chore: production deploy#5567
Open
supabase-cli-releaser[bot] wants to merge 20 commits into
Open
Conversation
supabase-cli-releaser
Bot
commented
Jun 12, 2026
supabase-cli-releaser
Bot
commented
Contributor
- fix(deps): bump @typescript/native-preview from 7.0.0-dev.20260603.1 to 7.0.0-dev.20260604.1 in the npm-major group (fix(deps): bump @typescript/native-preview from 7.0.0-dev.20260603.1 to 7.0.0-dev.20260604.1 in the npm-major group #5545)
- feat(cli): port supabase test db and test new (feat(cli): port supabase test db and test new #5522)
- chore: sync API types from infrastructure (chore: sync API types from infrastructure #5549)
- fix(functions): add apikey compatibility header (fix(functions): add apikey compatibility header #5509)
- fix(deps): bump the npm-major group with 3 updates (fix(deps): bump the npm-major group with 3 updates #5557)
- fix(docker): bump supabase/logflare from 1.44.1 to 1.44.3 in /apps/cli-go/pkg/config/templates in the docker-minor group (fix(docker): bump supabase/logflare from 1.44.1 to 1.44.3 in /apps/cli-go/pkg/config/templates in the docker-minor group #5558)
- test(cli): stabilize domains parity e2e (test(cli): stabilize domains parity e2e #5548)
- fix(cli): auto-retry db dump/pull via the IPv4 pooler on IPv6-only networks (fix(cli): auto-retry db dump/pull via the IPv4 pooler on IPv6-only networks #5493)
- fix(cli): avoid auth for local typegen and services (fix(cli): avoid auth for local typegen and services #5553)
- chore(api): sync Management API OpenAPI spec (chore(api): sync Management API OpenAPI spec #5564)
- feat(cli): port supabase inspect db to native TypeScript (feat(cli): port supabase inspect db to native TypeScript #5554)
- chore: sync API types from infrastructure (chore: sync API types from infrastructure #5562)
- chore(cli): organize lazy platform API factory (chore(cli): organize lazy platform API factory #5563)
- feat(cli): enable pg-delta by default for new projects (feat(cli): enable pg-delta by default for new projects #5511)
- fix(cli): handle custom domain response variants (fix(cli): handle custom domain response variants #5552)
- fix(cli): Upload symlinked files when seeding storage buckets (fix(cli): Upload symlinked files when seeding storage buckets #5499)
…to 7.0.0-dev.20260604.1 in the npm-major group (#5545) Bumps the npm-major group with 1 update: [@typescript/native-preview](https://github.com/microsoft/typescript-go). Updates `@typescript/native-preview` from 7.0.0-dev.20260603.1 to 7.0.0-dev.20260604.1 <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/microsoft/typescript-go/commits">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
## What changed Native TypeScript port of `supabase test db` and `supabase test new` into the legacy shell (stable channel), replacing the Phase-0 Go proxies. - **`test new`** — writes `supabase/tests/<name>_test.sql` from the embedded pgtap template; matches Go's relative-path success message, file location, and exit codes. `--template` (pgtap). - **`test db`** — `--db-url` / `--local` / `--linked` + variadic paths. Connects via `@effect/sql-pg` to enable/disable the pgTAP extension, then runs `supabase/pg_prove:3.36` through `docker run` (read-only volume mounts, `--security-opt label:disable`, local docker network or host networking). Honors `--network-id`, and the `db-url`/`linked`/`local` mutual-exclusivity is byte-for-byte identical to Go's cobra error. ## New shared infrastructure (for upcoming `db reset` / `db dump` ports) - `LegacyDbConnection` — Postgres connection seam (single swap point for the driver). - `LegacyDbConfigResolver` — `--db-url` / `--local` / `--linked` resolution, including the linked sub-flow (temp login-role via `V1CreateLoginRole`, pooler fallback with a public-suffix MITM domain check, network-ban unban, backoff). Ports Go's `flags.ParseDatabaseConfig` + `NewDbConfigWithPassword`. - `LegacyDockerRun` — one-shot `docker run` runner. The Management API stack is built lazily on the `--linked` branch only, so `--local` / `--db-url` never resolve an access token (auth-free, matching Go). ## Reviewer notes - **Driver choice:** added `@effect/sql-pg` (4.0.0-beta.75, pure-JS `pg`); verified it bundles and round-trips under `bun build --compile`. - **pgTAP drop-skip:** `PgClient` exposes no `OnNotice` hook, so "already installed" is detected with a `pg_extension` pre-check before enabling — equivalent observable behavior to Go's notice-code 42710 callback. - **Credentials** are kept out of all error output (docker spawn failure, db-url parse failure). - **Documented divergences** (see `SIDE_EFFECTS.md`): `test db` has no `--output-format` machine envelope (Go has none; TAP streams to stdout in all modes); the `[images] pgprove` config override is not modeled by the TS config schema. ## Known follow-up The `--linked` sub-flow (login-role / pooler / unban / backoff) is implemented and type-checked but lacks a dedicated integration test — it requires the real management runtime with a mocked HTTP transport and a real linked project to verify faithfully. The local/db-url resolver paths and `toml` parsing are covered. Closes CLI-1318
This PR was automatically created to sync API types from the infrastructure repository. Changes were detected in the generated API code after syncing with the latest spec from infrastructure. Co-authored-by: supabase-cli-releaser[bot] <246109035+supabase-cli-releaser[bot]@users.noreply.github.com>
## What kind of change does this PR introduce? Bug fix ## What is the current behavior? Currently, the API proxy is overwriting the `Authorization` header when forwarding to `/functions` ## What is the new behavior? Uses a custom `sb-api-key` header to handle the minted jwt ## Additional context Towards FUNC-681
Bumps the npm-major group with 3 updates: [@anthropic-ai/claude-agent-sdk](https://github.com/anthropics/claude-agent-sdk-typescript), [posthog-node](https://github.com/PostHog/posthog-js/tree/HEAD/packages/node) and [tldts](https://github.com/remusao/tldts). Updates `@anthropic-ai/claude-agent-sdk` from 0.3.162 to 0.3.163 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/anthropics/claude-agent-sdk-typescript/releases">@anthropic-ai/claude-agent-sdk's releases</a>.</em></p> <blockquote> <h2>v0.3.163</h2> <h2>What's changed</h2> <ul> <li><code>stop_task</code> control requests now return success when the target task is already gone (<code>not_found</code> or <code>not_running</code>), so SDK clients can reliably prune stale task chips</li> <li>Fixed SDK hosts being unable to add builtin MCP servers (e.g. <code>claude-in-chrome</code>) via <code>setMcpServers</code> when the CLI was launched without them</li> <li>Stop and SubagentStop hook events now support <code>additionalContext</code> in <code>hookSpecificOutput</code>, enabling non-error feedback that continues the turn</li> </ul> <h2>Update</h2> <pre lang="sh"><code>npm install @anthropic-ai/claude-agent-sdk@0.3.163 # or yarn add @anthropic-ai/claude-agent-sdk@0.3.163 # or pnpm add @anthropic-ai/claude-agent-sdk@0.3.163 # or bun add @anthropic-ai/claude-agent-sdk@0.3.163 </code></pre> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/anthropics/claude-agent-sdk-typescript/blob/main/CHANGELOG.md">@anthropic-ai/claude-agent-sdk's changelog</a>.</em></p> <blockquote> <h2>0.3.163</h2> <ul> <li><code>stop_task</code> control requests now return success when the target task is already gone (<code>not_found</code> or <code>not_running</code>), so SDK clients can reliably prune stale task chips</li> <li>Fixed SDK hosts being unable to add builtin MCP servers (e.g. <code>claude-in-chrome</code>) via <code>setMcpServers</code> when the CLI was launched without them</li> <li>Stop and SubagentStop hook events now support <code>additionalContext</code> in <code>hookSpecificOutput</code>, enabling non-error feedback that continues the turn</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/anthropics/claude-agent-sdk-typescript/commit/9f0a1ce68bf17cebfec58f161d79edd0bcaee633"><code>9f0a1ce</code></a> chore: Update CHANGELOG.md</li> <li>See full diff in <a href="https://github.com/anthropics/claude-agent-sdk-typescript/compare/v0.3.162...v0.3.163">compare view</a></li> </ul> </details> <br /> Updates `posthog-node` from 5.35.14 to 5.36.1 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/PostHog/posthog-js/blob/main/packages/node/CHANGELOG.md">posthog-node's changelog</a>.</em></p> <blockquote> <h2>5.36.17</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies []: <ul> <li><code>@posthog/core</code><a href="https://github.com/1"><code>@1</code></a>.32.3</li> </ul> </li> </ul> <h2>5.36.16</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies [<a href="https://github.com/PostHog/posthog-js/commit/25822acc0d16f9f1d6fbbd65da57b3e060c6c558"><code>25822ac</code></a>]: <ul> <li><code>@posthog/core</code><a href="https://github.com/1"><code>@1</code></a>.32.2</li> </ul> </li> </ul> <h2>5.36.15</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies []: <ul> <li><code>@posthog/core</code><a href="https://github.com/1"><code>@1</code></a>.32.1</li> </ul> </li> </ul> <h2>5.36.14</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies [<a href="https://github.com/PostHog/posthog-js/commit/612f97adebd3d863602533180ac4bee3f3ed731d"><code>612f97a</code></a>]: <ul> <li><code>@posthog/core</code><a href="https://github.com/1"><code>@1</code></a>.32.0</li> </ul> </li> </ul> <h2>5.36.13</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies []: <ul> <li><code>@posthog/core</code><a href="https://github.com/1"><code>@1</code></a>.31.4</li> </ul> </li> </ul> <h2>5.36.12</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies []: <ul> <li><code>@posthog/core</code><a href="https://github.com/1"><code>@1</code></a>.31.3</li> </ul> </li> </ul> <h2>5.36.11</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies []: <ul> <li><code>@posthog/core</code><a href="https://github.com/1"><code>@1</code></a>.31.2</li> </ul> </li> </ul> <h2>5.36.10</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/PostHog/posthog-js/commit/287ad9fcbb0990f770ab8e0a4311e8fcde6855be"><code>287ad9f</code></a> chore: update versions and lockfile [version bump]</li> <li><a href="https://github.com/PostHog/posthog-js/commit/dc1e1935b1e9e6f26b184e6adb19d68f44a5682e"><code>dc1e193</code></a> chore: update versions and lockfile [version bump]</li> <li><a href="https://github.com/PostHog/posthog-js/commit/9287c87b7d4cf00160269d0cc648074f27c0847a"><code>9287c87</code></a> feat: emit $is_server property on captured events (<a href="https://github.com/PostHog/posthog-js/tree/HEAD/packages/node/issues/3728">#3728</a>)</li> <li><a href="https://github.com/PostHog/posthog-js/commit/b539fcbe64515945a18190b6c973a1bd727b75f1"><code>b539fcb</code></a> chore: update versions and lockfile [version bump]</li> <li>See full diff in <a href="https://github.com/PostHog/posthog-js/commits/posthog-node@5.36.1/packages/node">compare view</a></li> </ul> </details> <br /> Updates `tldts` from 6.1.86 to 7.4.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/remusao/tldts/releases">tldts's releases</a>.</em></p> <blockquote> <h2>v7.4.2</h2> <h4>:scroll: Update Public Suffix List</h4> <ul> <li><code>tldts-experimental</code>, <code>tldts</code> <ul> <li>Update upstream public suffix list <a href="https://redirect.github.com/remusao/tldts/pull/2597">#2597</a> (<a href="https://github.com/remusao"><code>@remusao</code></a>)</li> </ul> </li> </ul> <h4>:nut_and_bolt: Dependencies</h4> <ul> <li>Bump eslint-plugin-prettier from 5.5.5 to 5.5.6 <a href="https://redirect.github.com/remusao/tldts/pull/2598">#2598</a> (<a href="https://github.com/dependabot%5Bbot%5D"><code>@dependabot[bot]</code></a>)</li> </ul> <h4>Authors: 2</h4> <ul> <li><a href="https://github.com/dependabot%5Bbot%5D"><code>@dependabot[bot]</code></a></li> <li>Rémi (<a href="https://github.com/remusao"><code>@remusao</code></a>)</li> </ul> <h2>v7.4.1</h2> <h4>:scroll: Update Public Suffix List</h4> <ul> <li><code>tldts-experimental</code>, <code>tldts-icann</code>, <code>tldts</code> <ul> <li>Update upstream public suffix list <a href="https://redirect.github.com/remusao/tldts/pull/2595">#2595</a> (<a href="https://github.com/remusao"><code>@remusao</code></a>)</li> </ul> </li> </ul> <h4>:memo: Documentation</h4> <ul> <li>docs: add a benchmark throughput chart to the README <a href="https://redirect.github.com/remusao/tldts/pull/2593">#2593</a> (<a href="https://github.com/remusao"><code>@remusao</code></a>)</li> </ul> <h4>:nut_and_bolt: Dependencies</h4> <ul> <li>Bump tmp from 0.2.5 to 0.2.7 <a href="https://redirect.github.com/remusao/tldts/pull/2596">#2596</a> (<a href="https://github.com/dependabot%5Bbot%5D"><code>@dependabot[bot]</code></a>)</li> <li>Bump typescript-eslint from 8.59.4 to 8.60.0 <a href="https://redirect.github.com/remusao/tldts/pull/2594">#2594</a> (<a href="https://github.com/dependabot%5Bbot%5D"><code>@dependabot[bot]</code></a>)</li> </ul> <h4>Authors: 2</h4> <ul> <li><a href="https://github.com/dependabot%5Bbot%5D"><code>@dependabot[bot]</code></a></li> <li>Rémi (<a href="https://github.com/remusao"><code>@remusao</code></a>)</li> </ul> <h2>v7.4.0</h2> <h4>:rocket: New Feature</h4> <ul> <li><code>tldts-experimental</code>, <code>tldts-icann</code>, <code>tldts-tests</code>, <code>tldts</code> <ul> <li>feat: add getFullDomain to return the full hostname incl. subdomain (<a href="https://redirect.github.com/remusao/tldts/issues/2322">#2322</a>) <a href="https://redirect.github.com/remusao/tldts/pull/2592">#2592</a> (<a href="https://github.com/remusao"><code>@remusao</code></a>)</li> </ul> </li> </ul> <h4>Authors: 1</h4> <ul> <li>Rémi (<a href="https://github.com/remusao"><code>@remusao</code></a>)</li> </ul> <h2>v7.3.1</h2> <h4>:bug: Bug Fix</h4> <ul> <li><code>tldts-core</code>, <code>tldts-tests</code> <ul> <li>fix: reject hostname labels that begin with a hyphen (<a href="https://redirect.github.com/remusao/tldts/issues/2395">#2395</a>) <a href="https://redirect.github.com/remusao/tldts/pull/2591">#2591</a> (<a href="https://github.com/remusao"><code>@remusao</code></a>)</li> </ul> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/remusao/tldts/blob/master/CHANGELOG.md">tldts's changelog</a>.</em></p> <blockquote> <h1>v7.4.2 (Sat May 30 2026)</h1> <h4>:scroll: Update Public Suffix List</h4> <ul> <li><code>tldts-experimental</code>, <code>tldts</code> <ul> <li>Update upstream public suffix list <a href="https://redirect.github.com/remusao/tldts/pull/2597">#2597</a> (<a href="https://github.com/remusao"><code>@remusao</code></a>)</li> </ul> </li> </ul> <h4>:nut_and_bolt: Dependencies</h4> <ul> <li>Bump eslint-plugin-prettier from 5.5.5 to 5.5.6 <a href="https://redirect.github.com/remusao/tldts/pull/2598">#2598</a> (<a href="https://github.com/dependabot%5Bbot%5D"><code>@dependabot[bot]</code></a>)</li> </ul> <h4>Authors: 2</h4> <ul> <li><a href="https://github.com/dependabot%5Bbot%5D"><code>@dependabot[bot]</code></a></li> <li>Rémi (<a href="https://github.com/remusao"><code>@remusao</code></a>)</li> </ul> <hr /> <h1>v7.4.1 (Sat May 30 2026)</h1> <h4>:scroll: Update Public Suffix List</h4> <ul> <li><code>tldts-experimental</code>, <code>tldts-icann</code>, <code>tldts</code> <ul> <li>Update upstream public suffix list <a href="https://redirect.github.com/remusao/tldts/pull/2595">#2595</a> (<a href="https://github.com/remusao"><code>@remusao</code></a>)</li> </ul> </li> </ul> <h4>:memo: Documentation</h4> <ul> <li>docs: add a benchmark throughput chart to the README <a href="https://redirect.github.com/remusao/tldts/pull/2593">#2593</a> (<a href="https://github.com/remusao"><code>@remusao</code></a>)</li> </ul> <h4>:nut_and_bolt: Dependencies</h4> <ul> <li>Bump tmp from 0.2.5 to 0.2.7 <a href="https://redirect.github.com/remusao/tldts/pull/2596">#2596</a> (<a href="https://github.com/dependabot%5Bbot%5D"><code>@dependabot[bot]</code></a>)</li> <li>Bump typescript-eslint from 8.59.4 to 8.60.0 <a href="https://redirect.github.com/remusao/tldts/pull/2594">#2594</a> (<a href="https://github.com/dependabot%5Bbot%5D"><code>@dependabot[bot]</code></a>)</li> </ul> <h4>Authors: 2</h4> <ul> <li><a href="https://github.com/dependabot%5Bbot%5D"><code>@dependabot[bot]</code></a></li> <li>Rémi (<a href="https://github.com/remusao"><code>@remusao</code></a>)</li> </ul> <hr /> <h1>v7.4.0 (Mon May 25 2026)</h1> <h4>:rocket: New Feature</h4> <ul> <li><code>tldts-experimental</code>, <code>tldts-icann</code>, <code>tldts-tests</code>, <code>tldts</code> <ul> <li>feat: add getFullDomain to return the full hostname incl. subdomain (<a href="https://redirect.github.com/remusao/tldts/issues/2322">#2322</a>) <a href="https://redirect.github.com/remusao/tldts/pull/2592">#2592</a> (<a href="https://github.com/remusao"><code>@remusao</code></a>)</li> </ul> </li> </ul> <h4>Authors: 1</h4> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/remusao/tldts/commit/4c41bb21f1d20fd8f71716c3fc7abd97a5e2f2a6"><code>4c41bb2</code></a> Bump version to: v7.4.2 [skip ci]</li> <li><a href="https://github.com/remusao/tldts/commit/b32840736ed13d26956a4ed24b314c3d7a86cb8d"><code>b328407</code></a> Update CHANGELOG.md [skip ci]</li> <li><a href="https://github.com/remusao/tldts/commit/468ae228a41545990f5c64da4c4a318647d8a8e3"><code>468ae22</code></a> Update upstream public suffix list (<a href="https://redirect.github.com/remusao/tldts/issues/2597">#2597</a>)</li> <li><a href="https://github.com/remusao/tldts/commit/f91813f03826a30ca8bdb3bc8617a706f980a0c4"><code>f91813f</code></a> Bump eslint-plugin-prettier from 5.5.5 to 5.5.6 (<a href="https://redirect.github.com/remusao/tldts/issues/2598">#2598</a>)</li> <li><a href="https://github.com/remusao/tldts/commit/e23f896fbbea39d50e008d235db118539e1db5d9"><code>e23f896</code></a> Bump version to: v7.4.1 [skip ci]</li> <li><a href="https://github.com/remusao/tldts/commit/131cf988373d738b17ebfcd8310573497589f6e3"><code>131cf98</code></a> Update CHANGELOG.md [skip ci]</li> <li><a href="https://github.com/remusao/tldts/commit/619d2f8edc6baa3dfe7b6a0e06b9ef500952e97a"><code>619d2f8</code></a> Update upstream public suffix list (<a href="https://redirect.github.com/remusao/tldts/issues/2595">#2595</a>)</li> <li><a href="https://github.com/remusao/tldts/commit/f9aea520941facec6bc4c407a705f32707380a16"><code>f9aea52</code></a> Bump tmp from 0.2.5 to 0.2.7 (<a href="https://redirect.github.com/remusao/tldts/issues/2596">#2596</a>)</li> <li><a href="https://github.com/remusao/tldts/commit/f047015e4b5d15ff4b03794135557510e14a02c6"><code>f047015</code></a> Bump typescript-eslint from 8.59.4 to 8.60.0 (<a href="https://redirect.github.com/remusao/tldts/issues/2594">#2594</a>)</li> <li><a href="https://github.com/remusao/tldts/commit/d6ec38590e4b6eb794147c917e2be57adb27fec9"><code>d6ec385</code></a> docs: add a benchmark throughput chart to the README (<a href="https://redirect.github.com/remusao/tldts/issues/2593">#2593</a>)</li> <li>Additional commits viewable in <a href="https://github.com/remusao/tldts/compare/v6.1.86...v7.4.2">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~GitHub%20Actions">GitHub Actions</a>, a new releaser for tldts since your current version.</p> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…i-go/pkg/config/templates in the docker-minor group (#5558) Bumps the docker-minor group in /apps/cli-go/pkg/config/templates with 1 update: supabase/logflare. Updates `supabase/logflare` from 1.44.1 to 1.44.3 [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This fixes a domains parity failure seen in the merge queue: https://github.com/supabase/cli/actions/runs/27341219425/job/80778254211 The failing domains case compared `domains get --project-ref ... --output json`. The Go CLI still writes the custom-hostname status line to stderr in machine-output mode, and because that status has no trailing newline it was sometimes hidden only when Go also printed an upgrade notice that the parity normalizer stripped. When that upgrade-check side effect was absent, the same command produced a stderr mismatch. This makes the domains parity expectation explicit by adding a generic, channel-aware normalization hook and keeping the Go custom-hostname patterns local to the domains e2e test. The strip only applies to stderr, so parity will still fail if a command pollutes structured stdout with human status text. This also fixes a later functions-dev e2e failure from CI: https://github.com/supabase/cli/actions/runs/27352417825/job/80817569233. The test edited function source and immediately asserted the updated response without waiting for the file watcher restart corresponding to that edit. It now waits for the next function-file restart before polling the function endpoint. While exercising the e2e suite locally, CLI subprocesses were also inheriting agent-detection environment variables from the developer shell, which changed output rendering and made local e2e behavior differ from CI. The e2e helpers now sanitize inherited agent-detection env by default while still allowing tests to opt in through explicit per-test env overrides.
…tworks (#5493) Closes [CLI-1593](https://linear.app/supabase/issue/CLI-1593/improve-db-dump-ipv6-error-guidance) ## What `supabase db dump` and `db pull` run `pg_dump` inside a Docker container. Supabase direct database hosts (`db.<ref>.supabase.co:5432`) are **IPv6-only** unless the IPv4 add-on is enabled, so on environments without working IPv6 in the container (very common on Docker Desktop for macOS) the operation failed with an opaque `error running container: exit 1`. This PR makes that path **self-healing**: when a remote dump/pull fails because the direct host is unreachable over IPv6, the CLI transparently resolves the project's **IPv4 transaction pooler**, warns the user, and retries once. If no pooler is available it falls back to an actionable error message pointing at `--db-url`. ## Why The host running the CLI often *does* have IPv6 (so the pre-flight dial succeeds and the direct config is selected), but the `pg_dump` **container** does not — so the failure only surfaces deep inside the container as a libpq/getaddrinfo error, hidden behind the generic container exit code. Users were left stuck with no hint, even though a working IPv4 pooler existed for their project. ## Behavior ```mermaid flowchart TD A["db dump / db pull (remote)"] --> B["Run pg_dump in Docker container<br/>(tee stderr for classification)"] B --> C{Succeeded?} C -->|yes| OK["Write dump ✓"] C -->|no| D{"stderr is an<br/>IPv6 connectivity error?"} D -->|no| SUG["Classify error → actionable suggestion"] D -->|yes| E{"Host is a direct<br/>db.<ref>.supabase.co?"} E -->|no| SUG E -->|yes| F{"IPv4 pooler<br/>config resolvable?"} F -->|no| SUG2["Suggest --db-url with the<br/>transaction pooler URL"] F -->|yes| G["Warn user · reset output ·<br/>retry once via IPv4 pooler"] G --> H{Retry succeeded?} H -->|yes| OK2["Write dump ✓<br/>(transparent recovery)"] H -->|no| SUG3["Classify retry error → suggestion"] ``` Happy-path auto-recovery (linked project, host has IPv6, container does not): ```mermaid sequenceDiagram actor U as User participant CLI as supabase db dump participant C as pg_dump container participant API as link cache / Management API U->>CLI: db dump (linked → direct host) CLI->>C: pg_dump → db.ref.supabase.co:5432 (IPv6) C-->>CLI: error: "No address associated with hostname"<br/>/ "Network is unreachable" (no IPv6 in container) Note over CLI: classify captured stderr → IPv6 connectivity error CLI->>API: resolve IPv4 transaction pooler + login role API-->>CLI: pooler config (port 5432) CLI-->>U: ⚠ Warning: retrying via the IPv4 connection pooler CLI->>C: pg_dump → aws-0-…pooler.supabase.com (IPv4) C-->>CLI: dump output CLI-->>U: dump written ✓ ``` ## How - **`internal/db/dump/pooler_fallback.go` — `RunWithPoolerFallback`** wraps the Docker-backed `pg_dump` operations. It runs the closure with an stderr-capturing exec; on failure it classifies the captured stderr and, if it's an IPv6 error against a direct host with a resolvable pooler, warns, resets the output, and retries once via the pooler. `resetOutput` rewinds the destination between attempts (`bytes.Buffer.Reset`, file `Truncate`+`Seek`, stdout ignored) so a partial first attempt isn't left behind. `--dry-run` skips the wrapper entirely. - **`internal/db/dump/dump.go` + `internal/db/pull/pull.go`** route their remote dump paths through `RunWithPoolerFallback` (dump data/role/schema; pull's experimental role+schema dump and `dumpRemoteSchema`). - **`internal/utils/flags/db_url.go` — `ResolvePoolerConfigForFallback`** returns an authenticated IPv4 transaction-pooler config: it prefers the pooler URL persisted at `supabase link` time, otherwise fetches it from the Management API, forces the transaction port, and authenticates via `SUPABASE_DB_PASSWORD` or a temporary login role. It's injected through a package variable so tests can stub the network call. - **`internal/utils/connect.go`** — detection (`isIPv6ConnectivityError`) covers `Address family for hostname not supported`, `No address associated with hostname`, `Network is unreachable`, and (gated on an IPv6 literal so genuine project-not-found / tenant errors keep their own hint) `No route to host` / `Cannot assign requested address`. The IPv6-literal regex matches both Go's bracketed `[…]` and libpq's parenthesised `(…)` forms. `ProjectRefFromDirectDbHost`, `WarnIPv6PoolerFallback`, and the existing `SetConnectSuggestion` / `SuggestIPv6Pooler` provide ref extraction, the retry warning, and the non-recoverable suggestion. ## Non-recoverable fallback (message only) When auto-retry isn't possible (not an IPv6 error, not a direct host, or no pooler), the command still fails — but with guidance instead of a bare exit code: ``` Your network does not support IPv6, which is required for direct connections to the database. Retry through the IPv4 transaction pooler by passing it to --db-url "postgres://postgres.<ref>:[YOUR-PASSWORD]@aws-0-<region>.pooler.supabase.com:6543/postgres" ``` ## Tests - `dump_test.go`: auto-retry succeeds via the pooler (asserts warning, output truncation/rewrite, no leftover suggestion); IPv6 failure with no pooler still surfaces the suggestion; `Cannot assign requested address` classification. - `connect_test.go`: detection matrix incl. the new signatures and `ProjectRefFromDirectDbHost`; `SuggestIPv6Pooler` enrichment. - `db_url_test.go`: `ResolvePoolerConfigForFallback` (persisted-URL vs Management API resolution). ## Notes - These `db` commands are still proxied to the bundled Go binary, so the fix lives in `apps/cli-go`. - The auto-retry only triggers for **direct Supabase hosts** — explicit `--db-url`/`--local` targets are never silently rerouted. https://claude.ai/code/session_01UaPk7dGPmiCqoKJHyV7SLz --------- Co-authored-by: Claude <noreply@anthropic.com>
Fixes CLI-1619. This removes eager Management API client construction from command paths that have tokenless behavior: - `gen types --local` and `--db-url` now use a lean runtime and lazily construct the platform API client only for linked/project-id generation. - `services` now uses a lean runtime so it can always print local service versions, while keeping the linked-version lookup optional when a token is available. - Command-wiring regression coverage exercises tokenless `gen types --local` and `services` invocations through the actual CLI command layers.
This PR was automatically created to sync the generated `@supabase/api` package with the latest Management API OpenAPI document. Changes were detected in the upstream OpenAPI document exposed by `https://api.supabase.com/api/v1-json`. Co-authored-by: jgoux <1443499+jgoux@users.noreply.github.com>
## What changed
Ports all of `supabase inspect db` (CLI-1316) from Phase 0 Go proxies to
native TypeScript in the legacy shell. The 13 active subcommands
(`db-stats`, `replication-slots`, `locks`, `blocking`, `outliers`,
`calls`, `index-stats`, `long-running-queries`, `bloat`, `role-stats`,
`vacuum-stats`, `table-stats`, `traffic-profile`) and their 12
deprecated aliases now connect to Postgres directly via the
already-ported `LegacyDbConnection`, run the embedded query, and render
Go-parity Glamour tables — no more shelling out to the Go binary.
### Highlights
- **`LegacyDbSession.query`** added to the connection service +
`@effect/sql-pg` layer (positional `client.unsafe(sql, params)`
binding); the one other object-literal consumer (`test db` mock)
updated.
- **Shared infra at `inspect/db/`**: `LegacyInspectQuerySpec` + the
`legacyRunInspectQuery` runner, pure cell formatters
(`%s`/`%t`/`%d`/`%.1f`/whitespace-collapsed stmt), the 29-entry
internal-schema list + `legacyLikeEscapeSchema`,
`legacyInspectDbRuntimeLayer`, command boilerplate
(`LEGACY_INSPECT_DB_FLAGS` + handler pipe), and the deprecation-notice
builder.
- **One verbatim `<name>.query.ts` spec per active subcommand**;
deprecated aliases route to the active spec — including preserving Go's
quirk where `table-record-counts` warns "table-stats" but runs the
index-stats query.
### Go parity preserved
- `--db-url` / `--linked` / `--local` selector flags (mutually
exclusive; `--linked` default-true derived from absence), no
`--project-ref`. **One deliberate divergence — see below.**
- "Connecting to local/remote database..." diagnostic on stderr
(matching `ConnectByConfig`).
- Statement cells collapse whitespace using Go's RE2 `\s` set
(`[\t\n\f\r ]` + individual `\v`), not JS `\s`.
- `vacuum-stats` renders 9 of 11 columns with the one-shot `-1` → `No
stats`; `bloat` uses the clean 4-column header.
- Deprecated aliases print `Command "<name>" is deprecated, use
"<target>" instead.` to stderr.
- `json` / `stream-json` modes emit `{ rows }` (additive — Go has no
machine output for inspect).
### Behavioral change vs Go ⚠️ (release note)
**Explicit `--linked=false` no longer triggers the mutual-exclusion
error.** Go uses cobra's `MarkFlagsMutuallyExclusive`, which keys off
whether a flag was *explicitly provided* (cobra's `Changed`), counting
even `--linked=false` as set. So in the Go CLI, `supabase inspect db
locks --linked=false --local` fails flag validation. This port checks
the parsed boolean value instead, so an explicit `--linked=false` is
indistinguishable from the default and the command proceeds to connect
using `--local` (or `--db-url`).
We're keeping the TS behavior intentionally — treating `--linked=false`
as "not selecting linked" rather than as a hard conflict is the more
sensible interpretation, and the realistic conflict cases (two
*positive* selectors set, e.g. `--linked --local` or `--db-url …
--local`) are still rejected exactly as in Go. Calling it out here so it
lands in the release notes as a deliberate, user-observable difference.
### Docs / tracking
- 25 per-subcommand proxy `SIDE_EFFECTS.md` consolidated into one shared
family doc.
- All 25 `inspect db` rows in `go-cli-porting-status.md` flipped
`wrapped` → `ported`.
Closes CLI-1316
This PR was automatically created to sync API types from the infrastructure repository. Changes were detected in the generated API code after syncing with the latest spec from infrastructure. Co-authored-by: supabase-cli-releaser[bot] <246109035+supabase-cli-releaser[bot]@users.noreply.github.com>
## Summary Extracts the lazy Management API client factory into auth-owned service and layer modules so command runtimes can share the same wiring instead of rebuilding it locally. The lean `gen types` runtime now consumes the shared lazy factory, while eager Management API runtimes adapt their already-built `LegacyPlatformApi` into the factory shape for project-ref resolution. This keeps tokenless command paths lazy without duplicating platform API construction in commands that intentionally authenticate up front.
First non-breaking step of CLI-1586 toward making pg-delta the default diff engine. New projects opt into pg-delta, and `db pull` now lets the configured engine drive its shadow diff. Existing projects are unaffected. ## New projects default to pg-delta (CLI-1587) `supabase init` now scaffolds `config.toml` with `[experimental.pgdelta] enabled = true`. The global default for an absent/undefined section stays migra, so existing projects are untouched and `enabled = false` remains a one-line rollback. The Go config template doubles as the source of programmatic defaults via `mergeDefaultValues` (it ejects the same template), so literally enabling pg-delta in the template would have flipped the default for **every** existing config. To keep this non-breaking, the `enabled` value is templated from an init-only flag `PgDeltaInitEnabled`: - `InitConfig` sets it from `InitParams.UsePgDelta`, which is opted in only by the `supabase init` command and `bootstrap`. Other `InitConfig` callers — including the `WriteConfig` test helper — leave it `false`, so they keep producing migra-default configs. - It is `false` when `Eject` feeds `mergeDefaultValues`, so configs without the section keep resolving to migra. Scoping the opt-in to the command (rather than unconditionally inside `InitConfig`) keeps the generated default from leaking into the global `utils.Config` during tests that scaffold a config, which would otherwise change unrelated `db start` behavior. The TS init template (`project-init.templates.ts`) writes `enabled = true` directly and stays byte-aligned with the Go scaffold (enforced by the existing parity test). ## `db pull` engine resolution When pg-delta is enabled (config or `EXPERIMENTAL_PG_DELTA`), `supabase db pull` keeps its **migration-file** workflow but defaults the shadow diff engine to pg-delta instead of migra. Specifically: - The migration-file workflow is preserved; enabling pg-delta in config does not switch `db pull` to declarative output. - The shadow diff engine default follows whether pg-delta is active, via the extracted, unit-tested helper `resolvePullDiffEngine`. - An explicit `--diff-engine migra` (or `enabled = false`) is an authoritative rollback that overrides the config default. - Declarative schema export remains opt-in via the `--declarative` flag; `--use-pg-delta` is kept as a deprecated alias whose message guides users to `--declarative` with `[experimental.pgdelta] enabled = true`. ## `db diff` engine resolution `resolveDiffEngine` (unit-tested) centralizes the decision: the config default applies unless an explicit non-pg-delta engine flag (`--use-migra`, `--use-pgadmin`, `--use-pg-schema`) is selected, which clears pg-delta mode so `diff.Run` skips pg-delta-specific declarative shadow setup and the `PGDELTA_DEBUG` path. The deprecated `db remote commit` is intentionally left unchanged. ## Notes for reviewers - `PgDeltaInitEnabled` is `toml:"-" json:"-"`, so it is never parsed from or serialized to config files — it only feeds template rendering. - The TS `--diff-engine` flag is optional and only forwarded when set, so the Go config-driven default applies when omitted; no TS behavior change was needed. - `--declarative` / `--use-pg-delta` are mutually exclusive with `--diff-engine`. - Restored the `auto_expose_new_tables` template comment to the develop wording after a rebase had reverted it. - Docs updated: `db diff` / `db pull` reference pages and the pull `SIDE_EFFECTS.md`. Closes CLI-1587 https://claude.ai/code/session_014k7CJwuyg5BBeQxTHHWWJY --------- Co-authored-by: Claude <noreply@anthropic.com>
## Summary Updates the checked-in OpenAPI override set for custom-domain responses so the generated API client accepts the response shapes observed in production. The custom hostname response can omit `ssl.validation_records`, nested `ownership_verification`, and the top-level `status` / `custom_hostname` envelope fields while domain setup is still processing. The generated Effect contracts now reflect those fields as optional across the custom-hostname operations that reuse this response schema. The CLI keeps Go-compatible structured output by backfilling zero values for omitted fields, while text output continues to render the custom hostname status from the raw response. Human status output is newline-terminated so interactive shell prompts do not redraw over the final ACME TXT record line.
## What kind of change does this PR introduce? Bug fix ## What is the current behavior? Symlinks are silently skipped in `supabase seed buckets`. ## What is the new behavior? This change considers symlinks as well for uploads instead of silently skipping them. Emits stderr warnings when a path is not a regular file. ## Additional context Closes #5498 --------- Co-authored-by: Julien Goux <hi@jgoux.dev>
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| * and `*`→`%` introduces only a `%`, sequential JS replaces are equivalent. | ||
| */ | ||
| export function legacyLikeEscapeSchema(schemas: ReadonlyArray<string>): ReadonlyArray<string> { | ||
| return schemas.map((schema) => schema.replace(/_/g, "\\_").replace(/\*/g, "%")); |
Member
There was a problem hiding this comment.
I think that can be dismissed except if user is renaming it's own schemas to inject value in it's own inspect db queries.
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: c66add07bf
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
Comment on lines
+180
to
+181
| if (flags.linked) setFlags.push("linked"); | ||
| if (flags.local) setFlags.push("local"); |
There was a problem hiding this comment.
This uses the parsed boolean value to emulate Cobra's Changed semantics, so explicit false boolean selectors are treated as absent. Effect CLI boolean flags elsewhere in this repo accept forms like --backup=false; with inspect db, a call such as supabase inspect db locks --local=false should still count local as the selected/changed connection flag like Go does, but this falls through to the linked default on line 193, and combinations such as --local=false --db-url ... are not rejected as mutually exclusive.
Useful? React with 👍 / 👎.
Comment on lines
+739
to
+740
| .replace(/(:\/\/[^:@/?#]*:).*(@)(?=[^@/?#]*(?:[/?#]|$))/, "$1[REDACTED]$2") | ||
| .replace(/(\bpassword\s*=\s*)('(?:[^'\\]|\\.)*'|'.*$|\S+)/i, "$1[REDACTED]"); |
There was a problem hiding this comment.
When a malformed libpq DSN contains more than one password= token, this non-global replacement masks only the first one before the parse error echoes the supplied connection string. For example, an input like password=old bad password=secret fails parsing at bad, but the returned error message still includes the later password=secret, which defeats the CWE-209 redaction this helper is meant to provide.
Useful? React with 👍 / 👎.
Comment on lines
+258
to
+260
| matches := ProjectHostPattern.FindStringSubmatch(host) | ||
| if len(matches) < 3 { | ||
| return "", false |
There was a problem hiding this comment.
The new IPv6 pooler fallback only works when this helper recognizes the direct database host, but it delegates to ProjectHostPattern, which is hard-coded to db.<ref>.supabase.(co|red). Linked projects on other supported profiles, such as the built-in snap profile with ProjectHost: "snapcloud.dev" in internal/utils/profile.go, produce hosts like db.<ref>.snapcloud.dev; when a Docker dump/pull hits the same IPv6 failure there, PoolerFallbackConfig returns false and never retries through the project's IPv4 pooler.
Useful? React with 👍 / 👎.
Adds support for creating projects with high availability from the TypeScript CLI path. The Management API runtime already accepts `high_availability`, but the published OpenAPI spec has not exposed it yet. This adds the field through the OpenAPI override system so the generated API types include it, then wires `supabase projects create --high-availability` through the shared project creation flow. Supersedes #5383, which was still draft and conflicted after the TypeScript project creation refactor.
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: ccd052e11a
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
Comment on lines
+62
to
+64
| // surface, so a `true` value means it was explicitly passed — matching | ||
| // cobra's `Changed` semantics. | ||
| const setFlags: Array<string> = []; |
There was a problem hiding this comment.
For test db, this uses the parsed boolean values to emulate Cobra's changed-flag exclusivity, so explicit false selectors are treated as absent. Effect CLI accepts boolean forms such as --backup=false (see apps/cli/src/shared/cli/hidden-flag.unit.test.ts), while the Go command marks db-url, linked, and local mutually exclusive based on Cobra Changed semantics (apps/cli-go/cmd/db.go registers the test db selector group). As a result, supabase test db --local=false --db-url ... or --local=false --linked is not rejected and can run against a different target than the Go CLI would.
Useful? React with 👍 / 👎.
| const authHeader = req.headers.get("authorization"); | ||
| if (!authHeader?.startsWith("Bearer ")) { | ||
| const bearerToken = req.headers.get("authorization")?.slice("Bearer ".length); | ||
| const sbApiKeyCompatibilityToken = req.headers.get("sb-api-key")?.replace("Bearer", "")?.trim(); |
There was a problem hiding this comment.
When the API proxy uses this new compatibility header for /functions/v1 auth, the same Request object is later passed to worker.fetch(req), so user function code can observe the internal sb-api-key header minted by the proxy. The Go edge-runtime template explicitly removes this header in prepareUserRequest before invoking the worker, so local functions that inspect or forward request headers now see a TS-stack-only credential-bearing header.
Useful? React with 👍 / 👎.
…emplates with 2 updates (#5570) Bumps the docker-minor group in /apps/cli-go/pkg/config/templates with 2 updates: supabase/realtime and supabase/storage-api. Updates `supabase/realtime` from v2.106.0 to v2.107.1 Updates `supabase/storage-api` from v1.60.15 to v1.60.17 Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…/apps/cli-go/pkg/config/templates (#5571) Bumps supabase/postgres from 17.6.1.134 to 17.6.1.135. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the npm-major group with 7 updates: | Package | From | To | | --- | --- | --- | | [@anthropic-ai/claude-agent-sdk](https://github.com/anthropics/claude-agent-sdk-typescript) | `0.3.163` | `0.3.166` | | [@anthropic-ai/sdk](https://github.com/anthropics/anthropic-sdk-typescript) | `0.100.1` | `0.101.0` | | [@types/react](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react) | `19.2.16` | `19.2.17` | | [posthog-node](https://github.com/PostHog/posthog-js/tree/HEAD/packages/node) | `5.36.1` | `5.36.3` | | [fumadocs-mdx](https://github.com/fuma-nama/fumadocs) | `15.0.10` | `15.0.11` | | [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.9.1` | `25.9.2` | | [@typescript/native-preview](https://github.com/microsoft/typescript-go) | `7.0.0-dev.20260604.1` | `7.0.0-dev.20260605.1` | Updates `@anthropic-ai/claude-agent-sdk` from 0.3.163 to 0.3.166 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/anthropics/claude-agent-sdk-typescript/releases">@anthropic-ai/claude-agent-sdk's releases</a>.</em></p> <blockquote> <h2>v0.3.166</h2> <h2>What's changed</h2> <ul> <li>Fixed MCP resource tools not being injected for servers added at runtime via the <code>mcp_set_servers</code> control request</li> </ul> <h2>Update</h2> <pre lang="sh"><code>npm install @anthropic-ai/claude-agent-sdk@0.3.166 # or yarn add @anthropic-ai/claude-agent-sdk@0.3.166 # or pnpm add @anthropic-ai/claude-agent-sdk@0.3.166 # or bun add @anthropic-ai/claude-agent-sdk@0.3.166 </code></pre> <h2>v0.3.165</h2> <h2>What's changed</h2> <ul> <li>Updated to parity with Claude Code v2.1.165</li> </ul> <h2>Update</h2> <pre lang="sh"><code>npm install @anthropic-ai/claude-agent-sdk@0.3.165 # or yarn add @anthropic-ai/claude-agent-sdk@0.3.165 # or pnpm add @anthropic-ai/claude-agent-sdk@0.3.165 # or bun add @anthropic-ai/claude-agent-sdk@0.3.165 </code></pre> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/anthropics/claude-agent-sdk-typescript/blob/main/CHANGELOG.md">@anthropic-ai/claude-agent-sdk's changelog</a>.</em></p> <blockquote> <h2>0.3.166</h2> <ul> <li>Fixed MCP resource tools not being injected for servers added at runtime via the <code>mcp_set_servers</code> control request</li> </ul> <h2>0.3.165</h2> <ul> <li>Updated to parity with Claude Code v2.1.165</li> </ul> <h2>0.3.164</h2> <ul> <li>Updated to parity with Claude Code v2.1.164</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/anthropics/claude-agent-sdk-typescript/commit/bc853fcd68b762af5ad5b18c0d4d6c7e8be72c4f"><code>bc853fc</code></a> chore: Update CHANGELOG.md</li> <li><a href="https://github.com/anthropics/claude-agent-sdk-typescript/commit/3bdcdcb343015c1aa08f138bf8cffd6b6e1f8aec"><code>3bdcdcb</code></a> chore: Update CHANGELOG.md</li> <li>See full diff in <a href="https://github.com/anthropics/claude-agent-sdk-typescript/compare/v0.3.163...v0.3.166">compare view</a></li> </ul> </details> <br /> Updates `@anthropic-ai/sdk` from 0.100.1 to 0.101.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/anthropics/anthropic-sdk-typescript/releases">@anthropic-ai/sdk's releases</a>.</em></p> <blockquote> <h2>sdk: v0.101.0</h2> <h2>0.101.0 (2026-06-05)</h2> <p>Full Changelog: <a href="https://github.com/anthropics/anthropic-sdk-typescript/compare/sdk-v0.100.1...sdk-v0.101.0">sdk-v0.100.1...sdk-v0.101.0</a></p> <h3>Features</h3> <ul> <li><strong>client:</strong> add support for middleware (<a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/9b011207965540211cefb19d44d758b7942aedab">9b01120</a>)</li> </ul> <h3>Bug Fixes</h3> <ul> <li>apply request timeout to inner fetch only, not middleware chain (<a href="https://redirect.github.com/anthropics/anthropic-sdk-typescript/issues/40">#40</a>) (<a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/25c13f6183391f006396f16a9bd9a2c2f710d52c">25c13f6</a>)</li> <li><strong>streaming:</strong> carry stop_details through beta message_delta accumulation (<a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/ed3fec7ace406fe4b0ca3494439061695dabf475">ed3fec7</a>)</li> <li><strong>streaming:</strong> correctly parse json numbers with scientific notation (<a href="https://redirect.github.com/anthropics/anthropic-sdk-typescript/issues/9">#9</a>) (<a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/7d5e6422dc5b58bc991c1587c4f1a0e8e753f2a5">7d5e642</a>)</li> </ul> <h3>Chores</h3> <ul> <li><strong>internal:</strong> fix artifact url (<a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/925ec276fa97baf63d3643f24430bd2a8302c5dc">925ec27</a>)</li> <li><strong>internal:</strong> fix branch names (<a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/fa3cf2c491f0ed274dc7839779f7fd91c15b5dbf">fa3cf2c</a>)</li> <li><strong>internal:</strong> update private repo name (<a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/a8ac213b8ce0955bd66f0b2f5bcecc2976867fb2">a8ac213</a>)</li> </ul> <h3>Documentation</h3> <ul> <li>point security reports to Anthropic's HackerOne program (<a href="https://redirect.github.com/anthropics/anthropic-sdk-typescript/issues/16">#16</a>) (<a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/5c7912c36e0210c6cbc773a32a7ba983aaf611df">5c7912c</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/anthropics/anthropic-sdk-typescript/blob/main/CHANGELOG.md">@anthropic-ai/sdk's changelog</a>.</em></p> <blockquote> <h2>0.101.0 (2026-06-05)</h2> <p>Full Changelog: <a href="https://github.com/anthropics/anthropic-sdk-typescript/compare/sdk-v0.100.1...sdk-v0.101.0">sdk-v0.100.1...sdk-v0.101.0</a></p> <h3>Features</h3> <ul> <li><strong>client:</strong> add support for middleware (<a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/9b011207965540211cefb19d44d758b7942aedab">9b01120</a>)</li> </ul> <h3>Bug Fixes</h3> <ul> <li>apply request timeout to inner fetch only, not middleware chain (<a href="https://redirect.github.com/anthropics/anthropic-sdk-typescript/issues/40">#40</a>) (<a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/25c13f6183391f006396f16a9bd9a2c2f710d52c">25c13f6</a>)</li> <li><strong>streaming:</strong> carry stop_details through beta message_delta accumulation (<a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/ed3fec7ace406fe4b0ca3494439061695dabf475">ed3fec7</a>)</li> <li><strong>streaming:</strong> correctly parse json numbers with scientific notation (<a href="https://redirect.github.com/anthropics/anthropic-sdk-typescript/issues/9">#9</a>) (<a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/7d5e6422dc5b58bc991c1587c4f1a0e8e753f2a5">7d5e642</a>)</li> </ul> <h3>Chores</h3> <ul> <li><strong>internal:</strong> fix artifact url (<a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/925ec276fa97baf63d3643f24430bd2a8302c5dc">925ec27</a>)</li> <li><strong>internal:</strong> fix branch names (<a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/fa3cf2c491f0ed274dc7839779f7fd91c15b5dbf">fa3cf2c</a>)</li> <li><strong>internal:</strong> update private repo name (<a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/a8ac213b8ce0955bd66f0b2f5bcecc2976867fb2">a8ac213</a>)</li> </ul> <h3>Documentation</h3> <ul> <li>point security reports to Anthropic's HackerOne program (<a href="https://redirect.github.com/anthropics/anthropic-sdk-typescript/issues/16">#16</a>) (<a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/5c7912c36e0210c6cbc773a32a7ba983aaf611df">5c7912c</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/185ec061cfe8cccd1af6fd118142ebd72e350379"><code>185ec06</code></a> chore: release main</li> <li><a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/fab891069a2d78e31f92098b0b9c8f81f925998f"><code>fab8910</code></a> codegen metadata</li> <li><a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/7ff4036756df6cf3b3ff69b6fee95c7d0dff8b9d"><code>7ff4036</code></a> fix: apply request timeout to inner fetch only, not middleware chain (<a href="https://redirect.github.com/anthropics/anthropic-sdk-typescript/issues/40">#40</a>)</li> <li><a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/257bc1f56bb391c03bc30c4e16f61e22a3eba762"><code>257bc1f</code></a> feat(client): add support for middleware</li> <li><a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/5b3ace5ec52d91780e78e0b64a199c57c5fdcfea"><code>5b3ace5</code></a> chore(internal): fix artifact url</li> <li><a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/70966be8fc07edbe6129eadc011c7b5ee8dbe131"><code>70966be</code></a> fix(streaming): correctly parse json numbers with scientific notation (<a href="https://redirect.github.com/anthropics/anthropic-sdk-typescript/issues/9">#9</a>)</li> <li><a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/7e22f205524aeb63324b9f1c6f433a82392c520a"><code>7e22f20</code></a> docs: point security reports to Anthropic's HackerOne program (<a href="https://redirect.github.com/anthropics/anthropic-sdk-typescript/issues/16">#16</a>)</li> <li><a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/e569db5e38c4714ba40c4dacedadf0e25941871e"><code>e569db5</code></a> chore(internal): fix branch names</li> <li><a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/4725328d9acdc2a2191932152ac5747eb1f6a1cd"><code>4725328</code></a> fix(streaming): carry stop_details through beta message_delta accumulation</li> <li><a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/f90eb81687606cc484fed6866ed5868cafac2f7a"><code>f90eb81</code></a> chore(internal): update private repo name</li> <li>See full diff in <a href="https://github.com/anthropics/anthropic-sdk-typescript/compare/sdk-v0.100.1...sdk-v0.101.0">compare view</a></li> </ul> </details> <br /> Updates `@types/react` from 19.2.16 to 19.2.17 <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react">compare view</a></li> </ul> </details> <br /> Updates `posthog-node` from 5.36.1 to 5.36.3 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/PostHog/posthog-js/blob/main/packages/node/CHANGELOG.md">posthog-node's changelog</a>.</em></p> <blockquote> <h2>5.36.17</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies []: <ul> <li><code>@posthog/core</code><a href="https://github.com/1"><code>@1</code></a>.32.3</li> </ul> </li> </ul> <h2>5.36.16</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies [<a href="https://github.com/PostHog/posthog-js/commit/25822acc0d16f9f1d6fbbd65da57b3e060c6c558"><code>25822ac</code></a>]: <ul> <li><code>@posthog/core</code><a href="https://github.com/1"><code>@1</code></a>.32.2</li> </ul> </li> </ul> <h2>5.36.15</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies []: <ul> <li><code>@posthog/core</code><a href="https://github.com/1"><code>@1</code></a>.32.1</li> </ul> </li> </ul> <h2>5.36.14</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies [<a href="https://github.com/PostHog/posthog-js/commit/612f97adebd3d863602533180ac4bee3f3ed731d"><code>612f97a</code></a>]: <ul> <li><code>@posthog/core</code><a href="https://github.com/1"><code>@1</code></a>.32.0</li> </ul> </li> </ul> <h2>5.36.13</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies []: <ul> <li><code>@posthog/core</code><a href="https://github.com/1"><code>@1</code></a>.31.4</li> </ul> </li> </ul> <h2>5.36.12</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies []: <ul> <li><code>@posthog/core</code><a href="https://github.com/1"><code>@1</code></a>.31.3</li> </ul> </li> </ul> <h2>5.36.11</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies []: <ul> <li><code>@posthog/core</code><a href="https://github.com/1"><code>@1</code></a>.31.2</li> </ul> </li> </ul> <h2>5.36.10</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/PostHog/posthog-js/commit/e0ebad51a12ea6276f9fda7ecd6cb57a6ff8f3a1"><code>e0ebad5</code></a> chore: update versions and lockfile [version bump]</li> <li><a href="https://github.com/PostHog/posthog-js/commit/a8fd22825d9e9203ed88084d2c07b7b31e585f2f"><code>a8fd228</code></a> chore: update versions and lockfile [version bump]</li> <li>See full diff in <a href="https://github.com/PostHog/posthog-js/commits/posthog-node@5.36.3/packages/node">compare view</a></li> </ul> </details> <br /> Updates `fumadocs-mdx` from 15.0.10 to 15.0.11 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/fuma-nama/fumadocs/releases">fumadocs-mdx's releases</a>.</em></p> <blockquote> <h2>fumadocs-mdx@15.0.11</h2> <h3>Patch Changes</h3> <ul> <li>2d65ceb: Support hot reload in <code>source.config.ts</code> with Vite plugin</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/fuma-nama/fumadocs/commit/2ea0ed0aa8ce11d09b3c02a4e39f76624f05e23c"><code>2ea0ed0</code></a> Version Packages (<a href="https://redirect.github.com/fuma-nama/fumadocs/issues/3339">#3339</a>)</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/6dc8812030222c1d1939a1ba0d9bb588560c09ad"><code>6dc8812</code></a> feat(preview): use waku beta 2</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/e714fff621ce6dc201311768dd32c8f4f1e84bc9"><code>e714fff</code></a> Merge pull request <a href="https://redirect.github.com/fuma-nama/fumadocs/issues/3338">#3338</a> from fuma-nama/changeset-release/dev</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/00e3be44926a6604c6c35652e318f2082362c20e"><code>00e3be4</code></a> update editor settings</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/a62a45de0b1128bdfe05dca0cccd75385321c3c2"><code>a62a45d</code></a> chore: bump deps</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/2d65ceb343e6770befea742f3ab41b847e4091a8"><code>2d65ceb</code></a> feat(mdx): support hot reload in <code>source.config.ts</code> with Vite plugin</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/0155ff608f5ce9656bd5a5fc8c7dfd0a523aeb23"><code>0155ff6</code></a> fix lint</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/fef7a73cd5d530ebd5a6c4f314b4af52058a2d0b"><code>fef7a73</code></a> chore: fix warning</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/6cb229cc4cc27eb95540483ed3910d08f28de707"><code>6cb229c</code></a> Version Packages (<a href="https://redirect.github.com/fuma-nama/fumadocs/issues/3336">#3336</a>)</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/9a6ac875c6a0332c5a1f5a3a21a474ffc8136330"><code>9a6ac87</code></a> docs: add sections to landing page</li> <li>Additional commits viewable in <a href="https://github.com/fuma-nama/fumadocs/compare/fumadocs-mdx@15.0.10...fumadocs-mdx@15.0.11">compare view</a></li> </ul> </details> <br /> Updates `@types/node` from 25.9.1 to 25.9.2 <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node">compare view</a></li> </ul> </details> <br /> Updates `@typescript/native-preview` from 7.0.0-dev.20260604.1 to 7.0.0-dev.20260605.1 <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/microsoft/typescript-go/commits">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 20c4c86b14
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| const authHeader = req.headers.get("authorization"); | ||
| if (!authHeader?.startsWith("Bearer ")) { | ||
| const bearerToken = req.headers.get("authorization")?.slice("Bearer ".length); | ||
| const sbApiKeyCompatibilityToken = req.headers.get("sb-api-key")?.replace("Bearer", "")?.trim(); |
There was a problem hiding this comment.
When /functions/v1 auth is transformed by the API proxy, sb-api-key carries the raw anon/service JWT. This replace("Bearer", "") removes the first Bearer substring anywhere in that JWT, so a locally generated key whose base64url payload or signature happens to contain those six characters is corrupted before verification and valid requests fail with Invalid JWT. Strip only a leading Bearer prefix, or leave the raw header unchanged otherwise.
Useful? React with 👍 / 👎.
| export function prepareUserRequest(req: Request): Request { | ||
| const clonedURL = new URL(req.url) | ||
| const forwardedHost = req.headers.get('x-forwarded-host') | ||
| clonedURL.hostname = forwardedHost ?? clonedURL.hostname |
There was a problem hiding this comment.
When Kong supplies x-forwarded-host with the public API host (commonly including the port, e.g. 127.0.0.1:54321), assigning it to URL.hostname either ignores the value because it contains : or keeps the edge-runtime port from the original URL. In those local function invocations, user code that reads req.url still sees the internal edge-runtime host/port instead of the API URL, breaking redirects or absolute callback URLs; assign to clonedURL.host (or split host/port) instead.
Useful? React with 👍 / 👎.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.