supabase

lywsvip/supabase

Fork 0

mirror of https://github.com/supabase/supabase.git synced 2026-05-07 23:19:23 +08:00

Commit Graph

Author	SHA1	Message	Date
Ivan Vasilov	83edf14a23	chore: Bump vulnerable dependencies (#44428 ) This PR bumps various dependencies to fix vulnerabilities. The logic for bumping packages has been taken out of `fix-audit-vulnerability` into a `bump-package` script. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit ## Release Notes * Chores * Removed unused development dependency from generator package * Updated package version overrides and vulnerability management configuration to address security concerns * Enhanced internal package dependency maintenance tooling for improved operational efficiency <!-- end of auto-generated comment: release notes by coderabbit.ai -->	2026-04-01 13:10:37 +02:00
Ivan Vasilov	e671676696	chore: Bump vulnerable dependencies (#44180 ) Each dependency was bumped in its commit.	2026-03-25 14:02:11 +01:00
Ivan Vasilov	b03866f023	chore: Bump vulnerable dependencies (#43148 ) This pull request primarily updates dependencies across the project to their latest versions, improving compatibility, security, and performance. It also modifies configuration files to align with the current package management setup. Dependency upgrades (core libraries and tools): Bumps dependencies to solve the following issues: - https://github.com/supabase/supabase/security/dependabot/2855 - https://github.com/supabase/supabase/security/dependabot/2844 - https://github.com/supabase/supabase/security/dependabot/2860 - https://github.com/supabase/supabase/security/dependabot/2815 - https://github.com/supabase/supabase/security/dependabot/2774 - https://github.com/supabase/supabase/security/dependabot/2836 - https://github.com/supabase/supabase/security/dependabot/2816 - https://github.com/supabase/supabase/security/dependabot/2778 - https://github.com/supabase/supabase/security/dependabot/2790 - https://github.com/supabase/supabase/security/dependabot/2793 Configuration and lock file updates: * Changed `.prettierignore` to ignore `pnpm-lock.yaml` instead of `package-lock.json`, reflecting the switch to pnpm as the package manager. * Updated dependency overrides in `pnpm-lock.yaml` for `tar` and `fast-xml-parser` to ensure consistent versions across the workspace. These updates collectively ensure the project stays current with its dependencies, reduces potential vulnerabilities, and improves overall stability and maintainability.	2026-03-02 17:07:55 +01:00

Author

SHA1

Message

Date

Ivan Vasilov

83edf14a23

chore: Bump vulnerable dependencies (#44428 )

This PR bumps various dependencies to fix vulnerabilities. 

The logic for bumping packages has been taken out of
`fix-audit-vulnerability` into a `bump-package` script.

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

## Release Notes

* **Chores**
  * Removed unused development dependency from generator package
* Updated package version overrides and vulnerability management
configuration to address security concerns
* Enhanced internal package dependency maintenance tooling for improved
operational efficiency

<!-- end of auto-generated comment: release notes by coderabbit.ai -->

2026-04-01 13:10:37 +02:00

Ivan Vasilov

e671676696

chore: Bump vulnerable dependencies (#44180 )

Each dependency was bumped in its commit.

2026-03-25 14:02:11 +01:00

Ivan Vasilov

b03866f023

chore: Bump vulnerable dependencies (#43148 )

This pull request primarily updates dependencies across the project to
their latest versions, improving compatibility, security, and
performance. It also modifies configuration files to align with the
current package management setup.

Dependency upgrades (core libraries and tools):
Bumps dependencies to solve the following issues:
- https://github.com/supabase/supabase/security/dependabot/2855
- https://github.com/supabase/supabase/security/dependabot/2844
- https://github.com/supabase/supabase/security/dependabot/2860
- https://github.com/supabase/supabase/security/dependabot/2815
- https://github.com/supabase/supabase/security/dependabot/2774
- https://github.com/supabase/supabase/security/dependabot/2836
- https://github.com/supabase/supabase/security/dependabot/2816
- https://github.com/supabase/supabase/security/dependabot/2778
- https://github.com/supabase/supabase/security/dependabot/2790
- https://github.com/supabase/supabase/security/dependabot/2793

Configuration and lock file updates:

* Changed `.prettierignore` to ignore `pnpm-lock.yaml` instead of
`package-lock.json`, reflecting the switch to pnpm as the package
manager.
* Updated dependency overrides in `pnpm-lock.yaml` for `tar` and
`fast-xml-parser` to ensure consistent versions across the workspace.

These updates collectively ensure the project stays current with its
dependencies, reduces potential vulnerabilities, and improves overall
stability and maintainability.

2026-03-02 17:07:55 +01:00

3 Commits