Skip to content

Bump @supabase/supabase-js from 2.105.4 to 2.106.1#7

Merged
BigSimmo merged 4 commits into
mainfrom
dependabot/npm_and_yarn/supabase/supabase-js-2.106.1
May 27, 2026
Merged

Bump @supabase/supabase-js from 2.105.4 to 2.106.1#7
BigSimmo merged 4 commits into
mainfrom
dependabot/npm_and_yarn/supabase/supabase-js-2.106.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 25, 2026

Copy link
Copy Markdown
Contributor

Bumps @supabase/supabase-js from 2.105.4 to 2.106.1.

Release notes

Sourced from @​supabase/supabase-js's releases.

v2.106.1

2.106.1 (2026-05-20)

🩹 Fixes

  • auth: encode client-id in oauth requests (#2383)
  • misc: hide dynamic import from hermesc (#2381)

❤️ Thank You

v2.106.1-canary.1

2.106.1-canary.1 (2026-05-20)

🩹 Fixes

  • misc: hide dynamic import from hermesc (#2381)

❤️ Thank You

v2.106.1-canary.0

2.106.1-canary.0 (2026-05-20)

🩹 Fixes

  • auth: encode client-id in oauth requests (#2383)

❤️ Thank You

v2.106.1-beta.3

2.106.1-beta.3 (2026-05-20)

🩹 Fixes

... (truncated)

Changelog

Sourced from @​supabase/supabase-js's changelog.

2.106.1 (2026-05-20)

🩹 Fixes

  • misc: hide dynamic import from hermesc (#2381)

❤️ Thank You

2.106.0 (2026-05-18)

🚀 Features

  • supabase: W3C/OpenTelemetry trace context propagation (#2163)

🩹 Fixes

  • release: mark @​supabase/tracing private and snapshot it for JSR (#2370)

❤️ Thank You

  • Claude Sonnet 4.5
  • Guilherme Souza
  • Katerina Skroumpelou @​mandarini
Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [@supabase/supabase-js](https://github.com/supabase/supabase-js/tree/HEAD/packages/core/supabase-js) from 2.105.4 to 2.106.1.
- [Release notes](https://github.com/supabase/supabase-js/releases)
- [Changelog](https://github.com/supabase/supabase-js/blob/master/packages/core/supabase-js/CHANGELOG.md)
- [Commits](https://github.com/supabase/supabase-js/commits/v2.106.1/packages/core/supabase-js)

---
updated-dependencies:
- dependency-name: "@supabase/supabase-js"
  dependency-version: 2.106.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 25, 2026
BigSimmo and others added 3 commits May 25, 2026 22:11
@BigSimmo
BigSimmo merged commit b906412 into main May 27, 2026
2 checks passed
@BigSimmo
BigSimmo deleted the dependabot/npm_and_yarn/supabase/supabase-js-2.106.1 branch May 27, 2026 14:49
BigSimmo added a commit that referenced this pull request Jul 8, 2026
Committed migration 20260708120000 (NOT applied to live — operator apply per
docs/supabase-migration-reconciliation.md), schema.sql reconciled, drift manifest
regenerated (13s scratch replay, clean).

- R1/R2: complete_ingestion_job + fail_or_retry_ingestion_job take an optional
  p_worker_id lease fence. A worker reclaimed by a stale takeover now matches 0
  rows and returns ok:false lease_lost instead of clobbering the reclaimer's
  newer state (indexed->failed, completed->pending). Backward compatible
  (p_worker_id defaults null); the worker passes workerId and treats lease_lost
  as a stop, keeping the isMissingSchemaError fallback for pre-apply. This is the
  defense-in-depth complement to the lease heartbeat already in this PR.
- R7: fail_or_retry downgrades an attempt-exhausted retry to terminal 'failed'
  instead of a permanently-unclaimable 'pending' that pins its batch forever.
- R9: refresh_import_batch_status locks the import_batches row before counting,
  serializing concurrent last-job refreshes (lost-update that stuck batches as
  'processing').
- R23: cleanup_abandoned re-asserts the open-job guard immediately before the
  destructive deletes (it previously lived only in the candidate CTE, before the
  seven count statements).

HELD (evidence in PR): R17 open-jobs unique index (collides with drift backlog
#7, ingestion_jobs index reshape); R24e stage-FK removal (collides with drift
backlog #8, which plans the opposite — live has 253 orphan rows that would fail
VALIDATE); deep-memory delete-scoping (would crash — document_sections
unique(document_id,section_index)).

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
BigSimmo added a commit that referenced this pull request Jul 8, 2026
…on) (#380)

* fix(ingestion): R1/R2 lease fences + R7/R9/R23 RPC hardening (migration)

Committed migration 20260708120000 (NOT applied to live — operator apply per
docs/supabase-migration-reconciliation.md), schema.sql reconciled, drift manifest
regenerated (13s scratch replay, clean).

- R1/R2: complete_ingestion_job + fail_or_retry_ingestion_job take an optional
  p_worker_id lease fence. A worker reclaimed by a stale takeover now matches 0
  rows and returns ok:false lease_lost instead of clobbering the reclaimer's
  newer state (indexed->failed, completed->pending). Backward compatible
  (p_worker_id defaults null); the worker passes workerId and treats lease_lost
  as a stop, keeping the isMissingSchemaError fallback for pre-apply. This is the
  defense-in-depth complement to the lease heartbeat already in this PR.
- R7: fail_or_retry downgrades an attempt-exhausted retry to terminal 'failed'
  instead of a permanently-unclaimable 'pending' that pins its batch forever.
- R9: refresh_import_batch_status locks the import_batches row before counting,
  serializing concurrent last-job refreshes (lost-update that stuck batches as
  'processing').
- R23: cleanup_abandoned re-asserts the open-job guard immediately before the
  destructive deletes (it previously lived only in the candidate CTE, before the
  seven count statements).

HELD (evidence in PR): R17 open-jobs unique index (collides with drift backlog
#7, ingestion_jobs index reshape); R24e stage-FK removal (collides with drift
backlog #8, which plans the opposite — live has 253 orphan rows that would fail
VALIDATE); deep-memory delete-scoping (would crash — document_sections
unique(document_id,section_index)).

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

* fix(ingestion): rename hardening migration to 20260708130000 (version collision)

20260708120000 was already taken by 20260708120000_rag_query_misses_retention.sql
on main; two migrations sharing a version fail the schema_migrations pkey on
replay/apply. Content unchanged; schema.sql + drift manifest unaffected (manifest
keys on schema.sql sha, not migration versions).

---------

Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant