkout init for SHA-256 repositories by <a href="https://github.com/yaananth"><code>@yaananth</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2439">actions/checkout#2439</a></li> <li>Update changelog for v6.0.3 by <a href="https://github.com/yaananth"><code>@yaananth</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2446">actions/checkout#2446</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/yaananth"><code>@yaananth</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/2414">actions/checkout#2414</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v6...v6.0.3">https://github.com/actions/checkout/compare/v6...v6.0.3</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2>v6.0.3</h2> <ul> <li>Fix checkout init for SHA-256 repositories by <a href="https://github.com/yaananth"><code>@yaananth</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2439">actions/checkout#2439</a></li> <li>fix: expand merge commit SHA regex and add SHA-256 test cases by <a href="https://github.com/yaananth"><code>@yaananth</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2414">actions/checkout#2414</a></li> </ul> <h2>v6.0.2</h2> <ul> <li>Fix tag handling: preserve annotations and explicit fetch-tags by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2356">actions/checkout#2356</a></li> </ul> <h2>v6.0.1</h2> <ul> <li>Add worktree support for persist-credentials includeIf by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2327">actions/checkout#2327</a></li> </ul> <h2>v6.0.0</h2> <ul> <li>Persist creds to a separate file by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2286">actions/checkout#2286</a></li> <li>Update README to include Node.js 24 support details and requirements by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2248">actions/checkout#2248</a></li> </ul> <h2>v5.0.1</h2> <ul> <li>Port v6 cleanup to v5 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2301">actions/checkout#2301</a></li> </ul> <h2>v5.0.0</h2> <ul> <li>Update actions checkout to use node 24 by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2226">actions/checkout#2226</a></li> </ul> <h2>v4.3.1</h2> <ul> <li>Port v6 cleanup to v4 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2305">actions/checkout#2305</a></li> </ul> <h2>v4.3.0</h2> <ul> <li>docs: update README.md by <a href="https://github.com/motss"><code>@motss</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1971">actions/checkout#1971</a></li> <li>Add internal repos for checking out multiple repositories by <a href="https://github.com/mouismail"><code>@mouismail</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1977">actions/checkout#1977</a></li> <li>Documentation update - add recommended permissions to Readme by <a href="https://github.com/benwells"><code>@benwells</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2043">actions/checkout#2043</a></li> <li>Adjust positioning of user email note and permissions heading by <a href="https://github.com/joshmgross"><code>@joshmgross</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2044">actions/checkout#2044</a></li> <li>Update README.md by <a href="https://github.com/nebuk89"><code>@nebuk89</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2194">actions/checkout#2194</a></li> <li>Update CODEOWNERS for actions by <a href="https://github.com/TingluoHuang"><code>@TingluoHuang</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2224">actions/checkout#2224</a></li> <li>Update package dependencies by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2236">actions/checkout#2236</a></li> </ul> <h2>v4.2.2</h2> <ul> <li><code>url-helper.ts</code> now leverages well-known environment variables by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1941">actions/checkout#1941</a></li> <li>Expand unit test coverage for <code>isGhes</code> by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1946">actions/checkout#1946</a></li> </ul> <h2>v4.2.1</h2> <ul> <li>Check out other refs/* by commit if provided, fall back to ref by <a href="https://github.com/orhantoy"><code>@orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1924">actions/checkout#1924</a></li> </ul> <h2>v4.2.0</h2> <ul> <li>Add Ref and Commit outputs by <a href="https://github.com/lucacome"><code>@lucacome</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1180">actions/checkout#1180</a></li> <li>Dependency updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>- <a href="https://redirect.github.com/actions/checkout/pull/1777">actions/checkout#1777</a>, <a href="https://redirect.github.com/actions/checkout/pull/1872">actions/checkout#1872</a></li> </ul> <h2>v4.1.7</h2> <ul> <li>Bump the minor-npm-dependencies group across 1 directory with 4 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1739">actions/checkout#1739</a></li> <li>Bump actions/checkout from 3 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1697">actions/checkout#1697</a></li> <li>Check out other refs/* by commit by <a href="https://github.com/orhantoy"><code>@orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1774">actions/checkout#1774</a></li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/checkout/commit/df4cb1c069e1874edd31b4311f1884172cec0e10"><code>df4cb1c</code></a> Update changelog for v6.0.3 (<a href="https://redirect.github.com/actions/checkout/issues/2446">#2446</a>)</li> <li><a href="https://github.com/actions/checkout/commit/1cce3390c2bfda521930d01229c073c7ff920824"><code>1cce339</code></a> Fix checkout init for SHA-256 repositories (<a href="https://redirect.github.com/actions/checkout/issues/2439">#2439</a>)</li> <li><a href="https://github.com/actions/checkout/commit/900f2210b1d28bbbd0bd22d17926b9e224e8f231"><code>900f221</code></a> fix: expand merge commit SHA regex and add SHA-256 test cases (<a href="https://redirect.github.com/actions/checkout/issues/2414">#2414</a>)</li> <li><a href="https://github.com/actions/checkout/commit/0c366fd6a839edf440554fa01a7085ccba70ac98"><code>0c366fd</code></a> Update changelog (<a href="https://redirect.github.com/actions/checkout/issues/2357">#2357</a>)</li> <li>See full diff in <a href="https://github.com/actions/checkout/compare/de0fac2e4500dabe0009e67214ff5f5447ce83dd...df4cb1c069e1874edd31b4311f1884172cec0e10">compare view</a></li> </ul> </details> <br /> Updates `github/codeql-action` from 4.36.0 to 4.36.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/releases">github/codeql-action's releases</a>.</em></p> <blockquote> <h2>v4.36.1</h2> <p>No user facing changes.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>4.36.2 - 04 Jun 2026</h2> <ul> <li>Cache CodeQL CLI version information across Actions steps. <a href="https://redirect.github.com/github/codeql-action/pull/3943">#3943</a></li> <li>Reduce requests while waiting for analysis processing by using exponential backoff when polling SARIF processing status. <a href="https://redirect.github.com/github/codeql-action/pull/3937">#3937</a></li> <li>Update default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.6">2.25.6</a>. <a href="https://redirect.github.com/github/codeql-action/pull/3948">#3948</a></li> </ul> <h2>4.36.1 - 02 Jun 2026</h2> <p>No user facing changes.</p> <h2>4.36.0 - 22 May 2026</h2> <ul> <li><em>Breaking change</em>: Bump the minimum required CodeQL bundle version to 2.19.4. <a href="https://redirect.github.com/github/codeql-action/pull/3894">#3894</a></li> <li>Add support for SHA-256 Git object IDs. <a href="https://redirect.github.com/github/codeql-action/pull/3893">#3893</a></li> <li>Update default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5">2.25.5</a>. <a href="https://redirect.github.com/github/codeql-action/pull/3926">#3926</a></li> </ul> <h2>4.35.5 - 15 May 2026</h2> <ul> <li>We have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/3899">#3899</a></li> <li>For performance and accuracy reasons, <a href="https://redirect.github.com/github/roadmap/issues/1158">improved incremental analysis</a> will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. <a href="https://redirect.github.com/github/codeql-action/pull/3791">#3791</a></li> <li>If multiple inputs are provided for the GitHub-internal <code>analysis-kinds</code> input, only <code>code-scanning</code> will be enabled. The <code>analysis-kinds</code> input is experimental, for GitHub-internal use only, and may change without notice at any time. <a href="https://redirect.github.com/github/codeql-action/pull/3892">#3892</a></li> <li>Added an experimental change which, when running a Code Scanning analysis for a PR with <a href="https://redirect.github.com/github/roadmap/issues/1158">improved incremental analysis</a> enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. <a href="https://redirect.github.com/github/codeql-action/pull/3880">#3880</a></li> </ul> <h2>4.35.4 - 07 May 2026</h2> <ul> <li>Update default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4">2.25.4</a>. <a href="https://redirect.github.com/github/codeql-action/pull/3881">#3881</a></li> </ul> <h2>4.35.3 - 01 May 2026</h2> <ul> <li><em>Upcoming breaking change</em>: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/3837">#3837</a></li> <li>Configurations for private registries that use Cloudsmith or GCP OIDC are now accepted. <a href="https://redirect.github.com/github/codeql-action/pull/3850">#3850</a></li> <li>Best-effort connection tests for private registries now use <code>GET</code> requests instead of <code>HEAD</code> for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. <a href="https://redirect.github.com/github/codeql-action/pull/3853">#3853</a></li> <li>Fixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. <a href="https://redirect.github.com/github/codeql-action/pull/3852">#3852</a></li> <li>Update default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3">2.25.3</a>. <a href="https://redirect.github.com/github/codeql-action/pull/3865">#3865</a></li> </ul> <h2>4.35.2 - 15 Apr 2026</h2> <ul> <li>The undocumented TRAP cache cleanup feature that could be enabled using the <code>CODEQL_ACTION_CLEANUP_TRAP_CACHES</code> environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the <code>trap-caching: false</code> input to the <code>init</code> Action. <a href="https://redirect.github.com/github/codeql-action/pull/3795">#3795</a></li> <li>The Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. <a href="https://redirect.github.com/github/codeql-action/pull/3789">#3789</a></li> <li>Python analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. <a href="https://redirect.github.com/github/codeql-action/pull/3794">#3794</a></li> <li>Fixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. <a href="https://redirect.github.com/github/codeql-action/pull/3807">#3807</a></li> <li>Update default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2">2.25.2</a>. <a href="https://redirect.github.com/github/codeql-action/pull/3823">#3823</a></li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/github/codeql-action/commit/87557b9c84dde89fdd9b10e88954ac2f4248e463"><code>87557b9</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3940">#3940</a> from github/update-v4.36.1-2a1689ed4</li> <li><a href="https://github.com/github/codeql-action/commit/94310119648b77e2153bf970fd244062806781de"><code>9431011</code></a> Update changelog for v4.36.1</li> <li><a href="https://github.com/github/codeql-action/commit/2a1689ed43ccdf7eea07e03a75371ce6801d28e6"><code>2a1689e</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3939">#3939</a> from github/henrymercer/skip-overlay-revert-when-exp...</li> <li><a href="https://github.com/github/codeql-action/commit/524532393a46071bdfc81527a811ffa69e16723a"><code>5245323</code></a> Disable missing diff-ranges fallback when overlay enabled manually</li> <li><a href="https://github.com/github/codeql-action/commit/d1eb1207b45130d2edf64a0aa1c93be23510592f"><code>d1eb120</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3933">#3933</a> from github/update-supported-enterprise-server-versions</li> <li><a href="https://github.com/github/codeql-action/commit/115001ba8d0198846992657731666b08686c8ded"><code>115001b</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3934">#3934</a> from github/dependabot/npm_and_yarn/npm-minor-86fb5c...</li> <li><a href="https://github.com/github/codeql-action/commit/cef2e7a910879f4626a24b251504bde16bfe4e76"><code>cef2e7a</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3925">#3925</a> from github/dependabot/github_actions/dot-github/wor...</li> <li><a href="https://github.com/github/codeql-action/commit/5e6adf70ed0299cdf20f90e4e37ac5dd30ab7501"><code>5e6adf7</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3936">#3936</a> from github/dependabot/npm_and_yarn/tmp-0.2.7</li> <li><a href="https://github.com/github/codeql-action/commit/ad170e6c4eaf671895978420267d6cb49b66b706"><code>ad170e6</code></a> Merge branch 'main' into dependabot/github_actions/dot-github/workflows/actio...</li> <li><a href="https://github.com/github/codeql-action/commit/6a37b3a57ac457a679b84930a67c233c15f5ac41"><code>6a37b3a</code></a> Rebuild</li> <li>Additional commits viewable in <a href="https://github.com/github/codeql-action/compare/7211b7c8077ea37d8641b6271f6a365a22a5fbfa...87557b9c84dde89fdd9b10e88954ac2f4248e463">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

coveralls · 2026-06-09T03:22:59Z

Coverage Report for CI Build 27194652981

Warning

No base build found for commit b749d52 on main.
Coverage changes can't be calculated without a base build.
If a base build is processing, this comment will update automatically when it completes.

Coverage: 64.287%

Details

Patch coverage: No coverable lines changed in this PR.

Uncovered Changes

No uncovered changes found.

Coverage Regressions

Requires a base build to compare against. How to fix this →

Coverage Stats


Relevant Lines:	16151
Covered Lines:	10383
Line Coverage:	64.29%
Coverage Strength:	7.05 hits per line

💛 - Coveralls

## Summary Adds an `output_format` property to the `cli_command_executed` telemetry event and fixes a Go/TS divergence in how `is_agent` is computed. Together these make the JSON-vs-human output choice measurable and ensure both CLI shells agree on what counts as an agent. This is the measurement-and-parity groundwork for auto-switching agents to JSON output (next subissue under GROWTH-806). ## Changes - **Record the resolved output format on every `cli_command_executed`.** Added `output_format` to the Go catalog (`events.go`) and its TS mirror (`event-catalog.ts`), and emit it from the Go capture and both TS instrumentation paths. `db query` resolves its format into a command-local flag, so it now mirrors the resolved value onto the global that telemetry reads, keeping the value accurate for the highest-volume agent command. The property does not exist today, so current JSON usage is unmeasurable without it. - **Fix `is_agent` Go/TS parity.** The TS legacy analytics layer folded CI into `is_agent` (`is_agent = aiTool || isCi`), tagging CI environments as agents while the Go binary does not. `is_agent` now reflects coding-agent detection only, matching Go on both shells. `is_ci` continues to be reported as its own separate property. ## Notes for reviewers - `output_format` values are shell-native (Go: `pretty|json|yaml|toml|env`; TS: `text|json|stream-json`), disambiguated by `$lib`; normalize in analysis. - Deliberately out of scope: aligning the CI env-var lists across the two shells. `runtime.isCi` gates behavior in `legacy-platform-api.layer.ts`, so changing those lists would alter non-interactive behavior for some CI environments. That belongs in a separate change, not this telemetry-parity fix. - The three instrumentation/platform-api unit tests now provide a mock `Output` because the instrumentation reads `output.format`. ## Linear - fixes GROWTH-912 - parent GROWTH-806 --------- Co-authored-by: Julien Goux <hi@jgoux.dev>

Bumps the npm-major group with 16 updates: | Package | From | To | | --- | --- | --- | | [@anthropic-ai/claude-agent-sdk](https://github.com/anthropics/claude-agent-sdk-typescript) | `0.3.159` | `0.3.160` | | [posthog-node](https://github.com/PostHog/posthog-js/tree/HEAD/packages/node) | `5.35.8` | `5.35.11` | | [react](https://github.com/facebook/react/tree/HEAD/packages/react) | `19.2.6` | `19.2.7` | | [@types/react](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react) | `19.2.15` | `19.2.16` | | [next](https://github.com/vercel/next.js) | `16.2.6` | `16.2.7` | | [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom) | `19.2.6` | `19.2.7` | | [@effect/atom-react](https://github.com/Effect-TS/effect-smol/tree/HEAD/packages/atom/react) | `4.0.0-beta.74` | `4.0.0-beta.75` | | [@effect/platform-bun](https://github.com/Effect-TS/effect/tree/HEAD/packages/platform-bun) | `4.0.0-beta.74` | `4.0.0-beta.75` | | [@effect/platform-node](https://github.com/Effect-TS/effect/tree/HEAD/packages/platform-node) | `4.0.0-beta.74` | `4.0.0-beta.75` | | [@effect/vitest](https://github.com/Effect-TS/effect/tree/HEAD/packages/vitest) | `4.0.0-beta.74` | `4.0.0-beta.75` | | [@typescript/native-preview](https://github.com/microsoft/typescript-go) | `7.0.0-dev.20260527.2` | `7.0.0-dev.20260601.1` | | [@vitest/coverage-istanbul](https://github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-istanbul) | `4.1.7` | `4.1.8` | | [effect](https://github.com/Effect-TS/effect/tree/HEAD/packages/effect) | `4.0.0-beta.74` | `4.0.0-beta.75` | | [oxfmt](https://github.com/oxc-project/oxc/tree/HEAD/npm/oxfmt) | `0.52.0` | `0.53.0` | | [oxlint](https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint) | `1.67.0` | `1.68.0` | | [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `4.1.7` | `4.1.8` | Updates `@anthropic-ai/claude-agent-sdk` from 0.3.159 to 0.3.160 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/anthropics/claude-agent-sdk-typescript/releases">@anthropic-ai/claude-agent-sdk's releases</a>.</em></p> <blockquote> <h2>v0.3.160</h2> <h2>What's changed</h2> <ul> <li>Fixed SDK hook callbacks swallowing abort signals: aborting during a PostToolUse hook now ends the turn with a final <code>result</code> message instead of hanging the calling process</li> </ul> <h2>Update</h2> <pre lang="sh"><code>npm install @anthropic-ai/claude-agent-sdk@0.3.160 # or yarn add @anthropic-ai/claude-agent-sdk@0.3.160 # or pnpm add @anthropic-ai/claude-agent-sdk@0.3.160 # or bun add @anthropic-ai/claude-agent-sdk@0.3.160 </code></pre> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/anthropics/claude-agent-sdk-typescript/blob/main/CHANGELOG.md">@anthropic-ai/claude-agent-sdk's changelog</a>.</em></p> <blockquote> <h2>0.3.160</h2> <ul> <li>Fixed SDK hook callbacks swallowing abort signals: aborting during a PostToolUse hook now ends the turn with a final <code>result</code> message instead of hanging the calling process</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/anthropics/claude-agent-sdk-typescript/commit/b33e8d56268243068ceebcb2b3f6a002e4ce7328"><code>b33e8d5</code></a> chore: Update CHANGELOG.md</li> <li><a href="https://github.com/anthropics/claude-agent-sdk-typescript/commit/84f839580260f4ad25f299e641fe5723afa580f8"><code>84f8395</code></a> chore: Update CHANGELOG.md</li> <li>See full diff in <a href="https://github.com/anthropics/claude-agent-sdk-typescript/compare/v0.3.159...v0.3.160">compare view</a></li> </ul> </details> <br /> Updates `posthog-node` from 5.35.8 to 5.35.11 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/PostHog/posthog-js/blob/main/packages/node/CHANGELOG.md">posthog-node's changelog</a>.</em></p> <blockquote> <h2>5.35.11</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies []: <ul> <li><code>@posthog/core</code><a href="https://github.com/1"><code>@1</code></a>.30.2</li> </ul> </li> </ul> <h2>5.35.10</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies []: <ul> <li><code>@posthog/core</code><a href="https://github.com/1"><code>@1</code></a>.30.1</li> </ul> </li> </ul> <h2>5.35.9</h2> <h3>Patch Changes</h3> <ul> <li><a href="https://redirect.github.com/PostHog/posthog-js/pull/3703">#3703</a> <a href="https://github.com/PostHog/posthog-js/commit/f3cc6fa8278547e8ea75c0b87d79cffa10158e45"><code>f3cc6fa</code></a> Thanks <a href="https://github.com/marandaneto"><code>@marandaneto</code></a>! - Disable/no-op initialization paths instead of throwing or sending requests when PostHog project tokens are missing or blank. (2026-06-01)</li> <li>Updated dependencies [<a href="https://github.com/PostHog/posthog-js/commit/3d4a76f323ac789df91448fdb05d356dc91bb87f"><code>3d4a76f</code></a>]: <ul> <li><code>@posthog/core</code><a href="https://github.com/1"><code>@1</code></a>.30.0</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/PostHog/posthog-js/commit/bf3b3f05cb4fbf4228a955afefa611da658c3245"><code>bf3b3f0</code></a> chore: update versions and lockfile [version bump]</li> <li><a href="https://github.com/PostHog/posthog-js/commit/91b1ee3a6895b0bf51bdf01df2967fe6c21c910c"><code>91b1ee3</code></a> chore: update versions and lockfile [version bump]</li> <li><a href="https://github.com/PostHog/posthog-js/commit/26344407dd0fdff2c942bb94f70d5f70da49f06d"><code>2634440</code></a> chore: update versions and lockfile [version bump]</li> <li><a href="https://github.com/PostHog/posthog-js/commit/f3cc6fa8278547e8ea75c0b87d79cffa10158e45"><code>f3cc6fa</code></a> fix: no-op blank project tokens (<a href="https://github.com/PostHog/posthog-js/tree/HEAD/packages/node/issues/3703">#3703</a>)</li> <li>See full diff in <a href="https://github.com/PostHog/posthog-js/commits/posthog-node@5.35.11/packages/node">compare view</a></li> </ul> </details> <br /> Updates `react` from 19.2.6 to 19.2.7 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/facebook/react/releases">react's releases</a>.</em></p> <blockquote> <h2>19.2.7 (June 1st, 2026)</h2> <h2>React Server Components</h2> <ul> <li>Fixed missing <code>FormData</code> entries in Server Actions which regressed in 19.2.6 (<a href="https://redirect.github.com/facebook/react/pull/36566">#36566</a> by <a href="https://github.com/unstubbable"><code>@unstubbable</code></a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/facebook/react/commit/6117d7cca4906492c51fe6a03381e35adfd86e7d"><code>6117d7c</code></a> Version 19.2.7 (<a href="https://github.com/facebook/react/tree/HEAD/packages/react/issues/36591">#36591</a>)</li> <li>See full diff in <a href="https://github.com/facebook/react/commits/v19.2.7/packages/react">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~GitHub%20Actions">GitHub Actions</a>, a new releaser for react since your current version.</p> </details> <br /> Updates `@types/react` from 19.2.15 to 19.2.16 <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react">compare view</a></li> </ul> </details> <br /> Updates `next` from 16.2.6 to 16.2.7 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vercel/next.js/releases">next's releases</a>.</em></p> <blockquote> <h2>v16.2.7</h2> <blockquote> <p>[!NOTE] This release is backporting bug fixes. It does <strong>not</strong> include all pending features/changes on canary.</p> </blockquote> <h3>Core Changes</h3> <ul> <li>Backport documentation fixes for v16.2 (<a href="https://redirect.github.com/vercel/next.js/issues/93804">#93804</a>)</li> <li>[backport] Patch <code>playwright-core</code> to resolve <code>_finishedPromise</code> on <code>requestFailed</code> (<a href="https://redirect.github.com/vercel/next.js/issues/93920">#93920</a>)</li> <li>[backport] Fix dev mode hydration failure when page is served from HTTP cache (<a href="https://redirect.github.com/vercel/next.js/issues/93492">#93492</a>)</li> <li>[backport] Fix catch-all <code>router.query</code> corruption with <code>basePath</code> + <code>rewrites</code> (<a href="https://redirect.github.com/vercel/next.js/issues/93917">#93917</a>)</li> <li>[backport] Encode non-ASCII characters in cache tags at construction (<a href="https://redirect.github.com/vercel/next.js/issues/93918">#93918</a>)</li> <li>[backport] Fix server action forwarding loop with middleware rewrites (<a href="https://redirect.github.com/vercel/next.js/issues/93919">#93919</a>)</li> <li>[backport] Turbopack: switch from base40 to base38 hash encoding (<a href="https://redirect.github.com/vercel/next.js/issues/93932">#93932</a>)</li> <li>[ci] Disable hanging node 24 typescript tests on 16.2 backport branch (<a href="https://redirect.github.com/vercel/next.js/issues/94164">#94164</a>)</li> <li>[backport] Fix "type: module" in project dir when using standalone or adapters (<a href="https://redirect.github.com/vercel/next.js/issues/94050">#94050</a>)</li> <li>[backport] Propagate adapter preferred regions (<a href="https://redirect.github.com/vercel/next.js/issues/94200">#94200</a>)</li> <li>[16.2.x] Don't drop <code>FormData</code> entries (<a href="https://redirect.github.com/vercel/next.js/issues/94240">#94240</a>)</li> <li>[backport] feat(turbopack): add LocalPathOrProjectPath PostCSS config resolution (<a href="https://redirect.github.com/vercel/next.js/issues/94284">#94284</a>)</li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/eps1lon"><code>@eps1lon</code></a>, <a href="https://github.com/icyJoseph"><code>@icyJoseph</code></a>, <a href="https://github.com/unstubbable"><code>@unstubbable</code></a>, <a href="https://github.com/mischnic"><code>@mischnic</code></a>, <a href="https://github.com/bgw"><code>@bgw</code></a>, <a href="https://github.com/timneutkens"><code>@timneutkens</code></a>, and <a href="https://github.com/lukesandberg"><code>@lukesandberg</code></a> for helping!</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vercel/next.js/commit/9bd3c26a733901956549889f28c0047553bba622"><code>9bd3c26</code></a> v16.2.7</li> <li><a href="https://github.com/vercel/next.js/commit/c63224f3d8e8dd0a4ef8635916f92954421e5f1e"><code>c63224f</code></a> [backport] feat(turbopack): add LocalPathOrProjectPath PostCSS config resolut...</li> <li><a href="https://github.com/vercel/next.js/commit/63115c79877c90df4371c2425f3fc5d3a55ac58d"><code>63115c7</code></a> [16.2.x] Don't drop <code>FormData</code> entries (<a href="https://redirect.github.com/vercel/next.js/issues/94240">#94240</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/aef22fdc828226227f618bb982a222e1256ba6f2"><code>aef22fd</code></a> [backport] Propagate adapter preferred regions (<a href="https://redirect.github.com/vercel/next.js/issues/94200">#94200</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/f126e72271a808a12adb1f97feca6a900bece7ba"><code>f126e72</code></a> [backport] Fix "type: module" in project dir when using standalone or adapter...</li> <li><a href="https://github.com/vercel/next.js/commit/bda3e2aabe5ba18b6e8ec656bcdaf549816469c3"><code>bda3e2a</code></a> [ci] Disable hanging node 24 typescript tests on 16.2 backport branch (<a href="https://redirect.github.com/vercel/next.js/issues/94164">#94164</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/7e16e07c0203f8a940899e656526f287278c57e6"><code>7e16e07</code></a> [backport] Turbopack: switch from base40 to base38 hash encoding (<a href="https://redirect.github.com/vercel/next.js/issues/93932">#93932</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/6139f4b885b329abdd5821199cc19cc89f3eaf33"><code>6139f4b</code></a> [backport] Fix server action forwarding loop with middleware rewrites (<a href="https://redirect.github.com/vercel/next.js/issues/93919">#93919</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/c021d10fe9540aaa7aff7b7227c7d73e60a0e5b9"><code>c021d10</code></a> [backport] Encode non-ASCII characters in cache tags at construction (<a href="https://redirect.github.com/vercel/next.js/issues/93918">#93918</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/9184ddb1aeed5c5db0f02c7a2d6d298071c2f44f"><code>9184ddb</code></a> [backport] Fix catch-all <code>router.query</code> corruption with <code>basePath</code> + `rewrite...</li> <li>Additional commits viewable in <a href="https://github.com/vercel/next.js/compare/v16.2.6...v16.2.7">compare view</a></li> </ul> </details> <br /> Updates `react-dom` from 19.2.6 to 19.2.7 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/facebook/react/releases">react-dom's releases</a>.</em></p> <blockquote> <h2>19.2.7 (June 1st, 2026)</h2> <h2>React Server Components</h2> <ul> <li>Fixed missing <code>FormData</code> entries in Server Actions which regressed in 19.2.6 (<a href="https://redirect.github.com/facebook/react/pull/36566">#36566</a> by <a href="https://github.com/unstubbable"><code>@unstubbable</code></a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/facebook/react/commit/6117d7cca4906492c51fe6a03381e35adfd86e7d"><code>6117d7c</code></a> Version 19.2.7 (<a href="https://github.com/facebook/react/tree/HEAD/packages/react-dom/issues/36591">#36591</a>)</li> <li>See full diff in <a href="https://github.com/facebook/react/commits/v19.2.7/packages/react-dom">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~GitHub%20Actions">GitHub Actions</a>, a new releaser for react-dom since your current version.</p> </details> <br /> Updates `@effect/atom-react` from 4.0.0-beta.74 to 4.0.0-beta.75 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/Effect-TS/effect-smol/blob/main/packages/atom/react/CHANGELOG.md">@effect/atom-react's changelog</a>.</em></p> <blockquote> <h2>4.0.0-beta.75</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies [<a href="https://github.com/Effect-TS/effect-smol/commit/81b187c17a0d8817b58232826939154010ae49d7"><code>81b187c</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/ad4b535e17f94ce35261829d5a3675f0a7808b4e"><code>ad4b535</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/a29c2e7e3570920156702671d6f3367cd0195f6c"><code>a29c2e7</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/1fdd9aeed92b6bb70987c862e7f6f66ead0339b3"><code>1fdd9ae</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/1fdd9aeed92b6bb70987c862e7f6f66ead0339b3"><code>1fdd9ae</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/ffea4ecf2925f6a4c9fd13079d47584cbf2bed00"><code>ffea4ec</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/4255c9ba78bb98c7838fbe9dccdd8465e9da5427"><code>4255c9b</code></a>]: <ul> <li>effect@4.0.0-beta.75</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/Effect-TS/effect-smol/commit/ec7f299e5ff8b61c20fc2135e9fc78a251582729"><code>ec7f299</code></a> Version Packages (beta) (<a href="https://github.com/Effect-TS/effect-smol/tree/HEAD/packages/atom/react/issues/2307">#2307</a>)</li> <li>See full diff in <a href="https://github.com/Effect-TS/effect-smol/commits/@effect/atom-react@4.0.0-beta.75/packages/atom/react">compare view</a></li> </ul> </details> <br /> Updates `@effect/platform-bun` from 4.0.0-beta.74 to 4.0.0-beta.75 <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/Effect-TS/effect/commits/HEAD/packages/platform-bun">compare view</a></li> </ul> </details> <br /> Updates `@effect/platform-node` from 4.0.0-beta.74 to 4.0.0-beta.75 <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/Effect-TS/effect/commits/HEAD/packages/platform-node">compare view</a></li> </ul> </details> <br /> Updates `@effect/vitest` from 4.0.0-beta.74 to 4.0.0-beta.75 <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/Effect-TS/effect/commits/HEAD/packages/vitest">compare view</a></li> </ul> </details> <br /> Updates `@typescript/native-preview` from 7.0.0-dev.20260527.2 to 7.0.0-dev.20260601.1 <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/microsoft/typescript-go/commits">compare view</a></li> </ul> </details> <br /> Updates `@vitest/coverage-istanbul` from 4.1.7 to 4.1.8 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vitest-dev/vitest/releases">@vitest/coverage-istanbul's releases</a>.</em></p> <blockquote> <h2>v4.1.8</h2> <h3> 🐞 Bug Fixes</h3> <ul> <li><strong>browser</strong>: <ul> <li>Disable client <code>cdp</code> API when <code>allowWrite/allowExec: false</code> [backport to v4] - by <a href="https://github.com/hi-ogawa"><code>@hi-ogawa</code></a> and <strong>Codex</strong> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10450">vitest-dev/vitest#10450</a> <a href="https://github.com/vitest-dev/vitest/commit/e4067b3b1">(e4067)</a></li> <li>Remove orphaned Playwright route when same module is mocked via multiple ids [backport to v4] - by <a href="https://github.com/toxik"><code>@toxik</code></a> and <a href="https://github.com/Zelys-DFKH"><code>@Zelys-DFKH</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10474">vitest-dev/vitest#10474</a> <a href="https://github.com/vitest-dev/vitest/commit/675b4343f">(675b4)</a></li> </ul> </li> </ul> <h5> <a href="https://github.com/vitest-dev/vitest/compare/v4.1.7...v4.1.8">View changes on GitHub</a></h5> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vitest-dev/vitest/commit/e61f2dd2a0ba0a266c1c5e0334aad3799fee527f"><code>e61f2dd</code></a> chore: release v4.1.8</li> <li>See full diff in <a href="https://github.com/vitest-dev/vitest/commits/v4.1.8/packages/coverage-istanbul">compare view</a></li> </ul> </details> <br /> Updates `effect` from 4.0.0-beta.74 to 4.0.0-beta.75 <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/Effect-TS/effect/commits/HEAD/packages/effect">compare view</a></li> </ul> </details> <br /> Updates `oxfmt` from 0.52.0 to 0.53.0 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/oxc-project/oxc/blob/main/npm/oxfmt/CHANGELOG.md">oxfmt's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <p>All notable changes to this package will be documented in this file.</p> <p>The format is based on <a href="https://keepachangelog.com/en/1.0.0">Keep a Changelog</a>.</p> <h2>[0.54.0] - 2026-06-08</h2> <h3>📚 Documentation</h3> <ul> <li>dadafe3 oxlint, oxfmt: Mention migrate skills in npm READMEs (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxfmt/issues/22965">#22965</a>) (Boshen)</li> <li>f88961a oxfmt: Annotate each config option with supported languages (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxfmt/issues/22953">#22953</a>) (leaysgur)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/oxc-project/oxc/commit/964a7580840f394d67c149ea083e35a1e74c128f"><code>964a758</code></a> release(apps): oxlint v1.68.0 && oxfmt v0.53.0 (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxfmt/issues/22883">#22883</a>)</li> <li>See full diff in <a href="https://github.com/oxc-project/oxc/commits/oxfmt_v0.53.0/npm/oxfmt">compare view</a></li> </ul> </details> <br /> Updates `oxlint` from 1.67.0 to 1.68.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/oxc-project/oxc/releases">oxlint's releases</a>.</em></p> <blockquote> <h2>oxlint v1.27.0 && oxfmt v0.12.0</h2> <h1>Oxlint v1.27.0</h1> <h3>🚀 Features</h3> <ul> <li>222a8f0 linter/plugins: Implement <code>SourceCode#isSpaceBetween</code> (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15498">#15498</a>) (overlookmotel)</li> <li>2f9735d linter/plugins: Implement <code>context.languageOptions</code> (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15486">#15486</a>) (overlookmotel)</li> <li>bc731ff linter/plugins: Stub out all <code>Context</code> APIs (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15479">#15479</a>) (overlookmotel)</li> <li>5822cb4 linter/plugins: Add <code>extend</code> method to <code>FILE_CONTEXT</code> (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15477">#15477</a>) (overlookmotel)</li> <li>7b1e6f3 apps: Add pure rust binaries and release to github (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15469">#15469</a>) (Boshen)</li> <li>2a89b43 linter: Introduce debug assertions after fixes to assert validity (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15389">#15389</a>) (camc314)</li> <li>ad3c45a editor: Add <code>oxc.path.node</code> option (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15040">#15040</a>) (Sysix)</li> </ul> <h3>🐛 Bug Fixes</h3> <ul> <li>6f3cd77 linter/no-var: Incorrect warning for blocks (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15504">#15504</a>) (Hamir Mahal)</li> <li>6957fb9 linter/plugins: Do not allow access to <code>Context#id</code> in <code>createOnce</code> (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15489">#15489</a>) (overlookmotel)</li> <li>7409630 linter/plugins: Allow access to <code>cwd</code> in <code>createOnce</code> in ESLint interop mode (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15488">#15488</a>) (overlookmotel)</li> <li>732205e parser: Reject <code>using</code> / <code>await using</code> in a switch <code>case</code> / <code>default</code> clause (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15225">#15225</a>) (sapphi-red)</li> <li>a17ca32 linter/plugins: Replace <code>Context</code> class (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15448">#15448</a>) (overlookmotel)</li> <li>ecf2f7b language_server: Fail gracefully when tsgolint executable not found (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15436">#15436</a>) (camc314)</li> <li>3c8d3a7 lang-server: Improve logging in failure case for tsgolint (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15299">#15299</a>) (camc314)</li> <li>ef71410 linter: Use jsx if source type is JS in fix debug assertion (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15434">#15434</a>) (camc314)</li> <li>e32bbf6 linter/no-var: Handle TypeScript declare keyword in fixer (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15426">#15426</a>) (camc314)</li> <li>6565dbe linter/switch-case-braces: Skip comments when searching for <code>:</code> token (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15425">#15425</a>) (camc314)</li> <li>85bd19a linter/prefer-class-fields: Insert value after type annotation in fixer (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15423">#15423</a>) (camc314)</li> <li>fde753e linter/plugins: Block access to <code>context.settings</code> in <code>createOnce</code> (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15394">#15394</a>) (overlookmotel)</li> <li>ddd9f9f linter/forward-ref-uses-ref: Dont suggest removing wrapper in invalid positions (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15388">#15388</a>) (camc314)</li> <li>dac2a9c linter/no-template-curly-in-string: Remove fixer (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15387">#15387</a>) (camc314)</li> <li>989b8e3 linter/no-var: Only fix to <code>const</code> if the var has an initializer (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15385">#15385</a>) (camc314)</li> <li>cc403f5 linter/plugins: Return empty object for unimplemented parserServices (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15364">#15364</a>) (magic-akari)</li> </ul> <h3>⚡ Performance</h3> <ul> <li>25d577e language_server: Start tools in parallel (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15500">#15500</a>) (Sysix)</li> <li>3c57291 linter/plugins: Optimize loops (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15449">#15449</a>) (overlookmotel)</li> <li>3166233 linter/plugins: Remove <code>Arc</code>s (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15431">#15431</a>) (overlookmotel)</li> <li>9de1322 linter/plugins: Lazily deserialize settings JSON (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15395">#15395</a>) (overlookmotel)</li> <li>3049ec2 linter/plugins: Optimize <code>deepFreezeSettings</code> (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15392">#15392</a>) (overlookmotel)</li> <li>444ebfd linter/plugins: Use single object for <code>parserServices</code> (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15378">#15378</a>) (overlookmotel)</li> </ul> <h3>📚 Documentation</h3> <ul> <li>97d2104 linter: Update comment in lint.rs about default value for tsconfig path (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15530">#15530</a>) (Connor Shea)</li> <li>2c6bd9e linter: Always refer as "ES2015" instead of "ES6" (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15411">#15411</a>) (sapphi-red)</li> <li>a0c5203 linter/import/named: Update "ES7" comment in examples (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15410">#15410</a>) (sapphi-red)</li> <li>3dc24b5 linter,minifier: Always refer as "ES Modules" instead of "ES6 Modules" (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15409">#15409</a>) (sapphi-red)</li> <li>2ad77fb linter/no-this-before-super: Correct "Why is this bad?" section (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15408">#15408</a>) (sapphi-red)</li> <li>57f0ce1 linter: Add backquotes where appropriate (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/15407">#15407</a>) (sapphi-red)</li> </ul> <h1>Oxfmt v0.12.0</h1>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/oxc-project/oxc/blob/main/npm/oxlint/CHANGELOG.md">oxlint's changelog</a>.</em></p> <blockquote> <h2>[1.68.0] - 2026-06-01</h2> <h3>🚀 Features</h3> <ul> <li>e4b1f46 linter/typescript: Implement <code>method-signature-style</code> rule (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22679">#22679</a>) (Mikhail Baev)</li> <li>bc462ca linter/vue: Implement no-reserved-component-names rule (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22741">#22741</a>) (bab)</li> <li>ef9e751 linter/vue: Implement component-definition-name-casing rule (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22818">#22818</a>) (bab)</li> <li>d67f51a linter/vue: Implement require-prop-type-constructor rule (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22708">#22708</a>) (bab)</li> <li>8422e8b linter/jsdoc: Implement <code>require-yields-description</code> rule (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22805">#22805</a>) (Mikhail Baev)</li> <li>fe93f97 linter/eslint: Implement <code>prefer-named-capture-group</code> rule (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22759">#22759</a>) (Sebastian Poxhofer)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/oxc-project/oxc/commit/964a7580840f394d67c149ea083e35a1e74c128f"><code>964a758</code></a> release(apps): oxlint v1.68.0 && oxfmt v0.53.0 (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22883">#22883</a>)</li> <li><a href="https://github.com/oxc-project/oxc/commit/3f05c5e1267c25daa1c90babd84427f59acf96be"><code>3f05c5e</code></a> feat(linter): expose <code>override::exclude_files</code> option (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22884">#22884</a>)</li> <li><a href="https://github.com/oxc-project/oxc/commit/e4b1f46bec95da661af72f513e769d729ff605c6"><code>e4b1f46</code></a> feat(linter/typescript): implement <code>method-signature-style</code> rule (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22679">#22679</a>)</li> <li><a href="https://github.com/oxc-project/oxc/commit/bc462ca5a778c246d6185d9b8d2cbdf3919ed527"><code>bc462ca</code></a> feat(linter/vue): implement no-reserved-component-names rule (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22741">#22741</a>)</li> <li><a href="https://github.com/oxc-project/oxc/commit/ef9e75170dca39091e4aa8360f7d59dc5aa206eb"><code>ef9e751</code></a> feat(linter/vue): implement component-definition-name-casing rule (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22818">#22818</a>)</li> <li><a href="https://github.com/oxc-project/oxc/commit/d67f51aba16939ce33b21c7504e177a9ff1c6887"><code>d67f51a</code></a> feat(linter/vue): implement require-prop-type-constructor rule (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22708">#22708</a>)</li> <li><a href="https://github.com/oxc-project/oxc/commit/8422e8bc44db47033ce516f9375867624e265823"><code>8422e8b</code></a> feat(linter/jsdoc): implement <code>require-yields-description</code> rule (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22805">#22805</a>)</li> <li><a href="https://github.com/oxc-project/oxc/commit/fe93f9718ac09bab79286eb6dbc90ad14f8270bd"><code>fe93f97</code></a> feat(linter/eslint): implement <code>prefer-named-capture-group</code> rule (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint/issues/22759">#22759</a>)</li> <li>See full diff in <a href="https://github.com/oxc-project/oxc/commits/oxlint_v1.68.0/npm/oxlint">compare view</a></li> </ul> </details> <br /> Updates `vitest` from 4.1.7 to 4.1.8 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vitest-dev/vitest/releases">vitest's releases</a>.</em></p> <blockquote> <h2>v4.1.8</h2> <h3> 🐞 Bug Fixes</h3> <ul> <li><strong>browser</strong>: <ul> <li>Disable client <code>cdp</code> API when <code>allowWrite/allowExec: false</code> [backport to v4] - by <a href="https://github.com/hi-ogawa"><code>@hi-ogawa</code></a> and <strong>Codex</strong> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10450">vitest-dev/vitest#10450</a> <a href="https://github.com/vitest-dev/vitest/commit/e4067b3b1">(e4067)</a></li> <li>Remove orphaned Playwright route when same module is mocked via multiple ids [backport to v4] - by <a href="https://github.com/toxik"><code>@toxik</code></a> and <a href="https://github.com/Zelys-DFKH"><code>@Zelys-DFKH</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10474">vitest-dev/vitest#10474</a> <a href="https://github.com/vitest-dev/vitest/commit/675b4343f">(675b4)</a></li> </ul> </li> </ul> <h5> <a href="https://github.com/vitest-dev/vitest/compare/v4.1.7...v4.1.8">View changes on GitHub</a></h5> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vitest-dev/vitest/commit/e61f2dd2a0ba0a266c1c5e0334aad3799fee527f"><code>e61f2dd</code></a> chore: release v4.1.8</li> <li><a href="https://github.com/vitest-dev/vitest/commit/e4067b3b150005fd42cf75f994300119245806b9"><code>e4067b3</code></a> fix(browser): disable client <code>cdp</code> API when <code>allowWrite/allowExec: false</code> [ba...</li> <li>See full diff in <a href="https://github.com/vitest-dev/vitest/commits/v4.1.8/packages/vitest">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Julien Goux <hi@jgoux.dev>

## TL;DR Ports `supabase gen types` to native ts ## What’s introduced adds a ts implementation for `gen types` that preserves the existing command surface for local, linked, `--project-id`, and `--db-url` flows, keeps the legacy behavior, reuses the management api path for hosted ts generation, and runs `pg-meta` directly for generation also moves the ca bundle into ts based template files & coverage for all of this! ## ref - Closes CLI-1310 --------- Co-authored-by: Colum Ferry <cferry09@gmail.com>

Refs CLI-1601 — https://linear.app/supabase/issue/CLI-1601/support-auth-dependencies-in-shadow-db-migrations Provision the Supabase platform schema (auth, storage, realtime, etc.) on shadow databases before applying declarative schemas, ensuring Supabase-managed dependencies resolve correctly during both declarative apply and cache warmup. ## Changes - **New `SetupShadowDatabase` function** in `diff.go`: Provisions the platform baseline on a freshly created shadow database without applying user migrations. This allows declarative apply to share the same starting point as migration-based workflows. - **Refactored shadow setup logic**: Extracted common platform baseline setup into `setupShadowConn` helper, used by both `SetupShadowDatabase` and `MigrateShadowDatabase` to avoid duplication. - **Updated declarative apply flow**: - `Generate` now calls `setupShadowDatabase` when reusing the baseline shadow for cache warmup - `getDeclarativeCatalogRef` calls `setupShadowDatabase` before applying declarative schemas - This ensures platform objects (auth.sessions, auth.jwt(), etc.) are available during schema application and cancel out of diffs - **Added tests**: `TestSetupShadowDatabase` validates that the function sets up the platform baseline without applying migrations, and the `Generate` reuse test asserts the baseline is set up before declarative apply. ## Note on baseline caching A persistent "replayable SQL" baseline cache (so services don't boot on cold runs) was considered and intentionally not pursued — the `supabase/postgres` image pre-bakes part of the `auth` schema (overlap on replay), a full `pg_dumpall` replay is fragile (extensions/`shared_preload_libraries`/pgsodium/roles), and a pg-delta-derived baseline currently drops grants. See CLI-1601 for the full rationale. https://claude.ai/code/session_01ACrX8NXcsYLENnCRXAub3S Co-authored-by: Claude <noreply@anthropic.com>

…emplates with 3 updates (#5517) Bumps the docker-minor group in /apps/cli-go/pkg/config/templates with 3 updates: supabase/studio, supabase/realtime and supabase/storage-api. Updates `supabase/studio` from 2026.06.03-sha-0bca601 to 2026.06.08-sha-8af2bb0 Updates `supabase/realtime` from v2.103.4 to v2.105.0 Updates `supabase/storage-api` from v1.60.8 to v1.60.11 Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Julien Goux <hi@jgoux.dev>

…#5521) Refs CLI-1601 — https://linear.app/supabase/issue/CLI-1601/support-auth-dependencies-in-shadow-db-migrations Follow-up to #5515. That PR taught the declarative apply path to provision the Supabase platform baseline (auth/storage/realtime) on the shadow before applying declarative schemas. This fixes a gap it left in the `generate` → `sync`-with-no-migrations handoff. ## The bug `getGenerateBaselineCatalogRef` exports `.temp/pgdelta/catalog-baseline-<version>.json` immediately after creating the shadow — **before** any platform setup runs — so the cached baseline represents a bare postgres image. That same file is reused by `getMigrationsCatalogRef` as the diff **source** when there are zero local migrations. After #5515, the declarative **target** is built on top of the platform baseline. So a no-migration `sync` diffs: - source: bare postgres image - target: platform baseline + declarative schema instead of the intended: - source: platform baseline - target: platform baseline + declarative schema Platform-managed objects (`auth`, `storage`, `realtime`, grants, functions, …) no longer cancel and surface as spurious additions in the generated migration — e.g. a single declarative `public.profiles` table referencing `auth.users` produces a migration that also tries to create the `auth`/`storage`/`realtime` platform objects. ## The fix Provision the platform baseline in `getGenerateBaselineCatalogRef` **before** exporting, so the baseline catalog consistently means "platform baseline, no user migrations" — identical to `diff.MigrateShadowDatabase` with zero migrations, and in parity with the declarative target. The now-redundant second `setupShadowDatabase` call in `Generate`'s cache-warm path is removed since the reused shadow already has the baseline (it was previously provisioning the platform twice). This also fixes a latent `generate` issue: with a bare baseline, `generate` would have emitted platform schemas into the user's declarative files. ## Tests - `TestGetGenerateBaselineCatalogRefSetsUpPlatformBaseline` — pins the setup-before-export ordering. - `TestGenerateThenSyncWithNoMigrationsCancelsPlatformObjects` — full generate → no-migration sync flow through the public command functions, asserting only the user's table is generated and platform objects cancel. Docker/pg-delta seams are stubbed (the established cli-go pattern), so it runs in the standard `go test ./...` CI job. `diff.DiffPgDeltaRef` is now an injectable package var to allow diffing through the public path without the real pg-delta runtime. https://claude.ai/code/session_01ACrX8NXcsYLENnCRXAub3S --- _Generated by [Claude Code](https://claude.ai/code/session_01ACrX8NXcsYLENnCRXAub3S)_ --------- Co-authored-by: Claude <noreply@anthropic.com>

Adds a scheduled workflow that checks the Management API OpenAPI document hourly and regenerates `@supabase/api` when upstream changes are detected. The workflow keeps the no-change path lightweight by comparing normalized JSON before installing dependencies, then opens an automated sync PR against `develop` when generation produces changes.

dependabot Bot and others added 21 commits June 5, 2026 00:09

supabase-cli-releaser Bot requested a review from a team as a code owner June 9, 2026 03:19

supabase-cli-releaser Bot added the do not merge Approve to apply; do not merge. label Jun 9, 2026

github-advanced-security AI found potential problems Jun 9, 2026

View reviewed changes

Comment thread apps/cli/src/legacy/commands/config/push/config-sync/config-sync.secret.ts Dismissed

pamelachia and others added 5 commits June 9, 2026 08:00

avallete and others added 2 commits June 9, 2026 14:35

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore: production deploy#5519

chore: production deploy#5519
supabase-cli-releaser[bot] wants to merge 28 commits into
mainfrom
develop

supabase-cli-releaser Bot commented Jun 9, 2026

Uh oh!

Uh oh!

coveralls commented Jun 9, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

7 participants

Conversation

supabase-cli-releaser Bot commented Jun 9, 2026

Uh oh!

Uh oh!

coveralls commented Jun 9, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Coverage Report for CI Build 27194652981

Coverage: 64.287%

Details

Uncovered Changes

Coverage Regressions

Coverage Stats

💛 - Coveralls

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

7 participants

coveralls commented Jun 9, 2026 •

edited

Loading