Skip to content

chore: production deploy#5471

Merged
jgoux merged 37 commits into
mainfrom
develop
Jun 4, 2026
Merged

chore: production deploy#5471
jgoux merged 37 commits into
mainfrom
develop

Conversation

@supabase-cli-releaser
Copy link
Copy Markdown
Contributor

@supabase-cli-releaser supabase-cli-releaser Bot commented Jun 4, 2026

supabase-cli-releaser Bot and others added 30 commits June 2, 2026 10:10
@supabase-cli-releaser
chore: sync API types from infrastructure (#5417)
4543ce6 
This PR was automatically created to sync API types from the
infrastructure repository.

Changes were detected in the generated API code after syncing with the
latest spec from infrastructure.

Co-authored-by: supabase-cli-releaser[bot] <246109035+supabase-cli-releaser[bot]@users.noreply.github.com>
@jgoux
fix(cli): read Go Windows credentials in legacy TS (#5418)
a274c02 
Fixes #5415

Fixes a credential lookup mismatch between the Go CLI and the legacy
TypeScript CLI on Windows.

The Go keyring implementation writes Windows credentials with an
explicit target in the form `Supabase CLI:<profile>`, while the legacy
TypeScript credentials layer only checked the default `@napi-rs/keyring`
entry. As commands are ported from Go to TypeScript, this meant a token
written by Go login could be missed by legacy TS command code.

This adds a fallback read/delete path for the Go Windows target while
preserving the existing default keyring lookup and filesystem fallback
behavior. The legacy credentials unit tests now cover reading and
deleting credentials stored with the Go Windows target shape.
@jgoux
fix(ci): pass release channel to PR smoke workflow (#5419)
8680362 
The PR smoke workflow calls `release-shared.yml`, which declares
`channel` as a required `workflow_call` input.

Because `smoke-test-pr.yml` did not pass that input, GitHub rejected the
workflow during startup before creating any jobs. This adds `channel:
beta` to the PR smoke workflow call, matching the prerelease semantics
used by the release workflow while keeping `dry_run: true` for PR
validation.
@jgoux
fix(cli): enable vector buckets by default (#5421)
39bf0e7 
## Summary

Enable local storage vector bucket support by default in generated CLI
config.

This makes fresh and missing `storage.vector.enabled` config paths opt
in to vector buckets automatically, while still allowing users to
explicitly disable the feature with `enabled = false`.

The local start happy path now expects the default vector bucket seed
call so the test coverage matches the new behavior.
@Coly010
fix(cli): bind a free port for edge-runtime diff containers (#5424)
83e5b94 
## What changed

The schema diff path (`supabase db pull` and friends) executes one-shot
scripts — migra, pg-delta, pgcache — by running `edge-runtime start
--main-service=.` inside a container. Both call sites
(`RunEdgeRuntimeScript` in `internal/utils/edgeruntime.go` and
`diffWithStream` in `internal/db/diff/diff.go`) launched it with
`NetworkMode: host` but **without** a `--port` flag.

`edge-runtime start` is an HTTP server and always binds a TCP listener.
With no explicit port it bound the edge-runtime **default** port, and
with host networking that bind landed directly in the host (Docker VM)
network namespace. When the port was already taken — a leftover diff
container from an interrupted run, the local stack, or anything else on
that port — the bind failed and the container exited 1.

This change adds a shared `EdgeRuntimeStartCmd` helper that allocates a
free host port and passes it as `--port`, used by both call sites, so
concurrent or leftover one-shot containers no longer contend for the
default port. On the rare port-allocation failure it falls back to the
previous portless command.

## Why

Reported in #5407: `supabase db pull` on Windows fails at "Diffing
schemas..." with `Error: Address already in use (os error 98)`. Host
networking on Docker Desktop (Windows/macOS) shares the VM namespace and
makes the default-port collision far more likely. `functions serve` was
never affected because it already passes an explicit `--port`
(`serve.go:190`).

## Reviewer notes

- Covers all diff engines that go through `RunEdgeRuntimeScript`: migra,
pg-delta (×3), pgcache, apply — plus the streaming `diffWithStream`.
- With Docker Desktop host networking the port is probed on the real
host while the bind happens in the VM namespace, so a probed-free port
isn't strictly guaranteed free in the VM. Moving off the single shared
default to a random ephemeral port removes virtually all real-world
collisions; a fully bulletproof fix would be moving these containers to
bridge networking with port mapping (like `serve.go`), which can follow
separately.

Fixes #5407
@jgoux
ci(cli): publish pkg.pr.new previews after preview builds (#5420)
1dfe7d5 
## Summary

Adds pkg.pr.new preview publishing for internal PRs after the normal
Test workflow passes. The preview workflow resolves the current PR head,
skips draft/fork/stale runs, builds the legacy release-shaped CLI
artifacts, publishes all platform wrapper packages plus apps/cli to
pkg.pr.new, verifies the PR-scoped npx command, and updates a single PR
comment with the latest preview command.

Extracts the shared CLI artifact build into a reusable workflow so
production releases, manual release smoke tests, and PR previews all
build the same packages/dist artifact shape. Release publishing still
runs the full smoke matrix before npm/GitHub/Homebrew/Scoop publication,
while manual release smoke is available through a dedicated dry-run
workflow.

Adds pkg-pr-new as a root dev dependency and keeps the Windows release
smoke coverage aligned with the published artifacts by checking the
native wrapper, release tarball, and Scoop install paths.

## Reviewer Notes

The preview flow intentionally posts its own pkg.pr.new comment because
it runs after Test via workflow_run and needs to publish the stable
PR-scoped command, not a commit-SHA-only command.
@Coly010
feat(ci): notify Slack on release failures regardless of channel (#5425)
a742618 
## What changed

The release pipeline only posted to Slack on **success** and only for
the **stable** channel (`notify-slack` in `release.yml`). A failed
release on any channel — alpha, beta, or stable — was silent in Slack;
the only signal was GitHub's red badge / email.

This adds failure reporting:

- **`release.yml`** — new `notify-slack-failure` job gated on `failure()
&& needs.plan.outputs.dry_run != 'true'`. `failure()` evaluates over the
`[plan, release]` `needs` chain, so it fires whenever `plan` or
`release` (and anything inside the reusable `release-shared.yml`) fails,
on **every channel**. Skipped jobs (the fast-forward path, a release
that never started) and dry runs stay quiet. The existing success
notifier now passes `status: success` explicitly; its behavior is
unchanged (still stable-only).
- **`slack-notify.yml`** — new `status` input (`success` | `failure`,
default `success`). Failures render a ❌ message with channel, commit,
and a link to the failed run. When the planning step itself fails its
outputs are empty, so version/channel fall back to `unknown` and the run
link carries the actionable detail.

## Reviewer notes

The heredoc terminators (`EOF`) must stay at the `run:` block's base
indentation (10 spaces) so YAML strips them to column 0 for bash —
they're intentionally not indented to match the surrounding `if`/`else`
nesting. Reindenting them would silently break the JSON payload.
@7ttp @Coly010
feat(cli): port telemetry (#5422)
959e9b5 
## TL;DR

ports `supabase telemetry` to native ts

## What’s introduced

native ts implementations for `telemetry enable`, `telemetry disable`,
and `telemetry status`
telemetry state handling in ts, including malformed state recovery and
session refresh
& coverage for telemetry state behavior

## ref

- closes CLI-1309

---------

Co-authored-by: Colum Ferry <cferry09@gmail.com>
@jgoux
docs(cli): modernize README and add installer (#5428)
6aac73b 
## Summary

Refreshes the root README with a cleaner, more modern first impression
inspired by opencode: a centered Supabase CLI lockup, focused npm/build
badges, a compact installation block, and a shorter project-start flow.

Adds a first-party `install` script for curl-based installs. The script
detects platform and architecture, supports version-pinned installs,
verifies release checksums when available, preserves the companion
`supabase-go` binary from release archives, and handles Alpine/musl
installs via the published `.apk` package.

Also uploads the installer as part of future GitHub Releases so release
consumers can use the script as a stable artifact.
@jgoux
fix(docker): check Supabase image updates hourly (#5429)
cd3e082 
## What changed

Docker Dependabot now checks the CLI template image pins hourly instead
of daily.

Supabase-owned Docker images are excluded from the 7-day cooldown, so
new service image releases can surface quickly while non-Supabase images
keep the existing cooldown.

## Why

Supabase service image releases, such as Studio updates, need to be
available to the CLI promptly after release. The existing cooldown
delayed those Dependabot PRs even though they are first-party release
inputs.
@jgoux
ci(cli): publish pkg.pr.new previews on pull requests (#5427)
250bb9f 
## Summary

Simplifies preview publishing to match the pkg.pr.new pull_request
model. The preview workflow now runs directly on non-draft PRs to
develop, builds the legacy release-shaped CLI artifacts, publishes all
platform wrapper packages plus apps/cli to pkg.pr.new with comments
disabled, and logs/verifies the PR-scoped npx command.

This removes the workflow_run dependency on Test, the same-repo-only
fork guard, and the custom github-actions PR comment. Fork PRs can now
get previews through GitHub's normal fork workflow approval model
without granting issue/comment write permissions to the preview
workflow.
@jgoux
fix(docker): restore daily Dependabot schedule (#5430)
c96e6c3 
## What changed

Restores the Docker Dependabot cron expression to the known-good
once-daily schedule.

The `supabase/*` cooldown exclusion remains in place, so first-party
Supabase Docker images can still update without the 7-day cooldown.

## Why

The hourly cron expression may be rejected by GitHub Dependabot even
though cron scheduling is documented. Using the existing daily cron
shape avoids breaking Dependabot configuration while preserving the
important first-party cooldown exemption.
@dependabot
fix(docker): bump the docker-minor group in /apps/cli-go/pkg/config/t…
17c45ad 
…emplates with 5 updates (#5431)

Bumps the docker-minor group in /apps/cli-go/pkg/config/templates with 5
updates:

| Package | From | To |
| --- | --- | --- |
| supabase/studio | `2026.05.25-sha-65c570e` | `2026.06.01-sha-a4334a2`
|
| supabase/supavisor | `2.9.5` | `2.9.7` |
| supabase/realtime | `v2.102.1` | `v2.102.3` |
| supabase/storage-api | `v1.60.2` | `v1.60.4` |
| supabase/logflare | `1.42.0` | `1.43.1` |

Updates `supabase/studio` from 2026.05.25-sha-65c570e to
2026.06.01-sha-a4334a2

Updates `supabase/supavisor` from 2.9.5 to 2.9.7

Updates `supabase/realtime` from v2.102.1 to v2.102.3

Updates `supabase/storage-api` from v1.60.2 to v1.60.4

Updates `supabase/logflare` from 1.42.0 to 1.43.1


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@Versa-Sync-Studios @jgoux
fix(cli): read Go Windows credentials via findCredentials (#5423)
a1259d6 
Fixes #5415.

The Windows fallback added for Go-written credentials used
`Entry.withTarget(...).getPassword()`.

On Windows, that does not read the Go-shaped target credential
correctly. `findCredentials(service, target)` can read it, so this uses
that path for the Go Windows target while preserving the existing
default keyring and file fallback behavior.

The legacy credentials unit test now covers the target lookup path.

Tested with:

```bash
npx bun run .\node_modules\vitest\vitest.mjs run src/legacy/auth/legacy-credentials.layer.unit.test.ts --config vitest.config.ts
```

---------

Co-authored-by: Julien Goux <hi@jgoux.dev>
@supabase-cli-releaser
chore: sync API types from infrastructure (#5434)
f4e2745 
This PR was automatically created to sync API types from the
infrastructure repository.

Changes were detected in the generated API code after syncing with the
latest spec from infrastructure.

Co-authored-by: supabase-cli-releaser[bot] <246109035+supabase-cli-releaser[bot]@users.noreply.github.com>
@jgoux
chore(ci): update Dependabot Go module paths (#5435)
bdca018 
## What changed

Updates the Go Dependabot directories from the old root-level module
paths to the current Go module locations under `apps/cli-go`.

## Why

The Dependabot Go updater is currently failing with
`dependency_file_not_found` because `/` and `/pkg` no longer contain the
relevant `go.mod` files after the CLI Go sources moved under
`apps/cli-go`.
@jgoux
ci(release): use app token for release tag pushes (#5432)
fac40cf 
## What changed

The reusable release workflow now mints a Supabase CLI repository GitHub
App token for the publish job before any release refs are pushed.

Checkout no longer persists the default Actions token, and release git
pushes are configured to use the App token with both contents and
workflows write permissions.

## Why

The beta release job published npm packages successfully, then failed
while pushing the version tag because GitHub rejected the default
Actions token for a ref pointing at a commit that included workflow-file
changes.

Using the repository App token keeps release tag and prerelease note
pushes on the same credential path already used for privileged release
automation.
@dependabot @jgoux
fix(deps): bump the go-minor group across 2 directories with 7 updates (
cc95a17 
#5437)

Bumps the go-minor group with 5 updates in the /apps/cli-go directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/fsnotify/fsnotify](https://github.com/fsnotify/fsnotify) |
`1.9.0` | `1.10.1` |
|
[github.com/getsentry/sentry-go](https://github.com/getsentry/sentry-go)
| `0.44.1` | `0.46.2` |
|
[github.com/google/jsonschema-go](https://github.com/google/jsonschema-go)
| `0.4.2` | `0.4.3` |
| [github.com/posthog/posthog-go](https://github.com/posthog/posthog-go)
| `1.11.2` | `1.13.0` |
| [golang.org/x/mod](https://github.com/golang/mod) | `0.35.0` |
`0.36.0` |

Bumps the go-minor group with 3 updates in the /apps/cli-go/pkg
directory: [golang.org/x/mod](https://github.com/golang/mod),
[google.golang.org/grpc](https://github.com/grpc/grpc-go) and
[github.com/oapi-codegen/runtime](https://github.com/oapi-codegen/runtime).

Updates `github.com/fsnotify/fsnotify` from 1.9.0 to 1.10.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/fsnotify/fsnotify/releases">github.com/fsnotify/fsnotify's
releases</a>.</em></p>
<blockquote>
<h2>v1.10.1</h2>
<h3>Changes and fixes</h3>
<ul>
<li>
<p>inotify: don't remove sibling watches sharing a path prefix (<a
href="https://redirect.github.com/fsnotify/fsnotify/issues/754">#754</a>)</p>
</li>
<li>
<p>inotify, windows: don't rename sibling watches sharing a path prefix
(<a
href="https://redirect.github.com/fsnotify/fsnotify/issues/755">#755</a>)</p>
</li>
</ul>
<p><a
href="https://redirect.github.com/fsnotify/fsnotify/issues/754">#754</a>:
<a
href="https://redirect.github.com/fsnotify/fsnotify/pull/754">fsnotify/fsnotify#754</a>
<a
href="https://redirect.github.com/fsnotify/fsnotify/issues/755">#755</a>:
<a
href="https://redirect.github.com/fsnotify/fsnotify/pull/755">fsnotify/fsnotify#755</a></p>
<h2>v1.10.0</h2>
<p>This version of fsnotify needs Go 1.23.</p>
<h3>Changes and fixes</h3>
<ul>
<li>
<p>inotify: improve initialization error message (<a
href="https://redirect.github.com/fsnotify/fsnotify/issues/731">#731</a>)</p>
</li>
<li>
<p>inotify: send Rename event if recursive watch is renamed (<a
href="https://redirect.github.com/fsnotify/fsnotify/issues/696">#696</a>)</p>
</li>
<li>
<p>inotify: avoid copying event buffers when reading names (<a
href="https://redirect.github.com/fsnotify/fsnotify/issues/741">#741</a>)</p>
</li>
<li>
<p>kqueue: skip dangling symlinks (ENOENT) in watchDirectoryFiles, so a
bad entry no longer aborts Watcher.Add for the whole directory (<a
href="https://redirect.github.com/fsnotify/fsnotify/issues/748">#748</a>)</p>
</li>
<li>
<p>kqueue: drop watches directly in Close() to fix a file descriptor
leak when recycling watchers (<a
href="https://redirect.github.com/fsnotify/fsnotify/issues/740">#740</a>)</p>
</li>
<li>
<p>windows: fix nil pointer dereference in remWatch (<a
href="https://redirect.github.com/fsnotify/fsnotify/issues/736">#736</a>)</p>
</li>
<li>
<p>windows: lock watch field updates against concurrent WatchList to fix
a race introduced in v1.9.0 (<a
href="https://redirect.github.com/fsnotify/fsnotify/issues/709">#709</a>,
<a
href="https://redirect.github.com/fsnotify/fsnotify/issues/749">#749</a>)</p>
</li>
</ul>
<p><a
href="https://redirect.github.com/fsnotify/fsnotify/issues/696">#696</a>:
<a
href="https://redirect.github.com/fsnotify/fsnotify/pull/696">fsnotify/fsnotify#696</a>
<a
href="https://redirect.github.com/fsnotify/fsnotify/issues/709">#709</a>:
<a
href="https://redirect.github.com/fsnotify/fsnotify/pull/709">fsnotify/fsnotify#709</a>
<a
href="https://redirect.github.com/fsnotify/fsnotify/issues/731">#731</a>:
<a
href="https://redirect.github.com/fsnotify/fsnotify/pull/731">fsnotify/fsnotify#731</a>
<a
href="https://redirect.github.com/fsnotify/fsnotify/issues/736">#736</a>:
<a
href="https://redirect.github.com/fsnotify/fsnotify/pull/736">fsnotify/fsnotify#736</a>
<a
href="https://redirect.github.com/fsnotify/fsnotify/issues/740">#740</a>:
<a
href="https://redirect.github.com/fsnotify/fsnotify/pull/740">fsnotify/fsnotify#740</a>
<a
href="https://redirect.github.com/fsnotify/fsnotify/issues/741">#741</a>:
<a
href="https://redirect.github.com/fsnotify/fsnotify/pull/741">fsnotify/fsnotify#741</a>
<a
href="https://redirect.github.com/fsnotify/fsnotify/issues/748">#748</a>:
<a
href="https://redirect.github.com/fsnotify/fsnotify/pull/748">fsnotify/fsnotify#748</a>
<a
href="https://redirect.github.com/fsnotify/fsnotify/issues/749">#749</a>:
<a
href="https://redirect.github.com/fsnotify/fsnotify/pull/749">fsnotify/fsnotify#749</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/fsnotify/fsnotify/blob/main/CHANGELOG.md">github.com/fsnotify/fsnotify's
changelog</a>.</em></p>
<blockquote>
<h2>1.10.1 2026-05-04</h2>
<h3>Changes and fixes</h3>
<ul>
<li>
<p>inotify: don't remove sibling watches sharing a path prefix (<a
href="https://redirect.github.com/fsnotify/fsnotify/issues/754">#754</a>)</p>
</li>
<li>
<p>inotify, windows: don't rename sibling watches sharing a path prefix
(<a
href="https://redirect.github.com/fsnotify/fsnotify/issues/755">#755</a>)</p>
</li>
</ul>
<p><a
href="https://redirect.github.com/fsnotify/fsnotify/issues/754">#754</a>:
<a
href="https://redirect.github.com/fsnotify/fsnotify/pull/754">fsnotify/fsnotify#754</a>
<a
href="https://redirect.github.com/fsnotify/fsnotify/issues/755">#755</a>:
<a
href="https://redirect.github.com/fsnotify/fsnotify/pull/755">fsnotify/fsnotify#755</a></p>
<h2>1.10.0 2026-04-30</h2>
<p>This version of fsnotify needs Go 1.23.</p>
<h3>Changes and fixes</h3>
<ul>
<li>
<p>inotify: improve initialization error message (<a
href="https://redirect.github.com/fsnotify/fsnotify/issues/731">#731</a>)</p>
</li>
<li>
<p>inotify: send Rename event if recursive watch is renamed (<a
href="https://redirect.github.com/fsnotify/fsnotify/issues/696">#696</a>)</p>
</li>
<li>
<p>inotify: avoid copying event buffers when reading names (<a
href="https://redirect.github.com/fsnotify/fsnotify/issues/741">#741</a>)</p>
</li>
<li>
<p>kqueue: skip dangling symlinks (ENOENT) in watchDirectoryFiles, so a
bad entry no longer aborts Watcher.Add for the whole directory (<a
href="https://redirect.github.com/fsnotify/fsnotify/issues/748">#748</a>)</p>
</li>
<li>
<p>kqueue: drop watches directly in Close() to fix a file descriptor
leak
when recycling watchers (<a
href="https://redirect.github.com/fsnotify/fsnotify/issues/740">#740</a>)</p>
</li>
<li>
<p>windows: fix nil pointer dereference in remWatch (<a
href="https://redirect.github.com/fsnotify/fsnotify/issues/736">#736</a>)</p>
</li>
<li>
<p>windows: lock watch field updates against concurrent WatchList to fix
a race introduced in v1.9.0 (<a
href="https://redirect.github.com/fsnotify/fsnotify/issues/709">#709</a>,
<a
href="https://redirect.github.com/fsnotify/fsnotify/issues/749">#749</a>)</p>
</li>
</ul>
<p><a
href="https://redirect.github.com/fsnotify/fsnotify/issues/696">#696</a>:
<a
href="https://redirect.github.com/fsnotify/fsnotify/pull/696">fsnotify/fsnotify#696</a>
<a
href="https://redirect.github.com/fsnotify/fsnotify/issues/709">#709</a>:
<a
href="https://redirect.github.com/fsnotify/fsnotify/pull/709">fsnotify/fsnotify#709</a>
<a
href="https://redirect.github.com/fsnotify/fsnotify/issues/731">#731</a>:
<a
href="https://redirect.github.com/fsnotify/fsnotify/pull/731">fsnotify/fsnotify#731</a>
<a
href="https://redirect.github.com/fsnotify/fsnotify/issues/736">#736</a>:
<a
href="https://redirect.github.com/fsnotify/fsnotify/pull/736">fsnotify/fsnotify#736</a>
<a
href="https://redirect.github.com/fsnotify/fsnotify/issues/740">#740</a>:
<a
href="https://redirect.github.com/fsnotify/fsnotify/pull/740">fsnotify/fsnotify#740</a>
<a
href="https://redirect.github.com/fsnotify/fsnotify/issues/741">#741</a>:
<a
href="https://redirect.github.com/fsnotify/fsnotify/pull/741">fsnotify/fsnotify#741</a>
<a
href="https://redirect.github.com/fsnotify/fsnotify/issues/748">#748</a>:
<a
href="https://redirect.github.com/fsnotify/fsnotify/pull/748">fsnotify/fsnotify#748</a>
<a
href="https://redirect.github.com/fsnotify/fsnotify/issues/749">#749</a>:
<a
href="https://redirect.github.com/fsnotify/fsnotify/pull/749">fsnotify/fsnotify#749</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/fsnotify/fsnotify/commit/76b01a6e8f502187fecedea8b025e79e5a86085c"><code>76b01a6</code></a>
Release 1.10.1</li>
<li><a
href="https://github.com/fsnotify/fsnotify/commit/fec150b807510e54e5b25def4b6e5fb001b4898c"><code>fec150b</code></a>
Update changelog</li>
<li><a
href="https://github.com/fsnotify/fsnotify/commit/162b4216ab8f92ecd26425530bee198972c9b3cb"><code>162b421</code></a>
inotify, windows: don't rename sibling watches sharing a path prefix (<a
href="https://redirect.github.com/fsnotify/fsnotify/issues/755">#755</a>)</li>
<li><a
href="https://github.com/fsnotify/fsnotify/commit/224257f23b2f3a96509b316c5cead71dd4a9099a"><code>224257f</code></a>
inotify: don't remove sibling watches sharing a path prefix (<a
href="https://redirect.github.com/fsnotify/fsnotify/issues/754">#754</a>)</li>
<li><a
href="https://github.com/fsnotify/fsnotify/commit/e0c956c0ccaf51562fee30ef5c055c74e6ae2104"><code>e0c956c</code></a>
windows: document directory Write events and stabilize tests (<a
href="https://redirect.github.com/fsnotify/fsnotify/issues/745">#745</a>)</li>
<li><a
href="https://github.com/fsnotify/fsnotify/commit/8d01d7b9cbe0199e4a1e60fbd965fb05dbb42123"><code>8d01d7b</code></a>
Release 1.10.0</li>
<li><a
href="https://github.com/fsnotify/fsnotify/commit/602284e4a8cadd488d7a5fa07c48462dfac25108"><code>602284e</code></a>
Update changelog</li>
<li><a
href="https://github.com/fsnotify/fsnotify/commit/7f03e59f9659552d8a084e03024cb9b983748ed7"><code>7f03e59</code></a>
kqueue: skip ENOENT entries in watchDirectoryFiles (<a
href="https://redirect.github.com/fsnotify/fsnotify/issues/748">#748</a>)</li>
<li><a
href="https://github.com/fsnotify/fsnotify/commit/dab9dde2fc9ba4d0c1076318f81cabcc8fdb2ec9"><code>dab9dde</code></a>
windows: lock watch field updates against concurrent WatchList (<a
href="https://redirect.github.com/fsnotify/fsnotify/issues/709">#709</a>)
(<a
href="https://redirect.github.com/fsnotify/fsnotify/issues/749">#749</a>)</li>
<li><a
href="https://github.com/fsnotify/fsnotify/commit/eadf267ce152b5e62d48cc2c13bb08bd4062b6c7"><code>eadf267</code></a>
kqueue: drop watches directly in Close() instead of going through
remove() (#...</li>
<li>Additional commits viewable in <a
href="https://github.com/fsnotify/fsnotify/compare/v1.9.0...v1.10.1">compare
view</a></li>
</ul>
</details>
<br />

Updates `github.com/getsentry/sentry-go` from 0.44.1 to 0.46.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/getsentry/sentry-go/releases">github.com/getsentry/sentry-go's
releases</a>.</em></p>
<blockquote>
<h2>0.46.2</h2>
<h3>Bug Fixes 🐛</h3>
<ul>
<li>Add attachments to new event path by <a
href="https://github.com/giortzisg"><code>@​giortzisg</code></a> in <a
href="https://redirect.github.com/getsentry/sentry-go/pull/1295">#1295</a></li>
</ul>
<h2>0.46.1</h2>
<h3>Bug Fixes 🐛</h3>
<ul>
<li>Correctly capture request body for fasthttp and fiber by <a
href="https://github.com/giortzisg"><code>@​giortzisg</code></a> in <a
href="https://redirect.github.com/getsentry/sentry-go/pull/1284">#1284</a></li>
<li>(http) Avoid async transport shutdown panics by <a
href="https://github.com/giortzisg"><code>@​giortzisg</code></a> in <a
href="https://redirect.github.com/getsentry/sentry-go/pull/1288">#1288</a></li>
<li>(httpclient) Clone request before adding trace headers by <a
href="https://github.com/giortzisg"><code>@​giortzisg</code></a> in <a
href="https://redirect.github.com/getsentry/sentry-go/pull/1290">#1290</a></li>
<li>(scope) Use scoped client for request PII by <a
href="https://github.com/giortzisg"><code>@​giortzisg</code></a> in <a
href="https://redirect.github.com/getsentry/sentry-go/pull/1289">#1289</a></li>
<li>Safe concurrent access for span and scope by <a
href="https://github.com/giortzisg"><code>@​giortzisg</code></a> in <a
href="https://redirect.github.com/getsentry/sentry-go/pull/1285">#1285</a></li>
</ul>
<h2>0.46.0</h2>
<h3>Breaking Changes 🛠</h3>
<ul>
<li>Remove SetExtra by <a
href="https://github.com/giortzisg"><code>@​giortzisg</code></a> in <a
href="https://redirect.github.com/getsentry/sentry-go/pull/1274">#1274</a></li>
<li>Update compatibility policy to align with Go, supporting only the
last two major Go versions by <a
href="https://github.com/giortzisg"><code>@​giortzisg</code></a> in <a
href="https://redirect.github.com/getsentry/sentry-go/pull/1264">#1264</a></li>
<li>Drop support for Go 1.24 by <a
href="https://github.com/giortzisg"><code>@​giortzisg</code></a> in <a
href="https://redirect.github.com/getsentry/sentry-go/pull/1264">#1264</a></li>
</ul>
<h3>New Features ✨</h3>
<ul>
<li>Add internal_sdk_error client report on serialization fail by <a
href="https://github.com/giortzisg"><code>@​giortzisg</code></a> in <a
href="https://redirect.github.com/getsentry/sentry-go/pull/1273">#1273</a></li>
<li>Add grpc integration support by <a
href="https://github.com/ribice"><code>@​ribice</code></a> in <a
href="https://redirect.github.com/getsentry/sentry-go/pull/938">#938</a></li>
<li>Re-enable Telemetry Processor by default. To disable the behavior
use the <code>DisableTelemetryBuffer</code> flag by <a
href="https://github.com/giortzisg"><code>@​giortzisg</code></a> in <a
href="https://redirect.github.com/getsentry/sentry-go/pull/1254">#1254</a></li>
<li>Simplify client DSN storage to <code>internal/protocol.Dsn</code>
and make it safe to access by <a
href="https://github.com/giortzisg"><code>@​giortzisg</code></a> in <a
href="https://redirect.github.com/getsentry/sentry-go/pull/1254">#1254</a></li>
</ul>
<h3>Internal Changes 🔧</h3>
<h4>Deps</h4>
<ul>
<li>Bump github.com/labstack/echo/v5 from 5.0.0 to 5.0.3 in /echo by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/getsentry/sentry-go/pull/1253">#1253</a></li>
<li>Bump github.com/labstack/echo/v5 from 5.0.0 to 5.0.3 in /crosstest
by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>
in <a
href="https://redirect.github.com/getsentry/sentry-go/pull/1272">#1272</a></li>
<li>Bump golangci-lint action from 2.1.1 to 2.11.4 by <a
href="https://github.com/giortzisg"><code>@​giortzisg</code></a> in <a
href="https://redirect.github.com/getsentry/sentry-go/pull/1265">#1265</a></li>
<li>Bump go.opentelemetry.io/otel/sdk from 1.40.0 to 1.43.0 in /otel by
<a href="https://github.com/dependabot"><code>@​dependabot</code></a> in
<a
href="https://redirect.github.com/getsentry/sentry-go/pull/1256">#1256</a></li>
<li>Bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp
from 1.40.0 to 1.43.0 in /otel/otlp by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/getsentry/sentry-go/pull/1255">#1255</a></li>
</ul>
<h4>Other</h4>
<ul>
<li>Improve ci by <a
href="https://github.com/giortzisg"><code>@​giortzisg</code></a> in <a
href="https://redirect.github.com/getsentry/sentry-go/pull/1271">#1271</a></li>
<li>Add crosstest package by <a
href="https://github.com/giortzisg"><code>@​giortzisg</code></a> in <a
href="https://redirect.github.com/getsentry/sentry-go/pull/1269">#1269</a></li>
<li>Add sentrytest package by <a
href="https://github.com/giortzisg"><code>@​giortzisg</code></a> in <a
href="https://redirect.github.com/getsentry/sentry-go/pull/1267">#1267</a></li>
</ul>
<h2>0.45.1</h2>
<h3>Bug Fixes 🐛</h3>
<ul>
<li>Add missing TracesSampler fields for SamplingContext by <a
href="https://github.com/giortzisg"><code>@​giortzisg</code></a> in <a
href="https://redirect.github.com/getsentry/sentry-go/pull/1259">#1259</a></li>
</ul>
<h2>0.45.0</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/getsentry/sentry-go/blob/master/CHANGELOG.md">github.com/getsentry/sentry-go's
changelog</a>.</em></p>
<blockquote>
<h2>0.46.2</h2>
<h3>Bug Fixes 🐛</h3>
<ul>
<li>Add attachments to new event path by <a
href="https://github.com/giortzisg"><code>@​giortzisg</code></a> in <a
href="https://redirect.github.com/getsentry/sentry-go/pull/1295">#1295</a></li>
</ul>
<h2>0.46.1</h2>
<h3>Bug Fixes 🐛</h3>
<ul>
<li>Correctly capture request body for fasthttp and fiber. by <a
href="https://github.com/giortzisg"><code>@​giortzisg</code></a> in <a
href="https://redirect.github.com/getsentry/sentry-go/pull/1284">#1284</a></li>
<li>(http) Avoid async transport shutdown panics by <a
href="https://github.com/giortzisg"><code>@​giortzisg</code></a> in <a
href="https://redirect.github.com/getsentry/sentry-go/pull/1288">#1288</a></li>
<li>(httpclient) Clone request before adding trace headers by <a
href="https://github.com/giortzisg"><code>@​giortzisg</code></a> in <a
href="https://redirect.github.com/getsentry/sentry-go/pull/1290">#1290</a></li>
<li>(scope) Use scoped client for request PII by <a
href="https://github.com/giortzisg"><code>@​giortzisg</code></a> in <a
href="https://redirect.github.com/getsentry/sentry-go/pull/1289">#1289</a></li>
<li>Safe concurrent access for span and scope by <a
href="https://github.com/giortzisg"><code>@​giortzisg</code></a> in <a
href="https://redirect.github.com/getsentry/sentry-go/pull/1285">#1285</a></li>
</ul>
<h2>0.46.0</h2>
<h3>Breaking Changes 🛠</h3>
<ul>
<li>Remove SetExtra by <a
href="https://github.com/giortzisg"><code>@​giortzisg</code></a> in <a
href="https://redirect.github.com/getsentry/sentry-go/pull/1274">#1274</a></li>
<li>Update compatibility policy to align with Go, supporting only the
last two major Go versions by <a
href="https://github.com/giortzisg"><code>@​giortzisg</code></a> in <a
href="https://redirect.github.com/getsentry/sentry-go/pull/1264">#1264</a></li>
<li>Drop support for Go 1.24 by <a
href="https://github.com/giortzisg"><code>@​giortzisg</code></a> in <a
href="https://redirect.github.com/getsentry/sentry-go/pull/1264">#1264</a></li>
</ul>
<h3>New Features ✨</h3>
<ul>
<li>Add internal_sdk_error client report on serialization fail by <a
href="https://github.com/giortzisg"><code>@​giortzisg</code></a> in <a
href="https://redirect.github.com/getsentry/sentry-go/pull/1273">#1273</a></li>
<li>Add grpc integration support by <a
href="https://github.com/ribice"><code>@​ribice</code></a> in <a
href="https://redirect.github.com/getsentry/sentry-go/pull/938">#938</a></li>
<li>Re-enable Telemetry Processor by default. To disable the behavior
use the <code>DisableTelemetryBuffer</code> flag by <a
href="https://github.com/giortzisg"><code>@​giortzisg</code></a> in <a
href="https://redirect.github.com/getsentry/sentry-go/pull/1254">#1254</a></li>
<li>Simplify client DSN storage to <code>internal/protocol.Dsn</code>
and make it safe to access by <a
href="https://github.com/giortzisg"><code>@​giortzisg</code></a> in <a
href="https://redirect.github.com/getsentry/sentry-go/pull/1254">#1254</a></li>
</ul>
<h3>Internal Changes 🔧</h3>
<h4>Deps</h4>
<ul>
<li>Bump github.com/labstack/echo/v5 from 5.0.0 to 5.0.3 in /echo by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/getsentry/sentry-go/pull/1253">#1253</a></li>
<li>Bump github.com/labstack/echo/v5 from 5.0.0 to 5.0.3 in /crosstest
by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>
in <a
href="https://redirect.github.com/getsentry/sentry-go/pull/1272">#1272</a></li>
<li>Bump golangci-lint action from 2.1.1 to 2.11.4 by <a
href="https://github.com/giortzisg"><code>@​giortzisg</code></a> in <a
href="https://redirect.github.com/getsentry/sentry-go/pull/1265">#1265</a></li>
<li>Bump go.opentelemetry.io/otel/sdk from 1.40.0 to 1.43.0 in /otel by
<a href="https://github.com/dependabot"><code>@​dependabot</code></a> in
<a
href="https://redirect.github.com/getsentry/sentry-go/pull/1256">#1256</a></li>
<li>Bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp
from 1.40.0 to 1.43.0 in /otel/otlp by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/getsentry/sentry-go/pull/1255">#1255</a></li>
</ul>
<h4>Other</h4>
<ul>
<li>Improve ci by <a
href="https://github.com/giortzisg"><code>@​giortzisg</code></a> in <a
href="https://redirect.github.com/getsentry/sentry-go/pull/1271">#1271</a></li>
<li>Add crosstest package by <a
href="https://github.com/giortzisg"><code>@​giortzisg</code></a> in <a
href="https://redirect.github.com/getsentry/sentry-go/pull/1269">#1269</a></li>
<li>Add sentrytest package by <a
href="https://github.com/giortzisg"><code>@​giortzisg</code></a> in <a
href="https://redirect.github.com/getsentry/sentry-go/pull/1267">#1267</a></li>
</ul>
<h2>0.45.1</h2>
<h3>Bug Fixes 🐛</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/getsentry/sentry-go/commit/1d2598e7580f52f201f06ce6b5d819c11a977f4c"><code>1d2598e</code></a>
release: 0.46.2</li>
<li><a
href="https://github.com/getsentry/sentry-go/commit/57175c67c4665610f5112a1beecc96178d0bd28f"><code>57175c6</code></a>
fix: flaky attachment test (<a
href="https://redirect.github.com/getsentry/sentry-go/issues/1296">#1296</a>)</li>
<li><a
href="https://github.com/getsentry/sentry-go/commit/8d2146849fa2c7fcc2e679367ef9c06959f65e43"><code>8d21468</code></a>
fix: add attachments to new event path (<a
href="https://redirect.github.com/getsentry/sentry-go/issues/1295">#1295</a>)</li>
<li><a
href="https://github.com/getsentry/sentry-go/commit/e4bcedde0a0f2aa1b8999a6ba72e6c5b174d74a0"><code>e4bcedd</code></a>
Merge branch 'release/0.46.1'</li>
<li><a
href="https://github.com/getsentry/sentry-go/commit/e972183b89e882147beae49a1ec8bf98ba1c3298"><code>e972183</code></a>
release: 0.46.1</li>
<li><a
href="https://github.com/getsentry/sentry-go/commit/6b9885c0372193f8dfb7895f61d2354ef2e51502"><code>6b9885c</code></a>
fix(http): avoid async transport shutdown panics (<a
href="https://redirect.github.com/getsentry/sentry-go/issues/1288">#1288</a>)</li>
<li><a
href="https://github.com/getsentry/sentry-go/commit/79947a7ad33239d1849ba619af2cb8922b074eb3"><code>79947a7</code></a>
fix: safe concurrent access for span and scope (<a
href="https://redirect.github.com/getsentry/sentry-go/issues/1285">#1285</a>)</li>
<li><a
href="https://github.com/getsentry/sentry-go/commit/c8ea578dfc589f9b3ca06b7a9c13019ac96325b5"><code>c8ea578</code></a>
fix(scope): use scoped client for request PII (<a
href="https://redirect.github.com/getsentry/sentry-go/issues/1289">#1289</a>)</li>
<li><a
href="https://github.com/getsentry/sentry-go/commit/0bb583ea2b4292f2204468e09b465314048b03e1"><code>0bb583e</code></a>
fix(httpclient): clone request before adding trace headers (<a
href="https://redirect.github.com/getsentry/sentry-go/issues/1290">#1290</a>)</li>
<li><a
href="https://github.com/getsentry/sentry-go/commit/bd20df0d91c5d258394e0d52c732e18f0009d6d5"><code>bd20df0</code></a>
fix(fasthttp,fiber): correctly capture request body on scope (<a
href="https://redirect.github.com/getsentry/sentry-go/issues/1284">#1284</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/getsentry/sentry-go/compare/v0.44.1...v0.46.2">compare
view</a></li>
</ul>
</details>
<br />

Updates `github.com/google/jsonschema-go` from 0.4.2 to 0.4.3
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/google/jsonschema-go/releases">github.com/google/jsonschema-go's
releases</a>.</em></p>
<blockquote>
<h2>v0.4.3</h2>
<h2>What's Changed</h2>
<ul>
<li>improve anyOf errors by <a
href="https://github.com/jba"><code>@​jba</code></a> in <a
href="https://redirect.github.com/google/jsonschema-go/pull/61">google/jsonschema-go#61</a></li>
<li>fix: infer - support map with non-string key type by <a
href="https://github.com/rafaeljusto"><code>@​rafaeljusto</code></a> in
<a
href="https://redirect.github.com/google/jsonschema-go/pull/70">google/jsonschema-go#70</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/google/jsonschema-go/compare/v0.4.2...0.4.3">https://github.com/google/jsonschema-go/compare/v0.4.2...0.4.3</a></p>
<h2>v0.4.3</h2>
<h2>What's Changed</h2>
<ul>
<li>improve anyOf errors by <a
href="https://github.com/jba"><code>@​jba</code></a> in <a
href="https://redirect.github.com/google/jsonschema-go/pull/61">google/jsonschema-go#61</a></li>
<li>fix: infer - support map with non-string key type by <a
href="https://github.com/rafaeljusto"><code>@​rafaeljusto</code></a> in
<a
href="https://redirect.github.com/google/jsonschema-go/pull/70">google/jsonschema-go#70</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/google/jsonschema-go/compare/v0.4.2...v0.4.3">https://github.com/google/jsonschema-go/compare/v0.4.2...v0.4.3</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/google/jsonschema-go/commit/8c4ab4f02ef64dcea5502e47a6113e8292944087"><code>8c4ab4f</code></a>
fix: infer - support map with non-string key type (<a
href="https://redirect.github.com/google/jsonschema-go/issues/70">#70</a>)</li>
<li><a
href="https://github.com/google/jsonschema-go/commit/8bd57428bbbea55d718267fa5b20bbb59b4f9fbd"><code>8bd5742</code></a>
improve anyOf errors (<a
href="https://redirect.github.com/google/jsonschema-go/issues/61">#61</a>)</li>
<li>See full diff in <a
href="https://github.com/google/jsonschema-go/compare/v0.4.2...0.4.3">compare
view</a></li>
</ul>
</details>
<br />

Updates `github.com/posthog/posthog-go` from 1.11.2 to 1.13.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/posthog/posthog-go/releases">github.com/posthog/posthog-go's
releases</a>.</em></p>
<blockquote>
<h2>1.13.0</h2>
<h2>Unreleased</h2>
<h2>1.12.6</h2>
<h2>Unreleased</h2>
<h2>1.12.5</h2>
<h2>Unreleased</h2>
<h2>1.12.4 - 2026-04-30</h2>
<ul>
<li><a
href="https://github.com/PostHog/posthog-go/compare/v1.12.3...v1.12.4">Full
Changelog</a></li>
</ul>
<h2>1.12.3 - 2026-04-21</h2>
<ul>
<li><a
href="https://github.com/PostHog/posthog-go/compare/1.12.2...1.12.3">Full
Changelog</a></li>
</ul>
<h2>1.12.2 - 2026-04-20</h2>
<ul>
<li><a
href="https://github.com/PostHog/posthog-go/compare/1.12.1...1.12.2">Full
Changelog</a></li>
</ul>
<h2>v1.12.1</h2>
<h2>1.12.1 - 2026-04-20</h2>
<ul>
<li><a
href="https://github.com/PostHog/posthog-go/compare/v1.12.0...v1.12.1">Full
Changelog</a></li>
</ul>
<h2>v1.12.0</h2>
<h2>1.12.0 - 2026-04-20</h2>
<ul>
<li><a
href="https://github.com/PostHog/posthog-go/compare/v1.11.3...v1.12.0">Full
Changelog</a></li>
</ul>
<h2>v1.11.3</h2>
<h2>1.11.3 - 2026-04-14</h2>
<ul>
<li>
<p><a
href="https://github.com/PostHog/posthog-go/compare/v1.11.2...v1.11.3">Full
Changelog</a></p>
</li>
<li>
<p>Added <code>locally_evaluated</code> property to
<code>$feature_flag_called</code> events, indicating whether the flag
was evaluated locally or via the remote <code>/flags</code>
endpoint.</p>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/PostHog/posthog-go/blob/main/CHANGELOG.md">github.com/posthog/posthog-go's
changelog</a>.</em></p>
<blockquote>
<h2>1.13.0</h2>
<h3>Minor Changes</h3>
<ul>
<li>dec8ade: Add opt-in panic capture for request context
middleware.</li>
<li>dec8ade: Add server-side request context helpers for net/http
capture and exception events, plus <code>EvaluateFlagsWithContext</code>
for using request-scoped distinct IDs during flag evaluation.
Request-context flag evaluation does not generate personless IDs.</li>
</ul>
<h2>1.12.6</h2>
<h3>Patch Changes</h3>
<ul>
<li>9289d53: Reject semver values with leading zeros in local flag
evaluation. Per semver 2.0.0 §2, numeric identifiers must not include
leading zeros — values like <code>1.07.3</code> are not valid semver and
should not match targeting conditions. Both override values and flag
values are now validated; invalid inputs surface an
<code>InconclusiveMatchError</code> so the condition does not
match.</li>
</ul>
<h2>1.12.5</h2>
<h3>Patch Changes</h3>
<ul>
<li>6d243a6: Return ErrSDKDisabled from no-op clients when the project
API key is missing, return ErrNoPersonalAPIKey before making requests
for Personal API key dependent methods when no Personal API key is
configured, and return ErrNoDistinctID from EvaluateFlags when
distinct_id is missing.</li>
</ul>
<h3>New Features</h3>
<ul>
<li><strong><code>EvaluateFlags</code></strong>: New method on
<code>Client</code> that returns a <code>FeatureFlagEvaluations</code>
snapshot for a user using a single <code>/flags</code> request. The
snapshot powers any number of <code>IsEnabled</code> /
<code>GetFlag</code> / <code>GetFlagPayload</code> checks, fires deduped
<code>$feature_flag_called</code> events with full v4 metadata (id,
version, reason, request_id), and can be attached to a
<code>Capture</code> event via the new <code>Capture.Flags</code> field
to populate <code>$feature/&lt;key&gt;</code> and
<code>$active_feature_flags</code> without another network call.</li>
<li><strong><code>Capture.Flags</code></strong>: New optional field on
<code>Capture</code> that accepts a <code>*FeatureFlagEvaluations</code>
snapshot. Takes precedence over <code>SendFeatureFlags</code>, avoids a
hidden <code>/flags</code> request per event, and lets caller-supplied
<code>Properties</code> override the auto-generated
<code>$feature/&lt;key&gt;</code> values on conflict.</li>
</ul>
<h3>Internal</h3>
<ul>
<li>Refactored the <code>$feature_flag_called</code> dedup logic into a
shared helper so the existing single-flag path and the new snapshot path
use identical semantics against the same per-distinct_id LRU cache.</li>
<li><code>$feature_flag_called</code> events from the snapshot path
combine response-level errors
(<code>errors_while_computing_flags</code>, <code>quota_limited</code>)
with per-flag errors (<code>flag_missing</code>) comma-joined in
<code>$feature_flag_error</code>, matching the granularity of the legacy
single-flag path.</li>
</ul>
<h2>1.12.4 - 2026-04-30</h2>
<ul>
<li><a
href="https://github.com/PostHog/posthog-go/compare/v1.12.3...v1.12.4">Full
Changelog</a></li>
</ul>
<h2>1.12.3 - 2026-04-21</h2>
<ul>
<li><a
href="https://github.com/PostHog/posthog-go/compare/1.12.2...1.12.3">Full
Changelog</a></li>
</ul>
<h2>1.12.2 - 2026-04-20</h2>
<ul>
<li><a
href="https://github.com/PostHog/posthog-go/compare/1.12.1...1.12.2">Full
Changelog</a></li>
</ul>
<h2>1.12.1 - 2026-04-20</h2>
<ul>
<li><a
href="https://github.com/PostHog/posthog-go/compare/v1.12.0...v1.12.1">Full
Changelog</a></li>
</ul>
<h2>1.12.0 - 2026-04-20</h2>
<ul>
<li><a
href="https://github.com/PostHog/posthog-go/compare/v1.11.3...v1.12.0">Full
Changelog</a></li>
</ul>
<h2>1.11.3 - 2026-04-14</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/PostHog/posthog-go/commit/9dbb06161d49f17e8ab91f5502a3656d3930c509"><code>9dbb061</code></a>
chore: release v1.13.0 [version bump] [skip ci]</li>
<li><a
href="https://github.com/PostHog/posthog-go/commit/dec8adea658fbd7f1b3d2b3c8b7f6379d4a2cea0"><code>dec8ade</code></a>
feat: add server-side request context (<a
href="https://redirect.github.com/posthog/posthog-go/issues/201">#201</a>)</li>
<li><a
href="https://github.com/PostHog/posthog-go/commit/89147f56f1f445aa96b06d377391f081db7c6355"><code>89147f5</code></a>
chore(ci): bump pinned posthog-sdk-test-harness SHA (<a
href="https://redirect.github.com/posthog/posthog-go/issues/204">#204</a>)</li>
<li><a
href="https://github.com/PostHog/posthog-go/commit/997865547e721b341b77782ee37e2f4a4aacacc8"><code>9978655</code></a>
chore(ci): bump pinned PostHog/.github reusable workflow SHA (<a
href="https://redirect.github.com/posthog/posthog-go/issues/203">#203</a>)</li>
<li><a
href="https://github.com/PostHog/posthog-go/commit/a99dc5708e17e712a4839bdcf193c60f0e1ed5a7"><code>a99dc57</code></a>
chore: release v1.12.6 [version bump] [skip ci]</li>
<li><a
href="https://github.com/PostHog/posthog-go/commit/9289d539620ec4703c13a44f1f385e894ab1e7d2"><code>9289d53</code></a>
fix: reject leading-zero semver values in local evaluation (<a
href="https://redirect.github.com/posthog/posthog-go/issues/200">#200</a>)</li>
<li><a
href="https://github.com/PostHog/posthog-go/commit/4caaa1e90ef73fadeab9f4fe0fa757d2e86fe1c5"><code>4caaa1e</code></a>
chore: pin github actions to commit shas (<a
href="https://redirect.github.com/posthog/posthog-go/issues/202">#202</a>)</li>
<li><a
href="https://github.com/PostHog/posthog-go/commit/22195ff1afa034674e7d094d8d83e861e1fb7b1e"><code>22195ff</code></a>
chore: release v1.12.5 [version bump] [skip ci]</li>
<li><a
href="https://github.com/PostHog/posthog-go/commit/6d243a6e7b65d0ca80e8502d565382afea1fe0a4"><code>6d243a6</code></a>
fix: revert d2c4dd2 (<a
href="https://redirect.github.com/posthog/posthog-go/issues/199">#199</a>)</li>
<li><a
href="https://github.com/PostHog/posthog-go/commit/d2c4dd2bad07e9e9197489bf9e93757818a5659c"><code>d2c4dd2</code></a>
chore: release v1.12.4 [version bump] [skip ci]</li>
<li>Additional commits viewable in <a
href="https://github.com/posthog/posthog-go/compare/v1.11.2...v1.13.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `golang.org/x/mod` from 0.35.0 to 0.36.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/mod/commit/643da9ba74f1165d8cae1505d453b3de3cf21b7b"><code>643da9b</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="https://github.com/golang/mod/commit/ccc3cdf529d1eee2a832437eb1b85240044d21cb"><code>ccc3cdf</code></a>
zip: include 'but content has correct sum' note in TestVCS</li>
<li><a
href="https://github.com/golang/mod/commit/ab3031803214705d2c9f1102318b083e7086a155"><code>ab30318</code></a>
zip: update zip hashes for new flate compression</li>
<li>See full diff in <a
href="https://github.com/golang/mod/compare/v0.35.0...v0.36.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `golang.org/x/mod` from 0.34.0 to 0.36.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/mod/commit/643da9ba74f1165d8cae1505d453b3de3cf21b7b"><code>643da9b</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="https://github.com/golang/mod/commit/ccc3cdf529d1eee2a832437eb1b85240044d21cb"><code>ccc3cdf</code></a>
zip: include 'but content has correct sum' note in TestVCS</li>
<li><a
href="https://github.com/golang/mod/commit/ab3031803214705d2c9f1102318b083e7086a155"><code>ab30318</code></a>
zip: update zip hashes for new flate compression</li>
<li>See full diff in <a
href="https://github.com/golang/mod/compare/v0.35.0...v0.36.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `google.golang.org/grpc` from 1.80.0 to 1.81.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/grpc/grpc-go/releases">google.golang.org/grpc's
releases</a>.</em></p>
<blockquote>
<h2>Release 1.81.1</h2>
<h1>Security</h1>
<ul>
<li>xds/rbac: Fix a potential authorization bypass caused by incorrectly
falling through URI/DNS SANs to Subject Distinguished Name (DN) when
matching the authenticated principal name. With this fix, only the first
non-empty identity source will be used, as per <a
href="https://github.com/grpc/proposal/blob/master/A41-xds-rbac.md">gRFC
A41</a>. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/9111">#9111</a>)
<ul>
<li>Special Thanks: <a
href="https://github.com/al4an444"><code>@​al4an444</code></a></li>
</ul>
</li>
</ul>
<h1>Bug Fixes</h1>
<ul>
<li>otel: Segregate client and server RPC information used for metrics
and traces, to avoid one overwriting the other. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/9081">#9081</a>)</li>
</ul>
<h2>Release 1.81.0</h2>
<h1>Behavior Changes</h1>
<ul>
<li>balancer/rls: Switch gauge metrics to asynchronous emission (once
per collection cycle) to reduce telemetry noise and align with other
gRPC language implementations. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8808">#8808</a>)</li>
</ul>
<h1>Dependencies</h1>
<ul>
<li>Minimum supported Go version is now 1.25. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8969">#8969</a>)</li>
</ul>
<h1>Bug Fixes</h1>
<ul>
<li>xds: Use the leaf cluster's security config for the TLS handshake
instead of the aggregate cluster's config. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8956">#8956</a>)</li>
<li>transport: Send a <code>RST_STREAM</code> when receiving an
<code>END_STREAM</code> when the stream is not already half-closed. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8832">#8832</a>)</li>
<li>xds: Fix ADS resource name validation to prevent a panic. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8970">#8970</a>)</li>
</ul>
<h1>New Features</h1>
<ul>
<li>grpc/stats: Add support for custom labels in per-call metrics (<a
href="https://github.com/grpc/proposal/blob/master/A108-otel-custom-per-call-label.md">gRFC
A108</a>). (<a
href="https://redirect.github.com/grpc/grpc-go/issues/9008">#9008</a>)</li>
<li>xds: Add support for Server Name Indication (SNI) and SAN validation
(<a
href="https://github.com/grpc/proposal/blob/master/A101-SNI-setting-and-SNI-SAN-validation.md">gRFC
A101</a>). Disabled by default. To enable, set
<code>GRPC_EXPERIMENTAL_XDS_SNI=true</code> environment variable. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/9016">#9016</a>)</li>
<li>xds: Add support to control which fields get propagated from ORCA
backend metric reports to LRS load reports (<a
href="https://github.com/grpc/proposal/blob/master/A85-lrs-custom-metrics-changes.md">gRFC
A85</a>). Disabled by default. To enable, set
<code>GRPC_EXPERIMENTAL_XDS_ORCA_LRS_PROPAGATION=true</code>. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/9005">#9005</a>)</li>
<li>xds: Add metrics to track xDS client connectivity and cached
resource state (<a
href="https://github.com/grpc/proposal/blob/master/A78-grpc-metrics-wrr-pf-xds.md">gRFC
A78</a>). (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8807">#8807</a>)</li>
<li>stats/otel: Enhance <code>grpc.subchannel.disconnections</code>
metric by adding disconnection reason to the
<code>grpc.disconnect_error</code> label (<a
href="https://github.com/grpc/proposal/blob/master/A94-subchannel-otel-metrics.md">gRFC
A94</a>). This provides granular insights into why subchannels are
closing. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8973">#8973</a>)</li>
<li>mem: Add <code>mem.Buffer.Slice()</code> API to slice the buffer
like a slice. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8977">#8977</a>)
<ul>
<li>Special Thanks: <a
href="https://github.com/ash2k"><code>@​ash2k</code></a></li>
</ul>
</li>
</ul>
<h1>Performance Improvements</h1>
<ul>
<li>alts: Pool read buffers to lower memory utilization when sockets are
unreadable. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/8964">#8964</a>)</li>
<li>transport: Pool HTTP/2 framer read buffers to reduce idle memory
consumption. Currently limited to Linux for ALTS and non-encrypted
transports (TCP, Unix). To disable, set
<code>GRPC_GO_EXPERIMENTAL_HTTP_FRAMER_READ_BUFFER_POOLING=false</code>
and report any issues. (<a
href="https://redirect.github.com/grpc/grpc-go/issues/9032">#9032</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/grpc/grpc-go/commit/caf0772c2bcb8bc15d43eb53448e921f34f0b7e8"><code>caf0772</code></a>
Change version from 1.81.1-dev to 1.81.1 (<a
href="https://redirect.github.com/grpc/grpc-go/issues/9122">#9122</a>)</li>
<li><a
href="https://github.com/grpc/grpc-go/commit/6ccbeebf058ede71e43a5ac28fada2a736573215"><code>6ccbeeb</code></a>
Cherry-pick <a
href="https://redirect.github.com/grpc/grpc-go/issues/9111">#9111</a>
into v1.81.x (<a
href="https://redirect.github.com/grpc/grpc-go/issues/9121">#9121</a>)</li>
<li><a
href="https://github.com/grpc/grpc-go/commit/b33c29e41b438e371c8504de9bdf64a80098cc29"><code>b33c29e</code></a>
Cherry-pick <a
href="https://redirect.github.com/grpc/grpc-go/issues/9081">#9081</a>
into v1.81.x (<a
href="https://redirect.github.com/grpc/grpc-go/issues/9102">#9102</a>)</li>
<li><a
href="https://github.com/grpc/grpc-go/commit/c45fae6d06a5c192b7b96418a2bc26a96b856834"><code>c45fae6</code></a>
Change version to 1.81.1-dev (<a
href="https://redirect.github.com/grpc/grpc-go/issues/9063">#9063</a>)</li>
<li><a
href="https://github.com/grpc/grpc-go/commit/cb18228317ff523e63d931b4058b0329585b7dcd"><code>cb18228</code></a>
Change version to 1.81.0 (<a
href="https://redirect.github.com/grpc/grpc-go/issues/9062">#9062</a>)</li>
<li><a
href="https://github.com/grpc/grpc-go/commit/96748f973e20bbfcafa19a8bdffc85ad5da138d1"><code>96748f9</code></a>
Cherry-pick <a
href="https://redirect.github.com/grpc/grpc-go/issues/9105">#9105</a> to
1.81.x (<a
href="https://redirect.github.com/grpc/grpc-go/issues/9106">#9106</a>)</li>
<li><a
href="https://github.com/grpc/grpc-go/commit/91832222f0144f76527b630ca55cfea6e1aa015a"><code>9183222</code></a>
Cherry pick <a
href="https://redirect.github.com/grpc/grpc-go/issues/9055">#9055</a>,
<a href="https://redirect.github.com/grpc/grpc-go/issues/9032">#9032</a>
to v1.81.x (<a
href="https://redirect.github.com/grpc/grpc-go/issues/9095">#9095</a>)</li>
<li><a
href="https://github.com/grpc/grpc-go/commit/5cba6da4211f3b130238c792937f5921741b616a"><code>5cba6da</code></a>
Revert &quot;deps: update dependencies for all modules (<a
href="https://redirect.github.com/grpc/grpc-go/issues/9065">#9065</a>)&quot;
(<a
href="https://redirect.github.com/grpc/grpc-go/issues/9067">#9067</a>)</li>
<li><a
href="https://github.com/grpc/grpc-go/commit/af8a9364aa7523ab24d214e9ef13e6ad64d5c5f9"><code>af8a936</code></a>
deps: update dependencies for all modules (<a
href="https://redirect.github.com/grpc/grpc-go/issues/9065">#9065</a>)</li>
<li><a
href="https://github.com/grpc/grpc-go/commit/cdc60dfaaadde45e16aa3c28237c0e655a722c1a"><code>cdc60df</code></a>
transport: optimize heap allocations in ready reader and update syscall
conne...</li>
<li>Additional commits viewable in <a
href="https://github.com/grpc/grpc-go/compare/v1.80.0...v1.81.1">compare
view</a></li>
</ul>
</details>
<br />

Updates `github.com/oapi-codegen/runtime` from 1.3.1 to 1.4.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/oapi-codegen/runtime/releases">github.com/oapi-codegen/runtime's
releases</a>.</em></p>
<blockquote>
<h2>Bug fixes</h2>
<p>This is a bug fix release.</p>
<p>Changes in <code>v1.4.0</code>, coupled with changes in
<code>v2.7.0</code> of oapi-codegen exposed some new problems.
<code>deepObject</code> style marshaling behavior now supports encoding
unicode. UTF-8 can't be directly included in parameters, so we need to
<code>%</code> escape it.</p>
<p>Form binding now detects maps, which makes binding to a Nullable
possible. We can't use generics around <code>Nullable[T]</code>, so we
handle maps generically, assuming they're a Nullable with its behavior
assumptions.</p>
<h2>🐛 Bug fixes</h2>
<ul>
<li>Fix form binding of Nullables (<a
href="https://redirect.github.com/oapi-codegen/runtime/issues/133">#133</a>)
<a
href="https://github.com/mromaszewicz"><code>@​mromaszewicz</code></a></li>
<li>Percent-encode deepObject parameter wire output (<a
href="https://redirect.github.com/oapi-codegen/runtime/issues/132">#132</a>)
<a
href="https://github.com/mromaszewicz"><code>@​mromaszewicz</code></a></li>
</ul>
<h2>📦 Dependency updates</h2>
<ul>
<li>chore(deps): update oapi-codegen/actions action to v0.7.0 (<a
href="https://redirect.github.com/oapi-codegen/runtime/issues/127">#127</a>)
@<a href="https://github.com/apps/renovate">renovate[bot]</a></li>
<li>chore(deps): update github/codeql-action action to v4 (<a
href="https://redirect.github.com/oapi-codegen/runtime/issues/107">#107</a>)
@<a href="https://github.com/apps/renovate">renovate[bot]</a></li>
<li>fix(deps): update module github.com/kataras/iris/v12 to v12.2.11 (<a
href="https://redirect.github.com/oapi-codegen/runtime/issues/11">#11</a>)
@<a href="https://github.com/apps/renovate">renovate[bot]</a></li>
<li>chore(deps): update release-drafter/release-drafter action to v7.2.0
(<a
href="https://redirect.github.com/oapi-codegen/runtime/issues/122">#122</a>)
@<a href="https://github.com/apps/renovate">renovate[bot]</a></li>
</ul>
<h2>Sponsors</h2>
<p>We would like to thank our sponsors for their support during this
release.</p>
<!-- raw HTML omitted -->
<!-- raw HTML omitted -->
<h2>Parameter handling improvements and fixes</h2>
<p>This release fixes some missing edge cases in parameter binding and
styling. We now handle all the permutations of style and explode, for
the first time. Lots of tests have been added to catch regressions.</p>
<h2>🚀 New features and improvements</h2>
<ul>
<li>Improve deepobject unmarshalling to support nullable.Nullable and
encode.TextUnmarshaler (<a
href="https://redirect.github.com/oapi-codegen/runtime/issues/45">#45</a>)
<a href="https://github.com/j-waters"><code>@​j-waters</code></a></li>
<li>feat: support spaceDelimited and pipeDelimited query parameter
binding (<a
href="https://redirect.github.com/oapi-codegen/runtime/issues/117">#117</a>)
<a
href="https://github.com/mromaszewicz"><code>@​mromaszewicz</code></a></li>
</ul>
<h2>🐛 Bug fixes</h2>
<ul>
<li>Fix form/explode=false incorrectly splitting primitive string values
on commas (<a
href="https://redirect.github.com/oapi-codegen/runtime/issues/119">#119</a>)
<a href="https://github.com/f-kanari"><code>@​f-kanari</code></a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/oapi-codegen/runtime/commit/2755f15aee0c946a782704399ba88f9830dc0912"><code>2755f15</code></a>
Fix form binding of Nullables (<a
href="https://redirect.github.com/oapi-codegen/runtime/issues/133">#133</a>)</li>
<li><a
href="https://github.com/oapi-codegen/runtime/commit/17de1dd042b56f9848af5314d5399a8d8cf8591f"><code>17de1dd</code></a>
Percent-encode deepObject parameter wire output (<a
href="https://redirect.github.com/oapi-codegen/runtime/issues/132">#132</a>)</li>
<li><a
href="https://github.com/oapi-codegen/runtime/commit/d2b7c4c58e85cdc668508abccb138dbe0d15f9d9"><code>d2b7c4c</code></a>
chore(deps): update oapi-codegen/actions action to v0.7.0</li>
<li><a
href="https://github.com/oapi-codegen/runtime/commit/6fd6c25e4f6db33e2c9c249403527ae83f30eba6"><code>6fd6c25</code></a>
chore(deps): update github/codeql-action action to v4</li>
<li><a
href="https://github.com/oapi-codegen/runtime/commit/19040cc57320598827a0a591c6fdba6f46e3a5e8"><code>19040cc</code></a>
fix(deps): update module github.com/kataras/iris/v12 to v12.2.11</li>
<li><a
href="https://github.com/oapi-codegen/runtime/commit/e05282eb5f0ed6981bf48165ba3e272d5cd062f8"><code>e05282e</code></a>
chore(deps): update release-drafter/release-drafter action to v7.2.0 (<a
href="https://redirect.github.com/oapi-codegen/runtime/issues/122">#122</a>)</li>
<li><a
href="https://github.com/oapi-codegen/runtime/commit/247b4596600502924975492764913f1b166cf1d8"><code>247b459</code></a>
fix(deps): update module github.com/labstack/echo/v4 to v4.15.1 (<a
href="https://redirect.github.com/oapi-codegen/runtime/issues/105">#105</a>)</li>
<li><a
href="https://github.com/oapi-codegen/runtime/commit/1d38dfa32275aad1c3d8254a0849df95b8c977e5"><code>1d38dfa</code></a>
fix(deps): update module github.com/labstack/echo/v5 to v5.1.0 (<a
href="https://redirect.github.com/oapi-codegen/runtime/issues/120">#120</a>)</li>
<li><a
href="https://github.com/oapi-codegen/runtime/commit/be9ed17687f71308d0fec51b57922a2168404a3d"><code>be9ed17</code></a>
chore(deps): update release-drafter/release-drafter action to v7 (<a
href="https://redirect.github.com/oapi-codegen/runtime/issues/113">#113</a>)</li>
<li><a
href="https://github.com/oapi-codegen/runtime/commit/77570f900b220d902c1fcaabb6408ba3fcd62157"><code>77570f9</code></a>
Fix form/explode=false incorrectly splitting primitive string values on
comma...</li>
<li>Additional commits viewable in <a
href="https://github.com/oapi-codegen/runtime/compare/v1.3.1...v1.4.1">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Julien Goux <hi@jgoux.dev>
@dependabot @jgoux
fix(docker): bump the docker-minor group in /apps/cli-go/pkg/config/t…
2035377 
…emplates with 2 updates (#5436)

Bumps the docker-minor group in /apps/cli-go/pkg/config/templates with 2
updates: supabase/realtime and supabase/logflare.

Updates `supabase/realtime` from v2.102.3 to v2.103.1

Updates `supabase/logflare` from 1.43.1 to 1.43.3


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Julien Goux <hi@jgoux.dev>
@Coly010
feat(cli): port link and unlink commands to native TypeScript (#5426)
85dfedd 
## What changed

Promotes `supabase link` and `supabase unlink` from Phase-0 Go-binary
proxy wrappers to native Effect TypeScript in the legacy
(stable-channel) shell. Behaviour follows the Go source
(`apps/cli-go/internal/{link,unlink}`) verbatim — same flags,
stdout/stderr text, `supabase/.temp/*` file writes, API routes, and exit
codes.

### `supabase link`
- Resolves the project ref `--project-ref` → `SUPABASE_PROJECT_ID` → TTY
prompt, **skipping** the on-disk ref file (matching Go's
empty-MemMapFs), and emits the cobra `required flag(s) "project-ref" not
set` error on a non-TTY.
- Checks remote project status: 404 tolerated (branch projects),
`INACTIVE` → paused error + dashboard unpause suggestion,
non-`ACTIVE_HEALTHY` → stderr warning; writes `postgres-version`.
- Fetches api-keys (`reveal=true`), then best-effort links:
`storage-migration`, `pooler-url` (placeholder-stripped, session-mode
rewrite; removed on `--skip-pooler`), and `rest`/`gotrue`/`storage`
tenant versions.
- Writes `project-ref` + `linked-project.json` and fires
`cli_project_linked` (org/project `groupIdentify`, groups keyed by org
**id**).

### `supabase unlink`
- Reads the project ref, removes `supabase/.temp/`, deletes the keyring
database-password entry, and surfaces all failures together (Go
`errors.Join` parity).
- Uses a minimal runtime layer — `unlink` makes no API calls and
requires no access token (the management-API layer eagerly requires
one).

### Shared / supporting
- New `legacy-temp-paths` and `legacy-tenant-versions` helpers in
`legacy/shared/` (existing `legacy-project-ref` /
`legacy-linked-project-cache` call sites refactored onto the former).
- `resolveForLink` on `LegacyProjectRefResolver`;
`deleteProjectCredential` on `LegacyCredentials`.
- The legacy credentials layer now honours `SUPABASE_NO_KEYRING=1`
(matching `next/` and the cli-e2e harness), preventing non-interactive
Keychain hangs for keyring-touching commands.

### Reviewer notes — intentional divergences from Go
- The cosmetic `WARNING: Local database version differs…` message is
omitted (it needs `config.toml [db].major_version` with CLI defaults,
not surfaced by the legacy shell); the `postgres-version` file is still
written.
- The four discarded Go config probes (`/config/database/postgres`,
`/postgrest`, `/config/auth`, `/network-restrictions`) are omitted —
they only populated in-process config that standalone `link` discards.
- The `Finished …` lines render plain (Go's `utils.Aqua` cyan), matching
the established legacy-port convention.

Both `SIDE_EFFECTS.md` files and `docs/go-cli-porting-status.md` (rows
flipped to `ported`) are updated.
@7ttp @Coly010
feat(cli): port init (#5433)
933f262 
## TL;DR

`supabase init` now runs natively in ts

## What’s introduced

adds a shared native `init` implementation
the command now creates the local project directly in TypeScript,
including `supabase/config.toml`, `supabase/.gitignore`, and
the optional VS Code and IntelliJ settings files,
while preserving existing behavior around `--force`, `--interactive`,
legacy hidden IDE flags, and the
 `--experimental` requirement for `--use-orioledb`.....


& coverage all around this! 

## Ref

- closes CLI-1303

---------

Co-authored-by: Colum Ferry <cferry09@gmail.com>
@jgoux
ci(release): use app token checkout for release pushes (#5439)
05380b0 
## What changed

The release publish job now checks out the repository with the minted
GitHub App token instead of the default Actions token.

## Why

Release tag and semantic-release note pushes are plain git operations.
The default Actions token cannot push refs to commits that include
workflow-file changes, while `gh auth setup-git` does not configure
credentials for these non-interactive git pushes in this workflow.

This matches the existing release fast-forward job pattern: mint the
repository App token, pass it to checkout, let checkout persist those
credentials, then run normal git commands.
@dependabot @jgoux
fix(deps): bump the actions-major group across 1 directory with 14 up…
db543b4 
…dates (#5342)

Bumps the actions-major group with 14 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
|
[actions/create-github-app-token](https://github.com/actions/create-github-app-token)
| `3.1.1` | `3.2.0` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact)
| `4.6.2` | `7.0.1` |
|
[actions/download-artifact](https://github.com/actions/download-artifact)
| `4.3.0` | `8.0.1` |
|
[golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action)
| `9.2.0` | `9.2.1` |
| [github/codeql-action](https://github.com/github/codeql-action) |
`4.35.2` | `4.36.0` |
|
[aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials)
| `6.1.0` | `6.1.1` |
| [docker/login-action](https://github.com/docker/login-action) |
`4.1.0` | `4.2.0` |
|
[docker/setup-buildx-action](https://github.com/docker/setup-buildx-action)
| `4.0.0` | `4.1.0` |
|
[docker/build-push-action](https://github.com/docker/build-push-action)
| `7.1.0` | `7.2.0` |
|
[docker/setup-qemu-action](https://github.com/docker/setup-qemu-action)
| `3.7.0` | `4.0.0` |
| [actions/cache](https://github.com/actions/cache) | `4.3.0` | `5.0.5`
|
|
[softprops/action-gh-release](https://github.com/softprops/action-gh-release)
| `2.6.1` | `3.0.0` |
| [supabase/setup-cli](https://github.com/supabase/setup-cli) | `1.7.1`
| `2.1.1` |
| [nrwl/nx-set-shas](https://github.com/nrwl/nx-set-shas) | `4.4.0` |
`5.0.1` |


Updates `actions/create-github-app-token` from 3.1.1 to 3.2.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/create-github-app-token/releases">actions/create-github-app-token's
releases</a>.</em></p>
<blockquote>
<h2>v3.2.0</h2>
<h2><a
href="https://github.com/actions/create-github-app-token/compare/v3.1.1...v3.2.0">3.2.0</a>
(2026-05-12)</h2>
<h3>Features</h3>
<ul>
<li>add support for enterprise-level GitHub Apps (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/263">#263</a>)
(<a
href="https://github.com/actions/create-github-app-token/commit/952a2a7073df6bfa5f49bc469ec895b6ec1acea4">952a2a7</a>)</li>
<li>support full repository names in <code>repositories</code> input (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/372">#372</a>)
(<a
href="https://github.com/actions/create-github-app-token/commit/85eb8dd41472213aed25d1a126460e0069138ab6">85eb8dd</a>)</li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li><strong>deps:</strong> bump <code>@​actions/core</code> from 3.0.0
to 3.0.1 in the production-dependencies group (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/364">#364</a>)
(<a
href="https://github.com/actions/create-github-app-token/commit/43e5c345bfd4d4f3ecea019ad0042001a09dd857">43e5c34</a>)</li>
<li>validate private-key input (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/376">#376</a>)
(<a
href="https://github.com/actions/create-github-app-token/commit/f24bbd89643991c0de27ae823c01791b2c6bafdd">f24bbd8</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/create-github-app-token/blob/main/CHANGELOG.md">actions/create-github-app-token's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h2><a
href="https://github.com/actions/create-github-app-token/compare/v3.1.1...v3.2.0">3.2.0</a>
(2026-05-12)</h2>
<h3>Features</h3>
<ul>
<li>add support for enterprise-level GitHub Apps (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/263">#263</a>)
(<a
href="https://github.com/actions/create-github-app-token/commit/952a2a7073df6bfa5f49bc469ec895b6ec1acea4">952a2a7</a>)</li>
<li>support full repository names in <code>repositories</code> input (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/372">#372</a>)
(<a
href="https://github.com/actions/create-github-app-token/commit/85eb8dd41472213aed25d1a126460e0069138ab6">85eb8dd</a>)</li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li><strong>deps:</strong> bump <code>@​actions/core</code> from 3.0.0
to 3.0.1 in the production-dependencies group (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/364">#364</a>)
(<a
href="https://github.com/actions/create-github-app-token/commit/43e5c345bfd4d4f3ecea019ad0042001a09dd857">43e5c34</a>)</li>
<li>validate private-key input (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/376">#376</a>)
(<a
href="https://github.com/actions/create-github-app-token/commit/f24bbd89643991c0de27ae823c01791b2c6bafdd">f24bbd8</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/create-github-app-token/commit/bcd2ba49218906704ab6c1aa796996da409d3eb1"><code>bcd2ba4</code></a>
chore(main): release 3.2.0 (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/370">#370</a>)</li>
<li><a
href="https://github.com/actions/create-github-app-token/commit/f24bbd89643991c0de27ae823c01791b2c6bafdd"><code>f24bbd8</code></a>
fix: validate private-key input (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/376">#376</a>)</li>
<li><a
href="https://github.com/actions/create-github-app-token/commit/363531b6d972a60a00b3f1e6bb139e5e6c764cd9"><code>363531b</code></a>
docs: capitalize Git as a proper noun in README (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/374">#374</a>)</li>
<li><a
href="https://github.com/actions/create-github-app-token/commit/fd2801133e469d2950f2c5af5e591d6b2ad833c8"><code>fd28011</code></a>
docs: update procedure to configure Git (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/287">#287</a>)</li>
<li><a
href="https://github.com/actions/create-github-app-token/commit/85eb8dd41472213aed25d1a126460e0069138ab6"><code>85eb8dd</code></a>
feat: support full repository names in <code>repositories</code> input
(<a
href="https://redirect.github.com/actions/create-github-app-token/issues/372">#372</a>)</li>
<li><a
href="https://github.com/actions/create-github-app-token/commit/c9aabb83728c3bd519212fa657ebc07e1f2a5dec"><code>c9aabb8</code></a>
build(deps-dev): bump yaml from 2.8.3 to 2.8.4 in the
development-dependencie...</li>
<li><a
href="https://github.com/actions/create-github-app-token/commit/e02e816e5591415258a53bf735aff57977dcd5e2"><code>e02e816</code></a>
build(deps-dev): bump undici from 7.24.6 to 8.2.0 (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/366">#366</a>)</li>
<li><a
href="https://github.com/actions/create-github-app-token/commit/8d835bfd37aa48fcb8e709925115857568d98bc4"><code>8d835bf</code></a>
build(deps-dev): bump esbuild from 0.27.4 to 0.28.0 in the
development-depend...</li>
<li><a
href="https://github.com/actions/create-github-app-token/commit/952a2a7073df6bfa5f49bc469ec895b6ec1acea4"><code>952a2a7</code></a>
feat: add support for enterprise-level GitHub Apps (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/263">#263</a>)</li>
<li><a
href="https://github.com/actions/create-github-app-token/commit/43e5c345bfd4d4f3ecea019ad0042001a09dd857"><code>43e5c34</code></a>
fix(deps): bump <code>@​actions/core</code> from 3.0.0 to 3.0.1 in the
production-dependenc...</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/create-github-app-token/compare/1b10c78c7865c340bc4f6099eb2f838309f1e8c3...bcd2ba49218906704ab6c1aa796996da409d3eb1">compare
view</a></li>
</ul>
</details>
<br />

Updates `actions/upload-artifact` from 4.6.2 to 7.0.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's
releases</a>.</em></p>
<blockquote>
<h2>v7.0.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Update the readme with direct upload details by <a
href="https://github.com/danwkennedy"><code>@​danwkennedy</code></a> in
<a
href="https://redirect.github.com/actions/upload-artifact/pull/795">actions/upload-artifact#795</a></li>
<li>Readme: bump all the example versions to v7 by <a
href="https://github.com/danwkennedy"><code>@​danwkennedy</code></a> in
<a
href="https://redirect.github.com/actions/upload-artifact/pull/796">actions/upload-artifact#796</a></li>
<li>Include changes in typespec/ts-http-runtime 0.3.5 by <a
href="https://github.com/yacaovsnc"><code>@​yacaovsnc</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/797">actions/upload-artifact#797</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/upload-artifact/compare/v7...v7.0.1">https://github.com/actions/upload-artifact/compare/v7...v7.0.1</a></p>
<h2>v7.0.0</h2>
<h2>v7 What's new</h2>
<h3>Direct Uploads</h3>
<p>Adds support for uploading single files directly (unzipped). Callers
can set the new <code>archive</code> parameter to <code>false</code> to
skip zipping the file during upload. Right now, we only support single
files. The action will fail if the glob passed resolves to multiple
files. The <code>name</code> parameter is also ignored with this
setting. Instead, the name of the artifact will be the name of the
uploaded file.</p>
<h3>ESM</h3>
<p>To support new versions of the <code>@actions/*</code> packages,
we've upgraded the package to ESM.</p>
<h2>What's Changed</h2>
<ul>
<li>Add proxy integration test by <a
href="https://github.com/Link"><code>@​Link</code></a>- in <a
href="https://redirect.github.com/actions/upload-artifact/pull/754">actions/upload-artifact#754</a></li>
<li>Upgrade the module to ESM and bump dependencies by <a
href="https://github.com/danwkennedy"><code>@​danwkennedy</code></a> in
<a
href="https://redirect.github.com/actions/upload-artifact/pull/762">actions/upload-artifact#762</a></li>
<li>Support direct file uploads by <a
href="https://github.com/danwkennedy"><code>@​danwkennedy</code></a> in
<a
href="https://redirect.github.com/actions/upload-artifact/pull/764">actions/upload-artifact#764</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/Link"><code>@​Link</code></a>- made
their first contribution in <a
href="https://redirect.github.com/actions/upload-artifact/pull/754">actions/upload-artifact#754</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/upload-artifact/compare/v6...v7.0.0">https://github.com/actions/upload-artifact/compare/v6...v7.0.0</a></p>
<h2>v6.0.0</h2>
<h2>v6 - What's new</h2>
<blockquote>
<p>[!IMPORTANT]
actions/upload-artifact@v6 now runs on Node.js 24 (<code>runs.using:
node24</code>) and requires a minimum Actions Runner version of 2.327.1.
If you are using self-hosted runners, ensure they are updated before
upgrading.</p>
</blockquote>
<h3>Node.js 24</h3>
<p>This release updates the runtime to Node.js 24. v5 had preliminary
support for Node.js 24, however this action was by default still running
on Node.js 20. Now this action by default will run on Node.js 24.</p>
<h2>What's Changed</h2>
<ul>
<li>Upload Artifact Node 24 support by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/719">actions/upload-artifact#719</a></li>
<li>fix: update <code>@​actions/artifact</code> for Node.js 24 punycode
deprecation by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/744">actions/upload-artifact#744</a></li>
<li>prepare release v6.0.0 for Node.js 24 support by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/745">actions/upload-artifact#745</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0">https://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0</a></p>
<h2>v5.0.0</h2>
<h2>What's Changed</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/upload-artifact/commit/043fb46d1a93c77aae656e7c1c64a875d1fc6a0a"><code>043fb46</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/upload-artifact/issues/797">#797</a>
from actions/yacaovsnc/update-dependency</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/634250c1388765ea7ed0f053e636f1f399000b94"><code>634250c</code></a>
Include changes in typespec/ts-http-runtime 0.3.5</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/e454baaac2be505c9450e11b8f3215c6fc023ce8"><code>e454baa</code></a>
Readme: bump all the example versions to v7 (<a
href="https://redirect.github.com/actions/upload-artifact/issues/796">#796</a>)</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/74fad66b98a6d799dc004d3353ccd0e6f6b2530e"><code>74fad66</code></a>
Update the readme with direct upload details (<a
href="https://redirect.github.com/actions/upload-artifact/issues/795">#795</a>)</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f"><code>bbbca2d</code></a>
Support direct file uploads (<a
href="https://redirect.github.com/actions/upload-artifact/issues/764">#764</a>)</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/589182c5a4cec8920b8c1bce3e2fab1c97a02296"><code>589182c</code></a>
Upgrade the module to ESM and bump dependencies (<a
href="https://redirect.github.com/actions/upload-artifact/issues/762">#762</a>)</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/47309c993abb98030a35d55ef7ff34b7fa1074b5"><code>47309c9</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/upload-artifact/issues/754">#754</a>
from actions/Link-/add-proxy-integration-tests</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/02a8460834e70dab0ce194c64360c59dc1475ef0"><code>02a8460</code></a>
Add proxy integration test</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/b7c566a772e6b6bfb58ed0dc250532a479d7789f"><code>b7c566a</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/upload-artifact/issues/745">#745</a>
from actions/upload-artifact-v6-release</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/e516bc8500aaf3d07d591fcd4ae6ab5f9c391d5b"><code>e516bc8</code></a>
docs: correct description of Node.js 24 support in README</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/upload-artifact/compare/v4.6.2...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a">compare
view</a></li>
</ul>
</details>
<br />

Updates `actions/download-artifact` from 4.3.0 to 8.0.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/download-artifact/releases">actions/download-artifact's
releases</a>.</em></p>
<blockquote>
<h2>v8.0.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Support for CJK characters in the artifact name by <a
href="https://github.com/danwkennedy"><code>@​danwkennedy</code></a> in
<a
href="https://redirect.github.com/actions/download-artifact/pull/471">actions/download-artifact#471</a></li>
<li>Add a regression test for artifact name + content-type mismatches by
<a href="https://github.com/danwkennedy"><code>@​danwkennedy</code></a>
in <a
href="https://redirect.github.com/actions/download-artifact/pull/472">actions/download-artifact#472</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/download-artifact/compare/v8...v8.0.1">https://github.com/actions/download-artifact/compare/v8...v8.0.1</a></p>
<h2>v8.0.0</h2>
<h2>v8 - What's new</h2>
<blockquote>
<p>[!IMPORTANT]
actions/download-artifact@v8 has been migrated to an ESM module. This
should be transparent to the caller but forks might need to make
significant changes.</p>
</blockquote>
<blockquote>
<p>[!IMPORTANT]
Hash mismatches will now error by default. Users can override this
behavior with a setting change (see below).</p>
</blockquote>
<h3>Direct downloads</h3>
<p>To support direct uploads in <code>actions/upload-artifact</code>,
the action will no longer attempt to unzip all downloaded files.
Instead, the action checks the <code>Content-Type</code> header ahead of
unzipping and skips non-zipped files. Callers wishing to download a
zipped file as-is can also set the new <code>skip-decompress</code>
parameter to <code>true</code>.</p>
<h3>Enforced checks (breaking)</h3>
<p>A previous release introduced digest checks on the download. If a
download hash didn't match the expected hash from the server, the action
would log a warning. Callers can now configure the behavior on mismatch
with the <code>digest-mismatch</code> parameter. To be secure by
default, we are now defaulting the behavior to <code>error</code> which
will fail the workflow run.</p>
<h3>ESM</h3>
<p>To support new versions of the @actions/* packages, we've upgraded
the package to ESM.</p>
<h2>What's Changed</h2>
<ul>
<li>Don't attempt to un-zip non-zipped downloads by <a
href="https://github.com/danwkennedy"><code>@​danwkennedy</code></a> in
<a
href="https://redirect.github.com/actions/download-artifact/pull/460">actions/download-artifact#460</a></li>
<li>Add a setting to specify what to do on hash mismatch and default it
to <code>error</code> by <a
href="https://github.com/danwkennedy"><code>@​danwkennedy</code></a> in
<a
href="https://redirect.github.com/actions/download-artifact/pull/461">actions/download-artifact#461</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/download-artifact/compare/v7...v8.0.0">https://github.com/actions/download-artifact/compare/v7...v8.0.0</a></p>
<h2>v7.0.0</h2>
<h2>v7 - What's new</h2>
<blockquote>
<p>[!IMPORTANT]
actions/download-artifact@v7 now runs on Node.js 24 (<code>runs.using:
node24</code>) and requires a minimum Actions Runner version of 2.327.1.
If you are using self-hosted runners, ensure they are updated before
upgrading.</p>
</blockquote>
<h3>Node.js 24</h3>
<p>This release updates the runtime to Node.js 24. v6 had preliminary
support for Node 24, however this action was by default still running on
Node.js 20. Now this action by default will run on Node.js 24.</p>
<h2>What's Changed</h2>
<ul>
<li>Update GHES guidance to include reference to Node 20 version by <a
href="https://github.com/patrikpolyak"><code>@​patrikpolyak</code></a>
in <a
href="https://redirect.github.com/actions/download-artifact/pull/440">actions/download-artifact#440</a></li>
<li>Download Artifact Node24 support by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/download-artifact/pull/415">actions/download-artifact#415</a></li>
<li>fix: update <code>@​actions/artifact</code> to fix Node.js 24
punycode deprecation by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/download-artifact/pull/451">actions/download-artifact#451</a></li>
<li>prepare release v7.0.0 for Node.js 24 support by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/download-artifact/pull/452">actions/download-artifact#452</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/download-artifact/commit/3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c"><code>3e5f45b</code></a>
Add regression tests for CJK characters (<a
href="https://redirect.github.com/actions/download-artifact/issues/471">#471</a>)</li>
<li><a
href="https://github.com/actions/download-artifact/commit/e6d03f67377d4412c7aa56a8e2e4988e6ec479dd"><code>e6d03f6</code></a>
Add a regression test for artifact name + content-type mismatches (<a
href="https://redirect.github.com/actions/download-artifact/issues/472">#472</a>)</li>
<li><a
href="https://github.com/actions/download-artifact/commit/70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3"><code>70fc10c</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/download-artifact/issues/461">#461</a>
from actions/danwkennedy/digest-mismatch-behavior</li>
<li><a
href="https://github.com/actions/download-artifact/commit/f258da9a506b755b84a09a531814700b86ccfc62"><code>f258da9</code></a>
Add change docs</li>
<li><a
href="https://github.com/actions/download-artifact/commit/ccc058e5fbb0bb2352213eaec3491e117cbc4a5c"><code>ccc058e</code></a>
Fix linting issues</li>
<li><a
href="https://github.com/actions/download-artifact/commit/bd7976ba57ecea96e6f3df575eb922d11a12a9fd"><code>bd7976b</code></a>
Add a setting to specify what to do on hash mismatch and default it to
<code>error</code></li>
<li><a
href="https://github.com/actions/download-artifact/commit/ac21fcf45e0aaee541c0f7030558bdad38d77d6c"><code>ac21fcf</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/download-artifact/issues/460">#460</a>
from actions/danwkennedy/download-no-unzip</li>
<li><a
href="https://github.com/actions/download-artifact/commit/15999bff51058bc7c19b50ebbba518eaef7c26c0"><code>15999bf</code></a>
Add note about package bumps</li>
<li><a
href="https://github.com/actions/download-artifact/commit/974686ed5098c7f9c9289ec946b9058e496a2561"><code>974686e</code></a>
Bump the version to <code>v8</code> and add release notes</li>
<li><a
href="https://github.com/actions/download-artifact/commit/fbe48b1d2756394be4cd4358ed3bc1343b330e75"><code>fbe48b1</code></a>
Update test names to make it clearer what they do</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/download-artifact/compare/v4.3.0...3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c">compare
view</a></li>
</ul>
</details>
<br />

Updates `golangci/golangci-lint-action` from 9.2.0 to 9.2.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/golangci/golangci-lint-action/releases">golangci/golangci-lint-action's
releases</a>.</em></p>
<blockquote>
<h2>v9.2.1</h2>
<h2>What's Changed</h2>
<p>IMPORTANT: this is the first immutable release.</p>
<h3>Changes</h3>
<ul>
<li>chore: improve workflows by <a
href="https://github.com/ldez"><code>@​ldez</code></a> in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1394">golangci/golangci-lint-action#1394</a></li>
</ul>
<h3>Dependencies</h3>
<ul>
<li>build(deps-dev): bump the dev-dependencies group with 3 updates by
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1325">golangci/golangci-lint-action#1325</a></li>
<li>build(deps-dev): bump the dev-dependencies group with 2 updates by
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1326">golangci/golangci-lint-action#1326</a></li>
<li>build(deps): bump the dependencies group with 4 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1327">golangci/golangci-lint-action#1327</a></li>
<li>build(deps-dev): bump the dev-dependencies group with 2 updates by
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1328">golangci/golangci-lint-action#1328</a></li>
<li>build(deps): bump <code>@​types/node</code> from 25.0.2 to 25.0.3 in
the dependencies group by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1329">golangci/golangci-lint-action#1329</a></li>
<li>build(deps-dev): bump the dev-dependencies group with 2 updates by
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1330">golangci/golangci-lint-action#1330</a></li>
<li>build(deps-dev): bump the dev-dependencies group with 2 updates by
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1332">golangci/golangci-lint-action#1332</a></li>
<li>build(deps-dev): bump the dev-dependencies group with 2 updates by
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1333">golangci/golangci-lint-action#1333</a></li>
<li>build(deps): bump the dependencies group with 6 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1334">golangci/golangci-lint-action#1334</a></li>
<li>build(deps-dev): bump the dev-dependencies group with 4 updates by
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1335">golangci/golangci-lint-action#1335</a></li>
<li>build(deps): bump the dependencies group with 2 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1336">golangci/golangci-lint-action#1336</a></li>
<li>build(deps-dev): bump the dev-dependencies group with 3 updates by
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1337">golangci/golangci-lint-action#1337</a></li>
<li>build(deps): bump <code>@​types/node</code> from 25.0.9 to 25.0.10
in the dependencies group by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1338">golangci/golangci-lint-action#1338</a></li>
<li>build(deps): bump fast-xml-parser from 5.3.3 to 5.3.4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1339">golangci/golangci-lint-action#1339</a></li>
<li>build(deps-dev): bump the dev-dependencies group with 2 updates by
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1340">golangci/golangci-lint-action#1340</a></li>
<li>build(deps-dev): bump the dev-dependencies group across 1 directory
with 3 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1344">golangci/golangci-lint-action#1344</a></li>
<li>build(deps): bump fast-xml-parser from 5.3.4 to 5.3.6 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1346">golangci/golangci-lint-action#1346</a></li>
<li>build(deps): bump minimatch by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1348">golangci/golangci-lint-action#1348</a></li>
<li>build(deps): bump minimatch from 3.1.3 to 3.1.5 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1350">golangci/golangci-lint-action#1350</a></li>
<li>build(deps): bump fast-xml-parser from 5.3.6 to 5.4.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1351">golangci/golangci-lint-action#1351</a></li>
<li>build(deps): bump fast-xml-parser from 5.4.1 to 5.5.6 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1357">golangci/golangci-lint-action#1357</a></li>
<li>build(deps): bump fast-xml-parser from 5.5.6 to 5.5.7 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1358">golangci/golangci-lint-action#1358</a></li>
<li>build(deps-dev): bump flatted from 3.3.3 to 3.4.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1359">golangci/golangci-lint-action#1359</a></li>
<li>build(deps): bump picomatch from 4.0.3 to 4.0.4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1364">golangci/golangci-lint-action#1364</a></li>
<li>build(deps): bump yaml from 2.8.2 to 2.8.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1365">golangci/golangci-lint-action#1365</a></li>
<li>build(deps): bump brace-expansion by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1370">golangci/golangci-lint-action#1370</a></li>
<li>build(deps-dev): bump the dev-dependencies group across 1 directory
with 7 updates by <a
href="https://github.com/ldez"><code>@​ldez</code></a> in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1374">golangci/golangci-lint-action#1374</a></li>
<li>build(deps): bump github/codeql-action from 4 to 4.35.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1384">golangci/golangci-lint-action#1384</a></li>
<li>build(deps): bump fast-xml-builder from 1.1.5 to 1.2.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1386">golangci/golangci-lint-action#1386</a></li>
<li>build(deps): bump github/codeql-action from 4.35.2 to 4.35.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1389">golangci/golangci-lint-action#1389</a></li>
<li>build(deps): bump github/codeql-action from 4.35.3 to 4.35.4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1391">golangci/golangci-lint-action#1391</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/golangci/golangci-lint-action/compare/v9.2.0...v9.2.1">https://github.com/golangci/golangci-lint-action/compare/v9.2.0...v9.2.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golangci/golangci-lint-action/commit/82606bf257cbaff209d206a39f5134f0cfbfd2ee"><code>82606bf</code></a>
chore: prepare release v9.2.1</li>
<li><a
href="https://github.com/golangci/golangci-lint-action/commit/97c8387e660fa3be78f698fb592523e1f906a02c"><code>97c8387</code></a>
chore: improve workflows (<a
href="https://redirect.github.com/golangci/golangci-lint-action/issues/1394">#1394</a>)</li>
<li><a
href="https://github.com/golangci/golangci-lint-action/commit/28d0a191bb76f633872d1f12600dd9900ac73840"><code>28d0a19</code></a>
build(deps): bump the dependencies group across 1 directory with 2
updates</li>
<li><a
href="https://github.com/golangci/golangci-lint-action/commit/633fbc7d54a1fe7d54f72fb83194a7d442beb929"><code>633fbc7</code></a>
build(deps): bump github/codeql-action from 4.35.3 to 4.35.4 (<a
href="https://redirect.github.com/golangci/golangci-lint-action/issues/1391">#1391</a>)</li>
<li><a
href="https://github.com/golangci/golangci-lint-action/commit/59f43e26c902dadac745307f8cf2537da50ad344"><code>59f43e2</code></a>
build(deps): bump github/codeql-action from 4.35.2 to 4.35.3 (<a
href="https://redirect.github.com/golangci/golangci-lint-action/issues/1389">#1389</a>)</li>
<li><a
href="https://github.com/golangci/golangci-lint-action/commit/9eb174e04acac69b4b7f6602f9a5cc384ba59b45"><code>9eb174e</code></a>
build(deps): bump fast-xml-builder from 1.1.5 to 1.2.0 (<a
href="https://redirect.github.com/golangci/golangci-lint-action/issues/1386">#1386</a>)</li>
<li><a
href="https://github.com/golangci/golangci-lint-action/commit/4f52504dfb47d09a983372e869f643e9e0d4014b"><code>4f52504</code></a>
build(deps): bump github/codeql-action from 4 to 4.35.2 (<a
href="https://redirect.github.com/golangci/golangci-lint-action/issues/1384">#1384</a>)</li>
<li><a
href="https://github.com/golangci/golangci-lint-action/commit/6f87dfdbd16618b59a5d86104adea6216152a47c"><code>6f87dfd</code></a>
docs: update examples</li>
<li><a
href="https://github.com/golangci/golangci-lint-action/commit/c9500d7aa7797b3e999034a3e6a0b9a4f18e8708"><code>c9500d7</code></a>
chore: improve workflows</li>
<li><a
href="https://github.com/golangci/golangci-lint-action/commit/03b1faa37ed78712fa70fc44b56fa553f0d7a6bc"><code>03b1faa</code></a>
chore: improve issue templates</li>
<li>Additional commits viewable in <a
href="https://github.com/golangci/golangci-lint-action/compare/1e7e51e771db61008b38414a730f564565cf7c20...82606bf257cbaff209d206a39f5134f0cfbfd2ee">compare
view</a></li>
</ul>
</details>
<br />

Updates `github/codeql-action` from 4.35.2 to 4.36.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.36.0</h2>
<ul>
<li><em>Breaking change</em>: Bump the minimum required CodeQL bundle
version to 2.19.4. <a
href="https://redirect.github.com/github/codeql-action/pull/3894">#3894</a></li>
<li>Add support for SHA-256 Git object IDs. <a
href="https://redirect.github.com/github/codeql-action/pull/3893">#3893</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5">2.25.5</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3926">#3926</a></li>
</ul>
<h2>v4.35.5</h2>
<ul>
<li>We have improved how the JavaScript bundles for the CodeQL Action
are generated to avoid duplication across bundles and reduce the size of
the repository by around 70%. This should have no effect on the runtime
behaviour of the CodeQL Action. <a
href="https://redirect.github.com/github/codeql-action/pull/3899">#3899</a></li>
<li>For performance and accuracy reasons, <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis</a> will now only be enabled on a pull request when
diff-informed analysis is also enabled for that run. If diff-informed
analysis is unavailable (for example, because the PR diff ranges could
not be computed), the action will fall back to a full analysis. <a
href="https://redirect.github.com/github/codeql-action/pull/3791">#3791</a></li>
<li>If multiple inputs are provided for the GitHub-internal
<code>analysis-kinds</code> input, only <code>code-scanning</code> will
be enabled. The <code>analysis-kinds</code> input is experimental, for
GitHub-internal use only, and may change without notice at any time. <a
href="https://redirect.github.com/github/codeql-action/pull/3892">#3892</a></li>
<li>Added an experimental change which, when running a Code Scanning
analysis for a PR with <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis</a> enabled, prefers CodeQL CLI versions that have
a cached overlay-base database for the configured languages. This speeds
up analysis for a repository when there is not yet a cached overlay-base
database for the latest CLI version. We expect to roll this change out
to everyone in May. <a
href="https://redirect.github.com/github/codeql-action/pull/3880">#3880</a></li>
</ul>
<h2>v4.35.4</h2>
<ul>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4">2.25.4</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3881">#3881</a></li>
</ul>
<h2>v4.35.3</h2>
<ul>
<li><em>Upcoming breaking change</em>: Add a deprecation warning for
customers using CodeQL version 2.19.3 and earlier. These versions of
CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise
Server 3.15, and will be unsupported by the next minor release of the
CodeQL Action. <a
href="https://redirect.github.com/github/codeql-action/pull/3837">#3837</a></li>
<li>Configurations for private registries that use Cloudsmith or GCP
OIDC are now accepted. <a
href="https://redirect.github.com/github/codeql-action/pull/3850">#3850</a></li>
<li>Best-effort connection tests for private registries now use
<code>GET</code> requests instead of <code>HEAD</code> for better
compatibility with various registry implementations. For NuGet feeds,
the test is now always performed against the service index. <a
href="https://redirect.github.com/github/codeql-action/pull/3853">#3853</a></li>
<li>Fixed a bug where two diagnostics produced within the same
millisecond could overwrite each other on disk, causing one of them to
be lost. <a
href="https://redirect.github.com/github/codeql-action/pull/3852">#3852</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3">2.25.3</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3865">#3865</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>4.36.0 - 22 May 2026</h2>
<ul>
<li><em>Breaking change</em>: Bump the minimum required CodeQL bundle
version to 2.19.4. <a
href="https://redirect.github.com/github/codeql-action/pull/3894">#3894</a></li>
<li>Add support for SHA-256 Git object IDs. <a
href="https://redirect.github.com/github/codeql-action/pull/3893">#3893</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5">2.25.5</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3926">#3926</a></li>
</ul>
<h2>4.35.5 - 15 May 2026</h2>
<ul>
<li>We have improved how the JavaScript bundles for the CodeQL Action
are generated to avoid duplication across bundles and reduce the size of
the repository by around 70%. This should have no effect on the runtime
behaviour of the CodeQL Action. <a
href="https://redirect.github.com/github/codeql-action/pull/3899">#3899</a></li>
<li>For performance and accuracy reasons, <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis</a> will now only be enabled on a pull request when
diff-informed analysis is also enabled for that run. If diff-informed
analysis is unavailable (for example, because the PR diff ranges could
not be computed), the action will fall back to a full analysis. <a
href="https://redirect.github.com/github/codeql-action/pull/3791">#3791</a></li>
<li>If multiple inputs are provided for the GitHub-internal
<code>analysis-kinds</code> input, only <code>code-scanning</code> will
be enabled. The <code>analysis-kinds</code> input is experimental, for
GitHub-internal use only, and may change without notice at any time. <a
href="https://redirect.github.com/github/codeql-action/pull/3892">#3892</a></li>
<li>Added an experimental change which, when running a Code Scanning
analysis for a PR with <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis</a> enabled, prefers CodeQL CLI versions that have
a cached overlay-base database for the configured languages. This speeds
up analysis for a repository when there is not yet a cached overlay-base
database for the latest CLI version. We expect to roll this change out
to everyone in May. <a
href="https://redirect.github.com/github/codeql-action/pull/3880">#3880</a></li>
</ul>
<h2>4.35.4 - 07 May 2026</h2>
<ul>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4">2.25.4</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3881">#3881</a></li>
</ul>
<h2>4.35.3 - 01 May 2026</h2>
<ul>
<li><em>Upcoming breaking change</em>: Add a deprecation warning for
customers using CodeQL version 2.19.3 and earlier. These versions of
CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise
Server 3.15, and will be unsupported by the next minor release of the
CodeQL Action. <a
href="https://redirect.github.com/github/codeql-action/pull/3837">#3837</a></li>
<li>Configurations for private registries that use Cloudsmith or GCP
OIDC are now accepted. <a
href="https://redirect.github.com/github/codeql-action/pull/3850">#3850</a></li>
<li>Best-effort connection tests for private registries now use
<code>GET</code> requests instead of <code>HEAD</code> for better
compatibility with various registry implementations. For NuGet feeds,
the test is now always performed against the service index. <a
href="https://redirect.github.com/github/codeql-action/pull/3853">#3853</a></li>
<li>Fixed a bug where two diagnostics produced within the same
millisecond could overwrite each other on disk, causing one of them to
be lost. <a
href="https://redirect.github.com/github/codeql-action/pull/3852">#3852</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3">2.25.3</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3865">#3865</a></li>
</ul>
<h2>4.35.2 - 15 Apr 2026</h2>
<ul>
<li>The undocumented TRAP cache cleanup feature that could be enabled
using the <code>CODEQL_ACTION_CLEANUP_TRAP_CACHES</code> environment
variable is deprecated and will be removed in May 2026. If you are
affected by this, we recommend disabling TRAP caching by passing the
<code>trap-caching: false</code> input to the <code>init</code> Action.
<a
href="https://redirect.github.com/github/codeql-action/pull/3795">#3795</a></li>
<li>The Git version 2.36.0 requirement for improved incremental analysis
now only applies to repositories that contain submodules. <a
href="https://redirect.github.com/github/codeql-action/pull/3789">#3789</a></li>
<li>Python analysis on GHES no longer extracts the standard library,
relying instead on models of the standard library. This should result in
significantly faster extraction and analysis times, while the effect on
alerts should be minimal. <a
href="https://redirect.github.com/github/codeql-action/pull/3794">#3794</a></li>
<li>Fixed a bug in the validation of OIDC configurations for private
registries that was added in CodeQL Action 4.33.0 / 3.33.0. <a
href="https://redirect.github.com/github/codeql-action/pull/3807">#3807</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2">2.25.2</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3823">#3823</a></li>
</ul>
<h2>4.35.1 - 27 Mar 2026</h2>
<ul>
<li>Fix incorrect minimum required Git version for <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis</a>: it should have been 2.36.0, not 2.11.0. <a
href="https://redirect.github.com/github/codeql-action/pull/3781">#3781</a></li>
</ul>
<h2>4.35.0 - 27 Mar 2026</h2>
<ul>
<li>Reduced the minimum Git version required for <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis</a> from 2.38.0 to 2.11.0. <a
href="https://redirect.github.com/github/codeql-action/pull/3767">#3767</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1">2.25.1</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3773">#3773</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/7211b7c8077ea37d8641b6271f6a365a22a5fbfa"><code>7211b7c</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3927">#3927</a>
from github/update-v4.36.0-ebc2d9e2b</li>
<li><a
href="https://github.com/github/codeql-action/commit/7740f2fb21add1d46278215acea47540db22f022"><code>7740f2f</code></a>
Update changelog for v4.36.0</li>
<li><a
href="https://github.com/github/codeql-action/commit/ebc2d9e2bc247eec51bee8d4df806c4030eb0761"><code>ebc2d9e</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3926">#3926</a>
from github/update-bundle/codeql-bundle-v2.25.5</li>
<li><a
href="https://github.com/github/codeql-action/commit/d1f74b777c95c777bf4f42ce4b250bc916e745c7"><code>d1f74b7</code></a>
Add changelog note</li>
<li><a
href="https://github.com/github/codeql-action/commit/2dc40cec39bdc63d3561d74fa6100cebb0418ff4"><code>2dc40ce</code></a>
Update default bundle to codeql-bundle-v2.25.5</li>
<li><a
href="https://github.com/github/codeql-action/commit/84498526a009a99c875e83ef4821a8ba52de7c22"><code>8449852</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3910">#3910</a>
from github/henrymercer/repo-size-diff-check</li>
<li><a
href="https://github.com/github/codeql-action/commit/72ac23c6d16b29fbe801e87e3439941558c53094"><code>72ac23c</code></a>
Update excluded required check list</li>
<li><a
href="https://github.com/github/codeql-action/commit/c5297a28a2c3e6a8062041b58858bd7117cebe37"><code>c5297a2</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3919">#3919</a>
from github/henrymercer/workflow-concurrency</li>
<li><a
href="https://github.com/github/codeql-action/commit/8ffeae7d05bc1b914a009d197e64e4f5c9e14503"><code>8ffeae7</code></a>
CI: Automatically cancel non-generated workflows</li>
<li><a
href="https://github.com/github/codeql-action/commit/f3f52bf568dc44a1069faafa538caa6b1fec40c9"><code>f3f52bf</code></a>
Revert <code>getErrorMessage</code> import</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/95e58e9a2cdfd71adc6e0353d5c52f41a045d225...7211b7c8077ea37d8641b6271f6a365a22a5fbfa">compare
view</a></li>
</ul>
</details>
<br />

Updates `aws-actions/configure-aws-credentials` from 6.1.0 to 6.1.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/aws-actions/configure-aws-credentials/releases">aws-actions/configure-aws-credentials's
releases</a>.</em></p>
<blockquote>
<h2>v6.1.1</h2>
<h2>What's Changed</h2>
<ul>
<li>chore(deps-dev): bump esbuild from 0.27.4 to 0.28.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1722">aws-actions/configure-aws-credentials#1722</a></li>
<li>chore(deps-dev): bump <code>@​types/node</code> from 25.5.0 to
25.5.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1723">aws-actions/configure-aws-credentials#1723</a></li>
<li>chore(deps-dev): bump <code>@​smithy/property-provider</code> from
4.2.12 to 4.2.13 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1724">aws-actions/configure-aws-credentials#1724</a></li>
<li>chore(deps): bump proxy-agent from 8.0.0 to 8.0.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1726">aws-actions/configure-aws-credentials#1726</a></li>
<li>chore(deps): bump <code>@​smithy/node-http-handler</code> from 4.5.1
to 4.5.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1725">aws-actions/configure-aws-credentials#1725</a></li>
<li>chore(deps): bump <code>@​aws-sdk/client-sts</code> from 3.1020.0 to
3.1025.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1727">aws-actions/configure-aws-credentials#1727</a></li>
<li>chore(deps): bump basic-ftp from 5.2.0 to 5.2.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1728">aws-actions/configure-aws-credentials#1728</a></li>
<li>chore(deps): bump basic-ftp from 5.2.1 to 5.2.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1729">aws-actions/configure-aws-credentials#1729</a></li>
<li>chore(deps-dev): bump <code>@​types/node</code> from 25.5.2 to
25.6.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1730">aws-actions/configure-aws-credentials#1730</a></li>
<li>chore(deps-dev): bump <code>@​aws-sdk/credential-provider-env</code>
from 3.972.24 to 3.972.25 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1733">aws-actions/configure-aws-credentials#1733</a></li>
<li>chore(deps): bump <code>@​aws-sdk/client-sts</code> from 3.1025.0 to
3.1030.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1732">aws-actions/configure-aws-credentials#1732</a></li>
<li>chore(deps-dev): bump <code>@​biomejs/biome</code> from 2.4.10 to
2.4.11 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1734">aws-actions/configure-aws-credentials#1734</a></li>
<li>chore(deps): bump basic-ftp from 5.2.2 to 5.3.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1736">aws-actions/configure-aws-credentials#1736</a></li>
<li>chore(deps-dev): bump memfs from 4.57.1 to 4.57.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1737">aws-actions/configure-aws-credentials#1737</a></li>
<li>chore(deps-dev): bump typescript from 6.0.2 to 6.0.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1740">aws-actions/configure-aws-credentials#1740</a></li>
<li>chore(deps-dev): bump <code>@​smithy/property-provider</code> from
4.2.13 to 4.2.14 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1741">aws-actions/configure-aws-credentials#1741</a></li>
<li>chore(deps-dev): bump <code>@​aws-sdk/credential-provider-env</code>
from 3.972.25 to 3.972.28 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1742">aws-actions/configure-aws-credentials#1742</a></li>
<li>chore(deps): bump <code>@​aws-sdk/client-sts</code> from 3.1030.0 to
3.1033.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1743">aws-actions/configure-aws-credentials#1743</a></li>
<li>chore(deps-dev): bump <code>@​biomejs/biome</code> from 2.4.11 to
2.4.12 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1739">aws-actions/configure-aws-credentials#1739</a></li>
<li>chore(deps-dev): bump <code>@​biomejs/biome</code> from 2.4.12 to
2.4.13 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1747">aws-actions/configure-aws-credentials#1747</a></li>
<li>chore(deps): bump postcss from 8.5.6 to 8.5.12 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1752">aws-actions/configure-aws-credentials#1752</a></li>
<li>chore(deps): bump <code>@​smithy/node-http-handler</code> from 4.6.0
to 4.6.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1750">aws-actions/configure-aws-credentials#1750</a></li>
<li>chore(deps-dev): bump <code>@​aws-sdk/credential-provider-env</code>
from 3.972.28 to 3.972.32 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1751">aws-actions/configure-aws-credentials#1751</a></li>
<li>chore(deps): bump <code>@​aws-sdk/client-sts</code> from 3.1033.0 to
3.1038.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1749">aws-actions/configure-aws-credentials#1749</a></li>
<li>chore: release 6.1.1 by <a
href="https://github.com/lehmanmj"><code>@​lehmanmj</code></a> in <a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1757">aws-actions/configure-aws-credentials#1757</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/aws-actions/configure-aws-credentials/compare/v6...v6.1.1">https://github.com/aws-actions/configure-aws-credentials/compare/v6...v6.1.1</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md">aws-actions/configure-aws-credentials's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<p>All notable changes to this project will be documented in this file.
See <a
href="https://github.com/conventional-changelog/standard-version">standard-version</a>
for commit guidelines.</p>
<h2><a
href="https://github.com/aws-actions/configure-aws-credentials/compare/v6.1.1...v6.1.2">6.1.2</a>
(2026-05-26)</h2>
<h3>Features</h3>
<ul>
<li>add additional session tags by default (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1775">#1775</a>)
(<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/e0ba7685077379a14a82d01fefd511490344ebfc">e0ba768</a>)</li>
<li>add more retry logic and better logging (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1764">#1764</a>)
(<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/540d0c13aedb8d55501d220bd2f0b3cdedfe84e8">540d0c1</a>)</li>
<li>add regex validation to role-session-name (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1765">#1765</a>)
(<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/e35449909c6ede5083a48ba4b8bbfaaa1cf09ba1">e354499</a>)</li>
<li>Allow custom session tags to be passed when assuming a role (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1759">#1759</a>)
(<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/61f50f630f383628add73c1eab3f1935ba07da2b">61f50f6</a>)</li>
<li>expose run id in STS client user-agent (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1774">#1774</a>)
(<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/29d1be30273e7ef371d59fccf6ec54572c64ec89">29d1be3</a>)</li>
<li>support custom STS endpoints (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1762">#1762</a>)
(<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/8d52d05d7a4521fa52b39de50cb6114b12e5c332">8d52d05</a>)</li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li>additional filesystem checks (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1799">#1799</a>)
(<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/c39f282697aca8a78c522ecf1f7da9899a31432c">c39f282</a>)</li>
<li>skip credential check on output-env-credentials: false (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1778">#1778</a>)
(<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/58e7c47adf77846879008deadfeeef8a6969fe6c">58e7c47</a>)</li>
</ul>
<h2><a
href="https://github.com/aws-actions/configure-aws-credentials/compare/v6.1.0...v6.1.1">6.1.1</a>
(2026-05-05)</h2>
<h3>Miscellaneous Chores</h3>
<ul>
<li>various dependency updates</li>
</ul>
<h2><a
href="https://github.com/aws-actions/configure-aws-credentials/compare/v6.0.0...v6.1.0">6.1.0</a>
(2026-04-06)</h2>
<h3>Features</h3>
<ul>
<li>add skip cleanup option (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1716">#1716</a>)
(<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/11b1c58b24724e66aa52a847862a0c1b0c4b0c7b">11b1c58</a>),
closes <a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1545">#1545</a></li>
<li>Support usage of AWS Profiles (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1696">#1696</a>)
(<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/a7f0c828ac76e0d049e34c920172c60f579f9eb3">a7f0c82</a>)</li>
</ul>
<h2><a
href="https://github.com/aws-actions/configure-aws-credentials/compare/v5.1.1...v6.0.0">6.0.0</a>
(2026-02-04)</h2>
<h3>⚠ BREAKING CHANGES</h3>
<ul>
<li>Update action to use node24 (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1632">#1632</a>)
(<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/a7a2c1125c67f40a1e95768f4e4a7d8f019f87af">a7a2c11</a>)</li>
</ul>
<h3>Features</h3>
<ul>
<li>add support to define transitive tag keys (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1316">#1316</a>)
(<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/232435c0c05e51137544f0203931b84893d13b74">232435c</a>)
(<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1628/changes/930ebd9bcaed959c3ba9e21567e8abbc3cae72c0">930ebd9</a>)</li>
</ul>
<h3>Bug Fixes</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/aws-actions/configure-aws-credentials/commit/d979d5b3a71173a29b74b5b88418bfda9437d885"><code>d979d5b</code></a>
chore: release 6.1.1 (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1757">#1757</a>)</li>
<li><a
href="https://github.com/aws-actions/configure-aws-credentials/commit/d4a9acd8d3a85678bd2eb9e0a2225949c8ce00f0"><code>d4a9acd</code></a>
chore: Update dist</li>
<li><a
href="https://github.com/aws-actions/configure-aws-credentials/commit/fc44f4ae4061c6145827c6bead5058cf4a09d3d7"><code>fc44f4a</code></a>
chore(deps): bump <code>@​aws-sdk/client-sts</code> from 3.1033.0 to
3.1038.0 (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1749">#1749</a>)</li>
<li><a
href="https://github.com/aws-actions/configure-aws-credentials/commit/0b8336f1bad4254674f1627a88cca9b70e5c1a99"><code>0b8336f</code></a>
chore: Update dist</li>
<li><a
href="https://github.com/aws-actions/configure-aws-credentials/commit/8c5bf33eedab7c569b2218bc0c1428d2c61479ed"><code>8c5bf33</code></a>
chore(deps-dev): bump <code>@​aws-sdk/credential-provider-env</code> (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1751">#1751</a>)</li>
<li><a
href="https://github.com/aws-actions/configure-aws-credentials/commit/53df0c1c3279cace88c3da0c5a8791841d742b83"><code>53df0c1</code></a>
chore: Update dist</li>
<li><a
href="https://github.com/aws-actions/configure-aws-credentials/commit/c2c55827d200646241e6a76179dda6118b08577d"><code>c2c5582</code></a>
chore(deps): bump <code>@​smithy/node-http-handler</code> from 4.6.0 to
4.6.1 (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1750">#1750</a>)</li>
<li><a
href="https://github.com/aws-actions/configure-aws-credentials/commit/bd0031d7c367b4b2496a30f8e318da766a6a0a7c"><code>bd0031d</code></a>
chore(deps): bump postcss from 8.5.6 to 8.5.12 (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1752">#1752</a>)</li>
<li><a
href="https://github.com/aws-actions/configure-aws-credentials/commit/6ab499a6985908ab02d242935a89426bb7206e53"><code>6ab499a</code></a>
chore(deps-dev): bump <code>@​biomejs/biome</code> from 2.4.12 to 2.4.13
(<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1747">#1747</a>)</li>
<li><a
href="https://github.com/aws-actions/configure-aws-credentials/commit/bc9489585819302995bb108bbd899b7975f40303"><code>bc94895</code></a>
chore(deps-dev): bump <code>@​biomejs/biome</code> from 2.4.11 to 2.4.12
(<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1739">#1739</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/aws-actions/configure-aws-credentials/compare/ec61189d14ec14c8efccab744f656cffd0e33f37...d979d5b3a71173a29b74b5b88418bfda9437d885">compare
view</a></li>
</ul>
</details>
<br />

Updates `docker/login-action` from 4.1.0 to 4.2.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/login-action/releases">docker/login-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.2.0</h2>
<ul>
<li>Bump <code>@​actions/core</code> from 3.0.0 to 3.0.1 in <a
href="https://redirect.github.com/docker/login-action/pull/976">docker/login-action#976</a></li>
<li>Bump <code>@​aws-sdk/client-ecr</code> and
<code>@​aws-sdk/client-ecr-public</code> to 3.1050.0 in <a
href="https://redirect.github.com/docker/login-action/pull/960">docker/login-action#960</a></li>
<li>Bump <code>@​docker/actions-toolkit</code> from 0.86.0 to 0.90.0 in
<a
href="https://redirect.github.com/docker/login-action/pull/970">docker/login-action#970</a></li>
<li>Bump brace-expansion from 2.0.1 to 5.0.6 in <a
href="https://redirect.github.com/docker/login-action/pull/993">docker/login-action#993</a></li>
<li>Bump fast-xml-builder from 1.1.4 to 1.2.0 in <a
href="https://redirect.github.com/docker/login-action/pull/985">docker/login-action#985</a></li>
<li>Bump fast-xml-parser from 5.3.6 to 5.8.0 in <a
href="https://redirect.github.com/docker/login-action/pull/963">docker/login-action#963</a></li>
<li>Bump http-proxy-agent and https-proxy-agent to 9.0.0 in <a
href="https://redirect.github.com/docker/login-action/pull/961">docker/login-action#961</a></li>
<li>Bump postcss from 8.5.6 to 8.5.10 in <a
href="https://redirect.github.com/docker/login-action/pull/979">docker/login-action#979</a></li>
<li>Bump tar from 6.2.1 to 7.5.15 in <a
href="https://redirect.github.com/docker/login-action/pull/991">docker/login-action#991</a></li>
<li>Bump vite from 7.3.1 to 7.3.3 in <a
href="https://redirect.github.com/docker/login-action/pull/986">docker/login-action#986</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/login-action/compare/v4.1.0...v4.2.0">https://github.com/docker/login-action/compare/v4.1.0...v4.2.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/docker/login-action/commit/650006c6eb7dba73a995cc03b0b2d7f5ca915bee"><code>650006c</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/login-action/issues/960">#960</a>
from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...</li>
<li><a
href="https://github.com/docker/login-action/commit/99df1a3f6d65e48177ea57671a50e2242eae4b63"><code>99df1a3</code></a>
chore: update generated content</li>
<li><a
href="https://github.com/docker/login-action/commit/3ab375f324f46da5f6901efeda4be4e2566ebaa2"><code>3ab375f</code></a>
build(deps): bump the aws-sdk-dependencies gro…
@dependabot
fix(docker): bump supabase/studio from 2026.06.01-sha-a4334a2 to 2026…
4013b72 
….06.03-sha-0bca601 in /apps/cli-go/pkg/config/templates in the docker-minor group (#5441)

Bumps the docker-minor group in /apps/cli-go/pkg/config/templates with 1
update: supabase/studio.

Updates `supabase/studio` from 2026.06.01-sha-a4334a2 to
2026.06.03-sha-0bca601


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=supabase/studio&package-manager=docker&previous-version=2026.06.01-sha-a4334a2&new-version=2026.06.03-sha-0bca601)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@jgoux
chore(ci): add CLI preview PR comment (#5440)
0ada7aa 
Adds a dedicated follow-up job to the preview CLI package workflow that
posts or updates a sticky PR comment with the copy-pasteable `npx --yes
https://pkg.pr.new/supabase@<PR_NUMBER>` command.

The pkg.pr.new publish step stays in `--comment=off` mode so reviewers
see the CLI command without the platform wrapper package list, and the
comment write permission is isolated from the job that checks out and
runs PR code.
@dependabot @jgoux
chore(ci): bump the actions-major group with 2 updates (#5443)
86d0f02 
Bumps the actions-major group with 2 updates:
[aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials)
and
[docker/setup-qemu-action](https://github.com/docker/setup-qemu-action).

Updates `aws-actions/configure-aws-credentials` from 6.1.1 to 6.1.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/aws-actions/configure-aws-credentials/releases">aws-actions/configure-aws-credentials's
releases</a>.</em></p>
<blockquote>
<h2>v6.1.2</h2>
<h2><a
href="https://github.com/aws-actions/configure-aws-credentials/compare/v6.1.1...v6.1.2">6.1.2</a>
(2026-05-26)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>additional filesystem checks (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1799">#1799</a>)
(<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/c39f282697aca8a78c522ecf1f7da9899a31432c">c39f282</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md">aws-actions/configure-aws-credentials's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<p>All notable changes to this project will be documented in this file.
See <a
href="https://github.com/conventional-changelog/standard-version">standard-version</a>
for commit guidelines.</p>
<h2><a
href="https://github.com/aws-actions/configure-aws-credentials/compare/v6.1.3...v6.2.0">6.2.0</a>
(2026-06-01)</h2>
<h3>Features</h3>
<ul>
<li>add additional session tags by default (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1775">#1775</a>)
(<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/e0ba7685077379a14a82d01fefd511490344ebfc">e0ba768</a>)</li>
<li>add more retry logic and better logging (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1764">#1764</a>)
(<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/540d0c13aedb8d55501d220bd2f0b3cdedfe84e8">540d0c1</a>)</li>
<li>add regex validation to role-session-name (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1765">#1765</a>)
(<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/e35449909c6ede5083a48ba4b8bbfaaa1cf09ba1">e354499</a>)</li>
<li>Allow custom session tags to be passed when assuming a role (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1759">#1759</a>)
(<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/61f50f630f383628add73c1eab3f1935ba07da2b">61f50f6</a>)</li>
<li>expose run id in STS client user-agent (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1774">#1774</a>)
(<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/29d1be30273e7ef371d59fccf6ec54572c64ec89">29d1be3</a>)</li>
<li>support custom STS endpoints (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1762">#1762</a>)
(<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/8d52d05d7a4521fa52b39de50cb6114b12e5c332">8d52d05</a>)</li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li>skip credential check on output-env-credentials: false (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1778">#1778</a>)
(<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/58e7c47adf77846879008deadfeeef8a6969fe6c">58e7c47</a>)</li>
<li>assumeRole failing from session tag size too large (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1808">#1808</a>)
(<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/d6f5dc331b44474b19a52caaf85fa4d637b13c8e">d6f5dc3</a>)</li>
</ul>
<h2><a
href="https://github.com/aws-actions/configure-aws-credentials/compare/v6.1.2...v6.1.3">6.1.3</a>
(2026-05-28)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>fix: allow kubelet token symlink in <a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1805">#1805</a></li>
</ul>
<h2><a
href="https://github.com/aws-actions/configure-aws-credentials/compare/v6.1.1...v6.1.2">6.1.2</a>
(2026-05-26)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>additional filesystem checks (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1799">#1799</a>)
(<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/c39f282697aca8a78c522ecf1f7da9899a31432c">c39f282</a>)</li>
</ul>
<h2><a
href="https://github.com/aws-actions/configure-aws-credentials/compare/v6.1.0...v6.1.1">6.1.1</a>
(2026-05-05)</h2>
<h3>Miscellaneous Chores</h3>
<ul>
<li>various dependency updates</li>
</ul>
<h2><a
href="https://github.com/aws-actions/configure-aws-credentials/compare/v6.0.0...v6.1.0">6.1.0</a>
(2026-04-06)</h2>
<h3>Features</h3>
<ul>
<li>add skip cleanup option (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1716">#1716</a>)
(<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/11b1c58b24724e66aa52a847862a0c1b0c4b0c7b">11b1c58</a>),
closes <a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1545">#1545</a></li>
<li>Support usage of AWS Profiles (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1696">#1696</a>)
(<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/a7f0c828ac76e0d049e34c920172c60f579f9eb3">a7f0c82</a>)</li>
</ul>
<h2><a
href="https://github.com/aws-actions/configure-aws-credentials/compare/v5.1.1...v6.0.0">6.0.0</a>
(2026-02-04)</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/aws-actions/configure-aws-credentials/commit/acca2b1b2070338fb9fd1ca27ecee81d687e58e5"><code>acca2b1</code></a>
chore(main): release 6.1.2 (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1761">#1761</a>)</li>
<li><a
href="https://github.com/aws-actions/configure-aws-credentials/commit/c329d242ceb6228686c94ac6f7aac3d746066cf3"><code>c329d24</code></a>
chore: Update dist</li>
<li><a
href="https://github.com/aws-actions/configure-aws-credentials/commit/c39f282697aca8a78c522ecf1f7da9899a31432c"><code>c39f282</code></a>
fix: additional filesystem checks (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1799">#1799</a>)</li>
<li><a
href="https://github.com/aws-actions/configure-aws-credentials/commit/8188bee95ba3c3af6c224014a029811581cd56a0"><code>8188bee</code></a>
chore(deps-dev): bump <code>@​types/node</code> from 25.6.0 to 25.9.1
(<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1795">#1795</a>)</li>
<li><a
href="https://github.com/aws-actions/configure-aws-credentials/commit/477988d7727e1095f0196ce8bf873c336f30d954"><code>477988d</code></a>
chore(deps-dev): bump <code>@​smithy/property-provider</code> from
4.2.14 to 4.3.4 (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1798">#1798</a>)</li>
<li><a
href="https://github.com/aws-actions/configure-aws-credentials/commit/9a5ab5bbe814367e429a047e3c5568406b935cba"><code>9a5ab5b</code></a>
chore: Update dist</li>
<li><a
href="https://github.com/aws-actions/configure-aws-credentials/commit/baa1fdfef9d3f4e92ab62e1f4bcd5130c929bb48"><code>baa1fdf</code></a>
chore(deps): bump <code>@​aws-sdk/client-sts</code> from 3.1038.0 to
3.1053.0 (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1793">#1793</a>)</li>
<li><a
href="https://github.com/aws-actions/configure-aws-credentials/commit/4be0a3c1675feae7957ae186098357084182bae0"><code>4be0a3c</code></a>
chore(deps-dev): bump generate-license-file from 4.1.1 to 4.2.1 (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1794">#1794</a>)</li>
<li><a
href="https://github.com/aws-actions/configure-aws-credentials/commit/f85f964a2e08567040000cb733de75d57aaa3b1a"><code>f85f964</code></a>
chore: Update dist</li>
<li><a
href="https://github.com/aws-actions/configure-aws-credentials/commit/6fddd0cf67c47a5e4a1c0e1d99a030d845edc24d"><code>6fddd0c</code></a>
chore(deps-dev): bump <code>@​aws-sdk/credential-provider-env</code> (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1791">#1791</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/aws-actions/configure-aws-credentials/compare/d979d5b3a71173a29b74b5b88418bfda9437d885...acca2b1b2070338fb9fd1ca27ecee81d687e58e5">compare
view</a></li>
</ul>
</details>
<br />

Updates `docker/setup-qemu-action` from 4.0.0 to 4.1.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/setup-qemu-action/releases">docker/setup-qemu-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.1.0</h2>
<ul>
<li>Add <code>reset</code> input to uninstall current emulators by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> in <a
href="https://redirect.github.com/docker/setup-qemu-action/pull/21">docker/setup-qemu-action#21</a></li>
<li>Bump <code>@​docker/actions-toolkit</code> from 0.77.0 to 0.91.0 in
<a
href="https://redirect.github.com/docker/setup-qemu-action/pull/250">docker/setup-qemu-action#250</a>
<a
href="https://redirect.github.com/docker/setup-qemu-action/pull/247">docker/setup-qemu-action#247</a></li>
<li>Bump brace-expansion from 1.1.12 to 1.1.15 in <a
href="https://redirect.github.com/docker/setup-qemu-action/pull/265">docker/setup-qemu-action#265</a></li>
<li>Bump fast-xml-builder from 1.0.0 to 1.2.0 in <a
href="https://redirect.github.com/docker/setup-qemu-action/pull/286">docker/setup-qemu-action#286</a></li>
<li>Bump fast-xml-parser from 5.4.2 to 5.8.0 in <a
href="https://redirect.github.com/docker/setup-qemu-action/pull/255">docker/setup-qemu-action#255</a></li>
<li>Bump flatted from 3.3.3 to 3.4.2 in <a
href="https://redirect.github.com/docker/setup-qemu-action/pull/257">docker/setup-qemu-action#257</a></li>
<li>Bump glob from 10.3.15 to 10.5.0 in <a
href="https://redirect.github.com/docker/setup-qemu-action/pull/254">docker/setup-qemu-action#254</a></li>
<li>Bump handlebars from 4.7.8 to 4.7.9 in <a
href="https://redirect.github.com/docker/setup-qemu-action/pull/262">docker/setup-qemu-action#262</a></li>
<li>Bump lodash from 4.17.23 to 4.18.1 in <a
href="https://redirect.github.com/docker/setup-qemu-action/pull/273">docker/setup-qemu-action#273</a></li>
<li>Bump postcss from 8.5.6 to 8.5.10 in <a
href="https://redirect.github.com/docker/setup-qemu-action/pull/285">docker/setup-qemu-action#285</a></li>
<li>Bump tar from 6.2.1 to 7.5.15 in <a
href="https://redirect.github.com/docker/setup-qemu-action/pull/287">docker/setup-qemu-action#287</a></li>
<li>Bump tmp from 0.2.5 to 0.2.6 in <a
href="https://redirect.github.com/docker/setup-qemu-action/pull/291">docker/setup-qemu-action#291</a></li>
<li>Bump undici from 6.23.0 to 6.26.0 in <a
href="https://redirect.github.com/docker/setup-qemu-action/pull/251">docker/setup-qemu-action#251</a></li>
<li>Bump vite from 7.3.1 to 7.3.2 in <a
href="https://redirect.github.com/docker/setup-qemu-action/pull/271">docker/setup-qemu-action#271</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/setup-qemu-action/compare/v4.0.0...v4.1.0">https://github.com/docker/setup-qemu-action/compare/v4.0.0...v4.1.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/docker/setup-qemu-action/commit/06116385d9baf250c9f4dcb4858b16962ea869c3"><code>0611638</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/setup-qemu-action/issues/21">#21</a>
from crazy-max/uninst</li>
<li><a
href="https://github.com/docker/setup-qemu-action/commit/ce59c818a5ff16552ddf7407ee7cb00bea682925"><code>ce59c81</code></a>
chore: update generated content</li>
<li><a
href="https://github.com/docker/setup-qemu-action/commit/2ddad4401e17fa807e8a3c4bd289ccdd993f0868"><code>2ddad44</code></a>
uninstall current emulators</li>
<li><a
href="https://github.com/docker/setup-qemu-action/commit/8c37cd6f3456e1f3f3026250eac496709e9e7e10"><code>8c37cd6</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/setup-qemu-action/issues/250">#250</a>
from docker/dependabot/npm_and_yarn/docker/actions-to...</li>
<li><a
href="https://github.com/docker/setup-qemu-action/commit/d1a0ff34af591b8e290e46f3fa114ef5bb81cd1c"><code>d1a0ff3</code></a>
chore: update generated content</li>
<li><a
href="https://github.com/docker/setup-qemu-action/commit/0a8f3dc12541cc2c3b19c182a1a2c90a2c8b8d93"><code>0a8f3dc</code></a>
build(deps): bump <code>@​docker/actions-toolkit</code> from 0.79.0 to
0.91.0</li>
<li><a
href="https://github.com/docker/setup-qemu-action/commit/9430f61a7691bd1bfdc4d6ba70e558659d36fa7a"><code>9430f61</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/setup-qemu-action/issues/291">#291</a>
from docker/dependabot/npm_and_yarn/tmp-0.2.6</li>
<li><a
href="https://github.com/docker/setup-qemu-action/commit/978bd7796cb6698377e7af6726b726e5ced642d0"><code>978bd77</code></a>
chore: update generated content</li>
<li><a
href="https://github.com/docker/setup-qemu-action/commit/3479febc62cc0fbcb98c7c7fc0dac778c0d79d6a"><code>3479feb</code></a>
build(deps): bump tmp from 0.2.5 to 0.2.6</li>
<li><a
href="https://github.com/docker/setup-qemu-action/commit/b113c264143c28c2974bed61af25be32d32f4782"><code>b113c26</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/setup-qemu-action/issues/255">#255</a>
from docker/dependabot/npm_and_yarn/fast-xml-parser-5...</li>
<li>Additional commits viewable in <a
href="https://github.com/docker/setup-qemu-action/compare/ce360397dd3f832beb865e1373c09c0e9f86d70a...06116385d9baf250c9f4dcb4858b16962ea869c3">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Julien Goux <hi@jgoux.dev>
@jgoux
chore(ci): use non-releasing actions dependabot prefix (#5442)
abe75d8 
Updates the GitHub Actions Dependabot group to use a `chore(ci):`
commit-message prefix.

This keeps future grouped workflow-only dependency updates from using
`fix(deps):`, which would be release-significant when the PR is
squash-merged into `develop`.
@jgoux
fix(cli): inject S3 and sb key env variables into Studio (#5438)
92638ef 
## What changed

This wires Studio with the local S3 protocol credentials and the newer
opaque Supabase key environment variables in both the Go CLI stack and
the TypeScript stack implementation.

The change keeps the existing legacy Studio key variables intact while
adding `SUPABASE_PUBLISHABLE_KEY`, `SUPABASE_SECRET_KEY`,
`S3_PROTOCOL_ACCESS_KEY_ID`, and `S3_PROTOCOL_ACCESS_KEY_SECRET`.

## Why

Studio expects these values for local S3 key access and newer key
handling, but the CLI-managed Studio container only received the legacy
key variables before this change.
@jgoux
ci(preview): allow preview package PR comment (#5444)
e2064a8 
## What changed

Changes the preview package comment job permission from `issues: write`
to `pull-requests: write`.

## Why

The preview package published successfully, but the custom `pkg.pr.new`
PR comment failed with `Resource not accessible by integration`. The
failing run was for a same-repository maintainer branch, so the issue
was not fork trust. The workflow token needs PR write permission for the
pull request comment operation in this repo/org context.
@avallete @claude
chore(release): add LLM release-notes prompt and approval-based publi…
2329f64 
…sh pipeline (#5330)

## Summary

Adds an LLM-driven pipeline to turn semantic-release changelogs into
user-centric Supabase CLI release notes, plus the prompt template that
drives it.

### Prompt template (`tools/release/release-notes-prompt.md`)

A self-contained prompt for generating release notes from a pasted
semantic-release block. It covers:

- **Input structure** — standardized fields for product name, audience,
and tone
- **Scope rules specific to the CLI** — filtering `next/` shell changes,
handling Go-to-TypeScript port PRs, and identifying user-facing changes
- **Investigation process** — step-by-step triage and PR analysis
workflow so the model doesn't write from titles alone
- **Classification system** — buckets for highlights, features,
improvements, bug fixes, breaking changes, and internal work
- **Writing guidelines** — voice, structure, and before/after examples
showing the transformation from raw PR data to polished notes
- **Output format** — markdown template with sections for breaking
changes, highlights, features, improvements, bug fixes, and port
progress

The prompt answers three questions for users: **Should I upgrade?**,
**What can I do now?**, and **What gotchas should I know about?**

The template uses a `{{PASTE_SEMANTIC_RELEASE_BLOCK_HERE}}` placeholder
so scripts can inject the raw changelog at runtime.

### Automation (new in this PR)

The prompt is wired into the release pipeline end-to-end:

1. **`backfill-release-notes.ts`** (existing) — writes the raw
semantic-release block to the GitHub Release body after publish.
2. **`propose-release-notes.ts`** (new) — re-derives that block via
`backfill-release-notes.ts`, renders the prompt, runs the **Claude Agent
SDK** (`WebFetch`, `WebSearch`, `Bash`/`gh`) to investigate PRs per the
prompt's step 3, writes `release-notes/v<VERSION>.md`, and opens a PR on
branch `release-notes/v<VERSION>` with a `do not merge` label.
3. **`apply-release-notes.ts`** (new) — pushes the approved file's
contents to the GitHub Release body via `gh release edit`.
4. **Workflows**
- `propose-release-notes.yml` — callable from `release-shared.yml` after
backfill (stable releases only; non-blocking so LLM failures never gate
publish). Also runnable manually from Actions.
- `apply-release-notes.yml` — on **approval** by an active
`supabase/cli` team member (not merge): checks out the PR head, applies
notes, comments the release URL, closes the PR, deletes the branch. The
notes file never lands on `main`.

Default model: `claude-haiku-4-5-20251001` at `effort: "low"`. Local
iteration flags: `--dry-run`, `--render-only`, `--model`.

### Human review flow

Release published → raw semantic-release body backfilled → propose
workflow opens release-notes/vX.Y.Z PR → reviewer edits notes on the
branch if needed → supabase/cli team member approves (not merges) →
apply workflow updates GH Release body, closes PR


Prereleases (`-beta.`, `-alpha.`) keep the raw semantic-release body;
the proposer short-circuits. (can still generate an AI release not for
beta channel by manual workflow dispatch).

---

## Explorations

We tried several approaches before settling on the current design:

### Model tier / effort

Tested Opus, Sonnet, and Haiku at various effort levels. Higher-tier
models did not meaningfully improve output quality for typical release
sizes, but cost jumped (~$0.50/generation vs ~$0.10 with Haiku). Worth
re-assessing once we see releases with substantially more PRs.

### Local context pre-fetch

Tried a "local agent" approach: download all PR/issue/code context
upfront via `gh api`, write to local files, then point the agent at
those files. This **increased** cost (~$0.30 vs ~$0.10) compared to
letting the agent fetch what it needs via WebFetch/Bash, and added
scripting overhead for context retrieval. Dropped in favor of the
agent-driven investigation model.

### Cost optimizations that worked

1. **Lower model tier** — Haiku at low effort is the sweet spot for cost
vs quality so far.
2. **Compress the prompt** — trimmed `release-notes-prompt.md` (detailed
multi-page examples → compact quick-reference table) to cut input tokens
without losing the classification/scope rules that matter.

---

## Possible follow-ups

- **OpenRouter / multi-provider agent** — swap the Claude Agent SDK for
an OpenRouter-backed agent to experiment with other models/providers
more easily. Likely a separate PR.
- **Re-evaluate model tier** on larger releases if Haiku quality
degrades with volume.
- **Prompt iteration** — use `--render-only` and `--dry-run` locally
against past tags to tune scope rules as the Go→TS port accelerates.

---

## Context

Initial prompt design session:
https://claude.ai/code/session_01FgZaMWUbVrQaQUFRv9KKYn

---------

Co-authored-by: Claude <noreply@anthropic.com>
avallete and others added 7 commits June 3, 2026 17:09
@avallete
chore(ci): fix propose release workflow dispatch (#5447)
221d758 
## What kind of change does this PR introduce?

- Fix workflow propose-release manual dispatch with for `non_blocking`
input
- Uses `client-id` instead of `app-id` everywhere / fix actionlint
self-hosted runner labels
- Rework `.github/workflows/apply-release-notes.yml` to use github
output
@avallete
chore(ci): update workflows to skip CI for release-notes PRs (#5455)
f5b186a 
## What kind of change does this PR introduce?

Skip the tests / lint / release preview for the `release-notes/*` pr's.

This also have the nice benefit of blocking any accidental merge for
those PR's since those checks are required to pass to allow merge on
develop.
@Coly010
feat(cli): port login and logout commands to native TypeScript (#5446)
beee75c 
Promotes `supabase login` and `supabase logout` from Phase 0 Go-binary
proxy wrappers to native TypeScript Effect handlers in the legacy shell
(CLI-1302). Parity with the Go CLI is the explicit priority — matching
stdout/stderr strings, streams, exit codes, the OAuth crypto flow, the
credential-delete ordering, and the telemetry stitch.

## login

- **Token path** — resolves the token from `--token` →
`SUPABASE_ACCESS_TOKEN` → piped stdin (non-TTY), saves it, then stitches
telemetry identity and prints `You are now logged in. Happy coding!`.
- **Browser OAuth flow** — ECDH P-256 keypair + AES-256-GCM decrypt
(`LegacyLoginCrypto`), session polling at
`/platform/cli/login/{sessionId}` + best-effort `/v1/profile` gotrue-id
fetch (`LegacyLoginApi`). Verify-with-retries mirrors Go's backoff: 3
attempts total, `Retry (n/2)` printed on the first two failures only.
- **Telemetry** — fetches the gotrue id, stitches or clears the
`distinct_id`, and always captures `cli_login_completed`. The stitch
*aliases* only (no `identify`) to match Go's `StitchLogin`.
- **Profile persistence** — on success, an explicitly-set profile is
written to `~/.supabase/profile` (Go's `PostRunE` / `SaveProfileName`);
`LegacyCliConfig` now reads that file back as the lowest-precedence
profile source.
- Claude Code plugin hint on a TTY stdout.

## logout

- Confirm prompt honoring `--yes`, the not-logged-in stderr path (exits
0, skips the credential sweep), real-removal-failure propagation, and
the project-credential sweep.

## Shared infra

- `LegacyCredentials.deleteAccessToken` reshaped to the Go-faithful
tri-state (`void` | `LegacyNotLoggedInError` | `LegacyDeleteTokenError`)
reproducing Go's file-first / legacy-keyring / profile-keyring ordering
— including the deliberate "file removed yet *not logged in*" quirk on
no-keyring hosts. Adds `deleteAllProjectCredentials`.
- `LegacyTelemetryState` gains `stitchLogin` / `clearDistinctId` (alias
+ persist, sharing one JSON read/merge internal).

## Reviewer-relevant notes

- The profile-file **read** fallback lives in the shared
`LegacyCliConfig` layer, so it now applies to every legacy command
(correct Go parity, wider than just login).
- `~/.supabase/profile` write failure is fatal (exit 1), matching Go's
"block subsequent CI commands on save failure".

SIDE_EFFECTS.md added for both commands; the porting-status tracker is
flipped to `ported`.
@dependabot
chore(ci): bump aws-actions/configure-aws-credentials from 6.1.2 to 6…
82ad830 
….1.3 in the actions-major group (#5463)

Bumps the actions-major group with 1 update:
[aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials).

Updates `aws-actions/configure-aws-credentials` from 6.1.2 to 6.1.3
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/aws-actions/configure-aws-credentials/releases">aws-actions/configure-aws-credentials's
releases</a>.</em></p>
<blockquote>
<h2>v6.1.3</h2>
<h2><a
href="https://github.com/aws-actions/configure-aws-credentials/compare/v6.1.2...v6.1.3">6.1.3</a>
(2026-05-27)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>fix: allow kubelet token symlink in <a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1805">aws-actions/configure-aws-credentials#1805</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md">aws-actions/configure-aws-credentials's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<p>All notable changes to this project will be documented in this file.
See <a
href="https://github.com/conventional-changelog/standard-version">standard-version</a>
for commit guidelines.</p>
<h2><a
href="https://github.com/aws-actions/configure-aws-credentials/compare/v6.1.3...v6.2.0">6.2.0</a>
(2026-06-01)</h2>
<h3>Features</h3>
<ul>
<li>add additional session tags by default (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1775">#1775</a>)
(<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/e0ba7685077379a14a82d01fefd511490344ebfc">e0ba768</a>)</li>
<li>add more retry logic and better logging (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1764">#1764</a>)
(<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/540d0c13aedb8d55501d220bd2f0b3cdedfe84e8">540d0c1</a>)</li>
<li>add regex validation to role-session-name (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1765">#1765</a>)
(<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/e35449909c6ede5083a48ba4b8bbfaaa1cf09ba1">e354499</a>)</li>
<li>Allow custom session tags to be passed when assuming a role (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1759">#1759</a>)
(<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/61f50f630f383628add73c1eab3f1935ba07da2b">61f50f6</a>)</li>
<li>expose run id in STS client user-agent (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1774">#1774</a>)
(<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/29d1be30273e7ef371d59fccf6ec54572c64ec89">29d1be3</a>)</li>
<li>support custom STS endpoints (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1762">#1762</a>)
(<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/8d52d05d7a4521fa52b39de50cb6114b12e5c332">8d52d05</a>)</li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li>skip credential check on output-env-credentials: false (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1778">#1778</a>)
(<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/58e7c47adf77846879008deadfeeef8a6969fe6c">58e7c47</a>)</li>
<li>assumeRole failing from session tag size too large (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1808">#1808</a>)
(<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/d6f5dc331b44474b19a52caaf85fa4d637b13c8e">d6f5dc3</a>)</li>
</ul>
<h2><a
href="https://github.com/aws-actions/configure-aws-credentials/compare/v6.1.2...v6.1.3">6.1.3</a>
(2026-05-28)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>fix: allow kubelet token symlink in <a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1805">#1805</a></li>
</ul>
<h2><a
href="https://github.com/aws-actions/configure-aws-credentials/compare/v6.1.1...v6.1.2">6.1.2</a>
(2026-05-26)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>additional filesystem checks (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1799">#1799</a>)
(<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/c39f282697aca8a78c522ecf1f7da9899a31432c">c39f282</a>)</li>
</ul>
<h2><a
href="https://github.com/aws-actions/configure-aws-credentials/compare/v6.1.0...v6.1.1">6.1.1</a>
(2026-05-05)</h2>
<h3>Miscellaneous Chores</h3>
<ul>
<li>various dependency updates</li>
</ul>
<h2><a
href="https://github.com/aws-actions/configure-aws-credentials/compare/v6.0.0...v6.1.0">6.1.0</a>
(2026-04-06)</h2>
<h3>Features</h3>
<ul>
<li>add skip cleanup option (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1716">#1716</a>)
(<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/11b1c58b24724e66aa52a847862a0c1b0c4b0c7b">11b1c58</a>),
closes <a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1545">#1545</a></li>
<li>Support usage of AWS Profiles (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1696">#1696</a>)
(<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/a7f0c828ac76e0d049e34c920172c60f579f9eb3">a7f0c82</a>)</li>
</ul>
<h2><a
href="https://github.com/aws-actions/configure-aws-credentials/compare/v5.1.1...v6.0.0">6.0.0</a>
(2026-02-04)</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/aws-actions/configure-aws-credentials/commit/99214aa6889fcddfa57764031d71add364327e59"><code>99214aa</code></a>
chore: Update dist</li>
<li><a
href="https://github.com/aws-actions/configure-aws-credentials/commit/217d17914b0cd9d60b0a245d448e1b24818a1ead"><code>217d179</code></a>
fix: allow kubelet token symlink (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1805">#1805</a>)</li>
<li><a
href="https://github.com/aws-actions/configure-aws-credentials/commit/5548f3441ba4214d9bc45b3eb0dc57d86c453a1a"><code>5548f34</code></a>
chore: Update dist</li>
<li><a
href="https://github.com/aws-actions/configure-aws-credentials/commit/77cd089899db691aca656a40c5feca6f9ffd1a6c"><code>77cd089</code></a>
chore: document container credentials provider support (and delete
transitive...</li>
<li><a
href="https://github.com/aws-actions/configure-aws-credentials/commit/dbacf3135e24f60790e5ac01a67f84e199191db3"><code>dbacf31</code></a>
chore: bump release version (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1801">#1801</a>)</li>
<li><a
href="https://github.com/aws-actions/configure-aws-credentials/commit/87eb0cf693007eb577da275f6108204249532c6c"><code>87eb0cf</code></a>
chore: replay 6.2 devel changes onto main (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1800">#1800</a>)</li>
<li>See full diff in <a
href="https://github.com/aws-actions/configure-aws-credentials/compare/acca2b1b2070338fb9fd1ca27ecee81d687e58e5...99214aa6889fcddfa57764031d71add364327e59">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=aws-actions/configure-aws-credentials&package-manager=github_actions&previous-version=6.1.2&new-version=6.1.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot @jgoux
fix(docker): bump supabase/realtime from v2.103.1 to v2.103.2 in /app…
26526e4 
…s/cli-go/pkg/config/templates in the docker-minor group (#5464)

Bumps the docker-minor group in /apps/cli-go/pkg/config/templates with 1
update: supabase/realtime.

Updates `supabase/realtime` from v2.103.1 to v2.103.2


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=supabase/realtime&package-manager=docker&previous-version=v2.103.1&new-version=v2.103.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Julien Goux <hi@jgoux.dev>
@jgoux
fix(cli): persist legacy telemetry opt-out (#5465)
0172ee9 
## What changed

This makes the telemetry state file compatible in both directions
between the Go legacy CLI and the TypeScript telemetry runtime.

The Go telemetry disable command writes the legacy state shape with
enabled: false, while the TypeScript runtime expects the newer consent:
denied shape before suppressing the first-run telemetry notice. Because
the runtime treated the legacy file as invalid or missing, every TTY
command could show the telemetry notice again after opt-out.

The TypeScript reader now maps legacy enabled state into effective
consent, and the Go loader now understands TypeScript consent state so
either side preserves the user opt-out and identity/session fields.

## Reviewer context

Regression coverage was added for legacy disabled/enabled state in the
TypeScript consent/runtime tests, and for Go loading a TypeScript
disabled telemetry config.
@jgoux
fix(cli): restore Go debug output parity (#5467)
0ceea0b 
Restores the Go CLI debug side effects for native TypeScript legacy
Management API commands.

The TypeScript path was resolving profiles, credentials, and generated
API URLs correctly, but it no longer emitted the debug breadcrumbs that
Go printed from profile loading, access-token lookup, root command
setup, and HTTP transport logging. That made `supabase --profile
supabase projects list --debug` hide which profile file, resolved
profile host, token source, and Management API host were used.

This ports those debug side effects into the TS legacy config,
credentials, and platform API layers, and moves typed Management API
HTTP debug logging to the point where generated requests have the active
profile base URL attached. The output order now matches the Go
management-command flow, including the repeated token-source line around
the root debug banner.
@supabase-cli-releaser supabase-cli-releaser Bot requested a review from a team as a code owner June 4, 2026 11:11
@supabase-cli-releaser supabase-cli-releaser Bot added the do not merge Approve to apply; do not merge. label Jun 4, 2026
@coveralls
Copy link
Copy Markdown

coveralls commented Jun 4, 2026

Coverage Report for CI Build 26948164723

Warning

No base build found for commit 1d1e719 on main.
Coverage changes can't be calculated without a base build.
If a base build is processing, this comment will update automatically when it completes.

Coverage: 63.987%

Details

  • Patch coverage: No coverable lines changed in this PR.

Uncovered Changes

No uncovered changes found.

Coverage Regressions

Requires a base build to compare against. How to fix this →

Coverage Stats

Coverage Status
Relevant Lines: 15850
Covered Lines: 10142
Line Coverage: 63.99%
Coverage Strength: 7.1 hits per line
💛 - Coveralls

@jgoux jgoux merged commit 310e453 into main Jun 4, 2026
23 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jgoux jgoux jgoux approved these changes

Assignees

No one assigned

Labels

do not merge Approve to apply; do not merge.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@coveralls @jgoux @Coly010 @7ttp @Versa-Sync-Studios @avallete