update

Author: CodeWithSushil

.editorconfig

@@ -0,0 +1,18 @@
+root = true
+
+[*]
+charset = utf-8
+end_of_line = lf
+indent_size = 4
+indent_style = space
+insert_final_newline = true
+trim_trailing_whitespace = true
+
+[*.md]
+trim_trailing_whitespace = false
+
+[*.{yml,yaml}]
+indent_size = 2
+
+[docker-compose.yml]
+indent_size = 4

.env.example

@@ -0,0 +1,7 @@
+# Supabase Config
+
+# Supabase database URL
+SB_URL=https://[your].supabase.co
+
+# Supabase Anon or `service_role` API key.
+SB_APIKEY= your anon api key

.gitattributes

@@ -0,0 +1,43 @@
+# Normalize text files (LF endings for consistency)
+*.php text eol=lf
+*.js text eol=lf
+*.css text eol=lf
+*.html text eol=lf
+*.md text eol=lf
+*.json text eol=lf
+*.yml text eol=lf
+*.xml text eol=lf
+
+# Treat binary files properly
+*.jpg binary
+*.png binary
+*.gif binary
+*.ico binary
+*.woff binary
+*.woff2 binary
+*.ttf binary
+*.eot binary
+*.mp4 binary
+*.pdf binary
+
+# Prevent diffing of lock files and minified files
+composer.lock -diff
+LICENSE -diff
+
+
+# Exclude files from `git archive` (useful when packaging a release)
+.env export-ignore
+/tests/ export-ignore
+.github export-ignore
+.gitignore export-ignore
+.gitattributes export-ignore
+/vendor/ export-ignore
+/example/ export-ignore
+CODE_OF_CONDUCT.md export-ignore
+CHANGELOG.md export-ignore
+index.php export-ignore
+phpunit.xml export-ignore
+composer.json export-ignore
+composer.lock export-ignore
+.editorconfig export-ignore
+.env.example export-ignore

.github/CODE_OF_CONDUCT.md

@@ -0,0 +1,36 @@
+### Code of Conduct
+
+This Code of Conduct outlines the principles and guidelines for contributing to the Supabase PHP client. By participating in this project, you agree to abide by these rules.
+
+**Respect and Inclusivity:**
+
+- Treat everyone with respect and avoid discriminatory language, harassment, or bullying.
+- Foster inclusivity by welcoming contributions from all backgrounds and perspectives.
+- Be mindful of cultural differences and respect diverse customs and beliefs.
+
+**Collaboration and Community:**
+
+- Contribute positively by sharing your knowledge, ideas, and code in a constructive manner.
+- Be open to feedback and welcome constructive criticism and suggestions.
+- Respect intellectual property and acknowledge and attribute the work of others.
+
+**Ethical Conduct:**
+
+- Use technology responsibly and avoid malicious or harmful activities.
+- Protect privacy and handle user data with care and respect.
+- Comply with laws and regulations related to open-source software and data privacy.
+
+**MIT License:**
+
+- The Supabase PHP client is licensed under the `MIT License`, allowing for modification and distribution.
+- Contributors must be acknowledged in the code or documentation.
+- The code is provided "as is" without any warranties.
+
+**Specific Guidelines:**
+
+- Write clean, well-documented, and maintainable code.
+- Ensure code quality through thorough testing.
+- Prioritize security best practices to protect against vulnerabilities.
+- Participate in discussions, answer questions, and provide support to other users.
+
+By contributing to this project, you agree to adhere to this Code of Conduct.

.github/FUNDING.yml

@@ -0,0 +1,15 @@
+# These are supported funding model platforms
+
+github: [Ashishkumbhar01, CodeWithSushil]
+patreon: Code_With_Sushil
+open_collective: codewithsushil
+ko_fi: # Replace with a single Ko-fi username
+tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
+community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
+liberapay: # Replace with a single Liberapay username
+issuehunt: # Replace with a single IssueHunt username
+lfx_crowdfunding: # Replace with a single LFX Crowdfunding project-name e.g., cloud-foundry
+polar: # Replace with a single Polar username
+buy_me_a_coffee: codewithsushil
+thanks_dev: # Replace with a single thanks.dev username
+custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']

.github/SECURITY.md

@@ -0,0 +1,38 @@
+# Security Policy
+
+Thank you for helping keep `Supabase-php/Supabase-client` secure!
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability within this project, we strongly encourage you to report it responsibly.
+
+Please **do not open a public issue**. Instead, contact us privately at:
+
+- **Email:** sushilkumbhar77@gmail.com
+
+We aim to respond within **48 hours** and will work with you to verify and address the vulnerability promptly.
+
+## Disclosure Policy
+
+- We will acknowledge receipt of your report within 1–2 business days.
+- We will confirm the validity of the issue and plan a timeline for the fix.
+- A fix will be released and a public disclosure will be made only after the patch is available.
+
+## Supported Versions
+
+| Version            | Supported          |
+| ------------------ | ------------------ |
+| `1.1.2` (latest)     | ✅ Supported       |
+| `< 1.0.0` (legacy)   | ❌ Not maintained  |
+
+## Scope
+
+This policy applies to the core `Supabase-php/Supabase-client` repository only. Issues related to external dependencies should be reported to their respective maintainers.
+
+## Preferred Languages
+
+Please submit vulnerability reports in **English** if possible.
+
+---
+
+We appreciate responsible disclosures and your effort to make the open-source ecosystem safer.

.github/dependabot.yml

@@ -0,0 +1,29 @@
+# Rule
+version: 2
+updates:
+  # This section defines updates for Composer dependencies
+  - package-ecosystem: "composer"
+    # Directory where the Composer file is located
+    directory: "/"
+    # Frequency of the updates (daily, weekly, monthly)
+    schedule:
+      interval: "weekly"
+    labels:
+      - "dependencies"
+    # Optionally, you can set a time for the updates
+    # time: "08:00"
+    # Optionally, set a day for weekly updates (monday, tuesday, etc.)
+    # day: "monday"
+    # Optionally, ignore certain dependencies or versions
+    # ignore:
+    #   - dependency-name: "vendor/package"
+    #     versions: ["1.x", "2.0.0"]
+    # Optionally, configure the behavior of pull requests
+    pull-request-branch-name:
+      separator: "_"
+    commit-message:
+      prefix: "dependabot:"
+      include: "scope"
+    target-branch: "master"
+    versioning-strategy: "increase"
+    rebase-strategy: "auto"

.github/workflows/dependency-review.yml

@@ -0,0 +1,39 @@
+# Dependency Review Action
+#
+# This Action will scan dependency manifest files that change as part of a Pull Request,
+# surfacing known-vulnerable versions of the packages declared or updated in the PR.
+# Once installed, if the workflow run is marked as required, PRs introducing known-vulnerable
+# packages will be blocked from merging.
+#
+# Source repository: https://github.com/actions/dependency-review-action
+# Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
+name: 'Dependency review'
+on:
+  pull_request:
+    branches: [ "master" ]
+
+# If using a dependency submission action in this workflow this permission will need to be set to:
+#
+# permissions:
+#   contents: write
+#
+# https://docs.github.com/en/enterprise-cloud@latest/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api
+permissions:
+  contents: read
+  # Write permissions for pull-requests are required for using the `comment-summary-in-pr` option, comment out if you aren't using this option
+  pull-requests: write
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Checkout repository'
+        uses: actions/checkout@v4
+      - name: 'Dependency Review'
+        uses: actions/dependency-review-action@v4
+        # Commonly enabled options, see https://github.com/actions/dependency-review-action#configuration-options for all available options.
+        with:
+          comment-summary-in-pr: always
+        #   fail-on-severity: moderate
+        #   deny-licenses: GPL-1.0-or-later, LGPL-2.0-or-later
+        #   retry-on-snapshot-warnings: true

.github/workflows/stale.yml

@@ -0,0 +1,27 @@
+# This workflow warns and then closes issues and PRs that have had no activity for a specified amount of time.
+#
+# You can adjust the behavior by modifying this file.
+# For more information, see:
+# https://github.com/actions/stale
+name: Mark stale issues and pull requests
+
+on:
+  schedule:
+  - cron: '42 18 * * *'
+
+jobs:
+  stale:
+
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      pull-requests: write
+
+    steps:
+    - uses: actions/stale@v5
+      with:
+        repo-token: ${{ secrets.GITHUB_TOKEN }}
+        stale-issue-message: 'Stale issue message'
+        stale-pr-message: 'Stale pull request message'
+        stale-issue-label: 'no-issue-activity'
+        stale-pr-label: 'no-pr-activity'

.github/workflows/tests.yml

@@ -0,0 +1,44 @@
+name: Tests
+
+on:
+  push:
+    branches: [ "master" ]
+  pull_request:
+    branches: [ "master" ]
+
+permissions:
+  contents: read
+
+jobs:
+  tests:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v6
+
+    - name: Setup PHP with PECL extension
+      uses: shivammathur/setup-php@v2
+      with:
+        php-version: '8.4'
+
+    - name: Validate composer.json and composer.lock
+      run: composer validate --strict
+
+    - name: Cache Composer packages
+      id: composer-cache
+      uses: actions/cache@v5
+      with:
+        path: vendor
+        key: ${{ runner.os }}-php-${{ hashFiles('**/composer.lock') }}
+        restore-keys: |
+          ${{ runner.os }}-php-
+
+    - name: Install dependencies
+      run: composer install --prefer-dist --no-progress
+
+    # Add a test script to composer.json, for instance: "test": "vendor/bin/phpunit"
+    # Docs: https://getcomposer.org/doc/articles/scripts.md
+
+    - name: Run test suite
+      run: composer run-script test:unit