Bump @supabase/supabase-js from 2.87.1 to 2.90.1

[dependabot]

Bumps @supabase/supabase-js from 2.87.1 to 2.90.1.

Release notes

Sourced from @​supabase/supabase-js's releases.

v2.90.1

2.90.1 (2026-01-08)

🩹 Fixes

• postgrest: prevent shared state between query builder operations (#1978)
• realtime: validate table filter in postgres_changes event dispatch (#1999)

❤️ Thank You

• Vaibhav @​7ttp

v2.90.1-canary.1

2.90.1-canary.1 (2026-01-08)

🩹 Fixes

• postgrest: prevent shared state between query builder operations (#1978)

❤️ Thank You

• Vaibhav @​7ttp

v2.90.1-canary.0

2.90.1-canary.0 (2026-01-07)

🩹 Fixes

• realtime: validate table filter in postgres_changes event dispatch (#1999)

❤️ Thank You

• Vaibhav @​7ttp

v2.90.0

2.90.0 (2026-01-07)

🚀 Features

• realtime: expose heartbeat latency on heartbeat callback (#1982)

🩹 Fixes

• auth: add banned_until property to user type (#1989)
• auth: add last_challenged_at property to factor type (#1990)
• auth: clear initial setTimeout in stopAutoRefresh (#1993)
• auth: preserve session when magic link is clicked twice (#1996)
• auth: add configurable lock acquisition timeout to prevent deadlocks (#1962)
• functions: auto-stringify object body when custom Content-Type header is provided (#1988)
• postgrest: use post with return minimal for rpc head requests with object args (#1994)

... (truncated)

Changelog

Sourced from @​supabase/supabase-js's changelog.

2.90.1 (2026-01-08)

This was a version bump only for @​supabase/supabase-js to align it with other projects, there were no code changes.

2.90.0 (2026-01-07)

🩹 Fixes

• supabase: avoid edge runtime warnings in next.js (#1998)
• supabase: inline string literal in databasewithoutinternals type (#1986)
• supabase: split type-only exports to avoid unused import warnings (#1979)

❤️ Thank You

• Nico Kempe @​nicokempe
• Vaibhav @​7ttp

2.89.0 (2025-12-18)

🚀 Features

• supabase: export DatabaseWithoutInternals utility type (#1935)

❤️ Thank You

• Vaibhav @​7ttp

2.88.0 (2025-12-16)

🚀 Features

• repo: migrate build system to tsdown for proper ESM/CJS support (#1961)
• auth: allow custom predicate for detectSessionInUrl option (#1958)

❤️ Thank You

• Katerina Skroumpelou @​mandarini

2.87.3 (2025-12-15)

🩹 Fixes

• supabase: resolve jsDelivr CDN ESM import failure with .js extensions (#1953)

❤️ Thank You

• Katerina Skroumpelou @​mandarini

2.87.2 (2025-12-15)

... (truncated)

Commits

• 1b8410a chore(release): version 2.90.0 changelogs (#2003)
• d3d05f8 fix(supabase): avoid edge runtime warnings in next.js (#1998)
• 9bfac7f fix(supabase): inline string literal in databasewithoutinternals type (#1986)
• 30f9600 fix(supabase): split type-only exports to avoid unused import warnings (#1979)
• 636f1e9 test(supabase): run build in integration tests (#1969)
• 9e747ce chore(release): version 2.89.0 changelogs (#1971)
• e953e71 feat(supabase): export DatabaseWithoutInternals utility type (#1935)
• ba17c2f chore(release): version 2.88.0 changelogs (#1965)
• 6c9bbdf feat(repo): migrate build system to tsdown for proper ESM/CJS support (#1961)
• f346169 feat(auth): allow custom predicate for detectSessionInUrl option (#1958)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)