Skip to content

[Snyk] Upgrade @supabase/supabase-js from 2.86.2 to 2.89.0#44

Open
UsmanBuk wants to merge 1 commit intomainfrom
snyk-upgrade-fb2f8e9b9a06909237f565634f1205a9
Open

[Snyk] Upgrade @supabase/supabase-js from 2.86.2 to 2.89.0#44
UsmanBuk wants to merge 1 commit intomainfrom
snyk-upgrade-fb2f8e9b9a06909237f565634f1205a9

Conversation

@UsmanBuk
Copy link
Owner

@UsmanBuk UsmanBuk commented Jan 18, 2026
edited by codeant-ai bot
Loading

User description

snyk-top-banner

Snyk has created this PR to upgrade @supabase/supabase-js from 2.86.2 to 2.89.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 20 versions ahead of your current version.

  • The recommended version was released a month ago.

Release notes
Package name: @supabase/supabase-js
  • 2.89.0 - 2025-12-18

    2.89.0 (2025-12-18)

    🚀 Features

    • auth: add X (OAuth 2.0) provider (#1960)
    • auth: add string array support for AMR claims (#1967)
    • supabase: export DatabaseWithoutInternals utility type (#1935)

    ❤️ Thank You

  • 2.88.1-canary.1 - 2025-12-17

    2.88.1-canary.1 (2025-12-17)

    🚀 Features

    • auth: add string array support for AMR claims (#1967)

    ❤️ Thank You

  • 2.88.1-canary.0 - 2025-12-17

    2.88.1-canary.0 (2025-12-17)

    🚀 Features

    • auth: add X (OAuth 2.0) provider (#1960)

    ❤️ Thank You

  • 2.88.0 - 2025-12-16

    2.88.0 (2025-12-16)

    🚀 Features

    • auth: allow custom predicate for detectSessionInUrl option (#1958)
    • postgrest: add notin filter (#1957)
    • repo: migrate build system to tsdown for proper ESM/CJS support (#1961)

    🩹 Fixes

    • realtime: handle websocket race condition in node.js (#1946)
    • realtime: omit authorization header when no access token exists (#1937)

    ❤️ Thank You

  • 2.87.4-canary.5 - 2025-12-16

    2.87.4-canary.5 (2025-12-16)

    🚀 Features

    • repo: migrate build system to tsdown for proper ESM/CJS support (#1961)

    ❤️ Thank You

  • 2.87.4-canary.4 - 2025-12-16

    2.87.4-canary.4 (2025-12-16)

    🚀 Features

    🩹 Fixes

    • auth: extension (714fb616)
    • repo: backwards compatible deep import (e81ec6e4)
    • repo: remove deep internal imports from tests (06e1ab87)
    • repo: build before test tupes (13ae5ac7)
    • repo: from tsup to tsdown (d7717526)
    • repo: make sure its backwards compatible (372f63ed)
    • repo: remove old build commands (e5737c8c)
    • repo: restore package lock (5cfe4646)

    ❤️ Thank You

    • Katerina Skroumpelou
  • 2.87.4-canary.3 - 2025-12-16

    2.87.4-canary.3 (2025-12-16)

    🚀 Features

    • auth: allow custom predicate for detectSessionInUrl option (#1958)

    ❤️ Thank You

  • 2.87.4-canary.2 - 2025-12-16

    2.87.4-canary.2 (2025-12-16)

    🚀 Features

    • postgrest: add notin filter (#1957)

    ❤️ Thank You

  • 2.87.4-canary.1 - 2025-12-16

    2.87.4-canary.1 (2025-12-16)

    🩹 Fixes

    • realtime: omit authorization header when no access token exists (#1937)

    ❤️ Thank You

  • 2.87.4-canary.0 - 2025-12-15
  • 2.87.3 - 2025-12-15
  • 2.87.3-canary.1 - 2025-12-15
  • 2.87.3-canary.0 - 2025-12-15
  • 2.87.2 - 2025-12-15
  • 2.87.2-canary.0 - 2025-12-15
  • 2.87.1 - 2025-12-09
  • 2.87.1-canary.1 - 2025-12-08
  • 2.87.1-canary.0 - 2025-12-08
  • 2.87.0 - 2025-12-08
  • 2.86.3-canary.0 - 2025-12-05
  • 2.86.2 - 2025-12-04
from @supabase/supabase-js GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

CodeAnt-AI Description

Upgrade @supabase/supabase-js to 2.89.0 and update dependent packages

What Changed

  • Replaced @supabase/supabase-js 2.86.2 with 2.89.0 in package.json so the app now installs the newer Supabase client
  • Updated Supabase subpackages in the lockfile (auth, functions, postgrest, realtime, storage) to 2.89.0, and bumped related transitive packages (e.g., iceberg-js)
  • Upgraded the WebSocket library from ws 8.18.3 to 8.19.0 and refreshed package-lock.json to match the new dependency tree

Impact

✅ Supabase client v2.89.0 used in builds and runtime
✅ Realtime/WebSocket stack updated to ws 8.19.0
✅ package-lock synchronized with dependency upgrades

💡 Usage Guide

Checking Your Pull Request

Every time you make a pull request, our system automatically looks through it. We check for security issues, mistakes in how you're setting up your infrastructure, and common code problems. We do this to make sure your changes are solid and won't cause any trouble later.

Talking to CodeAnt AI

Got a question or need a hand with something in your pull request? You can easily get in touch with CodeAnt AI right here. Just type the following in a comment on your pull request, and replace "Your question here" with whatever you want to ask:

@codeant-ai ask: Your question here

This lets you have a chat with CodeAnt AI about your pull request, making it easier to understand and improve your code.

Example

@codeant-ai ask: Can you suggest a safer alternative to storing this secret?

Preserve Org Learnings with CodeAnt

You can record team preferences so CodeAnt AI applies them in future reviews. Reply directly to the specific CodeAnt AI suggestion (in the same thread) and replace "Your feedback here" with your input:

@codeant-ai: Your feedback here

This helps CodeAnt AI learn and adapt to your team's coding style and standards.

Example

@codeant-ai: Do not flag unused imports.

Retrigger review

Ask CodeAnt AI to review the PR again, by typing:

@codeant-ai: review

Check Your Repository Health

To analyze the health of your code repository, visit our dashboard at https://app.codeant.ai. This tool helps you identify potential issues and areas for improvement in your codebase, ensuring your repository maintains high standards of code health.

@snyk-bot
fix: upgrade @supabase/supabase-js from 2.86.2 to 2.89.0
0e9a7c0 
Snyk has created this PR to upgrade @supabase/supabase-js from 2.86.2 to 2.89.0.

See this package in npm:
@supabase/supabase-js

See this project in Snyk:
https://app.snyk.io/org/usmanbuk/project/6f2ddca2-b077-48d1-81bb-56e1bf375d91?utm_source=github&utm_medium=referral&page=upgrade-pr
@codeant-ai
Copy link

codeant-ai bot commented Jan 18, 2026

CodeAnt AI is reviewing your PR.

Thanks for using CodeAnt! 🎉

We're free for open-source projects. if you're enjoying it, help us grow by sharing.

Share on X ·
Reddit ·
LinkedIn

@coderabbitai
Copy link

coderabbitai bot commented Jan 18, 2026

Important

Review skipped

Ignore keyword(s) in the title.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch snyk-upgrade-fb2f8e9b9a06909237f565634f1205a9

Comment @coderabbitai help to get the list of available commands and usage tips.

@codeant-ai codeant-ai bot added the size:S This PR changes 10-29 lines, ignoring generated files label Jan 18, 2026
@codeant-ai
Copy link

codeant-ai bot commented Jan 18, 2026

CodeAnt AI finished reviewing your PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

size:S This PR changes 10-29 lines, ignoring generated files

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@UsmanBuk @snyk-bot