<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Upgraded the UUID library to a newer major version across apps and
removed a now-unneeded dev dependency.
* Pinned PostCSS to a workspace-specific version to stabilize builds.
* **Refactor**
* Improved internal identifier generation for more consistent behavior
without changing outward functionality.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
This PR migrates the whole monorepo to use Tailwind v4:
- Removed `@tailwindcss/container-queries` plugin since it's included by
default in v4,
- Bump all instances of Tailwind to v4. Made minimal changes to the
shared config to remove non-supported features (`alpha` mentions),
- Migrate all apps to be compatible with v4 configs,
- Fix the `typography.css` import in 3 apps,
- Add missing rules which were included by default in v3,
- Run `pnpm dlx @tailwindcss/upgrade` on all apps, which renames a lot
of classes
- Rename all misnamed classes according to
https://tailwindcss.com/docs/upgrade-guide#renamed-utilities in all
apps.
---------
Co-authored-by: Jordi Enric <jordi.err@gmail.com>
This PR preps the monorepo for a migration to Tailwind v4:
- Bump all Tailwind dependencies and libraries to the latest possible
version, while still compatible with Tailwind 3.
- Cleans up obsolete Tailwind 3 specific options and configs.
- Cleans up unused CSS files and fixes the CSS imports.
- Migrates all `important` uses in `@apply` lines to using the `!`
prefix.
- Move `typography.css` to the `config` package and import it from the
apps.
- Migrated all occurrences of `flex-grow`, `flex-shrink`,
`overflow-clip` and `overflow-ellipsis` since they're deprecated and
will be removed in Tailwind 4.
- Make the default theme object typesafe in the `ui` package.
- Migrate all `bg-opacity`, `border-opacity`, `ring-opacity` and
`divider-opacity` to the new format where they're declared as part of
the property color.
- Bump and unify all imports of `postcss` dependency.
## Problem
In order to update to react 19, we need to update several dependencies
## Solution
- migrate to the `radix` umbrella package to ease upgrade
- update some dependencies
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Consolidated Radix UI usage to a single unified package across apps
and packages, updated package manifests and workspace catalog entries.
No user-facing behavior, visuals, or public APIs changed.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Ivan Vasilov <vasilov.ivan@gmail.com>
Bumps braintrust from 3.4.0 to ~~3.7.1~~ 3.9.0
~~Notable fix: v3.7.0 preserves the returned promise in tracing channel
hooks, which should resolve incorrect duration reporting in the
dashboard (braintrustdata/braintrust-sdk-javascript#1617)~~
3.9.0 includes this fix for double counted durations
https://github.com/braintrustdata/braintrust-sdk-javascript/pull/1769
See eval results in comment below, this fixes the issue where LLM
Duration was clocking in larger than total Duration.
<img width="2384" height="1548" alt="CleanShot 2026-04-21 at 09 27
36@2x"
src="https://github.com/user-attachments/assets/7ad5a75c-e3c4-44e1-98d8-ad4849049f7a"
/>
Closes AI-578
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Updated Braintrust dependency to version 3.9.0
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Upgrade vite and vitest to their latest major versions across the
monorepo, along with related packages.
**Changed:**
- `vite` catalog: `^7.3.2` → `^8.0.8` (Rolldown replaces esbuild/Rollup)
- `vitest` catalog: `^3.2.0` → `^4.1.4`
- `@vitejs/plugin-react`: `^4.3.4` → `^6.0.1`
- `@vitest/coverage-v8`: `^3.2.0` → `^4.1.4`
- `@vitest/ui`: `^3.2.0` → `^4.1.4`
- `vite-tsconfig-paths`: `^4.3.2` / `^5.1.4` → `^6.1.1`
**Pinned to vite 7:**
- `apps/lite-studio` — `@react-router/dev` hasn't declared vite 8
support yet
- `blocks/vue` — Nuxt plugins (`vite-plugin-inspect`, `vite-dev-rpc`,
`vite-hot-client`, `vite-plugin-vue-tracer`) haven't declared vite 8
support yet
**Test fixes for vitest 4 breaking changes:**
- **`apps/studio/lib/api/snippets.utils.test.ts`** — Replaced
`vi.mock('fs/promises')` automock with an explicit factory. Vitest 4's
automocking doesn't create mock functions for getter-based exports on
Node built-ins, so `mockedFS.access.mockResolvedValue` etc. were
`undefined`.
- **`apps/studio/lib/api/self-hosted/functions/index.test.ts`** —
Changed `mockReturnValue` to `mockImplementation(function() { ... })`
for a constructor mock. Vitest 4 no longer allows `mockReturnValue` when
the mock is called with `new`.
- **`apps/studio/tests/pages/api/mcp/index.test.ts`** — Changed arrow
function to regular `function` in `mockImplementation` for
`StreamableHTTPServerTransport`. Arrow functions can't be constructors,
and vitest 4 now enforces this.
- **`packages/ui-patterns/vitest.setup.ts`** — Changed `ResizeObserver`
mock from arrow function to regular `function` for the same constructor
enforcement reason. This was crashing Radix popover rendering in jsdom.
## To test
- `pnpm test:studio` — all 226 test files should pass
- `pnpm --filter ui-patterns vitest run` — all 183 tests should pass
- `pnpm --filter www test -- --run` — all 19 tests should pass
- `pnpm --filter ui vitest run` — all tests should pass
- `pnpm --filter dev-tools vitest run` — all tests should pass
- `pnpm --filter ai-commands vitest run` — all tests should pass
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Standardized and updated development tooling versions and version
sources for consistent installs across the repo (Vite, Vitest,
vite-tsconfig-paths and related plugins/catalog entries).
* **Tests**
* Improved test mocks and typings (updated mock
factories/implementations and tightened spy/type assertions) to increase
test reliability and compatibility with updated tooling.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Alaister Young <10985857+alaister@users.noreply.github.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Updated Next.js dependency versions across applications
* Updated TanStack React Router and React Start packages to newer
versions
* Updated workspace package configuration overrides
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
* Add `@supabase/ssr` to catalog
* Use `catalog:` version of `@supabase/ssr` across repo
* Add workflow to update `@supabase/ssr`
* Switch runners for package and docs updates to `ubuntu-latest` (free,
lighter)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Centralized `@supabase/ssr` versioning across the workspace via the
package catalog.
* Updated CI workflow runners to a more consistent execution
environment.
* Added an automated workflow to streamline updating the `@supabase/ssr`
package and refreshing dependency lockfiles.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Next.js 16.2
• Up to ~60% faster rendering
• Up to ~400% faster 𝚗𝚎𝚡𝚝 𝚍𝚎𝚟 startup
• Server Function 𝚍𝚎𝚟 logging
• Redesigned error page
• Better hydration errors
• 𝙴𝚛𝚛𝚘𝚛.𝚌𝚊𝚞𝚜𝚎 display in error overlay
https://nextjs.org/blog/next-16-2
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Updated core build/dev tooling versions for more predictable installs
(analyzer and Turbo bumped).
* Relaxed workspace release gating by reducing minimum release age and
narrowing the list of tooling exclusions, streamlining staged upgrades.
* No runtime or public API changes; configuration and tooling-only
updates.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Bumped core dependency pins: lodash and lodash-es updated to ^4.18.1;
vite updated to ^7.3.2 for stability and compatibility.
* Updated release-exclusion configuration to shift focus away from
several older packages and prioritize maintenance of currently used
libraries, reducing noise in release workflows.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
This pull request refactors the Turbo build configuration by moving each
app's build settings from the root `turbo.json` file into their own
dedicated `turbo.jsonc` files within each app's directory. The root
configuration is simplified to only include generic tasks, improving
maintainability and clarity.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Updated Turbo to v2.9.3 to improve build performance and stability.
* Reorganized and added per-app build pipeline configurations to
streamline builds and caching across the workspace.
* Removed a Tailwind container-queries plugin from one app's styling
setup.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
* **New Features**
* Introduced new Lite Studio application with project management
dashboard
* Added project overview page with status monitoring and quick actions
* Added database browser and project settings management interfaces
* **Chores**
* Added Docker support for containerized deployment
* Added comprehensive project documentation
* Updated workspace configuration
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
This PR bumps various dependencies to fix vulnerabilities.
The logic for bumping packages has been taken out of
`fix-audit-vulnerability` into a `bump-package` script.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
* **Chores**
* Removed unused development dependency from generator package
* Updated package version overrides and vulnerability management
configuration to address security concerns
* Enhanced internal package dependency maintenance tooling for improved
operational efficiency
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
This PR updates @supabase/*-js libraries to version 2.100.1.
**Source**: supabase-js-stable-release
**Changes**:
- Updated @supabase/supabase-js to 2.100.1
- Updated @supabase/auth-js to 2.100.1
- Updated @supabase/realtime-js to 2.100.1
- Updated @supabase/postgest-js to 2.100.1
- Refreshed pnpm-lock.yaml
This PR was created automatically.
Edit by @mandarini:
Fix type error in `lib/events.ts` caused by `supabase-js` `v2.100.1`
adding strict column name validation to `.eq()`. Updated the `meetups`
table definition in `database.types.ts` to include missing columns
(`is_published`, `country`, `start_at`, `launch_week`).
---------
Co-authored-by: supabase-workflow-trigger[bot] <266661614+supabase-workflow-trigger[bot]@users.noreply.github.com>
Co-authored-by: Katerina Skroumpelou <sk.katherine@gmail.com>
This PR updates @supabase/*-js libraries to version 2.100.0.
**Source**: supabase-js-stable-release
**Changes**:
- Updated @supabase/supabase-js to 2.100.0
- Updated @supabase/auth-js to 2.100.0
- Updated @supabase/realtime-js to 2.100.0
- Updated @supabase/postgest-js to 2.100.0
- Refreshed pnpm-lock.yaml
This PR was created automatically.
Co-authored-by: supabase-workflow-trigger[bot] <266661614+supabase-workflow-trigger[bot]@users.noreply.github.com>
This PR updates @supabase/*-js libraries to version 2.100.0-canary.0.
**Source**: manual
**Changes**:
- Updated @supabase/supabase-js to 2.100.0-canary.0
- Updated @supabase/auth-js to 2.100.0-canary.0
- Updated @supabase/realtime-js to 2.100.0-canary.0
- Updated @supabase/postgest-js to 2.100.0-canary.0
- Refreshed pnpm-lock.yaml
This PR was created automatically.
Co-authored-by: mandarini <6603745+mandarini@users.noreply.github.com>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Adds a new Realtime Monaco component to the UI Library, enabling
collaborative code editing with Supabase Realtime synchronization using
Monaco Editor and Yjs.
## Additional context
This is WIP and used for discuss further changes to the y-supabase
provider.
## Demo
https://github.com/user-attachments/assets/84a761e5-73bb-478e-979a-682121ffee89
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
## Release Notes
* **New Features**
* Added a new Realtime Monaco collaborative code editor component with
real-time synchronization support across multiple frameworks (Next.js,
React, React Router, Tanstack).
* **Documentation**
* Added comprehensive documentation and usage guides for the Realtime
Monaco component across all supported frameworks.
* **Dependencies**
* Added Monaco editor, Yjs, y-monaco, and Supabase collaboration
packages.
<sub>✏️ Tip: You can customize this high-level summary in your review
settings.</sub>
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Ivan Vasilov <vasilov.ivan@gmail.com>
This PR updates @supabase/*-js libraries to version 2.99.1.
**Source**: supabase-js-stable-release
**Changes**:
- Updated @supabase/supabase-js to 2.99.1
- Updated @supabase/auth-js to 2.99.1
- Updated @supabase/realtime-js to 2.99.1
- Updated @supabase/postgest-js to 2.99.1
- Refreshed pnpm-lock.yaml
This PR was created automatically.
Co-authored-by: supabase-workflow-trigger[bot] <266661614+supabase-workflow-trigger[bot]@users.noreply.github.com>
This PR updates @supabase/*-js libraries to version 2.99.0.
**Source**: supabase-js-stable-release
**Changes**:
- Updated @supabase/supabase-js to 2.99.0
- Updated @supabase/auth-js to 2.99.0
- Updated @supabase/realtime-js to 2.99.0
- Updated @supabase/postgest-js to 2.99.0
- Refreshed pnpm-lock.yaml
This PR was created automatically.
Co-authored-by: supabase-releaser[bot] <223506987+supabase-releaser[bot]@users.noreply.github.com>
## Problem
On Safari, it's impossible to resize a column.
## Solution
This is actually a bug in `react-data-grid` that has been fixed in more
recent versions but we can't use them.
Patch the package
## How to test
- Open the any table in the _Table editor_
- Resize a column
This PR updates @supabase/*-js libraries to version 2.98.1-canary.0.
**Source**: manual
**Changes**:
- Updated @supabase/supabase-js to 2.98.1-canary.0
- Updated @supabase/auth-js to 2.98.1-canary.0
- Updated @supabase/realtime-js to 2.98.1-canary.0
- Updated @supabase/postgest-js to 2.98.1-canary.0
- Refreshed pnpm-lock.yaml
This PR was created automatically.
Co-authored-by: mandarini <6603745+mandarini@users.noreply.github.com>
Co-authored-by: Katerina Skroumpelou <mandarini@users.noreply.github.com>
This PR updates @supabase/*-js libraries to version 2.98.0.
**Source**: supabase-js-stable-release
**Changes**:
- Updated @supabase/supabase-js to 2.98.0
- Updated @supabase/auth-js to 2.98.0
- Updated @supabase/realtime-js to 2.98.0
- Updated @supabase/postgest-js to 2.98.0
- Refreshed pnpm-lock.yaml
This PR was created automatically.
Co-authored-by: supabase-releaser[bot] <223506987+supabase-releaser[bot]@users.noreply.github.com>
This PR updates @supabase/*-js libraries to version 2.97.1-canary.3.
**Source**: manual
**Changes**:
- Updated @supabase/supabase-js to 2.97.1-canary.3
- Updated @supabase/auth-js to 2.97.1-canary.3
- Updated @supabase/realtime-js to 2.97.1-canary.3
- Updated @supabase/postgest-js to 2.97.1-canary.3
- Refreshed pnpm-lock.yaml
This PR was created automatically.
Co-authored-by: mandarini <6603745+mandarini@users.noreply.github.com>
This pull request standardizes the usage of props and value types for
the `ResizablePanelGroup` and `ResizablePanel` components across
multiple files in the codebase. Specifically, it replaces the deprecated
`direction` prop with `orientation`, and updates numeric prop values
(such as `defaultSize`, `minSize`, and `maxSize`) to be passed as
strings. This ensures consistency with the updated component API and
improves type safety.
**Component API Updates:**
* Replaced the `direction` prop with `orientation` for all usages of
`ResizablePanelGroup`
* Updated all `ResizablePanel` props (`defaultSize`, `minSize`,
`maxSize`) to be passed as strings instead of numbers, ensuring
compatibility with the latest API requirements.
* Removed deprecated or unnecessary props such as `order` from
`ResizablePanel` components, and ensured all size-related props are
consistently formatted as strings.
This PR updates @supabase/*-js libraries to version 2.97.1-canary.0.
**Source**: manual
**Changes**:
- Updated @supabase/supabase-js to 2.97.1-canary.0
- Updated @supabase/auth-js to 2.97.1-canary.0
- Updated @supabase/realtime-js to 2.97.1-canary.0
- Updated @supabase/postgest-js to 2.97.1-canary.0
- Refreshed pnpm-lock.yaml
This PR was created automatically.
Co-authored-by: mandarini <6603745+mandarini@users.noreply.github.com>
This PR updates @supabase/*-js libraries to version 2.97.0.
**Source**: supabase-js-stable-release
**Changes**:
- Updated @supabase/supabase-js to 2.97.0
- Updated @supabase/auth-js to 2.97.0
- Updated @supabase/realtime-js to 2.97.0
- Updated @supabase/postgest-js to 2.97.0
- Refreshed pnpm-lock.yaml
This PR was created automatically.
Co-authored-by: supabase-releaser[bot] <223506987+supabase-releaser[bot]@users.noreply.github.com>
## I have read the CONTRIBUTING.md file.
YES
## What kind of change does this PR introduce?
Dependency upgrade (next-mdx-remote v4 → v6)
## What is the current behavior?
The docs app uses next-mdx-remote v4.4.1 with MDX v2.
## What is the new behavior?
- Upgraded to next-mdx-remote v6.0.0 (uses MDX v3)
- Updated @mdx-js/loader and @mdx-js/react to v3
- Upgraded remark-gfm to v4 for MDX v3 compatibility
- Removed deprecated `useDynamicImport` option (now default)
- Added `blockJS: false` to preserve JS expressions in MDX content
Build compiles successfully. Testing shows the same pre-existing
prerender error on /guides/troubleshooting as on master (supabaseUrl is
required).
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Upgraded MDX and markdown tooling to major releases (MDX v3,
next-mdx-remote v6, remark-gfm v4).
* Adjusted MDX serialization to disable embedded JS handling and remove
legacy dynamic-import behavior for more consistent rendering of docs,
guides, and code examples.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Claude Haiku 4.5 <noreply@anthropic.com>
This PR updates the TanStack blocks to the latest versions of their
libs. There were some minor renames in the functions. Everything should
work the same.
How to test:
1. Install the block for password-based auth and social auth
2. Follow the instructions from
https://supabase.com/ui/docs/tanstack/password-based-auth
Also fixes
https://github.com/supabase/supabase/security/dependabot/2674.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Updated @tanstack/react-router and @tanstack/react-start to v1.150.0,
bringing latest improvements and stability enhancements.
* Refactored internal server-side utilities to align with updated
library APIs, improving code maintainability without affecting user
experience.
* Added development dependency for build tooling support.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
This PR updates @supabase/*-js libraries to version 2.95.3.
**Source**: supabase-js-stable-release
**Changes**:
- Updated @supabase/supabase-js to 2.95.3
- Updated @supabase/auth-js to 2.95.3
- Updated @supabase/realtime-js to 2.95.3
- Updated @supabase/postgest-js to 2.95.3
- Refreshed pnpm-lock.yaml
This PR was created automatically.
Co-authored-by: supabase-releaser[bot] <223506987+supabase-releaser[bot]@users.noreply.github.com>
Co-authored-by: Katerina Skroumpelou <mandarini@users.noreply.github.com>
`esm.sh` does not work, so we will revert this version for now.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Downgraded Supabase packages (@supabase/auth-js,
@supabase/postgrest-js, @supabase/realtime-js, @supabase/supabase-js)
from version 2.95.0 to 2.94.1.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
This PR updates @supabase/*-js libraries to version 2.95.0.
**Source**: supabase-js-stable-release
**Changes**:
- Updated @supabase/supabase-js to 2.95.0
- Updated @supabase/auth-js to 2.95.0
- Updated @supabase/realtime-js to 2.95.0
- Updated @supabase/postgest-js to 2.95.0
- Refreshed pnpm-lock.yaml
This PR was created automatically.
Co-authored-by: supabase-releaser[bot] <223506987+supabase-releaser[bot]@users.noreply.github.com>
This PR updates @supabase/*-js libraries to version 2.94.1.
**Source**: supabase-js-stable-release
**Changes**:
- Updated @supabase/supabase-js to 2.94.1
- Updated @supabase/auth-js to 2.94.1
- Updated @supabase/realtime-js to 2.94.1
- Updated @supabase/postgest-js to 2.94.1
- Refreshed pnpm-lock.yaml
This PR was created automatically.
Co-authored-by: supabase-releaser[bot] <223506987+supabase-releaser[bot]@users.noreply.github.com>
https://linear.app/supabase/issue/FE-2226/fix-incorrect-baseline-and-max-iopsthroughput-values
- Centralized compute/disk limits in
packages/shared-data/compute-disk-limits.ts (MB/s, baseline+max
IOPS/throughput) and re-exported from shared-data.
- Hooked Docs compute/disk table into shared data, converted docs
text/table to MB/s baseline/max.
- Removed duplicated compute IOPS/throughput constants from Studio,
Studio now imports shared data.
- Updated Studio disk schema: compute-aware MAX IOPS/throughput
validation (MB/s), defaults computeSize to ci_micro, and gp3/io2 checks
use compute caps.
- Clarified disk update mutation to send throughput as MB/s despite
backend throughput_mbps field name.
- Added tests for compute-size mappings and IOPS helper logic.
- Added Infra ownership for shared compute/disk data in CODEOWNERS.
- Locked zod version via catalog and added zod dep to shared-data.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added a reusable Compute Disk Limits table and centralized compute
disk limits dataset for dynamic display.
* **Documentation**
* Replaced static per-size tables with a component-driven MB/s view;
clarified baseline vs. burst behavior and updated guides and
troubleshooting.
* **Bug Fixes**
* Validation and UI guidance now honor compute-size limits for IOPS and
throughput.
* **Tests**
* Expanded unit tests for sizing, mappings, and edge cases.
* **Chores**
* Published shared-data exports, added a validation schema, pinned a
dependency, and added ownership entries.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
This PR updates @supabase/*-js libraries to version 2.93.2.
**Source**: supabase-js-stable-release
**Changes**:
- Updated @supabase/supabase-js to 2.93.2
- Updated @supabase/auth-js to 2.93.2
- Updated @supabase/realtime-js to 2.93.2
- Updated @supabase/postgest-js to 2.93.2
- Refreshed pnpm-lock.yaml
This PR was created automatically.
Co-authored-by: supabase-releaser[bot] <223506987+supabase-releaser[bot]@users.noreply.github.com>
