chore: production deploy#5874
Conversation
supabase-cli-releaser
Bot
commented
Jul 14, 2026
- fix(cli): read piped stdin for gen signing-key's overwrite prompt (Go parity) (fix(cli): read piped stdin for gen signing-key's overwrite prompt (Go parity) #5794)
- docs(cli): correct inaccurate SIDE_EFFECTS.md and AGENTS.md claims (docs(cli): correct inaccurate SIDE_EFFECTS.md and AGENTS.md claims #5813)
- docs(cli): fix fabricated SUPABASE_API_URL and bare PROJECT_ID env-var references (docs(cli): fix fabricated SUPABASE_API_URL and bare PROJECT_ID env-var references #5811)
- feat(cli): port db push, db reset, and db start to native TypeScript (feat(cli): port db push, db reset, and db start to native TypeScript #5715)
- fix(cli): functions deploy --jobs validation + bundler routing (Go parity) (fix(cli): functions deploy --jobs validation + bundler routing (Go parity) #5797)
- fix(cli): exempt enum/choice flags from telemetry redaction (Go isEnumFlag parity) (fix(cli): exempt enum/choice flags from telemetry redaction (Go isEnumFlag parity) #5810)
- chore(api): sync Management API OpenAPI spec (chore(api): sync Management API OpenAPI spec #5818)
- fix(cli): use cobra's exact mutual-exclusivity error for functions deploy/download (fix(cli): use cobra's exact mutual-exclusivity error for functions deploy/download #5804)
- fix(cli): warn but skip remote lookup for a malformed services project ref (fix(cli): warn but skip remote lookup for a malformed services project ref #5802)
- fix(cli): default functions download --use-docker to true (Go parity) (fix(cli): default functions download --use-docker to true (Go parity) #5793)
- fix(cli): functions delete/download mark --project-ref telemetry-safe (Go parity) (fix(cli): functions delete/download mark --project-ref telemetry-safe (Go parity) #5809)
- fix(cli): secrets set tolerates a malformed config.toml (Go parity) (fix(cli): secrets set tolerates a malformed config.toml (Go parity) #5796)
- fix(cli): telemetry enable/disable fire cli_command_executed on pre-toggle consent (fix(cli): telemetry enable/disable fire cli_command_executed on pre-toggle consent #5798)
- fix(deps): bump the go-minor group across 2 directories with 1 update (fix(deps): bump the go-minor group across 2 directories with 1 update #5821)
- chore(ci): bump the actions-major group with 2 updates (chore(ci): bump the actions-major group with 2 updates #5824)
- fix(deps): bump the npm-major group with 6 updates (fix(deps): bump the npm-major group with 6 updates #5823)
- chore(deps): bump golang.org/x/crypto from 0.50.0 to 0.52.0 in /apps/cli-go/pkg (chore(deps): bump golang.org/x/crypto from 0.50.0 to 0.52.0 in /apps/cli-go/pkg #5825)
- fix(cli): colima socket (fix(cli): colima socket #5820)
- fix(docker): bump the docker-minor group in /apps/cli-go/pkg/config/templates with 3 updates (fix(docker): bump the docker-minor group in /apps/cli-go/pkg/config/templates with 3 updates #5822)
- fix(cli): remove "nano" from projects/branches create --size enum (fix(cli): remove "nano" from projects/branches create --size enum #5799)
- docs(cli): disclose --high-availability as TS-only on projects create (docs(cli): disclose --high-availability as TS-only on projects create #5800)
- fix(cli): run pg-delta/--experimental gate before mutex check in db schema declarative (fix(cli): run pg-delta/--experimental gate before mutex check in db schema declarative #5828)
- fix(cli): exit 0 for bare group commands to match Go cobra parity (fix(cli): exit 0 for bare group commands to match Go cobra parity #5827)
- feat(cli): port supabase stop and status commands to native TypeScript (feat(cli): port supabase stop and status commands to native TypeScript #5765)
- fix(deps): bump the npm-major group with 6 updates (fix(deps): bump the npm-major group with 6 updates #5835)
- chore(ci): bump the actions-major group with 4 updates (chore(ci): bump the actions-major group with 4 updates #5836)
- fix(docker): bump supabase/storage-api from v1.63.1 to v1.64.1 in /apps/cli-go/pkg/config/templates in the docker-minor group (fix(docker): bump supabase/storage-api from v1.63.1 to v1.64.1 in /apps/cli-go/pkg/config/templates in the docker-minor group #5834)
- fix(cli): remove doubled "Expected: Expected" prefix from Flag.choice/primitive errors (fix(cli): remove doubled "Expected: Expected" prefix from Flag.choice/primitive errors #5831)
- fix(cli): resolve global/persistent flag values in legacy telemetry (fix(cli): resolve global/persistent flag values in legacy telemetry #5830)
- fix(cli): use cobra's mutual-exclusivity error template for sso update (fix(cli): use cobra's mutual-exclusivity error template for sso update #5832)
- docs(cli): link Effect-TS upstream issue for doubled-Expected workaround (docs(cli): link Effect-TS upstream issue for doubled-Expected workaround #5837)
- fix(cli): validate config before the destructive db reset --local recreate (fix(cli): validate config before the destructive db reset --local recreate #5840)
- fix(cli): propagate delegated Go child exit codes through finalizers (fix(cli): propagate delegated Go child exit codes through finalizers #5841)
- fix(cli): legacy shell honors project .env for SUPABASE_YES + auth.enabled remote precedence (CLI-1878) (fix(cli): legacy shell honors project .env for SUPABASE_YES + auth.enabled remote precedence (CLI-1878) #5839)
- ci: add contribution gate workflow for external PRs (ci: add contribution gate workflow for external PRs #5843)
- fix(config-push): decrypt dotenvx encrypted: secrets instead of skipping (fix(config-push): decrypt dotenvx encrypted: secrets instead of skipping #5842)
- ci: exempt private org members from the contribution gate (ci: exempt private org members from the contribution gate #5848)
- fix(deps): bump github.com/posthog/posthog-go from 1.17.2 to 1.17.4 in /apps/cli-go in the go-minor group across 1 directory (fix(deps): bump github.com/posthog/posthog-go from 1.17.2 to 1.17.4 in /apps/cli-go in the go-minor group across 1 directory #5849)
- fix(deps): bump the npm-major group with 7 updates (fix(deps): bump the npm-major group with 7 updates #5850)
- chore(ci): bump docker/login-action from 4.3.0 to 4.4.0 in the actions-major group (chore(ci): bump docker/login-action from 4.3.0 to 4.4.0 in the actions-major group #5852)
- fix(docker): bump the docker-minor group in /apps/cli-go/pkg/config/templates with 3 updates (fix(docker): bump the docker-minor group in /apps/cli-go/pkg/config/templates with 3 updates #5851)
- fix(cli): suppress vendored effect CLI's stdout help-dump and duplicate error on parse failures (CLI-1901) (fix(cli): suppress vendored effect CLI's stdout help-dump and duplicate error on parse failures (CLI-1901) #5844)
- fix(cli): exempt global choice flags from telemetry redaction (Go isEnumFlag parity) (fix(cli): exempt global choice flags from telemetry redaction (Go isEnumFlag parity) #5855)
- fix(cli): match Go path.Match character-class negation in legacy seed globbing (fix(cli): match Go path.Match character-class negation in legacy seed globbing #5856)
- fix(deps): bump github.com/stripe/pg-schema-diff from 1.0.5 to 1.0.7 in /apps/cli-go in the go-minor group across 1 directory (fix(deps): bump github.com/stripe/pg-schema-diff from 1.0.5 to 1.0.7 in /apps/cli-go in the go-minor group across 1 directory #5858)
- fix(deps): bump the npm-major group with 3 updates (fix(deps): bump the npm-major group with 3 updates #5859)
- fix(deps): bump github.com/posthog/posthog-go from 1.17.4 to 1.17.5 in /apps/cli-go in the go-minor group across 1 directory (fix(deps): bump github.com/posthog/posthog-go from 1.17.4 to 1.17.5 in /apps/cli-go in the go-minor group across 1 directory #5865)
- chore(ci): bump aws-actions/configure-aws-credentials from 6.2.1 to 6.2.2 in the actions-major group (chore(ci): bump aws-actions/configure-aws-credentials from 6.2.1 to 6.2.2 in the actions-major group #5871)
… parity) (#5794) ## Current Behavior Go's overwrite-confirmation prompt for `gen signing-key` reads piped stdin even in non-TTY mode (`internal/utils/console.go`'s `PromptYesNo`/`ReadLine`, racing a 100ms timeout) and honors an explicit y/n answer. The TS port's `signing-key.handler.ts` had its own local `confirmOverwrite` that returned `true` unconditionally in non-TTY mode without reading stdin at all, so `echo n | supabase gen signing-key` silently overwrote the existing key file instead of canceling — a data-loss risk for scripted/CI usage. ## Expected Behavior - Deletes the local `confirmOverwrite` and switches the call site to the shared `legacyPromptYesNo` helper (already used by `seed buckets`, `config push`, `logout`, `storage rm`, `db pull`), which already correctly implements Go's non-TTY read-with-timeout-and-parse behavior. - Swaps `LegacyYesFlag` for `legacyResolveYes` (matching those same five callers), so `gen signing-key` now also honors `SUPABASE_YES` and an explicit `--yes=false`, matching Go's `viper.GetBool("YES")`. - Fails the overwrite closed (rather than silently defaulting to yes) when a real interactive TTY requests a non-text `--output-format` — this command has no structured json/stream-json payload (SIDE_EFFECTS.md), and the shared helper's own default-on-non-text short-circuit would otherwise silently overwrite irrecoverable key material with no prompt at all. A non-TTY caller (piped or not) is unaffected by this guard. Fixes CLI-1865
…5813) ## What kind of change does this PR introduce? Docs fix — Legacy port SIDE_EFFECTS.md / AGENTS.md accuracy (F3-F10, F12 from the parity audit). ## What is the current behavior? 11 `SIDE_EFFECTS.md` files and `AGENTS.md` contained factual errors where the code was already correct but the documentation was wrong — wrong file paths, a fabricated stdout message, an inverted claim about whether a command writes the linked-project cache, a missing json/stream-json output envelope, a fictitious subprocess name, a backwards project-ref claim, and a fabricated telemetry-identity call. Each claim was independently re-verified against `apps/cli-go/` (and, for the `completion` exit-code claim, against the actual compiled Go binary and the actual TS CLI) before editing. ## What is the new behavior? - **F3**: `db/branch/{create,delete,list,switch}` — corrected the current-branch file path to `supabase/.branches/_current_branch`, matching `internal/utils/misc.go:99`. - **F4**: `db/remote/commit` — removed the false claim it prints `Finished supabase db pull.` (that belongs only to `db pull`). - **F5**: `db/lint` — corrected: it DOES write the linked-project cache on `--linked`, matching Go's `ensureProjectGroupsCached`. - **F6**: `db/schema/declarative/generate` — corrected: it has a real json/stream-json success envelope. - **F7**: `db/schema/declarative/sync` — replaced a fictitious `migration up --local` subprocess with the real `db reset --local` recovery-path subprocess. - **F8**: `completion` — the doc's exit-code claim was backwards. Go exits `0` on both bare `completion` and an unrecognized shell subcommand (verified against the compiled binary); the legacy TS shell currently exits `1` for both — a genuine, systemic exit-code bug in the shared CLI harness, not `completion`-specific (it reproduces on any bare/unrecognized group-command invocation, e.g. `branches`). Rather than fixing the code here or describing the bug as intended, the doc now states Go's true behavior and flags the current TS divergence, filed separately as CLI-1906. - **F9**: `config/push` + `AGENTS.md` — corrected the linked-project-cache path (was a fabricated `~/.supabase/<hash>/...`, real path is `<workdir>/supabase/.temp/linked-project.json`) and fixed an adjacent conflation where the project-ref-fallback file was wrongly attributed to the same cache file, when it's actually a separate file (`<workdir>/supabase/.temp/project-ref`). - **F10**: `branches/update` — corrected: the upgrade-suggest call uses the branch's own resolved ref, not the parent `--project-ref`. - **F12**: `AGENTS.md` telemetry table — removed a fabricated `analytics.identify(gotrueId)` claim from the `login` row; Go's `StitchLogin` only aliases. A second, wider pre-existing doc bug was found during F9's verification (the same fabricated linked-project-cache path is copy-pasted across 29 other `SIDE_EFFECTS.md` files not touched here) — filed separately as CLI-1907 rather than expanding this diff. Docs-only change; no `.ts`/`.go` files touched. `pnpm check:all` passes.
…r references (#5811) ## What kind of change does this PR introduce? Docs fix — Legacy port SIDE_EFFECTS.md accuracy. ## What is the current behavior? Two systemic env-var documentation errors across `src/legacy/**/SIDE_EFFECTS.md`, found in the parity audit: - **~36 files** document `SUPABASE_API_URL` as a real override for the Management API base URL. No such env var exists in Go: `SetEnvPrefix("SUPABASE")` + `AutomaticEnv()` never binds `API_URL`, there's no `os.Getenv("SUPABASE_API_URL")` anywhere, and the `Profile.api_url` field loads on a separate, unbound `viper.New()` instance (`internal/utils/profile.go:99`). The real override is `SUPABASE_PROFILE` (built-in name or a path to a YAML profile file). - **~18 files** document bare `PROJECT_ID` as if it were itself a settable env var. It's Go's internal viper key name — the real, user-facing env var is `SUPABASE_PROJECT_ID` (`viper.GetString("PROJECT_ID")` under the global `SetEnvPrefix("SUPABASE")` singleton, `internal/utils/flags/project_ref.go:62`). Both claims were independently verified against the real Go source and, for the viper-specific mechanics, a compiled test program against the exact pinned `github.com/spf13/viper v1.21.0`. ## What is the new behavior? - Removed the fabricated `SUPABASE_API_URL` rows; where a file didn't already document `SUPABASE_PROFILE`, added a real row for it (including the persisted `~/.supabase/profile` fallback step in the resolution chain, matching `legacy-cli-config.layer.ts`). - Corrected every bare `PROJECT_ID` mention (Environment Variables tables, Files Read "When" columns, and prose) to `SUPABASE_PROJECT_ID`, converging on the dominant convention already used correctly across ~15 sibling files. - Left `db/advisors/SIDE_EFFECTS.md` untouched — it already correctly documents that `SUPABASE_API_URL` is not honored. - Filed follow-ups for two related-but-out-of-scope findings surfaced during review: CLI-1904 (global choice-flag telemetry gap, unrelated) and CLI-1905 (bare `DB_PASSWORD` has the same bug class as this PR's F2, in a set of files this PR doesn't touch). Docs-only change; no `.ts` files touched. `pnpm check:all` passes.
…5715) Ports the `db push`, `db reset`, and `db start` commands of the legacy CLI shell from Go-binary proxies to native TypeScript (CLI-1325), and introduces a hidden Go seam for the container-bootstrap primitives that aren't ported. ## What changed **`db push`** — fully native: pending-migration reconciliation, seed-file ops with `seed_files` hash tracking, `[db.vault]` upsert, `--include-roles`/`--include-seed`/`--dry-run`, against local / linked / `--db-url`. **`db reset`** — native on both legs: - Remote (`--linked` / remote `--db-url`): drop user schemas → vault upsert → migrate + seed, `--version`/`--last`, and the Go-parity `--sql-paths` seed override (merged from develop, mutually exclusive with `--no-seed`). - Local (`--local` / local `--db-url`): running check, `Resetting local database…`, container recreate + migrate + seed via the seam, storage-gated bucket seeding (reuses the ported `seed buckets` core), and the `Finished … on branch <branch>.` line. - Only the niche `--experimental` remote schema-files path still delegates to the Go binary. **`db start`** — native: config validation, the `AssertSupabaseDbIsRunning` check (prints Go's "already running" line), else container bootstrap via the seam. No status table and no `cli_stack_started` — those belong to the top-level `supabase start`, not `db start`. **Hidden Go seam (`db __db-bootstrap`)** — mirrors the existing `db __shadow` seam. Exposes the un-ported container primitives (`StartDatabase` + `DockerRemoveAll` cleanup, the PG14/PG15 reset recreate, the storage health gate) behind `--mode {start|recreate|await-storage}`. The TS side orchestrates everything else (messages, version resolution, bucket seeding, the git-branch line, telemetry, `--output-format` shaping); the seam runs with telemetry disabled and stderr inherited, like `__shadow`. **Config loading (review follow-ups)** — `db push` / `db reset` / `db start` load `config.toml` through the legacy Go-parity reader (`legacyCheckDbToml`, Go's `flags.LoadConfig` → `config.Load` + `Validate`) rather than `@supabase/config`, so their config semantics match the Go CLI exactly: - Go-style env-reference booleans (e.g. `[db.seed] enabled = "env(SEED_ENABLED)"`) load like Go (env-expand → `strconv.ParseBool`) instead of failing with a parse error. - a matched `[remotes.<ref>]` block's `db.migrations.enabled` / `db.seed.enabled` beats the `SUPABASE_DB_*_ENABLED` env var (Go's `v.Set` override tier sits above AutomaticEnv), closing the last remote-vs-env precedence gap. - `encrypted:` `[db.vault]` secrets are decrypted at config-load time with the shell **and** project-`.env` `DOTENV_PRIVATE_KEY*` keys and fail fast (before any connect / schema drop) on an undecryptable value, matching Go's `DecryptSecretHookFunc`. - seed `sql_paths` (config and `--sql-paths`) resolve once to Go's config-load form; `db start` validates config before the already-running check. Malformed config now surfaces the reader's Go message (`failed to load config`), consistent with `db diff` / `dump` / `pull` / `migration`. ## Why `db start` / `db reset --local` need container lifecycle (create/recreate, image pull, health checks, init schema, service restarts) that is impractical to reimplement in TS. The seam keeps that lifecycle in Go while moving orchestration, output parity, telemetry, and `--output-format` handling to native TS — matching the approach already used for `db diff` / `db pull`. ## Reviewer notes - The seam is the only `db reset`/`db start` boundary the in-process integration suites mock; it's covered end-to-end by the cli-e2e live suite (`db-reset-start.live.e2e.test.ts`, run via `pnpm --filter @supabase/cli-e2e test:e2e:live`), which exercises the local leg against a real Docker socket and the remote `db reset` leg against the staging session pooler. Both `describe`s skip the `ts-next` target (the next shell has no `db` group). - `db reset --local` recreate forwards `--no-seed` / `--sql-paths` to the seam, which applies them via the same `applyDbResetSeedFlags` helper `db reset` uses, so seed handling stays identical across local and remote. - The bundled `supabase-go` binary must be rebuilt (`pnpm build:go-sidecar` copies it into `dist/`) since the seam adds the `db __db-bootstrap` command. - `docs/go-cli-porting-status.md` flips `db push` / `db reset` / `db start` to `ported`; each command's `SIDE_EFFECTS.md` documents the files, subprocesses, DB mutations, env vars, and exit codes. 🤖 Generated with [Claude Code](https://claude.com/claude-code) --------- Co-authored-by: Claude <noreply@anthropic.com>
…rity) (#5797) ## What kind of change does this PR introduce? Bug fix (Go parity). ## What is the current behavior? `supabase functions deploy --jobs` diverges from the Go CLI in two related ways: 1. The `--jobs` guard only errored when local bundling (Docker/legacy-bundle) was active, so `--use-docker=false --jobs 2` (no `--use-api`) silently passed in TS while Go rejects it. The error text also differed from Go's wording. 2. `useLocalBundler` decided Docker-vs-API routing based on whether `--use-api` was *typed* on the command line (`explicitUseApi`), not its *resolved* value — so `--use-api=false` alone silently forced the API bundler instead of falling through to Docker, contrary to Go's `if useApi { useDocker = false }` (which only fires when the resolved value is true). Go's only guard (`apps/cli-go/cmd/functions.go:79-82`) is: ```go if useApi { useDocker = false } else if maxJobs > 1 { return errors.New("--jobs must be used together with --use-api") } ``` ## What is the new behavior? - `--jobs > 1` is now rejected whenever `--use-api`'s resolved value is `false`, regardless of `--use-docker`/`--legacy-bundle`, with the exact Go error text: `--jobs must be used together with --use-api`. - Bundler routing (`useLocalBundler`) now keys off the same resolved `flags.useApi` value, so `--use-api=false` alone falls through to Docker/legacy-bundle instead of silently switching to the API path. - Both fixes land in the shared `deployFunctions()` used by both the `legacy` and `next` shells, with regression coverage added in both. Fixes CLI-1861.
…mFlag parity) (#5810) ## What kind of change does this PR introduce? Bug fix (Go CLI parity). ## What is the current behavior? Go's telemetry (`cmd/root_analytics.go:110-116`, `isEnumFlag`) unconditionally treats any enum/choice flag as telemetry-safe — the value is sent verbatim to PostHog, no per-flag opt-in required. The TS legacy port's `withLegacyCommandInstrumentation` only exempted booleans and explicit `safeFlags` entries, so every `Flag.choice` value was silently redacted to `<redacted>` unless someone remembered to hand-list it — which had already happened inconsistently across the 14 commands using `Flag.choice`. `gen signing-key`'s `algorithm` and `gen types`'s `lang`/`swift-access-control` had no exemption at all; several other commands had partial coverage via ad-hoc `safeFlags`. ## What is the new behavior? - `withLegacyCommandInstrumentation` now accepts a `config` option (the command's own flag config record, the same object passed to `Command.make`). Any flag built with `Flag.choice`/`Flag.choiceWithValue` is auto-detected and treated as telemetry-safe, covering every current and future enum flag on that command without hand-maintaining a `safeFlags` list. - The detection unwraps `Map`/`Transform`/`Optional`/`Variadic` wrapper params down to the underlying `Single` the same way `--help` rendering does internally, reimplemented using only type-visible public `effect` API (the library's own internal helpers for this exact purpose exist in the compiled JS but are absent from the published `.d.ts`, so calling them directly isn't possible without an `as` cast). - Wired `config` into all 14 commands with choice flags. Removed 3 files' now-redundant hand-listed `safeFlags` entries where every listed name was already choice-typed. - Filed CLI-1904 to track a related, pre-existing, out-of-scope gap: global/root flags (`--output`, `--dns-resolver`, `--agent`) aren't wired into any command's `config`, so they're not covered by this fix even though Go's equivalents are also `EnumFlag`. Fixes CLI-1866
This PR was automatically created to sync the generated `@supabase/api` package with the latest Management API OpenAPI document. Changes were detected in the upstream OpenAPI document exposed by `https://api.supabase.com/api/v1-json`. Co-authored-by: jgoux <1443499+jgoux@users.noreply.github.com>
…ploy/download (#5804) ## What kind of change does this PR introduce? Bug fix (Go-parity divergence). ## What is the current behavior? Go's cobra emits a fixed template for `MarkFlagsMutuallyExclusive` violations (`flag_groups.go:204`): the full group in registration order, plus the subset of flags actually set, sorted alphabetically. `functions deploy`/`functions download` emitted a custom TS string instead ("flags --use-api, --use-docker are mutually exclusive"), diverging on wording and dash usage. `download`'s check also branched on flag *truthiness* rather than whether the flag was explicitly *changed* on the command line, so `--use-api --use-docker=false` was silently allowed even though cobra's real `pflag.Changed` semantics reject it. ## What is the new behavior? Both commands now emit cobra's exact error text (verified byte-for-byte against the real compiled Go binary), and `download`'s mutex check now detects "explicitly changed" the same way `deploy`'s already did, closing the `--use-docker=false` gap. While fixing this, found the same cobra-template string duplicated in two other places during a review pass — `db dump` (own inline copy of the message format) and `gen types` (its own private `hasExplicitLongFlag` plus a *second* copy of the message template that had a real, independently-verified bug: it joined the violating-flag set in check order instead of sorting it, so `gen types --local --linked` printed `[local linked]` while the actual Go binary prints `[linked local]`). Hoisted the two generic helpers to `shared/cli/cobra-flag-groups.ts` and pointed all three call sites at them, fixing the `gen types` sort-order bug as a direct consequence. Filed two follow-ups discovered during review: CLI-1902 (`sso update`'s `--domains`/`--add-domains`/`--remove-domains` mutex has the same class of bug, different flag family, out of scope here) and CLI-1903 (`next/` inherits the same byte-exact cobra text via the shared validator, even though it isn't bound by the Go-parity contract — worth a friendlier message there, but that's additive UX work, not a parity fix). Reviewed via a 4-way parallel pass (architect/engineer/security/DX), all approved. Architect's finding (the two generic helpers were hoisted into a functions-specific file despite having zero functions-domain logic, evidenced by the two duplicate implementations above) is what prompted the `shared/cli/` relocation and dedup in this PR.
…t ref (#5802) ## What kind of change does this PR introduce? Bug fix (Go-parity divergence). ## What is the current behavior? On a malformed linked project ref, Go's `services` command validates the ref (`flags.LoadProjectRef`) but only warns to stderr on failure and still proceeds to call the remote tenant lookup with the bad ref (`cmd/services.go`, `internal/services/services.go:61-62`). The TypeScript port silently skipped the remote lookup on a malformed ref with no warning at all, and `services/SIDE_EFFECTS.md` mis-attributed that silent skip to Go. Fixes CLI-1872. ## What is the new behavior? TS now prints the same warning Go would print (`Invalid project ref format. Must be like \`abcdefghijklmnopqrst\`.`, reusing the constant already exported from `legacy-project-ref.service.ts`), matching Go's stderr ordering. Unlike Go, TS deliberately does **not** then proceed with the malformed ref — the ref gets embedded unescaped into the tenant gateway hostname in `fetchLinkedServiceVersions`, so proceeding would let a malformed/tampered ref redirect the service-role key to an attacker-controlled host. This is an intentional, documented TS-only divergence (SSRF hardening), not a parity bug — see the updated `SIDE_EFFECTS.md` and the new "Behavioral divergences" section in `docs/go-cli-porting-status.md`. Reviewed via a 4-way parallel pass (architect/engineer/security/DX); security and engineer approved outright, architect approved after closing a branch-coverage gap on the exact code this PR restructured, and DX surfaced that the identical Go idiom (`flags.LoadProjectRef`'s warn-and-continue) is also unhandled in `projects list` and a few `resolveOptional` callers — filed as CLI-1900 for its own dedicated audit, since each caller needs independent verification against its Go counterpart rather than a blanket fix.
…#5793) ## Current Behavior Go defaults `--use-docker` to `true` on `functions download` (`cmd/functions.go:181`); the TS port omitted the default, so it resolved to `false`. This flipped the default download path (native HTTP vs. Docker-proxied) whenever no flags were passed, and once fixed naively, the mutex check between `--use-api`/`--use-docker`/`--legacy-bundle` (truthiness-based) would start misfiring on the new default-true value, and `--use-api` alone would keep routing to Docker instead of overriding it the way Go's `if useApi { useDocker = false }` does. ## Expected Behavior - `useDocker` now defaults to `true` via `Flag.withDefault(true)`, matching Go. - The mutex check (`validateDownloadFlags`) now scans raw argv for explicit flag presence (`hasExplicitLongFlag`, hoisted out of `deploy.ts` into the shared `functions.shared.ts` family root, since it's now used by two commands) instead of checking parsed boolean truthiness — mirroring Go's `pflag.Changed`-based `MarkFlagsMutuallyExclusive`. - `downloadFunctions` gates the Docker/legacy-bundle proxy branch on `!flags.useApi`, mirroring Go's value-based `if useApi { useDocker = false }` override (`cmd/functions.go:51-53`) — not presence, so `--use-api=false` still proxies to Docker like an unpassed `--use-api` would. - The Go-proxy arg builder (`makeGoProxyDownloadArgs`) now forwards at most one of `--use-docker`/`--legacy-bundle` — previously it could forward both once `useDocker` defaults true, which the Go binary's own mutex check would then reject. - Slug validation now runs unconditionally, before the proxy-dispatch branch, so a malformed/traversal-shaped function name is rejected before ever reaching the Go proxy's argv. - The delegated Go call now runs with `SUPABASE_TELEMETRY_DISABLED=1` (mirrors `db pull`/`db diff`'s delegated-call pattern), and in `--output-format json|stream-json` its stdout is captured/discarded via `execCapture` instead of inherited, with `downloadFunctions` emitting the `Output` envelope itself — the Docker/legacy-bundle proxy branch is now safe as the default path for both telemetry accuracy and machine-output correctness (CLI-1546), not just opt-in flags. - `rawArgs` is threaded through `DownloadFunctionsDependencies` from the `Stdio.Stdio` service in both the legacy and next shell handlers (the shared `downloadFunctions` helper is used by both); `next`'s own `--use-docker` default is intentionally left unchanged — this is a legacy/Go-parity-only fix. ## Known follow-ups (not fixed here) - Go's own server-side unbundle extractor (`saveFile` in `apps/cli-go/internal/functions/download/download.go`) lacks the path-containment checks the native TS downloader already has — pre-existing Go CLI behavior, now reachable by default rather than via opt-in flags. Tracked as CLI-1891. - `hasExplicitLongFlag` detects flag token presence, not resolved value, so `--use-docker=false` isn't treated as disabling Docker in the mutex check. Pre-existing pattern shared with `deploy.ts`. Closes CLI-1862
… (Go parity) (#5809) ## What kind of change does this PR introduce? Bug fix (Go CLI parity). ## What is the current behavior? Go marks `--project-ref` telemetry-safe on all four `functions` leaf commands (`cmd/functions.go:151,153,165,178`) — `list`, `delete`, `deploy`, `download` — so the flag value is recorded verbatim in the `cli_command_executed` PostHog event instead of being redacted. The TS legacy port only did this for `list` and `deploy`. `functions delete` and `functions download` were both redacting `--project-ref`, diverging from Go and from their own sibling commands. ## What is the new behavior? - Added `safeFlags` for `--project-ref` to `functions delete` and `functions download`, matching `list`/`deploy` and Go. - Hoisted the `["project-ref"]` safe-flags list into a shared `FUNCTIONS_PROJECT_REF_SAFE_FLAGS` constant in `shared/functions/functions.shared.ts`, now referenced by all four commands instead of being duplicated inline. - Exported each command's composed handler (`legacyFunctionsDeleteHandler`, `legacyFunctionsDownloadHandler`) so integration tests can drive the exact effect `Command.withHandler` wires up, rather than re-testing the generic instrumentation wrapper in isolation. - Corrected stale/missing rows in `delete`/`download`'s `SIDE_EFFECTS.md` (missing `Files Written`/`Files Read`/`Environment Variables` rows, a stale `SUPABASE_API_URL` claim, and a new `Telemetry Events Fired` section), reconciled against `list`'s already-accurate doc. Fixes CLI-1864
…5796) ## Current Behavior Go's `secrets set` (`internal/secrets/set/set.go:20-24`) swallows a malformed `supabase/config.toml` parse error to the debug logger and proceeds with empty `EdgeRuntime.Secrets` — env-file and positional-arg secrets still apply. `secrets set` has no `--linked`/`--local`/`--db-url` flag, so the root PreRun never loads the config first either; this is the only load. The TS port instead let the parse error propagate as a fatal `LegacySecretsConfigParseError`, aborting the whole command even when the user only wanted to set a secret via CLI arg or env-file. ## Expected Behavior - Catches `ProjectConfigParseError`, logs it to the debug logger, and continues with no config-declared secrets, matching Go. - The logged message is truncated before any blank-line-separated source snippet: `smol-toml`'s `TomlError` (and some schema-decode errors) embed a codeblock of the surrounding file lines in their message, which for this file's `[edge_runtime.secrets]` section can include literal secret values. Go's equivalent log line (`DecodeError.Error()`) is a short, content-free message — its verbose `.String()` with the snippet is never called by `set.go`. Truncating avoids echoing a user's own secret value into `--debug` output next to an unrelated syntax error. - Deletes the now-unused `LegacySecretsConfigParseError` (no remaining references). - Threads `LegacyDebugLogger` into the shared `legacyManagementApiRuntimeLayer` (used by many legacy commands) since the layer was already building the same instance internally for `cliConfig`/`httpClient`/`credentials` but never exposed it at the top level — the file's own doc comment describes this as the sanctioned way to add a new commonly-needed top-level service. Fixes CLI-1867
…oggle consent (#5798) ## What kind of change does this PR introduce? Bug fix (Go parity). ## What is the current behavior? Go's `cli_command_executed` telemetry event is gated on a consent snapshot read once at process start (`PersistentPreRunE`, `apps/cli-go/cmd/root.go:131-138`), before a command's own handler runs, and fired after the handler completes (`:171-181`) based on that snapshot — not on any value the handler itself just wrote. This applies uniformly to every command, including `telemetry enable`/`disable` themselves. The TS legacy port instead unconditionally suppressed this event for both `telemetry enable` and `telemetry disable` via `analytics: false`, so neither command ever fired it, regardless of prior telemetry state. ## What is the new behavior? `analytics: false` is removed from both commands. The existing `legacyAnalyticsLayer`/`telemetryRuntimeLayer` machinery already reads consent from disk once, at Effect layer-construction time — before either handler mutates `telemetry.json` — so this reproduces Go's snapshot semantics without any new bespoke logic: - Running `disable` while telemetry is enabled fires the event one last time (using the pre-toggle, still-enabled snapshot); running it while already disabled stays silent. - Running `enable` while telemetry is already enabled (a redundant/idempotent invocation) fires the event; the common case (enabling from disabled) stays silent. This is intentionally broader than the original report's "disable only" framing — tracing Go's actual gate (`internal/telemetry/service.go`'s `canSend()`) showed it's symmetric and state-based, not command-based, so scoping the fix to `disable` alone would have left a real (if narrow) parity gap for the redundant-`enable` case. Also documents a previously-unmentioned side effect: when the event fires, the command now waits (bounded, ~5s) for a PostHog flush attempt before exiting, since the analytics client's shutdown is a finalizer around the whole command run. Closes CLI-1868
…#5821) Bumps the go-minor group with 1 update in the /apps/cli-go directory: [google.golang.org/grpc](https://github.com/grpc/grpc-go). Bumps the go-minor group with 1 update in the /apps/cli-go/pkg directory: [google.golang.org/grpc](https://github.com/grpc/grpc-go). Updates `google.golang.org/grpc` from 1.81.1 to 1.82.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/grpc/grpc-go/releases">google.golang.org/grpc's releases</a>.</em></p> <blockquote> <h2>Release 1.82.0</h2> <h1>Behavior Changes</h1> <ul> <li>server: Remove support for <code>GRPC_GO_EXPERIMENTAL_DISABLE_STRICT_PATH_CHECKING</code> environment varibale. Strict incoming RPC path validation (which has been the default since <code>v1.79.3</code>) can no longer be disabled. (<a href="https://redirect.github.com/grpc/grpc-go/issues/9112">#9112</a>)</li> <li>transport: Add environment variable to change the default max header list size from <code>16MB</code> to <code>8KB</code>. This may be enabled by setting <code>GRPC_GO_EXPERIMENTAL_ENABLE_8KB_DEFAULT_HEADER_LIST_SIZE=true</code>. This will be enabled by default in a subsequent release. (<a href="https://redirect.github.com/grpc/grpc-go/issues/9019">#9019</a>)</li> <li>balancer: Load Balancing policy registry is now case-sensitive. Set <code>GRPC_GO_EXPERIMENTAL_CASE_SENSITIVE_BALANCER_REGISTRIES=false</code> (and file an issue) to revert to case-insensitive behavior. (<a href="https://redirect.github.com/grpc/grpc-go/issues/9017">#9017</a>)</li> </ul> <h1>New Features</h1> <ul> <li>experimental/stats: Expose a new API, <code>NewContextWithLabelCallback</code>, to register a callback that is invoked when telemetry labels are added. (<a href="https://redirect.github.com/grpc/grpc-go/issues/8877">#8877</a>) <ul> <li>Special Thanks: <a href="https://github.com/seth-epps"><code>@seth-epps</code></a></li> </ul> </li> <li>client: Return a portion of the response body in the error message, when the client receives an unexpected non-gRPC HTTP response, to make debugging easier. (<a href="https://redirect.github.com/grpc/grpc-go/issues/8929">#8929</a>) <ul> <li>Special Thanks: <a href="https://github.com/chengxilo"><code>@chengxilo</code></a></li> </ul> </li> <li>server: Add environment variable <code>GRPC_GO_SERVER_GOROUTINE_LABELS</code> that controls setting <code>runtime/pprof.Labels</code> on goroutines spawned by the server. Set <code>GRPC_GO_SERVER_GOROUTINE_LABELS=grpc.method=true</code> to add the <code>grpc.method</code> label on goroutines spawned to handle incoming requests. (<a href="https://redirect.github.com/grpc/grpc-go/issues/9082">#9082</a>) <ul> <li>Special Thanks: <a href="https://github.com/dfinkel"><code>@dfinkel</code></a></li> </ul> </li> </ul> <h1>Bug Fixes</h1> <ul> <li>xds/server: Fix a memory leak of HTTP filter instances occurring when route configurations are updated in-place during a Route Discovery Service (RDS) update. (<a href="https://redirect.github.com/grpc/grpc-go/issues/9138">#9138</a>)</li> <li>grpc: In the deprecated <code>gzip</code> Compressor (used via the deprecated <code>WithCompressor</code> dial option), enforce the <code>MaxRecvMsgSize</code> limit on the decompressed message buffer, preventing excessive memory allocation from highly compressed payloads. (<a href="https://redirect.github.com/grpc/grpc-go/issues/9114">#9114</a>) <ul> <li>Special Thanks: <a href="https://github.com/evilgensec"><code>@evilgensec</code></a></li> </ul> </li> <li>stats/opentelemetry: Record retry attempts, <code>grpc.previous-rpc-attempts</code>, at the call level and not the attempt level. (<a href="https://redirect.github.com/grpc/grpc-go/issues/8923">#8923</a>)</li> <li>encoding: Ensure <code>Close()</code> is always called on readers returned from <code>Compressor.Decompress</code> if possible. (<a href="https://redirect.github.com/grpc/grpc-go/issues/9135">#9135</a>)</li> <li>channelz: Fix the <code>LastMessageSentTimestamp</code> and <code>LastMessageReceivedTimestamp</code> fields in <code>SocketMetrics</code> to ensure they contain correct timestamp values. (<a href="https://redirect.github.com/grpc/grpc-go/issues/9109">#9109</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/grpc/grpc-go/commit/bd239854f0ab7f1ee63457d47f7c1d2675e1f736"><code>bd23985</code></a> Change version to 1.82.0 (<a href="https://redirect.github.com/grpc/grpc-go/issues/9170">#9170</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/0f3086db7a755b6af83a90809471dd7f645b345a"><code>0f3086d</code></a> Fix minor issues not covered by PR <a href="https://redirect.github.com/grpc/grpc-go/issues/9137">#9137</a> (<a href="https://redirect.github.com/grpc/grpc-go/issues/9147">#9147</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/fef07fbb2b94b668e8daca1f6b70433dcd36c1c8"><code>fef07fb</code></a> internal: Split v3procservicepb import into pb and grpc for extproc (<a href="https://redirect.github.com/grpc/grpc-go/issues/9163">#9163</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/91dd64f4b83cb5134e279d1126ebb1ccf47d4d31"><code>91dd64f</code></a> transport: surface subsequent data when receiving non-gRPC header (<a href="https://redirect.github.com/grpc/grpc-go/issues/8929">#8929</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/adc97de9521a9f377dab5e911039842dc4de23e5"><code>adc97de</code></a> test/kokoro: add config for regional-td test (<a href="https://redirect.github.com/grpc/grpc-go/issues/9158">#9158</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/57c9ff14e05b535ee6995ba49bc882b287a175de"><code>57c9ff1</code></a> xds: ensure full-string matching for RBAC Filter rules (<a href="https://redirect.github.com/grpc/grpc-go/issues/9148">#9148</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/b58f32d9ff07c612d64e677bd826bcbec88af9bd"><code>b58f32d</code></a> server: Set a pprof label on new stream goroutines (<a href="https://redirect.github.com/grpc/grpc-go/issues/9082">#9082</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/6c98be31ce0aec1592b783b0edb16916eb5acd89"><code>6c98be3</code></a> refactor(transport): extract shared stream state handling logic in `loopyWrit...</li> <li><a href="https://github.com/grpc/grpc-go/commit/bcaa6f4df4546c86e12ef3e95852c7baf7a08d67"><code>bcaa6f4</code></a> rls: only reset backoff on recovery from TRANSIENT_FAILURE (<a href="https://redirect.github.com/grpc/grpc-go/issues/9137">#9137</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/429e6e06363a01f0dd9f9b6b9cf0c0e6617cda12"><code>429e6e0</code></a> balancer: expose endpoint weight and hostname as experimental APIs (<a href="https://redirect.github.com/grpc/grpc-go/issues/9074">#9074</a>)</li> <li>Additional commits viewable in <a href="https://github.com/grpc/grpc-go/compare/v1.81.1...v1.82.0">compare view</a></li> </ul> </details> <br /> Updates `google.golang.org/grpc` from 1.81.1 to 1.82.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/grpc/grpc-go/releases">google.golang.org/grpc's releases</a>.</em></p> <blockquote> <h2>Release 1.82.0</h2> <h1>Behavior Changes</h1> <ul> <li>server: Remove support for <code>GRPC_GO_EXPERIMENTAL_DISABLE_STRICT_PATH_CHECKING</code> environment varibale. Strict incoming RPC path validation (which has been the default since <code>v1.79.3</code>) can no longer be disabled. (<a href="https://redirect.github.com/grpc/grpc-go/issues/9112">#9112</a>)</li> <li>transport: Add environment variable to change the default max header list size from <code>16MB</code> to <code>8KB</code>. This may be enabled by setting <code>GRPC_GO_EXPERIMENTAL_ENABLE_8KB_DEFAULT_HEADER_LIST_SIZE=true</code>. This will be enabled by default in a subsequent release. (<a href="https://redirect.github.com/grpc/grpc-go/issues/9019">#9019</a>)</li> <li>balancer: Load Balancing policy registry is now case-sensitive. Set <code>GRPC_GO_EXPERIMENTAL_CASE_SENSITIVE_BALANCER_REGISTRIES=false</code> (and file an issue) to revert to case-insensitive behavior. (<a href="https://redirect.github.com/grpc/grpc-go/issues/9017">#9017</a>)</li> </ul> <h1>New Features</h1> <ul> <li>experimental/stats: Expose a new API, <code>NewContextWithLabelCallback</code>, to register a callback that is invoked when telemetry labels are added. (<a href="https://redirect.github.com/grpc/grpc-go/issues/8877">#8877</a>) <ul> <li>Special Thanks: <a href="https://github.com/seth-epps"><code>@seth-epps</code></a></li> </ul> </li> <li>client: Return a portion of the response body in the error message, when the client receives an unexpected non-gRPC HTTP response, to make debugging easier. (<a href="https://redirect.github.com/grpc/grpc-go/issues/8929">#8929</a>) <ul> <li>Special Thanks: <a href="https://github.com/chengxilo"><code>@chengxilo</code></a></li> </ul> </li> <li>server: Add environment variable <code>GRPC_GO_SERVER_GOROUTINE_LABELS</code> that controls setting <code>runtime/pprof.Labels</code> on goroutines spawned by the server. Set <code>GRPC_GO_SERVER_GOROUTINE_LABELS=grpc.method=true</code> to add the <code>grpc.method</code> label on goroutines spawned to handle incoming requests. (<a href="https://redirect.github.com/grpc/grpc-go/issues/9082">#9082</a>) <ul> <li>Special Thanks: <a href="https://github.com/dfinkel"><code>@dfinkel</code></a></li> </ul> </li> </ul> <h1>Bug Fixes</h1> <ul> <li>xds/server: Fix a memory leak of HTTP filter instances occurring when route configurations are updated in-place during a Route Discovery Service (RDS) update. (<a href="https://redirect.github.com/grpc/grpc-go/issues/9138">#9138</a>)</li> <li>grpc: In the deprecated <code>gzip</code> Compressor (used via the deprecated <code>WithCompressor</code> dial option), enforce the <code>MaxRecvMsgSize</code> limit on the decompressed message buffer, preventing excessive memory allocation from highly compressed payloads. (<a href="https://redirect.github.com/grpc/grpc-go/issues/9114">#9114</a>) <ul> <li>Special Thanks: <a href="https://github.com/evilgensec"><code>@evilgensec</code></a></li> </ul> </li> <li>stats/opentelemetry: Record retry attempts, <code>grpc.previous-rpc-attempts</code>, at the call level and not the attempt level. (<a href="https://redirect.github.com/grpc/grpc-go/issues/8923">#8923</a>)</li> <li>encoding: Ensure <code>Close()</code> is always called on readers returned from <code>Compressor.Decompress</code> if possible. (<a href="https://redirect.github.com/grpc/grpc-go/issues/9135">#9135</a>)</li> <li>channelz: Fix the <code>LastMessageSentTimestamp</code> and <code>LastMessageReceivedTimestamp</code> fields in <code>SocketMetrics</code> to ensure they contain correct timestamp values. (<a href="https://redirect.github.com/grpc/grpc-go/issues/9109">#9109</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/grpc/grpc-go/commit/bd239854f0ab7f1ee63457d47f7c1d2675e1f736"><code>bd23985</code></a> Change version to 1.82.0 (<a href="https://redirect.github.com/grpc/grpc-go/issues/9170">#9170</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/0f3086db7a755b6af83a90809471dd7f645b345a"><code>0f3086d</code></a> Fix minor issues not covered by PR <a href="https://redirect.github.com/grpc/grpc-go/issues/9137">#9137</a> (<a href="https://redirect.github.com/grpc/grpc-go/issues/9147">#9147</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/fef07fbb2b94b668e8daca1f6b70433dcd36c1c8"><code>fef07fb</code></a> internal: Split v3procservicepb import into pb and grpc for extproc (<a href="https://redirect.github.com/grpc/grpc-go/issues/9163">#9163</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/91dd64f4b83cb5134e279d1126ebb1ccf47d4d31"><code>91dd64f</code></a> transport: surface subsequent data when receiving non-gRPC header (<a href="https://redirect.github.com/grpc/grpc-go/issues/8929">#8929</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/adc97de9521a9f377dab5e911039842dc4de23e5"><code>adc97de</code></a> test/kokoro: add config for regional-td test (<a href="https://redirect.github.com/grpc/grpc-go/issues/9158">#9158</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/57c9ff14e05b535ee6995ba49bc882b287a175de"><code>57c9ff1</code></a> xds: ensure full-string matching for RBAC Filter rules (<a href="https://redirect.github.com/grpc/grpc-go/issues/9148">#9148</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/b58f32d9ff07c612d64e677bd826bcbec88af9bd"><code>b58f32d</code></a> server: Set a pprof label on new stream goroutines (<a href="https://redirect.github.com/grpc/grpc-go/issues/9082">#9082</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/6c98be31ce0aec1592b783b0edb16916eb5acd89"><code>6c98be3</code></a> refactor(transport): extract shared stream state handling logic in `loopyWrit...</li> <li><a href="https://github.com/grpc/grpc-go/commit/bcaa6f4df4546c86e12ef3e95852c7baf7a08d67"><code>bcaa6f4</code></a> rls: only reset backoff on recovery from TRANSIENT_FAILURE (<a href="https://redirect.github.com/grpc/grpc-go/issues/9137">#9137</a>)</li> <li><a href="https://github.com/grpc/grpc-go/commit/429e6e06363a01f0dd9f9b6b9cf0c0e6617cda12"><code>429e6e0</code></a> balancer: expose endpoint weight and hostname as experimental APIs (<a href="https://redirect.github.com/grpc/grpc-go/issues/9074">#9074</a>)</li> <li>Additional commits viewable in <a href="https://github.com/grpc/grpc-go/compare/v1.81.1...v1.82.0">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the actions-major group with 2 updates: [docker/build-push-action](https://github.com/docker/build-push-action) and [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action). Updates `docker/build-push-action` from 7.2.0 to 7.3.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/build-push-action/releases">docker/build-push-action's releases</a>.</em></p> <blockquote> <h2>v7.3.0</h2> <ul> <li>Preserve names in esbuild bundle by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/build-push-action/pull/1567">docker/build-push-action#1567</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.90.0 to 0.92.0 in <a href="https://redirect.github.com/docker/build-push-action/pull/1545">docker/build-push-action#1545</a> <a href="https://redirect.github.com/docker/build-push-action/pull/1572">docker/build-push-action#1572</a></li> <li>Bump <code>@sigstore/core</code> from 3.1.0 to 3.2.1 in <a href="https://redirect.github.com/docker/build-push-action/pull/1568">docker/build-push-action#1568</a></li> <li>Bump js-yaml from 4.1.1 to 4.3.0 in <a href="https://redirect.github.com/docker/build-push-action/pull/1566">docker/build-push-action#1566</a></li> <li>Bump tmp from 0.2.5 to 0.2.7 in <a href="https://redirect.github.com/docker/build-push-action/pull/1547">docker/build-push-action#1547</a></li> <li>Bump undici from 6.24.1 to 6.27.0 in <a href="https://redirect.github.com/docker/build-push-action/pull/1564">docker/build-push-action#1564</a></li> <li>Bump vite from 7.3.2 to 7.3.6 in <a href="https://redirect.github.com/docker/build-push-action/pull/1563">docker/build-push-action#1563</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/build-push-action/compare/v7.2.0...v7.3.0">https://github.com/docker/build-push-action/compare/v7.2.0...v7.3.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/docker/build-push-action/commit/53b7df96c91f9c12dcc8a07bcb9ccacbed38856a"><code>53b7df9</code></a> Merge pull request <a href="https://redirect.github.com/docker/build-push-action/issues/1572">#1572</a> from docker/dependabot/npm_and_yarn/docker/actions-t...</li> <li><a href="https://github.com/docker/build-push-action/commit/154298c1ca89be1c0e019084f0611ddca621aafc"><code>154298c</code></a> [dependabot skip] chore: update generated content</li> <li><a href="https://github.com/docker/build-push-action/commit/cb1238b9c9eb453d106b4e4142a5bd9cde710040"><code>cb1238b</code></a> chore(deps): Bump <code>@docker/actions-toolkit</code> from 0.91.0 to 0.92.0</li> <li><a href="https://github.com/docker/build-push-action/commit/24f845d5cbe75d2d350a984fd0e18cb7a3f29c1c"><code>24f845d</code></a> Merge pull request <a href="https://redirect.github.com/docker/build-push-action/issues/1566">#1566</a> from docker/dependabot/npm_and_yarn/js-yaml-4.2.0</li> <li><a href="https://github.com/docker/build-push-action/commit/9c6973007b52c322651c38915d5e8824cea95c50"><code>9c69730</code></a> [dependabot skip] chore: update generated content</li> <li><a href="https://github.com/docker/build-push-action/commit/bc3a3a5f72a6dca16c2c2468d1dfc55ee66d2193"><code>bc3a3a5</code></a> Merge pull request <a href="https://redirect.github.com/docker/build-push-action/issues/1574">#1574</a> from docker/dependabot/github_actions/aws-actions/co...</li> <li><a href="https://github.com/docker/build-push-action/commit/a82c504a2387bb8bedc50072f9c554ae2a7dab5d"><code>a82c504</code></a> chore(deps): Bump js-yaml from 4.1.1 to 4.3.0</li> <li><a href="https://github.com/docker/build-push-action/commit/0285a75190c039d6dac52b7711abcef3f5d8f6f6"><code>0285a75</code></a> Merge pull request <a href="https://redirect.github.com/docker/build-push-action/issues/1573">#1573</a> from docker/dependabot/github_actions/actions/cache-...</li> <li><a href="https://github.com/docker/build-push-action/commit/c6ad2a3f9644680619de938b97c8a10a87b2a88d"><code>c6ad2a3</code></a> Merge pull request <a href="https://redirect.github.com/docker/build-push-action/issues/1575">#1575</a> from docker/dependabot/github_actions/actions/checko...</li> <li><a href="https://github.com/docker/build-push-action/commit/d37484fb9737c5442a257e2f0ae5a8d756ed7d92"><code>d37484f</code></a> Merge pull request <a href="https://redirect.github.com/docker/build-push-action/issues/1564">#1564</a> from docker/dependabot/npm_and_yarn/undici-6.27.0</li> <li>Additional commits viewable in <a href="https://github.com/docker/build-push-action/compare/f9f3042f7e2789586610d6e8b85c8f03e5195baf...53b7df96c91f9c12dcc8a07bcb9ccacbed38856a">compare view</a></li> </ul> </details> <br /> Updates `docker/setup-qemu-action` from 4.1.0 to 4.2.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/setup-qemu-action/releases">docker/setup-qemu-action's releases</a>.</em></p> <blockquote> <h2>v4.2.0</h2> <ul> <li>Preserve names in esbuild bundle by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/setup-qemu-action/pull/311">docker/setup-qemu-action#311</a></li> <li>Bump <code>@actions/core</code> from 3.0.0 to 3.0.1 in <a href="https://redirect.github.com/docker/setup-qemu-action/pull/295">docker/setup-qemu-action#295</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.91.0 to 0.92.0 in <a href="https://redirect.github.com/docker/setup-qemu-action/pull/315">docker/setup-qemu-action#315</a></li> <li>Bump <code>@sigstore/core</code> from 3.1.0 to 3.2.1 in <a href="https://redirect.github.com/docker/setup-qemu-action/pull/312">docker/setup-qemu-action#312</a></li> <li>Bump js-yaml from 4.1.1 to 4.2.0 in <a href="https://redirect.github.com/docker/setup-qemu-action/pull/310">docker/setup-qemu-action#310</a></li> <li>Bump tmp from 0.2.6 to 0.2.7 in <a href="https://redirect.github.com/docker/setup-qemu-action/pull/304">docker/setup-qemu-action#304</a></li> <li>Bump undici from 6.26.0 to 6.27.0 in <a href="https://redirect.github.com/docker/setup-qemu-action/pull/308">docker/setup-qemu-action#308</a></li> <li>Bump vite from 7.3.2 to 7.3.6 in <a href="https://redirect.github.com/docker/setup-qemu-action/pull/307">docker/setup-qemu-action#307</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/setup-qemu-action/compare/v4.1.0...v4.2.0">https://github.com/docker/setup-qemu-action/compare/v4.1.0...v4.2.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/docker/setup-qemu-action/commit/96fe6ef7f33517b61c61be40b68a1882f3264fb8"><code>96fe6ef</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-qemu-action/issues/315">#315</a> from docker/dependabot/npm_and_yarn/docker/actions-to...</li> <li><a href="https://github.com/docker/setup-qemu-action/commit/31f08d3fc9186dbe4b4550696f2e32e9aa7f9465"><code>31f08d3</code></a> [dependabot skip] chore: update generated content</li> <li><a href="https://github.com/docker/setup-qemu-action/commit/4e7017a474d2cf3912bb0437f7fafec6d5fb6c52"><code>4e7017a</code></a> build(deps): bump <code>@docker/actions-toolkit</code> from 0.91.0 to 0.92.0</li> <li><a href="https://github.com/docker/setup-qemu-action/commit/0eca235293ca1939b58c082f69bdc981ccce8c94"><code>0eca235</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-qemu-action/issues/314">#314</a> from crazy-max/fix-yarn-preapprove-actions-toolkit</li> <li><a href="https://github.com/docker/setup-qemu-action/commit/ea66a4130b037e7961e14a0e5b155836e797cced"><code>ea66a41</code></a> chore: allow actions-toolkit to bypass yarn age gate</li> <li><a href="https://github.com/docker/setup-qemu-action/commit/451542b03ae7946b7082a398b11c8c315a0e4e80"><code>451542b</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-qemu-action/issues/308">#308</a> from docker/dependabot/npm_and_yarn/undici-6.27.0</li> <li><a href="https://github.com/docker/setup-qemu-action/commit/532ae0057542ec2102e2d19e9feccf85f1f69013"><code>532ae00</code></a> [dependabot skip] chore: update generated content</li> <li><a href="https://github.com/docker/setup-qemu-action/commit/b6f5af659afad3f9931b782668dee4595ae7e841"><code>b6f5af6</code></a> build(deps): bump undici from 6.26.0 to 6.27.0</li> <li><a href="https://github.com/docker/setup-qemu-action/commit/cf96b86294b57480ac6d330bd177fca87eac95bc"><code>cf96b86</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-qemu-action/issues/304">#304</a> from docker/dependabot/npm_and_yarn/tmp-0.2.7</li> <li><a href="https://github.com/docker/setup-qemu-action/commit/f0ba643f78dc96bc931fb83e5dadc39628e10047"><code>f0ba643</code></a> [dependabot skip] chore: update generated content</li> <li>Additional commits viewable in <a href="https://github.com/docker/setup-qemu-action/compare/06116385d9baf250c9f4dcb4858b16962ea869c3...96fe6ef7f33517b61c61be40b68a1882f3264fb8">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the npm-major group with 6 updates: | Package | From | To | | --- | --- | --- | | [@supabase/supabase-js](https://github.com/supabase/supabase-js/tree/HEAD/packages/core/supabase-js) | `2.108.2` | `2.110.0` | | [@anthropic-ai/claude-agent-sdk](https://github.com/anthropics/claude-agent-sdk-typescript) | `0.3.196` | `0.3.197` | | [@anthropic-ai/sdk](https://github.com/anthropics/anthropic-sdk-typescript) | `0.107.0` | `0.109.0` | | [posthog-node](https://github.com/PostHog/posthog-js/tree/HEAD/packages/node) | `5.38.8` | `5.39.1` | | [@typescript/native-preview](https://github.com/microsoft/typescript-go) | `7.0.0-dev.20260629.1` | `7.0.0-dev.20260630.1` | | [oxlint-tsgolint](https://github.com/oxc-project/tsgolint) | `0.23.0` | `0.24.0` | Updates `@supabase/supabase-js` from 2.108.2 to 2.110.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/supabase/supabase-js/releases">@supabase/supabase-js's releases</a>.</em></p> <blockquote> <h2>v2.110.0</h2> <h2>2.110.0 (2026-06-30)</h2> <h3>🚀 Features</h3> <ul> <li><strong>repo:</strong> drop Node.js 20 support (<a href="https://redirect.github.com/supabase/supabase-js/pull/2482">#2482</a>)</li> </ul> <h3>❤️ Thank You</h3> <ul> <li>Katerina Skroumpelou <a href="https://github.com/mandarini"><code>@mandarini</code></a></li> </ul> <h2>v2.110.0-canary.0</h2> <h2>2.110.0-canary.0 (2026-06-30)</h2> <h3>🚀 Features</h3> <ul> <li><strong>repo:</strong> drop Node.js 20 support (<a href="https://redirect.github.com/supabase/supabase-js/pull/2482">#2482</a>)</li> </ul> <h3>❤️ Thank You</h3> <ul> <li>Katerina Skroumpelou <a href="https://github.com/mandarini"><code>@mandarini</code></a></li> </ul> <h2>v2.109.0</h2> <h2>2.109.0 (2026-06-30)</h2> <h3>🚀 Features</h3> <ul> <li><strong>auth:</strong> add custom_claims_allowlist to custom providers admin API (<a href="https://redirect.github.com/supabase/supabase-js/pull/2473">#2473</a>)</li> <li><strong>realtime:</strong> add postgres_changes filter builder, new operators and select (<a href="https://redirect.github.com/supabase/supabase-js/pull/2463">#2463</a>)</li> <li><strong>storage:</strong> expose purgeCache for buckets and single objects (<a href="https://redirect.github.com/supabase/supabase-js/pull/2429">#2429</a>)</li> </ul> <h3>🩹 Fixes</h3> <ul> <li><strong>functions:</strong> honor a caller's Content-Type override regardless of casing (<a href="https://redirect.github.com/supabase/supabase-js/pull/2455">#2455</a>)</li> <li><strong>realtime:</strong> pin <code>@supabase/phoenix</code> and browser test CDN deps (<a href="https://redirect.github.com/supabase/supabase-js/pull/2457">#2457</a>)</li> <li><strong>realtime:</strong> add replication connection system message option (<a href="https://redirect.github.com/supabase/supabase-js/pull/2470">#2470</a>)</li> <li><strong>storage:</strong> keep sortBy defaults when list() is given a partial sortBy (<a href="https://redirect.github.com/supabase/supabase-js/pull/2454">#2454</a>)</li> </ul> <h3>❤️ Thank You</h3> <ul> <li>Anubhav Anand <a href="https://github.com/i-anubhav-anand"><code>@i-anubhav-anand</code></a></li> <li>Cemal Kılıç <a href="https://github.com/cemalkilic"><code>@cemalkilic</code></a></li> <li>Claude Opus 4.8 (1M context)</li> <li>Filipe Cabaço <a href="https://github.com/filipecabaco"><code>@filipecabaco</code></a></li> <li>Katerina Skroumpelou <a href="https://github.com/mandarini"><code>@mandarini</code></a></li> <li>Lenny</li> <li>Rodrigo Mansueli <a href="https://github.com/mansueli"><code>@mansueli</code></a></li> </ul> <h2>v2.108.3-canary.2</h2> <h2>2.108.3-canary.2 (2026-06-19)</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/supabase/supabase-js/blob/master/packages/core/supabase-js/CHANGELOG.md">@supabase/supabase-js's changelog</a>.</em></p> <blockquote> <h2>2.110.0 (2026-06-30)</h2> <h3>🚀 Features</h3> <ul> <li><strong>repo:</strong> drop Node.js 20 support (<a href="https://redirect.github.com/supabase/supabase-js/pull/2482">#2482</a>)</li> </ul> <h3>❤️ Thank You</h3> <ul> <li>Katerina Skroumpelou <a href="https://github.com/mandarini"><code>@mandarini</code></a></li> </ul> <h2>2.109.0 (2026-06-30)</h2> <h3>🩹 Fixes</h3> <ul> <li><strong>realtime:</strong> pin <code>@supabase/phoenix</code> and browser test CDN deps (<a href="https://redirect.github.com/supabase/supabase-js/pull/2457">#2457</a>)</li> </ul> <h3>❤️ Thank You</h3> <ul> <li>Katerina Skroumpelou <a href="https://github.com/mandarini"><code>@mandarini</code></a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/supabase/supabase-js/commit/c3d5e6d2949b0248de8ba97991e4484f0b57c83f"><code>c3d5e6d</code></a> feat(repo): drop Node.js 20 support (<a href="https://github.com/supabase/supabase-js/tree/HEAD/packages/core/supabase-js/issues/2482">#2482</a>)</li> <li><a href="https://github.com/supabase/supabase-js/commit/b2e02b997aaf81b4c09dcc67966629296b96f681"><code>b2e02b9</code></a> chore(release): version 2.109.0 changelogs (<a href="https://github.com/supabase/supabase-js/tree/HEAD/packages/core/supabase-js/issues/2481">#2481</a>)</li> <li><a href="https://github.com/supabase/supabase-js/commit/dd2d4c270f0d6b84e61f3fa80330c42966783f87"><code>dd2d4c2</code></a> fix(realtime): pin <code>@supabase/phoenix</code> and browser test CDN deps (<a href="https://github.com/supabase/supabase-js/tree/HEAD/packages/core/supabase-js/issues/2457">#2457</a>)</li> <li><a href="https://github.com/supabase/supabase-js/commit/a25062e9285fa8e3bd702c59ddda0d87ad1fcc27"><code>a25062e</code></a> chore(release): version 2.108.2 changelogs (<a href="https://github.com/supabase/supabase-js/tree/HEAD/packages/core/supabase-js/issues/2449">#2449</a>)</li> <li><a href="https://github.com/supabase/supabase-js/commit/b3e5f2d7a312eff971dfd9c7226c9c4edbc0de0f"><code>b3e5f2d</code></a> chore(ci): unpin realtime version (<a href="https://github.com/supabase/supabase-js/tree/HEAD/packages/core/supabase-js/issues/2432">#2432</a>)</li> <li>See full diff in <a href="https://github.com/supabase/supabase-js/commits/v2.110.0/packages/core/supabase-js">compare view</a></li> </ul> </details> <br /> Updates `@anthropic-ai/claude-agent-sdk` from 0.3.196 to 0.3.197 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/anthropics/claude-agent-sdk-typescript/releases">@anthropic-ai/claude-agent-sdk's releases</a>.</em></p> <blockquote> <h2>v0.3.197</h2> <h2>What's changed</h2> <ul> <li>Updated to parity with Claude Code v2.1.197</li> </ul> <h2>Update</h2> <pre lang="sh"><code>npm install @anthropic-ai/claude-agent-sdk@0.3.197 # or yarn add @anthropic-ai/claude-agent-sdk@0.3.197 # or pnpm add @anthropic-ai/claude-agent-sdk@0.3.197 # or bun add @anthropic-ai/claude-agent-sdk@0.3.197 </code></pre> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/anthropics/claude-agent-sdk-typescript/blob/main/CHANGELOG.md">@anthropic-ai/claude-agent-sdk's changelog</a>.</em></p> <blockquote> <h2>0.3.197</h2> <ul> <li>Updated to parity with Claude Code v2.1.197</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/anthropics/claude-agent-sdk-typescript/commit/ccd90af1279349d9d1cf641eec8a43664c94ebdf"><code>ccd90af</code></a> chore: Update CHANGELOG.md</li> <li>See full diff in <a href="https://github.com/anthropics/claude-agent-sdk-typescript/compare/v0.3.196...v0.3.197">compare view</a></li> </ul> </details> <br /> Updates `@anthropic-ai/sdk` from 0.107.0 to 0.109.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/anthropics/anthropic-sdk-typescript/releases">@anthropic-ai/sdk's releases</a>.</em></p> <blockquote> <h2>sdk: v0.109.0</h2> <h2>0.109.0 (2026-06-30)</h2> <p>Full Changelog: <a href="https://github.com/anthropics/anthropic-sdk-typescript/compare/sdk-v0.108.0...sdk-v0.109.0">sdk-v0.108.0...sdk-v0.109.0</a></p> <h3>Features</h3> <ul> <li><strong>api:</strong> add support for Managed Agents event delta streaming, agent overrides, reverse pagination, vault credential injection scoping, and agent and deployment webhook events (<a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/7f3211b4886053d25e98b91edc90fedc199ef186">7f3211b</a>)</li> </ul> <h2>sdk: v0.108.0</h2> <h2>0.108.0 (2026-06-30)</h2> <p>Full Changelog: <a href="https://github.com/anthropics/anthropic-sdk-typescript/compare/sdk-v0.107.0...sdk-v0.108.0">sdk-v0.107.0...sdk-v0.108.0</a></p> <h3>Features</h3> <ul> <li><strong>api:</strong> add support for claude-sonnet-5 (<a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/4588db01eccd7529a5d2e99b8e5da3af1acdbbc8">4588db0</a>)</li> </ul> <h3>Bug Fixes</h3> <ul> <li><strong>agent-toolset:</strong> allow absolute paths that resolve inside workdir (<a href="https://redirect.github.com/anthropics/anthropic-sdk-typescript/issues/112">#112</a>) (<a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/e951fb2ed70f8d6cd0113ae1642a795404e1cc9a">e951fb2</a>)</li> </ul> <h3>Chores</h3> <ul> <li>format README.md (<a href="https://redirect.github.com/anthropics/anthropic-sdk-typescript/issues/176">#176</a>) (<a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/98dcff71b632a92e0e1dff19ca4a95439a5fe447">98dcff7</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/anthropics/anthropic-sdk-typescript/blob/main/CHANGELOG.md">@anthropic-ai/sdk's changelog</a>.</em></p> <blockquote> <h2>0.109.0 (2026-06-30)</h2> <p>Full Changelog: <a href="https://github.com/anthropics/anthropic-sdk-typescript/compare/sdk-v0.108.0...sdk-v0.109.0">sdk-v0.108.0...sdk-v0.109.0</a></p> <h3>Features</h3> <ul> <li><strong>api:</strong> add support for Managed Agents event delta streaming, agent overrides, reverse pagination, vault credential injection scoping, and agent and deployment webhook events (<a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/7f3211b4886053d25e98b91edc90fedc199ef186">7f3211b</a>)</li> </ul> <h2>0.108.0 (2026-06-30)</h2> <p>Full Changelog: <a href="https://github.com/anthropics/anthropic-sdk-typescript/compare/sdk-v0.107.0...sdk-v0.108.0">sdk-v0.107.0...sdk-v0.108.0</a></p> <h3>Features</h3> <ul> <li><strong>api:</strong> add support for claude-sonnet-5 (<a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/4588db01eccd7529a5d2e99b8e5da3af1acdbbc8">4588db0</a>)</li> </ul> <h3>Bug Fixes</h3> <ul> <li><strong>agent-toolset:</strong> allow absolute paths that resolve inside workdir (<a href="https://redirect.github.com/anthropics/anthropic-sdk-typescript/issues/112">#112</a>) (<a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/e951fb2ed70f8d6cd0113ae1642a795404e1cc9a">e951fb2</a>)</li> </ul> <h3>Chores</h3> <ul> <li>format README.md (<a href="https://redirect.github.com/anthropics/anthropic-sdk-typescript/issues/176">#176</a>) (<a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/98dcff71b632a92e0e1dff19ca4a95439a5fe447">98dcff7</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/cb829c764293963665481f0b2a60f2e0923270ac"><code>cb829c7</code></a> chore: release main</li> <li><a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/fd0341dfe7a77f28678c9e474485bc7331e426d4"><code>fd0341d</code></a> feat(api): add support for Managed Agents event delta streaming, agent overri...</li> <li><a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/90f767ae9078ac808c758670aac408267fa2c49f"><code>90f767a</code></a> codegen metadata</li> <li><a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/ed986cd68c9ca8674ac2548be479a1d4c6a282b6"><code>ed986cd</code></a> chore: release main</li> <li><a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/d3ffad4927b0da3baffde66b1372f8f0b4a7c434"><code>d3ffad4</code></a> chore: format README.md (<a href="https://redirect.github.com/anthropics/anthropic-sdk-typescript/issues/176">#176</a>)</li> <li><a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/6b46ad31ff2682376f6e9f4c732ed35d3c45693b"><code>6b46ad3</code></a> feat(api): add support for claude-sonnet-5</li> <li><a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/8200ffac10fab553883efae64cf24a514add2b04"><code>8200ffa</code></a> feat(vertex): bump google-auth-library to ^10.2.0 (SDK-91) (<a href="https://redirect.github.com/anthropics/anthropic-sdk-typescript/issues/30">#30</a>)</li> <li><a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/fa06d36ccb07b32a7098b71d40713add611548cc"><code>fa06d36</code></a> feat(bedrock): pass client logger to AWS credential provider chain (SDK-90) (...</li> <li><a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/0fff7faad710ffaf2ceeb7f7f05139bbec72e6cc"><code>0fff7fa</code></a> fix(agent-toolset): allow absolute paths that resolve inside workdir (<a href="https://redirect.github.com/anthropics/anthropic-sdk-typescript/issues/112">#112</a>)</li> <li>See full diff in <a href="https://github.com/anthropics/anthropic-sdk-typescript/compare/sdk-v0.107.0...sdk-v0.109.0">compare view</a></li> </ul> </details> <br /> Updates `posthog-node` from 5.38.8 to 5.39.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/PostHog/posthog-js/releases">posthog-node's releases</a>.</em></p> <blockquote> <h2>posthog-node@5.39.1</h2> <h2>5.39.1</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/PostHog/posthog-js/pull/4029">#4029</a> <a href="https://github.com/PostHog/posthog-js/commit/b36b1cc2bf771bc944a304c9523d0991a31a5fbd"><code>b36b1cc</code></a> Thanks <a href="https://github.com/marandaneto"><code>@marandaneto</code></a>! - Call <code>before_send</code> for identify, group identify, and alias events. (2026-06-30)</p> </li> <li> <p><a href="https://redirect.github.com/PostHog/posthog-js/pull/4027">#4027</a> <a href="https://github.com/PostHog/posthog-js/commit/ab118d278856e5f995229ab476987fcac936a25a"><code>ab118d2</code></a> Thanks <a href="https://github.com/marandaneto"><code>@marandaneto</code></a>! - Safely serialize event batches with circular property references instead of crashing during flush. (2026-06-30)</p> </li> <li> <p>Updated dependencies [<a href="https://github.com/PostHog/posthog-js/commit/ab118d278856e5f995229ab476987fcac936a25a"><code>ab118d2</code></a>]:</p> <ul> <li><code>@posthog/core</code><a href="https://github.com/1"><code>@1</code></a>.39.2</li> </ul> </li> </ul> <h2>posthog-node@5.39.0</h2> <h2>5.39.0</h2> <h3>Minor Changes</h3> <ul> <li><a href="https://redirect.github.com/PostHog/posthog-js/pull/4006">#4006</a> <a href="https://github.com/PostHog/posthog-js/commit/0063128fc443158e44c9b6bab623420fc04d8c4c"><code>0063128</code></a> Thanks <a href="https://github.com/apps/github-actions"><code>@github-actions</code></a>! - Add <code>groupIdentifyImmediate()</code> to await the network request when identifying a group, mirroring <code>captureImmediate</code>/<code>identifyImmediate</code>/<code>aliasImmediate</code>. Useful in edge/serverless environments where the background queue may not flush. The Convex integration now uses it directly instead of routing <code>$groupidentify</code> through <code>captureImmediate</code>. (2026-06-30)</li> </ul> <h3>Patch Changes</h3> <ul> <li>Updated dependencies [<a href="https://github.com/PostHog/posthog-js/commit/0063128fc443158e44c9b6bab623420fc04d8c4c"><code>0063128</code></a>]: <ul> <li><code>@posthog/core</code><a href="https://github.com/1"><code>@1</code></a>.39.0</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/PostHog/posthog-js/blob/main/packages/node/CHANGELOG.md">posthog-node's changelog</a>.</em></p> <blockquote> <h2>5.39.1</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/PostHog/posthog-js/pull/4029">#4029</a> <a href="https://github.com/PostHog/posthog-js/commit/b36b1cc2bf771bc944a304c9523d0991a31a5fbd"><code>b36b1cc</code></a> Thanks <a href="https://github.com/marandaneto"><code>@marandaneto</code></a>! - Call <code>before_send</code> for identify, group identify, and alias events. (2026-06-30)</p> </li> <li> <p><a href="https://redirect.github.com/PostHog/posthog-js/pull/4027">#4027</a> <a href="https://github.com/PostHog/posthog-js/commit/ab118d278856e5f995229ab476987fcac936a25a"><code>ab118d2</code></a> Thanks <a href="https://github.com/marandaneto"><code>@marandaneto</code></a>! - Safely serialize event batches with circular property references instead of crashing during flush. (2026-06-30)</p> </li> <li> <p>Updated dependencies [<a href="https://github.com/PostHog/posthog-js/commit/ab118d278856e5f995229ab476987fcac936a25a"><code>ab118d2</code></a>]:</p> <ul> <li><code>@posthog/core</code><a href="https://github.com/1"><code>@1</code></a>.39.2</li> </ul> </li> </ul> <h2>5.39.0</h2> <h3>Minor Changes</h3> <ul> <li><a href="https://redirect.github.com/PostHog/posthog-js/pull/4006">#4006</a> <a href="https://github.com/PostHog/posthog-js/commit/0063128fc443158e44c9b6bab623420fc04d8c4c"><code>0063128</code></a> Thanks <a href="https://github.com/apps/github-actions"><code>@github-actions</code></a>! - Add <code>groupIdentifyImmediate()</code> to await the network request when identifying a group, mirroring <code>captureImmediate</code>/<code>identifyImmediate</code>/<code>aliasImmediate</code>. Useful in edge/serverless environments where the background queue may not flush. The Convex integration now uses it directly instead of routing <code>$groupidentify</code> through <code>captureImmediate</code>. (2026-06-30)</li> </ul> <h3>Patch Changes</h3> <ul> <li>Updated dependencies [<a href="https://github.com/PostHog/posthog-js/commit/0063128fc443158e44c9b6bab623420fc04d8c4c"><code>0063128</code></a>]: <ul> <li><code>@posthog/core</code><a href="https://github.com/1"><code>@1</code></a>.39.0</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/PostHog/posthog-js/commit/a5181ba36f64cf69108be2f0fbf1e68dbeb4e827"><code>a5181ba</code></a> chore: update versions and lockfile [version bump]</li> <li><a href="https://github.com/PostHog/posthog-js/commit/b36b1cc2bf771bc944a304c9523d0991a31a5fbd"><code>b36b1cc</code></a> fix(node): run before_send for all captured events (<a href="https://github.com/PostHog/posthog-js/tree/HEAD/packages/node/issues/4029">#4029</a>)</li> <li><a href="https://github.com/PostHog/posthog-js/commit/ab118d278856e5f995229ab476987fcac936a25a"><code>ab118d2</code></a> fix(node): handle circular event properties during flush (<a href="https://github.com/PostHog/posthog-js/tree/HEAD/packages/node/issues/4027">#4027</a>)</li> <li><a href="https://github.com/PostHog/posthog-js/commit/0c95bce7a2b01707691783a41730ec89699cb429"><code>0c95bce</code></a> fix: satisfy SDK compliance harness 0.8.0 (<a href="https://github.com/PostHog/posthog-js/tree/HEAD/packages/node/issues/3998">#3998</a>)</li> <li><a href="https://github.com/PostHog/posthog-js/commit/254c5b15597ea06c7cd9967708b11b49707267ae"><code>254c5b1</code></a> chore: update versions and lockfile [version bump]</li> <li><a href="https://github.com/PostHog/posthog-js/commit/0063128fc443158e44c9b6bab623420fc04d8c4c"><code>0063128</code></a> feat: Add groupIdentifyImmediate() method to Node.js SDK (<a href="https://github.com/PostHog/posthog-js/tree/HEAD/packages/node/issues/4006">#4006</a>)</li> <li>See full diff in <a href="https://github.com/PostHog/posthog-js/commits/posthog-node@5.39.1/packages/node">compare view</a></li> </ul> </details> <br /> Updates `@typescript/native-preview` from 7.0.0-dev.20260629.1 to 7.0.0-dev.20260630.1 <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/microsoft/typescript-go/commits">compare view</a></li> </ul> </details> <br /> Updates `oxlint-tsgolint` from 0.23.0 to 0.24.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/oxc-project/tsgolint/releases">oxlint-tsgolint's releases</a>.</em></p> <blockquote> <h2>v0.24.0</h2> <h2>What's Changed</h2> <ul> <li>ci: run windows e2e pnpm commands outside workspace by <a href="https://github.com/camc314"><code>@camc314</code></a> in <a href="https://redirect.github.com/oxc-project/tsgolint/pull/969">oxc-project/tsgolint#969</a></li> <li>test(no-deprecated): add test for only <code>allow</code> by <a href="https://github.com/camc314"><code>@camc314</code></a> in <a href="https://redirect.github.com/oxc-project/tsgolint/pull/970">oxc-project/tsgolint#970</a></li> <li>fix(no-deprecated): report contextual object literal properties by <a href="https://github.com/camc314"><code>@camc314</code></a> in <a href="https://redirect.github.com/oxc-project/tsgolint/pull/944">oxc-project/tsgolint#944</a></li> <li>Update README with PRs note on new rules by <a href="https://github.com/camchenry"><code>@camchenry</code></a> in <a href="https://redirect.github.com/oxc-project/tsgolint/pull/972">oxc-project/tsgolint#972</a></li> <li>fix(strict-boolean-expressions): guard invalid predicate indexes by <a href="https://github.com/camchenry"><code>@camchenry</code></a> in <a href="https://redirect.github.com/oxc-project/tsgolint/pull/971">oxc-project/tsgolint#971</a></li> <li>fix(no-deprecated): fix crash when getting prop name for non-literal by <a href="https://github.com/camchenry"><code>@camchenry</code></a> in <a href="https://redirect.github.com/oxc-project/tsgolint/pull/973">oxc-project/tsgolint#973</a></li> <li>test(no-deprecated): add non-literal computed key regression by <a href="https://github.com/camc314"><code>@camc314</code></a> in <a href="https://redirect.github.com/oxc-project/tsgolint/pull/974">oxc-project/tsgolint#974</a></li> <li>test(no-floating-promises): sync tests with typescript-eslint by <a href="https://github.com/camc314"><code>@camc314</code></a> in <a href="https://redirect.github.com/oxc-project/tsgolint/pull/975">oxc-project/tsgolint#975</a></li> <li>fix(no-floating-promises): handle spread arguments before rejection handlers by <a href="https://github.com/camc314"><code>@camc314</code></a> in <a href="https://redirect.github.com/oxc-project/tsgolint/pull/976">oxc-project/tsgolint#976</a></li> <li>chore(deps): update crate-ci/typos action to v1.46.2 by <a href="https://github.com/renovate"><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/oxc-project/tsgolint/pull/979">oxc-project/tsgolint#979</a></li> <li>refactor: remove unneeded <code>nil</code> checks in <code>strict-boolean-expressions</code> by <a href="https://github.com/camchenry"><code>@camchenry</code></a> in <a href="https://redirect.github.com/oxc-project/tsgolint/pull/980">oxc-project/tsgolint#980</a></li> <li>perf(no-unsafe-assignment): add fast-path for sender type by <a href="https://github.com/camchenry"><code>@camchenry</code></a> in <a href="https://redirect.github.com/oxc-project/tsgolint/pull/981">oxc-project/tsgolint#981</a></li> <li>feat: add per-rule debug timings by <a href="https://github.com/camchenry"><code>@camchenry</code></a> in <a href="https://redirect.github.com/oxc-project/tsgolint/pull/960">oxc-project/tsgolint#960</a></li> <li>chore: update typescript-go submodule by <a href="https://github.com/camc314"><code>@camc314</code></a> in <a href="https://redirect.github.com/oxc-project/tsgolint/pull/982">oxc-project/tsgolint#982</a></li> <li>chore(deps): update dprint plugins by <a href="https://github.com/renovate"><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/oxc-project/tsgolint/pull/984">oxc-project/tsgolint#984</a></li> <li>chore(deps): update github actions by <a href="https://github.com/renovate"><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/oxc-project/tsgolint/pull/985">oxc-project/tsgolint#985</a></li> <li>chore(deps): update gomod by <a href="https://github.com/renovate"><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/oxc-project/tsgolint/pull/986">oxc-project/tsgolint#986</a></li> <li>chore(deps): update crate-ci/typos action to v1.46.3 by <a href="https://github.com/renovate"><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/oxc-project/tsgolint/pull/988">oxc-project/tsgolint#988</a></li> <li>test(no-deprecated): cover call and jsx deprecated properties by <a href="https://github.com/camc314"><code>@camc314</code></a> in <a href="https://redirect.github.com/oxc-project/tsgolint/pull/989">oxc-project/tsgolint#989</a></li> <li>chore: update typescript-go submodule by <a href="https://github.com/camc314"><code>@camc314</code></a> in <a href="https://redirect.github.com/oxc-project/tsgolint/pull/991">oxc-project/tsgolint#991</a></li> <li>chore(deps): update github actions by <a href="https://github.com/renovate"><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/oxc-project/tsgolint/pull/993">oxc-project/tsgolint#993</a></li> <li>chore(deps): update crate-ci/typos action to v1.47.0 by <a href="https://github.com/renovate"><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/oxc-project/tsgolint/pull/995">oxc-project/tsgolint#995</a></li> <li>chore(deps): update module github.com/dlclark/regexp2/v2 to v2.1.1 by <a href="https://github.com/renovate"><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/oxc-project/tsgolint/pull/994">oxc-project/tsgolint#994</a></li> <li>fix(prefer-optional-chain): suggest unsafe nullish rewrite by <a href="https://github.com/camc314"><code>@camc314</code></a> in <a href="https://redirect.github.com/oxc-project/tsgolint/pull/996">oxc-project/tsgolint#996</a></li> <li>chore(deps): update pnpm to v11.4.0 by <a href="https://github.com/renovate"><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/oxc-project/tsgolint/pull/997">oxc-project/tsgolint#997</a></li> <li>refactor: cache suppress program diagnostics env by <a href="https://github.com/camc314"><code>@camc314</code></a> in <a href="https://redirect.github.com/oxc-project/tsgolint/pull/999">oxc-project/tsgolint#999</a></li> <li>refactor: use <code>sync.OnceValue</code> for logLevel by <a href="https://github.com/camc314"><code>@camc314</code></a> in <a href="https://redirect.github.com/oxc-project/tsgolint/pull/1000">oxc-project/tsgolint#1000</a></li> <li>test(no-unnecessary-type-assertion): sync tests with typescript-eslint by <a href="https://github.com/camc314"><code>@camc314</code></a> in <a href="https://redirect.github.com/oxc-project/tsgolint/pull/998">oxc-project/tsgolint#998</a></li> <li>fix(no-unnecessary-type-assertion): enable skipped upstream cases by <a href="https://github.com/camc314"><code>@camc314</code></a> in <a href="https://redirect.github.com/oxc-project/tsgolint/pull/1001">oxc-project/tsgolint#1001</a></li> <li>fix(justfile): use --ignore-workspace for e2e pnpm commands by <a href="https://github.com/swandir"><code>@swandir</code></a> in <a href="https://redirect.github.com/oxc-project/tsgolint/pull/983">oxc-project/tsgolint#983</a></li> <li>test(no-unnecessary-type-arguments): sync tests with typescript-eslint by <a href="https://github.com/camc314"><code>@camc314</code></a> in <a href="https://redirect.github.com/oxc-project/tsgolint/pull/1003">oxc-project/tsgolint#1003</a></li> <li>test(no-unnecessary-type-assertion): cover nullable literal assertion by <a href="https://github.com/camc314"><code>@camc314</code></a> in <a href="https://redirect.github.com/oxc-project/tsgolint/pull/1002">oxc-project/tsgolint#1002</a></li> <li>fix(no-unnecessary-type-arguments): preserve constructor inference by <a href="https://github.com/camc314"><code>@camc314</code></a> in <a href="https://redirect.github.com/oxc-project/tsgolint/pull/1004">oxc-project/tsgolint#1004</a></li> <li>refactor: remove <code>OXLINT_TSGOLINT_TIMINGS</code> env var by <a href="https://github.com/camc314"><code>@camc314</code></a> in <a href="https://redirect.github.com/oxc-project/tsgolint/pull/1005">oxc-project/tsgolint#1005</a></li> <li>chore: update typescript-go submodule by <a href="https://github.com/camc314"><code>@camc314</code></a> in <a href="https://redirect.github.com/oxc-project/tsgolint/pull/1007">oxc-project/tsgolint#1007</a></li> <li>fix(prefer-optional-chain): optional chain type assertion handling by <a href="https://github.com/camc314"><code>@camc314</code></a> in <a href="https://redirect.github.com/oxc-project/tsgolint/pull/1009">oxc-project/tsgolint#1009</a></li> <li>chore(deps): update typos to v1.47.1 by <a href="https://github.com/renovate"><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/oxc-project/tsgolint/pull/1010">oxc-project/tsgolint#1010</a></li> <li>chore(deps): update typos to v1.47.2 by <a href="https://github.com/renovate"><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/oxc-project/tsgolint/pull/1012">oxc-project/tsgolint#1012</a></li> <li>chore(deps): update github actions by <a href="https://github.com/renovate"><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/oxc-project/tsgolint/pull/1013">oxc-project/tsgolint#1013</a></li> <li>chore(deps): update gomod by <a href="https://github.com/renovate"><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/oxc-project/tsgolint/pull/1014">oxc-project/tsgolint#1014</a></li> <li>chore(deps): update github actions to v2.81.5 by <a href="https://github.com/renovate"><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/oxc-project/tsgolint/pull/1015">oxc-project/tsgolint#1015</a></li> <li>chore: update typescript-go submodule by <a href="https://github.com/camc314"><code>@camc314</code></a> in <a href="https://redirect.github.com/oxc-project/tsgolint/pull/1016">oxc-project/tsgolint#1016</a></li> <li>chore(deps): update github actions by <a href="https://github.com/renovate"><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/oxc-project/tsgolint/pull/1017">oxc-project/tsgolint#1017</a></li> <li>chore(deps): update gomod to v0.46.0 by <a href="https://github.com/renovate"><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/oxc-project/tsgolint/pull/1018">oxc-project/tsgolint#1018</a></li> <li>chore(deps): update gomod to v2.2.2 by <a href="https://github.com/renovate"><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/oxc-project/tsgolint/pull/1021">oxc-project/tsgolint#1021</a></li> <li>chore(deps): update github actions to v2.82.0 by <a href="https://github.com/renovate"><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/oxc-project/tsgolint/pull/1023">oxc-project/tsgolint#1023</a></li> <li>chore(deps): update dprint plugins to v0.22.0 by <a href="https://github.com/renovate"><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/oxc-project/tsgolint/pull/1022">oxc-project/tsgolint#1022</a></li> <li>chore(deps): update github actions to v7 by <a href="https://github.com/renovate"><code>@renovate</code></a>[bot] in <a href="https://redirect.github.com/oxc-project/tsgolint/pull/1024">oxc-project/tsgolint#1024</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/oxc-project/tsgolint/commit/5a37e8902f65440900be1436b814919fcdb4e3d4"><code>5a37e89</code></a> fix(dot-notation): determine the relevant accessor (<a href="https://redirect.github.com/oxc-project/tsgolint/issues/1028">#1028</a>)</li> <li><a href="https://github.com/oxc-project/tsgolint/commit/67a281f613312a30665e7d39dfb47f5c15b0ca60"><code>67a281f</code></a> perf(consistent-return): defer per-function type resolution (<a href="https://redirect.github.com/oxc-project/tsgolint/issues/1031">#1031</a>)</li> <li><a href="https://github.com/oxc-project/tsgolint/commit/a5e2ff0be1102d9082e13ec35f1f0e4ca7fa65ad"><code>a5e2ff0</code></a> perf(no-unnecessary-qualifier): skip symbol resolution outside namespaces. (#...</li> <li><a href="https://github.com/oxc-project/tsgolint/commit/a8fc6685df0a817e7c5045a4e3e141d342839959"><code>a8fc668</code></a> perf(no-confusing-void-expression): check ancestor position before type query...</li> <li><a href="https://github.com/oxc-project/tsgolint/commit/03158cc4c0a0ef2c8bdccab71e6d2723fcc1c4f2"><code>03158cc</code></a> perf(no-unnecessary-type-conversion): hoist constant builtin-name slices (<a href="https://redirect.github.com/oxc-project/tsgolint/issues/1040">#1040</a>)</li> <li><a href="https://github.com/oxc-project/tsgolint/commit/d9e645c266b6c4b4671b0a3dc5d3935dbda3a5ef"><code>d9e645c</code></a> perf(prefer-optional-chain): lazily allocate chain-processor caches (<a href="https://redirect.github.com/oxc-project/tsgolint/issues/1041">#1041</a>)</li> <li><a href="https://github.com/oxc-project/tsgolint/commit/63f578abe093d7a7e8cb523a1e5e96aacf06b220"><code>63f578a</code></a> refactor(no-unnecessary-condition): remove dead containsUnguardedElementAcces...</li> <li><a href="https://github.com/oxc-project/tsgolint/commit/f174876a906e0350aff2b75d5607775529c9f845"><code>f174876</code></a> chore(deps): update gomod (<a href="https://redirect.github.com/oxc-project/tsgolint/issues/1035">#1035</a>)</li> <li><a href="https://github.com/oxc-project/tsgolint/commit/47de9cfea53da0ae274bc78d47388e3bdd5b7341"><code>47de9cf</code></a> chore(deps): update github actions (<a href="https://redirect.github.com/oxc-project/tsgolint/issues/1036">#1036</a>)</li> <li><a href="https://github.com/oxc-project/tsgolint/commit/e209b5b27f5fd22810735bfbfdb0785cbc5d4215"><code>e209b5b</code></a> chore(deps): update actions/cache action to v6 (<a href="https://redirect.github.com/oxc-project/tsgolint/issues/1037">#1037</a>)</li> <li>Additional commits viewable in <a href="https://github.com/oxc-project/tsgolint/compare/v0.23.0...v0.24.0">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…cli-go/pkg (#5825) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.50.0 to 0.52.0. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/crypto/commit/a1c0d9929856c8aba2b31f079340f00578eda803"><code>a1c0d99</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/crypto/commit/3c7c86938f4541c333d506f719388d9c42d4763d"><code>3c7c869</code></a> ssh: fix deadlock on unexpected channel responses</li> <li><a href="https://github.com/golang/crypto/commit/533fb3f7e4a5ae23f69d1837cd851d35ff5b76ce"><code>533fb3f</code></a> ssh: fix source-address critical option bypass</li> <li><a href="https://github.com/golang/crypto/commit/abbc44d451a6f9236a2bbd26cbcd4d0fec473da3"><code>abbc44d</code></a> ssh: fix incorrect operator order</li> <li><a href="https://github.com/golang/crypto/commit/e052873987615dc96fe67607a9a6adb76311344f"><code>e052873</code></a> ssh: fix infinite loop on large channel writes due to integer overflow</li> <li><a href="https://github.com/golang/crypto/commit/b61cf853a89d82cad68da5e12a6beca2116f8456"><code>b61cf85</code></a> ssh: enforce user presence verification for security keys</li> <li><a href="https://github.com/golang/crypto/commit/9c2cd33e8d96a96133fd6ff732510ebba539c2bd"><code>9c2cd33</code></a> ssh: enforce strict limits on DSA key parameters</li> <li><a href="https://github.com/golang/crypto/commit/890731877d85f71cfdc9554e7a27fec4684fc4c4"><code>8907318</code></a> ssh: reject RSA keys with excessively large moduli</li> <li><a href="https://github.com/golang/crypto/commit/ffd87b4878fa98ca2908ec534e1a410bf095a35e"><code>ffd87b4</code></a> ssh: fix panic when authority callbacks are nil</li> <li><a href="https://github.com/golang/crypto/commit/4e7a7384ecbc8d519f6f4c11b36fa9d761fc8946"><code>4e7a738</code></a> ssh: fix deadlock on unexpected global responses</li> <li>Additional commits viewable in <a href="https://github.com/golang/crypto/compare/v0.50.0...v0.52.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/supabase/cli/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
## TL;DR adds Colima rootless docker socket fallback to vector start ## Ref - closes #5073
…emplates with 3 updates (#5822) Bumps the docker-minor group in /apps/cli-go/pkg/config/templates with 3 updates: supabase/studio, supabase/realtime and supabase/storage-api. Updates `supabase/studio` from 2026.07.06-sha-66cf431 to 2026.07.07-sha-a6a04f2 Updates `supabase/realtime` from v2.112.6 to v2.112.9 Updates `supabase/storage-api` from v1.62.5 to v1.63.1 Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
) ## What kind of change does this PR introduce? Bug fix (Go parity). ## What is the current behavior? Go's `--size` flag on `projects create` (`apps/cli-go/cmd/projects.go:34-55`) is a single shared 18-value `EnumFlag` reused by `branches create` (`apps/cli-go/cmd/branches.go:212`), and does not include `"nano"` (or `"pico"`). The TS legacy port's `INSTANCE_SIZES` (`projects/create/create.command.ts`) and `BRANCH_SIZES` (`branches/create/create.command.ts`) both included `"nano"` as a valid `Flag.choice` value, so `--size nano` silently succeeded in TS while Go rejects it. Verified directly against the real, compiled Go binary (`apps/cli-go`) rather than just reading source — `projects create --size nano` genuinely errors with `invalid argument "nano" for "--size" flag: must be one of [...]`, confirming this is current, shipped Go behavior and not a stale enum. Note: the live Management API contract (`packages/api/src/generated/contracts.ts`) does list `"nano"`/`"pico"` as accepted `desired_instance_size` values, and `next/`'s independently-authored `branches create` already exposes both. Neither the Go CLI nor this legacy port surfaces them as CLI options, though — that's a separate product question (filed as CLI-1897) about whether these tiers should eventually be CLI-selectable, not a reason to keep an option the legacy shell's own Go-parity contract says should be rejected. ## What is the new behavior? `--size nano` is now rejected identically on both `projects create` and `branches create`, matching Go's 18-value enum exactly. Fixes CLI-1869. See also CLI-1897 (product decision on nano/pico) and CLI-1898 (unrelated pre-existing bug in `effect`'s `Flag.choice` error-message formatting, found during this PR's review).
…#5800) ## What kind of change does this PR introduce? Docs update (Go parity disclosure) + telemetry-list correctness fix. ## What is the current behavior? `--high-availability` on `projects create` has no Go CLI equivalent — Go's `cmd/projects.go` never registers such a flag, and its `RunE` closure never sets `HighAvailability` on the create request body even though the underlying Management API field exists. Unlike `--reveal` on `projects api-keys` (which explicitly documents itself as a TS-only addition, in a code comment, `SIDE_EFFECTS.md`, and `docs/go-cli-porting-status.md`'s "Flag divergences" list), `--high-availability` was undisclosed everywhere. It was also listed in `safeFlags: ["org-id", "high-availability"]`, implying Go-parity telemetry-safety that doesn't exist (Go's `markFlagTelemetrySafe` only covers `org-id`). Since it's a boolean flag, this had no actual runtime effect — boolean flag values are always logged verbatim by the instrumentation regardless of `safeFlags` membership — but the array wrongly implied otherwise. The linked ticket (CLI-1870) offered two valid resolutions: remove the flag for strict parity, or disclose it as TS-only. This PR disclosure, since `--high-availability` is a real, working, user-facing capability that Go's CLI simply never got around to exposing (not a Go bug being ported forward) — removing it would regress anyone currently relying on it. ## What is the new behavior? `--high-availability` is now disclosed as TS-only in a code comment, `SIDE_EFFECTS.md`, and `docs/go-cli-porting-status.md`'s "Flag divergences" list, matching the `--reveal` precedent exactly. Removed from `safeFlags` (now just `["org-id"]`) to match Go's actual telemetry-safe set. Fixes CLI-1870.
…chema declarative (#5828) ## What changed `db schema declarative generate`/`sync` ran their mutual-exclusivity flag check (`db-url`/`linked`/`local`, `apply`/`no-apply`) BEFORE the pg-delta/`--experimental` gate (`legacyRequirePgDelta`). Go's cobra runs `PersistentPreRunE` (the gate) before `ValidateFlagGroups` (mutex check) — confirmed against `apps/cli-go/cmd/db_schema_declarative.go` and the actual `cobra@v1.10.2` source — so invoking either command with conflicting flags and no `--experimental` surfaced the wrong error in the TS shell vs Go. Same bug class already fixed for `storage ls/cp/mv/rm` in CLI-1855 (#5768); this mirrors that precedent as closely as the code structure allows. Declarative's gate needs a config read (`legacyReadDbToml`) that storage's didn't, so the check lives inline in each handler's body rather than at the `.command.ts` level — moving the config read ahead of the mutex check as part of the same reorder is also more correct (Go's `PersistentPreRunE` loads config unconditionally before validating flag groups too). Swaps the order in both handlers, fixes misleading ordering comments (and two stale Go line-number citations found nearby), documents the precedence in both commands' `SIDE_EFFECTS.md`, and adds regression coverage for the "mutex conflict without `--experimental`" case in both `generate` and `sync`. Fixes CLI-1876
) ## What changed Invoking a legacy-shell group command that has subcommands but is itself not runnable — e.g. `supabase branches`, `supabase completion` — with no subcommand and no `--help` exited **1** in the TS legacy shell. Go's cobra CLI exits **0** for the identical invocation: a non-`Runnable()` command with no `RunE` internally returns `flag.ErrHelp`, which cobra's `ExecuteC()` maps to "print help, return nil error". Only explicit `--help` got exit 0 before this fix; the bare/missing-subcommand form did not, even though the printed help text was identical in both cases. `CliError.ShowHelp` (in `effect/unstable/cli`) already declares the correct exit code via Effect's own `Runtime.errorExitCode` marker (`0` for a clean `ShowHelp` with no errors, `1` otherwise) — `apps/cli/src/shared/cli/run.ts` now delegates to `Runtime.getErrorExitCode(Cause.squash(cause))` instead of hand-rolling `ShowHelp` classification, which is simpler and tracks the library's own source of truth for any future `CliError` additions. Also added an integration test driving the real `legacyBranchesCommand` through `Command.runWith` (confirming the actual `ShowHelp` cause shape), and an e2e test asserting the real compiled-binary exit code, since this bug is specifically about the real OS process exit code. ## Known related (not fixed here) A typo'd subcommand under a group (e.g. `supabase branches bogus`) still exits 1 where Go cobra exits 0 for a non-root command — this is pre-existing on `develop`, not a regression from this change, and out of scope for this fix. Filed as a follow-up. Fixes CLI-1906
#5765) ## Summary Ports `supabase stop` and `supabase status` from Go-proxy stubs to native TypeScript in the legacy CLI shell (CLI-1324). - Both commands now talk directly to Docker/Podman via subprocess, replicating Go's label-filtering and container-naming scheme byte-for-byte. Legacy `start` is still Go-proxied, so this intentionally does **not** route through `@supabase/stack/effect`'s daemon-based orchestration model — that substrate manages a different set of containers than the ones Go's binary actually creates, and using it would silently no-op against a real running stack. - New shared infrastructure (`legacy-docker-lifecycle`, `legacy-go-jwt`, `legacy-local-config-values`, `legacy-api-url`) is reused by both commands, matching Go's local-dev defaults exactly — including a Go-byte-exact JWT signer, since `@supabase/stack`'s own JWT generator uses a different issuer/claim order than what Go prints for local dev keys. - Adds `*.live.test.ts` as a documented test category (`AGENTS.md`) alongside unit/integration/e2e: black-box subprocess tests run by the `cli-e2e-ci` harness against a real platform. `stop`/`status` don't call the Management API, so their live tests spin up a real local Docker stack instead and verify against it directly (e.g. confirming Docker itself has no containers left after `stop`, not just trusting the CLI's exit code). ## Notable review findings fixed along the way - Table/status output was colorizing based on `stderr`'s TTY status while writing to `stdout` — piping stdout while stderr stayed a TTY (`supabase status | less`) would have corrupted output with ANSI escapes (the same bug class CLI-1546 fixed once before). - `--override-name` was leaking into pretty-mode output; Go's `PrettyPrint` rebuilds a fresh, un-overridden view and ignores it there. - `--backup`/`--no-backup`: Go's `--backup` flag is dead code (declared, never bound to a variable in `cmd/stop.go`) — the port now matches that exactly instead of an intended-but-never-true semantic. - Docker/Podman-both-missing errors now name the actual root cause instead of a generic "failed to ..." string. ## Post-review hardening: scoping and consolidation Two structural fixes on top of the port, addressing drift introduced while iterating on review feedback: - **`next/` no longer inherits Go-parity config semantics.** The four viper-compat behaviors added during review (unconditional `[remotes.*]` project-id checks, the deprecated-provider WARN, the widened `env()` reference pattern, and comma-split coercion into array-typed fields) are now gated behind an opt-in `goViperCompat` flag on `LoadProjectConfigOptions` — default off restores the pre-review behavior for `next/`, `packages/stack`, and other non-parity consumers, following the same opt-in pattern as `tomlOnly`/`skipEnvLocal`. Only legacy-shell callers opt in. Regression tests pin the default-off behavior, including the `next start` config-load path that would otherwise have started hard-failing on a malformed `[remotes.*].project_id`. - **Go's `Config.Validate` now has exactly one TS home.** `legacy/shared/legacy-config-validate.ts` replaces the validation orchestration previously duplicated between `legacy-db-config.toml-read.ts` (db/migration family) and `legacy-local-config-values.ts` (status/stop); both callers build a normalized `LegacyConfigValidationInput` from their own pipelines and call the shared validator, and a cross-caller parity test feeds identical broken configs through both real pipelines asserting identical error strings. Consolidating surfaced and fixed three real divergences between the two copies: `db.major_version = 0` now emits Go's `Missing required field in config: db.major_version` (the db loader previously emitted a non-Go message), and the captcha provider-enum and email `content`-vs-`content_path` checks are now present in both paths. CLOSES CLI-1324
Bumps the npm-major group with 6 updates: | Package | From | To | | --- | --- | --- | | [@anthropic-ai/claude-agent-sdk](https://github.com/anthropics/claude-agent-sdk-typescript) | `0.3.197` | `0.3.198` | | [@anthropic-ai/sdk](https://github.com/anthropics/anthropic-sdk-typescript) | `0.109.0` | `0.109.1` | | [posthog-node](https://github.com/PostHog/posthog-js/tree/HEAD/packages/node) | `5.39.1` | `5.39.2` | | [next](https://github.com/vercel/next.js) | `16.2.9` | `16.2.10` | | [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `26.0.1` | `26.1.0` | | [@typescript/native-preview](https://github.com/microsoft/typescript-go) | `7.0.0-dev.20260630.1` | `7.0.0-dev.20260701.1` | Updates `@anthropic-ai/claude-agent-sdk` from 0.3.197 to 0.3.198 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/anthropics/claude-agent-sdk-typescript/releases">@anthropic-ai/claude-agent-sdk's releases</a>.</em></p> <blockquote> <h2>v0.3.198</h2> <h2>What's changed</h2> <ul> <li>Added a runtime warning when <code>canUseTool</code> is configured alongside <code>allowedTools</code> or <code>bypassPermissions</code>, which shadow the callback</li> <li>Added per-server <code>request_timeout_ms</code> option to <code>mcp_set_servers</code> control request</li> <li>Fixed <code>SDKUserMessage.isSynthetic</code> not being mapped to <code>isMeta</code> on ingestion, which could cause synthetic messages to be treated as real user messages</li> <li>Fixed workflow progress events silently dropping earliest agents from the list while the phase counter remained correct</li> </ul> <h2>Update</h2> <pre lang="sh"><code>npm install @anthropic-ai/claude-agent-sdk@0.3.198 # or yarn add @anthropic-ai/claude-agent-sdk@0.3.198 # or pnpm add @anthropic-ai/claude-agent-sdk@0.3.198 # or bun add @anthropic-ai/claude-agent-sdk@0.3.198 </code></pre> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/anthropics/claude-agent-sdk-typescript/blob/main/CHANGELOG.md">@anthropic-ai/claude-agent-sdk's changelog</a>.</em></p> <blockquote> <h2>0.3.198</h2> <ul> <li>Added a runtime warning when <code>canUseTool</code> is configured alongside <code>allowedTools</code> or <code>bypassPermissions</code>, which shadow the callback</li> <li>Added per-server <code>request_timeout_ms</code> option to <code>mcp_set_servers</code> control request</li> <li>Fixed <code>SDKUserMessage.isSynthetic</code> not being mapped to <code>isMeta</code> on ingestion, which could cause synthetic messages to be treated as real user messages</li> <li>Fixed workflow progress events silently dropping earliest agents from the list while the phase counter remained correct</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/anthropics/claude-agent-sdk-typescript/commit/23c685c51e5bf95ebf0aa3bd0e319a82d0cc39f9"><code>23c685c</code></a> chore: Update CHANGELOG.md</li> <li>See full diff in <a href="https://github.com/anthropics/claude-agent-sdk-typescript/compare/v0.3.197...v0.3.198">compare view</a></li> </ul> </details> <br /> Updates `@anthropic-ai/sdk` from 0.109.0 to 0.109.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/anthropics/anthropic-sdk-typescript/releases">@anthropic-ai/sdk's releases</a>.</em></p> <blockquote> <h2>sdk: v0.109.1</h2> <h2>0.109.1 (2026-07-01)</h2> <p>Full Changelog: <a href="https://github.com/anthropics/anthropic-sdk-typescript/compare/sdk-v0.109.0...sdk-v0.109.1">sdk-v0.109.0...sdk-v0.109.1</a></p> <h3>Chores</h3> <ul> <li><strong>api:</strong> remove some nonfunctional types from the SDKs (<a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/cc4dd4e257cc3354f14e263b0d2441ddae71759e">cc4dd4e</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/anthropics/anthropic-sdk-typescript/blob/main/CHANGELOG.md">@anthropic-ai/sdk's changelog</a>.</em></p> <blockquote> <h2>0.109.1 (2026-07-01)</h2> <p>Full Changelog: <a href="https://github.com/anthropics/anthropic-sdk-typescript/compare/sdk-v0.109.0...sdk-v0.109.1">sdk-v0.109.0...sdk-v0.109.1</a></p> <h3>Chores</h3> <ul> <li><strong>api:</strong> remove some nonfunctional types from the SDKs (<a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/cc4dd4e257cc3354f14e263b0d2441ddae71759e">cc4dd4e</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/anthropics/anthropic-sdk-typescript/commit/96d1a991b64b1692b70d16435babe9c5d702ad8d"><code>96d1a99</code></a> chore: release main (<a href="https://redirect.github.com/anthropics/anthropic-sdk-typescript/issues/1106">#1106</a>)</li> <li>See full diff in <a href="https://github.com/anthropics/anthropic-sdk-typescript/compare/sdk-v0.109.0...sdk-v0.109.1">compare view</a></li> </ul> </details> <br /> Updates `posthog-node` from 5.39.1 to 5.39.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/PostHog/posthog-js/releases">posthog-node's releases</a>.</em></p> <blockquote> <h2>posthog-node@5.39.2</h2> <h2>5.39.2</h2> <h3>Patch Changes</h3> <ul> <li><a href="https://redirect.github.com/PostHog/posthog-js/pull/4028">#4028</a> <a href="https://github.com/PostHog/posthog-js/commit/a664b815dd074c8eed87830904fa182306d07e6b"><code>a664b81</code></a> Thanks <a href="https://github.com/marandaneto"><code>@marandaneto</code></a>! - Make Node <code>flush()</code> wait for pending asynchronous SDK work before draining the event queue, so events produced by helpers like <code>captureException()</code> are not missed. Pending work rejections no longer prevent queued events from flushing. (2026-07-01)</li> <li>Updated dependencies [<a href="https://github.com/PostHog/posthog-js/commit/a664b815dd074c8eed87830904fa182306d07e6b"><code>a664b81</code></a>]: <ul> <li><code>@posthog/core</code><a href="https://github.com/1"><code>@1</code></a>.39.3</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/PostHog/posthog-js/blob/main/packages/node/CHANGELOG.md">posthog-node's changelog</a>.</em></p> <blockquote> <h2>5.39.2</h2> <h3>Patch Changes</h3> <ul> <li><a href="https://redirect.github.com/PostHog/posthog-js/pull/4028">#4028</a> <a href="https://github.com/PostHog/posthog-js/commit/a664b815dd074c8eed87830904fa182306d07e6b"><code>a664b81</code></a> Thanks <a href="https://github.com/marandaneto"><code>@marandaneto</code></a>! - Make Node <code>flush()</code> wait for pending asynchronous SDK work before draining the event queue, so events produced by helpers like <code>captureException()</code> are not missed. Pending work rejections no longer prevent queued events from flushing. (2026-07-01)</li> <li>Updated dependencies [<a href="https://github.com/PostHog/posthog-js/commit/a664b815dd074c8eed87830904fa182306d07e6b"><code>a664b81</code></a>]: <ul> <li><code>@posthog/core</code><a href="https://github.com/1"><code>@1</code></a>.39.3</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/PostHog/posthog-js/commit/d1e6df86ddbdbc3a9a542995986080e7e7c2cd4e"><code>d1e6df8</code></a> chore: update versions and lockfile [version bump]</li> <li><a href="https://github.com/PostHog/posthog-js/commit/a664b815dd074c8eed87830904fa182306d07e6b"><code>a664b81</code></a> fix: make flush wait for pending async work (<a href="https://github.com/PostHog/posthog-js/tree/HEAD/packages/node/issues/4028">#4028</a>)</li> <li>See full diff in <a href="https://github.com/PostHog/posthog-js/commits/posthog-node@5.39.2/packages/node">compare view</a></li> </ul> </details> <br /> Updates `next` from 16.2.9 to 16.2.10 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vercel/next.js/releases">next's releases</a>.</em></p> <blockquote> <h2>v16.2.10</h2> <p>Contains no changes except publishing <code>@next/swc-wasm-web</code> which was accidentally not published since 16.2.4.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vercel/next.js/commit/9dadfd693c5d26bb3c85d1c17802f49dde244b3e"><code>9dadfd6</code></a> v16.2.10</li> <li><a href="https://github.com/vercel/next.js/commit/534d9c144ca342ff9ee5569241a814539d6eadb9"><code>534d9c1</code></a> [16.2.x] Release pipeline updates (<a href="https://redirect.github.com/vercel/next.js/issues/95160">#95160</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/98941fc427213b0b2770ac40e24a1855ea0ae349"><code>98941fc</code></a> backport: docs fixes 16.2.x (<a href="https://redirect.github.com/vercel/next.js/issues/94935">#94935</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/6e1a94de7c4e68892de4b1e28262be5970358458"><code>6e1a94d</code></a> [16.2.x][ci]: fix release script to not strip newlines (<a href="https://redirect.github.com/vercel/next.js/issues/94640">#94640</a>)</li> <li>See full diff in <a href="https://github.com/vercel/next.js/compare/v16.2.9...v16.2.10">compare view</a></li> </ul> </details> <br /> Updates `@types/node` from 26.0.1 to 26.1.0 <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node">compare view</a></li> </ul> </details> <br /> Updates `@typescript/native-preview` from 7.0.0-dev.20260630.1 to 7.0.0-dev.20260701.1 <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/microsoft/typescript-go/commits">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the actions-major group with 4 updates: [github/codeql-action/init](https://github.com/github/codeql-action), [github/codeql-action/analyze](https://github.com/github/codeql-action), [docker/login-action](https://github.com/docker/login-action) and [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action). Updates `github/codeql-action/init` from 4.36.2 to 4.36.3 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/releases">github/codeql-action/init's releases</a>.</em></p> <blockquote> <h2>v4.36.3</h2> <p>No user facing changes.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action/init's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>4.37.0 - 08 Jul 2026</h2> <ul> <li>Update default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.26.0">2.26.0</a>. <a href="https://redirect.github.com/github/codeql-action/pull/3995">#3995</a></li> <li>In addition to the existing input format, the <code>config-file</code> input for the <code>codeql-action/init</code> step will soon support a new <code>[owner/]repo[@ref][:path]</code> format. All components except the repository name are optional. If omitted, <code>owner</code> defaults to the same owner as the repository the analysis is running for, <code>ref</code> to <code>main</code>, and <code>path</code> to <code>.github/codeql-action.yaml</code>. Support for this format ships in this version of the CodeQL Action, but will only be enabled over the coming weeks. <a href="https://redirect.github.com/github/codeql-action/pull/3973">#3973</a></li> </ul> <h2>4.36.3 - 01 Jul 2026</h2> <p>No user facing changes.</p> <h2>4.36.2 - 04 Jun 2026</h2> <ul> <li>Cache CodeQL CLI version information across Actions steps. <a href="https://redirect.github.com/github/codeql-action/pull/3943">#3943</a></li> <li>Reduce requests while waiting for analysis processing by using exponential backoff when polling SARIF processing status. <a href="https://redirect.github.com/github/codeql-action/pull/3937">#3937</a></li> <li>Update default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.6">2.25.6</a>. <a href="https://redirect.github.com/github/codeql-action/pull/3948">#3948</a></li> </ul> <h2>4.36.1 - 02 Jun 2026</h2> <p>No user facing changes.</p> <h2>4.36.0 - 22 May 2026</h2> <ul> <li><em>Breaking change</em>: Bump the minimum required CodeQL bundle version to 2.19.4. <a href="https://redirect.github.com/github/codeql-action/pull/3894">#3894</a></li> <li>Add support for SHA-256 Git object IDs. <a href="https://redirect.github.com/github/codeql-action/pull/3893">#3893</a></li> <li>Update default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5">2.25.5</a>. <a href="https://redirect.github.com/github/codeql-action/pull/3926">#3926</a></li> </ul> <h2>4.35.5 - 15 May 2026</h2> <ul> <li>We have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/3899">#3899</a></li> <li>For performance and accuracy reasons, <a href="https://redirect.github.com/github/roadmap/issues/1158">improved incremental analysis</a> will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. <a href="https://redirect.github.com/github/codeql-action/pull/3791">#3791</a></li> <li>If multiple inputs are provided for the GitHub-internal <code>analysis-kinds</code> input, only <code>code-scanning</code> will be enabled. The <code>analysis-kinds</code> input is experimental, for GitHub-internal use only, and may change without notice at any time. <a href="https://redirect.github.com/github/codeql-action/pull/3892">#3892</a></li> <li>Added an experimental change which, when running a Code Scanning analysis for a PR with <a href="https://redirect.github.com/github/roadmap/issues/1158">improved incremental analysis</a> enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. <a href="https://redirect.github.com/github/codeql-action/pull/3880">#3880</a></li> </ul> <h2>4.35.4 - 07 May 2026</h2> <ul> <li>Update default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4">2.25.4</a>. <a href="https://redirect.github.com/github/codeql-action/pull/3881">#3881</a></li> </ul> <h2>4.35.3 - 01 May 2026</h2> <ul> <li><em>Upcoming breaking change</em>: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/3837">#3837</a></li> <li>Configurations for private registries that use Cloudsmith or GCP OIDC are now accepted. <a href="https://redirect.github.com/github/codeql-action/pull/3850">#3850</a></li> <li>Best-effort connection tests for private registries now use <code>GET</code> requests instead of <code>HEAD</code> for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. <a href="https://redirect.github.com/github/codeql-action/pull/3853">#3853</a></li> <li>Fixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. <a href="https://redirect.github.com/github/codeql-action/pull/3852">#3852</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/github/codeql-action/commit/54f647b7e1bb85c95cddabcd46b0c578ec92bc1a"><code>54f647b</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3984">#3984</a> from github/update-v4.36.3-1f34ec164</li> <li><a href="https://github.com/github/codeql-action/commit/e78819e05527766c3c5919e3177647e280c6cb83"><code>e78819e</code></a> Trigger checks</li> <li><a href="https://github.com/github/codeql-action/commit/2c9d3d63eb4941734e2d29468953529a56f5ff1c"><code>2c9d3d6</code></a> Update changelog for v4.36.3</li> <li><a href="https://github.com/github/codeql-action/commit/1f34ec16430d82636d18716acc7aaa6d843b35a9"><code>1f34ec1</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3983">#3983</a> from github/mbg/repo-props/ff-for-config-file-prop</li> <li><a href="https://github.com/github/codeql-action/commit/d5f0145480025b49d8b08c3f6b36e6ad41a68c90"><code>d5f0145</code></a> Log when repository property has a value but is ignored</li> <li><a href="https://github.com/github/codeql-action/commit/f27f56386a3c745af8d7bbfb806098c714a5e32a"><code>f27f563</code></a> Add test for when the FF is off</li> <li><a href="https://github.com/github/codeql-action/commit/0025d0f2b5676fde748a0be9725dcce18dd9f986"><code>0025d0f</code></a> Use FF</li> <li><a href="https://github.com/github/codeql-action/commit/f7fa18f05d107ff6735857c3510fbff190c9a1eb"><code>f7fa18f</code></a> Add FF for config file repo property</li> <li><a href="https://github.com/github/codeql-action/commit/628fc3f124e68b0151f0d2a5d81e864ee1e42335"><code>628fc3f</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3979">#3979</a> from github/henrymercer/overlay-db-cleanup-size-tele...</li> <li><a href="https://github.com/github/codeql-action/commit/9cfb67bab9b32441237f92d4ba29a7f3ccff259f"><code>9cfb67b</code></a> Add clarifying comments</li> <li>Additional commits viewable in <a href="https://github.com/github/codeql-action/compare/8aad20d150bbac5944a9f9d289da16a4b0d87c1e...54f647b7e1bb85c95cddabcd46b0c578ec92bc1a">compare view</a></li> </ul> </details> <br /> Updates `github/codeql-action/analyze` from 4.36.2 to 4.36.3 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/releases">github/codeql-action/analyze's releases</a>.</em></p> <blockquote> <h2>v4.36.3</h2> <p>No user facing changes.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action/analyze's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>4.37.0 - 08 Jul 2026</h2> <ul> <li>Update default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.26.0">2.26.0</a>. <a href="https://redirect.github.com/github/codeql-action/pull/3995">#3995</a></li> <li>In addition to the existing input format, the <code>config-file</code> input for the <code>codeql-action/init</code> step will soon support a new <code>[owner/]repo[@ref][:path]</code> format. All components except the repository name are optional. If omitted, <code>owner</code> defaults to the same owner as the repository the analysis is running for, <code>ref</code> to <code>main</code>, and <code>path</code> to <code>.github/codeql-action.yaml</code>. Support for this format ships in this version of the CodeQL Action, but will only be enabled over the coming weeks. <a href="https://redirect.github.com/github/codeql-action/pull/3973">#3973</a></li> </ul> <h2>4.36.3 - 01 Jul 2026</h2> <p>No user facing changes.</p> <h2>4.36.2 - 04 Jun 2026</h2> <ul> <li>Cache CodeQL CLI version information across Actions steps. <a href="https://redirect.github.com/github/codeql-action/pull/3943">#3943</a></li> <li>Reduce requests while waiting for analysis processing by using exponential backoff when polling SARIF processing status. <a href="https://redirect.github.com/github/codeql-action/pull/3937">#3937</a></li> <li>Update default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.6">2.25.6</a>. <a href="https://redirect.github.com/github/codeql-action/pull/3948">#3948</a></li> </ul> <h2>4.36.1 - 02 Jun 2026</h2> <p>No user facing changes.</p> <h2>4.36.0 - 22 May 2026</h2> <ul> <li><em>Breaking change</em>: Bump the minimum required CodeQL bundle version to 2.19.4. <a href="https://redirect.github.com/github/codeql-action/pull/3894">#3894</a></li> <li>Add support for SHA-256 Git object IDs. <a href="https://redirect.github.com/github/codeql-action/pull/3893">#3893</a></li> <li>Update default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5">2.25.5</a>. <a href="https://redirect.github.com/github/codeql-action/pull/3926">#3926</a></li> </ul> <h2>4.35.5 - 15 May 2026</h2> <ul> <li>We have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/3899">#3899</a></li> <li>For performance and accuracy reasons, <a href="https://redirect.github.com/github/roadmap/issues/1158">improved incremental analysis</a> will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. <a href="https://redirect.github.com/github/codeql-action/pull/3791">#3791</a></li> <li>If multiple inputs are provided for the GitHub-internal <code>analysis-kinds</code> input, only <code>code-scanning</code> will be enabled. The <code>analysis-kinds</code> input is experimental, for GitHub-internal use only, and may change without notice at any time. <a href="https://redirect.github.com/github/codeql-action/pull/3892">#3892</a></li> <li>Added an experimental change which, when running a Code Scanning analysis for a PR with <a href="https://redirect.github.com/github/roadmap/issues/1158">improved incremental analysis</a> enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. <a href="https://redirect.github.com/github/codeql-action/pull/3880">#3880</a></li> </ul> <h2>4.35.4 - 07 May 2026</h2> <ul> <li>Update default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4">2.25.4</a>. <a href="https://redirect.github.com/github/codeql-action/pull/3881">#3881</a></li> </ul> <h2>4.35.3 - 01 May 2026</h2> <ul> <li><em>Upcoming breaking change</em>: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/3837">#3837</a></li> <li>Configurations for private registries that use Cloudsmith or GCP OIDC are now accepted. <a href="https://redirect.github.com/github/codeql-action/pull/3850">#3850</a></li> <li>Best-effort connection tests for private registries now use <code>GET</code> requests instead of <code>HEAD</code> for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. <a href="https://redirect.github.com/github/codeql-action/pull/3853">#3853</a></li> <li>Fixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. <a href="https://redirect.github.com/github/codeql-action/pull/3852">#3852</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/github/codeql-action/commit/54f647b7e1bb85c95cddabcd46b0c578ec92bc1a"><code>54f647b</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3984">#3984</a> from github/update-v4.36.3-1f34ec164</li> <li><a href="https://github.com/github/codeql-action/commit/e78819e05527766c3c5919e3177647e280c6cb83"><code>e78819e</code></a> Trigger checks</li> <li><a href="https://github.com/github/codeql-action/commit/2c9d3d63eb4941734e2d29468953529a56f5ff1c"><code>2c9d3d6</code></a> Update changelog for v4.36.3</li> <li><a href="https://github.com/github/codeql-action/commit/1f34ec16430d82636d18716acc7aaa6d843b35a9"><code>1f34ec1</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3983">#3983</a> from github/mbg/repo-props/ff-for-config-file-prop</li> <li><a href="https://github.com/github/codeql-action/commit/d5f0145480025b49d8b08c3f6b36e6ad41a68c90"><code>d5f0145</code></a> Log when repository property has a value but is ignored</li> <li><a href="https://github.com/github/codeql-action/commit/f27f56386a3c745af8d7bbfb806098c714a5e32a"><code>f27f563</code></a> Add test for when the FF is off</li> <li><a href="https://github.com/github/codeql-action/commit/0025d0f2b5676fde748a0be9725dcce18dd9f986"><code>0025d0f</code></a> Use FF</li> <li><a href="https://github.com/github/codeql-action/commit/f7fa18f05d107ff6735857c3510fbff190c9a1eb"><code>f7fa18f</code></a> Add FF for config file repo property</li> <li><a href="https://github.com/github/codeql-action/commit/628fc3f124e68b0151f0d2a5d81e864ee1e42335"><code>628fc3f</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3979">#3979</a> from github/henrymercer/overlay-db-cleanup-size-tele...</li> <li><a href="https://github.com/github/codeql-action/commit/9cfb67bab9b32441237f92d4ba29a7f3ccff259f"><code>9cfb67b</code></a> Add clarifying comments</li> <li>Additional commits viewable in <a href="https://github.com/github/codeql-action/compare/8aad20d150bbac5944a9f9d289da16a4b0d87c1e...54f647b7e1bb85c95cddabcd46b0c578ec92bc1a">compare view</a></li> </ul> </details> <br /> Updates `docker/login-action` from 4.2.0 to 4.3.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/login-action/releases">docker/login-action's releases</a>.</em></p> <blockquote> <h2>v4.3.0</h2> <ul> <li>Preserve names in esbuild bundle by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/login-action/pull/1022">docker/login-action#1022</a></li> <li>Bump <code>@aws-sdk/client-ecr</code> and <code>@aws-sdk/client-ecr-public</code> to 3.1076.0 <a href="https://redirect.github.com/docker/login-action/pull/999">docker/login-action#999</a> <a href="https://redirect.github.com/docker/login-action/pull/1030">docker/login-action#1030</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.90.0 to 0.92.0 in <a href="https://redirect.github.com/docker/login-action/pull/1004">docker/login-action#1004</a> <a href="https://redirect.github.com/docker/login-action/pull/1027">docker/login-action#1027</a></li> <li>Bump <code>@sigstore/core</code> from 3.1.0 to 3.2.1 in <a href="https://redirect.github.com/docker/login-action/pull/1023">docker/login-action#1023</a></li> <li>Bump <code>@sigstore/verify</code> from 3.1.0 to 3.1.1 in <a href="https://redirect.github.com/docker/login-action/pull/1029">docker/login-action#1029</a></li> <li>Bump http-proxy-agent and https-proxy-agent to 9.1.0 in <a href="https://redirect.github.com/docker/login-action/pull/1017">docker/login-action#1017</a></li> <li>Bump js-yaml from 4.1.1 to 5.2.0 in <a href="https://redirect.github.com/docker/login-action/pull/1028">docker/login-action#1028</a></li> <li>Bump sigstore from 4.1.0 to 4.1.1 in <a href="https://redirect.github.com/docker/login-action/pull/1031">docker/login-action#1031</a></li> <li>Bump tmp from 0.2.5 to 0.2.7 in <a href="https://redirect.github.com/docker/login-action/pull/1002">docker/login-action#1002</a></li> <li>Bump undici from 6.24.1 to 6.27.0 in <a href="https://redirect.github.com/docker/login-action/pull/1020">docker/login-action#1020</a></li> <li>Bump vite from 7.3.3 to 7.3.6 in <a href="https://redirect.github.com/docker/login-action/pull/1019">docker/login-action#1019</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/login-action/compare/v4.2.0...v4.3.0">https://github.com/docker/login-action/compare/v4.2.0...v4.3.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/docker/login-action/commit/c99871dec2022cc055c062a10cc1a1310835ceb4"><code>c99871d</code></a> Merge pull request <a href="https://redirect.github.com/docker/login-action/issues/1030">#1030</a> from docker/dependabot/npm_and_yarn/aws-sdk-dependen...</li> <li><a href="https://github.com/docker/login-action/commit/b43355553d3ea8fb194053c74a883544c9fc25b1"><code>b433555</code></a> [dependabot skip] chore: update generated content</li> <li><a href="https://github.com/docker/login-action/commit/678a46a45e920924c7b07d6209b4d02a3031d403"><code>678a46a</code></a> build(deps): bump the aws-sdk-dependencies group across 1 directory with 2 up...</li> <li><a href="https://github.com/docker/login-action/commit/f9a0aea0f208193fd8b1c2cffdf4be3b345d3e8a"><code>f9a0aea</code></a> Merge pull request <a href="https://redirect.github.com/docker/login-action/issues/1031">#1031</a> from docker/dependabot/npm_and_yarn/sigstore-4.1.1</li> <li><a href="https://github.com/docker/login-action/commit/cc1e4cb459afd4c2ed14dd1998c217908162b52b"><code>cc1e4cb</code></a> build(deps): bump sigstore from 4.1.0 to 4.1.1</li> <li><a href="https://github.com/docker/login-action/commit/02e17303690804fb3ed891da7cd98e78c249fc3e"><code>02e1730</code></a> Merge pull request <a href="https://redirect.github.com/docker/login-action/issues/1029">#1029</a> from docker/dependabot/npm_and_yarn/sigstore/verify-...</li> <li><a href="https://github.com/docker/login-action/commit/b5485183742f9c17a05828cc9a655d45bcf24b31"><code>b548518</code></a> build(deps): bump <code>@sigstore/verify</code> from 3.1.0 to 3.1.1</li> <li><a href="https://github.com/docker/login-action/commit/a244be39449bb9d5bcc834770924d8c3f72806ab"><code>a244be3</code></a> Merge pull request <a href="https://redirect.github.com/docker/login-action/issues/1027">#1027</a> from docker/dependabot/npm_and_yarn/docker/actions-t...</li> <li><a href="https://github.com/docker/login-action/commit/ee0d698156bca198952822c0f8ef652bc58ab218"><code>ee0d698</code></a> [dependabot skip] chore: update generated content</li> <li><a href="https://github.com/docker/login-action/commit/127dc2c62e49cc3f37601f40b7bbf4fe7051fac4"><code>127dc2c</code></a> build(deps): bump <code>@docker/actions-toolkit</code> from 0.91.0 to 0.92.0</li> <li>Additional commits viewable in <a href="https://github.com/docker/login-action/compare/650006c6eb7dba73a995cc03b0b2d7f5ca915bee...c99871dec2022cc055c062a10cc1a1310835ceb4">compare view</a></li> </ul> </details> <br /> Updates `docker/setup-buildx-action` from 4.1.0 to 4.2.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/setup-buildx-action/releases">docker/setup-buildx-action's releases</a>.</em></p> <blockquote> <h2>v4.2.0</h2> <ul> <li>Preserve names in esbuild bundle by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/572">docker/setup-buildx-action#572</a></li> <li>Bump <code>@actions/core</code> from 3.0.0 to 3.0.1 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/551">docker/setup-buildx-action#551</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.90.0 to 0.92.0 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/557">docker/setup-buildx-action#557</a> <a href="https://redirect.github.com/docker/setup-buildx-action/pull/580">docker/setup-buildx-action#580</a></li> <li>Bump <code>@sigstore/core</code> from 3.1.0 to 3.2.1 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/573">docker/setup-buildx-action#573</a></li> <li>Bump <code>@sigstore/verify</code> from 3.1.0 to 3.1.1 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/576">docker/setup-buildx-action#576</a></li> <li>Bump js-yaml from 4.1.1 to 5.2.0 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/562">docker/setup-buildx-action#562</a></li> <li>Bump sigstore from 4.1.0 to 4.1.1 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/577">docker/setup-buildx-action#577</a></li> <li>Bump tmp from 0.2.5 to 0.2.7 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/556">docker/setup-buildx-action#556</a></li> <li>Bump undici from 6.25.0 to 6.27.0 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/570">docker/setup-buildx-action#570</a></li> <li>Bump vite from 7.3.2 to 7.3.6 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/569">docker/setup-buildx-action#569</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/setup-buildx-action/compare/v4.1.0...v4.2.0">https://github.com/docker/setup-buildx-action/compare/v4.1.0...v4.2.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/docker/setup-buildx-action/commit/bb05f3f5519dd87d3ba754cc423b652a5edd6d2c"><code>bb05f3f</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/580">#580</a> from docker/dependabot/npm_and_yarn/docker/actions-to...</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/321c814cb51fbe4af8eca00249525cc0973ea66f"><code>321c814</code></a> [dependabot skip] chore: update generated content</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/b9a36ef79ba42cfc611885a1e8c388fbf8b8cb3f"><code>b9a36ef</code></a> build(deps): bump <code>@docker/actions-toolkit</code> from 0.91.0 to 0.92.0</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/ebeab241289497cd564ac98b3cfc9e64607bb276"><code>ebeab24</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/570">#570</a> from docker/dependabot/npm_and_yarn/undici-6.27.0</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/5c7b8ae78cec97a3215d4d86679b1d072eaa80cb"><code>5c7b8ae</code></a> [dependabot skip] chore: update generated content</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/037e618cd98e95e81525b15ff0e9c96f507e6a0e"><code>037e618</code></a> build(deps): bump undici from 6.25.0 to 6.27.0</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/66080e5802281ec2e72b7f3108915643e702db85"><code>66080e5</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/577">#577</a> from docker/dependabot/npm_and_yarn/sigstore-4.1.1</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/409aef0aa3f48f0a742e7dec4e0e04ab19afe93c"><code>409aef0</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/562">#562</a> from docker/dependabot/npm_and_yarn/js-yaml-4.2.0</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/49c6e42949280fa0d70fb327633591be54efbfb6"><code>49c6e42</code></a> build(deps): bump sigstore from 4.1.0 to 4.1.1</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/2211273e8121ecf9ecb7d6c7c0fcd55526d530c7"><code>2211273</code></a> [dependabot skip] chore: update generated content</li> <li>Additional commits viewable in <a href="https://github.com/docker/setup-buildx-action/compare/d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5...bb05f3f5519dd87d3ba754cc423b652a5edd6d2c">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Julien Goux <hi@jgoux.dev>
…ps/cli-go/pkg/config/templates in the docker-minor group (#5834) Bumps the docker-minor group in /apps/cli-go/pkg/config/templates with 1 update: supabase/storage-api. Updates `supabase/storage-api` from v1.63.1 to v1.64.1 [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
…/primitive errors (#5831) ## What changed Any `Flag.choice(...)`/`Flag.choiceWithValue(...)`-backed flag (`--size` on `projects create`/`branches create`, `--dns-resolver`, `--output-format`, `--output`/`-o`, `--agent`) showed a doubled "Expected: Expected ..." prefix when given an invalid value, e.g.: ``` Invalid value for flag --size: "nano". Expected: Expected "micro" | "small" | ... , got "nano" ``` Root cause: several `Primitive`s under `effect@4.0.0-beta.93`'s `effect/unstable/cli` (`choice` — used by `Flag.choice`/`Flag.choiceWithValue` — plus the schema-backed `integer`, `float`, `boolean`, and `date`) fail with a raw message that already starts with the word "Expected" (e.g. `` `Expected ${validChoices}, got ${value}` `` for `choice`, or `Expected a valid date, got Invalid Date` for `date`), and `CliError.InvalidValue`'s own `message` getter (`CliError.ts:359-364`) independently prepends its own `"Expected: "` label on top of that — producing the doubling for any flag or argument backed by one of these primitives. This is a bug in the vendored `effect` beta package itself, not in this repo's code. Workaround (until upstream `effect` is fixed) added to the shared CLI error-formatting layer (`subcommand-flag-suggestions.ts`), which already carries similar per-tag rewrites for `UnrecognizedOption`/`UnknownSubcommand`: collapse the literal `"Expected: Expected "` substring down to a single `"Expected "` whenever it appears in an `InvalidValue` error's rendered message. Collapsing the exact doubled substring (rather than rebuilding the surrounding "Invalid value for ..." template ourselves) keeps the fix tied to the precise defect, covers every affected primitive uniformly, and lets every other part of the message keep tracking upstream's own wording if it changes. Verified against `go-parity-auditor`: Go's real CLI shows a completely different message for the same scenario (`Error: invalid argument "bogus" for "--size" flag: must be one of [ large | medium | ... ]`, from `apps/cli-go/internal/utils/enum.go` wrapped by cobra/pflag). Full byte-parity with Go's wording is out of scope here — this ticket is specifically about the doubled-prefix defect in the TS/Effect-native message, not a "TS wording differs from Go" report; rewriting every `Flag.choice` flag's phrasing to match Go's template would be a separate, larger change. ## Known related (not fixed here) The underlying `Primitive.choice` failure text also appends a redundant `, got "X"` suffix, so the invalid value still appears twice in the final message (once right after the flag name, once after "got"). That's a pre-existing wart in the same vendored `effect` failure string, not something this fix introduces, and collapsing it would mean post-processing `effect`'s `expected` string further — bigger than this "doubled prefix" ticket calls for. Left as-is. Fixes CLI-1898
…5830) ## What changed Go's `changedFlags(cmd)` (`apps/cli-go/cmd/root_analytics.go:52-76`) walks `cmd.Parent()` at every ancestor collecting `PersistentFlags()` (global/root flags: `--debug`, `--yes`, `--experimental`, `--create-ticket`, `--output`, `--dns-resolver`, `--agent`, `--profile`, `--workdir`, `--network-id`) in addition to a command's own flags, then reports booleans and enum-typed flags verbatim in `cli_command_executed` telemetry. The TS port's `withLegacyCommandInstrumentation` had no way to resolve *any* global/persistent flag's value — only the invoking command's own locally-declared `flags` option was ever consulted. So a changed global flag always fell back to the literal string `"<redacted>"`, even a boolean like `--debug`, diverging from Go's `flags: {debug: true}`. This adds `legacyGlobalFlagValues` (`shared/legacy/global-flags.ts`) to resolve every global flag's live value via `Effect.serviceOption` (a no-op outside the real CLI tree, so it adds no `R` requirement and no per-command wiring), and threads it into `buildFlagsMap` as a fallback used only when a changed CLI flag name isn't already declared in the invoking command's own `flags` record — mirroring Go's ancestor-walk precedence (a command's own flag always wins on a name collision, e.g. `db diff`'s local `--output` file-path flag shadowing the global `--output` enum, exactly as it does in Go's cobra tree). `safeFlags`/`config`-based safety classification is now restricted to values that actually came from the handler's own `flags` record, so a future per-command safe/choice annotation can never be misapplied to an unrelated global flag's value purely by CLI-name collision (raised in review). Scope is deliberately narrow: this fixes the 4 boolean globals (`--debug`, `--yes`, `--experimental`, `--create-ticket`) immediately. The 3 global choice flags (`--output`, `--dns-resolver`, `--agent`) remain redacted — that gap is the already-tracked CLI-1904, not this ticket. Fixes CLI-1896. ## Why Found during CLI-1868's review (architect-reviewer finding) as a systemic gap affecting all ~73 `withLegacyCommandInstrumentation({ flags })` call sites — it was previously unreachable for `telemetry enable`/`disable` specifically (hardcoded to `analytics: false`), but CLI-1868 made it reachable there, surfacing the gap. ## Reviewer-relevant context - One judgement call deliberately left open: global choice flags (`--output`/`--dns-resolver`/`--agent`) still redact. This is intentional — CLI-1904 already tracks teaching the safety pipeline about global `EnumFlag`s, and folding it into this change would blur two independent tickets. - Heads-up for whoever owns the CLI PostHog dashboards: `flags.debug` (and `yes`/`experimental`/`create-ticket`) will now emit real booleans going forward instead of the literal string `"<redacted>"` for these four flags specifically. Any saved insight/funnel doing exact-string matching on `"<redacted>"` for these keys will stop matching after this ships.
#5832) ## What kind of change does this PR introduce? Bug fix (Go-parity divergence). ## What is the current behavior? `sso update`'s `--domains`/`--add-domains`/`--remove-domains` mutex checks emitted custom, hand-written messages (`"only one of --domains or --add-domains may be set"`) instead of cobra's real `validateExclusiveFlagGroups` template (`flag_groups.go:204`), and gated "is this flag set" on the *parsed value's* `.length > 0` rather than cobra's actual `pflag.Changed` semantics — so `--domains=` (explicit but empty) was silently treated as unset, the same "changed vs truthy" class of bug CLI-1860 fixed for `functions download`'s `--use-docker`. Fixes [CLI-1902](https://linear.app/supabase/issue/CLI-1902/sso-update-use-cobras-mutual-exclusivity-error-template-for-domains). ## What is the new behavior? Reuses the `hasExplicitLongFlag`/`cobraMutuallyExclusiveErrorMessage` helpers already hoisted to `shared/cli/cobra-flag-groups.ts` (#5804) so `sso update` emits cobra's byte-exact error text for `--domains`/`--add-domains`/`--remove-domains`, keyed off raw argv rather than the parsed flag value. While reviewing, three independent reviewer passes (architect/engineer/DX) converged on two more in-scope gaps in the same handler that were cheap to close alongside the ticket's stated fix: - `--metadata-file`/`--metadata-url` had the identical divergence (Go also registers this pair with `MarkFlagsMutuallyExclusive`, `cmd/sso.go:178`) — folded into the same cobra-parity check rather than leaving one mutex group byte-exact and the other hand-written in the same command. - The mutex checks ran *after* the provider-ID UUID validation, but cobra runs `ValidateFlagGroups` before `RunE` (`command.go:1010,1014`) while Go's UUID check lives inside `RunE` (`cmd/sso.go:90-91`) — so a flag-group violation must win over an invalid provider ID when both apply. Reordered to match. Added regression tests for the exact cobra error text (both `--domains` groups and the metadata group), the changed-vs-truthy gap, the two-groups-not-a-3-way-group behavior, the group-check ordering when all three domain flags collide, and the mutex-before-UUID precedence — plus a flag-parser unit test proving `--domains=` really resolves to `[]`. `update.handler.ts`'s pre-existing branch-coverage gaps (GET/PUT network-failure paths, `--skip-url-validation`, no-access-token, malformed GET body) are unrelated to this change and were left alone; independently verified via `git stash` that none of them were introduced by this diff.
Bumps the npm-major group with 3 updates: [@anthropic-ai/claude-agent-sdk](https://github.com/anthropics/claude-agent-sdk-typescript), [@clack/prompts](https://github.com/bombshell-dev/clack/tree/HEAD/packages/prompts) and [@typescript/native-preview](https://github.com/microsoft/typescript-go). Updates `@anthropic-ai/claude-agent-sdk` from 0.3.199 to 0.3.201 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/anthropics/claude-agent-sdk-typescript/releases">@anthropic-ai/claude-agent-sdk's releases</a>.</em></p> <blockquote> <h2>v0.3.201</h2> <h2>What's changed</h2> <ul> <li>Updated to parity with Claude Code v2.1.201</li> </ul> <h2>Update</h2> <pre lang="sh"><code>npm install @anthropic-ai/claude-agent-sdk@0.3.201 # or yarn add @anthropic-ai/claude-agent-sdk@0.3.201 # or pnpm add @anthropic-ai/claude-agent-sdk@0.3.201 # or bun add @anthropic-ai/claude-agent-sdk@0.3.201 </code></pre> <h2>v0.3.200</h2> <h2>What's changed</h2> <ul> <li>Added <code>'manual'</code> as an accepted alias for the <code>'default'</code> permission mode in SDK inputs</li> <li>Fixed <code>onSetPermissionMode</code> callback not firing for SDK-hosted Remote Control sessions</li> <li>Fixed <code>set_model</code> control request accepting unrecognized model strings; invalid models are now rejected before latching</li> </ul> <h2>Update</h2> <pre lang="sh"><code>npm install @anthropic-ai/claude-agent-sdk@0.3.200 # or yarn add @anthropic-ai/claude-agent-sdk@0.3.200 # or pnpm add @anthropic-ai/claude-agent-sdk@0.3.200 # or bun add @anthropic-ai/claude-agent-sdk@0.3.200 </code></pre> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/anthropics/claude-agent-sdk-typescript/blob/main/CHANGELOG.md">@anthropic-ai/claude-agent-sdk's changelog</a>.</em></p> <blockquote> <h2>0.3.201</h2> <ul> <li>Updated to parity with Claude Code v2.1.201</li> </ul> <h2>0.3.200</h2> <ul> <li>Added <code>'manual'</code> as an accepted alias for the <code>'default'</code> permission mode in SDK inputs</li> <li>Fixed <code>onSetPermissionMode</code> callback not firing for SDK-hosted Remote Control sessions</li> <li>Fixed <code>set_model</code> control request accepting unrecognized model strings; invalid models are now rejected before latching</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/anthropics/claude-agent-sdk-typescript/commit/6809c4ca30f74667391c1f30dc5023e518110326"><code>6809c4c</code></a> chore: Update CHANGELOG.md</li> <li><a href="https://github.com/anthropics/claude-agent-sdk-typescript/commit/8d7e23f1ff86a20eed96ba64e2ac1ed44b68af14"><code>8d7e23f</code></a> chore: Update CHANGELOG.md</li> <li>See full diff in <a href="https://github.com/anthropics/claude-agent-sdk-typescript/compare/v0.3.199...v0.3.201">compare view</a></li> </ul> </details> <br /> Updates `@clack/prompts` from 1.6.0 to 1.7.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/bombshell-dev/clack/releases">@clack/prompts's releases</a>.</em></p> <blockquote> <h2><code>@clack/prompts</code><a href="https://github.com/1"><code>@1</code></a>.7.0</h2> <h3>Minor Changes</h3> <ul> <li><a href="https://redirect.github.com/bombshell-dev/clack/pull/574">#574</a> <a href="https://github.com/bombshell-dev/clack/commit/8f1c380683cfb5fb7a094610342046ae1603e28e"><code>8f1c380</code></a> Thanks <a href="https://github.com/dreyfus92"><code>@dreyfus92</code></a>! - Add <code>showInstructions</code> option to <code>select</code>, <code>multiselect</code>, and <code>groupMultiselect</code>. Keyboard hints remain shown by default; pass <code>showInstructions: false</code> to hide them.</li> </ul> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/bombshell-dev/clack/pull/582">#582</a> <a href="https://github.com/bombshell-dev/clack/commit/4b249539e28eecc16c13b3a1bd0ba447e9f38d06"><code>4b24953</code></a> Thanks <a href="https://github.com/43081j"><code>@43081j</code></a>! - Handle empty arrays in various prompts and utilities.</p> </li> <li> <p>Updated dependencies [<a href="https://github.com/bombshell-dev/clack/commit/4b249539e28eecc16c13b3a1bd0ba447e9f38d06"><code>4b24953</code></a>]:</p> <ul> <li><code>@clack/core</code><a href="https://github.com/1"><code>@1</code></a>.4.3</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/bombshell-dev/clack/blob/main/packages/prompts/CHANGELOG.md">@clack/prompts's changelog</a>.</em></p> <blockquote> <h2>1.7.0</h2> <h3>Minor Changes</h3> <ul> <li><a href="https://redirect.github.com/bombshell-dev/clack/pull/574">#574</a> <a href="https://github.com/bombshell-dev/clack/commit/8f1c380683cfb5fb7a094610342046ae1603e28e"><code>8f1c380</code></a> Thanks <a href="https://github.com/dreyfus92"><code>@dreyfus92</code></a>! - Add <code>showInstructions</code> option to <code>select</code>, <code>multiselect</code>, and <code>groupMultiselect</code>. Keyboard hints remain shown by default; pass <code>showInstructions: false</code> to hide them.</li> </ul> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/bombshell-dev/clack/pull/582">#582</a> <a href="https://github.com/bombshell-dev/clack/commit/4b249539e28eecc16c13b3a1bd0ba447e9f38d06"><code>4b24953</code></a> Thanks <a href="https://github.com/43081j"><code>@43081j</code></a>! - Handle empty arrays in various prompts and utilities.</p> </li> <li> <p>Updated dependencies [<a href="https://github.com/bombshell-dev/clack/commit/4b249539e28eecc16c13b3a1bd0ba447e9f38d06"><code>4b24953</code></a>]:</p> <ul> <li><code>@clack/core</code><a href="https://github.com/1"><code>@1</code></a>.4.3</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/bombshell-dev/clack/commit/dc5bce8aae84a57b5863124adfaa839c1db1fa23"><code>dc5bce8</code></a> [ci] release (<a href="https://github.com/bombshell-dev/clack/tree/HEAD/packages/prompts/issues/575">#575</a>)</li> <li><a href="https://github.com/bombshell-dev/clack/commit/4b249539e28eecc16c13b3a1bd0ba447e9f38d06"><code>4b24953</code></a> chore: enable strict index checks (<a href="https://github.com/bombshell-dev/clack/tree/HEAD/packages/prompts/issues/582">#582</a>)</li> <li><a href="https://github.com/bombshell-dev/clack/commit/8f1c380683cfb5fb7a094610342046ae1603e28e"><code>8f1c380</code></a> feat(prompts): add showInstructions opt-out (<a href="https://github.com/bombshell-dev/clack/tree/HEAD/packages/prompts/issues/574">#574</a>)</li> <li><a href="https://github.com/bombshell-dev/clack/commit/06c16c7b65b69dee44301e7e6c8f1110c6da4149"><code>06c16c7</code></a> chore: update license copyright to Bombshell contributors (<a href="https://github.com/bombshell-dev/clack/tree/HEAD/packages/prompts/issues/572">#572</a>)</li> <li>See full diff in <a href="https://github.com/bombshell-dev/clack/commits/@clack/prompts@1.7.0/packages/prompts">compare view</a></li> </ul> </details> <br /> Updates `@typescript/native-preview` from 7.0.0-dev.20260702.3 to 7.0.0-dev.20260703.1 <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/microsoft/typescript-go/commits">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…n /apps/cli-go in the go-minor group across 1 directory (#5865) Bumps the go-minor group with 1 update in the /apps/cli-go directory: [github.com/posthog/posthog-go](https://github.com/posthog/posthog-go). Updates `github.com/posthog/posthog-go` from 1.17.4 to 1.17.5 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/posthog/posthog-go/releases">github.com/posthog/posthog-go's releases</a>.</em></p> <blockquote> <h2>1.17.5</h2> <h2>Unreleased</h2> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/PostHog/posthog-go/blob/main/CHANGELOG.md">github.com/posthog/posthog-go's changelog</a>.</em></p> <blockquote> <h2>1.17.5</h2> <h3>Patch Changes</h3> <ul> <li>fe66557: Change the default capture delivery budget from 10 attempts to 4 (<code>DefaultMaxAttempts</code>) when <code>Config.MaxRetries</code> is unset, aligning with the cross-SDK Capture V1 parity standard (posthog-rs uses the same envelope). This affects <strong>both</strong> the v0 (<code>/batch/</code>) and v1 send paths, since they share the attempt budget. Callers that set <code>MaxRetries</code> explicitly are unaffected.</li> <li>3d8404a: Unify the capture retry backoff ceiling at 30s. <code>DefaultBackoff</code>'s cap changes from 10s to 30s (default only — override via <code>Config.RetryAfter</code>), and the Capture V1 send now clamps a server <code>Retry-After</code> to the same 30s so a hostile or buggy header cannot park a batch goroutine. <code>Retry-After</code> still acts as a minimum; the configured backoff is never truncated. This aligns the default retry behavior with posthog-rs and posthog-python.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/PostHog/posthog-go/commit/d7f8a22426389425e7874d302cedfbe86731a179"><code>d7f8a22</code></a> chore: release v1.17.5 [version bump] [skip ci]</li> <li><a href="https://github.com/PostHog/posthog-go/commit/fe66557ddc3141ada0c1d9538186037c641614d9"><code>fe66557</code></a> feat(capture): default to 4 delivery attempts (down from 10) (<a href="https://redirect.github.com/posthog/posthog-go/issues/256">#256</a>)</li> <li><a href="https://github.com/PostHog/posthog-go/commit/3d8404afd554d1557a57c45deba05501a8288d44"><code>3d8404a</code></a> fix(capture): unify retry backoff ceiling at 30s (<a href="https://redirect.github.com/posthog/posthog-go/issues/255">#255</a>)</li> <li><a href="https://github.com/PostHog/posthog-go/commit/6affc1549498bbd8f8ee3fe5beaaab6da5d13ca1"><code>6affc15</code></a> ci: Standardize SDK release failure telemetry (<a href="https://redirect.github.com/posthog/posthog-go/issues/252">#252</a>)</li> <li>See full diff in <a href="https://github.com/posthog/posthog-go/compare/v1.17.4...v1.17.5">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
….2.2 in the actions-major group (#5871) Bumps the actions-major group with 1 update: [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials). Updates `aws-actions/configure-aws-credentials` from 6.2.1 to 6.2.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/aws-actions/configure-aws-credentials/releases">aws-actions/configure-aws-credentials's releases</a>.</em></p> <blockquote> <h2>v6.2.2</h2> <h2><a href="https://github.com/aws-actions/configure-aws-credentials/compare/v6.2.1...v6.2.2">6.2.2</a> (2026-07-07)</h2> <h3>Miscellaneous Chores</h3> <ul> <li>release 6.2.2 (<a href="https://github.com/aws-actions/configure-aws-credentials/commit/d01d678e65d6d2bd9d5ca7a95d6f07b00e25f2c2">d01d678</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md">aws-actions/configure-aws-credentials's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <p>All notable changes to this project will be documented in this file. See <a href="https://github.com/conventional-changelog/standard-version">standard-version</a> for commit guidelines.</p> <h2><a href="https://github.com/aws-actions/configure-aws-credentials/compare/v6.2.1...v6.2.2">6.2.2</a> (2026-07-07)</h2> <h3>Miscellaneous Chores</h3> <ul> <li>release 6.2.2 (<a href="https://github.com/aws-actions/configure-aws-credentials/commit/d01d678e65d6d2bd9d5ca7a95d6f07b00e25f2c2">d01d678</a>)</li> </ul> <h2><a href="https://github.com/aws-actions/configure-aws-credentials/compare/v6.2.0...v6.2.1">6.2.1</a> (2026-06-26)</h2> <h3>Bug Fixes</h3> <ul> <li>enforce allowed-account-ids on all auth paths (<a href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1847">#1847</a>) (<a href="https://github.com/aws-actions/configure-aws-credentials/commit/4d281fbc56a82e63c3fc14f2cc22361f34c97493">4d281fb</a>)</li> </ul> <h2><a href="https://github.com/aws-actions/configure-aws-credentials/compare/v6.1.3...v6.2.0">6.2.0</a> (2026-06-01)</h2> <h3>Features</h3> <ul> <li>add additional session tags by default (<a href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1775">#1775</a>) (<a href="https://github.com/aws-actions/configure-aws-credentials/commit/e0ba7685077379a14a82d01fefd511490344ebfc">e0ba768</a>)</li> <li>add more retry logic and better logging (<a href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1764">#1764</a>) (<a href="https://github.com/aws-actions/configure-aws-credentials/commit/540d0c13aedb8d55501d220bd2f0b3cdedfe84e8">540d0c1</a>)</li> <li>add regex validation to role-session-name (<a href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1765">#1765</a>) (<a href="https://github.com/aws-actions/configure-aws-credentials/commit/e35449909c6ede5083a48ba4b8bbfaaa1cf09ba1">e354499</a>)</li> <li>Allow custom session tags to be passed when assuming a role (<a href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1759">#1759</a>) (<a href="https://github.com/aws-actions/configure-aws-credentials/commit/61f50f630f383628add73c1eab3f1935ba07da2b">61f50f6</a>)</li> <li>expose run id in STS client user-agent (<a href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1774">#1774</a>) (<a href="https://github.com/aws-actions/configure-aws-credentials/commit/29d1be30273e7ef371d59fccf6ec54572c64ec89">29d1be3</a>)</li> <li>support custom STS endpoints (<a href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1762">#1762</a>) (<a href="https://github.com/aws-actions/configure-aws-credentials/commit/8d52d05d7a4521fa52b39de50cb6114b12e5c332">8d52d05</a>)</li> </ul> <h3>Bug Fixes</h3> <ul> <li>skip credential check on output-env-credentials: false (<a href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1778">#1778</a>) (<a href="https://github.com/aws-actions/configure-aws-credentials/commit/58e7c47adf77846879008deadfeeef8a6969fe6c">58e7c47</a>)</li> <li>assumeRole failing from session tag size too large (<a href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1808">#1808</a>) (<a href="https://github.com/aws-actions/configure-aws-credentials/commit/d6f5dc331b44474b19a52caaf85fa4d637b13c8e">d6f5dc3</a>)</li> </ul> <h2><a href="https://github.com/aws-actions/configure-aws-credentials/compare/v6.1.2...v6.1.3">6.1.3</a> (2026-05-28)</h2> <h3>Bug Fixes</h3> <ul> <li>fix: allow kubelet token symlink in <a href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1805">#1805</a></li> </ul> <h2><a href="https://github.com/aws-actions/configure-aws-credentials/compare/v6.1.1...v6.1.2">6.1.2</a> (2026-05-26)</h2> <h3>Bug Fixes</h3> <ul> <li>additional filesystem checks (<a href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1799">#1799</a>) (<a href="https://github.com/aws-actions/configure-aws-credentials/commit/c39f282697aca8a78c522ecf1f7da9899a31432c">c39f282</a>)</li> </ul> <h2><a href="https://github.com/aws-actions/configure-aws-credentials/compare/v6.1.0...v6.1.1">6.1.1</a> (2026-05-05)</h2> <h3>Miscellaneous Chores</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/aws-actions/configure-aws-credentials/commit/517a711dbcd0e402f90c77e7e2f81e849156e31d"><code>517a711</code></a> chore(main): release 6.2.2 (<a href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1876">#1876</a>)</li> <li><a href="https://github.com/aws-actions/configure-aws-credentials/commit/d01d678e65d6d2bd9d5ca7a95d6f07b00e25f2c2"><code>d01d678</code></a> chore: release 6.2.2</li> <li><a href="https://github.com/aws-actions/configure-aws-credentials/commit/8efa52b2848773c500aa10726e251480b1a9eef6"><code>8efa52b</code></a> chore(deps-dev): bump vitest dependencies (<a href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1874">#1874</a>)</li> <li><a href="https://github.com/aws-actions/configure-aws-credentials/commit/8e1eed5c14c0831e3e8d3e79a355207770cfc534"><code>8e1eed5</code></a> chore(deps-dev): bump <code>@smithy/property-provider</code> from 4.4.4 to 4.4.6 (<a href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1869">#1869</a>)</li> <li><a href="https://github.com/aws-actions/configure-aws-credentials/commit/112421a93aaa67421f2d14d7c469df0e5ca60e47"><code>112421a</code></a> chore(deps-dev): bump <code>@biomejs/biome</code> from 2.5.1 to 2.5.2 (<a href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1868">#1868</a>)</li> <li><a href="https://github.com/aws-actions/configure-aws-credentials/commit/fbc01c6585c59a56334d4803ca1f3f249a5fba3f"><code>fbc01c6</code></a> chore(deps-dev): bump <code>@types/node</code> from 26.0.1 to 26.1.0 (<a href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1871">#1871</a>)</li> <li><a href="https://github.com/aws-actions/configure-aws-credentials/commit/b12ca875eb3037b4cfbc4aa347bd62e1b475d439"><code>b12ca87</code></a> chore(deps-dev): bump memfs from 4.57.8 to 4.58.0 (<a href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1873">#1873</a>)</li> <li><a href="https://github.com/aws-actions/configure-aws-credentials/commit/d314f7f43d28771d47678a1ad87f05976e241846"><code>d314f7f</code></a> chore: Update dist</li> <li><a href="https://github.com/aws-actions/configure-aws-credentials/commit/a53b65b84a3cea262b96b50376e409283f6f818b"><code>a53b65b</code></a> chore(deps): bump <code>@aws-sdk/client-sts</code> from 3.1076.0 to 3.1080.0 (<a href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1867">#1867</a>)</li> <li><a href="https://github.com/aws-actions/configure-aws-credentials/commit/338d2c18392e9b3ace741e4547b315bda30f7b02"><code>338d2c1</code></a> chore(deps-dev): bump sigstore from 4.1.0 to 4.1.1 (<a href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1864">#1864</a>)</li> <li>Additional commits viewable in <a href="https://github.com/aws-actions/configure-aws-credentials/compare/254c19bd240aabef8777f48595e9d2d7b972184b...517a711dbcd0e402f90c77e7e2f81e849156e31d">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 249b9ec577
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| const args = [ | ||
| "db", | ||
| "__db-bootstrap", | ||
| ...modeArgs, | ||
| ...networkArgs, | ||
| ...profileArgs, | ||
| ...experimentalArgs, | ||
| ]; |
There was a problem hiding this comment.
Forward explicit workdir into the bootstrap child
When db start or local db reset is invoked with an explicit --workdir/SUPABASE_WORKDIR, this seam starts the hidden Go child with only cwd: cliConfig.workdir and does not pass that workdir as a flag/env. In the Go child, ChangeWorkDir falls back to getProjectRoot(CurrentDirAbs) whenever WORKDIR is unset (apps/cli-go/internal/utils/misc.go:239-242), so an explicit workdir that intentionally has no supabase/config.toml can be replaced by an ancestor project. The child can then load the ancestor config/project id and create/reset/cleanup the wrong local containers; pass the resolved workdir through to the child.
Useful? React with 👍 / 👎.
| const projectId = legacyResolveLocalProjectId( | ||
| Option.getOrUndefined(cliConfig.projectId), | ||
| Option.getOrUndefined(tomlProjectId), | ||
| cliConfig.workdir, |
There was a problem hiding this comment.
Include project dotenv when deriving the db container
When SUPABASE_PROJECT_ID is defined only in project dotenv files, Go sees it because config Load calls loadNestedEnv before AutomaticEnv/validation (apps/cli-go/pkg/config/config.go:786-790). This preflight lookup only uses the ambient cliConfig.projectId plus TOML/workdir, so it inspects supabase_db_<wrong id> and misses an already-running stack that was started with the dotenv project id; db start then enters the bootstrap path instead of returning "already running". Resolve the project env here before deriving the container id.
Useful? React with 👍 / 👎.
Bumps the actions-major group with 2 updates: [github/codeql-action/init](https://github.com/github/codeql-action) and [github/codeql-action/analyze](https://github.com/github/codeql-action). Updates `github/codeql-action/init` from 4.36.3 to 4.37.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/releases">github/codeql-action/init's releases</a>.</em></p> <blockquote> <h2>v4.37.0</h2> <ul> <li>Update default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.26.0">2.26.0</a>. <a href="https://redirect.github.com/github/codeql-action/pull/3995">#3995</a></li> <li>In addition to the existing input format, the <code>config-file</code> input for the <code>codeql-action/init</code> step will soon support a new <code>[owner/]repo[@ref][:path]</code> format. All components except the repository name are optional. If omitted, <code>owner</code> defaults to the same owner as the repository the analysis is running for, <code>ref</code> to <code>main</code>, and <code>path</code> to <code>.github/codeql-action.yaml</code>. Support for this format ships in this version of the CodeQL Action, but will only be enabled over the coming weeks. <a href="https://redirect.github.com/github/codeql-action/pull/3973">#3973</a></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action/init's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>[UNRELEASED]</h2> <ul> <li><em>Upcoming breaking change</em>: Add a deprecation warning for customers using CodeQL version 2.20.6 and earlier. These versions of CodeQL were discontinued on 1 July 2026 alongside GitHub Enterprise Server 3.16, and will be unsupported by the next minor release of the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/3956">#3956</a></li> </ul> <h2>4.37.0 - 08 Jul 2026</h2> <ul> <li>Update default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.26.0">2.26.0</a>. <a href="https://redirect.github.com/github/codeql-action/pull/3995">#3995</a></li> <li>In addition to the existing input format, the <code>config-file</code> input for the <code>codeql-action/init</code> step will soon support a new <code>[owner/]repo[@ref][:path]</code> format. All components except the repository name are optional. If omitted, <code>owner</code> defaults to the same owner as the repository the analysis is running for, <code>ref</code> to <code>main</code>, and <code>path</code> to <code>.github/codeql-action.yaml</code>. Support for this format ships in this version of the CodeQL Action, but will only be enabled over the coming weeks. <a href="https://redirect.github.com/github/codeql-action/pull/3973">#3973</a></li> </ul> <h2>4.36.3 - 01 Jul 2026</h2> <p>No user facing changes.</p> <h2>4.36.2 - 04 Jun 2026</h2> <ul> <li>Cache CodeQL CLI version information across Actions steps. <a href="https://redirect.github.com/github/codeql-action/pull/3943">#3943</a></li> <li>Reduce requests while waiting for analysis processing by using exponential backoff when polling SARIF processing status. <a href="https://redirect.github.com/github/codeql-action/pull/3937">#3937</a></li> <li>Update default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.6">2.25.6</a>. <a href="https://redirect.github.com/github/codeql-action/pull/3948">#3948</a></li> </ul> <h2>4.36.1 - 02 Jun 2026</h2> <p>No user facing changes.</p> <h2>4.36.0 - 22 May 2026</h2> <ul> <li><em>Breaking change</em>: Bump the minimum required CodeQL bundle version to 2.19.4. <a href="https://redirect.github.com/github/codeql-action/pull/3894">#3894</a></li> <li>Add support for SHA-256 Git object IDs. <a href="https://redirect.github.com/github/codeql-action/pull/3893">#3893</a></li> <li>Update default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5">2.25.5</a>. <a href="https://redirect.github.com/github/codeql-action/pull/3926">#3926</a></li> </ul> <h2>4.35.5 - 15 May 2026</h2> <ul> <li>We have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/3899">#3899</a></li> <li>For performance and accuracy reasons, <a href="https://redirect.github.com/github/roadmap/issues/1158">improved incremental analysis</a> will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. <a href="https://redirect.github.com/github/codeql-action/pull/3791">#3791</a></li> <li>If multiple inputs are provided for the GitHub-internal <code>analysis-kinds</code> input, only <code>code-scanning</code> will be enabled. The <code>analysis-kinds</code> input is experimental, for GitHub-internal use only, and may change without notice at any time. <a href="https://redirect.github.com/github/codeql-action/pull/3892">#3892</a></li> <li>Added an experimental change which, when running a Code Scanning analysis for a PR with <a href="https://redirect.github.com/github/roadmap/issues/1158">improved incremental analysis</a> enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. <a href="https://redirect.github.com/github/codeql-action/pull/3880">#3880</a></li> </ul> <h2>4.35.4 - 07 May 2026</h2> <ul> <li>Update default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4">2.25.4</a>. <a href="https://redirect.github.com/github/codeql-action/pull/3881">#3881</a></li> </ul> <h2>4.35.3 - 01 May 2026</h2> <ul> <li><em>Upcoming breaking change</em>: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/3837">#3837</a></li> <li>Configurations for private registries that use Cloudsmith or GCP OIDC are now accepted. <a href="https://redirect.github.com/github/codeql-action/pull/3850">#3850</a></li> <li>Best-effort connection tests for private registries now use <code>GET</code> requests instead of <code>HEAD</code> for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. <a href="https://redirect.github.com/github/codeql-action/pull/3853">#3853</a></li> <li>Fixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. <a href="https://redirect.github.com/github/codeql-action/pull/3852">#3852</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/github/codeql-action/commit/99df26d4f13ea111d4ec1a7dddef6063f76b97e9"><code>99df26d</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3996">#3996</a> from github/update-v4.37.0-c7c896d71</li> <li><a href="https://github.com/github/codeql-action/commit/31c27074fda95256cda077009907f8a6022dd7c0"><code>31c2707</code></a> Add changenote for <a href="https://redirect.github.com/github/codeql-action/issues/3973">#3973</a></li> <li><a href="https://github.com/github/codeql-action/commit/72df2181aac054d1f4b44264399d2aac12cf11c6"><code>72df218</code></a> Update changelog for v4.37.0</li> <li><a href="https://github.com/github/codeql-action/commit/c7c896d71b3055d36f2aff93b16bcc6c69923b91"><code>c7c896d</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3995">#3995</a> from github/update-bundle/codeql-bundle-v2.26.0</li> <li><a href="https://github.com/github/codeql-action/commit/3f34ff0ea3f5153c96071437b7cbf71ea3757146"><code>3f34ff0</code></a> Add changelog note</li> <li><a href="https://github.com/github/codeql-action/commit/43bec09f1dc368b430cab4b5d69799bc904079d1"><code>43bec09</code></a> Update default bundle to codeql-bundle-v2.26.0</li> <li><a href="https://github.com/github/codeql-action/commit/f58f0d11ebf5dedd870fab2f999275f7602cfa46"><code>f58f0d1</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3973">#3973</a> from github/mbg/repo-props/config-file-shorthands</li> <li><a href="https://github.com/github/codeql-action/commit/7dc37cbb5b3e37f0e1cd1f18b61e0ea849898fb8"><code>7dc37cb</code></a> Merge remote-tracking branch 'origin/main' into mbg/repo-props/config-file-sh...</li> <li><a href="https://github.com/github/codeql-action/commit/8e22350a7e28c34c82a5a499fc241923301c2c4f"><code>8e22350</code></a> Thread <code>ActionState</code> to <code>initConfig</code></li> <li><a href="https://github.com/github/codeql-action/commit/69c9e8c7d918cf2fee13b8b72fdde15883ff155b"><code>69c9e8c</code></a> Mark some <code>status-report</code> imports as <code>type</code>-only to avoid circular dependencies</li> <li>Additional commits viewable in <a href="https://github.com/github/codeql-action/compare/54f647b7e1bb85c95cddabcd46b0c578ec92bc1a...99df26d4f13ea111d4ec1a7dddef6063f76b97e9">compare view</a></li> </ul> </details> <br /> Updates `github/codeql-action/analyze` from 4.36.3 to 4.37.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/releases">github/codeql-action/analyze's releases</a>.</em></p> <blockquote> <h2>v4.37.0</h2> <ul> <li>Update default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.26.0">2.26.0</a>. <a href="https://redirect.github.com/github/codeql-action/pull/3995">#3995</a></li> <li>In addition to the existing input format, the <code>config-file</code> input for the <code>codeql-action/init</code> step will soon support a new <code>[owner/]repo[@ref][:path]</code> format. All components except the repository name are optional. If omitted, <code>owner</code> defaults to the same owner as the repository the analysis is running for, <code>ref</code> to <code>main</code>, and <code>path</code> to <code>.github/codeql-action.yaml</code>. Support for this format ships in this version of the CodeQL Action, but will only be enabled over the coming weeks. <a href="https://redirect.github.com/github/codeql-action/pull/3973">#3973</a></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action/analyze's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases">releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>[UNRELEASED]</h2> <ul> <li><em>Upcoming breaking change</em>: Add a deprecation warning for customers using CodeQL version 2.20.6 and earlier. These versions of CodeQL were discontinued on 1 July 2026 alongside GitHub Enterprise Server 3.16, and will be unsupported by the next minor release of the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/3956">#3956</a></li> </ul> <h2>4.37.0 - 08 Jul 2026</h2> <ul> <li>Update default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.26.0">2.26.0</a>. <a href="https://redirect.github.com/github/codeql-action/pull/3995">#3995</a></li> <li>In addition to the existing input format, the <code>config-file</code> input for the <code>codeql-action/init</code> step will soon support a new <code>[owner/]repo[@ref][:path]</code> format. All components except the repository name are optional. If omitted, <code>owner</code> defaults to the same owner as the repository the analysis is running for, <code>ref</code> to <code>main</code>, and <code>path</code> to <code>.github/codeql-action.yaml</code>. Support for this format ships in this version of the CodeQL Action, but will only be enabled over the coming weeks. <a href="https://redirect.github.com/github/codeql-action/pull/3973">#3973</a></li> </ul> <h2>4.36.3 - 01 Jul 2026</h2> <p>No user facing changes.</p> <h2>4.36.2 - 04 Jun 2026</h2> <ul> <li>Cache CodeQL CLI version information across Actions steps. <a href="https://redirect.github.com/github/codeql-action/pull/3943">#3943</a></li> <li>Reduce requests while waiting for analysis processing by using exponential backoff when polling SARIF processing status. <a href="https://redirect.github.com/github/codeql-action/pull/3937">#3937</a></li> <li>Update default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.6">2.25.6</a>. <a href="https://redirect.github.com/github/codeql-action/pull/3948">#3948</a></li> </ul> <h2>4.36.1 - 02 Jun 2026</h2> <p>No user facing changes.</p> <h2>4.36.0 - 22 May 2026</h2> <ul> <li><em>Breaking change</em>: Bump the minimum required CodeQL bundle version to 2.19.4. <a href="https://redirect.github.com/github/codeql-action/pull/3894">#3894</a></li> <li>Add support for SHA-256 Git object IDs. <a href="https://redirect.github.com/github/codeql-action/pull/3893">#3893</a></li> <li>Update default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5">2.25.5</a>. <a href="https://redirect.github.com/github/codeql-action/pull/3926">#3926</a></li> </ul> <h2>4.35.5 - 15 May 2026</h2> <ul> <li>We have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/3899">#3899</a></li> <li>For performance and accuracy reasons, <a href="https://redirect.github.com/github/roadmap/issues/1158">improved incremental analysis</a> will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. <a href="https://redirect.github.com/github/codeql-action/pull/3791">#3791</a></li> <li>If multiple inputs are provided for the GitHub-internal <code>analysis-kinds</code> input, only <code>code-scanning</code> will be enabled. The <code>analysis-kinds</code> input is experimental, for GitHub-internal use only, and may change without notice at any time. <a href="https://redirect.github.com/github/codeql-action/pull/3892">#3892</a></li> <li>Added an experimental change which, when running a Code Scanning analysis for a PR with <a href="https://redirect.github.com/github/roadmap/issues/1158">improved incremental analysis</a> enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. <a href="https://redirect.github.com/github/codeql-action/pull/3880">#3880</a></li> </ul> <h2>4.35.4 - 07 May 2026</h2> <ul> <li>Update default CodeQL bundle version to <a href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4">2.25.4</a>. <a href="https://redirect.github.com/github/codeql-action/pull/3881">#3881</a></li> </ul> <h2>4.35.3 - 01 May 2026</h2> <ul> <li><em>Upcoming breaking change</em>: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. <a href="https://redirect.github.com/github/codeql-action/pull/3837">#3837</a></li> <li>Configurations for private registries that use Cloudsmith or GCP OIDC are now accepted. <a href="https://redirect.github.com/github/codeql-action/pull/3850">#3850</a></li> <li>Best-effort connection tests for private registries now use <code>GET</code> requests instead of <code>HEAD</code> for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. <a href="https://redirect.github.com/github/codeql-action/pull/3853">#3853</a></li> <li>Fixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. <a href="https://redirect.github.com/github/codeql-action/pull/3852">#3852</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/github/codeql-action/commit/99df26d4f13ea111d4ec1a7dddef6063f76b97e9"><code>99df26d</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3996">#3996</a> from github/update-v4.37.0-c7c896d71</li> <li><a href="https://github.com/github/codeql-action/commit/31c27074fda95256cda077009907f8a6022dd7c0"><code>31c2707</code></a> Add changenote for <a href="https://redirect.github.com/github/codeql-action/issues/3973">#3973</a></li> <li><a href="https://github.com/github/codeql-action/commit/72df2181aac054d1f4b44264399d2aac12cf11c6"><code>72df218</code></a> Update changelog for v4.37.0</li> <li><a href="https://github.com/github/codeql-action/commit/c7c896d71b3055d36f2aff93b16bcc6c69923b91"><code>c7c896d</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3995">#3995</a> from github/update-bundle/codeql-bundle-v2.26.0</li> <li><a href="https://github.com/github/codeql-action/commit/3f34ff0ea3f5153c96071437b7cbf71ea3757146"><code>3f34ff0</code></a> Add changelog note</li> <li><a href="https://github.com/github/codeql-action/commit/43bec09f1dc368b430cab4b5d69799bc904079d1"><code>43bec09</code></a> Update default bundle to codeql-bundle-v2.26.0</li> <li><a href="https://github.com/github/codeql-action/commit/f58f0d11ebf5dedd870fab2f999275f7602cfa46"><code>f58f0d1</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3973">#3973</a> from github/mbg/repo-props/config-file-shorthands</li> <li><a href="https://github.com/github/codeql-action/commit/7dc37cbb5b3e37f0e1cd1f18b61e0ea849898fb8"><code>7dc37cb</code></a> Merge remote-tracking branch 'origin/main' into mbg/repo-props/config-file-sh...</li> <li><a href="https://github.com/github/codeql-action/commit/8e22350a7e28c34c82a5a499fc241923301c2c4f"><code>8e22350</code></a> Thread <code>ActionState</code> to <code>initConfig</code></li> <li><a href="https://github.com/github/codeql-action/commit/69c9e8c7d918cf2fee13b8b72fdde15883ff155b"><code>69c9e8c</code></a> Mark some <code>status-report</code> imports as <code>type</code>-only to avoid circular dependencies</li> <li>Additional commits viewable in <a href="https://github.com/github/codeql-action/compare/54f647b7e1bb85c95cddabcd46b0c578ec92bc1a...99df26d4f13ea111d4ec1a7dddef6063f76b97e9">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
## TL;DR docker-based deploys could finish bundling and then fail with `failed to open eszip: ENOENT ... output.eszip` <br>the [Go CLI wrote bundle output to project-local `supabase/.temp`](<https://github.com/supabase/cli/blob/249b9ec577f178350c686e1a581469d680e054ba/apps/cli-go/internal/functions/deploy/bundle.go#L36>) but the [TypeScript port moved it to the host OS temporary directory](<https://github.com/supabase/cli/blob/249b9ec577f178350c686e1a581469d680e054ba/apps/cli/src/shared/functions/deploy.ts#L1337-L1340>) <br>typically under `/var/folders/...`, which may not be shared with Docker Desktop's VM this restores the Go CLI's project local output behavior while retaining unique bundle directories & cleanup... ## ref: * towards: #5735 * follow up to: <br>[https://github.com/supabase/cli/pull/5755](<https://github.com/supabase/cli/pull/5755>) <br>[https://github.com/supabase/cli/pull/5747](<https://github.com/supabase/cli/pull/5747>)
## TL;DR `supabase gen types typescript --local` started requiring `supabase/config.toml` after the ts port, although the previous one used embedded defaults when the file was absent now it again uses the config schema defaults for the config-less `--local` path, restoring the previous behavior.. ## ref - Closes #5879 - Follow-up to #5514
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 51836e43ed
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| if (goViperCompat) { | ||
| yield* checkDuplicateRemoteProjectIds(remotes); | ||
| yield* checkRemoteProjectIdFormat(interpolatedRemotes ?? remotes); |
There was a problem hiding this comment.
Honor viper env overrides when validating remotes
When a Go-parity caller runs with SUPABASE_REMOTES_<NAME>_PROJECT_ID overriding a placeholder or invalid [remotes.<name>].project_id, Go accepts the config because SetEnvPrefix("SUPABASE")/AutomaticEnv() is installed before the struct is validated (apps/cli-go/pkg/config/config.go:582-586, then :996-1001). This new check validates only the TOML/env(...) document, so the newly ported status/stop/config-loading paths using goViperCompat: true now reject Go-valid configs before doing any work. Apply the same SUPABASE_REMOTES_<NAME>_PROJECT_ID override before the duplicate/format checks.
Useful? React with 👍 / 👎.
| const loadOptions: LoadProjectConfigOptions = | ||
| projectRef !== "" ? { projectRef, goViperCompat: true } : { goViperCompat: true }; | ||
| const loaded = yield* loadProjectConfig(cliConfig.workdir, loadOptions).pipe( |
There was a problem hiding this comment.
Load bucket config with Go's project env context
In this new native seed buckets path, the config load only receives projectRef/goViperCompat, even though Go reaches buckets.Run after ParseDatabaseConfig has loaded the full nested dotenv set (apps/cli-go/cmd/root.go:118, pkg/config/config.go:1220-1256). If a bucket field such as objects_path or file_size_limit uses env(...) backed by a project-root or SUPABASE_ENV-selected dotenv file, this reload only sees @supabase/config's narrower env set and can reject a Go-valid config or seed from an unresolved env(...) path; pass the preloaded project env (and the exact Go workdir/toml-only options) into this load.
Useful? React with 👍 / 👎.
This PR was automatically created to sync API types from the infrastructure repository. Changes were detected in the generated API code after syncing with the latest spec from infrastructure. Co-authored-by: supabase-cli-releaser[bot] <246109035+supabase-cli-releaser[bot]@users.noreply.github.com>
This PR was automatically created to sync API types from the infrastructure repository. Changes were detected in the generated API code after syncing with the latest spec from infrastructure. Co-authored-by: supabase-cli-releaser[bot] <246109035+supabase-cli-releaser[bot]@users.noreply.github.com>
This PR was automatically created to sync API types from the infrastructure repository. Changes were detected in the generated API code after syncing with the latest spec from infrastructure. Co-authored-by: supabase-cli-releaser[bot] <246109035+supabase-cli-releaser[bot]@users.noreply.github.com>
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 7f1d939c8f
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| // `db reset` (local path) drives the bootstrap seam, which holds SIGINT/SIGTERM/SIGHUP with | ||
| // no-op listeners while the Go child recreates the container; the global handler would | ||
| // otherwise race that and cut off the child's Docker cleanup / status propagation. | ||
| ["db", "reset"], |
There was a problem hiding this comment.
Restore signal handling for remote db reset
This excludes every db reset invocation from the global SIGINT/SIGTERM wrapper, but only the local/bootstrap paths install their own holdSignals; native remote resets such as db reset --linked --version ... or a non-local --db-url path do not. In those cases Ctrl-C falls back to the runtime's default process termination, so the Effect.ensuring finalizers in reset.handler.ts and the scoped DB connection cleanup can be skipped instead of exiting through the normal 130 path. Narrow this exemption to the local/bootstrap child path or add equivalent signal handling around the native remote path.
Useful? React with 👍 / 👎.
|
|
||
| permissions: | ||
| pull-requests: write | ||
| issues: read |
There was a problem hiding this comment.
Grant issue write permission to close gated PRs
The gate's makeCloser implementation posts to /issues/{pr}/comments and then PATCHes /issues/{pr} to close the PR, but the workflow only grants issues: read. GitHub's REST issue mutations require issue write access, so the first external PR that fails the gate will hit a 403 instead of being commented on and closed; change this to issues: write (while keeping pull-requests: write only if another call needs it).
Useful? React with 👍 / 👎.
## TL;DR `db advisors --local` silently missed API exposure lints when `pgrst.db_schemas` was unset in its direct database session This defaults the missing setting to PostgREST's `public` schema while preserving explicitly configured and empty schema values. ## ref - closes #5868 - follows supabase/splinter#168
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 3383214304
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| - [ ] Tests added or updated for the change. | ||
| - [ ] `pnpm check:all` and `pnpm test` pass for the workspace(s) I touched. |
There was a problem hiding this comment.
Remove validation checklist entries
These checklist entries will be copied into every PR description, but the repo’s AGENTS.md Pull Requests guidance explicitly says not to include validation, test plans, or lists of checks in PR descriptions. In contexts using this template, contributors will be nudged to add exactly the content CI policy asks them to omit; remove these validation/check entries from the template.
Useful? React with 👍 / 👎.
| legacyAssertDecryptableSecrets(loaded.document, secretEnvLookup, dotenvPrivateKeys) ?? | ||
| legacyAssertDecryptableSecrets( | ||
| { auth: { external: loaded.removedDeprecatedExternalProviders ?? {} } }, | ||
| secretEnvLookup, | ||
| dotenvPrivateKeys, |
There was a problem hiding this comment.
Scan stripped remotes before pushing config
When config push selects a matching [remotes.*] block, loadProjectConfig returns loaded.document with remotes stripped, but Go's config load still decodes c.Remotes and runs DecryptSecretHookFunc on those Secret fields. With a target prod remote plus a non-selected staging remote containing an undecryptable auth.external.github.secret = "encrypted:...", Go aborts before the cost matrix/API calls, while this scan only sees the merged document and proceeds to push remote config; preserve the pre-merge remotes or re-read them for this decrypt-or-abort pass.
Useful? React with 👍 / 👎.
This PR was automatically created to sync the generated `@supabase/api` package with the latest Management API OpenAPI document. Changes were detected in the upstream OpenAPI document exposed by `https://api.supabase.com/api/v1-json`. --------- Co-authored-by: jgoux <1443499+jgoux@users.noreply.github.com> Co-authored-by: avallete <andrew.valleteau@supabase.io> Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 2cb2d6e83a
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| const name = Object.entries(remotes).find(([, remote]) => { | ||
| const projectId = | ||
| isObject(remote) && typeof remote["project_id"] === "string" ? remote["project_id"] : ""; | ||
| return projectRef !== undefined && projectId === projectRef; | ||
| })?.[0]; |
There was a problem hiding this comment.
Apply env overrides when selecting remotes
When goViperCompat callers select a remote whose [remotes.<name>].project_id is supplied by SUPABASE_REMOTES_<NAME>_PROJECT_ID, this matching loop still compares only the TOML value, so the remote block is not merged even though Go's viper lookup would select it. Fresh evidence beyond the earlier validation comment: this selection path independently reads remote["project_id"], so fixing duplicate/format validation alone would still make config push/functions deploy/linked storage config loads operate on the base config instead of the env-selected remote.
Useful? React with 👍 / 👎.
| Effect.catchTag("LegacySeedConfigLoadError", (error) => | ||
| output.raw( | ||
| `${legacyYellow("WARNING:")} skipped seeding storage buckets: ${error.message}\n`, | ||
| "stderr", | ||
| ), |
There was a problem hiding this comment.
Stop swallowing bucket config failures
When local db reset reaches bucket seeding with a real bucket-config error, this catch converts it into a warning after seam.recreateDatabase has already dropped/rebuilt the database and then reports reset success. This is not limited to the narrower env-file-set gap described above; legacySeedBucketsRun also raises LegacySeedConfigLoadError for invalid storage settings such as an unparseable storage.file_size_limit or per-bucket file_size_limit, while Go's config load parses those before resetDatabase runs and would fail before doing destructive work. Narrow this catch to the env-resolution compatibility case or pre-validate the same bucket fields before recreating the DB.
Useful? React with 👍 / 👎.
…tes (#5885) Bumps the go-minor group with 2 updates in the /apps/cli-go directory: [golang.org/x/mod](https://github.com/golang/mod) and [golang.org/x/net](https://github.com/golang/net). Bumps the go-minor group with 1 update in the /apps/cli-go/pkg directory: [golang.org/x/mod](https://github.com/golang/mod). Updates `golang.org/x/mod` from 0.37.0 to 0.38.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/mod/commit/792ac169a90372d88fb14e712cb793061ba0c104"><code>792ac16</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/mod/commit/fe2ec04f7c3c3aa6fad97631aafcff6e49e2d1db"><code>fe2ec04</code></a> all: fix some comments to improve readability</li> <li>See full diff in <a href="https://github.com/golang/mod/compare/v0.37.0...v0.38.0">compare view</a></li> </ul> </details> <br /> Updates `golang.org/x/net` from 0.56.0 to 0.57.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/net/commit/b8f09f6f062ceb4531b7af4bd17a5c8fe9c4b2b5"><code>b8f09f6</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/net/commit/f05f21be5927155a88b371674c298ada54b71cf5"><code>f05f21b</code></a> idna: reject all-ASCII xn-- labels on all Go versions</li> <li><a href="https://github.com/golang/net/commit/0f748cfbba95084c87723e3b7eb7dad9241fc2dd"><code>0f748cf</code></a> internal/http3: clean up stream I/O methods usages in tests</li> <li><a href="https://github.com/golang/net/commit/0bb961e45132c680e2a0117e1df951538a19da61"><code>0bb961e</code></a> internal/http3: add net/http.ResponseController support</li> <li><a href="https://github.com/golang/net/commit/0ca694d2a5adcce7f36d4d65e5f8d72390d94051"><code>0ca694d</code></a> webdav: document Dir's lack of defense against filesystem modification</li> <li><a href="https://github.com/golang/net/commit/bd5f1dcf71cf0d6d2424021d0a04f191396a46a7"><code>bd5f1dc</code></a> http2: initialize Transport on NewClientConn</li> <li><a href="https://github.com/golang/net/commit/488ff63197ffddbcef2d01107f8a89906a4f28d1"><code>488ff63</code></a> bpf: add security considerations to package docs</li> <li><a href="https://github.com/golang/net/commit/93d1f25be95961edfdf488b9398e53fb9f05f193"><code>93d1f25</code></a> xsrftoken: avoid token collisions</li> <li><a href="https://github.com/golang/net/commit/5a3baee349e65853c34b4377bebe7676a64dbc87"><code>5a3baee</code></a> internal/http3: prevent panic in QPACK decoder due to overflow</li> <li>See full diff in <a href="https://github.com/golang/net/compare/v0.56.0...v0.57.0">compare view</a></li> </ul> </details> <br /> Updates `golang.org/x/term` from 0.44.0 to 0.45.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/term/commit/9f69229da31ca6a34b522f59dbe07cad5ea21587"><code>9f69229</code></a> go.mod: update golang.org/x dependencies</li> <li>See full diff in <a href="https://github.com/golang/term/compare/v0.44.0...v0.45.0">compare view</a></li> </ul> </details> <br /> Updates `golang.org/x/mod` from 0.37.0 to 0.38.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/mod/commit/792ac169a90372d88fb14e712cb793061ba0c104"><code>792ac16</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/mod/commit/fe2ec04f7c3c3aa6fad97631aafcff6e49e2d1db"><code>fe2ec04</code></a> all: fix some comments to improve readability</li> <li>See full diff in <a href="https://github.com/golang/mod/compare/v0.37.0...v0.38.0">compare view</a></li> </ul> </details> <br /> Updates `golang.org/x/mod` from 0.37.0 to 0.38.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/mod/commit/792ac169a90372d88fb14e712cb793061ba0c104"><code>792ac16</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/mod/commit/fe2ec04f7c3c3aa6fad97631aafcff6e49e2d1db"><code>fe2ec04</code></a> all: fix some comments to improve readability</li> <li>See full diff in <a href="https://github.com/golang/mod/compare/v0.37.0...v0.38.0">compare view</a></li> </ul> </details> <br /> Updates `golang.org/x/mod` from 0.37.0 to 0.38.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/mod/commit/792ac169a90372d88fb14e712cb793061ba0c104"><code>792ac16</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/mod/commit/fe2ec04f7c3c3aa6fad97631aafcff6e49e2d1db"><code>fe2ec04</code></a> all: fix some comments to improve readability</li> <li>See full diff in <a href="https://github.com/golang/mod/compare/v0.37.0...v0.38.0">compare view</a></li> </ul> </details> <br /> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 770d7cc1a7
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| // which reads the resolved flag value, not `pflag.Changed`. Gate on | ||
| // `flags.useApi` directly so `--use-api=false` still routes through the | ||
| // Docker/legacy-bundle proxy, matching Go. | ||
| if (!flags.useApi && (flags.useDocker || flags.legacyBundle)) { |
There was a problem hiding this comment.
Validate API-listed slugs on the native download path
When --use-api is used without a function name, this new routing bypasses the Go proxy and falls through to the native all-functions download path, but that path still trusts slugs returned by v1ListAllFunctions. The Go implementation explicitly validates each listed slug before dispatching downloads (apps/cli-go/internal/functions/download/download.go:176-188); without the same check here, a corrupted/MITM API response containing a slug like ../functions/other is joined into the extraction destination and can write into a different directory under supabase/functions. Validate API-listed slugs before native downloads (and before reporting them in machine output).
Useful? React with 👍 / 👎.
This PR was automatically created to sync API types from the infrastructure repository. Changes were detected in the generated API code after syncing with the latest spec from infrastructure. Co-authored-by: supabase-cli-releaser[bot] <246109035+supabase-cli-releaser[bot]@users.noreply.github.com>
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: a3925ee0ea
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| mcpUrl: apiUrlWithPath(apiExternalUrl, "/mcp"), | ||
| studioUrl: `http://${hostname}:${studioPort}`, | ||
| mailpitUrl: `http://${hostname}:${mailpitPort}`, | ||
| dbUrl: `postgresql://postgres:${DEFAULT_DB_PASSWORD}@${hostname}:${dbPort}/postgres`, |
There was a problem hiding this comment.
Use the configured local DB password in status
When the local stack was started with a custom SUPABASE_DB_PASSWORD from the shell or project dotenv files, Go's status builds DB_URL from utils.Config.Db.Password after Config.Load, so it reports the actual password clients need. This hardcoded postgres value ignores the same env/dotenv override that start uses for the database container, causing supabase status -o env/json to hand users and scripts an unusable connection URL for those projects; resolve the DB password through the Go-parity env/config path instead of always using the default.
Useful? React with 👍 / 👎.
## TL;DR fixes project keys being written to CLI traces, matching the Go cli's behavior... ## Problem The Go-cli use to send keys through the `apikey` header: https://github.com/supabase/cli/blob/2cb2d6e83a3f7d65ebdab905c35b8f8257e685dc/apps/cli-go/pkg/fetcher/gateway.go#L22-L33 Its debug transport only logs the request method and URL: https://github.com/supabase/cli/blob/2cb2d6e83a3f7d65ebdab905c35b8f8257e685dc/apps/cli-go/internal/debug/http.go#L14-L16 Effect tracing captures request headers, but `apikey` is not included in its default redaction list... this allowed values to be written to local traces... ## sol exclude `apikey` header attributes at the tracing boundary.... requests and all other telemetry remain unchanged, while NDJSON and debug output no longer contain project keys.... ## ref: - reported in: #5890
This PR was automatically created to sync the generated `@supabase/api` package with the latest Management API OpenAPI document. Changes were detected in the upstream OpenAPI document exposed by `https://api.supabase.com/api/v1-json`. Co-authored-by: jgoux <1443499+jgoux@users.noreply.github.com>
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 4e99f37dd9
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| if (expected === "array") { | ||
| return goViperCompat ? coerceLeaf(substituted, expected) : substituted; |
There was a problem hiding this comment.
Coerce plain scalar strings in viper mode
When goViperCompat callers load a Go-valid config that quotes a scalar, e.g. api.enabled = "false" or db.port = "54321", Go's v.UnmarshalExact still decodes those strings through weak bool/number parsing, but this new viper-mode special case only applies unconditional string coercion to arrays and then the unchanged scalar string returns without coerceLeaf. Native paths such as status, stop, and config push now reject those Go-valid configs before doing any work; apply the same goViperCompat treatment to number/boolean string literals, not just env(...) substitutions.
Useful? React with 👍 / 👎.
| const experimentalInput: LegacyExperimentalInput = { | ||
| pgdeltaFormatOptions: formatOptionsExpanded, | ||
| }; | ||
| const validationInput: LegacyConfigValidationInput = { |
There was a problem hiding this comment.
Include API validation in db TOML checks
On the db/migration paths this validationInput omits the api section, so legacyValidateResolvedConfig never runs Go's Config.Validate checks for api.enabled/api.port/api.tls.* even though Go's flags.LoadConfig does so before commands like db reset or db push touch the database. For example, a config with [api] port = 0 is rejected by Go with Missing required field in config: api.port, but the native reset path reaches the destructive work because only db/storage/auth/etc. are passed here; include the API-derived validation input (with the same defaults/env overrides) in this object.
Useful? React with 👍 / 👎.
| containerCliExitCode(spawner, ["stop", id], { | ||
| stdin: "ignore", | ||
| stdout: "ignore", | ||
| stderr: "ignore", | ||
| }).pipe(Effect.result), |
There was a problem hiding this comment.
Ignore already-stopped containers during stop
When a matching Supabase container is already stopped (for example after a partial/failed previous stop), this path lists all containers with all: true and then invokes the Docker CLI stop command on each one. The Docker CLI docs describe docker container stop as stopping running containers, and the Go implementation explicitly ignores the Engine API's already-stopped/not-modified error (apps/cli-go/internal/utils/docker.go:108-113); here a nonzero stop result aborts before prune removes the stale container/volumes. Filter the stop phase to running containers or ignore the already-stopped case before failing.
Useful? React with 👍 / 👎.
…dates (#5876) Bumps the docker-minor group with 6 updates in the /apps/cli-go/pkg/config/templates directory: | Package | From | To | | --- | --- | --- | | postgrest/postgrest | `v14.14` | `v14.15` | | supabase/studio | `2026.07.07-sha-a6a04f2` | `2026.07.13-sha-b5ada96` | | supabase/gotrue | `v2.192.0` | `v2.193.0` | | supabase/realtime | `v2.112.10` | `v2.113.4` | | supabase/storage-api | `v1.66.2` | `v1.66.4` | | supabase/logflare | `1.47.0` | `1.47.1` | Updates `postgrest/postgrest` from v14.14 to v14.15 Updates `supabase/studio` from 2026.07.07-sha-a6a04f2 to 2026.07.13-sha-b5ada96 Updates `supabase/gotrue` from v2.192.0 to v2.193.0 Updates `supabase/realtime` from v2.112.10 to v2.113.4 Updates `supabase/storage-api` from v1.66.2 to v1.66.4 Updates `supabase/logflare` from 1.47.0 to 1.47.1 Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Julien Goux <hi@jgoux.dev>
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 377d47576e
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| const loadedConfig = yield* loadProjectConfig(runtimeInfo.cwd, { | ||
| projectRef: ref, | ||
| goViperCompat: true, | ||
| }).pipe( |
There was a problem hiding this comment.
Pass Go-style project env when loading remote secrets
When secrets set --project-ref <remote> relies on a selected [remotes.*].edge_runtime.secrets entry such as FOO = "env(FOO)", this remote-aware load still lets @supabase/config resolve env references using only ambient plus supabase/.env/.env.local; the later loadProjectEnvironment call uses the same narrower file set. Go's flags.LoadConfig runs loadNestedEnv before DecryptSecretHookFunc, so values from project-root or SUPABASE_ENV-selected dotenv files are hashed and uploaded. Here they remain literal env(...), fail the Redacted.isRedacted check, and the command silently omits those configured remote secrets.
Useful? React with 👍 / 👎.
| args.push(`--yes=${yes}`); | ||
| return args; |
There was a problem hiding this comment.
Forward --experimental to the delegated reset
When db reset --linked --experimental (or a remote --db-url) delegates the versionless experimental path, this rebuilt argv never forwards the explicit global --experimental flag and the delegate only sets SUPABASE_TELEMETRY_DISABLED. The parent selects this branch because its own resolved experimental is true, but the Go child then sees viper.GetBool("EXPERIMENTAL") == false and apply.MigrateAndSeed applies migration files instead of the schema-file path the user requested, leaving the remote database reset to the wrong source of truth. Forward --experimental or set SUPABASE_EXPERIMENTAL=true for this child when the parent flag enabled delegation.
Useful? React with 👍 / 👎.
| // `SUPABASE_YES` / `SUPABASE_EXPERIMENTAL` set only in `supabase/.env` is honored. Load the | ||
| // project env first and resolve both gates against it, as `db pull` does for `yes`. | ||
| const projectEnv = yield* legacyLoadProjectEnv(fs, path, workdir); | ||
| const yes = yield* legacyResolveYesWithProjectEnv(projectEnv); |
There was a problem hiding this comment.
Preserve a shell SUPABASE_YES=false guard
When the shell exports SUPABASE_YES=false but the project dotenv contains SUPABASE_YES=true, Go's godotenv.Load keeps the existing shell value and viper.GetBool("YES") remains false, so remote resets still prompt. This new project-env-aware path calls legacyResolveYesWithProjectEnv, which ORs the shell and project values, letting the dotenv true override the explicit shell false; db reset --linked/--db-url can therefore auto-confirm and reset the remote database even though the user set a false guard. Resolve SUPABASE_YES with existence/precedence semantics instead of boolean OR before using it here.
Useful? React with 👍 / 👎.
…tes (#5886) Bumps the npm-major group with 19 updates in the / directory: | Package | From | To | | --- | --- | --- | | [undici](https://github.com/nodejs/undici) | `8.6.0` | `8.7.0` | | [@supabase/supabase-js](https://github.com/supabase/supabase-js/tree/HEAD/packages/core/supabase-js) | `2.110.0` | `2.110.2` | | [@anthropic-ai/claude-agent-sdk](https://github.com/anthropics/claude-agent-sdk-typescript) | `0.3.201` | `0.3.206` | | [posthog-node](https://github.com/PostHog/posthog-js/tree/HEAD/packages/node) | `5.39.4` | `5.40.0` | | [fumadocs-core](https://github.com/fuma-nama/fumadocs) | `16.10.7` | `16.11.1` | | [fumadocs-mdx](https://github.com/fuma-nama/fumadocs) | `15.0.13` | `15.1.0` | | [fumadocs-ui](https://github.com/fuma-nama/fumadocs) | `16.10.7` | `16.11.1` | | [typescript](https://github.com/microsoft/TypeScript) | `6.0.3` | `7.0.2` | | [@effect/atom-react](https://github.com/Effect-TS/effect-smol/tree/HEAD/packages/atom/react) | `4.0.0-beta.93` | `4.0.0-beta.94` | | [@effect/platform-bun](https://github.com/Effect-TS/effect/tree/HEAD/packages/platform-bun) | `4.0.0-beta.93` | `4.0.0-beta.94` | | [@effect/platform-node](https://github.com/Effect-TS/effect/tree/HEAD/packages/platform-node) | `4.0.0-beta.93` | `4.0.0-beta.94` | | [@effect/sql-pg](https://github.com/Effect-TS/effect/tree/HEAD/packages/sql-pg) | `4.0.0-beta.93` | `4.0.0-beta.94` | | [@effect/vitest](https://github.com/Effect-TS/effect/tree/HEAD/packages/vitest) | `4.0.0-beta.93` | `4.0.0-beta.97` | | [@typescript/native-preview](https://github.com/microsoft/typescript-go) | `7.0.0-dev.20260703.1` | `7.0.0-dev.20260707.2` | | [@vitest/coverage-istanbul](https://github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-istanbul) | `4.1.9` | `4.1.10` | | [effect](https://github.com/Effect-TS/effect/tree/HEAD/packages/effect) | `4.0.0-beta.93` | `4.0.0-beta.97` | | [oxfmt](https://github.com/oxc-project/oxc/tree/HEAD/npm/oxfmt) | `0.57.0` | `0.58.0` | | [tldts](https://github.com/remusao/tldts) | `6.1.86` | `7.4.8` | | [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `4.1.9` | `4.1.10` | Updates `undici` from 8.6.0 to 8.7.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/nodejs/undici/releases">undici's releases</a>.</em></p> <blockquote> <h2>v8.7.0</h2> <h2>What's Changed</h2> <ul> <li>test: guard balanced-pool error port lookup by <a href="https://github.com/mcollina"><code>@mcollina</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/5463">nodejs/undici#5463</a></li> <li>perf: optimize http/2 request hot path by <a href="https://github.com/mcollina"><code>@mcollina</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/5483">nodejs/undici#5483</a></li> <li>fix: do not reject open-ended Range values in simpleRangeHeaderValue by <a href="https://github.com/spokodev"><code>@spokodev</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/5490">nodejs/undici#5490</a></li> <li>fix(eventsource): set use-URL-credentials flag by <a href="https://github.com/Ram-blip"><code>@Ram-blip</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/5489">nodejs/undici#5489</a></li> <li>test: deflake connect-timeout watchdog by <a href="https://github.com/mcollina"><code>@mcollina</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/5197">nodejs/undici#5197</a></li> <li>docs: correct npm script name and JSON syntax in examples by <a href="https://github.com/lenoxfernando"><code>@lenoxfernando</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/5496">nodejs/undici#5496</a></li> <li>fix: reject non-ascii octets in validateCookiePath by <a href="https://github.com/spokodev"><code>@spokodev</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/5452">nodejs/undici#5452</a></li> <li>fix(readable): ignore late consume chunks by <a href="https://github.com/marko1olo"><code>@marko1olo</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/5375">nodejs/undici#5375</a></li> <li>fix(h2): destroy the stream on abort instead of relying on close() by <a href="https://github.com/staylor"><code>@staylor</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/5462">nodejs/undici#5462</a></li> <li>fix: ignore an unparseable Set-Cookie Expires attribute by <a href="https://github.com/spokodev"><code>@spokodev</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/5488">nodejs/undici#5488</a></li> <li>docs: add reproduction guide and update bug report template by <a href="https://github.com/mcollina"><code>@mcollina</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/5451">nodejs/undici#5451</a></li> <li>fix(h2): guard onResponse against a 'response' event delivered after completion by <a href="https://github.com/staylor"><code>@staylor</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/5440">nodejs/undici#5440</a></li> <li>fix(h2): requeue request on GOAWAY'd session instead of crashing by <a href="https://github.com/staylor"><code>@staylor</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/5453">nodejs/undici#5453</a></li> <li>fix: add static buildDispatch method to RedirectHandler type definition by <a href="https://github.com/matthieusieben"><code>@matthieusieben</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/5442">nodejs/undici#5442</a></li> <li>fix: auto-detect HTTP proxy tunneling by <a href="https://github.com/mcollina"><code>@mcollina</code></a> in <a href="https://redirect.github.com/nodejs/undici/pull/5116">nodejs/undici#5116</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/spokodev"><code>@spokodev</code></a> made their first contribution in <a href="https://redirect.github.com/nodejs/undici/pull/5490">nodejs/undici#5490</a></li> <li><a href="https://github.com/lenoxfernando"><code>@lenoxfernando</code></a> made their first contribution in <a href="https://redirect.github.com/nodejs/undici/pull/5496">nodejs/undici#5496</a></li> <li><a href="https://github.com/staylor"><code>@staylor</code></a> made their first contribution in <a href="https://redirect.github.com/nodejs/undici/pull/5462">nodejs/undici#5462</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/nodejs/undici/compare/v8.6.0...v8.7.0">https://github.com/nodejs/undici/compare/v8.6.0...v8.7.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/nodejs/undici/commit/cb4c2f1f7231d82bd699aa3a09efb5a235faaa3b"><code>cb4c2f1</code></a> Bumped v8.7.0 (<a href="https://redirect.github.com/nodejs/undici/issues/5501">#5501</a>)</li> <li><a href="https://github.com/nodejs/undici/commit/a8d1a95bae4d2502831b5cde35310ad45e42e88e"><code>a8d1a95</code></a> fix: auto-detect HTTP proxy tunneling (<a href="https://redirect.github.com/nodejs/undici/issues/5116">#5116</a>)</li> <li><a href="https://github.com/nodejs/undici/commit/cb30e58b45d7c92b03fa9ee0b4a54b5fde1e0573"><code>cb30e58</code></a> fix: add static buildDispatch method to RedirectHandler type definition (<a href="https://redirect.github.com/nodejs/undici/issues/5442">#5442</a>)</li> <li><a href="https://github.com/nodejs/undici/commit/0c08579ebdf3712290803b03cb5b5986e284874b"><code>0c08579</code></a> fix(h2): requeue request on GOAWAY'd session instead of crashing (<a href="https://redirect.github.com/nodejs/undici/issues/5453">#5453</a>)</li> <li><a href="https://github.com/nodejs/undici/commit/e5b3364ddc620c0d1c61424d1278fc0965207477"><code>e5b3364</code></a> fix(h2): guard onResponse against a 'response' event delivered after completi...</li> <li><a href="https://github.com/nodejs/undici/commit/c0007f4b7998c5547ead5eda39e0dfd18a545639"><code>c0007f4</code></a> docs: add reproduction guide and update bug report template (<a href="https://redirect.github.com/nodejs/undici/issues/5451">#5451</a>)</li> <li><a href="https://github.com/nodejs/undici/commit/e529cabb88e3cf315cf3007af15db195fb649a45"><code>e529cab</code></a> fix: ignore an unparseable Set-Cookie Expires attribute (<a href="https://redirect.github.com/nodejs/undici/issues/5488">#5488</a>)</li> <li><a href="https://github.com/nodejs/undici/commit/754742ce63e7373f6c61a3b5052150e365bf9d54"><code>754742c</code></a> fix(h2): destroy the stream on abort instead of relying on close() (<a href="https://redirect.github.com/nodejs/undici/issues/5462">#5462</a>)</li> <li><a href="https://github.com/nodejs/undici/commit/db34f5ffa4b40f71c43dfbde1046040a350767e8"><code>db34f5f</code></a> fix(readable): ignore late consume chunks (<a href="https://redirect.github.com/nodejs/undici/issues/5375">#5375</a>)</li> <li><a href="https://github.com/nodejs/undici/commit/4ea05a899203cab2f4e87fe3e5dc76b64048e101"><code>4ea05a8</code></a> fix: reject non-ascii octets in validateCookiePath (<a href="https://redirect.github.com/nodejs/undici/issues/5452">#5452</a>)</li> <li>Additional commits viewable in <a href="https://github.com/nodejs/undici/compare/v8.6.0...v8.7.0">compare view</a></li> </ul> </details> <br /> Updates `@supabase/supabase-js` from 2.110.0 to 2.110.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/supabase/supabase-js/releases">@supabase/supabase-js's releases</a>.</em></p> <blockquote> <h2>v2.110.2</h2> <h2>2.110.2 (2026-07-09)</h2> <h3>🩹 Fixes</h3> <ul> <li><strong>auth:</strong> clear local session on signout failures (<a href="https://redirect.github.com/supabase/supabase-js/pull/2504">#2504</a>)</li> </ul> <h3>❤️ Thank You</h3> <ul> <li>Luc Peng</li> </ul> <h2>v2.110.2-canary.0</h2> <h2>2.110.2-canary.0 (2026-07-07)</h2> <h3>🩹 Fixes</h3> <ul> <li><strong>auth:</strong> clear local session on signout failures (<a href="https://redirect.github.com/supabase/supabase-js/pull/2504">#2504</a>)</li> </ul> <h3>❤️ Thank You</h3> <ul> <li>Luc Peng</li> </ul> <h2>v2.110.1</h2> <h2>2.110.1 (2026-07-07)</h2> <h3>🩹 Fixes</h3> <ul> <li><strong>auth:</strong> defer init-time notifications until initializePromise resolves (<a href="https://redirect.github.com/supabase/supabase-js/pull/2498">#2498</a>)</li> <li><strong>realtime:</strong> suppress disconnected status from onHeartbeat consumers (<a href="https://redirect.github.com/supabase/supabase-js/pull/2496">#2496</a>)</li> </ul> <h3>❤️ Thank You</h3> <ul> <li>Katerina Skroumpelou <a href="https://github.com/mandarini"><code>@mandarini</code></a></li> </ul> <h2>v2.110.1-canary.0</h2> <h2>2.110.1-canary.0 (2026-07-07)</h2> <h3>🩹 Fixes</h3> <ul> <li><strong>auth:</strong> defer init-time notifications until initializePromise resolves (<a href="https://redirect.github.com/supabase/supabase-js/pull/2498">#2498</a>)</li> <li><strong>realtime:</strong> suppress disconnected status from onHeartbeat consumers (<a href="https://redirect.github.com/supabase/supabase-js/pull/2496">#2496</a>)</li> </ul> <h3>❤️ Thank You</h3> <ul> <li>Katerina Skroumpelou <a href="https://github.com/mandarini"><code>@mandarini</code></a></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/supabase/supabase-js/blob/master/packages/core/supabase-js/CHANGELOG.md">@supabase/supabase-js's changelog</a>.</em></p> <blockquote> <h2>2.110.2 (2026-07-09)</h2> <p>This was a version bump only for <code>@supabase/supabase-js</code> to align it with other projects, there were no code changes.</p> <h2>2.110.1 (2026-07-07)</h2> <p>This was a version bump only for <code>@supabase/supabase-js</code> to align it with other projects, there were no code changes.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/supabase/supabase-js/commit/559dfb0cc3c9567b493856ca8daa6b77bff550fa"><code>559dfb0</code></a> chore(release): version 2.110.1 changelogs (<a href="https://github.com/supabase/supabase-js/tree/HEAD/packages/core/supabase-js/issues/2505">#2505</a>)</li> <li><a href="https://github.com/supabase/supabase-js/commit/b05dc294b92ede4c9ee6a5d69c75d56325a38004"><code>b05dc29</code></a> docs(repo): register custom typedoc tags and clean up jsdoc warnings (<a href="https://github.com/supabase/supabase-js/tree/HEAD/packages/core/supabase-js/issues/2500">#2500</a>)</li> <li><a href="https://github.com/supabase/supabase-js/commit/291dfc8a568195a7120efeb57284ba99ce1da36f"><code>291dfc8</code></a> chore(release): version 2.110.0 changelogs (<a href="https://github.com/supabase/supabase-js/tree/HEAD/packages/core/supabase-js/issues/2483">#2483</a>)</li> <li>See full diff in <a href="https://github.com/supabase/supabase-js/commits/v2.110.2/packages/core/supabase-js">compare view</a></li> </ul> </details> <br /> Updates `@anthropic-ai/claude-agent-sdk` from 0.3.201 to 0.3.206 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/anthropics/claude-agent-sdk-typescript/releases">@anthropic-ai/claude-agent-sdk's releases</a>.</em></p> <blockquote> <h2>v0.3.206</h2> <h2>What's changed</h2> <ul> <li>Added <code>command_lifecycle</code> frames to stream-json and SDK sessions, reporting each uuid-stamped message's terminal state (<code>queued</code>/<code>started</code>/<code>completed</code>/<code>cancelled</code>/<code>discarded</code>); zero-API results no longer report stale <code>duration_api_ms</code></li> </ul> <h2>Update</h2> <pre lang="sh"><code>npm install @anthropic-ai/claude-agent-sdk@0.3.206 # or yarn add @anthropic-ai/claude-agent-sdk@0.3.206 # or pnpm add @anthropic-ai/claude-agent-sdk@0.3.206 # or bun add @anthropic-ai/claude-agent-sdk@0.3.206 </code></pre> <h2>v0.3.205</h2> <h2>What's changed</h2> <ul> <li>Interrupt control responses now include <code>still_queued</code> (UUIDs of queued async messages that will still run), <code>Query.interrupt()</code> returns the typed receipt, and <code>system/init</code> advertises an <code>interrupt_receipt_v1</code> capability for feature detection</li> <li>Added structured <code>name</code> and <code>body</code> fields to peer-message session events, exposing the sender display name and decoded message body</li> </ul> <h2>Update</h2> <pre lang="sh"><code>npm install @anthropic-ai/claude-agent-sdk@0.3.205 # or yarn add @anthropic-ai/claude-agent-sdk@0.3.205 # or pnpm add @anthropic-ai/claude-agent-sdk@0.3.205 # or bun add @anthropic-ai/claude-agent-sdk@0.3.205 </code></pre> <h2>v0.3.204</h2> <h2>What's changed</h2> <ul> <li>Updated to parity with Claude Code v2.1.204</li> </ul> <h2>Update</h2> <pre lang="sh"><code>npm install @anthropic-ai/claude-agent-sdk@0.3.204 # or yarn add @anthropic-ai/claude-agent-sdk@0.3.204 # or pnpm add @anthropic-ai/claude-agent-sdk@0.3.204 # or bun add @anthropic-ai/claude-agent-sdk@0.3.204 </tr></table> </code></pre> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/anthropics/claude-agent-sdk-typescript/blob/main/CHANGELOG.md">@anthropic-ai/claude-agent-sdk's changelog</a>.</em></p> <blockquote> <h2>0.3.206</h2> <ul> <li>Added <code>command_lifecycle</code> frames to stream-json and SDK sessions, reporting each uuid-stamped message's terminal state (<code>queued</code>/<code>started</code>/<code>completed</code>/<code>cancelled</code>/<code>discarded</code>); zero-API results no longer report stale <code>duration_api_ms</code></li> </ul> <h2>0.3.205</h2> <ul> <li>Interrupt control responses now include <code>still_queued</code> (UUIDs of queued async messages that will still run), <code>Query.interrupt()</code> returns the typed receipt, and <code>system/init</code> advertises an <code>interrupt_receipt_v1</code> capability for feature detection</li> <li>Added structured <code>name</code> and <code>body</code> fields to peer-message session events, exposing the sender display name and decoded message body</li> </ul> <h2>0.3.204</h2> <ul> <li>Added <code>terminal_reason</code> values <code>tool_deferred_unavailable</code> (deferred tool resume found the tool gone — previously an <code>is_error</code> result with no reason, read as a clean completion by lifecycle sweeps) and <code>turn_setup_failed</code> (the turn-input builder threw before the turn started). Both classify as dead turns, so commands consumed by them report <code>command_lifecycle</code> state <code>cancelled</code></li> <li>Fixed the post-merge cancel backstop cancelling every member of a coalesced prompt batch when a cancel named only one: uncancelled siblings now re-merge and run (previously they were reported <code>cancelled</code> — on remote transports that acknowledged them as processed, silently dropping messages nobody cancelled)</li> <li>Added <code>terminal_reason</code> values <code>api_error</code>, <code>malformed_tool_use_exhausted</code>, <code>budget_exhausted</code>, and <code>structured_output_retry_exhausted</code>. Turns that die on an exhausted-API-retry or malformed-tool-use give-up previously reported <code>completed</code>; budget and structured-output exhaustion results previously omitted <code>terminal_reason</code>. Commands consumed by such turns now report <code>command_lifecycle</code> state <code>cancelled</code> instead of <code>completed</code> (dup-over-loss)</li> <li>Updated to parity with Claude Code v2.1.204</li> </ul> <h2>0.3.203</h2> <ul> <li>Added a <code>background_tasks_changed</code> system message with the full set of live background tasks on every membership change, so consumers can track background activity as a level instead of pairing <code>task_started</code>/<code>task_notification</code> edges</li> <li>Fixed stable releases shipping a <code>sdk.d.ts</code> with unresolved type references that broke consumer typechecking with <code>skipLibCheck</code> disabled</li> </ul> <h2>0.3.202</h2> <ul> <li>Added <code>parent_agent_id</code> field to subagent session messages for building depth-2+ agent trees from disk-persisted metadata</li> <li>Fixed <code>apply_flag_settings</code> with a non-object settings value crashing the session instead of returning a control error</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/anthropics/claude-agent-sdk-typescript/commit/9fc7ea5ff6a2caa382fceabca2fde7e53064e5a9"><code>9fc7ea5</code></a> chore: Update CHANGELOG.md</li> <li><a href="https://github.com/anthropics/claude-agent-sdk-typescript/commit/95e94bf8ba194fc956262ed77d83ce41a70d9e6d"><code>95e94bf</code></a> chore: Update CHANGELOG.md</li> <li><a href="https://github.com/anthropics/claude-agent-sdk-typescript/commit/0aed196f5a99e8923f616810309bb1a0e2b122aa"><code>0aed196</code></a> chore: Update CHANGELOG.md</li> <li><a href="https://github.com/anthropics/claude-agent-sdk-typescript/commit/7feb85d8294d681028c651f284480c635134042a"><code>7feb85d</code></a> chore: Update CHANGELOG.md</li> <li><a href="https://github.com/anthropics/claude-agent-sdk-typescript/commit/eb18b2a6deaca8314389bb245e8198e49d49c58e"><code>eb18b2a</code></a> chore: Update CHANGELOG.md</li> <li><a href="https://github.com/anthropics/claude-agent-sdk-typescript/commit/46d7df98eb69b8ef550d7299f3dfb53e5fb0a144"><code>46d7df9</code></a> chore: Update CHANGELOG.md</li> <li>See full diff in <a href="https://github.com/anthropics/claude-agent-sdk-typescript/compare/v0.3.201...v0.3.206">compare view</a></li> </ul> </details> <br /> Updates `posthog-node` from 5.39.4 to 5.40.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/PostHog/posthog-js/releases">posthog-node's releases</a>.</em></p> <blockquote> <h2>posthog-node@5.40.0</h2> <h2>5.40.0</h2> <h3>Minor Changes</h3> <ul> <li><a href="https://redirect.github.com/PostHog/posthog-js/pull/4060">#4060</a> <a href="https://github.com/PostHog/posthog-js/commit/0b49a4cc6e76285b6164a4a3e596049bb5b5d4ae"><code>0b49a4c</code></a> Thanks <a href="https://github.com/turnipdabeets"><code>@turnipdabeets</code></a>! - Add <code>secretKey</code> config as the canonical alias for the deprecated <code>personalApiKey</code> (accepts a Personal API Key or Project Secret API Key). (2026-07-07)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/PostHog/posthog-js/blob/main/packages/node/CHANGELOG.md">posthog-node's changelog</a>.</em></p> <blockquote> <h2>5.40.0</h2> <h3>Minor Changes</h3> <ul> <li><a href="https://redirect.github.com/PostHog/posthog-js/pull/4060">#4060</a> <a href="https://github.com/PostHog/posthog-js/commit/0b49a4cc6e76285b6164a4a3e596049bb5b5d4ae"><code>0b49a4c</code></a> Thanks <a href="https://github.com/turnipdabeets"><code>@turnipdabeets</code></a>! - Add <code>secretKey</code> config as the canonical alias for the deprecated <code>personalApiKey</code> (accepts a Personal API Key or Project Secret API Key). (2026-07-07)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/PostHog/posthog-js/commit/954919d1070090fb6b3893bbb2dcbf3c503ec020"><code>954919d</code></a> chore: update versions and lockfile [version bump]</li> <li><a href="https://github.com/PostHog/posthog-js/commit/0b49a4cc6e76285b6164a4a3e596049bb5b5d4ae"><code>0b49a4c</code></a> feat(node): add secretKey config, deprecate personalApiKey (<a href="https://github.com/PostHog/posthog-js/tree/HEAD/packages/node/issues/4060">#4060</a>)</li> <li><a href="https://github.com/PostHog/posthog-js/commit/859fd4400168d93cb93b12b3eb3efb7c6c7c19c2"><code>859fd44</code></a> chore(deps): weekly safe npm updates · 10 packages (<a href="https://github.com/PostHog/posthog-js/tree/HEAD/packages/node/issues/4087">#4087</a>)</li> <li>See full diff in <a href="https://github.com/PostHog/posthog-js/commits/posthog-node@5.40.0/packages/node">compare view</a></li> </ul> </details> <br /> Updates `fumadocs-core` from 16.10.7 to 16.11.1 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/fuma-nama/fumadocs/commit/ab09f500cb0c7904b9e7fcf25debb8f53f54ded8"><code>ab09f50</code></a> Version Packages (<a href="https://redirect.github.com/fuma-nama/fumadocs/issues/3405">#3405</a>)</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/889a296d06f669308a51af994ddf5e62783f6b3c"><code>889a296</code></a> docs: update stale content</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/a5c081d0c6ba6e4d57fdfeaa982925bdf9941215"><code>a5c081d</code></a> fix: UI inconsistencies</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/9a269030dff857982d848aac5b4944abf30cfb77"><code>9a26903</code></a> Version Packages</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/3e33f4362f257741f68806c9db96fe7f0828a2df"><code>3e33f43</code></a> perf(satteri): reduce clones</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/3597c9d1e6b1a038cf3b52c5aed448ef13fbe5e5"><code>3597c9d</code></a> perf(satteri): persist results</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/0f389cf3def8f8188316c13af7ec9e2adcd206c3"><code>0f389cf</code></a> feat(satteri): decouple imports/exports from <code>compile()</code></li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/4611f97d49f000c23600e09619bd13ae97d298b7"><code>4611f97</code></a> feat(satteri): full rehype-toc functionality</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/d09530076098b3a297e1d90f295dd1ab7c6564d6"><code>d095300</code></a> fix(satteri): workaround common issues</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/0297e25477d3120c9e4da796f244ab2866b61292"><code>0297e25</code></a> configure pretrust</li> <li>Additional commits viewable in <a href="https://github.com/fuma-nama/fumadocs/compare/fumadocs@16.10.7...fumadocs@16.11.1">compare view</a></li> </ul> </details> <br /> Updates `fumadocs-mdx` from 15.0.13 to 15.1.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/fuma-nama/fumadocs/releases">fumadocs-mdx's releases</a>.</em></p> <blockquote> <h2>fumadocs-mdx@15.1.0</h2> <h3>Default to Base UI</h3> <p>Internal packages & templates now use Base UI rather than Radix UI.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/fuma-nama/fumadocs/commit/9a269030dff857982d848aac5b4944abf30cfb77"><code>9a26903</code></a> Version Packages</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/3e33f4362f257741f68806c9db96fe7f0828a2df"><code>3e33f43</code></a> perf(satteri): reduce clones</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/3597c9d1e6b1a038cf3b52c5aed448ef13fbe5e5"><code>3597c9d</code></a> perf(satteri): persist results</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/0f389cf3def8f8188316c13af7ec9e2adcd206c3"><code>0f389cf</code></a> feat(satteri): decouple imports/exports from <code>compile()</code></li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/4611f97d49f000c23600e09619bd13ae97d298b7"><code>4611f97</code></a> feat(satteri): full rehype-toc functionality</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/d09530076098b3a297e1d90f295dd1ab7c6564d6"><code>d095300</code></a> fix(satteri): workaround common issues</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/0297e25477d3120c9e4da796f244ab2866b61292"><code>0297e25</code></a> configure pretrust</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/02c242b0daf08dee4f498bfd787604d039f3fa80"><code>02c242b</code></a> chore(satteri): clean code</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/3d80b8b24221ef3cf788fe3f4f1e48fc9e0aefe1"><code>3d80b8b</code></a> fix(mdx): ensure satteri integration is optional</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/0ec19af8682cf9c2149a3ea3e04af1fe4fe9cc0e"><code>0ec19af</code></a> feat(satteri): more tests & move remark-include</li> <li>Additional commits viewable in <a href="https://github.com/fuma-nama/fumadocs/compare/fumadocs-mdx@15.0.13...fumadocs-mdx@15.1.0">compare view</a></li> </ul> </details> <br /> Updates `fumadocs-ui` from 16.10.7 to 16.11.1 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/fuma-nama/fumadocs/commit/ab09f500cb0c7904b9e7fcf25debb8f53f54ded8"><code>ab09f50</code></a> Version Packages (<a href="https://redirect.github.com/fuma-nama/fumadocs/issues/3405">#3405</a>)</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/889a296d06f669308a51af994ddf5e62783f6b3c"><code>889a296</code></a> docs: update stale content</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/a5c081d0c6ba6e4d57fdfeaa982925bdf9941215"><code>a5c081d</code></a> fix: UI inconsistencies</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/9a269030dff857982d848aac5b4944abf30cfb77"><code>9a26903</code></a> Version Packages</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/3e33f4362f257741f68806c9db96fe7f0828a2df"><code>3e33f43</code></a> perf(satteri): reduce clones</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/3597c9d1e6b1a038cf3b52c5aed448ef13fbe5e5"><code>3597c9d</code></a> perf(satteri): persist results</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/0f389cf3def8f8188316c13af7ec9e2adcd206c3"><code>0f389cf</code></a> feat(satteri): decouple imports/exports from <code>compile()</code></li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/4611f97d49f000c23600e09619bd13ae97d298b7"><code>4611f97</code></a> feat(satteri): full rehype-toc functionality</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/d09530076098b3a297e1d90f295dd1ab7c6564d6"><code>d095300</code></a> fix(satteri): workaround common issues</li> <li><a href="https://github.com/fuma-nama/fumadocs/commit/0297e25477d3120c9e4da796f244ab2866b61292"><code>0297e25</code></a> configure pretrust</li> <li>Additional commits viewable in <a href="https://github.com/fuma-nama/fumadocs/compare/fumadocs@16.10.7...fumadocs@16.11.1">compare view</a></li> </ul> </details> <br /> Updates `typescript` from 6.0.3 to 7.0.2 <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/microsoft/TypeScript/commits">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~microsoft1es">microsoft1es</a>, a new releaser for typescript since your current version.</p> </details> <br /> Updates `@effect/atom-react` from 4.0.0-beta.93 to 4.0.0-beta.94 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/Effect-TS/effect-smol/releases">@effect/atom-react's releases</a>.</em></p> <blockquote> <h2><code>@effect/atom-react</code><a href="https://github.com/4"><code>@4</code></a>.0.0-beta.94</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies [<a href="https://github.com/Effect-TS/effect-smol/commit/95a0e9bb62797af0e81c9998773405f248f218c5"><code>95a0e9b</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/a0a3490bbce765f199d8e077aceac504f0462e63"><code>a0a3490</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/f11ce73af60823754dc24194f4ffc561b9ea1c2d"><code>f11ce73</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/ff30b6e7c2c63ffc56a4c5818d6d86b01b5ad528"><code>ff30b6e</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/1caab3cc30f626efbf15e59d74f539a487e5c85c"><code>1caab3c</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/aa80c4775a04db87553e5568764cab7e32a72814"><code>aa80c47</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/c2ae4fce2f03a4cd1861c2b1179da7df656e662d"><code>c2ae4fc</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/a0a3490bbce765f199d8e077aceac504f0462e63"><code>a0a3490</code></a>]: <ul> <li>effect@4.0.0-beta.94</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/Effect-TS/effect-smol/blob/main/packages/atom/react/CHANGELOG.md">@effect/atom-react's changelog</a>.</em></p> <blockquote> <h2>4.0.0-beta.94</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies [<a href="https://github.com/Effect-TS/effect-smol/commit/95a0e9bb62797af0e81c9998773405f248f218c5"><code>95a0e9b</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/a0a3490bbce765f199d8e077aceac504f0462e63"><code>a0a3490</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/f11ce73af60823754dc24194f4ffc561b9ea1c2d"><code>f11ce73</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/ff30b6e7c2c63ffc56a4c5818d6d86b01b5ad528"><code>ff30b6e</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/1caab3cc30f626efbf15e59d74f539a487e5c85c"><code>1caab3c</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/aa80c4775a04db87553e5568764cab7e32a72814"><code>aa80c47</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/c2ae4fce2f03a4cd1861c2b1179da7df656e662d"><code>c2ae4fc</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/a0a3490bbce765f199d8e077aceac504f0462e63"><code>a0a3490</code></a>]: <ul> <li>effect@4.0.0-beta.94</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/Effect-TS/effect-smol/commit/82951e58d341d79b6fcb51bb9c122ced02f01b38"><code>82951e5</code></a> Version Packages (beta) (<a href="https://github.com/Effect-TS/effect-smol/tree/HEAD/packages/atom/react/issues/2525">#2525</a>)</li> <li>See full diff in <a href="https://github.com/Effect-TS/effect-smol/commits/@effect/atom-react@4.0.0-beta.94/packages/atom/react">compare view</a></li> </ul> </details> <br /> Updates `@effect/platform-bun` from 4.0.0-beta.93 to 4.0.0-beta.94 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/Effect-TS/effect/blob/main/packages/platform-bun/CHANGELOG.md">@effect/platform-bun's changelog</a>.</em></p> <blockquote> <h2>4.0.0-beta.94</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/Effect-TS/effect-smol/pull/2537">#2537</a> <a href="https://github.com/Effect-TS/effect-smol/commit/6d2c614fab3da932afbb52e849c2663cf32d7d57"><code>6d2c614</code></a> Thanks <a href="https://github.com/tim-smart"><code>@tim-smart</code></a>! - optimize bun stream reading</p> </li> <li> <p>Updated dependencies [<a href="https://github.com/Effect-TS/effect-smol/commit/95a0e9bb62797af0e81c9998773405f248f218c5"><code>95a0e9b</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/a0a3490bbce765f199d8e077aceac504f0462e63"><code>a0a3490</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/f11ce73af60823754dc24194f4ffc561b9ea1c2d"><code>f11ce73</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/ff30b6e7c2c63ffc56a4c5818d6d86b01b5ad528"><code>ff30b6e</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/1caab3cc30f626efbf15e59d74f539a487e5c85c"><code>1caab3c</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/aa80c4775a04db87553e5568764cab7e32a72814"><code>aa80c47</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/c2ae4fce2f03a4cd1861c2b1179da7df656e662d"><code>c2ae4fc</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/a0a3490bbce765f199d8e077aceac504f0462e63"><code>a0a3490</code></a>]:</p> <ul> <li>effect@4.0.0-beta.94</li> <li><code>@effect/platform-node-shared</code><a href="https://github.com/4"><code>@4</code></a>.0.0-beta.94</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/Effect-TS/effect/commit/82951e58d341d79b6fcb51bb9c122ced02f01b38"><code>82951e5</code></a> Version Packages (beta) (<a href="https://github.com/Effect-TS/effect/tree/HEAD/packages/platform-bun/issues/2525">#2525</a>)</li> <li><a href="https://github.com/Effect-TS/effect/commit/6d2c614fab3da932afbb52e849c2663cf32d7d57"><code>6d2c614</code></a> optimize bun stream reading (<a href="https://github.com/Effect-TS/effect/tree/HEAD/packages/platform-bun/issues/2537">#2537</a>)</li> <li>See full diff in <a href="https://github.com/Effect-TS/effect/commits/@effect/platform-bun@4.0.0-beta.94/packages/platform-bun">compare view</a></li> </ul> </details> <br /> Updates `@effect/platform-node` from 4.0.0-beta.93 to 4.0.0-beta.94 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/Effect-TS/effect/blob/main/packages/platform-node/CHANGELOG.md">@effect/platform-node's changelog</a>.</em></p> <blockquote> <h2>4.0.0-beta.94</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies [<a href="https://github.com/Effect-TS/effect-smol/commit/95a0e9bb62797af0e81c9998773405f248f218c5"><code>95a0e9b</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/a0a3490bbce765f199d8e077aceac504f0462e63"><code>a0a3490</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/f11ce73af60823754dc24194f4ffc561b9ea1c2d"><code>f11ce73</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/ff30b6e7c2c63ffc56a4c5818d6d86b01b5ad528"><code>ff30b6e</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/1caab3cc30f626efbf15e59d74f539a487e5c85c"><code>1caab3c</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/aa80c4775a04db87553e5568764cab7e32a72814"><code>aa80c47</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/c2ae4fce2f03a4cd1861c2b1179da7df656e662d"><code>c2ae4fc</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/a0a3490bbce765f199d8e077aceac504f0462e63"><code>a0a3490</code></a>]: <ul> <li>effect@4.0.0-beta.94</li> <li><code>@effect/platform-node-shared</code><a href="https://github.com/4"><code>@4</code></a>.0.0-beta.94</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/Effect-TS/effect/commit/82951e58d341d79b6fcb51bb9c122ced02f01b38"><code>82951e5</code></a> Version Packages (beta) (<a href="https://github.com/Effect-TS/effect/tree/HEAD/packages/platform-node/issues/2525">#2525</a>)</li> <li>See full diff in <a href="https://github.com/Effect-TS/effect/commits/@effect/platform-node@4.0.0-beta.94/packages/platform-node">compare view</a></li> </ul> </details> <br /> Updates `@effect/sql-pg` from 4.0.0-beta.93 to 4.0.0-beta.94 <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/Effect-TS/effect/commits/@effect/sql-pg@4.0.0-beta.94/packages/sql-pg">compare view</a></li> </ul> </details> <br /> Updates `@effect/vitest` from 4.0.0-beta.93 to 4.0.0-beta.97 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/Effect-TS/effect/blob/main/packages/vitest/CHANGELOG.md">@effect/vitest's changelog</a>.</em></p> <blockquote> <h2>4.0.0-beta.97</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies []: <ul> <li>effect@4.0.0-beta.97</li> </ul> </li> </ul> <h2>4.0.0-beta.96</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies [<a href="https://github.com/Effect-TS/effect-smol/commit/1503f45cb5bb2a74f4705252ec505a1f0ade7e62"><code>1503f45</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/57fe79316ffbc380b30626a168981fb26ae97459"><code>57fe793</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/0c2f78f695ec474e1ff5474da183577975e418f5"><code>0c2f78f</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/0c2f78f695ec474e1ff5474da183577975e418f5"><code>0c2f78f</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/0c2f78f695ec474e1ff5474da183577975e418f5"><code>0c2f78f</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/97f29df457f7ffd07cfb4b379315c12c086af805"><code>97f29df</code></a>]: <ul> <li>effect@4.0.0-beta.96</li> </ul> </li> </ul> <h2>4.0.0-beta.95</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies [<a href="https://github.com/Effect-TS/effect-smol/commit/a482442abdeb490e9652b854ec3495e4aa7273e7"><code>a482442</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/fbefa850fab2f0a302c20614496aeaaa2a8b5590"><code>fbefa85</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/0b4a32f4260f0d8500942a133001b0d349328102"><code>0b4a32f</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/18a49e1786679456258002ff9397faf02f678c2d"><code>18a49e1</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/266cb90bb2c17aabc40563c32db334f09ba3d74b"><code>266cb90</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/912f095a34572bbd3cedf6edb27878443e3e4a95"><code>912f095</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/a6718f9e00a15ca903b0732da46116cbf3d6aca7"><code>a6718f9</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/bef51540a243aa2f872a00c01d0cd58b7a769baa"><code>bef5154</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/18e0564bd0f8ebbdfcaf1e2c21529948e9e4a81d"><code>18e0564</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/fb50f14fc3657c1973785aa5b72ecf0b0d28e0b2"><code>fb50f14</code></a>]: <ul> <li>effect@4.0.0-beta.95</li> </ul> </li> </ul> <h2>4.0.0-beta.94</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies [<a href="https://github.com/Effect-TS/effect-smol/commit/95a0e9bb62797af0e81c9998773405f248f218c5"><code>95a0e9b</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/a0a3490bbce765f199d8e077aceac504f0462e63"><code>a0a3490</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/f11ce73af60823754dc24194f4ffc561b9ea1c2d"><code>f11ce73</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/ff30b6e7c2c63ffc56a4c5818d6d86b01b5ad528"><code>ff30b6e</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/1caab3cc30f626efbf15e59d74f539a487e5c85c"><code>1caab3c</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/aa80c4775a04db87553e5568764cab7e32a72814"><code>aa80c47</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/c2ae4fce2f03a4cd1861c2b1179da7df656e662d"><code>c2ae4fc</code></a>, <a href="https://github.com/Effect-TS/effect-smol/commit/a0a3490bbce765f199d8e077aceac504f0462e63"><code>a0a3490</code></a>]: <ul> <li>effect@4.0.0-beta.94</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/Effect-TS/effect/commit/8e6f66adf1bcfa842829bf787aef26c1d7979991"><code>8e6f66a</code></a> Version Packages (beta) (<a href="https://github.com/Effect-TS/effect/tree/HEAD/packages/vitest/issues/2571">#2571</a>)</li> <li><a href="https://github.com/Effect-TS/effect/commit/d6184fd6ce6288b146820e332ce79aba596aa59c"><code>d6184fd</code></a> Version Packages (beta) (<a href="https://github.com/Effect-TS/effect/tree/HEAD/packages/vitest/issues/2565">#2565</a>)</li> <li><a href="https://github.com/Effect-TS/effect/commit/1503f45cb5bb2a74f4705252ec505a1f0ade7e62"><code>1503f45</code></a> update dependencies (<a href="https://github.com/Effect-TS/effect/tree/HEAD/packages/vitest/issues/2563">#2563</a>)</li> <li><a href="https://github.com/Effect-TS/effect/commit/5434f2e88c16ffb65fd2cfdedc76f33df34c245c"><code>5434f2e</code></a> Version Packages (beta) (<a href="https://github.com/Effect-TS/effect/tree/HEAD/packages/vitest/issues/2548">#2548</a>)</li> <li><a href="https://github.com/Effect-TS/effect/commit/82951e58d341d79b6fcb51bb9c122ced02f01b38"><code>82951e5</code></a> Version Packages (beta) (<a href="https://github.com/Effect-TS/effect/tree/HEAD/packages/vitest/issues/2525">#2525</a>)</li> <li>See full diff in <a href="https://github.com/Effect-TS/effect/commits/@effect/vitest@4.0.0-beta.97/packages/vitest">compare view</a></li> </ul> </details> <br /> Updates `@typescript/native-preview` from 7.0.0-dev.20260703.1 to 7.0.0-dev.20260707.2 <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/microsoft/typescript-go/commits">compare view</a></li> </ul> </details> <br /> Updates `@vitest/coverage-istanbul` from 4.1.9 to 4.1.10 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vitest-dev/vitest/releases">@vitest/coverage-istanbul's releases</a>.</em></p> <blockquote> <h2>v4.1.10</h2> <h3> 🐞 Bug Fixes</h3> <ul> <li><strong>browser</strong>: Check fs access in builtin commands [backport to v4] - by <a href="https://github.com/hi-ogawa"><code>@hi-ogawa</code></a>, <strong>Hiroshi Ogawa</strong> and <strong>OpenCode (claude-opus-4-8)</strong> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10680">vitest-dev/vitest#10680</a> <a href="https://github.com/vitest-dev/vitest/commit/5c18dd267"><!-- raw HTML omitted -->(5c18d)<!-- raw HTML omitted --></a></li> <li><strong>vm</strong>: Fix external module resolve error with deps optimizer query for encoded URI [backport to v4] - by <a href="https://github.com/SveLil"><code>@SveLil</code></a> and <a href="https://github.com/hi-ogawa"><code>@hi-ogawa</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10661">vitest-dev/vitest#10661</a> <a href="https://github.com/vitest-dev/vitest/commit/bae52b511"><!-- raw HTML omitted -->(bae52)<!-- raw HTML omitted --></a></li> </ul> <h5> <a href="https://github.com/vitest-dev/vitest/compare/v4.1.9...v4.1.10">View changes on GitHub</a></h5> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vitest-dev/vitest/commit/db616d227b6e0cb07a94f5d1bba262ee95db7e46"><code>db616d2</code></a> chore: release v4.1.10 (<a href="https://github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-istanbul/issues/10718">#10718</a>)</li> <li>See full diff in <a href="https://github.com/vitest-dev/vitest/commits/v4.1.10/packages/coverage-istanbul">compare view</a></li> </ul> </details> <br /> Updates `effect` from 4.0.0-beta.93 to 4.0.0-beta.97 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/Effect-TS/effect/blob/main/packages/effect/CHANGELOG.md">effect's changelog</a>.</em></p> <blockquote> <h2>4.0.0-beta.97</h2> <h2>4.0.0-beta.96</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/Effect-TS/effect-smol/pull/2563">#2563</a> <a href="https://github.com/Effect-TS/effect-smol/commit/1503f45cb5bb2a74f4705252ec505a1f0ade7e62"><code>1503f45</code></a> Thanks <a href="https://github.com/tim-smart"><code>@tim-smart</code></a>! - update dependencies</p> </li> <li> <p><a href="https://redirect.github.com/Effect-TS/effect-smol/pull/2566">#2566</a> <a href="https://github.com/Effect-TS/effect-smol/commit/57fe79316ffbc380b30626a168981fb26ae97459"><code>57fe793</code></a> Thanks <a href="https://github.com/tim-smart"><code>@tim-smart</code></a>! - change rpc ids to string | number</p> </li> <li> <p><a href="https://redirect.github.com/Effect-TS/effect-smol/pull/2561">#2561</a> <a href="https://github.com/Effect-TS/effect-smol/commit/0c2f78f695ec474e1ff5474da183577975e418f5"><code>0c2f78f</code></a> Thanks <a href="https://github.com/tim-smart"><code>@tim-smart</code></a>! - Remove <code>Schedule.elapsed</code>.</p> </li> <li> <p><a href="https://redirect.github.com/Effect-TS/effect-smol/pull/2561">#2561</a> <a href="https://github.com/Effect-TS/effect-smol/commit/0c2f78f695ec474e1ff5474da183577975e418f5"><code>0c2f78f</code></a> Thanks <a href="https://github.com/tim-smart"><code>@tim-smart</code></a>! - Remove <code>Schedule.tapInput</code> and <code>Schedule.tapOutput</code>. Use <code>Schedule.tap</code> instead.</p> </li> <li> <p><a href="https://redirect.github.com/Effect-TS/effect-smol/pull/2561">#2561</a> <a href="https://github.com/Effect-TS/effect-smol/commit/0c2f78f695ec474e1ff5474da183577975e418f5"><code>0c2f78f</code></a> Thanks <a href="https://github.com/tim-smart"><code>@tim-smart</code></a>! - Update <code>Schedule.addDelay</code> and <code>Schedule.modifyDelay</code> to receive full schedule metadata instead of separate output and delay arguments.</p> </li> <li> <p><a href="https://redirect.github.com/Effect-TS/effect-smol/pull/2562">#2562</a> <a href="https://github.com/Effect-TS/effect-smol/commit/97f29df457f7ffd07cfb4b379315c12c086af805"><code>97f29df</code></a> Thanks <a href="https://github.com/tim-smart"><code>@tim-smart</code></a>! - use Sets to track atom relationships</p> </li> </ul> <h2>4.0.0-beta.95</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/Effect-TS/effect-smol/pull/2542">#2542</a> <a href="https://github.com/Effect-TS/effect-smol/commit/a482442abdeb490e9652b854ec3495e4aa7273e7"><code>a482442</code></a> Thanks <a href="https://github.com/IGassmann"><code>@IGassmann</code></a>! - Add <code>Schema.DateFromMillis</code> and <code>SchemaTransformation.dateFromMillis</code> for decoding millisecond timestamps into <code>Date</code> values.</p> </li> <li> <p><a href="https://redirect.github.com/Effect-TS/effect-smol/pull/2559">#2559</a> <a href="https://github.com/Effect-TS/effect-smol/commit/fbefa850fab2f0a302c20614496aeaaa2a8b5590"><code>fbefa85</code></a> Thanks <a href="https://github.com/tim-smart"><code>@tim-smart</code></a>! - fix activity retry policy</p> </li> <li> <p><a href="https://redirect.github.com/Effect-TS/effect-smol/pull/2547">#2547</a> <a href="https://github.com/Effect-TS/effect-smol/commit/0b4a32f4260f0d8500942a133001b0d349328102"><code>0b4a32f</code></a> Thanks <a href="https://github.com/fubhy"><code>@fubhy</code></a>! - Allow cron fields like <code>5/15</code> to expand from the starting value through the field maximum.</p> </li> <li> <p><a href="https://redirect.github.com/Effect-TS/effect-smol/pull/2557">#2557</a> <a href="https://github.com/Effect-TS/effect-smol/commit/18a49e1786679456258002ff9397faf02f678c2d"><code>18a49e1</code></a> Thanks <a href="https://github.com/fubhy"><code>@fubhy</code></a>! - Fix <code>Schedule.cron</code> when the test clock is adjusted to infinity.</p> </li> <li> <p><a href="https://redirect.github.com/Effect-TS/effect-smol/pull/2560">#2560</a> <a href="https://github.com/Effect-TS/effect-smol/commit/266cb90bb2c17aabc40563c32db334f09ba3d74b"><code>266cb90</code></a> Thanks <a href="https://github.com/gcanti"><code>@gcanti</code></a>! - Treat empty strings as missing values in built-in <code>ConfigProvider</code>s by default.</p> <p><code>ConfigProvider.fromEnv</code>, <code>ConfigProvider.fromDotEnvContents</code>, <code>ConfigProvider.fromDotEnv</code>, <code>ConfigProvider.fromUnknown</code>, and <code>ConfigProvider.fromDir</code> now treat literal empty strings as absent values when loaded as values, allowing <code>Config.withDefault</code> and <code>Config.option</code> to recover. Container discovery still reflects the source structure. Pass <code>preserveEmptyStrings: true</code> to restore the previous behavior.</p> <p><code>ConfigProvider.fromDotEnv({ expandVariables: true })</code> now expands variables consistently with <code>ConfigProvider.fromDotEnvContents</code>.</p> </li> <li> <p><a href="https://redirect.github.com/Effect-TS/effect-smol/pull/2554">#2554</a> <a href="https://github.com/Effect-TS/effect-smol/commit/912f095a34572bbd3cedf6edb27878443e3e4a95"><code>912f095</code></a> Thanks <a href="https://github.com/tim-smart"><code>@tim-smart</code></a>! - Add Schedule.upTo options for limiting schedules by duration and/or recurrence count.</p> </li> <li> <p><a href="https://redirect.github.com/Effect-TS/effect-smol/pull/2556">#2556</a> <a href="https://github.com/Effect-TS/effect-smol/commit/a6718f9e00a15ca903b0732da46116cbf3d6aca7"><code>a6718f9</code></a> Thanks <a href="https://github.com/fubhy"><code>@fubhy</code></a>! - Fix cron parsing and scheduling edge cases for whitespace, Sunday <code>7</code>, strict numeric tokens, explicit full day ranges, and month-constrained day-of-month / weekday matching.</p> </li> <li> <p><a href="https://redirect.github.com/Effect-TS/effect-smol/pull/2551">#2551</a> <a href="https://github.com/Effect-TS/effect-smol/commit/bef51540a243aa2f872a00c01d0cd58b7a769baa"><code>bef5154</code></a> Thanks <a href="https://github.com/tim-smart"><code>@tim-smart</code></a>! - Remove the <code>Schedule.both</code> APIs and add <code>Schedule.max</code> for combining schedules by their slowest delay.</p> </li> <li> <p><a href="https://redirect.github.com/Effect-TS/effect-smol/pull/2553">#2553</a> <a href="https://github.com/Effect-TS/effect-smol/commit/18e0564bd0f8ebbdfcaf1e2c21529948e9e4a81d"><code>18e0564</code></a> Thanks <a href="https://github.com/tim-smart"><code>@tim-smart</code></a>! - Remove some Schedule APIs: <code>collectInputs</code>, <code>collectOutputs</code>, <code>collectWhile</code>, <code>delays</code>, <code>reduce</code>, <code>satisfiesErrorType</code>, <code>satisfiesInputType</code>, <code>satisfiesOutputType</code>, <code>satisfiesServicesType</code>, and <code>unfold</code>.</p> </li> <li> <p><a href="https://redirect.github.com/Effect-TS/effect-smol/pull/2558">#2558</a> <a href="https://github.com/Effect-TS/effect-smol/commit/fb50f14fc3657c1973785aa5b72ecf0b0d28e0b2"><code>fb50f14</code></a> Thanks <a href="https://github.com/tim-smart"><code>@tim-smart</code></a>! - Remove the Schedule.either APIs and add Schedule.min for fastest-duration schedule composition.</p> </li> </ul> <h2>4.0.0-beta.94</h2> <h3>Patch Changes</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/Effect-TS/effect/commit/8e6f66adf1bcfa842829bf787aef26c1d7979991"><code>8e6f66a</code></a> Version Packages (beta) (<a href="https://github.com/Effect-TS/effect/tree/HEAD/packages/effect/issues/2571">#2571</a>)</li> <li><a href="https://github.com/Effect-TS/effect/commit/3f0ccc04711b0a187b973e20fc9c3010c2560da2"><code>3f0ccc0</code></a> Document interdependent HTTP API middleware (<a href="https://github.com/Effect-TS/effect/tree/HEAD/packages/effect/issues/2569">#2569</a>)</li> <li><a href="https://github.com/Effect-TS/effect/commit/d6184fd6ce6288b146820e332ce79aba596aa59c"><code>d6184fd</code></a> Version Packages (beta) (<a href="https://github.com/Effect-TS/effect/tree/HEAD/packages/effect/issues/2565">#2565</a>)</li> <li><a href="https://github.com/Effect-TS/effect/commit/57fe79316ffbc380b30626a168981fb26ae97459"><code>57fe793</code></a> change rpc ids to string | number (<a href="https://github.com/Effect-TS/effect/tree/HEAD/packages/effect/issues/2566">#2566</a>)</li> <li><a href="https://github.com/Effect-TS/effect/commit/1503f45cb5bb2a74f4705252ec505a1f0ade7e62"><code>1503f45</code></a> update dependencies (<a href="https://github.com/Effect-TS/effect/tree/HEAD/packages/effect/issues/2563">#2563</a>)</li> <li><a href="https://github.com/Effect-TS/effect/commit/5434f2e88c16ffb65fd2cfdedc76f33df34c245c"><code>5434f2e</code></a> Version Packages (beta) (<a href="https://github.com/Effect-TS/effect/tree/HEAD/packages/effect/issues/2548">#2548</a>)</li> <li><a href="https://github.com/Effect-TS/effect/commit/97f29df457f7ffd07cfb4b379315c12c086af805"><code>97f29df</code></a> use Sets to track atom relationships (<a href="https://github.com/Effect-TS/effect/tree/HEAD/packages/effect/issues/2562">#2562</a>)</li> <li><a href="https://github.com/Effect-TS/effect/commit/0c2f78f695ec474e1ff5474da183577975e418f5"><code>0c2f78f</code></a> Schedule simplification (<a href="https://github.com/Effect-TS/effect/tree/HEAD/packages/effect/issues/2561">#2561</a>)</li> <li><a href="https://github.com/Effect-TS/effect/commit/266cb90bb2c17aabc40563c32db334f09ba3d74b"><code>266cb90</code></a> Treat empty config strings as missing (<a href="https://github.com/Effect-TS/effect/tree/HEAD/packages/effect/issues/2560">#2560</a>)</li> <li><a href="https://github.com/Effect-TS/effect/commit/fbefa850fab2f0a302c20614496aeaaa2a8b5590"><code>fbefa85</code></a> fix activity retry policy (<a href="https://github.com/Effect-TS/effect/tree/HEAD/packages/effect/issues/2559">#2559</a>)</li> <li>Additional commits viewable in <a href="https://github.com/Effect-TS/effect/commits/effect@4.0.0-beta.97/packages/effect">compare view</a></li> </ul> </details> <br /> Updates `oxfmt` from 0.57.0 to 0.58.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/oxc-project/oxc/commit/39677ba50d908ea09f6d9e58ded328461212f52a"><code>39677ba</code></a> release(apps): oxlint v1.73.0 && oxfmt v0.58.0 (<a href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxfmt/issues/24219">#24219</a>)</li> <li>See full diff in <a href="https://github.com/oxc-project/oxc/commits/oxfmt_v0.58.0/npm/oxfmt">compare view</a></li> </ul> </details> <br /> Updates `tldts` from 6.1.86 to 7.4.8 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/remusao/tldts/releases">tldts's releases</a>.</em></p> <blockquote> <h2>v7.4.8</h2> <h4>:scroll: Update Public Suffix List</h4> <ul> <li><code>tldts-experimental</code>, <code>tldts</code> <ul> <li>Update upstream public suffix list <a href="https://redirect.github.com/remusao/tldts/pull/2632">#2632</a> (<a href="https://github.com/remusao"><code>@remusao</code></a>)</li> </ul> </li> </ul> <h4>Authors: 1</h4> <ul> <li>Rémi (<a href="https://github.com/remusao"><code>@remusao</code></a>)</li> </ul> <h2>v7.4.7</h2> <h4>:scroll: Update Public Suffix List</h4> <ul> <li><code>tldts-experimental</code>, <code>tldts</code> <ul> <li>Update upstream public suffix list <a href="https://redirect.github.com/remusao/tldts/pull/2630">#2630</a> (<a href="https://github.com/remusao"><code>@remusao</code></a>)</li> </ul> </li> </ul> <h4>Authors: 1</h4> <ul> <li>Rémi (<a href="https://github.com/remusao"><code>@remusao</code></a>)</li> </ul> <h2>v7.4.6</h2> <h4>:scroll: Update Public Suffix List</h4> <ul> <li><code>tldts-experimental</code>, <code>tldts</code> <ul> <li>Update upstream public suffix list <a href="https://redirect.github.com/remusao/tldts/pull/2626">#2626</a> (<a href="https://github.com/remusao"><code>@remusao</code></a>)</li> </ul> </li> </ul> <h4>:nut_and_bolt: Dependencies</h4> <ul> <li>Bump sigstore from 4.1.0 to 4.1.1 <a href="https://redirect.github.com/remusao/tldts/pull/2629">#2629</a> (<a href="https://github.com/dependabot%5Bbot%5D"><code>@dependabot[bot]</code></a>)</li> <li>Bump <code>@babel/core</code> from 7.24.7 to 7.29.7 <a href="https://redirect.github.com/remusao/tldts/pull/2618">#2618</a> (<a href="https://github.com/dependabot%5Bbot%5D"><code>@dependabot[bot]</code></a>)</li> <li>Bump form-data from 4.0.5 to 4.0.6 <a href="https://redirect.github.com/remusao/tldts/pull/2611">#2611</a> (<a href="https://github.com/dependabot%5Bbot%5D"><code>@dependabot[bot]</code></a>)</li> <li>Bump rollup from 4.61.1 to 4.62.2 <a href="https://redirect.github.com/remusao/tldts/pull/2612">#2612</a> (<a href="https://github.com/dependabot%5Bbot%5D"><code>@dependabot[bot]</code></a>)</li> <li>Bump rollup-plugin-sourcemaps2 from 0.5.7 to 0.5.8 <a href="https://redirect.github.com/remusao/tldts/pull/2619">#2619</a> (<a href="https://github.com/dependabot%5Bbot%5D"><code>@dependabot[bot]</code></a>)</li> <li>Bump typescript-eslint from 8.60.1 to 8.62.1 <a href="https://redirect.github.com/remusao/tldts/pull/2624">#2624</a> (<a href="https://github.com/dependabot%5Bbot%5D"><code>@dependabot[bot]</code></a>)</li> <li>Bump <code>@sigstore/core</code> from 3.1.0 to 3.2.1 <a href="https://redirect.github.com/remusao/tldts/pull/2625">#2625</a> (<a href="https://github.com/dependabot%5Bbot%5D"><code>@dependabot[bot]</code></a>)</li> <li>Bump <code>@sigstore/verify</code> from 3.1.0 to 3.1.1 <a href="https://redirect.github.com/remusao/tldts/pull/2628">#2628</a> (<a href="https://github.com/dependabot%5Bbot%5D"><code>@dependabot[bot]</code></a>)</li> <li><code>tldts-core</code>, <code>tldts-experimental</code>, <code>tldts-icann</code>, <code>tldts-tests</code>, <code>tldts-utils</code>, <code>tldts</code> <ul> <li>Bump <code>@types/node</code> from 25.9.1 to 26.1.0 <a href="https://redirect.github.com/remusao/tldts/pull/2627">#2627</a> (<a href="https://github.com/dependabot%5Bbot%5D"><code>@dependabot[bot]</code></a>)</li> </ul> </li> </ul> <h4>Authors: 2</h4> <ul> <li><a href="https://github.com/dependabot%5Bbot%5D"><code>@dependabot[bot]</code></a></li> <li>Rémi (<a href="https://github.com/remusao"><code>@remusao</code></a>)</li> </ul> <h2>v7.4.5</h2> <h4>:scroll: Update Public Suffix List</h4> <ul> <li><code>tldts-experimental</code>, <code>tldts</code> <ul> <li>Update upstream public suffix list <a href="https://redirect.github.com/remusao/tldts/pull/2617">#2617</a> (<a href="https://github.com/remusao"><code>@remusao</code></a>)</li> </ul> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/remusao/tldts/blob/master/CHANGELOG.md">tldts's changelog</a>.</em></p> <blockquote> <h1>v7.4.8 (Thu Jul 09 2026)</h1> <h4>:scroll: Update Public Suffix List</h4> <ul> <li><code>tldts-experimental</code>, <code>tldts</code> <ul> <li>Update upstream public suffix list <a href="https://redirect.github.com/remusao/tldts/pull/2632">#2632</a> (<a href="https://github.com/remusao"><code>@remusao</code></a>)</li> </ul> </li> </ul> <h4>Authors: 1</h4> <ul> <li>Rémi (<a href="https://github.com/remusao"><code>@remusao</code></a>)</li> </ul> <hr /> <h1>v7.4.7 (Tue Jul 07 2026)</h1> <h4>:scroll: Update Public Suffix List</h4> <ul> <li><code>tldts-experimental</code>, <code>tldts</code> <ul> <li>Update upstream public suffix list <a href="https://redirect.github.com/remusao/tldts/pull/2630">#2630</a> (<a href="https://github.com/remusao"><code>@remusao</code></a>)</li> </ul> </li> </ul> <h4>Authors: 1</h4> <ul> <li>Rémi (<a href="https://github.com/remusao"><code>@remusao</code></a>)</li> </ul> <hr /> <h1>v7.4.6 (Thu Jul 02 2026)</h1> <h4>:scroll: Update Public Suffix List</h4> <ul> <li><code>tldts-experimental</code>, <code>tldts</code> <ul> <li>Update upstream public suffix list <a href="https://redirect.github.com/remusao/tldts/pull/2626">#2626</a> (<a href="https://github.com/remusao"><code>@remusao</code></a>)</li> </ul> </li> </ul> <h4>:nut_and_bolt: Dependencies</h4> <ul> <li>Bump sigstore from 4.1.0 to 4.1.1 <a href="https://redirect.github.com/remusao/tldts/pull/2629">#2629</a> (<a href="https://github.com/dependabot%5Bbot%5D"><code>@dependabot[bot]</code></a>)</li> <li>Bump <code>@babel/core</code> from 7.24.7 to 7.29.7 <a href="https://redirect.github.com/remusao/tldts/pull/2618">#2618</a> (<a href="https://github.com/dependabot%5Bbot%5D"><code>@dependabot[bot]</code></a>)</li> <li>Bump form-data from 4.0.5 to 4.0.6 <a href="https://redirect.github.com/remusao/tldts/pull/2611">#2611</a> (<a href="https://github.com/dependabot%5Bbot%5D"><code>@dependabot[bot]</code></a>)</li> <li>Bump rollup from 4.61.1 to 4.62.2 <a href="https://redirect.github.com/remusao/tldts/pull/2612">#2612</a> (<a href="https://github.com/dependabot%5Bbot%5D"><code>@dependabot[bot]</code></a>)</li> <li>Bump rollup-plugin-sourcemaps2 from 0.5.7 to 0.5.8 <a href="https://redirect.github.com/remusao/tldts/pull/2619">#2619</a> (<a href="https://github.com/dependabot%5Bbot%5D"><code>@dependabot[bot]</code></a>)</li> <li>Bump typescript-eslint from 8.60.1 to 8.62.1 <a href="https://redirect.github.com/remusao/tldts/pull/2624">#2624</a> (<a href="https://github.com/dependabot%5Bbot%5D"><code>@dependabot[bot]</code></a>)</li> <li>Bump <code>@sigstore/core</code> from 3.1.0 to 3.2.1 <a href="https://redirect.github.com/remusao/tldts/pull/2625">#2625</a> (<a href="https://github.com/dependabot%5Bbot%5D"><code>@dependabot[bot]</code></a>)</li> <li>Bump <code>@sigstore/verify</code> from 3.1.0 to 3.1.1 <a href="https://redirect.github.com/remusao/tldts/pull/2628">#2628</a> (<a href="https://github.com/dependabot%5Bbot%5D"><code>@dependabot[bot]</code></a>)</li> <li><code>tldts-core</code>, <code>tldts-experimental</code>, <code>tldts-icann</code>, <code>tldts-tests</code>, <code>tldts-utils</code>, <code>tldts</code> <ul> <li>Bump <code>@types/node</code> from 25.9.1 to 26.1.0 <a href="https://redirect.github.com/remusao/tldts/pull/2627">#2627</a> (<a href="https://github.com/dependabot%5Bbot%5D"><code>@dependabot[bot]</code></a>)</li> </ul> </li> </ul> <h4>Authors: 2</h4> <ul> <li><a href="https://github.com/dependabot%5Bbot%5D"><code>@dependabot[bot]</code></a></li> <li>Rémi (<a href="https://github.com/remusao"><code>@remusao</code></a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/remusao/tldts/commit/e46ca7aa952df519efae2d11dcdb4f3a817ac8e5"><code>e46ca7a</code></a> Bump version to: v7.4.8 [skip ci]</li> <li><a href="https://github.com/remusao/tldts/commit/a4823cde0ae806f2feff89ce68d8895243168feb"><code>a4823cd</code></a> Update CHANGELOG.md [skip ci]</li> <li><a href="https://github.com/remusao/tldts/commit/86a0a5799995ff495dfb15b00016c7314cf3454a"><code>86a0a57</code></a> Update upstream public suffix list (<a href="https://redirect.github.com/remusao/tldts/issues/2632">#2632</a>)</li> <li><a href="https://github.com/remusao/tldts/commit/c43f3f113164626a96ebbe71f8979f7c512ad382"><code>c43f3f1</code></a> Bump version to: v7.4.7 [skip ci]</li> <li><a href="https://github.com/remusao/tldts/commit/22e72c3c68278bfb084c8acfaa1a830cefc9b6e0"><code>22e72c3</code></a> Update CHANGELOG.md [skip ci]</li> <li><a href="https://github.com/remusao/tldts/commit/44a567cd9ebcdb6190ff9d1996047e95bc8d938a"><code>44a567c</code></a> Update upstream public suffix list (<a href="https://redirect.github.com/remusao/tldts/issues/2630">#2630</a>)</li> <li><a href="https://github.com/remusao/tldts/commit/92ee2b31e72433487577a6c027ad7ec69aa8c8fe"><code>92ee2b3</code></a> Bump version to: v7.4.6 [skip ci]</li> <li><a href="https://github.com/remusao/tldts/commit/cd23a4106ee0ed11cecf7ec7ed9bc308743d99ca"><code>cd23a41</code></a> Update CHANGELOG.md [skip ci]</li> <li><a href="https://github.com/remusao/tldts/commit/11b91adfef769de8dbd8c87b1ed0809e0371e9a2"><code>11b91ad</code></a> Update upstream public suffix list (<a href="https://redirect.github.com/remusao/tldts/issues/2626">#2626</a>)</li> <li><a href="https://github.com/remusao/tldts/commit/3136742bd2a089b2c9592cbbcc3de6c229bba5a9"><code>3136742</code></a> Bump sigstore from 4.1.0 to 4.1.1 (<a href="https://redirect.github.com/remusao/tldts/issues/2629">#2629</a>)</li> <li>Additional commits viewable in <a href="https://github.com/remusao/tldts/compare/v6.1.86...v7.4.8">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This versi…
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 850156f7e3
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| flag || | ||
| legacyViperEnvBool("SUPABASE_EXPERIMENTAL") || | ||
| legacyViperBool(projectEnv["SUPABASE_EXPERIMENTAL"]) |
There was a problem hiding this comment.
Preserve shell false for project experimental
When the shell exports SUPABASE_EXPERIMENTAL=false but a project dotenv contains SUPABASE_EXPERIMENTAL=true, Go's godotenv.Load keeps the existing shell value so viper.GetBool("EXPERIMENTAL") remains false. This new resolver ORs the shell value with the project value, so project dotenv can enable the experimental path for callers such as db reset and declarative commands even though the user explicitly disabled it in the environment; resolve this with existence/precedence semantics instead of boolean OR.
Useful? React with 👍 / 👎.