[Snyk] Upgrade @supabase/supabase-js from 2.58.0 to 2.75.0

[rajumanoj333]

User description

Snyk has created this PR to upgrade @supabase/supabase-js from 2.58.0 to 2.75.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 38 versions ahead of your current version.

• The recommended version was released 24 days ago.

Release notes

Package name: @supabase/supabase-js

• 2.75.0 - 2025-10-09
  

  2.75.0 (2025-10-09)

  🚀 Features

  • postgrest: add embeded functions type inference (#1632)

  ❤️ Thank You

  • Andrew Valleteau @ avallete
• 2.74.1-canary.7 - 2025-10-08
  

  2.74.1-canary.7 (2025-10-08)

  🚀 Features

  • postgrest: add embeded functions type inference (#1632)

  ❤️ Thank You

  • Andrew Valleteau @ avallete
• 2.74.1-canary.6 - 2025-10-07
  

  2.74.1-canary.6 (2025-10-07)

  This was a version bump only, there were no code changes.

• 2.74.1-canary.5 - 2025-10-07
  

  2.74.1-canary.5 (2025-10-07)

  This was a version bump only, there were no code changes.

• 2.74.1-canary.4 - 2025-10-07
  

  2.74.1-canary.4 (2025-10-07)

  This was a version bump only, there were no code changes.

• 2.74.1-canary.3 - 2025-10-07
  

  2.74.1-canary.3 (2025-10-07)

  This was a version bump only, there were no code changes.

• 2.74.1-canary.2 - 2025-10-06
  

  2.74.1-canary.2 (2025-10-06)

  This was a version bump only, there were no code changes.

• 2.74.1-canary.1 - 2025-10-06
  

  2.74.1-canary.1 (2025-10-06)

  This was a version bump only, there were no code changes.

• 2.74.1-canary.0 - 2025-10-06
  

  2.74.1-canary.0 (2025-10-06)

  This was a version bump only, there were no code changes.

• 2.74.0 - 2025-10-06
  

  2.74.0 (2025-10-07)

  🚀 Features

  • auth: add deprecation notice to onAuthStateChange with async function (#1580)
  • auth: add OAuth 2.1 client admin endpoints (#1582)
  • docs: explicitly mark options as optional (#1622)
  • realtime: add support to configure Broadcast Replay (#1623)
  • release: enable trusted publishing (#1592)
  • storage: add support for sorting to list v2 (#1606)

  🩹 Fixes

  • storage: remove trailing slash from baseUrl normalization (#1589)

  ❤️ Thank You

  • Cemal Kılıç @ cemalkilic
  • Doğukan Akkaya
  • Eduardo Gurgel
  • Etienne Stalmans @ staaldraad
  • Lenny @ itslenny
  • Stojan Dimitrovski @ hf
  • Taketo Yoshida
• 2.73.1-canary.8 - 2025-10-06
• 2.73.1-canary.7 - 2025-10-06
• 2.73.1-canary.6 - 2025-10-06
• 2.73.1-canary.5 - 2025-10-06
• 2.72.1-canary.15 - 2025-09-26
• 2.72.1-canary.14 - 2025-09-26
• 2.72.1-canary.13 - 2025-09-26
• 2.72.1-canary.12 - 2025-09-26
• 2.72.1-canary.11 - 2025-09-26
• 2.72.1-canary.10 - 2025-09-26
• 2.72.1-canary.9 - 2025-09-26
• 2.72.1-canary.8 - 2025-09-26
• 2.72.1-canary.7 - 2025-09-26
• 2.72.1-canary.6 - 2025-09-26
• 2.72.1-canary.5 - 2025-09-26
• 2.72.1-canary.2 - 2025-09-24
• 2.72.1-canary.0 - 2025-09-30
• 2.71.2-canary.29 - 2025-09-23
• 2.71.2-canary.28 - 2025-09-23
• 2.71.2-canary.27 - 2025-09-23
• 2.71.2-canary.7 - 2025-09-19
• 2.71.2-canary.6 - 2025-09-19
• 2.71.2-canary.4 - 2025-09-19
• 2.71.2-canary.3 - 2025-09-19
• 2.71.2-canary.2 - 2025-09-19
• 2.71.2-canary.1 - 2025-09-19
• 2.71.2-canary.0 - 2025-09-18
• 2.58.1-canary.0 - 2025-10-01
• 2.58.0 - 2025-09-25

from @supabase/supabase-js GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

---

CodeAnt-AI Description

Upgrade Supabase client to v2.75.0 in frontend

What Changed

• The frontend now depends on @supabase/supabase-js v2.75.0 (previously v2.58.0); the package.json and lockfile were updated so installs pull the new client.
• Supabase subpackages used by the client — auth, functions, postgrest, realtime, and storage — were aligned to v2.75.0, and the node-fetch runtime was updated to 2.6.15. This affects how the app performs auth, realtime, storage, and database requests.
• package-lock.json was regenerated to pin these updated versions so development and production installs are consistent.

Impact

✅ Support for embedded Postgres function type inference in the client
✅ Frontend uses updated auth/storage/realtime/PostgREST clients for API compatibility
✅ Consistent installs with lockfile pinned to Supabase 2.75.0

💡 Usage Guide

Checking Your Pull Request

Every time you make a pull request, our system automatically looks through it. We check for security issues, mistakes in how you're setting up your infrastructure, and common code problems. We do this to make sure your changes are solid and won't cause any trouble later.

Talking to CodeAnt AI

Got a question or need a hand with something in your pull request? You can easily get in touch with CodeAnt AI right here. Just type the following in a comment on your pull request, and replace "Your question here" with whatever you want to ask:

@codeant-ai ask: Your question here

This lets you have a chat with CodeAnt AI about your pull request, making it easier to understand and improve your code.

Example

@codeant-ai ask: Can you suggest a safer alternative to storing this secret?

Preserve Org Learnings with CodeAnt

You can record team preferences so CodeAnt AI applies them in future reviews. Reply directly to the specific CodeAnt AI suggestion (in the same thread) and replace "Your feedback here" with your input:

@codeant-ai: Your feedback here

This helps CodeAnt AI learn and adapt to your team's coding style and standards.

Example

@codeant-ai: Do not flag unused imports.

Retrigger review

Ask CodeAnt AI to review the PR again, by typing:

@codeant-ai: review

Check Your Repository Health

To analyze the health of your code repository, visit our dashboard at https://app.codeant.ai. This tool helps you identify potential issues and areas for improvement in your codebase, ensuring your repository maintains high standards of code health.

[codeant-ai]

CodeAnt AI is reviewing your PR.

---

Thanks for using CodeAnt! 🎉

We're free for open-source projects. if you're enjoying it, help us grow by sharing.

Share on X ·
Reddit ·
LinkedIn

[amazon-q-developer]

⏳ Code review in progress. Analyzing for code quality issues and best practices. You can monitor the review status in the checks section at the bottom of this pull request. Detailed findings will be posted upon completion.

Using Amazon Q Developer for GitHub

Amazon Q Developer¹ is an AI-powered assistant that integrates directly into your GitHub workflow, enhancing your development process with intelligent features for code development, review, and transformation.

Slash Commands

Command	Description
/q <message>	Chat with the agent to ask questions or request revisions
/q review	Requests an Amazon Q powered code review
/q help	Displays usage information

Features

Agentic Chat
Enables interactive conversation with Amazon Q to ask questions about the pull request or request specific revisions. Use /q <message> in comment threads or the review body to engage with the agent directly.

Code Review
Analyzes pull requests for code quality, potential issues, and security concerns. Provides feedback and suggested fixes. Automatically triggered on new or reopened PRs (can be disabled for AWS registered installations), or manually with /q review slash command in a comment.

Customization

You can create project-specific rules for Amazon Q Developer to follow:

1. Create a .amazonq/rules folder in your project root.
2. Add Markdown files in this folder to define rules (e.g., cdk-rules.md).
3. Write detailed prompts in these files, such as coding standards or best practices.
4. Amazon Q Developer will automatically use these rules when generating code or providing assistance.

Example rule:

All Amazon S3 buckets must have encryption enabled, enforce SSL, and block public access.
All Amazon DynamoDB Streams tables must have encryption enabled.
All Amazon SNS topics must have encryption enabled and enforce SSL.
All Amazon SNS queues must enforce SSL.

Feedback

To provide feedback on Amazon Q Developer, create an issue in the Amazon Q Developer public repository.

For more detailed information, visit the Amazon Q for GitHub documentation.

Footnotes

1. Amazon Q Developer uses generative AI. You may need to verify generated code before using it in your environment. See the AWS Responsible AI Policy. ↩

[coderabbitai]

Important

Review skipped

Ignore keyword(s) in the title.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch snyk-upgrade-d84f262c02eb7c11887d8a659b816247

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Summary of Changes

Hello @rajumanoj333, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request, automatically generated by Snyk, updates the @supabase/supabase-js dependency from version 2.58.0 to 2.75.0. This upgrade brings in numerous new features, improvements, and bug fixes across various Supabase client libraries, ensuring the project benefits from the latest enhancements and stability updates provided by the Supabase ecosystem.

Highlights

• Dependency Upgrade: The core @supabase/supabase-js package has been upgraded from version 2.58.0 to 2.75.0.
• Sub-package Updates: Several related Supabase client libraries, including @supabase/auth-js, @supabase/functions-js, @supabase/postgrest-js, @supabase/realtime-js, and @supabase/storage-js, have also been updated to version 2.75.0.
• New Features: This upgrade introduces new features such as embedded functions type inference for PostgREST, OAuth 2.1 client admin endpoints, and support for configuring Broadcast Replay in Realtime.
• Bug Fixes: A fix for removing trailing slashes from baseUrl normalization in the Storage client has been included.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request, automatically generated by Snyk, upgrades @supabase/supabase-js from 2.58.0 to 2.75.0. This is a good maintenance practice. Although this is a minor version bump, it spans 38 individual releases, which introduces a risk of unexpected behavior. A key change to be aware of is the deprecation of async function callbacks in onAuthStateChange starting from version 2.74.0. While the provided code files do not seem to use Supabase for authentication, it is crucial to perform thorough regression testing on any part of the application that might be using Supabase features to ensure a smooth upgrade.

[gemini-code-assist]

This upgrade to @supabase/supabase-js v2.75.0 is a significant jump of 38 versions. It's important to be aware that version 2.74.0 introduced a deprecation notice for using async functions with onAuthStateChange. While the provided code files don't appear to use this functionality, it's crucial to verify this across the entire codebase. Given the large number of intermediate versions, I strongly recommend thorough regression testing of all features that rely on Supabase to prevent any potential issues.

[amazon-q-developer]

✅ Supabase Upgrade Review - Approved

This PR successfully upgrades the Supabase JavaScript client from version 2.58.0 to 2.75.0, bringing 38 versions worth of improvements and new features.

Key Improvements:

• Enhanced TypeScript Support: New embedded functions type inference for better developer experience
• New Features: OAuth 2.1 client admin endpoints and broadcast replay configuration
• Bug Fixes: Storage baseUrl normalization fixes and various stability improvements
• Dependency Updates: Consistent node-fetch updates across all Supabase modules

Security & Compatibility:

• ✅ No breaking changes identified in the release notes
• ✅ All dependency versions are properly aligned
• ✅ Package-lock.json correctly reflects the changes
• ✅ Snyk-generated upgrade suggests no security vulnerabilities

Recommendation:

Approve and merge - This is a well-structured dependency upgrade that brings valuable improvements without introducing breaking changes. The upgrade should enhance the application's functionality and maintain security best practices.

Consider testing the application after deployment to ensure all Supabase integrations continue to work as expected, particularly any database function calls that will benefit from the new type inference.

---

Coming soon: You'll be able to request the agent to implement changes and create commits on your pull request's source branch. This may trigger any configured CI/CD workflows automatically.

You can disable any CI/CD workflow that you have configured to run on the source branch of the pull request. For more information, see Disabling and enabling a workflow in the GitHub documentation.

[amazon-q-developer]

This Supabase upgrade looks good! The jump from 2.58.0 to 2.75.0 brings significant improvements including enhanced type inference for embedded functions, OAuth 2.1 client admin endpoints, and broadcast replay configuration support. The upgrade appears to be non-breaking based on the release notes.

[amazon-q-developer]

The PostgREST upgrade from 1.21.4 to 2.75.0 is a major version bump that includes the new embedded functions type inference feature. This should provide better TypeScript support and developer experience when working with database functions.

[amazon-q-developer]

Good to see the node-fetch dependency has been updated to 2.6.15 across all Supabase modules. This ensures consistency and includes any security patches or bug fixes in the fetch implementation.

[amazon-q-developer]

The storage-js upgrade includes support for sorting in list v2 operations and fixes for baseUrl normalization. These improvements should enhance file management capabilities and resolve potential URL handling issues.

[codeant-ai]

CodeAnt AI finished reviewing your PR.