[pull] master from supabase:master#907
Merged
Merged
Conversation
…#45786) ## Problem On the Database Extensions page, the Version column takes up disproportionate horizontal space compared to the Description column, making the table harder to read. ## Fix Added `w-28` to the Version `TableHead` and its corresponding `TableCell` in `ExtensionRow`. This constrains the column to a width appropriate for short version strings and gives the Description column more room. ## How to test 1. Open a project in Studio and navigate to Database > Extensions. 2. Confirm the Version column is now narrow and the Description column has proportionally more space. 3. Verify all version strings are still fully visible (e.g. `1.4.8`, `2.5.2`). <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Style** * Fixed the "Version" column and its cells to a consistent width for improved table alignment. * Preserved monospace styling and spacing in version cells for readability. * Removed the max-width limit on comment text cells so comments can use more space while retaining hover tooltips for full text. [](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/45786) <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
…d of supabase.io (#45772) ### Summary Changed the Supabase email domain in public facing docs `security.txt` and `security-testing.mdx` <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Documentation** * Updated the official security contact email address across security documentation, testing guidelines, and policy resources to ensure users, security researchers, and developers have accurate contact information for reporting vulnerabilities and coordinating responsible disclosure efforts. [](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/45772) <!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Problem The Database report in Observability has no view of network traffic. Inbound/outbound throughput is useful for spotting saturation, large unexpected egress, or correlating spikes with disk I/O. Closes [FE-3193](https://linear.app/supabase/issue/FE-3193/add-network-in-and-out-charts). ## Fix Add a new \`network-throughput\` chart entry to \`getReportAttributesV2\` in [apps/studio/data/reports/database-charts.ts](apps/studio/data/reports/database-charts.ts), placed right before \`disk-iops\`. Uses the existing \`network_receive_bytes\` and \`network_transmit_bytes\` infra-monitoring attributes (series already exist, no backend work needed). Pattern mirrors the \`disk-throughput\` chart: bytes-per-second Y-axis, \`stackedAreaLine\` default, same \`syncId\`. \`showMaxValue\` is \`false\` because there is no provisioned network max to render as a reference line. ## Test plan - [ ] Open \`/project/<ref>/observability/database\` and confirm a "Network throughput" chart renders with two series (Network in / Network out) and a \`bytes/s\` Y-axis. - [ ] Switch the date range and confirm the chart respects it (auto-wired via \`REPORT_ATTRIBUTES.flatMap\`). - [ ] Use the global refresh button and confirm both series invalidate with the rest. 🤖 Generated with [Claude Code](https://claude.com/claude-code) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added a network throughput chart that visualizes inbound and outbound network throughput metrics with real-time speed data visualization. [](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/45747) <!-- end of auto-generated comment: release notes by coderabbit.ai --> Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
## TL;DR Policies created with a `WITH CHECK` clause in sql editor still reopen with the that section hidden and the checkbox unmarked this fixes that by restoring the saved check block when editing the policy ## Before <img width="667" height="408" alt="image" src="https://github.com/user-attachments/assets/0a859172-2ab2-444a-968c-49325505786f" /> ## After <img width="602" height="462" alt="image" src="https://github.com/user-attachments/assets/a7f5799a-e073-4b2c-807b-2997ac76edfd" /> ## ref: - Closes #45720 <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Bug Fixes** * Fixed the policy editor to properly display and enable the "with check" section when loading existing policies that contain check conditions. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
## TL:DR `cmd + enter` in the foreign key dialog was also saving the parent column too early and dropping the foreign key relation now this fix stops the parent save shortcut while the foreign key dialog is open so the relation saves properly ## before: https://github.com/user-attachments/assets/5a8040a8-d527-424b-8df8-14a794a30c43 ## after: https://github.com/user-attachments/assets/c2f058e2-e2dd-4730-b7fb-a63b181f2ac8 ## ref: - closes #45759 <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Bug Fixes** * Improved foreign key selector state management to properly reset when the column editor becomes visible, ensuring clean state between editing sessions. * Enhanced action bar visibility logic to only display when the column editor is active and the foreign key selector is closed, providing a clearer editing interface. [](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/45761) <!-- end of auto-generated comment: release notes by coderabbit.ai -->
Automated weekly decrease of ESLint ratchet baselines. Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
…45784) Four React-19-sensitive patterns that pass on React 18 today but break under React 19 (verified on the in-flight TanStack Start branch). Landing on master now so the eventual React 19 upgrade is a no-op for tests, instead of a separate cleanup pass under upgrade pressure. Each fix is a strict superset / less-fragile equivalent of the existing pattern, so master (React 18) stays green. **Changed:** - `hooks/misc/useStateTransition.ts` — fire on entry into `newTest` from any state other than `newTest`, instead of requiring exactly `prevTest → newTest`. React 18+ auto-batches dispatches across awaits (e.g. `dispatch SUBMIT` in the handler, `dispatch ERROR` in `onError`), collapsing `editing → submitting → error` into a single render where the intermediate `submitting` tick is never observed. Strict superset of the old check for our reducers — `success`/`error` are only reachable from `submitting`. - `Support/CategoryAndSeverityInfo.tsx` — guard `onValueChange` against Radix Select's spurious `''` emission. When the controlled value transitions from `undefined` to a defined value whose `SelectItem` isn't mounted yet (dropdown closed → items haven't registered), Radix's hidden `BubbleSelect` fires `onValueChange('')` and clobbers the field. No `SelectItem` can have `value=""` (Radix throws), so any `''` is guaranteed spurious — drop it before calling `field.onChange`. ([radix-ui/primitives#3381](radix-ui/primitives#3381)) - `EditSecretModal.test.tsx` — `getByLabelText` → `findByLabelText`. Under React 19's scheduling, the decrypted-value query resolves on a separate render tick, so form fields appear one tick after the skeleton. - `LogsPreviewer.test.tsx` — `addEventListener('click', spy)` instead of `loadOlder.onclick = vi.fn()`. React 19 reassigns `.onclick` on managed elements as part of its event wiring, clobbering the direct-property spy. ## To test ### Unit tests - `pnpm --filter studio test` — all unit tests pass on master (React 18) ### Support form URL prefill (Radix Select guard) - `/support/new?category=Problem` → category dropdown reads "APIs and client libraries" on first paint - `/support/new?category=dashboard_bug` → "Dashboard bug" (case-insensitive match) - `/support/new?category=invalid_garbage` → falls back to "Select an issue" placeholder, no crash - `/support/new?subject=My%20issue&message=Details%20here` → subject and message inputs are prefilled - `/support/new?projectRef=<your-ref>&category=Problem` → both project selector and category set, library selector appears - With a prefilled URL, click the category dropdown and pick a different option — the new value sticks (this is the path that surfaced the Radix bug, want to confirm we didn't break user selection) - DevTools console on first load should be clean — no React hydration mismatch warning ### Support form submit (`useStateTransition` success + error branches) - Submit a valid support form → green toast "Support request sent" appears **once**, view swaps to the success screen, one `POST /platform/feedback/send` in the network panel - Block `POST /platform/feedback/send` in DevTools → submit → red error toast appears **once** (not twice — if you see two toasts the relaxed transition is firing more than it should), form stays editable with all inputs preserved - Unblock and submit again → success path runs cleanly ### Sidebar support form (same reducer + `useStateTransition`, separate component) - Open the support widget in the side nav (`SupportSidebarForm`) - Repeat the success and error paths — should behave identically <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Bug Fixes** * Fixed category selector to prevent selected values from being unexpectedly cleared during form interactions. * **Tests** * Improved test reliability for modal field rendering and event handling assertions. * **Chores** * Clarified internal comments for form initialization logic. [](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/45784) <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Alaister Young <10985857+alaister@users.noreply.github.com>
## I have read the [CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md) file. YES ## What kind of change does this PR introduce? 1. Cleaned up older go pages and removed them from the index. Source code remains in case we ever want to look back or copy tactics. 2. Modified the Dash 2026 dinner page to reflect venue and time 3. Implemented Notion as a destination for the Dash 2026 dinner form <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Published NYC 2026 Executive Dinner page with venue (Manhatta), timing (cocktails 6:30 PM, dinner 7:00 PM), event image, and RSVP integration. * **Updates** * Thank-you page copy updated to confirm RSVP and include event timing. * RSS feed updated with new article: "Supabase Is Now an Official ChatGPT App" [](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/45733) <!-- end of auto-generated comment: release notes by coderabbit.ai -->
This PR syncs the latest troubleshooting guides from the supabase/troubleshooting repository. Co-authored-by: github-docs-bot <github-docs-bot@supabase.com> Co-authored-by: Chris Chinchilla <chris.ward@supabase.io>
…acks (#45794) ## Problem Recent database report PRs introduced `(value: any)` type annotations in recharts `tickFormatter` callbacks, pushing the `@typescript-eslint/no-explicit-any` ESLint ratchet from baseline 1014 to 1017 and blocking all PR merges. ## Fix Replace `(value: any)` with `(value: number)` in all affected `tickFormatter` callbacks across the three flagged files. Recharts always passes a number to tick formatters, so this is a safe and accurate type. ## How to test - Run `pnpm lint --filter=studio` and confirm no new `@typescript-eslint/no-explicit-any` violations appear in the three changed files - Check the ESLint ratchet count is back at or below baseline 1014 <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Refactor** * Improved type safety for Y‑axis tick formatters across observability charts (Memory, Swap, Network throughput, Disk IOPS/throughput/usage, Replication Lag), ensuring tick values are treated as numeric for more consistent chart rendering and reliability. [](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/45794) <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> Co-authored-by: Ali Waseem <waseema393@gmail.com>
#45734) ## I have read the [CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md) file. YES/NO ## What kind of change does this PR introduce? Bug fix, feature, docs update, ... ## What is the current behavior? Please link any relevant issues here. ## What is the new behavior? Feel free to include screenshots if it includes visual changes. ## Additional context Add any other context or screenshots. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Documentation** * Added Beta channel section documenting pre-release Supabase CLI installation for macOS, Windows, Linux, and npm. * Updated CLI update instructions with beta-specific commands for Homebrew, Scoop, and npm. * Enhanced troubleshooting guide with reference to beta channel documentation. [](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/45734) <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: avallete <8771783+avallete@users.noreply.github.com>
## I have read the [CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md) file. YES <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Refactor** * Simplified cookie handling in the Supabase SSR authentication middleware by streamlining the `setAll` handler to focus exclusively on cookie management, removing additional header manipulation from the response. [](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/45798) <!-- end of auto-generated comment: release notes by coderabbit.ai -->
…3206] (#45792) ## Summary Rewrites the secret API key reveal flow in `ApiKeyPill` to remove its dependency on React Query, replacing it with a lightweight custom hook. ## Changes - **`useRevealedSecret` (new hook)** A simple, reusable hook that: - Fetches the unmasked secret key via `getAPIKeysById` - Exposes `data`, `isLoading`, `reveal()`, and `clear()` - Keeps sensitive data in local component state (no global cache) - **`ApiKeyPill` (refactored)** - Removes all React Query imports (`useQueryClient`, `useAPIKeyIdQuery`, `apiKeysKeys`) - Uses `useRevealedSecret` for reveal / copy operations - Preserves existing UX: - 10-second auto-hide timer - Permission-based gating (`canManageSecretKeys`) - Loading states on toggle / copy - **`api-key-id-query.ts` (cleaned up)** - Removes the now-unused `useAPIKeyIdQuery` hook - Retains the `getAPIKeysById` fetcher for direct use ## Motivation The previous React Query–based flow had to aggressively disable caching (`staleTime: 0`, `gcTime: 0`) and manually purge queries from the cache on every interaction, which was cumbersome and leaked implementation details into the component. A plain fetch + local state is simpler and safer for transient, sensitive data. ## Testing - [x] Toggle reveal on a secret API key - [x] Verify 10-second auto-hide - [x] Copy a secret key (both revealed and unrevealed states) - [x] Verify restricted users cannot reveal/copy --- Resolves [FE-3206](https://linear.app/supabase/issue/FE-3206) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Refactor** * Improved API key reveal/copy flow: uses a dedicated reveal/clear mechanism, preserves permission checks and 10s auto-hide, and shows reveal/copy failures via user-facing toasts. Copy now falls back to masked key when needed and the reveal toggle behavior is more reliable. [](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/45792) <!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the [CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md) file. YES ## What kind of change does this PR introduce? N/A ## What is the current behavior? N/A ## What is the new behavior? N/A ## Additional context N/A <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Chores** * Updated team information in metadata. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the [CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md) file. YES ## What kind of change does this PR introduce? Bug fix (accessibility improvement in LayoutHeader) ## What is the current behavior? Icon-only buttons do not have explicit accessible names for screen readers. ## What is the new behavior? All icon-only buttons now have explicit accessible names using visually hidden text (sr-only), ensuring proper screen reader support. ## Additional context Tooltip text is preserved for visual users. No visual changes were introduced. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Accessibility** * Added hidden screen-reader labels to multiple toolbar and menu buttons (Settings, Advisor Center, AI Assistant, SQL Editor, Help) so icons are announced by assistive technologies, improving navigation and discoverability across the studio interface. [](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/45790) <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Gildas Garcia <1122076+djhi@users.noreply.github.com>
## Summary - Display a "Prepaid Credits" line in the upcoming invoice breakdown, shown directly below Current Costs when the upcoming invoice contains a `Prepaid Credits` line item - Surfaces the credit amount being applied (e.g. `-$300`) so users can see how prepaid credits offset their projected bill - Consolidates the projected tax items into the tooltip for `Projected Costs` <img width="1416" height="426" alt="image" src="https://github.com/user-attachments/assets/b3455e82-d03b-40c3-ad5f-493a56004ddf" /> ## Test plan - [x] On an org with prepaid credits applied, verify the "Prepaid Credits" row appears below Current Costs with the negative amount and a tooltip showing the backend description - [x] On an org without prepaid credits, verify the row is not rendered <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit ## Summary by CodeRabbit * **Improvements** * Clarified the "Upcoming Invoice" explanatory copy for non–AWS Marketplace-managed organizations: it now notes the invoice will continue updating until the end of your billing cycle. * Improved invoice breakdown: compute charges and compute credits are distinguished, and a dedicated "Prepaid Credits" row is shown before projected costs for clearer billing totals. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
…45799) ## I have read the [CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md) file. YES ## What kind of change does this PR introduce? docs update <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Documentation** * Updated email template customization guide to document two additional template variables: `RedirectTo` (auth method redirect destination accessible via the `next` query parameter) and `Data` (user metadata) for local development templates. [](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/45799) <!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Show notice when plan fee is prepaid for the upcoming invoice When a subscription's plan fee has already been billed for the current period (e.g. transitioning to in-arrears billing), the upcoming invoice no longer contains a plan line item. Previously this rendered as an empty plan row with a `-`, which was confusing. <img width="2178" height="538" alt="image" src="https://github.com/user-attachments/assets/1fa289d9-60ae-48b1-b779-34770bc2c242" /> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Billing breakdown now detects when the plan fee was already paid upfront, hides the redundant plan line, and notes only usage will be invoiced; shows the organization plan name when available. * Backup restoration: added an optional recovery time target for physical backups. * Expanded supported AWS instance types for deployments. * **UI** * Compute and Replica Compute docs links now use inline linking for a smoother in-app experience. [](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/45765) <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/45786){kind=link}
](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/45772){kind=link}
](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/45747){kind=link}
](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/45761){kind=link}
](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/45784){kind=link}
](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/45733){kind=link}
](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/45794){kind=link}
](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/45734){kind=link}
](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/45798){kind=link}
](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/45792){kind=link}
](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/45790){kind=link}
](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/45799){kind=link}
](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/45765){kind=link}
github-actions
Bot
added
the
documentation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
12 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )