chore: add workflow to update supabase-js

[mandarini]

Workflow to update supabase-js

[coderabbitai]

Warning

Rate limit exceeded

@mandarini has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 25 minutes and 6 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

⚙️ Run configuration

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Pro

Run ID: ce073ae0-324a-41eb-b4df-b4909ae83684

📥 Commits

Reviewing files that changed from the base of the PR and between 29605cd and 82917ba.

📒 Files selected for processing (1)

• .github/workflows/update-supabase-js.yml

📝 Walkthrough

Walkthrough

This pull request introduces a new GitHub Actions workflow file that automates the process of updating the @supabase/supabase-js dependency. The workflow is manually triggered via workflow_dispatch and accepts two inputs: a required version parameter and an optional source parameter (defaulting to "manual"). When executed, the workflow checks out the repository, configures Node.js 20 with npm caching, installs the specified @supabase/supabase-js version, generates a GitHub App authentication token, and automatically creates a pull request with the dependency update commit. The PR is named using the target version and source input, with the branch named following the pattern gha/auto-update-supabase-js-v<version> and targeting the repository's default branch.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/update-supabase-js.yml:
- Around line 36-37: The run step named "Update `@supabase/supabase-js`" is
interpolating `${{ inputs.version }}` directly which can allow shell injection;
change the step to pass the input via an environment variable (e.g., VERSION
from `${{ inputs.version }}`) and reference that env var in the run command (use
a quoted env variable like "$VERSION") so the shell does not evaluate arbitrary
characters from the input; update the step that currently uses `npm i
`@supabase/supabase-js`@${{ inputs.version }}` to read from the env var instead
and ensure the env mapping uses `VERSION: ${{ inputs.version }}`.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Pro

Run ID: e294c6d1-f468-44f7-bacb-8b540af16fbb

📥 Commits

Reviewing files that changed from the base of the PR and between ea85814 and 29605cd.

📒 Files selected for processing (1)

• .github/workflows/update-supabase-js.yml