Skip to content

[pull] develop from supabase:develop#11

Open
pull[bot] wants to merge 134 commits into
pjpjq:developfrom
supabase:develop
Open

[pull] develop from supabase:develop#11
pull[bot] wants to merge 134 commits into
pjpjq:developfrom
supabase:develop

Conversation

@pull

@pull pull Bot commented Jun 26, 2026

Copy link
Copy Markdown

See Commits and Changes for more details.


Created by pull[bot] (v2.0.0-alpha.4)

Can you help keep this open source service alive? 💖 Please sponsor : )

supabase-cli-releaser Bot and others added 6 commits June 26, 2026 09:45
This PR was automatically created to sync the generated `@supabase/api`
package with the latest Management API OpenAPI document.

Changes were detected in the upstream OpenAPI document exposed by
`https://api.supabase.com/api/v1-json`.

Co-authored-by: jgoux <1443499+jgoux@users.noreply.github.com>
Adds a `live` test category that exercises the built CLI against a
**real Supabase platform** — a fulls supabox stack stood up in CI by
cli-e2e-ci — and the cli-side trigger that runs it for a PR.

## What changed
- **`live` Vitest project** (`*.live.test.ts`) + harness in
`apps/cli/tests/helpers/live.ts`:
- `runSupabaseLive` (drives the built binary via
`SUPABASE_PROFILE=supabase-local`), `describeLive` (gated on
`SUPABASE_ACCESS_TOKEN`), and `describeLiveProject` /
`requireLiveProjectRef` (gated on `SUPABASE_LIVE_PROJECT_REF` for
project-scoped suites).
  - `tests/live-global-setup.ts` fail-fast reachability probe.
- nx `test:live` target (auto-derived from the project) + `nx.json`
default; **removed** the recursive `test:live` package script (it
shadowed the nx target and looped).
- **8 live scenarios**: `orgs list` (+JSON, +invalid-token negative),
`projects list` (+JSON), `functions list` / `branches list`
(project-scoped), and a `functions list` unknown-project (404) negative.
- **`.github/workflows/dispatch-cli-e2e-ci.yml`**: on PRs labeled
`run-live-e2e-ci`, fires a `repository_dispatch` to cli-e2e-ci with the
PR head SHA; cli-e2e-ci builds that SHA, runs the suite, and reports a
`cli-e2e-ci / live` commit status back. Distinct from the staging
`live-e2e.yml`.

## Why
There was no backend-hitting live coverage — existing `*.e2e.test.ts`
use fake tokens. This validates real Management-API flows end-to-end
against supabox. Refs CLI-1825 / CLI-1834 / CLI-1831.

## Reviewer notes
- The `live` project is **inert by default** — it only runs when
`SUPABASE_ACCESS_TOKEN` is set (the cli-e2e-ci runner provides supabox's
seeded PAT), so it does not touch the normal unit/integration/e2e loop.
- Validated green in cli-e2e-ci on Blacksmith: **8 passed, 0 skipped**,
including the project-scoped suites (the runner provisions a project and
sets `SUPABASE_LIVE_PROJECT_REF`).
- The dispatch loop needs, on the infra side: a `run-live-e2e-ci` label
on this repo, the App's `contents: write` on cli-e2e-ci (to dispatch)
and `statuses: write` here (for the back-status). The build/test half is
proven without them.

---------

Co-authored-by: Claude <noreply@anthropic.com>
## What kind of change does this PR introduce?

- Revert #5628 fixed by
supabase/realtime#1984
- Sync template/tests to latest Realtime version

## What is the current behavior?

Realtime update blocked.

Co-authored-by: Andrew Valleteau <avallete@users.noreply.github.com>
## TL;DR

Fixes a regression in `supabase db diff` where declarative
`schema_paths` entries that currently match no files
would abort the command instead of being skipped

## What’s fixed?

loading path now ignores empty `schema_paths` glob matches while still
preserving existing behavior for valid matches, deterministic ordering,
deduping, and invalid glob errors

**Before:**

Projects using declarative schema config like:
would fail if one of those globs matched nothing, with an error like:

```text
no files matched pattern: supabase/schemas/materialized_views/*.sql
```

That turned a normal incremental-adoption setup into a fatal `db diff`
failure

**After:**

skips empty `schema_paths` glob entries and continues diffing with the
files that do exist,
matching the expected existing behavior

## Ref

- closes #5700
…ps/cli-go/pkg/config/templates in the docker-minor group (#5709)

Bumps the docker-minor group in /apps/cli-go/pkg/config/templates with 1
update: supabase/realtime.

Updates `supabase/realtime` from v2.111.8 to v2.111.10


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=supabase/realtime&package-manager=docker&previous-version=v2.111.8&new-version=v2.111.10)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
… in /apps/cli-go in the go-minor group across 1 directory (#5710)

Bumps the go-minor group with 1 update in the /apps/cli-go directory:
[github.com/posthog/posthog-go](https://github.com/posthog/posthog-go).

Updates `github.com/posthog/posthog-go` from 1.15.1 to 1.16.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/posthog/posthog-go/releases">github.com/posthog/posthog-go's
releases</a>.</em></p>
<blockquote>
<h2>1.16.0</h2>
<h2>Unreleased</h2>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/PostHog/posthog-go/blob/main/CHANGELOG.md">github.com/posthog/posthog-go's
changelog</a>.</em></p>
<blockquote>
<h2>1.16.0</h2>
<h3>Minor Changes</h3>
<ul>
<li>1068ec9: Add a BeforeSend hook for modifying or dropping messages
before they are sent.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/PostHog/posthog-go/commit/d91c948ae95f3a095c7717818e6b0635beb6e312"><code>d91c948</code></a>
chore: release v1.16.0 [version bump] [skip ci]</li>
<li><a
href="https://github.com/PostHog/posthog-go/commit/1068ec9006b371d517e5515972c0ea8f8d604e3e"><code>1068ec9</code></a>
feat: add before send hook (<a
href="https://redirect.github.com/posthog/posthog-go/issues/224">#224</a>)</li>
<li><a
href="https://github.com/PostHog/posthog-go/commit/36d1928b5732d99687c9c4a17daee937a5f3753c"><code>36d1928</code></a>
test: stabilize race-mode tests (<a
href="https://redirect.github.com/posthog/posthog-go/issues/227">#227</a>)</li>
<li><a
href="https://github.com/PostHog/posthog-go/commit/e1d47eabc4b4a722f629d037e4c434c6840dbc86"><code>e1d47ea</code></a>
chore: Template SDK version in API snapshot (<a
href="https://redirect.github.com/posthog/posthog-go/issues/226">#226</a>)</li>
<li>See full diff in <a
href="https://github.com/posthog/posthog-go/compare/v1.15.1...v1.16.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/posthog/posthog-go&package-manager=go_modules&previous-version=1.15.1&new-version=1.16.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@pull pull Bot locked and limited conversation to collaborators Jun 26, 2026
@pull pull Bot added the ⤵️ pull label Jun 26, 2026
7ttp and others added 22 commits June 26, 2026 15:54
## TL;DR

fixes a regression in `supabase functions serve` by removing the bundled
Edge Runtime bootstrap script from the spawned `docker run ... sh -c
...` argv and mounting it into the container as `/root/index.ts` instead

This keeps the startup command small, preserves the runtime behavior,
and avoids the `ENAMETOOLONG: name too long, uv_spawn` failure...

## What's fixed?

`functions serve` ts path was embedding the full bundled runtime
template directly into the docker entrypoint command

on win, that made the final spawn argv large enough to fail before
docker even started,
which surfaced as `ENAMETOOLONG: name too long, uv_spawn`

**Before:**

the runtime template was embedded directly into the docker startup
command and hit spawn length limits

**After:**

the template is mounted from a temp file, so the startup command stays
short
## ref: 

- closes #5711
…emplates with 2 updates (#5717)

Bumps the docker-minor group in /apps/cli-go/pkg/config/templates with 2
updates: supabase/realtime and supabase/storage-api.

Updates `supabase/realtime` from v2.111.10 to v2.112.0

Updates `supabase/storage-api` from v1.61.4 to v1.61.5


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
… in /apps/cli-go in the go-minor group across 1 directory (#5718)

Bumps the go-minor group with 1 update in the /apps/cli-go directory:
[github.com/posthog/posthog-go](https://github.com/posthog/posthog-go).

Updates `github.com/posthog/posthog-go` from 1.16.0 to 1.16.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/posthog/posthog-go/releases">github.com/posthog/posthog-go's
releases</a>.</em></p>
<blockquote>
<h2>1.16.1</h2>
<h2>Unreleased</h2>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/PostHog/posthog-go/blob/main/CHANGELOG.md">github.com/posthog/posthog-go's
changelog</a>.</em></p>
<blockquote>
<h2>1.16.1</h2>
<h3>Patch Changes</h3>
<ul>
<li>922cfff: Validate user-supplied event UUIDs before sending and
generate a fallback UUID when invalid.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/PostHog/posthog-go/commit/4e2ddac87f0b580ace1d1dd79a94b481ae797315"><code>4e2ddac</code></a>
chore: release v1.16.1 [version bump] [skip ci]</li>
<li><a
href="https://github.com/PostHog/posthog-go/commit/922cfff977077a014a15b78a70cd8becadb17c71"><code>922cfff</code></a>
fix: validate supplied event UUIDs (<a
href="https://redirect.github.com/posthog/posthog-go/issues/233">#233</a>)</li>
<li>See full diff in <a
href="https://github.com/posthog/posthog-go/compare/v1.16.0...v1.16.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/posthog/posthog-go&package-manager=go_modules&previous-version=1.16.0&new-version=1.16.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
… in /apps/cli-go in the go-minor group across 1 directory (#5719)

Bumps the go-minor group with 1 update in the /apps/cli-go/pkg
directory:
[github.com/oapi-codegen/runtime](https://github.com/oapi-codegen/runtime).

Updates `github.com/oapi-codegen/runtime` from 1.4.1 to 1.4.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/oapi-codegen/runtime/releases">github.com/oapi-codegen/runtime's
releases</a>.</em></p>
<blockquote>
<h2>Bug fix for required parameters</h2>
<p>This is a bug fix to address a regression introduced in oapi-codegen
v2.7.0</p>
<h2>🐛 Bug fixes</h2>
<ul>
<li>Add missing required parameter detection (<a
href="https://redirect.github.com/oapi-codegen/runtime/issues/135">#135</a>)
<a
href="https://github.com/mromaszewicz"><code>@​mromaszewicz</code></a></li>
</ul>
<h2>Sponsors</h2>
<p>We would like to thank our sponsors for their support during this
release.</p>
<!-- raw HTML omitted -->
<!-- raw HTML omitted -->
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/oapi-codegen/runtime/commit/7afeea85927be046b4a5c27cf9ae6b2cd754453c"><code>7afeea8</code></a>
Add missing required parameter detection (<a
href="https://redirect.github.com/oapi-codegen/runtime/issues/135">#135</a>)</li>
<li>See full diff in <a
href="https://github.com/oapi-codegen/runtime/compare/v1.4.1...v1.4.2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/oapi-codegen/runtime&package-manager=go_modules&previous-version=1.4.1&new-version=1.4.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the npm-major group with 26 updates:

| Package | From | To |
| --- | --- | --- |
| [verdaccio](https://github.com/verdaccio/verdaccio) | `6.7.2` |
`6.7.4` |
| [smol-toml](https://github.com/squirrelchat/smol-toml) | `1.6.1` |
`1.7.0` |
|
[@supabase/supabase-js](https://github.com/supabase/supabase-js/tree/HEAD/packages/core/supabase-js)
| `2.108.1` | `2.108.2` |
|
[@anthropic-ai/claude-agent-sdk](https://github.com/anthropics/claude-agent-sdk-typescript)
| `0.3.177` | `0.3.185` |
|
[@anthropic-ai/sdk](https://github.com/anthropics/anthropic-sdk-typescript)
| `0.104.1` | `0.105.0` |
|
[@clack/prompts](https://github.com/bombshell-dev/clack/tree/HEAD/packages/prompts)
| `1.5.1` | `1.6.0` |
| [ink](https://github.com/vadimdemedes/ink) | `7.0.6` | `7.1.0` |
| [pg](https://github.com/brianc/node-postgres/tree/HEAD/packages/pg) |
`8.21.0` | `8.22.0` |
|
[posthog-node](https://github.com/PostHog/posthog-js/tree/HEAD/packages/node)
| `5.37.0` | `5.38.2` |
| [fumadocs-core](https://github.com/fuma-nama/fumadocs) | `16.10.2` |
`16.10.5` |
| [fumadocs-ui](https://github.com/fuma-nama/fumadocs) | `16.10.2` |
`16.10.5` |
|
[@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node)
| `25.9.3` | `26.0.0` |
|
[@effect/atom-react](https://github.com/Effect-TS/effect-smol/tree/HEAD/packages/atom/react)
| `4.0.0-beta.83` | `4.0.0-beta.85` |
|
[@effect/platform-bun](https://github.com/Effect-TS/effect/tree/HEAD/packages/platform-bun)
| `4.0.0-beta.83` | `4.0.0-beta.85` |
|
[@effect/platform-node](https://github.com/Effect-TS/effect/tree/HEAD/packages/platform-node)
| `4.0.0-beta.83` | `4.0.0-beta.85` |
|
[@effect/sql-pg](https://github.com/Effect-TS/effect/tree/HEAD/packages/sql-pg)
| `4.0.0-beta.83` | `4.0.0-beta.85` |
|
[@effect/vitest](https://github.com/Effect-TS/effect/tree/HEAD/packages/vitest)
| `4.0.0-beta.84` | `4.0.0-beta.85` |
| [@nx/devkit](https://github.com/nrwl/nx/tree/HEAD/packages/devkit) |
`22.7.5` | `23.0.0` |
|
[@typescript/native-preview](https://github.com/microsoft/typescript-go)
| `7.0.0-dev.20260614.1` | `7.0.0-dev.20260621.1` |
|
[@vitest/coverage-istanbul](https://github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-istanbul)
| `4.1.8` | `4.1.9` |
|
[effect](https://github.com/Effect-TS/effect/tree/HEAD/packages/effect)
| `4.0.0-beta.83` | `4.0.0-beta.85` |
| [knip](https://github.com/webpro-nl/knip/tree/HEAD/packages/knip) |
`6.16.1` | `6.17.1` |
| [oxfmt](https://github.com/oxc-project/oxc/tree/HEAD/npm/oxfmt) |
`0.54.0` | `0.55.0` |
| [oxlint](https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint) |
`1.69.0` | `1.70.0` |
| [tldts](https://github.com/remusao/tldts) | `6.1.86` | `7.4.3` |
|
[vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest)
| `4.1.8` | `4.1.9` |

Updates `verdaccio` from 6.7.2 to 6.7.4
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/verdaccio/verdaccio/releases">verdaccio's
releases</a>.</em></p>
<blockquote>
<h2>v6.7.4</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p>0205c78: fix: run jwt middleware before middleware plugins</p>
<p>Register the JWT middleware before middleware plugins are loaded so
that
<code>req.remote_user</code> (anonymous by default) is available inside
a plugin's
<code>register_middlewares</code>. The API router keeps its own JWT
middleware behind a
guard so it is not executed twice.</p>
<p>Backport of <a
href="https://redirect.github.com/verdaccio/verdaccio/pull/5697">verdaccio/verdaccio#5697</a></p>
<p>Closes <a
href="https://redirect.github.com/verdaccio/verdaccio/issues/5167">#5167</a></p>
</li>
</ul>
<h2>v6.7.3</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p>f8fdfc2: fix: enforce generated npm token metadata</p>
<p>Generated npm tokens (<code>POST /-/npm/v1/tokens</code>) stored
their <code>readonly</code> and
<code>cidr_whitelist</code> restrictions but never enforced them, and
deleting a token did
not revoke it for the package APIs. A token marked read-only or pinned
to a CIDR
range could still publish packages and change dist-tags, and a deleted
token
remained usable.</p>
<p>Generated tokens now embed a server-issued key (in the JWT claim, or
in the
encrypted legacy AES payload) and a new
<code>enforceGeneratedTokenMetadata</code>
middleware looks that key up on each request, rejecting the token when
it is
missing/revoked, used outside its CIDR whitelist, or used for a write
while
read-only. Enforcement applies to both AES and JWT API-token modes.</p>
<p>Note: tokens issued before upgrading carry no key and are not
retroactively
constrained — regenerate them to apply the restrictions.</p>
</li>
<li>
<p>be80623: fix: allow npm token create without
readonly/cidr_whitelist</p>
<p><code>npm token create</code> in npm &gt;= 11 (and the npm 12
prereleases) rewrote the
request body: it no longer sends <code>readonly</code> and only sends
<code>cidr_whitelist</code>
when <code>--cidr</code> is passed. The <code>POST
/-/npm/v1/tokens</code> endpoint required both,
so modern npm clients failed with <code>422 the parameters are not
valid</code>.</p>
<p>The endpoint now defaults <code>readonly</code> to <code>false</code>
and <code>cidr_whitelist</code> to <code>[]</code>
when they are absent, while still rejecting values of the wrong
type.</p>
</li>
<li>
<p>75c85d5: Update verdaccio dependencies to the <code>latest</code> npm
dist-tag (<code>@verdaccio/ui-theme</code> tracks
<code>next-9</code>):</p>
<ul>
<li><code>@verdaccio/ui-theme</code>: <code>9.0.0-next-9.19</code> →
<code>9.0.0-next-9.20</code></li>
</ul>
</li>
<li>
<p>d5e5332: chore: update dependencies</p>
<p>Updates runtime dependencies <code>@verdaccio/ui-theme</code>
(<code>9.0.0-next-9.19</code>) and</p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/verdaccio/verdaccio/blob/v6.7.4/CHANGELOG.md">verdaccio's
changelog</a>.</em></p>
<blockquote>
<h2>6.7.4</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p>0205c78: fix: run jwt middleware before middleware plugins</p>
<p>Register the JWT middleware before middleware plugins are loaded so
that
<code>req.remote_user</code> (anonymous by default) is available inside
a plugin's
<code>register_middlewares</code>. The API router keeps its own JWT
middleware behind a
guard so it is not executed twice.</p>
<p>Backport of <a
href="https://redirect.github.com/verdaccio/verdaccio/pull/5697">verdaccio/verdaccio#5697</a></p>
<p>Closes <a
href="https://redirect.github.com/verdaccio/verdaccio/issues/5167">#5167</a></p>
</li>
</ul>
<h2>6.7.3</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p>f8fdfc2: fix: enforce generated npm token metadata</p>
<p>Generated npm tokens (<code>POST /-/npm/v1/tokens</code>) stored
their <code>readonly</code> and
<code>cidr_whitelist</code> restrictions but never enforced them, and
deleting a token did
not revoke it for the package APIs. A token marked read-only or pinned
to a CIDR
range could still publish packages and change dist-tags, and a deleted
token
remained usable.</p>
<p>Generated tokens now embed a server-issued key (in the JWT claim, or
in the
encrypted legacy AES payload) and a new
<code>enforceGeneratedTokenMetadata</code>
middleware looks that key up on each request, rejecting the token when
it is
missing/revoked, used outside its CIDR whitelist, or used for a write
while
read-only. Enforcement applies to both AES and JWT API-token modes.</p>
<p>Note: tokens issued before upgrading carry no key and are not
retroactively
constrained — regenerate them to apply the restrictions.</p>
</li>
<li>
<p>be80623: fix: allow npm token create without
readonly/cidr_whitelist</p>
<p><code>npm token create</code> in npm &gt;= 11 (and the npm 12
prereleases) rewrote the
request body: it no longer sends <code>readonly</code> and only sends
<code>cidr_whitelist</code>
when <code>--cidr</code> is passed. The <code>POST
/-/npm/v1/tokens</code> endpoint required both,
so modern npm clients failed with <code>422 the parameters are not
valid</code>.</p>
<p>The endpoint now defaults <code>readonly</code> to <code>false</code>
and <code>cidr_whitelist</code> to <code>[]</code>
when they are absent, while still rejecting values of the wrong
type.</p>
</li>
<li>
<p>75c85d5: Update verdaccio dependencies to the <code>latest</code> npm
dist-tag (<code>@verdaccio/ui-theme</code> tracks
<code>next-9</code>):</p>
<ul>
<li><code>@verdaccio/ui-theme</code>: <code>9.0.0-next-9.19</code> →
<code>9.0.0-next-9.20</code></li>
</ul>
</li>
<li>
<p>d5e5332: chore: update dependencies</p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/verdaccio/verdaccio/commit/9570db1b87dfe9534121533f2d7f7f8efc782cf4"><code>9570db1</code></a>
chore: release 6.x (<a
href="https://redirect.github.com/verdaccio/verdaccio/issues/5963">#5963</a>)</li>
<li><a
href="https://github.com/verdaccio/verdaccio/commit/0205c78c37dfa2e3d0722f7b96b3cecf51bf08f6"><code>0205c78</code></a>
fix: run jwt middleware before middleware plugins (<a
href="https://redirect.github.com/verdaccio/verdaccio/issues/5962">#5962</a>)</li>
<li><a
href="https://github.com/verdaccio/verdaccio/commit/9d924e7e8a6aaddc65fd265f3309e58edcf208bb"><code>9d924e7</code></a>
chore: release 6.x (<a
href="https://redirect.github.com/verdaccio/verdaccio/issues/5950">#5950</a>)</li>
<li><a
href="https://github.com/verdaccio/verdaccio/commit/75c85d561a2025b0f345be13b394225bbf512638"><code>75c85d5</code></a>
chore: update verdaccio 6.x dependencies (<a
href="https://redirect.github.com/verdaccio/verdaccio/issues/5961">#5961</a>)</li>
<li><a
href="https://github.com/verdaccio/verdaccio/commit/d5e5332841ea8747924ca0c5d06b62db8f0720b3"><code>d5e5332</code></a>
fix: update core dependencies (<a
href="https://redirect.github.com/verdaccio/verdaccio/issues/5952">#5952</a>)</li>
<li><a
href="https://github.com/verdaccio/verdaccio/commit/be8062350fab80cbbcd4de8c6d3c819e6f86cee7"><code>be80623</code></a>
fix: allow npm token create without readonly/cidr_whitelist (<a
href="https://redirect.github.com/verdaccio/verdaccio/issues/5951">#5951</a>)</li>
<li><a
href="https://github.com/verdaccio/verdaccio/commit/f8fdfc2d97f3abd7d328a67c7090a31124c42502"><code>f8fdfc2</code></a>
fix: enforce generated npm token metadata (<a
href="https://redirect.github.com/verdaccio/verdaccio/issues/5945">#5945</a>)</li>
<li><a
href="https://github.com/verdaccio/verdaccio/commit/b491e8425f10d303c5ecab5c509ffc830269f2a6"><code>b491e84</code></a>
chore: update ci settings</li>
<li><a
href="https://github.com/verdaccio/verdaccio/commit/3a6c39389ec4393458d30c3863acc1802406f7da"><code>3a6c393</code></a>
chore: update ci settings</li>
<li><a
href="https://github.com/verdaccio/verdaccio/commit/b319f7ef6ae5cc22349998ef44e904a187b1d02d"><code>b319f7e</code></a>
fix(deps): update dependency express to v4.22.2 (<a
href="https://redirect.github.com/verdaccio/verdaccio/issues/5902">#5902</a>)</li>
<li>See full diff in <a
href="https://github.com/verdaccio/verdaccio/compare/v6.7.2...v6.7.4">compare
view</a></li>
</ul>
</details>
<br />

Updates `smol-toml` from 1.6.1 to 1.7.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/squirrelchat/smol-toml/releases">smol-toml's
releases</a>.</em></p>
<blockquote>
<h2>v1.7.0</h2>
<p>This version slightly changes the behaviour of stringify: integers
beyond the safe range are always emitted as float numbers.</p>
<p>String decode logic has been rewritten, it is a bit faster now and
uses a single-pass approach instead of a dual-pass approach as it did
previously. The code should be a bit smaller too, though I didn't
actually measure that.</p>
<p>The package is now published with source-maps, declaration-maps, and
a copy of the original TypeScript source files. This will improve your
DX if you're like me and like Ctrl+Click'ing things a lot. ;)</p>
<h2>What's Changed</h2>
<ul>
<li>improve performance of the string decode logic by <a
href="https://github.com/cyyynthia"><code>@​cyyynthia</code></a></li>
<li>fix(stringify): emit integer-valued numbers beyond the safe-integer
range as floats by <a
href="https://github.com/spokodev"><code>@​spokodev</code></a> in <a
href="https://redirect.github.com/squirrelchat/smol-toml/pull/56">squirrelchat/smol-toml#56</a></li>
<li>publish source-maps, declaration-maps, and original source files by
<a href="https://github.com/cyyynthia"><code>@​cyyynthia</code></a></li>
<li>miscellaneous repository maintenance tasks by <a
href="https://github.com/cyyynthia"><code>@​cyyynthia</code></a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/spokodev"><code>@​spokodev</code></a>
made their first contribution in <a
href="https://redirect.github.com/squirrelchat/smol-toml/pull/56">squirrelchat/smol-toml#56</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/squirrelchat/smol-toml/compare/v1.6.1...v1.7.0">https://github.com/squirrelchat/smol-toml/compare/v1.6.1...v1.7.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/squirrelchat/smol-toml/commit/a62f06faf4e45ab0a581def86c116f9706edc9df"><code>a62f06f</code></a>
revert: keep using vite 7</li>
<li><a
href="https://github.com/squirrelchat/smol-toml/commit/89aa9a394ffc544dce77ab0ff24dfd8204e1f091"><code>89aa9a3</code></a>
chore: remove prepare script</li>
<li><a
href="https://github.com/squirrelchat/smol-toml/commit/17c797475f1516da6614e31a1be9f4958bf296c0"><code>17c7974</code></a>
chore: make devEngine more lax w/ node version</li>
<li><a
href="https://github.com/squirrelchat/smol-toml/commit/e5280a34630eb25086dca746bedda28ea21ec3d9"><code>e5280a3</code></a>
ci: checkout repo first</li>
<li><a
href="https://github.com/squirrelchat/smol-toml/commit/241c256ebda07b2d225c91b7468ed8c90d0e71df"><code>241c256</code></a>
chore: version bump</li>
<li><a
href="https://github.com/squirrelchat/smol-toml/commit/0bfe7f4667fa46122663b7b6114d9514dbd1a91f"><code>0bfe7f4</code></a>
chore: build cjs with rolldown instead of esbuild</li>
<li><a
href="https://github.com/squirrelchat/smol-toml/commit/e0620ab2ac89c40d291f33df41b110277b1acedf"><code>e0620ab</code></a>
chore: fmt</li>
<li><a
href="https://github.com/squirrelchat/smol-toml/commit/96114cb58312084286ae61470ba0f017b87b8023"><code>96114cb</code></a>
test: add tests for large integers</li>
<li><a
href="https://github.com/squirrelchat/smol-toml/commit/f4537b6b3763e761069efdd7d688711c8409645c"><code>f4537b6</code></a>
fix: handle missed edge-cases in string parse</li>
<li><a
href="https://github.com/squirrelchat/smol-toml/commit/7b39aed388cdc811189a6a3683fbee2f8d344244"><code>7b39aed</code></a>
chore: include source files in published package</li>
<li>Additional commits viewable in <a
href="https://github.com/squirrelchat/smol-toml/compare/v1.6.1...v1.7.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `@supabase/supabase-js` from 2.108.1 to 2.108.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/supabase/supabase-js/releases">@​supabase/supabase-js's
releases</a>.</em></p>
<blockquote>
<h2>v2.108.2</h2>
<h2>2.108.2 (2026-06-15)</h2>
<h3>🩹 Fixes</h3>
<ul>
<li><strong>auth:</strong> preserve valid session on refresh failure and
cooldown repeat failures (<a
href="https://redirect.github.com/supabase/supabase-js/pull/2436">#2436</a>)</li>
<li><strong>realtime:</strong> clarify httpSend() 404 error and server
migration note (<a
href="https://redirect.github.com/supabase/supabase-js/pull/2444">#2444</a>)</li>
<li><strong>release:</strong> pin Deno and bound JSR publish to survive
stranded-task hangs (<a
href="https://redirect.github.com/supabase/supabase-js/pull/2439">#2439</a>)</li>
<li><strong>release:</strong> restore JSR publish flags and enable for
beta (<a
href="https://redirect.github.com/supabase/supabase-js/pull/2440">#2440</a>)</li>
</ul>
<h3>❤️ Thank You</h3>
<ul>
<li>Katerina Skroumpelou <a
href="https://github.com/mandarini"><code>@​mandarini</code></a></li>
</ul>
<h2>v2.108.2-canary.5</h2>
<h2>2.108.2-canary.5 (2026-06-15)</h2>
<p>This was a version bump only, there were no code changes.</p>
<h2>v2.108.2-canary.4</h2>
<h2>2.108.2-canary.4 (2026-06-12)</h2>
<h3>🩹 Fixes</h3>
<ul>
<li><strong>realtime:</strong> clarify httpSend() 404 error and server
migration note (<a
href="https://redirect.github.com/supabase/supabase-js/pull/2444">#2444</a>)</li>
</ul>
<h3>❤️ Thank You</h3>
<ul>
<li>Katerina Skroumpelou <a
href="https://github.com/mandarini"><code>@​mandarini</code></a></li>
</ul>
<h2>v2.108.2-canary.3</h2>
<h2>2.108.2-canary.3 (2026-06-11)</h2>
<p>This was a version bump only, there were no code changes.</p>
<h2>v2.108.2-canary.2</h2>
<h2>2.108.2-canary.2 (2026-06-11)</h2>
<h3>🩹 Fixes</h3>
<ul>
<li><strong>release:</strong> restore JSR publish flags and enable for
beta (<a
href="https://redirect.github.com/supabase/supabase-js/pull/2440">#2440</a>)</li>
</ul>
<h3>❤️ Thank You</h3>
<ul>
<li>Katerina Skroumpelou <a
href="https://github.com/mandarini"><code>@​mandarini</code></a></li>
</ul>
<h2>v2.108.2-canary.1</h2>
<h2>2.108.2-canary.1 (2026-06-11)</h2>
<h3>🩹 Fixes</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/supabase/supabase-js/blob/master/packages/core/supabase-js/CHANGELOG.md">@​supabase/supabase-js's
changelog</a>.</em></p>
<blockquote>
<h2>2.108.2 (2026-06-15)</h2>
<p>This was a version bump only for <code>@​supabase/supabase-js</code>
to align it with other projects, there were no code changes.</p>
<h2>2.108.0 (2026-06-08)</h2>
<p>This was a version bump only for <code>@​supabase/supabase-js</code>
to align it with other projects, there were no code changes.</p>
<h2>2.107.0 (2026-06-02)</h2>
<h3>🚀 Features</h3>
<ul>
<li><strong>auth:</strong> remove navigator.locks-based mutex; introduce
commit guard + dispose() (<a
href="https://redirect.github.com/supabase/supabase-js/pull/2392">#2392</a>)</li>
<li><strong>supabase:</strong> update X-Client-Info to structured
metadata format (<a
href="https://redirect.github.com/supabase/supabase-js/pull/2359">#2359</a>)</li>
<li><strong>realtime:</strong> allow httpSend to send binary payload (<a
href="https://redirect.github.com/supabase/supabase-js/pull/2400">#2400</a>)</li>
</ul>
<h3>❤️ Thank You</h3>
<ul>
<li>Claude Sonnet 4.6</li>
<li>Eduardo Gurgel</li>
<li>Guilherme Souza</li>
<li>Katerina Skroumpelou <a
href="https://github.com/mandarini"><code>@​mandarini</code></a></li>
<li>Omar Al Matar <a
href="https://github.com/Bewinxed"><code>@​Bewinxed</code></a></li>
</ul>
<h2>2.106.2 (2026-05-25)</h2>
<h3>🩹 Fixes</h3>
<ul>
<li><strong>misc:</strong> add react-native export condition for
Hermes-safe resolution (<a
href="https://redirect.github.com/supabase/supabase-js/pull/2393">#2393</a>)</li>
</ul>
<h3>❤️ Thank You</h3>
<ul>
<li>Myroslav Hryhschenko <a
href="https://github.com/BLOCKMATERIAL"><code>@​BLOCKMATERIAL</code></a></li>
</ul>
<h2>2.106.1 (2026-05-20)</h2>
<h3>🩹 Fixes</h3>
<ul>
<li><strong>misc:</strong> hide dynamic import from hermesc (<a
href="https://redirect.github.com/supabase/supabase-js/pull/2381">#2381</a>)</li>
</ul>
<h3>❤️ Thank You</h3>
<ul>
<li>Katerina Skroumpelou <a
href="https://github.com/mandarini"><code>@​mandarini</code></a></li>
</ul>
<h2>2.106.0 (2026-05-18)</h2>
<h3>🚀 Features</h3>
<ul>
<li><strong>supabase:</strong> W3C/OpenTelemetry trace context
propagation (<a
href="https://redirect.github.com/supabase/supabase-js/pull/2163">#2163</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/supabase/supabase-js/commit/76f3f0290525c53aafedaf9fc94fcc09953c2189"><code>76f3f02</code></a>
test(auth): add passkey unit and e2e coverage (<a
href="https://github.com/supabase/supabase-js/tree/HEAD/packages/core/supabase-js/issues/2442">#2442</a>)</li>
<li>See full diff in <a
href="https://github.com/supabase/supabase-js/commits/v2.108.2/packages/core/supabase-js">compare
view</a></li>
</ul>
</details>
<br />

Updates `@anthropic-ai/claude-agent-sdk` from 0.3.177 to 0.3.185
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/anthropics/claude-agent-sdk-typescript/releases">@​anthropic-ai/claude-agent-sdk's
releases</a>.</em></p>
<blockquote>
<h2>v0.3.185</h2>
<h2>What's changed</h2>
<ul>
<li>Updated to parity with Claude Code v2.1.185</li>
</ul>
<h2>Update</h2>
<pre lang="sh"><code>npm install @anthropic-ai/claude-agent-sdk@0.3.185
# or
yarn add @anthropic-ai/claude-agent-sdk@0.3.185
# or
pnpm add @anthropic-ai/claude-agent-sdk@0.3.185
# or
bun add @anthropic-ai/claude-agent-sdk@0.3.185
</code></pre>
<h2>v0.3.183</h2>
<h2>What's changed</h2>
<ul>
<li>Updated to parity with Claude Code v2.1.183</li>
</ul>
<h2>Update</h2>
<pre lang="sh"><code>npm install @anthropic-ai/claude-agent-sdk@0.3.183
# or
yarn add @anthropic-ai/claude-agent-sdk@0.3.183
# or
pnpm add @anthropic-ai/claude-agent-sdk@0.3.183
# or
bun add @anthropic-ai/claude-agent-sdk@0.3.183
</code></pre>
<h2>v0.3.181</h2>
<h2>What's changed</h2>
<ul>
<li>Added <code>errorCode</code>, <code>canUserPurchaseCredits</code>,
and <code>hasChargeableSavedPaymentMethod</code> fields to
<code>SDKRateLimitInfo</code> for detecting credits-required rate
limits</li>
<li>Added <code>tool_use_meta.icon_url</code> to assistant messages,
populated from MCP server directory metadata</li>
<li>Fixed SDK-hosted Remote Control sessions dropping
<code>file_attachments</code> from inbound user messages</li>
</ul>
<h2>Update</h2>
<pre lang="sh"><code>npm install @anthropic-ai/claude-agent-sdk@0.3.181
# or
yarn add @anthropic-ai/claude-agent-sdk@0.3.181
# or
pnpm add @anthropic-ai/claude-agent-sdk@0.3.181
# or
&lt;/tr&gt;&lt;/table&gt; 
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/anthropics/claude-agent-sdk-typescript/blob/main/CHANGELOG.md">@​anthropic-ai/claude-agent-sdk's
changelog</a>.</em></p>
<blockquote>
<h2>0.3.185</h2>
<ul>
<li>Updated to parity with Claude Code v2.1.185</li>
</ul>
<h2>0.3.184</h2>
<ul>
<li>Updated to parity with Claude Code v2.1.184</li>
</ul>
<h2>0.3.183</h2>
<ul>
<li>Updated to parity with Claude Code v2.1.183</li>
</ul>
<h2>0.3.182</h2>
<ul>
<li>Updated to parity with Claude Code v2.1.182</li>
</ul>
<h2>0.3.181</h2>
<ul>
<li>Added <code>errorCode</code>, <code>canUserPurchaseCredits</code>,
and <code>hasChargeableSavedPaymentMethod</code> fields to
<code>SDKRateLimitInfo</code> for detecting credits-required rate
limits</li>
<li>Added <code>tool_use_meta.icon_url</code> to assistant messages,
populated from MCP server directory metadata</li>
<li>Fixed SDK-hosted Remote Control sessions dropping
<code>file_attachments</code> from inbound user messages</li>
</ul>
<h2>0.3.180</h2>
<ul>
<li>Updated to parity with Claude Code v2.1.180</li>
</ul>
<h2>0.3.179</h2>
<ul>
<li>Added optional <code>tool_use_meta</code> sidecar to assistant
messages with display-friendly names for tool calls, so SDK consumers
can render human-readable labels instead of raw wire names</li>
<li>Fixed <code>-p</code> mode exiting before a completed background
agent's notification was delivered, causing interim text to ship as the
final result</li>
<li>Fixed remote (stream-json) sessions appearing busy for the entire
duration of a background workflow — the turn result is now emitted at
the turn boundary and the session reports idle while background tasks
continue</li>
</ul>
<h2>0.3.178</h2>
<ul>
<li>Spawn failures on an existing native binary now explain the likely
libc mismatch (musl binary on a glibc host) and suggest
<code>options.pathToClaudeCodeExecutable</code></li>
<li>Permission-denied advisory messages now carry typed denial reasons
(<code>safetyCheck</code>, <code>asyncAgent</code>), enabling SDK
consumers to programmatically match denial causes</li>
<li>Fixed <code>UserPromptSubmit</code> hook block feedback not being
emitted to the SDK event stream — consumers can now see why a prompt was
blocked by a hook instead of a silent hang</li>
<li>Remote Control workers now send a <code>worker_shutting_down</code>
system message on graceful exit so remote clients can show why the
session ended</li>
<li>Fixed MCP server-level specs (<code>mcp__server</code>,
<code>mcp__server__*</code>) in <code>disallowedTools</code> being
silently ignored — they now correctly remove all tools from the named
server</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/anthropics/claude-agent-sdk-typescript/commit/810e709450d3cd0444aa018501d2a5ab3477f439"><code>810e709</code></a>
chore: Update CHANGELOG.md</li>
<li><a
href="https://github.com/anthropics/claude-agent-sdk-typescript/commit/fc84d9383f5bf3a0cf65fd4f5379a82519fdb95f"><code>fc84d93</code></a>
chore: Update CHANGELOG.md</li>
<li><a
href="https://github.com/anthropics/claude-agent-sdk-typescript/commit/4d3840c936a4fda502e47e58a8bc7d014f363d24"><code>4d3840c</code></a>
chore: Update CHANGELOG.md</li>
<li><a
href="https://github.com/anthropics/claude-agent-sdk-typescript/commit/32753ee19ce670f6b320ad544d813854930bb02d"><code>32753ee</code></a>
chore: Update CHANGELOG.md</li>
<li><a
href="https://github.com/anthropics/claude-agent-sdk-typescript/commit/38722be05d4d21d6e438835c0a0177e81e2cffd2"><code>38722be</code></a>
chore: Update CHANGELOG.md</li>
<li>See full diff in <a
href="https://github.com/anthropics/claude-agent-sdk-typescript/compare/v0.3.177...v0.3.185">compare
view</a></li>
</ul>
</details>
<br />

Updates `@anthropic-ai/sdk` from 0.104.1 to 0.105.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/anthropics/anthropic-sdk-typescript/releases">@​anthropic-ai/sdk's
releases</a>.</em></p>
<blockquote>
<h2>sdk: v0.105.0</h2>
<h2>0.105.0 (2026-06-18)</h2>
<p>Full Changelog: <a
href="https://github.com/anthropics/anthropic-sdk-typescript/compare/sdk-v0.104.2...sdk-v0.105.0">sdk-v0.104.2...sdk-v0.105.0</a></p>
<h3>Features</h3>
<ul>
<li><strong>api:</strong> add support for new code_execution_20260120
tool (<a
href="https://github.com/anthropics/anthropic-sdk-typescript/commit/8dc2b54ee9f19cfc0a8f5cb49d0e1b93f4a4cadd">8dc2b54</a>)</li>
<li><strong>stream:</strong> lazily parse partial tool json input (<a
href="https://redirect.github.com/anthropics/anthropic-sdk-typescript/issues/99">#99</a>)
(<a
href="https://github.com/anthropics/anthropic-sdk-typescript/commit/e55ceee5e3053ada96a7fe008b1fd6ebc0e42544">e55ceee</a>)</li>
</ul>
<h3>Chores</h3>
<ul>
<li><strong>internal/deps:</strong> bump swc to 1.15.40 (<a
href="https://redirect.github.com/anthropics/anthropic-sdk-typescript/issues/97">#97</a>)
(<a
href="https://github.com/anthropics/anthropic-sdk-typescript/commit/a1d4d7549251f88100f44b0350f6123c9cbea5ec">a1d4d75</a>)</li>
<li><strong>internal:</strong> use are the types wrong directly (<a
href="https://redirect.github.com/anthropics/anthropic-sdk-typescript/issues/94">#94</a>)
(<a
href="https://github.com/anthropics/anthropic-sdk-typescript/commit/3d362afd0aade3d18f10e61a5e4809c0bd495768">3d362af</a>)</li>
<li><strong>tests:</strong> stop using deprecated models (<a
href="https://redirect.github.com/anthropics/anthropic-sdk-typescript/issues/98">#98</a>)
(<a
href="https://github.com/anthropics/anthropic-sdk-typescript/commit/65ae1afee1bb76179c58e1758a48d668e3fcf7b3">65ae1af</a>)</li>
</ul>
<h2>sdk: v0.104.2</h2>
<h2>0.104.2 (2026-06-15)</h2>
<p>Full Changelog: <a
href="https://github.com/anthropics/anthropic-sdk-typescript/compare/sdk-v0.104.1...sdk-v0.104.2">sdk-v0.104.1...sdk-v0.104.2</a></p>
<h3>Chores</h3>
<ul>
<li><strong>api:</strong> remove retired models from API and SDKs (<a
href="https://github.com/anthropics/anthropic-sdk-typescript/commit/a94287690a383ba34aa0d2ad9e0262eeb9241bd3">a942876</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/anthropics/anthropic-sdk-typescript/blob/main/CHANGELOG.md">@​anthropic-ai/sdk's
changelog</a>.</em></p>
<blockquote>
<h2>0.105.0 (2026-06-18)</h2>
<p>Full Changelog: <a
href="https://github.com/anthropics/anthropic-sdk-typescript/compare/sdk-v0.104.2...sdk-v0.105.0">sdk-v0.104.2...sdk-v0.105.0</a></p>
<h3>Features</h3>
<ul>
<li><strong>api:</strong> add support for new code_execution_20260120
tool (<a
href="https://github.com/anthropics/anthropic-sdk-typescript/commit/8dc2b54ee9f19cfc0a8f5cb49d0e1b93f4a4cadd">8dc2b54</a>)</li>
<li><strong>stream:</strong> lazily parse partial tool json input (<a
href="https://redirect.github.com/anthropics/anthropic-sdk-typescript/issues/99">#99</a>)
(<a
href="https://github.com/anthropics/anthropic-sdk-typescript/commit/e55ceee5e3053ada96a7fe008b1fd6ebc0e42544">e55ceee</a>)</li>
</ul>
<h3>Chores</h3>
<ul>
<li><strong>internal/deps:</strong> bump swc to 1.15.40 (<a
href="https://redirect.github.com/anthropics/anthropic-sdk-typescript/issues/97">#97</a>)
(<a
href="https://github.com/anthropics/anthropic-sdk-typescript/commit/a1d4d7549251f88100f44b0350f6123c9cbea5ec">a1d4d75</a>)</li>
<li><strong>internal:</strong> use are the types wrong directly (<a
href="https://redirect.github.com/anthropics/anthropic-sdk-typescript/issues/94">#94</a>)
(<a
href="https://github.com/anthropics/anthropic-sdk-typescript/commit/3d362afd0aade3d18f10e61a5e4809c0bd495768">3d362af</a>)</li>
<li><strong>tests:</strong> stop using deprecated models (<a
href="https://redirect.github.com/anthropics/anthropic-sdk-typescript/issues/98">#98</a>)
(<a
href="https://github.com/anthropics/anthropic-sdk-typescript/commit/65ae1afee1bb76179c58e1758a48d668e3fcf7b3">65ae1af</a>)</li>
</ul>
<h2>0.104.2 (2026-06-15)</h2>
<p>Full Changelog: <a
href="https://github.com/anthropics/anthropic-sdk-typescript/compare/sdk-v0.104.1...sdk-v0.104.2">sdk-v0.104.1...sdk-v0.104.2</a></p>
<h3>Chores</h3>
<ul>
<li><strong>api:</strong> remove retired models from API and SDKs (<a
href="https://github.com/anthropics/anthropic-sdk-typescript/commit/a94287690a383ba34aa0d2ad9e0262eeb9241bd3">a942876</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/anthropics/anthropic-sdk-typescript/commit/ab700dc013e735b80dead115fcae52fba83f1aeb"><code>ab700dc</code></a>
chore: release main</li>
<li><a
href="https://github.com/anthropics/anthropic-sdk-typescript/commit/a3225175d067110fc0e9152ed2699540455aa4ce"><code>a322517</code></a>
feat(api): add support for new code_execution_20260120 tool</li>
<li><a
href="https://github.com/anthropics/anthropic-sdk-typescript/commit/65a01068857f521d27d8963152cd3e66cbe232ad"><code>65a0106</code></a>
feat(stream): lazily parse partial tool json input (<a
href="https://redirect.github.com/anthropics/anthropic-sdk-typescript/issues/99">#99</a>)</li>
<li><a
href="https://github.com/anthropics/anthropic-sdk-typescript/commit/384ab5179b6120fa6c3fdc37fabb1baba23a1d73"><code>384ab51</code></a>
chore(tests): stop using deprecated models (<a
href="https://redirect.github.com/anthropics/anthropic-sdk-typescript/issues/98">#98</a>)</li>
<li><a
href="https://github.com/anthropics/anthropic-sdk-typescript/commit/a49a19143ae0b13fc5312058c008c5a39250cd96"><code>a49a191</code></a>
chore(internal/deps): bump swc to 1.15.40 (<a
href="https://redirect.github.com/anthropics/anthropic-sdk-typescript/issues/97">#97</a>)</li>
<li><a
href="https://github.com/anthropics/anthropic-sdk-typescript/commit/7ac63f3b566c898fa9ce3eaced546da5cf0e3014"><code>7ac63f3</code></a>
chore(internal): use are the types wrong directly (<a
href="https://redirect.github.com/anthropics/anthropic-sdk-typescript/issues/94">#94</a>)</li>
<li><a
href="https://github.com/anthropics/anthropic-sdk-typescript/commit/fbee0d149ce08532885d766d9b1dc99133181d8e"><code>fbee0d1</code></a>
chore: release main</li>
<li><a
href="https://github.com/anthropics/anthropic-sdk-typescript/commit/e984ba4942d0e9660690910c4a7c7325b1fe3607"><code>e984ba4</code></a>
chore(api): remove retired models from API and SDKs</li>
<li>See full diff in <a
href="https://github.com/anthropics/anthropic-sdk-typescript/compare/sdk-v0.104.1...sdk-v0.105.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `@clack/prompts` from 1.5.1 to 1.6.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/bombshell-dev/clack/releases">@​clack/prompts's
releases</a>.</em></p>
<blockquote>
<h2><code>@​clack/prompts</code><a
href="https://github.com/1"><code>@​1</code></a>.6.0</h2>
<h3>Minor Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/bombshell-dev/clack/pull/568">#568</a>
<a
href="https://github.com/bombshell-dev/clack/commit/f87933fb7b3f4c401b9e51a152b95cb8e7200fe5"><code>f87933f</code></a>
Thanks <a
href="https://github.com/florian-lefebvre"><code>@​florian-lefebvre</code></a>!
- Updates default formatter of <code>note()</code> to note dim lines
anymore</p>
<p>If you want the old behavior, provide a <code>format()</code>
function:</p>
<pre lang="diff"><code>import { note } from '@clack/prompts';
+import { styleText } from 'node:util';
<p>note(
'You can edit the file src/index.jsx',
'Next steps.'</p>
<ul>
<li>{ format: (text) =&gt; styleText('dim', text) }
);
</code></pre></li>
</ul>
</li>
<li>
<p><a
href="https://redirect.github.com/bombshell-dev/clack/pull/567">#567</a>
<a
href="https://github.com/bombshell-dev/clack/commit/cc6aab50186cff8a02dc98e9cfd3897c29a33b15"><code>cc6aab5</code></a>
Thanks <a
href="https://github.com/dreyfus92"><code>@​dreyfus92</code></a>! - Add
keyboard instruction footers to <code>select</code>,
<code>multiselect</code>, and <code>groupMultiselect</code> in the
active state, matching autocomplete. No option — always shown.</p>
</li>
</ul>
<h3>Patch Changes</h3>
<ul>
<li>Updated dependencies [<a
href="https://github.com/bombshell-dev/clack/commit/2f2b52f77cbfa9af618c6d929249ab8395fc37a1"><code>2f2b52f</code></a>,
<a
href="https://github.com/bombshell-dev/clack/commit/e1b6ee71a76e17a3c33ba7ee6e5fb34e886233bb"><code>e1b6ee7</code></a>]:
<ul>
<li><code>@​clack/core</code><a
href="https://github.com/1"><code>@​1</code></a>.4.2</li>
</ul>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/bombshell-dev/clack/blob/main/packages/prompts/CHANGELOG.md">@​clack/prompts's
changelog</a>.</em></p>
<blockquote>
<h2>1.6.0</h2>
<h3>Minor Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/bombshell-dev/clack/pull/568">#568</a>
<a
href="https://github.com/bombshell-dev/clack/commit/f87933fb7b3f4c401b9e51a152b95cb8e7200fe5"><code>f87933f</code></a>
Thanks <a
href="https://github.com/florian-lefebvre"><code>@​florian-lefebvre</code></a>!
- Updates default formatter of <code>note()</code> to note dim lines
anymore</p>
<p>If you want the old behavior, provide a <code>format()</code>
function:</p>
<pre lang="diff"><code>import { note } from '@clack/prompts';
+import { styleText } from 'node:util';
<p>note(
'You can edit the file src/index.jsx',
'Next steps.'</p>
<ul>
<li>{ format: (text) =&gt; styleText('dim', text) }
);
</code></pre></li>
</ul>
</li>
<li>
<p><a
href="https://redirect.github.com/bombshell-dev/clack/pull/567">#567</a>
<a
href="https://github.com/bombshell-dev/clack/commit/cc6aab50186cff8a02dc98e9cfd3897c29a33b15"><code>cc6aab5</code></a>
Thanks <a
href="https://github.com/dreyfus92"><code>@​dreyfus92</code></a>! - Add
keyboard instruction footers to <code>select</code>,
<code>multiselect</code>, and <code>groupMultiselect</code> in the
active state, matching autocomplete. No option — always shown.</p>
</li>
</ul>
<h3>Patch Changes</h3>
<ul>
<li>Updated dependencies [<a
href="https://github.com/bombshell-dev/clack/commit/2f2b52f77cbfa9af618c6d929249ab8395fc37a1"><code>2f2b52f</code></a>,
<a
href="https://github.com/bombshell-dev/clack/commit/e1b6ee71a76e17a3c33ba7ee6e5fb34e886233bb"><code>e1b6ee7</code></a>]:
<ul>
<li><code>@​clack/core</code><a
href="https://github.com/1"><code>@​1</code></a>.4.2</li>
</ul>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/bombshell-dev/clack/commit/0e700562dfb54bd693d98c5b7e28d34213fcb226"><code>0e70056</code></a>
[ci] release (<a
href="https://github.com/bombshell-dev/clack/tree/HEAD/packages/prompts/issues/562">#562</a>)</li>
<li><a
href="https://github.com/bombshell-dev/clack/commit/f87933fb7b3f4c401b9e51a152b95cb8e7200fe5"><code>f87933f</code></a>
fix(prompts): do not dim note contents (<a
href="https://github.com/bombshell-dev/clack/tree/HEAD/packages/prompts/issues/568">#568</a>)</li>
<li><a
href="https://github.com/bombshell-dev/clack/commit/cc6aab50186cff8a02dc98e9cfd3897c29a33b15"><code>cc6aab5</code></a>
feat(prompts): add instructions footer for <code>select</code>,
<code>multi-select</code> &amp; `group-...</li>
<li>See full diff in <a
href="https://github.com/bombshell-dev/clack/commits/@clack/prompts@1.6.0/packages/prompts">compare
view</a></li>
</ul>
</details>
<br />

Updates `ink` from 7.0.6 to 7.1.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/vadimdemedes/ink/releases">ink's
releases</a>.</em></p>
<blockquote>
<h2>v7.1.0</h2>
<ul>
<li>Add <a
href="https://github.com/vadimdemedes/ink#suspendterminalcallback"><code>suspendTerminal()</code></a>
to hand the terminal to a child process (<a
href="https://redirect.github.com/vadimdemedes/ink/issues/972">#972</a>)
9e8ed1f</li>
</ul>
<hr />
<p><a
href="https://github.com/vadimdemedes/ink/compare/v7.0.6...v7.1.0">https://github.com/vadimdemedes/ink/compare/v7.0.6...v7.1.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/vadimdemedes/ink/commit/25766aec618bd62030069f57dd081e5ebdd46add"><code>25766ae</code></a>
7.1.0</li>
<li><a
href="https://github.com/vadimdemedes/ink/commit/9e8ed1f005db0e975817983665f5c68884c6c232"><code>9e8ed1f</code></a>
Add <code>suspendTerminal()</code> to hand the terminal to a child
process (<a
href="https://redirect.github.com/vadimdemedes/ink/issues/972">#972</a>)</li>
<li>See full diff in <a
href="https://github.com/vadimdemedes/ink/compare/v7.0.6...v7.1.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `pg` from 8.21.0 to 8.22.0
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/brianc/node-postgres/blob/master/CHANGELOG.md">pg's
changelog</a>.</em></p>
<blockquote>
<h2>pg@8.22.0</h2>
<ul>
<li>Add support for <a
href="https://redirect.github.com/brianc/node-postgres/pull/3688">sslnegotiation=direct</a>
for PostgreSQL 17+.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/brianc/node-postgres/commit/b617619f9fb6fbd231731823e2732a2927ded4be"><code>b617619</code></a>
Publish</li>
<li><a
href="https://github.com/brianc/node-postgres/commit/d80b2612fbe83ed8234637f20b943d85e4331094"><code>d80b261</code></a>
Update docs &amp; changelog</li>
<li><a
href="https://github.com/brianc/node-postgres/commit/835fb83ab9e1cf30fa8367ba42bd633720d71832"><code>835fb83</code></a>
Fix error handling for exceptions on values parsing. (<a
href="https://github.com/brianc/node-postgres/tree/HEAD/packages/pg/issues/3574">#3574</a>)</li>
<li><a
href="https://github.com/brianc/node-postgres/commit/f49ab4a9795ae0866409f9bfe52a68b4f65ef024"><code>f49ab4a</code></a>
fix: correct spelling mistakes across codebase (<a
href="https://github.com/brianc/node-postgres/tree/HEAD/packages/pg/issues/3692">#3692</a>)</li>
<li><a
href="https://github.com/brianc/node-postgres/commit/d7175a4aa0347b7416109e9ecc61d4d235486d0e"><code>d7175a4</code></a>
Expand CI matrix of PG versions and add direct SSL test (<a
href="https://github.com/brianc/node-postgres/tree/HEAD/packages/pg/issues/3693">#3693</a>)</li>
<li><a
href="https://github.com/brianc/node-postgres/commit/882fc308cce7bf136cd1448e00395f760dad3e00"><code>882fc30</code></a>
Add support for sslnegotiation=direct (PostgreSQL 17) (<a
href="https://github.com/brianc/node-postgres/tree/HEAD/packages/pg/issues/3688">#3688</a>)</li>
<li>See full diff in <a
href="https://github.com/brianc/node-postgres/commits/pg@8.22.0/packages/pg">compare
view</a></li>
</ul>
</details>
<br />

Updates `posthog-node` from 5.37.0 to 5.38.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/PostHog/posthog-js/releases">posthog-node's
releases</a>.</em></p>
<blockquote>
<h2>posthog-node@5.38.2</h2>
<h2>5.38.2</h2>
<h3>Patch Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/PostHog/posthog-js/pull/3903">#3903</a>
<a
href="https://github.com/PostHog/posthog-js/commit/6b21f77291aeea64ce8229eb28196d1acacc20ce"><code>6b21f77</code></a>
Thanks <a
href="https://github.com/marandaneto"><code>@​marandaneto</code></a>! -
Validate custom event UUID overrides and generate new UUIDs when
invalid.
(2026-06-19)</li>
<li>Updated dependencies [<a
href="https://github.com/PostHog/posthog-js/commit/6b21f77291aeea64ce8229eb28196d1acacc20ce"><code>6b21f77</code></a>]:
<ul>
<li><code>@​posthog/core</code><a
href="https://github.com/1"><code>@​1</code></a>.35.3</li>
</ul>
</li>
</ul>
<h2>posthog-node@5.38.1</h2>
<h2>5.38.1</h2>
<h3>Patch Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/PostHog/posthog-js/pull/3886">#3886</a>
<a
href="https://github.com/PostHog/posthog-js/commit/e6d7fe2a5f10d29b3df69392f584970e7a7a4561"><code>e6d7fe2</code></a>
Thanks <a
href="https://github.com/marandaneto"><code>@​marandaneto</code></a>! -
Stop sending deprecated no-op top-level <code>type</code>,
<code>library</code>, and <code>library_version</code> fields in event
batch payloads. Use <code>properties.$lib</code> and
<code>properties.$lib_version</code> for SDK metadata; legacy queued
<code>library</code> and <code>library_version</code> values are used as
fallbacks when the official <code>$</code> properties are missing.
(2026-06-18)</li>
<li>Updated dependencies [<a
href="https://github.com/PostHog/posthog-js/commit/e6d7fe2a5f10d29b3df69392f584970e7a7a4561"><code>e6d7fe2</code></a>]:
<ul>
<li><code>@​posthog/core</code><a
href="https://github.com/1"><code>@​1</code></a>.35.2</li>
</ul>
</li>
</ul>
<h2>posthog-node@5.38.0</h2>
<h2>5.38.0</h2>
<h3>Minor Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/PostHog/posthog-js/pull/3845">#3845</a>
<a
href="https://github.com/PostHog/posthog-js/commit/a0553b305679f995e244cad7498c7521cb4c849d"><code>a0553b3</code></a>
Thanks <a
href="https://github.com/marandaneto"><code>@​marandaneto</code></a>! -
Add <code>setPersonProperties()</code> and
<code>unsetPersonProperties()</code> helpers to manage person properties
from the Node.js SDK.
(2026-06-16)</li>
</ul>
<h3>Patch Changes</h3>
<ul>
<li>Updated dependencies [<a
href="https://github.com/PostHog/posthog-js/commit/b3ec8453d3678bd7ab6737b25bae003e61117ef9"><code>b3ec845</code></a>,
<a
href="https://github.com/PostHog/posthog-js/commit/c6c163aefb093d5609977ae243b056f96a2d3b4e"><code>c6c163a</code></a>]:
<ul>
<li><code>@​posthog/core</code><a
href="https://github.com/1"><code>@​1</code></a>.33.0</li>
</ul>
</li>
</ul>
<h2>posthog-node@5.37.1</h2>
<h2>5.37.1</h2>
<h3>Patch Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/PostHog/posthog-js/pull/3837">#3837</a>
<a
href="https://github.com/PostHog/posthog-js/commit/29bf8e386a4050531e9cfd906c33b75945fcb6ad"><code>29bf8e3</code></a>
Thanks <a
href="https://github.com/marandaneto"><code>@​marandaneto</code></a>! -
Add missing bugs metadata to package manifests.
(2026-06-15)</li>
<li>Updated dependencies [<a
href="https://github.com/PostHog/posthog-js/commit/29bf8e386a4050531e9cfd906c33b75945fcb6ad"><code>29bf8e3</code></a>]:
<ul>
<li><code>@​posthog/core</code><a
href="https://github.com/1"><code>@​1</code></a>.32.4</li>
</ul>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/PostHog/posthog-js/blob/main/packages/node/CHANGELOG.md">posthog-node's
changelog</a>.</em></p>
<blockquote>
<h2>5.38.2</h2>
<h3>Patch Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/PostHog/posthog-js/pull/3903">#3903</a>
<a
href="https://github.com/PostHog/posthog-js/commit/6b21f77291aeea64ce8229eb28196d1acacc20ce"><code>6b21f77</code></a>
Thanks <a
href="https://github.com/marandaneto"><code>@​marandaneto</code></a>! -
Validate custom event UUID overrides and generate new UUIDs when
invalid.
(2026-06-19)</li>
<li>Updated dependencies [<a
href="https://github.com/PostHog/posthog-js/commit/6b21f77291aeea64ce8229eb28196d1acacc20ce"><code>6b21f77</code></a>]:
<ul>
<li><code>@​posthog/core</code><a
href="https://github.com/1"><code>@​1</code></a>.35.3</li>
</ul>
</li>
</ul>
<h2>5.38.1</h2>
<h3>Patch Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/PostHog/posthog-js/pull/3886">#3886</a>
<a
href="https://github.com/PostHog/posthog-js/commit/e6d7fe2a5f10d29b3df69392f584970e7a7a4561"><code>e6d7fe2</code></a>
Thanks <a
href="https://github.com/marandaneto"><code>@​marandaneto</code></a>! -
Stop sending deprecated no-op top-level <code>type</code>,
<code>library</code>, and <code>library_version</code> fields in event
batch payloads. Use <code>properties.$lib</code> and
<code>properties.$lib_version</code> for SDK metadata; legacy queued
<code>library</code> and <code>library_version</code> values are used as
fallbacks when the official <code>$</code> properties are missing.
(2026-06-18)</li>
<li>Updated dependencies [<a
href="https://github.com/PostHog/posthog-js/commit/e6d7fe2a5f10d29b3df69392f584970e7a7a4561"><code>e6d7fe2</code></a>]:
<ul>
<li><code>@​posthog/core</code><a
href="https://github.com/1"><code>@​1</code></a>.35.2</li>
</ul>
</li>
</ul>
<h2>5.38.0</h2>
<h3>Minor Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/PostHog/posthog-js/pull/3845">#3845</a>
<a
href="https://github.com/PostHog/posthog-js/commit/a0553b305679f995e244cad7498c7521cb4c849d"><code>a0553b3</code></a>
Thanks <a
href="https://github.com/marandaneto"><code>@​marandaneto</code></a>! -
Add <code>setPersonProperties()</code> and
<code>unsetPersonProperties()</code> helpers to manage person properties
from the Node.js SDK.
(2026-06-16)</li>
</ul>
<h3>Patch Changes</h3>
<ul>
<li>Updated dependencies [<a
href="https://github.com/PostHog/posthog-js/commit/b3ec8453d3678bd7ab6737b25bae003e61117ef9"><code>b3ec845</code></a>,
<a
href="https://github.com/PostHog/posthog-js/commit/c6c163aefb093d5609977ae243b056f96a2d3b4e"><code>c6c163a</code></a>]:
<ul>
<li><code>@​posthog/core</code><a
href="https://github.com/1"><code>@​1</code></a>.33.0</li>
</ul>
</li>
</ul>
<h2>5.37.1</h2>
<h3>Patch Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/PostHog/posthog-js/pull/3837">#3837</a>
<a
href="https://github.com/PostHog/posthog-js/commit/29bf8e386a4050531e9cfd906c33b75945fcb6ad"><code>29bf8e3</code></a>
Thanks <a
href="https://github.com/marandaneto"><code>@​marandaneto</code></a>! -
Add missing bugs metadata to package manifests.
(2026-06-15)</li>
<li>Updated dependencies [<a
href="https://github.com/PostHog/posthog-js/commit/29bf8e386a4050531e9cfd906c33b75945fcb6ad"><code>29bf8e3</code></a>]:
<ul>
<li><code>@​posthog/core</code><a
href="https://github.com/1"><code>@​1</code></a>.32.4</li>
</ul>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/PostHog/posthog-js/commit/b0bd00ff7279fdb3f3bc9c993e7fc2f24710c50e"><code>b0bd00f</code></a>
chore: update versions and lockfile [version bump]</li>
<li><a
href="https://github.com/PostHog/posthog-js/commit/6b21f77291aeea64ce8229eb28196d1acacc20ce"><code>6b21f77</code></a>
fix: validate custom event UUIDs (<a
href="https://github.com/PostHog/posthog-js/tree/HEAD/packages/node/issues/3903">#3903</a>)</li>
<li><a
href="https://github.com/PostHog/posthog-js/commit/229efffbe56e56d387db0ce5f8848093843ce73d"><code>229efff</code></a>
chore: update versions and lockfile [version bump]</li>
<li><a
href="https://github.com/PostHog/posthog-js/commit/e6d7fe2a5f10d29b3df69392f584970e7a7a4561"><code>e6d7fe2</code></a>
fix: remove ignored batch metadata fields (<a
href="https://github.com/PostHog/posthog-js/tree/HEAD/packages/node/issues/3886">#3886</a>)</li>
<li><a
href="https://github.com/PostHog/posthog-js/commit/f4955109eaaeaad43462acd5384b53a86dedbdcd"><code>f495510</code></a>
chore: update versions and lockfile [version bump]</li>
<li><a
href="https://github.com/PostHog/posthog-js/commit/bd07ec42968ada9099a31cf7d61b106af22267ca"><code>bd07ec4</code></a>
feat(flags): add disableRemoteFeatureFlags option and runtime
updateFlags (<a
href="https://github.com/PostHog/posthog-js/tree/HEAD/packages/node/issues/3">#3</a>...</li>
<li><a
href="https://github.com/PostHog/posthog-js/commit/4ff3bb3c3feac6c3c62213dacad20cee5073ed05"><code>4ff3bb3</code></a>
chore: update versions and lockfile [version bump]</li>
<li><a
href="https://github.com/PostHog/posthog-js/commit/a0553b305679f995e244cad7498c7521cb4c849d"><code>a0553b3</code></a>
feat(node): add person property helpers (<a
href="https://github.com/PostHog/posthog-js/tree/HEAD/packages/node/issues/3845">#3845</a>)</li>
<li><a
href="https://github.com/PostHog/posthog-js/commit/70d3ddedf9db17572fcdad276439809644607ccc"><code>70d3dde</code></a>
chore: Generate versioned references only on release (<a
href="https://github.com/PostHog/posthog-js/tree/HEAD/packages/node/issues/3858">#3858</a>)</li>
<li><a
href="https://github.com/PostHog/posthog-js/commit/47aea13be9b6a9c61f7ef16fb683adc7a669a37f"><code>47aea13</code></a>
chore: update versions and lockfile [version bump]</li>
<li>Additional commits viewable in <a
href="https://github.com/PostHog/posthog-js/commits/posthog-node@5.38.2/packages/node">compare
view</a></li>
</ul>
</details>
<br />

Updates `fumadocs-core` from 16.10.2 to 16.10.5
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/fuma-nama/fumadocs/commit/7365d6327cc7befad39fad085c14e71edad8546f"><code>7365d63</code></a>
Version Packages (<a
href="https://redirect.github.com/fuma-nama/fumadocs/issues/3366">#3366</a>)</li>
<li><a
href="https://github.com/fuma-nama/fumadocs/commit/23c00f221174ef8295778f86ad518604dcbb8185"><code>23c00f2</code></a>
fix(openapi): fix typescript definitions name</li>
<li><a
href="https://github.com/fuma-nama/fumadocs/commit/4fe2821cbbc612d2fad1647a94492afd46031822"><code>4fe2821</code></a>
fix(openapi): fix usage tabs</li>
<li><a
href="https://github.com/fuma-nama/fumadocs/commit/58c2574bf125ab05a9d11e9625393655be83637f"><code>58c2574</code></a>
fix custom script</li>
<li><a
href="https://github.com/fuma-nama/fumadocs/commit/1a323a6e988b4ca6f4cc93401934aad7d9f99745"><code>1a323a6</code></a>
dedupe deps</li>
<li><a
href="https://github.com/fuma-nama/fumadocs/commit/19955f37d7eee23b19ce3376474551c838cc582d"><code>19955f3</code></a>
fix(ui): use <code>prompt</code> query param for &quot;Open in
ChatGPT&quot; page action (<a
href="https://redirect.github.com/fuma-nama/fumadocs/issues/3365">#3365</a>)</li>
<li><a
href="https://github.com/fuma-nama/fumadocs/commit/c903a684d410d7d9e516a1ce0c723724be7b8022"><code>c903a68</code></a>
Version Packages (<a
href="https://redirect.github.com/fuma-nama/fumadocs/issues/3363">#3363</a>)</li>
<li><a
href="https://github.com/fuma-nama/fumadocs/commit/ae508485ab626667a4c76776451313fd1e46d868"><code>ae50848</code></a>
feat(core): support react router v8</li>
<li><a
href="https://github.com/fuma-nama/fumadocs/commit/bd9a9d001b57b79a346f5dcc8ea2b87802794c64"><code>bd9a9d0</code></a>
update tegami</li>
<li><a
href="https://github.com/fuma-nama/fumadocs/commit/88ce9d9614c2edc07307f4733e73cae7a2c863ca"><code>88ce9d9</code></a>
refactor: use Tegami</li>
<li>Additional commits viewable in <a
href="https://github.com/fuma-nama/fumadocs/compare/fumadocs-core@16.10.2...fumadocs@16.10.5">compare
view</a></li>
</ul>
</details>
<br />

Updates `fumadocs-ui` from 16.10.2 to 16.10.5
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/fuma-nama/fumadocs/releases">fumadocs-ui's
releases</a>.</em></p>
<blockquote>
<h2>fumadocs-ui@16.10.3</h2>
<h3>Patch Changes</h3>
<ul>
<li>5499f59: type-safe provider props
<ul>
<li>fumadocs-core@16.10.3</li>
</ul>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/fuma-nama/fumadocs/commit/7365d6327cc7befad39fad085c14e71edad8546f"><code>7365d63</code></a>
Version Packages (<a
href="https://redirect.github.com/fuma-nama/fumadocs/issues/3366">#3366</a>)</li>
<li><a
href="https://github.com/fuma-nama/fumadocs/commit/23c00f221174ef8295778f86ad518604dcbb8185"><code>23c00f2</code></a>
fix(openapi): fix typescript definitions name</li>
<li><a
href="https://github.com/fuma-nama/fumadocs/commit/4fe2821cbbc612d2fad1647a94492afd46031822"><code>4fe2821</code></a>
fix(openapi): fix usage tabs</li>
<li><a
href="https://github.com/fuma-nama/fumadocs/commit/58c2574bf125ab05a9d11e9625393655be83637f"><code>58c2574</code></a>
fix custom script</li>
<li><a
href="https://github.com/fuma-nama/fumadocs/commit/1a323a6e988b4ca6f4cc93401934aad7d9f99745"><code>1a323a6</code></a>
dedupe deps</li>
<li><a
href="https://github.com/fuma-nama/fumadocs/commit/19955f37d7eee23b19ce3376474551c838cc582d"><code>19955f3</code></a>
fix(ui): use <code>prompt</code> query param for &quot;Open in
ChatGPT&quot; page action (<a
href="https://redirect.github.com/fuma-nama/fumadocs/issues/3365">#3365</a>)</li>
<li><a
href="https://github.com/fuma-nama/fumadocs/commit/c903a684d410d7d9e516a1ce0c723724be7b8022"><code>c903a68</code></a>
Version Packages (<a
href="https://redirect.github.com/fuma-nama/fumadocs/issues/3363">#3363</a>)</li>
<li><a
href="https://github.com/fuma-nama/fumadocs/commit/ae508485ab626667a4c76776451313fd1e46d868"><code>ae50848</code></a>
feat(core): support react router v8</li>
<li><a
href="https://github.com/fuma-nama/fumadocs/commit/bd9a9d001b57b79a346f5dcc8ea2b87802794c64"><code>bd9a9d0</code></a>
update tegami</li>
<li><a
href="https://github.com/fuma-nama/fumadocs/commit/88ce9d9614c2edc07307f4733e73cae7a2c863ca"><code>88ce9d9</code></a>
refactor: use Tegami</li>
<li>Additional commits viewable in <a
href="https://github.com/fuma-nama/fumadocs/compare/fumadocs-ui@16.10.2...fumadocs@16.10.5">compare
view</a></li>
</ul>
</details>
<br />

Updates `@types/node` from 25.9.3 to 26.0.0
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node">compare
view</a></li>
</ul>
</details>
<br />

Updates `@effect/atom-react` from 4.0.0-beta.83 to 4.0.0-beta.85
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/Effect-TS/effect-smol/blob/main/packages/atom/react/CHANGELOG.md">@​effect/atom-react's
changelog</a>.</em></p>
<blockquote>
<h2>4.0.0-beta.85</h2>
<h3>Patch Changes</h3>
<ul>
<li>Updated dependencies [<a
href="https://github.com/Effect-TS/effect-smol/commit/328d97cc53c0dcb89077a5623e35b095eaa59a8c"><code>328d97c</code></a>,
<a
href="https://github.com/Effect-TS/effect-smol/commit/8441836e6dde70e8ae2126be9cefe9b45798b134"><code>8441836</code></a>,
<a
href="https://github.com/Effect-TS/effect-smol/commit/074e4361091289104cb0ab6959dc3b0ea7794a6a"><code>074e436</code></a>,
<a
href="https://github.com/Effect-TS/effect-smol/commit/c1dfd60663eb13a58916f3712d877499943b628a"><code>c1dfd60</code></a>,
<a
href="https://github.com/Effect-TS/effect-smol/commit/2ba316bd15fcbf1c50626500d44a2c9b3bec19f5"><code>2ba316b</code></a>,
<a
href="https://github.com/Effect-TS/effect-smol/commit/7ce7344c41056c79e2ee19ee6a9346c0f1d227c1"><code>7ce7344</code></a>]:
<ul>
<li>effect@4.0.0-beta.85</li>
</ul>
</li>
</ul>
<h2>4.0.0-beta.84</h2>
<h3>Patch Changes</h3>
<ul>
<li>Updated dependencies [<a
href="https://github.com/Effect-TS/effect-smol/commit/87f52ba16c4370ffa3f84bf8e53038e1419c284e"><code>87f52ba</code></a>,
<a
href="https://github.com/Effect-TS/effect-smol/commit/b8ee07ffda8903b5ec2e45a786ddcba59f128fda"><code>b8ee07f</code></a>,
<a
href="https://github.com/Effect-TS/effect-smol/commit/867c0d70a09079b040260d45a1e92ff04dbfbf2f"><code>867c0d7</code></a>,
<a
href="https://github.com/Effect-TS/effect-smol/commit/b93bc6c9cb27b909a41d094c97c4f9d25bbc6d6b"><code>b93bc6c</code></a>,
<a
href="https://github.com/Effect-TS/effect-smol/commit/57d387f92c30ab63e15e3e641f0a903b65886610"><code>57d387f</code></a>,
<a
href="https://github.com/Effect-TS/effect-smol/commit/bacca4141c2400effae1eabfdb36c89a459cf246"><code>bacca41</code></a>,
<a
href="https://github.com/Effect-TS/effect-smol/commit/0f8ac7959d29ed68c68ce25aabd6bf0cb7e63ecc"><code>0f8ac79</code></a>,
<a
href="https://github.com/Effect-TS/effect-smol/commit/25b448270c01317703f25107e1480d4cd0246d9a"><code>25b4482</code></a>,
<a
href="https://github.com/Effect-TS/effect-smol/commit/9cf3a25c66b0c44a52be9829870c44517ea52db2"><code>9cf3a25</code></a>,
<a
href="https://github.com/Effect-TS/effect-smol/commit/8def7674b1787f91035298cda4d122937e87ef72"><code>8def767</code></a>]:
<ul>
<li>effect@4.0.0-beta.84</li>
</ul>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/Effect-TS/effect-smol/commit/a2fd7ef805f10babae275505873b4fa9a936bc6e"><code>a2fd7ef</code></a>
Version Packages (beta) (<a
href="https://github.com/Effect-TS/effect-smol/tree/HEAD/packages/atom/react/issues/2426">#2426</a>)</li>
<li><a
href="https://github.com/Effect-TS/effect-smol/commit/d11b2b5f2b4646983d4bb7b52bfc0de1a5ad17e2"><code>d11b2b5</code></a>
Version Packages (beta) (<a
href="https://github.com/Effect-TS/effect-smol/tree/HEAD/packages/atom/react/issues/2408">#2408</a>)</li>
<li>See full diff in <a
href="https://github.com/Effect-TS/effect-smol/commits/@effect/atom-react@4.0.0-beta.85/packages/atom/react">compare
view</a></li>
</ul>
</details>
<br />

Updates `@effect/platform-bun` from 4.0.0-beta.83 to 4.0.0-beta.85
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/Effect-TS/effect/commits/HEAD/packages/platform-bun">compare
view</a></li>
</ul>
</details>
<br />

Updates `@effect/platform-node` from 4.0.0-beta.83 to 4.0.0-beta.85
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/Effect-TS/effect/commits/HEAD/packages/platform-node">compare
view</a></li>
</ul>
</details>
<br />

Updates `@effect/sql-pg` from 4.0.0-beta.83 to 4.0.0-beta.85
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/Effect-TS/effect/commits/HEAD/packages/sql-pg">compare
view</a></li>
</ul>
</details>
<br />

Updates `@effect/vitest` from 4.0.0-beta.84 to 4.0.0-beta.85
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/Effect-TS/effect/commits/HEAD/packages/vitest">compare
view</a></li>
</ul>
</details>
<br />

Updates `@nx/devkit` from 22.7.5 to 23.0.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/nrwl/nx/releases">@​nx/devkit's
releases</a>.</em></p>
<blockquote>
<h1>23.0.0 (2026-06-16)</h1>
<h3>🚀 Features</h3>
<ul>
<li>⚠️ <strong>angular:</strong> remove deprecated
<code>@​nx/angular/</code>module-federation entry point (<a
href="https://redirect.github.com/nrwl/nx/pull/35512">#35512</a>)</li>
<li>⚠️ <strong>angular:</strong> remove deprecated move generator (<a
href="https://redirect.github.com/nrwl/nx/pull/35513">#35513</a>)</li>
<li>⚠️ <strong>angular:</strong> remove deprecated ngrx generator (<a
href="https://redirect.github.com/nrwl/nx/pull/35567">#35567</a>)</li>
<li><strong>angular:</strong> deprecate convert-to-with-mf generator (<a
href="https://redirect.github.com/nrwl/nx/pull/35862">#35862</a>)</li>
<li><strong>angular:</strong> deprecate SCAM generators (<a
href="https://redirect.github.com/nrwl/nx/pull/35887">#35887</a>)</li>
<li>⚠️ <strong>bundling:</strong> drop legacy typescript plugin and
align rollup buildLibsFromSource default (<a
href="https://redirect.github.com/nrwl/nx/pull/35516">#35516</a>)</li>
<li>⚠️ <strong>bundling:</strong> remove SVGR option and provide
withSvgr migration (<a
href="https://redirect.github.com/nrwl/nx/pull/35611">#35611</a>)</li>
<li><strong>bundling:</strong> add Vite 7 -&gt; 8 migrations (<a
href="https://redirect.github.com/nrwl/nx/pull/35614">#35614</a>)</li>
<li><strong>core:</strong> add support for '...' as a spread token when
merging target config (<a
href="https://redirect.github.com/nrwl/nx/pull/34285">#34285</a>)</li>
<li><strong>core:</strong> show target uses task graph + filter broken
dependsOn during normalization (<a
href="https://redirect.github.com/nrwl/nx/pull/35367">#35367</a>)</li>
<li><strong>core:</strong> add --mode and --multi-major-mode flags to nx
migrate (<a
href="https://redirect.github.com/nrwl/nx/pull/35497">#35497</a>)</li>
<li><strong>core:</strong> support <code>prompt</code> field in
migration entries (<a
href="https://redirect.github.com/nrwl/nx/pull/35638">#35638</a>)</li>
<li><strong>core:</strong> rename nx watch --includeDependentProjects to
--includeDependencies (<a
href="https://redirect.github.com/nrwl/nx/pull/35699">#35699</a>)</li>
<li><strong>core:</strong> support filtered array-shape targetDefaults
with projects and source (<a
href="https://redirect.github.com/nrwl/nx/pull/35340">#35340</a>)</li>
<li><strong>core:</strong> enable native Node.js TypeScript stripping by
default (<a
href="https://redirect.github.com/nrwl/nx/pull/35608">#35608</a>)</li>
<li><strong>core:</strong> add shell tab-completion (bash, zsh, fish,
powershell) (<a
href="https://redirect.github.com/nrwl/nx/pull/34951">#34951</a>)</li>
<li><strong>core:</strong> add agentic mode to nx migrate
--run-migrations (<a
href="https://redirect.github.com/nrwl/nx/pull/35718">#35718</a>)</li>
<li><strong>core:</strong> add a migrate configuration section to
nx.json (<a
href="https://redirect.github.com/nrwl/nx/pull/35831">#35831</a>)</li>
<li><strong>core:</strong> feed migration docs to agents in nx migrate
(<a
href="https://redirect.github.com/nrwl/nx/pull/35835">#35835</a>)</li>
<li><strong>core:</strong> avoid redundant rematch in
findMatchingConfigFiles (<a
href="https://redirect.github.com/nrwl/nx/pull/35793">#35793</a>, <a
href="https://redirect.github.com/nrwl/nx/issues/35792">#35792</a>)</li>
<li>⚠️ <strong>core:</strong> rename CreateNodes V2 types to canonical
OG names (<a
href="https://redirect.github.com/nrwl/nx/pull/35386">#35386</a>, <a
href="https://redirect.github.com/nrwl/nx/issues/32951">#32951</a>)</li>
<li><strong>core:</strong> support prompt-only and hybrid migrations in
Nx Console UI (<a
href="https://redirect.github.com/nrwl/nx/pull/35822">#35822</a>, <a
href="https://redirect.github.com/nrwl/nx/issues/35718">#35718</a>, <a
href="https://redirect.github.com/nrwl/nx/issues/3153">#3153</a>)</li>
<li><strong>core:</strong> add JSON schema for migrations.json files (<a
href="https://redirect.github.com/nrwl/nx/pull/35888">#35888</a>)</li>
<li><strong>core:</strong> add migrations for createNodesV2 -&gt;
createNodes rename (<a
href="https://redirect.github.com/nrwl/nx/pull/35893">#35893</a>, <a
href="https://redirect.github.com/nrwl/nx/issues/35386">#35386</a>)</li>
<li><strong>core:</strong> extend <code>nx migrate --include</code> to
any package that supports optional updates (<a
href="https://redirect.github.com/nrwl/nx/pull/35905">#35905</a>)</li>
<li><strong>core:</strong> report analytics events for the nx migrate
flow (<a
href="https://redirect.github.com/nrwl/nx/pull/35937">#35937</a>)</li>
<li><strong>core:</strong> revert array-shape targetDefaults support
pending redesign and reapplication (<a
href="https://redirect.github.com/nrwl/nx/pull/36005">#36005</a>, <a
href="https://redirect.github.com/nrwl/nx/issues/35340">#35340</a>, <a
href="https://redirect.github.com/nrwl/nx/issues/35711">#35711</a>, <a
href="https://redirect.github.com/nrwl/nx/issues/35752">#35752</a>, <a
href="https://redirect.github.com/nrwl/nx/issues/35991">#35991</a>)</li>
<li>⚠️ <strong>detox:</strong> deprecate the <code>@​nx/detox</code>
build and test executors (<a
href="https://redirect.github.com/nrwl/nx/pull/35529">#35529</a>)</li>
<li><strong>devkit:</strong> migrate <code>@nx/devkit/src/...</code>
deep imports (<a
href="https://redirect.github.com/nrwl/nx/pull/35541">#35541</a>, <a
href="https://redirect.github.com/nrwl/nx/issues/34946">#34946</a>)</li>
<li>⚠️ <strong>devkit:</strong> deprecate the standalone parameter of
addProjectConfiguration (<a
href="https://redirect.github.com/nrwl/nx/pull/35883">#35883</a>)</li>
<li><strong>gradle:</strong> stream batch task results to nx as they
finish (<a
href="https://redirect.github.com/nrwl/nx/pull/35487">#35487</a>)</li>
<li><strong>js:</strong> support pnpm 11.2.2 (<a
href="https://redirect.github.com/nrwl/nx/pull/35772">#3577…
This PR was automatically created to sync the generated `@supabase/api`
package with the latest Management API OpenAPI document.

Changes were detected in the upstream OpenAPI document exposed by
`https://api.supabase.com/api/v1-json`.

Co-authored-by: jgoux <1443499+jgoux@users.noreply.github.com>
Extract directory creation logic into a new `legacyMakeDir` utility that
matches Go's `os.MkdirAll` behavior by treating an already-existing
directory as success.

The Effect/Bun `FileSystem.makeDirectory` API can surface an
`AlreadyExists` `SystemError` for existing directories on some platforms
(notably Windows with OneDrive reparse points — CLI-1849), even with
`recursive: true`. This differs from Go's `os.MkdirAll`, which returns
nil when the target is already a directory.

**Key changes:**
- Add `legacyMakeDir` utility in
`apps/cli/src/legacy/shared/legacy-make-dir.ts` that wraps
`FileSystem.makeDirectory` and recovers from `AlreadyExists` errors
- Add comprehensive unit tests covering success case, `AlreadyExists`
recovery, and error propagation
- Replace three inline `makeDirectory` calls in `db diff`, `db pull`,
and `db schema declarative sync` handlers with `legacyMakeDir`

This ensures the CLI's migration writers never fail on a pre-existing
`supabase/migrations` directory, matching the original Go
implementation's behavior.

https://claude.ai/code/session_01AWa8Hr8BS2pZucac9r3wb7

Co-authored-by: Claude <noreply@anthropic.com>
This PR was automatically created to sync the generated `@supabase/api`
package with the latest Management API OpenAPI document.

Changes were detected in the upstream OpenAPI document exposed by
`https://api.supabase.com/api/v1-json`.

---------

Co-authored-by: jgoux <1443499+jgoux@users.noreply.github.com>
Co-authored-by: Julien Goux <hi@jgoux.dev>
…tes (#5730)

Bumps the go-minor group with 2 updates in the /apps/cli-go directory:
[github.com/andybalholm/brotli](https://github.com/andybalholm/brotli)
and
[github.com/oapi-codegen/nullable](https://github.com/oapi-codegen/nullable).
Bumps the go-minor group with 2 updates in the /apps/cli-go/pkg
directory:
[github.com/andybalholm/brotli](https://github.com/andybalholm/brotli)
and
[github.com/oapi-codegen/nullable](https://github.com/oapi-codegen/nullable).

Updates `github.com/andybalholm/brotli` from 1.2.1 to 1.2.2
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/andybalholm/brotli/commit/785aba538b2118979d2c573eccb287c4da157faf"><code>785aba5</code></a>
reuse hgroups</li>
<li><a
href="https://github.com/andybalholm/brotli/commit/b797a3535cbdd227ce3520cb0dfe01d83c2eeda9"><code>b797a35</code></a>
reuse block_type_trees</li>
<li>See full diff in <a
href="https://github.com/andybalholm/brotli/compare/v1.2.1...v1.2.2">compare
view</a></li>
</ul>
</details>
<br />

Updates `github.com/oapi-codegen/nullable` from 1.1.0 to 1.2.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/oapi-codegen/nullable/releases">github.com/oapi-codegen/nullable's
releases</a>.</em></p>
<blockquote>
<h2>New getter function</h2>
<h2>🚀 New features and improvements</h2>
<ul>
<li>feat: new method for fetching ignoring error (<a
href="https://redirect.github.com/oapi-codegen/nullable/issues/13">#13</a>)
<a href="https://github.com/lzap"><code>@​lzap</code></a></li>
</ul>
<p>There is now a <code>GetOrEmpty()</code> on <code>Nullable</code>
which will return the wrapped value if it's available, or it will create
a new zerovalue if <code>Nullable</code> is uninitialized, or
initialized to <code>nil</code>.</p>
<h2>📝 Documentation updates</h2>
<ul>
<li>docs(sponsors): add <code>FUNDING.yml</code> (<a
href="https://redirect.github.com/oapi-codegen/nullable/issues/9">#9</a>)
<a
href="https://github.com/jamietanna"><code>@​jamietanna</code></a></li>
</ul>
<h2>✍ Other changes</h2>
<ul>
<li>Update CI config (<a
href="https://redirect.github.com/oapi-codegen/nullable/issues/33">#33</a>)
<a
href="https://github.com/mromaszewicz"><code>@​mromaszewicz</code></a></li>
<li>chore: onboard to Renovate (<a
href="https://redirect.github.com/oapi-codegen/nullable/issues/5">#5</a>)
<a
href="https://github.com/jamietanna"><code>@​jamietanna</code></a></li>
</ul>
<h2>📦 Dependency updates</h2>
<ul>
<li>chore(deps): pin dependencies (<a
href="https://redirect.github.com/oapi-codegen/nullable/issues/16">#16</a>)
<a href="https://github.com/renovate"><code>@​renovate</code></a></li>
</ul>
<h2>Sponsors</h2>
<p>We would like to thank our sponsors for their support during this
release.</p>
<!-- raw HTML omitted -->
<!-- raw HTML omitted -->
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/oapi-codegen/nullable/commit/e4ef9c9376e8af534ae6fcc8b87f00a024cb645d"><code>e4ef9c9</code></a>
Merge pull request <a
href="https://redirect.github.com/oapi-codegen/nullable/issues/33">#33</a>
from oapi-codegen/chore/ci</li>
<li><a
href="https://github.com/oapi-codegen/nullable/commit/486afb97c1e3118fe099d133bdf5bc201c6bd4b9"><code>486afb9</code></a>
Update CI settings</li>
<li><a
href="https://github.com/oapi-codegen/nullable/commit/e5788251282d58f34bea50ecdb08c9469f4f15a2"><code>e578825</code></a>
Merge pull request <a
href="https://redirect.github.com/oapi-codegen/nullable/issues/13">#13</a>
from lzap/dig1</li>
<li><a
href="https://github.com/oapi-codegen/nullable/commit/6fde78b67c1bee57577b65b8a82f269d3221b261"><code>6fde78b</code></a>
feat: new method for fetching ignoring error</li>
<li><a
href="https://github.com/oapi-codegen/nullable/commit/55520a653f276b120fde6a9bc7bbaf5eeaa15134"><code>55520a6</code></a>
chore(deps): pin dependencies</li>
<li><a
href="https://github.com/oapi-codegen/nullable/commit/0d2a587518c93d9fda3b3d167d2d30bd07d4c207"><code>0d2a587</code></a>
docs(sponsors): add <code>FUNDING.yml</code></li>
<li><a
href="https://github.com/oapi-codegen/nullable/commit/07848389862fa8b98e3b5a6a4f119ad8a6042261"><code>0784838</code></a>
chore: onboard to Renovate</li>
<li>See full diff in <a
href="https://github.com/oapi-codegen/nullable/compare/v1.1.0...v1.2.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `github.com/andybalholm/brotli` from 1.2.1 to 1.2.2
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/andybalholm/brotli/commit/785aba538b2118979d2c573eccb287c4da157faf"><code>785aba5</code></a>
reuse hgroups</li>
<li><a
href="https://github.com/andybalholm/brotli/commit/b797a3535cbdd227ce3520cb0dfe01d83c2eeda9"><code>b797a35</code></a>
reuse block_type_trees</li>
<li>See full diff in <a
href="https://github.com/andybalholm/brotli/compare/v1.2.1...v1.2.2">compare
view</a></li>
</ul>
</details>
<br />

Updates `github.com/oapi-codegen/nullable` from 1.1.0 to 1.2.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/oapi-codegen/nullable/releases">github.com/oapi-codegen/nullable's
releases</a>.</em></p>
<blockquote>
<h2>New getter function</h2>
<h2>🚀 New features and improvements</h2>
<ul>
<li>feat: new method for fetching ignoring error (<a
href="https://redirect.github.com/oapi-codegen/nullable/issues/13">#13</a>)
<a href="https://github.com/lzap"><code>@​lzap</code></a></li>
</ul>
<p>There is now a <code>GetOrEmpty()</code> on <code>Nullable</code>
which will return the wrapped value if it's available, or it will create
a new zerovalue if <code>Nullable</code> is uninitialized, or
initialized to <code>nil</code>.</p>
<h2>📝 Documentation updates</h2>
<ul>
<li>docs(sponsors): add <code>FUNDING.yml</code> (<a
href="https://redirect.github.com/oapi-codegen/nullable/issues/9">#9</a>)
<a
href="https://github.com/jamietanna"><code>@​jamietanna</code></a></li>
</ul>
<h2>✍ Other changes</h2>
<ul>
<li>Update CI config (<a
href="https://redirect.github.com/oapi-codegen/nullable/issues/33">#33</a>)
<a
href="https://github.com/mromaszewicz"><code>@​mromaszewicz</code></a></li>
<li>chore: onboard to Renovate (<a
href="https://redirect.github.com/oapi-codegen/nullable/issues/5">#5</a>)
<a
href="https://github.com/jamietanna"><code>@​jamietanna</code></a></li>
</ul>
<h2>📦 Dependency updates</h2>
<ul>
<li>chore(deps): pin dependencies (<a
href="https://redirect.github.com/oapi-codegen/nullable/issues/16">#16</a>)
<a href="https://github.com/renovate"><code>@​renovate</code></a></li>
</ul>
<h2>Sponsors</h2>
<p>We would like to thank our sponsors for their support during this
release.</p>
<!-- raw HTML omitted -->
<!-- raw HTML omitted -->
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/oapi-codegen/nullable/commit/e4ef9c9376e8af534ae6fcc8b87f00a024cb645d"><code>e4ef9c9</code></a>
Merge pull request <a
href="https://redirect.github.com/oapi-codegen/nullable/issues/33">#33</a>
from oapi-codegen/chore/ci</li>
<li><a
href="https://github.com/oapi-codegen/nullable/commit/486afb97c1e3118fe099d133bdf5bc201c6bd4b9"><code>486afb9</code></a>
Update CI settings</li>
<li><a
href="https://github.com/oapi-codegen/nullable/commit/e5788251282d58f34bea50ecdb08c9469f4f15a2"><code>e578825</code></a>
Merge pull request <a
href="https://redirect.github.com/oapi-codegen/nullable/issues/13">#13</a>
from lzap/dig1</li>
<li><a
href="https://github.com/oapi-codegen/nullable/commit/6fde78b67c1bee57577b65b8a82f269d3221b261"><code>6fde78b</code></a>
feat: new method for fetching ignoring error</li>
<li><a
href="https://github.com/oapi-codegen/nullable/commit/55520a653f276b120fde6a9bc7bbaf5eeaa15134"><code>55520a6</code></a>
chore(deps): pin dependencies</li>
<li><a
href="https://github.com/oapi-codegen/nullable/commit/0d2a587518c93d9fda3b3d167d2d30bd07d4c207"><code>0d2a587</code></a>
docs(sponsors): add <code>FUNDING.yml</code></li>
<li><a
href="https://github.com/oapi-codegen/nullable/commit/07848389862fa8b98e3b5a6a4f119ad8a6042261"><code>0784838</code></a>
chore: onboard to Renovate</li>
<li>See full diff in <a
href="https://github.com/oapi-codegen/nullable/compare/v1.1.0...v1.2.0">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the npm-major group with 4 updates:
[@anthropic-ai/claude-agent-sdk](https://github.com/anthropics/claude-agent-sdk-typescript),
[@swc/core](https://github.com/swc-project/swc/tree/HEAD/packages/core),
[@typescript/native-preview](https://github.com/microsoft/typescript-go)
and [oxfmt](https://github.com/oxc-project/oxc/tree/HEAD/npm/oxfmt).

Updates `@anthropic-ai/claude-agent-sdk` from 0.3.185 to 0.3.186
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/anthropics/claude-agent-sdk-typescript/releases">@​anthropic-ai/claude-agent-sdk's
releases</a>.</em></p>
<blockquote>
<h2>v0.3.186</h2>
<h2>What's changed</h2>
<ul>
<li>Added <code>agent_id</code> field to <code>can_use_tool</code>
control requests — background agents now forward permission prompts to
<code>canUseTool</code> instead of auto-denying, and stdin stays open
while background tasks are running</li>
<li>Added <code>ReadMcpResourceDirTool</code> tool type to SDK schemas —
MCP resource directory listing is now a dedicated tool instead of a
fallback inside <code>ReadMcpResourceTool</code></li>
<li>Added <code>rewind_conversation</code> control request for rewinding
a conversation to a previous point with durable resume anchor
support</li>
</ul>
<h2>Update</h2>
<pre lang="sh"><code>npm install @anthropic-ai/claude-agent-sdk@0.3.186
# or
yarn add @anthropic-ai/claude-agent-sdk@0.3.186
# or
pnpm add @anthropic-ai/claude-agent-sdk@0.3.186
# or
bun add @anthropic-ai/claude-agent-sdk@0.3.186
</code></pre>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/anthropics/claude-agent-sdk-typescript/blob/main/CHANGELOG.md">@​anthropic-ai/claude-agent-sdk's
changelog</a>.</em></p>
<blockquote>
<h2>0.3.186</h2>
<ul>
<li>Added <code>agent_id</code> field to <code>can_use_tool</code>
control requests — background agents now forward permission prompts to
<code>canUseTool</code> instead of auto-denying, and stdin stays open
while background tasks are running</li>
<li>Added <code>ReadMcpResourceDirTool</code> tool type to SDK schemas —
MCP resource directory listing is now a dedicated tool instead of a
fallback inside <code>ReadMcpResourceTool</code></li>
<li>Added <code>rewind_conversation</code> control request for rewinding
a conversation to a previous point with durable resume anchor
support</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/anthropics/claude-agent-sdk-typescript/commit/42f6772cbaa694b27f78f8b435ef87cb95882f3f"><code>42f6772</code></a>
chore: Update CHANGELOG.md</li>
<li>See full diff in <a
href="https://github.com/anthropics/claude-agent-sdk-typescript/compare/v0.3.185...v0.3.186">compare
view</a></li>
</ul>
</details>
<br />

Updates `@swc/core` from 1.15.41 to 1.15.43
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/swc-project/swc/blob/main/CHANGELOG.md">@​swc/core's
changelog</a>.</em></p>
<blockquote>
<h2>[1.15.43] - 2026-06-22</h2>
<h3>Bug Fixes</h3>
<ul>
<li>
<p><strong>(es/es2022)</strong> Correct scope for private property brand
checks (<a
href="https://redirect.github.com/swc-project/swc/issues/11953">#11953</a>)
(<a
href="https://github.com/swc-project/swc/commit/fb5afa22796439b41a0b261b6a4823cab0dcc8df">fb5afa2</a>)</p>
</li>
<li>
<p><strong>(es/minifier)</strong> Preserve <code>cooked</code> when
concatenating template literals (<a
href="https://redirect.github.com/swc-project/swc/issues/11939">#11939</a>)
(<a
href="https://github.com/swc-project/swc/commit/a7244a65e2dcb28f20ab6d747fd782d02a8eebf9">a7244a6</a>)</p>
</li>
<li>
<p><strong>(es/minifier)</strong> Gate Number(x) -&gt; +x on unsafe flag
(<a
href="https://redirect.github.com/swc-project/swc/issues/11944">#11944</a>)
(<a
href="https://redirect.github.com/swc-project/swc/issues/11949">#11949</a>)
(<a
href="https://github.com/swc-project/swc/commit/617601978a4090cde8c0dd900c079cc7eb64b642">6176019</a>)</p>
</li>
<li>
<p><strong>(es/parser)</strong> Parse Flow bare renders types (<a
href="https://redirect.github.com/swc-project/swc/issues/11929">#11929</a>)
(<a
href="https://github.com/swc-project/swc/commit/a71c8eba7b0ef4280b8866cd8e6eebc5be10f0dc">a71c8eb</a>)</p>
</li>
<li>
<p><strong>(es/parser)</strong> Allow no-default builds (<a
href="https://redirect.github.com/swc-project/swc/issues/11956">#11956</a>)
(<a
href="https://github.com/swc-project/swc/commit/baab240500b8d7329fabfb3ec936ba62b59742db">baab240</a>)</p>
</li>
<li>
<p><strong>(es/react-compiler)</strong> Skip TypeScript
<code>this</code> pseudo-params in scope collector (<a
href="https://redirect.github.com/swc-project/swc/issues/11940">#11940</a>)
(<a
href="https://github.com/swc-project/swc/commit/9066c4319a8c4e8bf9dc97885d2d7ff3a26cf79f">9066c43</a>)</p>
</li>
<li>
<p><strong>(es/react-compiler)</strong> Scope ClassStaticBlock and
TsModuleBlock as var boundaries (<a
href="https://redirect.github.com/swc-project/swc/issues/11943">#11943</a>)
(<a
href="https://github.com/swc-project/swc/commit/1ee74a0cc5938a720e106221374c0d894396a16d">1ee74a0</a>)</p>
</li>
<li>
<p><strong>(react-compiler)</strong> Avoid reporting non-fatal success
errors as diagnostics (<a
href="https://redirect.github.com/swc-project/swc/issues/11951">#11951</a>)
(<a
href="https://github.com/swc-project/swc/commit/cb4cb230ec473cb42ccd27dc8d20702ccb24e653">cb4cb23</a>)</p>
</li>
<li>
<p><strong>(react-compiler)</strong> React compiler AST conversion for
wrapped assignment targets (<a
href="https://redirect.github.com/swc-project/swc/issues/11952">#11952</a>)
(<a
href="https://github.com/swc-project/swc/commit/fc9b4537a0e4adf8bce0f8834b7805a75a448a5b">fc9b453</a>)</p>
</li>
<li>
<p><strong>(react-compiler)</strong> Disable parser default features (<a
href="https://redirect.github.com/swc-project/swc/issues/11957">#11957</a>)
(<a
href="https://github.com/swc-project/swc/commit/75ddb28bceb2c88ea5f0aaa21e19d4f83f4ae5c7">75ddb28</a>)</p>
</li>
</ul>
<h3>Documentation</h3>
<ul>
<li>Document untrusted input security scope (<a
href="https://redirect.github.com/swc-project/swc/issues/11937">#11937</a>)
(<a
href="https://github.com/swc-project/swc/commit/677305b6fb204d5ffd391616f3e091c5c190893a">677305b</a>)</li>
</ul>
<h3>Features</h3>
<ul>
<li>
<p><strong>(es/react-compiler)</strong> Add React Compiler (<a
href="https://redirect.github.com/swc-project/swc/issues/11917">#11917</a>)
(<a
href="https://github.com/swc-project/swc/commit/b182fbd5bc0336f33ac1dec4ca0027d5b25ce1e3">b182fbd</a>)</p>
</li>
<li>
<p><strong>(swc)</strong> Gate react compiler re-export (<a
href="https://redirect.github.com/swc-project/swc/issues/11941">#11941</a>)
(<a
href="https://github.com/swc-project/swc/commit/dcc0f2d0c5c5b68656065277b0b84572286693a5">dcc0f2d</a>)</p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/swc-project/swc/commit/73f0f386da64fe432975183f9ccf28429b52638a"><code>73f0f38</code></a>
chore: Publish <code>1.15.43</code> with <code>swc_core</code>
<code>v71.0.3</code></li>
<li><a
href="https://github.com/swc-project/swc/commit/550e53919b7842d9d658e98c93bf7b3302a774c7"><code>550e539</code></a>
chore: Publish <code>1.15.43-nightly-20260622.1</code> with
<code>swc_core</code> <code>v71.0.3</code></li>
<li><a
href="https://github.com/swc-project/swc/commit/1523823214dfcbf266de67183ffbfd8bb2768bcb"><code>1523823</code></a>
chore: Publish <code>1.15.42-nightly-20260622.1</code> with
<code>swc_core</code> <code>v71.0.2</code></li>
<li><a
href="https://github.com/swc-project/swc/commit/0dffdc4998a5b8605de8f07fb0518bc60495a931"><code>0dffdc4</code></a>
refactor: Remove production tracing hooks (<a
href="https://github.com/swc-project/swc/tree/HEAD/packages/core/issues/11945">#11945</a>)</li>
<li><a
href="https://github.com/swc-project/swc/commit/b182fbd5bc0336f33ac1dec4ca0027d5b25ce1e3"><code>b182fbd</code></a>
feat(es/react-compiler): Add React Compiler (<a
href="https://github.com/swc-project/swc/tree/HEAD/packages/core/issues/11917">#11917</a>)</li>
<li>See full diff in <a
href="https://github.com/swc-project/swc/commits/v1.15.43/packages/core">compare
view</a></li>
</ul>
</details>
<br />

Updates `@typescript/native-preview` from 7.0.0-dev.20260621.1 to
7.0.0-dev.20260622.1
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/microsoft/typescript-go/commits">compare
view</a></li>
</ul>
</details>
<br />

Updates `oxfmt` from 0.55.0 to 0.56.0
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/oxc-project/oxc/blob/main/npm/oxfmt/CHANGELOG.md">oxfmt's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<p>All notable changes to this package will be documented in this
file.</p>
<p>The format is based on <a
href="https://keepachangelog.com/en/1.0.0">Keep a Changelog</a>.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/oxc-project/oxc/commit/c4be770f24adc4026efa96fb82182f743c55e423"><code>c4be770</code></a>
release(apps): oxlint v1.71.0 &amp;&amp; oxfmt v0.56.0 (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxfmt/issues/23707">#23707</a>)</li>
<li>See full diff in <a
href="https://github.com/oxc-project/oxc/commits/oxfmt_v0.56.0/npm/oxfmt">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…/apps/cli-go/pkg/config/templates (#5733)

Bumps supabase/postgres from 17.6.1.139 to 17.6.1.140.


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=supabase/postgres&package-manager=docker&previous-version=17.6.1.139&new-version=17.6.1.140)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…emplates with 6 updates (#5732)

Bumps the docker-minor group in /apps/cli-go/pkg/config/templates with 6
updates:

| Package | From | To |
| --- | --- | --- |
| postgrest/postgrest | `v14.13` | `v14.14` |
| supabase/studio | `2026.06.22-sha-2207d7f` | `2026.06.29-sha-20290c7`
|
| supabase/gotrue | `v2.191.0` | `v2.192.0` |
| supabase/realtime | `v2.112.0` | `v2.112.1` |
| supabase/storage-api | `v1.61.5` | `v1.61.7` |
| supabase/logflare | `1.45.4` | `1.45.6` |

Updates `postgrest/postgrest` from v14.13 to v14.14

Updates `supabase/studio` from 2026.06.22-sha-2207d7f to
2026.06.29-sha-20290c7

Updates `supabase/gotrue` from v2.191.0 to v2.192.0

Updates `supabase/realtime` from v2.112.0 to v2.112.1

Updates `supabase/storage-api` from v1.61.5 to v1.61.7

Updates `supabase/logflare` from 1.45.4 to 1.45.6


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the actions-major group with 4 updates:
[actions/setup-go](https://github.com/actions/setup-go),
[actions/cache/restore](https://github.com/actions/cache),
[actions/cache/save](https://github.com/actions/cache) and
[actions/cache](https://github.com/actions/cache).

Updates `actions/setup-go` from 6.4.0 to 6.5.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/setup-go/releases">actions/setup-go's
releases</a>.</em></p>
<blockquote>
<h2>v6.5.0</h2>
<h2>What's Changed</h2>
<h3>Dependency update</h3>
<ul>
<li>Upgrade actions dependencies by <a
href="https://github.com/priyagupta108"><code>@​priyagupta108</code></a>
with <a href="https://github.com/Copilot"><code>@​Copilot</code></a> in
<a
href="https://redirect.github.com/actions/setup-go/pull/744">actions/setup-go#744</a></li>
<li>Upgrade <code>@​types/node</code> and typescript-eslint dependencies
to resolve npm audit findings by <a
href="https://github.com/HarithaVattikuti"><code>@​HarithaVattikuti</code></a>
in <a
href="https://redirect.github.com/actions/setup-go/pull/755">actions/setup-go#755</a></li>
<li>Upgrade <code>@​actions/cache</code> to 5.1.0, log cache write
denied by <a
href="https://github.com/jasongin"><code>@​jasongin</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/758">actions/setup-go#758</a></li>
<li>Upgrade version to 6.5.0 in package.json and package-lock.json by <a
href="https://github.com/HarithaVattikuti"><code>@​HarithaVattikuti</code></a>
in <a
href="https://redirect.github.com/actions/setup-go/pull/762">actions/setup-go#762</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/priyagupta108"><code>@​priyagupta108</code></a>
with <a href="https://github.com/Copilot"><code>@​Copilot</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/setup-go/pull/744">actions/setup-go#744</a></li>
<li><a href="https://github.com/jasongin"><code>@​jasongin</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/setup-go/pull/758">actions/setup-go#758</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/setup-go/compare/v6...v6.5.0">https://github.com/actions/setup-go/compare/v6...v6.5.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/setup-go/commit/924ae3a1cded613372ab5595356fb5720e22ba16"><code>924ae3a</code></a>
chore: bump version to 6.5.0 in package.json and package-lock.json (<a
href="https://redirect.github.com/actions/setup-go/issues/762">#762</a>)</li>
<li><a
href="https://github.com/actions/setup-go/commit/e91cc3bfe0c3efd0b2d1dc3a51269c9038deb4f1"><code>e91cc3b</code></a>
Bump <code>@​actions/cache</code> to 5.1.0, log cache write denied (<a
href="https://redirect.github.com/actions/setup-go/issues/758">#758</a>)</li>
<li><a
href="https://github.com/actions/setup-go/commit/4a2405e6aebff6aabd8e43618539aa35cf90ac92"><code>4a2405e</code></a>
chore: update <code>@​types/node</code> and <a
href="https://github.com/typescript-eslint"><code>@​typescript-eslint</code></a>
dependencies to latest versi...</li>
<li><a
href="https://github.com/actions/setup-go/commit/78961f6f84d799cd858575bb931c3e51d3b13290"><code>78961f6</code></a>
chore: update <a
href="https://github.com/actions"><code>@​actions</code></a>
dependencies and refresh license cache (<a
href="https://redirect.github.com/actions/setup-go/issues/744">#744</a>)</li>
<li>See full diff in <a
href="https://github.com/actions/setup-go/compare/4a3601121dd01d1626a1e23e37211e3254c1c06c...924ae3a1cded613372ab5595356fb5720e22ba16">compare
view</a></li>
</ul>
</details>
<br />

Updates `actions/cache/restore` from 5.0.5 to 6.1.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/releases">actions/cache/restore's
releases</a>.</em></p>
<blockquote>
<h2>v6.1.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Bump <code>@​actions/cache</code> to v6.1.0 - handle read-only cache
access by <a
href="https://github.com/jasongin"><code>@​jasongin</code></a> in <a
href="https://redirect.github.com/actions/cache/pull/1768">actions/cache#1768</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/cache/compare/v6...v6.1.0">https://github.com/actions/cache/compare/v6...v6.1.0</a></p>
<h2>v6.0.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Update packages, migrate to ESM by <a
href="https://github.com/Samirat"><code>@​Samirat</code></a> in <a
href="https://redirect.github.com/actions/cache/pull/1760">actions/cache#1760</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/cache/compare/v5...v6.0.0">https://github.com/actions/cache/compare/v5...v6.0.0</a></p>
<h2>v5.1.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Bump <code>@​actions/cache</code> to v5.1.0 - handle read-only cache
access by <a
href="https://github.com/jasongin"><code>@​jasongin</code></a> in <a
href="https://redirect.github.com/actions/cache/pull/1775">actions/cache#1775</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/cache/compare/v5...v5.1.0">https://github.com/actions/cache/compare/v5...v5.1.0</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache/restore's
changelog</a>.</em></p>
<blockquote>
<h1>Releases</h1>
<h2>How to prepare a release</h2>
<blockquote>
<p>[!NOTE]
Relevant for maintainers with write access only.</p>
</blockquote>
<ol>
<li>Switch to a new branch from <code>main</code>.</li>
<li>Run <code>npm test</code> to ensure all tests are passing.</li>
<li>Update the version in <a
href="https://github.com/actions/cache/blob/main/package.json"><code>https://github.com/actions/cache/blob/main/package.json</code></a>.</li>
<li>Run <code>npm run build</code> to update the compiled files.</li>
<li>Update this <a
href="https://github.com/actions/cache/blob/main/RELEASES.md"><code>https://github.com/actions/cache/blob/main/RELEASES.md</code></a>
with the new version and changes in the <code>## Changelog</code>
section.</li>
<li>Run <code>licensed cache</code> to update the license report.</li>
<li>Run <code>licensed status</code> and resolve any warnings by
updating the <a
href="https://github.com/actions/cache/blob/main/.licensed.yml"><code>https://github.com/actions/cache/blob/main/.licensed.yml</code></a>
file with the exceptions.</li>
<li>Commit your changes and push your branch upstream.</li>
<li>Open a pull request against <code>main</code> and get it reviewed
and merged.</li>
<li>Draft a new release <a
href="https://github.com/actions/cache/releases">https://github.com/actions/cache/releases</a>
use the same version number used in <code>package.json</code>
<ol>
<li>Create a new tag with the version number.</li>
<li>Auto generate release notes and update them to match the changes you
made in <code>RELEASES.md</code>.</li>
<li>Toggle the set as the latest release option.</li>
<li>Publish the release.</li>
</ol>
</li>
<li>Navigate to <a
href="https://github.com/actions/cache/actions/workflows/release-new-action-version.yml">https://github.com/actions/cache/actions/workflows/release-new-action-version.yml</a>
<ol>
<li>There should be a workflow run queued with the same version
number.</li>
<li>Approve the run to publish the new version and update the major tags
for this action.</li>
</ol>
</li>
</ol>
<h2>Changelog</h2>
<h3>6.1.0</h3>
<ul>
<li>Bump <code>@actions/cache</code> to v6.1.0 to pick up <a
href="https://redirect.github.com/actions/toolkit/pull/2435">actions/toolkit#2435
Handle cache write error due to read-only token</a></li>
<li>Switch redundant &quot;Cache save failed&quot; warning to debug log
in save-only</li>
</ul>
<h3>6.0.0</h3>
<ul>
<li>Updated <code>@actions/cache</code> to ^6.0.1,
<code>@actions/core</code> to ^3.0.1, <code>@actions/exec</code> to
^3.0.0, <code>@actions/io</code> to ^3.0.2</li>
<li>Migrated to ESM module system</li>
<li>Upgraded Jest to v30 and test infrastructure to be ESM
compatible</li>
</ul>
<h3>5.0.4</h3>
<ul>
<li>Bump <code>minimatch</code> to v3.1.5 (fixes ReDoS via globstar
patterns)</li>
<li>Bump <code>undici</code> to v6.24.1 (WebSocket decompression bomb
protection, header validation fixes)</li>
<li>Bump <code>fast-xml-parser</code> to v5.5.6</li>
</ul>
<h3>5.0.3</h3>
<ul>
<li>Bump <code>@actions/cache</code> to v5.0.5 (Resolves: <a
href="https://github.com/actions/cache/security/dependabot/33">https://github.com/actions/cache/security/dependabot/33</a>)</li>
<li>Bump <code>@actions/core</code> to v2.0.3</li>
</ul>
<h3>5.0.2</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/cache/commit/55cc8345863c7cc4c66a329aec7e433d2d1c52a9"><code>55cc834</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/cache/issues/1768">#1768</a>
from jasongin/readonly-cache</li>
<li><a
href="https://github.com/actions/cache/commit/d8cd72f230726cdf4457ebb61ec1b593a8d12337"><code>d8cd72f</code></a>
Bump <code>@​actions/cache</code> to v6.1.0 - handle cache write error
due to RO token</li>
<li><a
href="https://github.com/actions/cache/commit/2c8a9bd7457de244a408f35966fab2fb45fda9c8"><code>2c8a9bd</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/cache/issues/1760">#1760</a>
from actions/samirat/esm_migration_and_package_update</li>
<li><a
href="https://github.com/actions/cache/commit/e9b91fdc3fea7d79165fceb79042ef45c2d51023"><code>e9b91fd</code></a>
Prettier fixes</li>
<li><a
href="https://github.com/actions/cache/commit/e4884b8ff7f92ef6b52c79eda480bbc86e685adb"><code>e4884b8</code></a>
Rebuild dist</li>
<li><a
href="https://github.com/actions/cache/commit/10baf0191a3c426ea0fa4a3253a5c04233b6e18f"><code>10baf01</code></a>
Fixed licenses</li>
<li><a
href="https://github.com/actions/cache/commit/e39b386c9004d72a15d864ade8c0b3a702d47a37"><code>e39b386</code></a>
Fix test mock return order</li>
<li><a
href="https://github.com/actions/cache/commit/b6928203372a8571ff984c0c883ef3a1adfb0c06"><code>b692820</code></a>
PR feedback</li>
<li><a
href="https://github.com/actions/cache/commit/60749128a44d25d3c520a489e576380cf00ff3f1"><code>6074912</code></a>
Rebuild dist bundles as ESM to match type:module</li>
<li><a
href="https://github.com/actions/cache/commit/5a912e8b4af820fa082a0e75cfd2c782f8fbfe0e"><code>5a912e8</code></a>
Fix lint and jest issues</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/cache/compare/27d5ce7f107fe9357f9df03efb73ab90386fccae...55cc8345863c7cc4c66a329aec7e433d2d1c52a9">compare
view</a></li>
</ul>
</details>
<br />

Updates `actions/cache/save` from 5.0.5 to 6.1.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/releases">actions/cache/save's
releases</a>.</em></p>
<blockquote>
<h2>v6.1.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Bump <code>@​actions/cache</code> to v6.1.0 - handle read-only cache
access by <a
href="https://github.com/jasongin"><code>@​jasongin</code></a> in <a
href="https://redirect.github.com/actions/cache/pull/1768">actions/cache#1768</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/cache/compare/v6...v6.1.0">https://github.com/actions/cache/compare/v6...v6.1.0</a></p>
<h2>v6.0.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Update packages, migrate to ESM by <a
href="https://github.com/Samirat"><code>@​Samirat</code></a> in <a
href="https://redirect.github.com/actions/cache/pull/1760">actions/cache#1760</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/cache/compare/v5...v6.0.0">https://github.com/actions/cache/compare/v5...v6.0.0</a></p>
<h2>v5.1.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Bump <code>@​actions/cache</code> to v5.1.0 - handle read-only cache
access by <a
href="https://github.com/jasongin"><code>@​jasongin</code></a> in <a
href="https://redirect.github.com/actions/cache/pull/1775">actions/cache#1775</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/cache/compare/v5...v5.1.0">https://github.com/actions/cache/compare/v5...v5.1.0</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache/save's
changelog</a>.</em></p>
<blockquote>
<h1>Releases</h1>
<h2>How to prepare a release</h2>
<blockquote>
<p>[!NOTE]
Relevant for maintainers with write access only.</p>
</blockquote>
<ol>
<li>Switch to a new branch from <code>main</code>.</li>
<li>Run <code>npm test</code> to ensure all tests are passing.</li>
<li>Update the version in <a
href="https://github.com/actions/cache/blob/main/package.json"><code>https://github.com/actions/cache/blob/main/package.json</code></a>.</li>
<li>Run <code>npm run build</code> to update the compiled files.</li>
<li>Update this <a
href="https://github.com/actions/cache/blob/main/RELEASES.md"><code>https://github.com/actions/cache/blob/main/RELEASES.md</code></a>
with the new version and changes in the <code>## Changelog</code>
section.</li>
<li>Run <code>licensed cache</code> to update the license report.</li>
<li>Run <code>licensed status</code> and resolve any warnings by
updating the <a
href="https://github.com/actions/cache/blob/main/.licensed.yml"><code>https://github.com/actions/cache/blob/main/.licensed.yml</code></a>
file with the exceptions.</li>
<li>Commit your changes and push your branch upstream.</li>
<li>Open a pull request against <code>main</code> and get it reviewed
and merged.</li>
<li>Draft a new release <a
href="https://github.com/actions/cache/releases">https://github.com/actions/cache/releases</a>
use the same version number used in <code>package.json</code>
<ol>
<li>Create a new tag with the version number.</li>
<li>Auto generate release notes and update them to match the changes you
made in <code>RELEASES.md</code>.</li>
<li>Toggle the set as the latest release option.</li>
<li>Publish the release.</li>
</ol>
</li>
<li>Navigate to <a
href="https://github.com/actions/cache/actions/workflows/release-new-action-version.yml">https://github.com/actions/cache/actions/workflows/release-new-action-version.yml</a>
<ol>
<li>There should be a workflow run queued with the same version
number.</li>
<li>Approve the run to publish the new version and update the major tags
for this action.</li>
</ol>
</li>
</ol>
<h2>Changelog</h2>
<h3>6.1.0</h3>
<ul>
<li>Bump <code>@actions/cache</code> to v6.1.0 to pick up <a
href="https://redirect.github.com/actions/toolkit/pull/2435">actions/toolkit#2435
Handle cache write error due to read-only token</a></li>
<li>Switch redundant &quot;Cache save failed&quot; warning to debug log
in save-only</li>
</ul>
<h3>6.0.0</h3>
<ul>
<li>Updated <code>@actions/cache</code> to ^6.0.1,
<code>@actions/core</code> to ^3.0.1, <code>@actions/exec</code> to
^3.0.0, <code>@actions/io</code> to ^3.0.2</li>
<li>Migrated to ESM module system</li>
<li>Upgraded Jest to v30 and test infrastructure to be ESM
compatible</li>
</ul>
<h3>5.0.4</h3>
<ul>
<li>Bump <code>minimatch</code> to v3.1.5 (fixes ReDoS via globstar
patterns)</li>
<li>Bump <code>undici</code> to v6.24.1 (WebSocket decompression bomb
protection, header validation fixes)</li>
<li>Bump <code>fast-xml-parser</code> to v5.5.6</li>
</ul>
<h3>5.0.3</h3>
<ul>
<li>Bump <code>@actions/cache</code> to v5.0.5 (Resolves: <a
href="https://github.com/actions/cache/security/dependabot/33">https://github.com/actions/cache/security/dependabot/33</a>)</li>
<li>Bump <code>@actions/core</code> to v2.0.3</li>
</ul>
<h3>5.0.2</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/cache/commit/55cc8345863c7cc4c66a329aec7e433d2d1c52a9"><code>55cc834</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/cache/issues/1768">#1768</a>
from jasongin/readonly-cache</li>
<li><a
href="https://github.com/actions/cache/commit/d8cd72f230726cdf4457ebb61ec1b593a8d12337"><code>d8cd72f</code></a>
Bump <code>@​actions/cache</code> to v6.1.0 - handle cache write error
due to RO token</li>
<li><a
href="https://github.com/actions/cache/commit/2c8a9bd7457de244a408f35966fab2fb45fda9c8"><code>2c8a9bd</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/cache/issues/1760">#1760</a>
from actions/samirat/esm_migration_and_package_update</li>
<li><a
href="https://github.com/actions/cache/commit/e9b91fdc3fea7d79165fceb79042ef45c2d51023"><code>e9b91fd</code></a>
Prettier fixes</li>
<li><a
href="https://github.com/actions/cache/commit/e4884b8ff7f92ef6b52c79eda480bbc86e685adb"><code>e4884b8</code></a>
Rebuild dist</li>
<li><a
href="https://github.com/actions/cache/commit/10baf0191a3c426ea0fa4a3253a5c04233b6e18f"><code>10baf01</code></a>
Fixed licenses</li>
<li><a
href="https://github.com/actions/cache/commit/e39b386c9004d72a15d864ade8c0b3a702d47a37"><code>e39b386</code></a>
Fix test mock return order</li>
<li><a
href="https://github.com/actions/cache/commit/b6928203372a8571ff984c0c883ef3a1adfb0c06"><code>b692820</code></a>
PR feedback</li>
<li><a
href="https://github.com/actions/cache/commit/60749128a44d25d3c520a489e576380cf00ff3f1"><code>6074912</code></a>
Rebuild dist bundles as ESM to match type:module</li>
<li><a
href="https://github.com/actions/cache/commit/5a912e8b4af820fa082a0e75cfd2c782f8fbfe0e"><code>5a912e8</code></a>
Fix lint and jest issues</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/cache/compare/27d5ce7f107fe9357f9df03efb73ab90386fccae...55cc8345863c7cc4c66a329aec7e433d2d1c52a9">compare
view</a></li>
</ul>
</details>
<br />

Updates `actions/cache` from 5.0.5 to 6.1.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/releases">actions/cache's
releases</a>.</em></p>
<blockquote>
<h2>v6.1.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Bump <code>@​actions/cache</code> to v6.1.0 - handle read-only cache
access by <a
href="https://github.com/jasongin"><code>@​jasongin</code></a> in <a
href="https://redirect.github.com/actions/cache/pull/1768">actions/cache#1768</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/cache/compare/v6...v6.1.0">https://github.com/actions/cache/compare/v6...v6.1.0</a></p>
<h2>v6.0.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Update packages, migrate to ESM by <a
href="https://github.com/Samirat"><code>@​Samirat</code></a> in <a
href="https://redirect.github.com/actions/cache/pull/1760">actions/cache#1760</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/cache/compare/v5...v6.0.0">https://github.com/actions/cache/compare/v5...v6.0.0</a></p>
<h2>v5.1.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Bump <code>@​actions/cache</code> to v5.1.0 - handle read-only cache
access by <a
href="https://github.com/jasongin"><code>@​jasongin</code></a> in <a
href="https://redirect.github.com/actions/cache/pull/1775">actions/cache#1775</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/cache/compare/v5...v5.1.0">https://github.com/actions/cache/compare/v5...v5.1.0</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's
changelog</a>.</em></p>
<blockquote>
<h1>Releases</h1>
<h2>How to prepare a release</h2>
<blockquote>
<p>[!NOTE]
Relevant for maintainers with write access only.</p>
</blockquote>
<ol>
<li>Switch to a new branch from <code>main</code>.</li>
<li>Run <code>npm test</code> to ensure all tests are passing.</li>
<li>Update the version in <a
href="https://github.com/actions/cache/blob/main/package.json"><code>https://github.com/actions/cache/blob/main/package.json</code></a>.</li>
<li>Run <code>npm run build</code> to update the compiled files.</li>
<li>Update this <a
href="https://github.com/actions/cache/blob/main/RELEASES.md"><code>https://github.com/actions/cache/blob/main/RELEASES.md</code></a>
with the new version and changes in the <code>## Changelog</code>
section.</li>
<li>Run <code>licensed cache</code> to update the license report.</li>
<li>Run <code>licensed status</code> and resolve any warnings by
updating the <a
href="https://github.com/actions/cache/blob/main/.licensed.yml"><code>https://github.com/actions/cache/blob/main/.licensed.yml</code></a>
file with the exceptions.</li>
<li>Commit your changes and push your branch upstream.</li>
<li>Open a pull request against <code>main</code> and get it reviewed
and merged.</li>
<li>Draft a new release <a
href="https://github.com/actions/cache/releases">https://github.com/actions/cache/releases</a>
use the same version number used in <code>package.json</code>
<ol>
<li>Create a new tag with the version number.</li>
<li>Auto generate release notes and update them to match the changes you
made in <code>RELEASES.md</code>.</li>
<li>Toggle the set as the latest release option.</li>
<li>Publish the release.</li>
</ol>
</li>
<li>Navigate to <a
href="https://github.com/actions/cache/actions/workflows/release-new-action-version.yml">https://github.com/actions/cache/actions/workflows/release-new-action-version.yml</a>
<ol>
<li>There should be a workflow run queued with the same version
number.</li>
<li>Approve the run to publish the new version and update the major tags
for this action.</li>
</ol>
</li>
</ol>
<h2>Changelog</h2>
<h3>6.1.0</h3>
<ul>
<li>Bump <code>@actions/cache</code> to v6.1.0 to pick up <a
href="https://redirect.github.com/actions/toolkit/pull/2435">actions/toolkit#2435
Handle cache write error due to read-only token</a></li>
<li>Switch redundant &quot;Cache save failed&quot; warning to debug log
in save-only</li>
</ul>
<h3>6.0.0</h3>
<ul>
<li>Updated <code>@actions/cache</code> to ^6.0.1,
<code>@actions/core</code> to ^3.0.1, <code>@actions/exec</code> to
^3.0.0, <code>@actions/io</code> to ^3.0.2</li>
<li>Migrated to ESM module system</li>
<li>Upgraded Jest to v30 and test infrastructure to be ESM
compatible</li>
</ul>
<h3>5.0.4</h3>
<ul>
<li>Bump <code>minimatch</code> to v3.1.5 (fixes ReDoS via globstar
patterns)</li>
<li>Bump <code>undici</code> to v6.24.1 (WebSocket decompression bomb
protection, header validation fixes)</li>
<li>Bump <code>fast-xml-parser</code> to v5.5.6</li>
</ul>
<h3>5.0.3</h3>
<ul>
<li>Bump <code>@actions/cache</code> to v5.0.5 (Resolves: <a
href="https://github.com/actions/cache/security/dependabot/33">https://github.com/actions/cache/security/dependabot/33</a>)</li>
<li>Bump <code>@actions/core</code> to v2.0.3</li>
</ul>
<h3>5.0.2</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/cache/commit/55cc8345863c7cc4c66a329aec7e433d2d1c52a9"><code>55cc834</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/cache/issues/1768">#1768</a>
from jasongin/readonly-cache</li>
<li><a
href="https://github.com/actions/cache/commit/d8cd72f230726cdf4457ebb61ec1b593a8d12337"><code>d8cd72f</code></a>
Bump <code>@​actions/cache</code> to v6.1.0 - handle cache write error
due to RO token</li>
<li><a
href="https://github.com/actions/cache/commit/2c8a9bd7457de244a408f35966fab2fb45fda9c8"><code>2c8a9bd</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/cache/issues/1760">#1760</a>
from actions/samirat/esm_migration_and_package_update</li>
<li><a
href="https://github.com/actions/cache/commit/e9b91fdc3fea7d79165fceb79042ef45c2d51023"><code>e9b91fd</code></a>
Prettier fixes</li>
<li><a
href="https://github.com/actions/cache/commit/e4884b8ff7f92ef6b52c79eda480bbc86e685adb"><code>e4884b8</code></a>
Rebuild dist</li>
<li><a
href="https://github.com/actions/cache/commit/10baf0191a3c426ea0fa4a3253a5c04233b6e18f"><code>10baf01</code></a>
Fixed licenses</li>
<li><a
href="https://github.com/actions/cache/commit/e39b386c9004d72a15d864ade8c0b3a702d47a37"><code>e39b386</code></a>
Fix test mock return order</li>
<li><a
href="https://github.com/actions/cache/commit/b6928203372a8571ff984c0c883ef3a1adfb0c06"><code>b692820</code></a>
PR feedback</li>
<li><a
href="https://github.com/actions/cache/commit/60749128a44d25d3c520a489e576380cf00ff3f1"><code>6074912</code></a>
Rebuild dist bundles as ESM to match type:module</li>
<li><a
href="https://github.com/actions/cache/commit/5a912e8b4af820fa082a0e75cfd2c782f8fbfe0e"><code>5a912e8</code></a>
Fix lint and jest issues</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/cache/compare/27d5ce7f107fe9357f9df03efb73ab90386fccae...55cc8345863c7cc4c66a329aec7e433d2d1c52a9">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
## TL;DR 
Fixes `config push` failing when the remote Storage config omits
`databasePoolMode`

## ref:
- closes #5728
- closes #5726
This PR was automatically created to sync API types from the
infrastructure repository.

Changes were detected in the generated API code after syncing with the
latest spec from infrastructure.

---------

Co-authored-by: supabase-cli-releaser[bot] <246109035+supabase-cli-releaser[bot]@users.noreply.github.com>
Co-authored-by: Andrew Valleteau <avallete@users.noreply.github.com>
Co-authored-by: Claude <noreply@anthropic.com>
…5671)

## What changed

Ports 6 of 7 `supabase migration` subcommands from Go-proxy delegates to
native Effect/TypeScript in the legacy shell:

- `migration new` — writes `supabase/migrations/<ts>_<name>.sql` from
piped stdin
- `migration list` — merged Local / Remote / Time-UTC Glamour table;
defaults to `--linked`
- `migration fetch` — writes history rows to `supabase/migrations/`;
overwrite prompt
- `migration repair` — transactional create-table +
TRUNCATE/UPSERT/DELETE; repair-all prompt
- `migration up` — pending compute, `[db.vault]` upsert, per-file apply;
`--include-all`
- `migration down` — revert prompt → drop user schemas → vault →
migrate&seed to target version

Shared infra: consolidated `legacy-migration-history.ts` (SQL +
reconcile/pending/read helpers), hoisted `legacy-migration-file.ts` out
of `db/shared`, new `legacy-drop-objects.ts` / `legacy-vault.ts` /
`legacy-seed.ts` (with an `fs.Glob` port) /
`legacy-migrate-and-seed.ts`, and a `legacyReadDbToml` extension for
`[db.seed]` / `[db.vault]` / `[db.migrations]`. `db diff` / `db pull` /
declarative call sites were re-pointed to the consolidated module.

## Why

Replaces the last `migration` Go-proxy handlers with native
implementations (M5: Database & Migrations, CLI-1312), removing the
Go-binary dependency for these commands while preserving Go output /
flag / exit-code parity.

## Reviewer notes

- **`migration squash` is intentionally still a Go-proxy delegate.** A
native squash would emit pg-delta diff format instead of Go's `pg_dump`
bytes — a documented divergence (CLI-1597) that is *not* byte parity —
and needs a bare-baseline-shadow seam mode that does not exist yet. Kept
on the proxy (byte-identical to Go) until CLI-1597's rewrite, similar to
`db diff --use-pgadmin`.
- **`migration up` does not seed** — matches Go (`up.Run` only applies
migrations + upserts vault; seeding is `down`-only via
`MigrateAndSeed`).
- **Transaction shape:** Go runs repair/baseline/vault/seed DML via
`pgx.Batch` (no explicit transaction). `LegacyDbSession` has no batch
primitive, so the port wraps these in explicit
`BEGIN`/`COMMIT`/`ROLLBACK` — atomic, a deliberate safer divergence on
partial-failure paths; the success path is identical. The one exception
is pipeline-incompatible statements (see next note), which must run
outside any transaction.
- **Pipeline-incompatible statements run outside the transaction (adopts
#5156).** `migration up`/`down` (and declarative `sync`)
apply each file inside a `BEGIN`/`COMMIT`, but `CREATE INDEX
CONCURRENTLY`, `VACUUM`, `REINDEX … CONCURRENTLY`, `ALTER SYSTEM`, and
`CLUSTER` cannot run in a transaction block (SQLSTATE 25001).
`legacyApplyMigrationFile` now detects them
(`legacyIsPipelineIncompatible`), flushes the open batch, runs the
statement standalone, then resumes batching; the history insert lands in
the final batch so the migration is recorded only after every statement
succeeds. Files without such statements stay a single `BEGIN`/`COMMIT`
(behaviour unchanged). This ports the Go fix from #5156
directly into the native TS apply — that Go PR is being closed in favour
of this implementation, since these commands are now native TS. Fixes
#5139.
- **`migration down`** skips Go's best-effort
`pgcache.TryCacheMigrationsCatalog` (a guaranteed no-op there, since
`down` always passes a concrete version).
- Dotenvx-`encrypted:` `[db.vault]` values are not decrypted; they are
treated as unresolved/skipped, matching Go's outcome when no
`DOTENV_PRIVATE_KEY` is present.
- **Migration `--local` connect-error parity tests canonicalize
stderr.** The `migration … --local` e2e parity cases exercise the
connection-refused path, where the TS connect-error stderr does not yet
byte-match Go (Go: `Connecting to local database…` + pgconn dial error +
`SetConnectSuggestion`; TS: `@effect/sql-pg` `SqlError` + `--debug`
hint). Exit code, stdout, request log, and filesystem stay under strict
parity; the known stderr divergence is normalized to the shared `failed
to connect to postgres:` prefix, and the behaviour tests still assert
the meaningful substring + non-zero exit. Porting the connect-error
shaping to Go's wording is tracked separately.

Per-subcommand `SIDE_EFFECTS.md` and `docs/go-cli-porting-status.md` are
updated.

CLOSES CLI-1312
Automatically backfills the image mirror when the CLI template
Dockerfile changes, so a dependabot image bump no longer leaves develop
(and PRs rebased on it) failing the ghcr.io-pinned `Start` check with
`manifest unknown`.

## Background

The `Start` job in `cli-go-ci.yml` pins
`SUPABASE_INTERNAL_IMAGE_REGISTRY=ghcr.io`, so it only goes green once a
bumped tag exists on the mirror. Dependabot bumps the Dockerfile before
the new tag is mirrored, and the mirror previously only ran via manual
`workflow_dispatch` — so the bump merged red and every subsequent PR
touching `apps/cli-go/**` inherited the same failure until someone
mirrored by hand. This was the catch-22 already noted in
`cli-go-mirror.yml`.

## Changes

- **New workflow `mirror-template-images.yml`** — runs on `push` to
develop when `apps/cli-go/pkg/config/templates/Dockerfile` changes (plus
`workflow_dispatch`). It detects any image tag missing from the mirror
and backfills it by reusing the existing `cli-go-mirror-image.yml`
reusable workflow. It runs on push rather than the PR on purpose:
mirroring needs the AWS role + `packages:write`, which a
dependabot-triggered `pull_request` run cannot be granted, and this
avoids `pull_request_target`. The backfill runs as soon as the bump
lands on develop, repopulating the mirror so develop and rebased PRs
pass `Start`.

- **New script `apps/cli/scripts/detect-unmirrored-images.ts`** — parses
the template Dockerfile, checks each image against the mirror with
`docker buildx imagetools inspect`, and writes the missing tags as JSON
to `$GITHUB_OUTPUT` for the workflow matrix. The detection helpers
(`mirrorImageTarget`, `mirrorImageTargets`, `partitionUnmirroredImages`)
are exported and unit-tested; the executable entry is guarded by
`import.meta.main`.
- Checks **every** image, not just third-party ones, and an image counts
as mirrored only when present on **all** mirror registries
(`public.ecr.aws` and `ghcr.io`) — a tag on one but missing from the
other is re-pushed. Anonymous `imagetools inspect` works for public ECR,
so the detect job needs no AWS credentials.
- Idempotent: once an image is on every registry it is skipped, so a
re-run is a no-op.

- **`detect-unmirrored-images.unit.test.ts`** — covers target
derivation, the both-registries rule, de-duplication, and the idempotent
re-run.

- **`cli-go-mirror.yml`** — clarified that it is now the manual/bulk
entry point; template bumps are mirrored automatically by the new
workflow.

https://claude.ai/code/session_01DEeGQ3JAwQD1PGEENE13dc

---------

Co-authored-by: Claude <noreply@anthropic.com>
Replace GitHub Actions cache with artifacts for passing build outputs
between jobs in the release workflow. This improves reliability by using
run-scoped artifacts with deterministic retention instead of a shared 10
GB cache budget that can be evicted LRU mid-run.

**Key changes:**

- **build-cli-artifacts.yml**: Replace `actions/cache/save` with
`actions/upload-artifact` to hand off compiled binaries and dist files
to downstream jobs. Artifacts are configured with 1-day retention, light
compression (binaries already compressed), and overwrite enabled for job
re-runs.

- **release-shared.yml**: Replace all `actions/cache/restore` calls with
`actions/download-artifact` in publish, publish-homebrew, and
publish-scoop jobs. Update artifact names to match the new naming scheme
(`cli-build-{shell}-{version}{suffix}`).

- **build-cli-artifacts.yml**: Rename `cache_key_suffix` input to
`artifact_name_suffix` for clarity.

- **release-shared.yml**: Add missing binary permission fix step in the
npm-publish job (chmod +x on compiled binaries) to match the pattern
used in other publish jobs, since artifacts don't preserve Unix
permissions.

- **publish-preview-cli-packages.yml**: Update preview build artifact
retrieval to use `actions/download-artifact`.

This change eliminates the risk of cache eviction between the build
producer and downstream consumers while simplifying the artifact naming
and handoff logic.

https://claude.ai/code/session_012AkD2XxUdcrBLH58fQr7yi

Co-authored-by: Claude <noreply@anthropic.com>
Bumps the actions-major group with 2 updates:
[actions/upload-artifact](https://github.com/actions/upload-artifact)
and
[actions/download-artifact](https://github.com/actions/download-artifact).

Updates `actions/upload-artifact` from 4.6.2 to 7.0.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's
releases</a>.</em></p>
<blockquote>
<h2>v7.0.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Update the readme with direct upload details by <a
href="https://github.com/danwkennedy"><code>@​danwkennedy</code></a> in
<a
href="https://redirect.github.com/actions/upload-artifact/pull/795">actions/upload-artifact#795</a></li>
<li>Readme: bump all the example versions to v7 by <a
href="https://github.com/danwkennedy"><code>@​danwkennedy</code></a> in
<a
href="https://redirect.github.com/actions/upload-artifact/pull/796">actions/upload-artifact#796</a></li>
<li>Include changes in typespec/ts-http-runtime 0.3.5 by <a
href="https://github.com/yacaovsnc"><code>@​yacaovsnc</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/797">actions/upload-artifact#797</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/upload-artifact/compare/v7...v7.0.1">https://github.com/actions/upload-artifact/compare/v7...v7.0.1</a></p>
<h2>v7.0.0</h2>
<h2>v7 What's new</h2>
<h3>Direct Uploads</h3>
<p>Adds support for uploading single files directly (unzipped). Callers
can set the new <code>archive</code> parameter to <code>false</code> to
skip zipping the file during upload. Right now, we only support single
files. The action will fail if the glob passed resolves to multiple
files. The <code>name</code> parameter is also ignored with this
setting. Instead, the name of the artifact will be the name of the
uploaded file.</p>
<h3>ESM</h3>
<p>To support new versions of the <code>@actions/*</code> packages,
we've upgraded the package to ESM.</p>
<h2>What's Changed</h2>
<ul>
<li>Add proxy integration test by <a
href="https://github.com/Link"><code>@​Link</code></a>- in <a
href="https://redirect.github.com/actions/upload-artifact/pull/754">actions/upload-artifact#754</a></li>
<li>Upgrade the module to ESM and bump dependencies by <a
href="https://github.com/danwkennedy"><code>@​danwkennedy</code></a> in
<a
href="https://redirect.github.com/actions/upload-artifact/pull/762">actions/upload-artifact#762</a></li>
<li>Support direct file uploads by <a
href="https://github.com/danwkennedy"><code>@​danwkennedy</code></a> in
<a
href="https://redirect.github.com/actions/upload-artifact/pull/764">actions/upload-artifact#764</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/Link"><code>@​Link</code></a>- made
their first contribution in <a
href="https://redirect.github.com/actions/upload-artifact/pull/754">actions/upload-artifact#754</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/upload-artifact/compare/v6...v7.0.0">https://github.com/actions/upload-artifact/compare/v6...v7.0.0</a></p>
<h2>v6.0.0</h2>
<h2>v6 - What's new</h2>
<blockquote>
<p>[!IMPORTANT]
actions/upload-artifact@v6 now runs on Node.js 24 (<code>runs.using:
node24</code>) and requires a minimum Actions Runner version of 2.327.1.
If you are using self-hosted runners, ensure they are updated before
upgrading.</p>
</blockquote>
<h3>Node.js 24</h3>
<p>This release updates the runtime to Node.js 24. v5 had preliminary
support for Node.js 24, however this action was by default still running
on Node.js 20. Now this action by default will run on Node.js 24.</p>
<h2>What's Changed</h2>
<ul>
<li>Upload Artifact Node 24 support by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/719">actions/upload-artifact#719</a></li>
<li>fix: update <code>@​actions/artifact</code> for Node.js 24 punycode
deprecation by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/744">actions/upload-artifact#744</a></li>
<li>prepare release v6.0.0 for Node.js 24 support by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/745">actions/upload-artifact#745</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0">https://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0</a></p>
<h2>v5.0.0</h2>
<h2>What's Changed</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/upload-artifact/commit/043fb46d1a93c77aae656e7c1c64a875d1fc6a0a"><code>043fb46</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/upload-artifact/issues/797">#797</a>
from actions/yacaovsnc/update-dependency</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/634250c1388765ea7ed0f053e636f1f399000b94"><code>634250c</code></a>
Include changes in typespec/ts-http-runtime 0.3.5</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/e454baaac2be505c9450e11b8f3215c6fc023ce8"><code>e454baa</code></a>
Readme: bump all the example versions to v7 (<a
href="https://redirect.github.com/actions/upload-artifact/issues/796">#796</a>)</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/74fad66b98a6d799dc004d3353ccd0e6f6b2530e"><code>74fad66</code></a>
Update the readme with direct upload details (<a
href="https://redirect.github.com/actions/upload-artifact/issues/795">#795</a>)</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f"><code>bbbca2d</code></a>
Support direct file uploads (<a
href="https://redirect.github.com/actions/upload-artifact/issues/764">#764</a>)</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/589182c5a4cec8920b8c1bce3e2fab1c97a02296"><code>589182c</code></a>
Upgrade the module to ESM and bump dependencies (<a
href="https://redirect.github.com/actions/upload-artifact/issues/762">#762</a>)</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/47309c993abb98030a35d55ef7ff34b7fa1074b5"><code>47309c9</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/upload-artifact/issues/754">#754</a>
from actions/Link-/add-proxy-integration-tests</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/02a8460834e70dab0ce194c64360c59dc1475ef0"><code>02a8460</code></a>
Add proxy integration test</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/b7c566a772e6b6bfb58ed0dc250532a479d7789f"><code>b7c566a</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/upload-artifact/issues/745">#745</a>
from actions/upload-artifact-v6-release</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/e516bc8500aaf3d07d591fcd4ae6ab5f9c391d5b"><code>e516bc8</code></a>
docs: correct description of Node.js 24 support in README</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/upload-artifact/compare/ea165f8d65b6e75b540449e92b4886f43607fa02...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a">compare
view</a></li>
</ul>
</details>
<br />

Updates `actions/download-artifact` from 4.3.0 to 8.0.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/download-artifact/releases">actions/download-artifact's
releases</a>.</em></p>
<blockquote>
<h2>v8.0.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Support for CJK characters in the artifact name by <a
href="https://github.com/danwkennedy"><code>@​danwkennedy</code></a> in
<a
href="https://redirect.github.com/actions/download-artifact/pull/471">actions/download-artifact#471</a></li>
<li>Add a regression test for artifact name + content-type mismatches by
<a href="https://github.com/danwkennedy"><code>@​danwkennedy</code></a>
in <a
href="https://redirect.github.com/actions/download-artifact/pull/472">actions/download-artifact#472</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/download-artifact/compare/v8...v8.0.1">https://github.com/actions/download-artifact/compare/v8...v8.0.1</a></p>
<h2>v8.0.0</h2>
<h2>v8 - What's new</h2>
<blockquote>
<p>[!IMPORTANT]
actions/download-artifact@v8 has been migrated to an ESM module. This
should be transparent to the caller but forks might need to make
significant changes.</p>
</blockquote>
<blockquote>
<p>[!IMPORTANT]
Hash mismatches will now error by default. Users can override this
behavior with a setting change (see below).</p>
</blockquote>
<h3>Direct downloads</h3>
<p>To support direct uploads in <code>actions/upload-artifact</code>,
the action will no longer attempt to unzip all downloaded files.
Instead, the action checks the <code>Content-Type</code> header ahead of
unzipping and skips non-zipped files. Callers wishing to download a
zipped file as-is can also set the new <code>skip-decompress</code>
parameter to <code>true</code>.</p>
<h3>Enforced checks (breaking)</h3>
<p>A previous release introduced digest checks on the download. If a
download hash didn't match the expected hash from the server, the action
would log a warning. Callers can now configure the behavior on mismatch
with the <code>digest-mismatch</code> parameter. To be secure by
default, we are now defaulting the behavior to <code>error</code> which
will fail the workflow run.</p>
<h3>ESM</h3>
<p>To support new versions of the @actions/* packages, we've upgraded
the package to ESM.</p>
<h2>What's Changed</h2>
<ul>
<li>Don't attempt to un-zip non-zipped downloads by <a
href="https://github.com/danwkennedy"><code>@​danwkennedy</code></a> in
<a
href="https://redirect.github.com/actions/download-artifact/pull/460">actions/download-artifact#460</a></li>
<li>Add a setting to specify what to do on hash mismatch and default it
to <code>error</code> by <a
href="https://github.com/danwkennedy"><code>@​danwkennedy</code></a> in
<a
href="https://redirect.github.com/actions/download-artifact/pull/461">actions/download-artifact#461</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/download-artifact/compare/v7...v8.0.0">https://github.com/actions/download-artifact/compare/v7...v8.0.0</a></p>
<h2>v7.0.0</h2>
<h2>v7 - What's new</h2>
<blockquote>
<p>[!IMPORTANT]
actions/download-artifact@v7 now runs on Node.js 24 (<code>runs.using:
node24</code>) and requires a minimum Actions Runner version of 2.327.1.
If you are using self-hosted runners, ensure they are updated before
upgrading.</p>
</blockquote>
<h3>Node.js 24</h3>
<p>This release updates the runtime to Node.js 24. v6 had preliminary
support for Node 24, however this action was by default still running on
Node.js 20. Now this action by default will run on Node.js 24.</p>
<h2>What's Changed</h2>
<ul>
<li>Update GHES guidance to include reference to Node 20 version by <a
href="https://github.com/patrikpolyak"><code>@​patrikpolyak</code></a>
in <a
href="https://redirect.github.com/actions/download-artifact/pull/440">actions/download-artifact#440</a></li>
<li>Download Artifact Node24 support by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/download-artifact/pull/415">actions/download-artifact#415</a></li>
<li>fix: update <code>@​actions/artifact</code> to fix Node.js 24
punycode deprecation by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/download-artifact/pull/451">actions/download-artifact#451</a></li>
<li>prepare release v7.0.0 for Node.js 24 support by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/download-artifact/pull/452">actions/download-artifact#452</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/download-artifact/commit/3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c"><code>3e5f45b</code></a>
Add regression tests for CJK characters (<a
href="https://redirect.github.com/actions/download-artifact/issues/471">#471</a>)</li>
<li><a
href="https://github.com/actions/download-artifact/commit/e6d03f67377d4412c7aa56a8e2e4988e6ec479dd"><code>e6d03f6</code></a>
Add a regression test for artifact name + content-type mismatches (<a
href="https://redirect.github.com/actions/download-artifact/issues/472">#472</a>)</li>
<li><a
href="https://github.com/actions/download-artifact/commit/70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3"><code>70fc10c</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/download-artifact/issues/461">#461</a>
from actions/danwkennedy/digest-mismatch-behavior</li>
<li><a
href="https://github.com/actions/download-artifact/commit/f258da9a506b755b84a09a531814700b86ccfc62"><code>f258da9</code></a>
Add change docs</li>
<li><a
href="https://github.com/actions/download-artifact/commit/ccc058e5fbb0bb2352213eaec3491e117cbc4a5c"><code>ccc058e</code></a>
Fix linting issues</li>
<li><a
href="https://github.com/actions/download-artifact/commit/bd7976ba57ecea96e6f3df575eb922d11a12a9fd"><code>bd7976b</code></a>
Add a setting to specify what to do on hash mismatch and default it to
<code>error</code></li>
<li><a
href="https://github.com/actions/download-artifact/commit/ac21fcf45e0aaee541c0f7030558bdad38d77d6c"><code>ac21fcf</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/download-artifact/issues/460">#460</a>
from actions/danwkennedy/download-no-unzip</li>
<li><a
href="https://github.com/actions/download-artifact/commit/15999bff51058bc7c19b50ebbba518eaef7c26c0"><code>15999bf</code></a>
Add note about package bumps</li>
<li><a
href="https://github.com/actions/download-artifact/commit/974686ed5098c7f9c9289ec946b9058e496a2561"><code>974686e</code></a>
Bump the version to <code>v8</code> and add release notes</li>
<li><a
href="https://github.com/actions/download-artifact/commit/fbe48b1d2756394be4cd4358ed3bc1343b330e75"><code>fbe48b1</code></a>
Update test names to make it clearer what they do</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/download-artifact/compare/d3f86a106a0bac45b974a628896c90dbdf5c8093...3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…emplates with 2 updates (#5745)

Bumps the docker-minor group in /apps/cli-go/pkg/config/templates with 2
updates: supabase/realtime and supabase/storage-api.

Updates `supabase/realtime` from v2.112.1 to v2.112.2

Updates `supabase/storage-api` from v1.61.7 to v1.61.9


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…/apps/cli-go/pkg/config/templates (#5746)

Bumps supabase/postgres from 17.6.1.140 to 17.6.1.141.


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=supabase/postgres&package-manager=docker&previous-version=17.6.1.140&new-version=17.6.1.141)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Adds a stack-owned sync script that derives `DEFAULT_VERSIONS` from the
Dockerfile manifest Dependabot already updates, and adds a
Dependabot-only workflow that pushes the synced manifest back to Docker
image update PRs with the existing GitHub App token pattern.

Also syncs the current `DEFAULT_VERSIONS` values to the Dockerfile
manifest and makes version-sensitive tests derive expectations from the
manifest defaults where appropriate.

Linear: CLI-1589
Coly010 and others added 30 commits July 9, 2026 12:29
…5841)

## What kind of change does this PR introduce?

Bug fix — legacy-shell child exit-code and delegated-path semantics.

## What is the current behavior?

Fixes
[CLI-1879](https://linear.app/supabase/issue/CLI-1879/legacy-shell-child-exit-code-delegated-path-semantics-finalizers-json).

Three related gaps around Go-delegated subprocess paths in the legacy
shell:

1. `LegacyGoProxy.exec`/`execCapture`
(`shared/legacy/go-proxy.layer.ts`) called `ProcessControl.exit()`
directly on a non-zero child exit or "binary not found". That's a real
`process.exit()` — it skips every `Effect.ensuring` finalizer between
the call site and `runCli` (telemetry flush, command instrumentation),
and loses the child's exact exit code (collapsing everything to whatever
`process.exit()` was called with, with no chance for `runCli`'s own
exit-code logic to run).
2. Because `execCapture`'s non-zero-exit branch hard-exited the process,
it never reached `withJsonErrorHandling`, so a `--output-format
json`/`stream-json` `db reset --experimental` failure emitted no
structured error envelope at all — the process just died mid-flight.
3. `db reset --experimental --linked` (no resolved version)
unconditionally resolved the linked DB connection — including
minting/verifying a temporary Postgres login role over the Management
API — before checking whether the remaining flow delegates to the Go
child. On that branch the resolved connection was never used: the
delegated Go child re-runs its own `ParseDatabaseConfig` (and mints its
own temp role) once it starts, so the TS-side mint was pure duplicate
privileged work.

(A fourth item from the same issue — forwarding `--linked=false`'s
target selector verbatim to the delegated child — was already correctly
implemented and already covered by a passing test; no code change was
needed there.)

## What is the new behavior?

- New `LegacyGoChildExitError`
(`shared/legacy/legacy-go-child-exit.error.ts`) carries a spawned
child's exact exit code via Effect's `Runtime.errorExitCode` marker.
`LegacyGoProxy.exec`/`execCapture` and the hidden `db __db-bootstrap`
seam now fail with this typed error instead of calling
`ProcessControl.exit()`, so the failure flows through the normal Effect
channel: finalizers run first, then `runCli`/`withJsonErrorHandling`
exit with the child's real code — in every output format, including a
Ctrl-C mid-recreate (e.g. exit `130`) instead of a generic `1`.
- `runCli`'s `handledProgram` special-cases `LegacyGoChildExitError` (by
concrete type) to skip its own generic `output.fail` stderr line, since
the child already printed its own detailed failure to the inherited
stderr and Go itself never prints a second line on top of that. This is
deliberately **not** keyed on Effect's shared `Runtime.errorReported`
marker — `CliError.ShowHelp` also sets that marker, and gating on it
would have silently suppressed the Go-parity `Error: required flag(s)
"..." not set` message for every missing-required-flag error. (Caught by
architect review before merge; regression test added.)
- `withJsonErrorHandling` now reads `Runtime.getErrorExitCode` instead
of hardcoding `1` when setting the process exit code, so the exact code
propagates under `json`/`stream-json` too, not just text mode.
- `db reset --experimental --linked` now checks whether it's about to
delegate to the Go child *before* calling
`LegacyDbConfigResolver.resolve()`, skipping the redundant temp-role
mint on that path. The linked-project-cache finalizer is unaffected (it
already reads a separately pre-loaded ref, exactly so this case still
works).
- Updated `SIDE_EFFECTS.md`'s exit-code tables for `db reset`/`db start`
to reflect the child's exact code, and touched-up a couple of stale doc
comments describing the old `process.exit()`-based behavior.

### Deliberately left open (judgement calls, not blockers)

- The JSON error envelope for a delegated linked+experimental
connection/mint failure is now a generic `"supabase-go exited with code
N (see stderr for details)"` rather than the specific TS error the old
(duplicate-minting) code path used to surface. This is an accepted
tradeoff: the real detail is on the inherited stderr, and Go itself has
no JSON error-envelope concept to hold this to a parity standard
against.
- The bootstrap seam's JSON error `code` field changes from
`LegacyDbBootstrapError` to `LegacyGoChildExitError` for a non-zero
child exit specifically. Nothing in this codebase treats that field as a
stable public contract (most `Legacy*Error` tags already leak their raw
class name into it), so this wasn't treated as a compatibility break.
- The sibling `db __shadow` seam (`legacy-pgdelta.seam.layer.ts`)
intentionally keeps its own generic domain error rather than adopting
`LegacyGoChildExitError` — its failure is a TS-authored summary over
noisy docker/pgdelta stderr (not a passthrough of a real user-facing Go
child), and Go itself collapses shadow-DB failures to a generic exit
`1`. Left a comment in place explaining the divergence so a future
reader doesn't "fix" it into inconsistency.

## Test plan

New/updated coverage in `go-proxy.layer.unit.test.ts`,
`run.unit.test.ts`, `json-error-handling.unit.test.ts`,
`reset.integration.test.ts`, and `start.integration.test.ts` — exact
exit-code propagation, finalizers running after a non-zero exit, the
JSON error envelope, the skipped pre-delegation resolve (and that the
sibling `--db-url` delegate path still resolves), and a regression guard
for the `ShowHelp`/`MissingOption` suppression bug caught during review.
…abled remote precedence (CLI-1878) (#5839)

## What

Closes the remaining gaps in
[CLI-1878](https://linear.app/supabase/issue/CLI-1878/legacy-shell-full-viper-env-override-semantics-project-env-remote):
full viper env-override semantics (project `.env`, remote precedence,
malformed bools) in the TS legacy shell.

A `go-parity-auditor` pass determined most of the issue's original
claims had already been fixed by an earlier PR (#5715) —
project-`.env`-aware `SUPABASE_YES`/`SUPABASE_EXPERIMENTAL` resolvers,
remote-config precedence, malformed-bool-fails-the-load,
explicit-flag-beats-env, and case-agnostic `env(...)` resolution all
already exist for `db push`/`db reset`/`db pull`/`config
push`/`migration down`/`repair`/declarative-schema. This PR closes the
**5 concrete gaps** that pass left open:

1. **`gen signing-key`** — the overwrite-confirmation prompt only
consulted the shell env for `SUPABASE_YES`. Go's `flags.LoadConfig`
loads the project `.env` before the prompt (`signingkeys.go:99,130`).
2. **`storage rm`** — same gap for the delete-confirmation prompt (both
the `--local` and default `--linked` branches of Go's
`ParseDatabaseConfig` load the project `.env` first).
3. **`migration fetch`** — same gap for the migrations-dir overwrite
prompt (defaults to `--linked`, same `ParseDatabaseConfig` path).
4. **standalone `seed buckets`** — its fallback `yes` resolution (used
when `db reset` doesn't pass a pre-resolved value) had the same gap. `db
reset`'s own passthrough was already correct.
5. **`[remotes.*].auth.enabled` remote precedence** — this key was
missing from `LEGACY_ENV_OVERRIDABLE_KEYS`, so a linked remote's
`auth.enabled` TOML value could lose to a `SUPABASE_AUTH_ENABLED` env
var instead of winning, unlike every other allowlisted key (Go's
`mergeRemoteConfig` applies the whole matched block above
`AutomaticEnv`).

Each of the 4 handler fixes follows the existing `legacyLoadProjectEnv`
+ `legacyResolveYesWithProjectEnv` pattern already used by `db
push`/`config push`/`migration down`/`repair`.

### Fixed along the way

- `migration fetch`'s new project-`.env` load initially ran *before* the
`[db-url linked local]` flag-conflict check — an ordering regression
relative to Go and sibling `migration down`/`repair` (caught by
`architect-reviewer`). Reordered so the flag check runs first; added a
regression test that fails without the fix.

## Behavior changes to be aware of

- `gen signing-key`, `storage rm`, `migration fetch`, and `seed buckets`
now honor `SUPABASE_YES` set only in
`supabase/.env`/`.env.local`/`.env.<env>[.local]` (previously they only
saw the shell env). This is a pure Go-parity fix, but on an earlier
build of this TS legacy shell it was inert — a stale `SUPABASE_YES=true`
left in a project's `.env` will now silently auto-confirm these
destructive prompts.
- A linked project's `[remotes.<name>].auth.enabled` TOML value now
correctly beats a `SUPABASE_AUTH_ENABLED` env var (previously the
reverse). If anything relied on the env var overriding a remote block's
explicit `auth.enabled`, that no longer happens.

## Test plan

- `bun run test:core` — all unit + integration tests green (300 tests
across the touched files, full suite unaffected).
- `bun run check:all` — types/lint/fmt/knip clean.
- New regression tests (integration, per this workspace's testing
pyramid):
- `signing-key.integration.test.ts` — project-`.env` `SUPABASE_YES`
auto-confirms the overwrite even with a piped `n` (defensively clears
any leaked shell `SUPABASE_YES` first).
  - `rm.integration.test.ts` — same, for the delete confirmation.
- `buckets.integration.test.ts` — same, for the standalone `seed
buckets` overwrite prompt.
- `fetch.integration.test.ts` — same, for the migrations-dir overwrite
prompt; plus a new test locking in the flag-conflict-before-env-read
ordering fix (verified it fails without the reorder).
- `legacy-db-config.toml-read.unit.test.ts` — 2 new unit tests for
`auth.enabled`: a matched remote block beats the env var, and a control
case where the env var still wins when the block omits the key.
- Relocated one pre-existing test's fixture
(`fetch.integration.test.ts`, "reports a write failure"): the
file-collision now lives at `<workdir>/supabase/migrations` instead of
`<workdir>/supabase` itself, since the latter would break the new
project-`.env` read before ever reaching the `mkdir` under test.
Verified this preserves the original test's coverage.

## Judgement calls deliberately left open

- **`[y/N] y` echo doesn't say *why* it auto-confirmed.**
`supabase-dx-reviewer` flagged that the prompt echo is byte-identical
whether the answer came from `--yes`, the shell env, or a forgotten
project `.env` value — but explicitly recommended *not* annotating it,
since that would diverge from Go's byte-identical `console.PromptYesNo`
output (this is a strict 1:1 port). Not changed here; a source
annotation would need to land in the Go CLI first if ever desired.
- **DB-bootstrap seam explicit `--experimental=false` forwarding.**
`go-parity-auditor` flagged (but could not fully confirm, since it
didn't trace the hidden `db __db-bootstrap` subprocess) that
`legacy-db-bootstrap.seam.layer.ts` forwards `--experimental` to the Go
child only when true, never an explicit false — for `db reset
--experimental=false` with `SUPABASE_EXPERIMENTAL=true` inherited by the
child, the child might re-resolve `true` independently. Flagged as a
caveat, not a confirmed gap; out of scope here.
- **`storage.enabled`/`realtime.enabled` don't read any `SUPABASE_*` env
override at all** in `legacy-db-config.toml-read.ts`, unlike
`auth.enabled`. This is a latent divergence noted by `go-parity-auditor`
but is outside CLI-1878's 5 named items; left as a separate follow-up.

🤖 Generated with the `issue-autopilot` skill.
Implement an automated contribution gate that enforces the Supabase CLI
contribution workflow for external pull requests. The gate requires PRs
from external contributors to link to an open GitHub issue carrying the
`open-for-contribution` label, while exempting maintainers and bots.

## Changes

- **Contribution gate script** (`contribution-gate.ts`): Pure decision
logic and GitHub I/O for evaluating PRs against the gate policy.
Supports two modes:
- Single-PR mode: reacts to individual PRs on `pull_request_target`
events
- All-PRs sweep mode: evaluates every open PR on-demand via
`workflow_dispatch`
  
- **Gate tests** (`contribution-gate.test.ts`): Comprehensive unit tests
for the decision logic and orchestration, with injected I/O for
network-free testing

- **Workflow** (`contribution-gate.yml`): GitHub Actions workflow that
runs the gate reactively on PR open/reopen/edit and supports manual
sweeps with dry-run capability

- **Documentation**:
- `MAINTAINERS.md`: Internal guide for maintainers on applying the
`open-for-contribution` label and running manual sweeps
- Updated `CONTRIBUTING.md`: Contributor-facing workflow requiring
issues to be opened first and labeled before PR submission
- Updated issue templates and PR template: Guidance on the new workflow
  - Updated issue config: Link to contribution workflow

## Implementation details

- Non-conforming PRs are auto-closed with explanatory comments directing
contributors to the workflow
- Cross-repository closing keywords are rejected as a security measure
(contributors cannot control external repos)
- Repository name matching is case-insensitive
- Internal authors (OWNER, MEMBER, COLLABORATOR) and bots are exempt
from the gate
- The workflow checks out the base branch, ensuring only trusted code
executes

https://claude.ai/code/session_01YY1sNQLXPxaeN6JX1NFSWj

---------

Co-authored-by: Claude <noreply@anthropic.com>
…ing (#5842)

## What kind of change does this PR introduce?

Bug fix (Go-parity gap).

## What is the current behavior?

`config push`'s secret-hashing logic
(`config-sync/config-sync.secret.ts`) treats dotenvx `encrypted:` secret
values (e.g. `[auth.captcha] secret = "encrypted:..."`) as unresolved:
it hashes them to `""`, which silently gates them out of both the diff
and the update-request body. The remote secret is left untouched with no
error and no feedback — the user has no idea their encrypted secret was
never pushed.

Go decrypts every `config.Secret` field during `config.Load` (before any
network call) and pushes the plaintext, or aborts the whole command with
`failed to parse config: <cause>` if it can't decrypt.

Fixes
[CLI-1881](https://linear.app/supabase/issue/CLI-1881/config-push-decrypt-dotenvx-encrypted-secrets-instead-of-skipping).

## What is the new behavior?

- `config-sync.secret.ts` (`secretHash`/`secretPlaintext`) now decrypts
an `encrypted:` value with the existing `legacy-vault-decrypt.ts`
decryptor (already used by `db push`/`db reset`/`migration up|down`)
before hashing it for the diff or sending it as plaintext in the auth
update body — the ciphertext itself is never pushed.
- `push.handler.ts` now runs a document-wide "assert every
`config.Secret` is decryptable" pre-check immediately after loading
`config.toml`, before the cost-matrix call or any other network request
— mirroring Go's `config.Load` timing, where the decrypt hook runs over
the *whole* document (not just `auth.*`) regardless of which fields the
current command actually reads. An undecryptable secret anywhere (even
one `config push` never itself pushes, e.g. `studio.openai_api_key`)
aborts with Go's exact `failed to parse config: <cause>` message and
zero network calls.
- Reused/exported `legacyAssertDecryptableSecrets` from
`legacy-db-config.toml-read.ts` (previously private, used only by the
db-config family) rather than duplicating the scan logic — its return
type was generalized from a db-config-specific error class to a plain
message string so each caller can wrap it in its own domain error.
- Removed the now-stale "not implemented" note from `config push`'s
`SIDE_EFFECTS.md` and documented the new `DOTENV_PRIVATE_KEY`(`_*`) env
vars + the new abort exit condition.

## Test plan

- New unit tests in `config-sync.secret.unit.test.ts` covering
decrypt-before-hash, multi-key fallback, and the two failure messages
(reusing the Go test vector from `apps/cli-go/pkg/config/secret_test.go`
/ `legacy-vault-decrypt.unit.test.ts`).
- Three new `push.integration.test.ts` cases:
- an `encrypted:` captcha secret decrypts and the **plaintext** (not
ciphertext) reaches the `updateAuthServiceConfig` PATCH body;
- an undecryptable `encrypted:` secret aborts with `failed to parse
config: missing private key` and **zero** network calls, even with
`auth.enabled = false` (proving the check isn't auth-gated);
- an undecryptable `studio.openai_api_key` (a field `config push` never
reads or pushes) also aborts before any network call, proving the
pre-check is genuinely document-wide.
- Full `apps/cli` `types:check`, `lint:check`, `fmt:check`, and the
touched `unit`/`integration` Vitest projects (`config-sync.secret`,
`auth.sync`, `legacy-vault-decrypt`, `legacy-db-config.toml-read`,
`push.integration`) all pass.

Parity confirmed against `apps/cli-go/pkg/config/secret.go` +
`internal/config/push/push.go` via `go-parity-auditor` before
implementation (abort timing before any network call, error-message
format, `DOTENV_PRIVATE_KEY` env-loading order, and that Go always
pushes decrypted plaintext, never ciphertext).

Reviewed by `architect-reviewer`, `engineer-reviewer`,
`security-reviewer`, and `supabase-dx-reviewer` (all APPROVE/SHIP IT) —
every actionable finding from that pass is folded into this PR already
(removed a dead defensive branch that broke 100%-branch-coverage,
hardened a hex-decode error message so it can't echo malformed key
fragments, clarified a shared helper's doc comment, added the
`studio.openai_api_key` test, and tidied `SIDE_EFFECTS.md` wording).

## Judgement calls left open (deliberately, not blocking)

- **Non-matching `[remotes.*]` blocks aren't covered by the
document-wide pre-check.** `@supabase/config`'s `loadProjectConfig`
strips the `remotes` key from its returned document once a block matches
the target ref, so an undecryptable secret hiding in a *different,
unused* remote block escapes the check (Go's decode hook would still
abort on it, since it decodes the whole file). Narrow edge case — only
matters with multiple remotes where the unused one has a broken secret —
and safe-direction (we succeed where Go would abort; we never push
ciphertext). Documented in `SIDE_EFFECTS.md`'s KNOWN GAPS and in the
shared helper's doc comment.
- **A secret reached via `env(VAR)` indirection where the referenced var
only resolves through the wider env-file set
`legacy-db-config.toml-read.ts`/Go's `loadNestedEnv` reads (not
`@supabase/config`'s narrower `supabase/.env`/`.env.local`)** is a
pre-existing, CLI-1489-adjacent asymmetry between the two env-resolution
paths — out of scope here; the code takes the parity-correct (wider)
source for the pre-check, consistent with the shared helper's other
caller.

🤖 Generated with [Claude Code](https://claude.com/claude-code)
The contribution gate identified internal maintainers solely from the
PR's `author_association`, which GitHub only reports as `MEMBER` when a
user's organization membership is public. A private org member (e.g. a
`supabase/cli` team member who keeps membership private) is reported as
`CONTRIBUTOR`/`NONE`, so the gate wrongly closed their PRs as
"no-linked-issue" (see #5847).

Resolve maintainer status from the author's effective repository
permission (`admin`/`write`), which reflects team/org-granted access
that `author_association` does not surface, falling back to it only when
the cheap signals (bot, public internal association) are inconclusive.
The permission endpoint needs just `Metadata: read`, already covered by
the workflow's `contents: read`.


Claude-Session: https://claude.ai/code/session_01D41gYiFBSU7adE4ppnUUKg

---------

Co-authored-by: Claude <noreply@anthropic.com>
…n /apps/cli-go in the go-minor group across 1 directory (#5849)

Bumps the go-minor group with 1 update in the /apps/cli-go directory:
[github.com/posthog/posthog-go](https://github.com/posthog/posthog-go).

Updates `github.com/posthog/posthog-go` from 1.17.2 to 1.17.4
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/posthog/posthog-go/releases">github.com/posthog/posthog-go's
releases</a>.</em></p>
<blockquote>
<h2>1.17.4</h2>
<h2>Unreleased</h2>
<h2>1.17.3</h2>
<h2>Unreleased</h2>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/PostHog/posthog-go/blob/main/CHANGELOG.md">github.com/posthog/posthog-go's
changelog</a>.</em></p>
<blockquote>
<h2>1.17.4</h2>
<h3>Patch Changes</h3>
<ul>
<li>25e43f8: Stop duplicating <code>distinct_id</code> inside
<code>/flags</code> person properties.</li>
</ul>
<h2>1.17.3</h2>
<h3>Patch Changes</h3>
<ul>
<li>dafed74: Retry remote feature flag requests after transient 502 and
504 responses.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/PostHog/posthog-go/commit/93b96811028c9203b26a2708d6998c7700083771"><code>93b9681</code></a>
chore: release v1.17.4 [version bump] [skip ci]</li>
<li><a
href="https://github.com/PostHog/posthog-go/commit/25e43f8ecdc251dd07d2279408febd4dcdf838ec"><code>25e43f8</code></a>
fix: stop duplicating distinct_id in flags person properties (<a
href="https://redirect.github.com/posthog/posthog-go/issues/250">#250</a>)</li>
<li><a
href="https://github.com/PostHog/posthog-go/commit/01e60bf351811cc17b55983319d9c5f1be980691"><code>01e60bf</code></a>
chore: release v1.17.3 [version bump] [skip ci]</li>
<li><a
href="https://github.com/PostHog/posthog-go/commit/dafed74b9e5ae43d6d5f47933870663cadf23218"><code>dafed74</code></a>
fix: Retry flags requests on 502 and 504 (<a
href="https://redirect.github.com/posthog/posthog-go/issues/251">#251</a>)</li>
<li><a
href="https://github.com/PostHog/posthog-go/commit/ed70fae25d9395d370ad17b79e81b81a63458096"><code>ed70fae</code></a>
fix: make TCP drop recovery test deterministic (<a
href="https://redirect.github.com/posthog/posthog-go/issues/248">#248</a>)</li>
<li><a
href="https://github.com/PostHog/posthog-go/commit/2b6e1878570f91ba7a155720923bbf3b98cc9216"><code>2b6e187</code></a>
ci: update SDK harness to 0.9.0 (<a
href="https://redirect.github.com/posthog/posthog-go/issues/247">#247</a>)</li>
<li><a
href="https://github.com/PostHog/posthog-go/commit/856a0d4668cce148d56b197cd08e3cd0d3ab50b8"><code>856a0d4</code></a>
fix: satisfy SDK compliance harness 0.8.0 (<a
href="https://redirect.github.com/posthog/posthog-go/issues/245">#245</a>)</li>
<li>See full diff in <a
href="https://github.com/posthog/posthog-go/compare/v1.17.2...v1.17.4">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/posthog/posthog-go&package-manager=go_modules&previous-version=1.17.2&new-version=1.17.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the npm-major group with 7 updates:

| Package | From | To |
| --- | --- | --- |
| [undici](https://github.com/nodejs/undici) | `8.5.0` | `8.6.0` |
|
[@anthropic-ai/claude-agent-sdk](https://github.com/anthropics/claude-agent-sdk-typescript)
| `0.3.198` | `0.3.199` |
|
[@anthropic-ai/sdk](https://github.com/anthropics/anthropic-sdk-typescript)
| `0.109.1` | `0.110.0` |
|
[posthog-node](https://github.com/PostHog/posthog-js/tree/HEAD/packages/node)
| `5.39.2` | `5.39.4` |
|
[@typescript/native-preview](https://github.com/microsoft/typescript-go)
| `7.0.0-dev.20260701.1` | `7.0.0-dev.20260702.3` |
| [knip](https://github.com/webpro-nl/knip/tree/HEAD/packages/knip) |
`6.23.0` | `6.24.0` |
| [tldts](https://github.com/remusao/tldts) | `6.1.86` | `7.4.6` |

Updates `undici` from 8.5.0 to 8.6.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/nodejs/undici/releases">undici's
releases</a>.</em></p>
<blockquote>
<h2>v8.6.0</h2>
<h2>What's Changed</h2>
<ul>
<li>build(deps-dev): bump proxy from 4.0.0 to 4.1.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/nodejs/undici/pull/5433">nodejs/undici#5433</a></li>
<li>update accept-encoding header in fetch by <a
href="https://github.com/KhafraDev"><code>@​KhafraDev</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/5439">nodejs/undici#5439</a></li>
<li>fix: drop response chunks after the response stream is destroyed (<a
href="https://redirect.github.com/nodejs/undici/issues/5356">#5356</a>)
by <a href="https://github.com/cesarvspr"><code>@​cesarvspr</code></a>
in <a
href="https://redirect.github.com/nodejs/undici/pull/5357">nodejs/undici#5357</a></li>
<li>fix: handle incomplete multi-byte UTF-8 sequences in setEncoding()
by <a href="https://github.com/joecwu"><code>@​joecwu</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/5003">nodejs/undici#5003</a></li>
<li>fix(retry): keep flow-control wired to the active connection across
resumes by <a
href="https://github.com/bogomya"><code>@​bogomya</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/5405">nodejs/undici#5405</a></li>
<li>test: cover connect lookup option by <a
href="https://github.com/vibhor-aggr"><code>@​vibhor-aggr</code></a> in
<a
href="https://redirect.github.com/nodejs/undici/pull/5411">nodejs/undici#5411</a></li>
<li>test: fail on unexpected reconnect disconnect by <a
href="https://github.com/vibhor-aggr"><code>@​vibhor-aggr</code></a> in
<a
href="https://redirect.github.com/nodejs/undici/pull/5412">nodejs/undici#5412</a></li>
<li>build(deps-dev): bump esbuild from 0.28.0 to 0.28.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/nodejs/undici/pull/5419">nodejs/undici#5419</a></li>
<li>fix(proxy): fail the request when the CONNECT tunnel drops instead
of looping by <a
href="https://github.com/cesarvspr"><code>@​cesarvspr</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/5441">nodejs/undici#5441</a></li>
<li>feat(docs): migrate to doc-kit by <a
href="https://github.com/avivkeller"><code>@​avivkeller</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/5438">nodejs/undici#5438</a></li>
<li>build(deps-dev): bump undici from 6.25.0 to 6.27.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/nodejs/undici/pull/5445">nodejs/undici#5445</a></li>
<li>fetch: fix issue 4058 by <a
href="https://github.com/KhafraDev"><code>@​KhafraDev</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/5456">nodejs/undici#5456</a></li>
<li>docs: add Interceptors API reference page by <a
href="https://github.com/enjoykumawat"><code>@​enjoykumawat</code></a>
in <a
href="https://redirect.github.com/nodejs/undici/pull/5446">nodejs/undici#5446</a></li>
<li>Document H1 keep-alive trust tradeoff by <a
href="https://github.com/mcollina"><code>@​mcollina</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/5457">nodejs/undici#5457</a></li>
<li>fix(h2): deliver an early final response to an Expect: 100-continue
request by <a href="https://github.com/jeswr"><code>@​jeswr</code></a>
in <a
href="https://redirect.github.com/nodejs/undici/pull/5470">nodejs/undici#5470</a></li>
<li>fix(types): correct deleteCookie attributes by <a
href="https://github.com/Ram-blip"><code>@​Ram-blip</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/5461">nodejs/undici#5461</a></li>
<li>fix(h1): complete paused parser on socket end instead of crashing by
<a href="https://github.com/ronag"><code>@​ronag</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/5474">nodejs/undici#5474</a></li>
<li>build(deps): bump github/codeql-action/init from 4.36.1 to 4.36.2 by
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/nodejs/undici/pull/5476">nodejs/undici#5476</a></li>
<li>build(deps): bump github/codeql-action/upload-sarif from 4.36.1 to
4.36.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/nodejs/undici/pull/5481">nodejs/undici#5481</a></li>
<li>build(deps): bump fastify/github-action-merge-dependabot from 3.12.0
to 3.15.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/nodejs/undici/pull/5480">nodejs/undici#5480</a></li>
<li>build(deps): bump codecov/codecov-action from 6.0.1 to 7.0.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/nodejs/undici/pull/5478">nodejs/undici#5478</a></li>
<li>build(deps): bump actions/checkout from 6.0.3 to 7.0.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/nodejs/undici/pull/5482">nodejs/undici#5482</a></li>
<li>build(deps): bump github/codeql-action from 4.36.1 to 4.36.2 by <a
href="https://github.com/trivikr"><code>@​trivikr</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/5484">nodejs/undici#5484</a></li>
<li>build(deps): bump github/codeql-action/analyze from 4.36.1 to 4.36.2
by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/nodejs/undici/pull/5477">nodejs/undici#5477</a></li>
<li>feat: support HTTP QUERY method (RFC 10008) by <a
href="https://github.com/mcollina"><code>@​mcollina</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/5459">nodejs/undici#5459</a></li>
<li>fix: requeue h2 requests after goaway by <a
href="https://github.com/mcollina"><code>@​mcollina</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/5473">nodejs/undici#5473</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/joecwu"><code>@​joecwu</code></a> made
their first contribution in <a
href="https://redirect.github.com/nodejs/undici/pull/5003">nodejs/undici#5003</a></li>
<li><a href="https://github.com/bogomya"><code>@​bogomya</code></a> made
their first contribution in <a
href="https://redirect.github.com/nodejs/undici/pull/5405">nodejs/undici#5405</a></li>
<li><a
href="https://github.com/enjoykumawat"><code>@​enjoykumawat</code></a>
made their first contribution in <a
href="https://redirect.github.com/nodejs/undici/pull/5446">nodejs/undici#5446</a></li>
<li><a href="https://github.com/jeswr"><code>@​jeswr</code></a> made
their first contribution in <a
href="https://redirect.github.com/nodejs/undici/pull/5470">nodejs/undici#5470</a></li>
<li><a href="https://github.com/Ram-blip"><code>@​Ram-blip</code></a>
made their first contribution in <a
href="https://redirect.github.com/nodejs/undici/pull/5461">nodejs/undici#5461</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/nodejs/undici/compare/v8.5.0...v8.6.0">https://github.com/nodejs/undici/compare/v8.5.0...v8.6.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/nodejs/undici/commit/6f86196a0d4bbc8034c4e150a0aec4f6b2bf8742"><code>6f86196</code></a>
Bumped v8.6.0 (<a
href="https://redirect.github.com/nodejs/undici/issues/5491">#5491</a>)</li>
<li><a
href="https://github.com/nodejs/undici/commit/61ddd8e1180cb0274207a35f15045da3691433be"><code>61ddd8e</code></a>
fix: requeue h2 requests after goaway (<a
href="https://redirect.github.com/nodejs/undici/issues/5473">#5473</a>)</li>
<li><a
href="https://github.com/nodejs/undici/commit/c5085ef04534cd25e6e2601d0efc3c74ac62e82c"><code>c5085ef</code></a>
feat: support HTTP QUERY method (RFC 10008) (<a
href="https://redirect.github.com/nodejs/undici/issues/5459">#5459</a>)</li>
<li><a
href="https://github.com/nodejs/undici/commit/c144fd60584b700dcbdd9e312bba4e40d4bab3a2"><code>c144fd6</code></a>
build(deps): bump github/codeql-action/analyze from 4.36.1 to 4.36.2 (<a
href="https://redirect.github.com/nodejs/undici/issues/5477">#5477</a>)</li>
<li><a
href="https://github.com/nodejs/undici/commit/782ad387c8e82d66b52599b08dae49dff9b3b037"><code>782ad38</code></a>
build(deps): bump github/codeql-action from 4.36.1 to 4.36.2 (<a
href="https://redirect.github.com/nodejs/undici/issues/5484">#5484</a>)</li>
<li><a
href="https://github.com/nodejs/undici/commit/c4e045a3dc5acfabd619d93d8af658fc600aef1e"><code>c4e045a</code></a>
build(deps): bump actions/checkout from 6.0.3 to 7.0.0 (<a
href="https://redirect.github.com/nodejs/undici/issues/5482">#5482</a>)</li>
<li><a
href="https://github.com/nodejs/undici/commit/de960dbbdd5ec8e84184419f0eb8402c52113ee8"><code>de960db</code></a>
build(deps): bump codecov/codecov-action from 6.0.1 to 7.0.0 (<a
href="https://redirect.github.com/nodejs/undici/issues/5478">#5478</a>)</li>
<li><a
href="https://github.com/nodejs/undici/commit/1132de86409e2f7d44c9faf4d82d7714fcc55204"><code>1132de8</code></a>
build(deps): bump fastify/github-action-merge-dependabot (<a
href="https://redirect.github.com/nodejs/undici/issues/5480">#5480</a>)</li>
<li><a
href="https://github.com/nodejs/undici/commit/3acb7ba08ea89e76f02426c1f9308c4e945032d2"><code>3acb7ba</code></a>
build(deps): bump github/codeql-action/upload-sarif (<a
href="https://redirect.github.com/nodejs/undici/issues/5481">#5481</a>)</li>
<li><a
href="https://github.com/nodejs/undici/commit/88c4254079a0b82a579b55230416b1ca213bde19"><code>88c4254</code></a>
build(deps): bump github/codeql-action/init from 4.36.1 to 4.36.2 (<a
href="https://redirect.github.com/nodejs/undici/issues/5476">#5476</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/nodejs/undici/compare/v8.5.0...v8.6.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `@anthropic-ai/claude-agent-sdk` from 0.3.198 to 0.3.199
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/anthropics/claude-agent-sdk-typescript/releases">@​anthropic-ai/claude-agent-sdk's
releases</a>.</em></p>
<blockquote>
<h2>v0.3.199</h2>
<h2>What's changed</h2>
<ul>
<li>Added <code>requestId</code> to <code>canUseTool</code> callback
options for correlating out-of-band permission responses, and support
for returning <code>null</code> to suppress the SDK's automatic control
response</li>
<li>Added <code>blocked</code> field to <code>workflow_agent</code>
progress events indicating when an agent was blocked by the auto-mode
safety classifier</li>
<li>Added <code>mode:&quot;mask&quot;</code> and per-credential
<code>injectHosts</code> to <code>sandbox.credentials</code> settings
types for injecting masked credentials into sandboxed commands</li>
</ul>
<h2>Update</h2>
<pre lang="sh"><code>npm install @anthropic-ai/claude-agent-sdk@0.3.199
# or
yarn add @anthropic-ai/claude-agent-sdk@0.3.199
# or
pnpm add @anthropic-ai/claude-agent-sdk@0.3.199
# or
bun add @anthropic-ai/claude-agent-sdk@0.3.199
</code></pre>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/anthropics/claude-agent-sdk-typescript/blob/main/CHANGELOG.md">@​anthropic-ai/claude-agent-sdk's
changelog</a>.</em></p>
<blockquote>
<h2>0.3.199</h2>
<ul>
<li>Added <code>requestId</code> to <code>canUseTool</code> callback
options for correlating out-of-band permission responses, and support
for returning <code>null</code> to suppress the SDK's automatic control
response</li>
<li>Added <code>blocked</code> field to <code>workflow_agent</code>
progress events indicating when an agent was blocked by the auto-mode
safety classifier</li>
<li>Added <code>mode:&quot;mask&quot;</code> and per-credential
<code>injectHosts</code> to <code>sandbox.credentials</code> settings
types for injecting masked credentials into sandboxed commands</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/anthropics/claude-agent-sdk-typescript/commit/a0c02d6d999582c360b11116c429d58dc6f17270"><code>a0c02d6</code></a>
chore: Update CHANGELOG.md</li>
<li>See full diff in <a
href="https://github.com/anthropics/claude-agent-sdk-typescript/compare/v0.3.198...v0.3.199">compare
view</a></li>
</ul>
</details>
<br />

Updates `@anthropic-ai/sdk` from 0.109.1 to 0.110.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/anthropics/anthropic-sdk-typescript/releases">@​anthropic-ai/sdk's
releases</a>.</em></p>
<blockquote>
<h2>sdk: v0.110.0</h2>
<h2>0.110.0 (2026-07-02)</h2>
<p>Full Changelog: <a
href="https://github.com/anthropics/anthropic-sdk-typescript/compare/sdk-v0.109.1...sdk-v0.110.0">sdk-v0.109.1...sdk-v0.110.0</a></p>
<h3>Features</h3>
<ul>
<li><strong>api:</strong> add agent-memory-2026-07-22 beta header (<a
href="https://github.com/anthropics/anthropic-sdk-typescript/commit/a470e10aaad12078e3e5f2bb9adf6c2652ea9ca0">a470e10</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/anthropics/anthropic-sdk-typescript/blob/main/CHANGELOG.md">@​anthropic-ai/sdk's
changelog</a>.</em></p>
<blockquote>
<h2>0.110.0 (2026-07-02)</h2>
<p>Full Changelog: <a
href="https://github.com/anthropics/anthropic-sdk-typescript/compare/sdk-v0.109.1...sdk-v0.110.0">sdk-v0.109.1...sdk-v0.110.0</a></p>
<h3>Features</h3>
<ul>
<li><strong>api:</strong> add agent-memory-2026-07-22 beta header (<a
href="https://github.com/anthropics/anthropic-sdk-typescript/commit/a470e10aaad12078e3e5f2bb9adf6c2652ea9ca0">a470e10</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/anthropics/anthropic-sdk-typescript/commit/4f2eb8071993780d79610b9eda26db96f7653843"><code>4f2eb80</code></a>
chore: release main (<a
href="https://redirect.github.com/anthropics/anthropic-sdk-typescript/issues/1107">#1107</a>)</li>
<li>See full diff in <a
href="https://github.com/anthropics/anthropic-sdk-typescript/compare/sdk-v0.109.1...sdk-v0.110.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `posthog-node` from 5.39.2 to 5.39.4
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/PostHog/posthog-js/releases">posthog-node's
releases</a>.</em></p>
<blockquote>
<h2>posthog-node@5.39.4</h2>
<h2>5.39.4</h2>
<h3>Patch Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/PostHog/posthog-js/pull/4047">#4047</a>
<a
href="https://github.com/PostHog/posthog-js/commit/0c11747de9ca10a48f840fff1814c33c71742736"><code>0c11747</code></a>
Thanks <a
href="https://github.com/marandaneto"><code>@​marandaneto</code></a>! -
Stop duplicating <code>distinct_id</code> inside <code>/flags</code>
person properties.
(2026-07-02)</li>
<li>Updated dependencies [<a
href="https://github.com/PostHog/posthog-js/commit/5e7e132757682e4f91d40601506b635f346c7b67"><code>5e7e132</code></a>]:
<ul>
<li><code>@​posthog/core</code><a
href="https://github.com/1"><code>@​1</code></a>.39.5</li>
</ul>
</li>
</ul>
<h2>posthog-node@5.39.3</h2>
<h2>5.39.3</h2>
<h3>Patch Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/PostHog/posthog-js/pull/4055">#4055</a>
<a
href="https://github.com/PostHog/posthog-js/commit/64e04ba043b25d1f88435c5885132000d3117bb0"><code>64e04ba</code></a>
Thanks <a
href="https://github.com/marandaneto"><code>@​marandaneto</code></a>! -
Retry <code>/flags</code> requests that receive HTTP 502 or 504
responses across SDKs that use the shared core flags client.
(2026-07-02)</li>
<li>Updated dependencies [<a
href="https://github.com/PostHog/posthog-js/commit/64e04ba043b25d1f88435c5885132000d3117bb0"><code>64e04ba</code></a>]:
<ul>
<li><code>@​posthog/core</code><a
href="https://github.com/1"><code>@​1</code></a>.39.4</li>
</ul>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/PostHog/posthog-js/blob/main/packages/node/CHANGELOG.md">posthog-node's
changelog</a>.</em></p>
<blockquote>
<h2>5.39.4</h2>
<h3>Patch Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/PostHog/posthog-js/pull/4047">#4047</a>
<a
href="https://github.com/PostHog/posthog-js/commit/0c11747de9ca10a48f840fff1814c33c71742736"><code>0c11747</code></a>
Thanks <a
href="https://github.com/marandaneto"><code>@​marandaneto</code></a>! -
Stop duplicating <code>distinct_id</code> inside <code>/flags</code>
person properties.
(2026-07-02)</li>
<li>Updated dependencies [<a
href="https://github.com/PostHog/posthog-js/commit/5e7e132757682e4f91d40601506b635f346c7b67"><code>5e7e132</code></a>]:
<ul>
<li><code>@​posthog/core</code><a
href="https://github.com/1"><code>@​1</code></a>.39.5</li>
</ul>
</li>
</ul>
<h2>5.39.3</h2>
<h3>Patch Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/PostHog/posthog-js/pull/4055">#4055</a>
<a
href="https://github.com/PostHog/posthog-js/commit/64e04ba043b25d1f88435c5885132000d3117bb0"><code>64e04ba</code></a>
Thanks <a
href="https://github.com/marandaneto"><code>@​marandaneto</code></a>! -
Retry <code>/flags</code> requests that receive HTTP 502 or 504
responses across SDKs that use the shared core flags client.
(2026-07-02)</li>
<li>Updated dependencies [<a
href="https://github.com/PostHog/posthog-js/commit/64e04ba043b25d1f88435c5885132000d3117bb0"><code>64e04ba</code></a>]:
<ul>
<li><code>@​posthog/core</code><a
href="https://github.com/1"><code>@​1</code></a>.39.4</li>
</ul>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/PostHog/posthog-js/commit/0ba87cb40e3f70428cbb8718dc4c012cfa4c5f30"><code>0ba87cb</code></a>
chore: update versions and lockfile [version bump]</li>
<li><a
href="https://github.com/PostHog/posthog-js/commit/0c11747de9ca10a48f840fff1814c33c71742736"><code>0c11747</code></a>
fix: stop duplicating distinct_id in flags person properties (<a
href="https://github.com/PostHog/posthog-js/tree/HEAD/packages/node/issues/4047">#4047</a>)</li>
<li><a
href="https://github.com/PostHog/posthog-js/commit/4eb8b2189098ee1f09eaf66e2d0fa21bcafbe54b"><code>4eb8b21</code></a>
chore: update versions and lockfile [version bump]</li>
<li><a
href="https://github.com/PostHog/posthog-js/commit/dd90e558b5fe6ec370b8dbd04da8faedba293421"><code>dd90e55</code></a>
test(node): make local polling tests deterministic (<a
href="https://github.com/PostHog/posthog-js/tree/HEAD/packages/node/issues/4043">#4043</a>)</li>
<li>See full diff in <a
href="https://github.com/PostHog/posthog-js/commits/posthog-node@5.39.4/packages/node">compare
view</a></li>
</ul>
</details>
<br />

Updates `@typescript/native-preview` from 7.0.0-dev.20260701.1 to
7.0.0-dev.20260702.3
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/microsoft/typescript-go/commits">compare
view</a></li>
</ul>
</details>
<br />

Updates `knip` from 6.23.0 to 6.24.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/webpro-nl/knip/releases">knip's
releases</a>.</em></p>
<blockquote>
<h2>Release 6.24.0</h2>
<ul>
<li>chore: update year in license (<a
href="https://github.com/webpro-nl/knip/tree/HEAD/packages/knip/issues/1833">#1833</a>)
(32bc844dfd3895884b11fea5ef94bf3fa1974946) - thanks <a
href="https://github.com/trueberryless"><code>@​trueberryless</code></a>!</li>
<li>ci: pin github actions (<a
href="https://github.com/webpro-nl/knip/tree/HEAD/packages/knip/issues/1835">#1835</a>)
(82a8d0913105a637e9eeccfe3b785be90c873e2a) - thanks <a
href="https://github.com/trueberryless"><code>@​trueberryless</code></a>!</li>
<li>Assume Node 24+/Bun and remove compilation step
(d9ef038429bec06c37fdb520e5c7353c8cae6ce7)</li>
<li>Don't report working-directory scripts as unlisted binaries (resolve
<a
href="https://github.com/webpro-nl/knip/tree/HEAD/packages/knip/issues/1834">#1834</a>)
(aea7923438f0a8f459458578526f358b02497f77)</li>
<li>Add <code>pnpm run lint</code> to CI workflow
(ec9aa1cabb58c97b8ecc4815e6cdd6421fe2a89e)</li>
<li>feat: add settings for Zed editor to use oxlint and oxfmt (<a
href="https://github.com/webpro-nl/knip/tree/HEAD/packages/knip/issues/1836">#1836</a>)
(111f2e0a17999e3ffdf4c097cd42ba08acd48508) - thanks <a
href="https://github.com/trueberryless"><code>@​trueberryless</code></a>!</li>
<li>fix: remove format_on_save: true settings from Zed settings to
respect user settings (<a
href="https://github.com/webpro-nl/knip/tree/HEAD/packages/knip/issues/1838">#1838</a>)
(dc2a64043035d426eb99a9d1e0eb873d02a09e7d) - thanks <a
href="https://github.com/trueberryless"><code>@​trueberryless</code></a>!</li>
<li>feat: add Renovate for GitHub actions only (<a
href="https://github.com/webpro-nl/knip/tree/HEAD/packages/knip/issues/1839">#1839</a>)
(ffce88c86f95822ee2a7cf8407e987a3ec79b097) - thanks <a
href="https://github.com/trueberryless"><code>@​trueberryless</code></a>!</li>
<li>Ignore import() in JSDoc examples (<a
href="https://github.com/webpro-nl/knip/tree/HEAD/packages/knip/issues/1844">#1844</a>)
(6f090f90f04e8202700ed68977faa1dc626ff235) - thanks <a
href="https://github.com/cyphercodes"><code>@​cyphercodes</code></a>!</li>
<li>Don't report types used only in module augmentations as unused
(resolve <a
href="https://github.com/webpro-nl/knip/tree/HEAD/packages/knip/issues/1843">#1843</a>)
(7901abd3c4b496f212445bff9768efc9548ded61)</li>
<li>Restore CI intent (0d739beab2e224385f449d62d6cc7d904107946e)</li>
<li>feat: add less, stylus compilers and astro, svelte, vue import
resolution (<a
href="https://github.com/webpro-nl/knip/tree/HEAD/packages/knip/issues/1845">#1845</a>)
(5525759f33a5664e4882aebe239e9c17eeb29f92) - thanks <a
href="https://github.com/trueberryless"><code>@​trueberryless</code></a>!</li>
<li>Don't report built-in compiler dependencies as unused
(3c9d4adf369f0064399d9da7b4f11f0467180bf5)</li>
<li>feat: add scss handling to stencil plugin (<a
href="https://github.com/webpro-nl/knip/tree/HEAD/packages/knip/issues/1846">#1846</a>)
(acba6b85ab05f70385228872fafea2b08290d0f6) - thanks <a
href="https://github.com/johnjenkins"><code>@​johnjenkins</code></a>!</li>
<li>fix(reporters): always print the issue-type title for a single group
(<a
href="https://github.com/webpro-nl/knip/tree/HEAD/packages/knip/issues/1848">#1848</a>)
(cf997b2408cc0814c2d310d1e8c8680340153fa1) - thanks <a
href="https://github.com/morgan-coded"><code>@​morgan-coded</code></a>!</li>
<li>Export Issue, IssueRecords and IssueType types (resolve <a
href="https://github.com/webpro-nl/knip/tree/HEAD/packages/knip/issues/1840">#1840</a>)
(260f19230f42c9dceaac97d55bf34d17902c5b38)</li>
<li>Squeeze every bit of perf out around compilers
(bb0eeb6e33d050dab736134b5b692a3d6413f358)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/webpro-nl/knip/commit/2979803b8c929dcd6254e1cea174101fb16820e4"><code>2979803</code></a>
Release knip@6.24.0</li>
<li><a
href="https://github.com/webpro-nl/knip/commit/bb0eeb6e33d050dab736134b5b692a3d6413f358"><code>bb0eeb6</code></a>
Squeeze every bit of perf out around compilers</li>
<li><a
href="https://github.com/webpro-nl/knip/commit/260f19230f42c9dceaac97d55bf34d17902c5b38"><code>260f192</code></a>
Export Issue, IssueRecords and IssueType types (resolve <a
href="https://github.com/webpro-nl/knip/tree/HEAD/packages/knip/issues/1840">#1840</a>)</li>
<li><a
href="https://github.com/webpro-nl/knip/commit/cf997b2408cc0814c2d310d1e8c8680340153fa1"><code>cf997b2</code></a>
fix(reporters): always print the issue-type title for a single group (<a
href="https://github.com/webpro-nl/knip/tree/HEAD/packages/knip/issues/1848">#1848</a>)</li>
<li><a
href="https://github.com/webpro-nl/knip/commit/acba6b85ab05f70385228872fafea2b08290d0f6"><code>acba6b8</code></a>
feat: add scss handling to stencil plugin (<a
href="https://github.com/webpro-nl/knip/tree/HEAD/packages/knip/issues/1846">#1846</a>)</li>
<li><a
href="https://github.com/webpro-nl/knip/commit/3c9d4adf369f0064399d9da7b4f11f0467180bf5"><code>3c9d4ad</code></a>
Don't report built-in compiler dependencies as unused</li>
<li><a
href="https://github.com/webpro-nl/knip/commit/5525759f33a5664e4882aebe239e9c17eeb29f92"><code>5525759</code></a>
feat: add less, stylus compilers and astro, svelte, vue import
resolution (<a
href="https://github.com/webpro-nl/knip/tree/HEAD/packages/knip/issues/1">#1</a>...</li>
<li><a
href="https://github.com/webpro-nl/knip/commit/7901abd3c4b496f212445bff9768efc9548ded61"><code>7901abd</code></a>
Don't report types used only in module augmentations as unused (resolve
<a
href="https://github.com/webpro-nl/knip/tree/HEAD/packages/knip/issues/1843">#1843</a>)</li>
<li><a
href="https://github.com/webpro-nl/knip/commit/6f090f90f04e8202700ed68977faa1dc626ff235"><code>6f090f9</code></a>
Ignore import() in JSDoc examples (<a
href="https://github.com/webpro-nl/knip/tree/HEAD/packages/knip/issues/1844">#1844</a>)</li>
<li><a
href="https://github.com/webpro-nl/knip/commit/aea7923438f0a8f459458578526f358b02497f77"><code>aea7923</code></a>
Don't report working-directory scripts as unlisted binaries (resolve <a
href="https://github.com/webpro-nl/knip/tree/HEAD/packages/knip/issues/1834">#1834</a>)</li>
<li>See full diff in <a
href="https://github.com/webpro-nl/knip/commits/knip@6.24.0/packages/knip">compare
view</a></li>
</ul>
</details>
<br />

Updates `tldts` from 6.1.86 to 7.4.6
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/remusao/tldts/releases">tldts's
releases</a>.</em></p>
<blockquote>
<h2>v7.4.6</h2>
<h4>:scroll: Update Public Suffix List</h4>
<ul>
<li><code>tldts-experimental</code>, <code>tldts</code>
<ul>
<li>Update upstream public suffix list <a
href="https://redirect.github.com/remusao/tldts/pull/2626">#2626</a> (<a
href="https://github.com/remusao"><code>@​remusao</code></a>)</li>
</ul>
</li>
</ul>
<h4>:nut_and_bolt: Dependencies</h4>
<ul>
<li>Bump sigstore from 4.1.0 to 4.1.1 <a
href="https://redirect.github.com/remusao/tldts/pull/2629">#2629</a> (<a
href="https://github.com/dependabot%5Bbot%5D"><code>@​dependabot[bot]</code></a>)</li>
<li>Bump <code>@​babel/core</code> from 7.24.7 to 7.29.7 <a
href="https://redirect.github.com/remusao/tldts/pull/2618">#2618</a> (<a
href="https://github.com/dependabot%5Bbot%5D"><code>@​dependabot[bot]</code></a>)</li>
<li>Bump form-data from 4.0.5 to 4.0.6 <a
href="https://redirect.github.com/remusao/tldts/pull/2611">#2611</a> (<a
href="https://github.com/dependabot%5Bbot%5D"><code>@​dependabot[bot]</code></a>)</li>
<li>Bump rollup from 4.61.1 to 4.62.2 <a
href="https://redirect.github.com/remusao/tldts/pull/2612">#2612</a> (<a
href="https://github.com/dependabot%5Bbot%5D"><code>@​dependabot[bot]</code></a>)</li>
<li>Bump rollup-plugin-sourcemaps2 from 0.5.7 to 0.5.8 <a
href="https://redirect.github.com/remusao/tldts/pull/2619">#2619</a> (<a
href="https://github.com/dependabot%5Bbot%5D"><code>@​dependabot[bot]</code></a>)</li>
<li>Bump typescript-eslint from 8.60.1 to 8.62.1 <a
href="https://redirect.github.com/remusao/tldts/pull/2624">#2624</a> (<a
href="https://github.com/dependabot%5Bbot%5D"><code>@​dependabot[bot]</code></a>)</li>
<li>Bump <code>@​sigstore/core</code> from 3.1.0 to 3.2.1 <a
href="https://redirect.github.com/remusao/tldts/pull/2625">#2625</a> (<a
href="https://github.com/dependabot%5Bbot%5D"><code>@​dependabot[bot]</code></a>)</li>
<li>Bump <code>@​sigstore/verify</code> from 3.1.0 to 3.1.1 <a
href="https://redirect.github.com/remusao/tldts/pull/2628">#2628</a> (<a
href="https://github.com/dependabot%5Bbot%5D"><code>@​dependabot[bot]</code></a>)</li>
<li><code>tldts-core</code>, <code>tldts-experimental</code>,
<code>tldts-icann</code>, <code>tldts-tests</code>,
<code>tldts-utils</code>, <code>tldts</code>
<ul>
<li>Bump <code>@​types/node</code> from 25.9.1 to 26.1.0 <a
href="https://redirect.github.com/remusao/tldts/pull/2627">#2627</a> (<a
href="https://github.com/dependabot%5Bbot%5D"><code>@​dependabot[bot]</code></a>)</li>
</ul>
</li>
</ul>
<h4>Authors: 2</h4>
<ul>
<li><a
href="https://github.com/dependabot%5Bbot%5D"><code>@​dependabot[bot]</code></a></li>
<li>Rémi (<a
href="https://github.com/remusao"><code>@​remusao</code></a>)</li>
</ul>
<h2>v7.4.5</h2>
<h4>:scroll: Update Public Suffix List</h4>
<ul>
<li><code>tldts-experimental</code>, <code>tldts</code>
<ul>
<li>Update upstream public suffix list <a
href="https://redirect.github.com/remusao/tldts/pull/2617">#2617</a> (<a
href="https://github.com/remusao"><code>@​remusao</code></a>)</li>
</ul>
</li>
</ul>
<h4>Authors: 1</h4>
<ul>
<li>Rémi (<a
href="https://github.com/remusao"><code>@​remusao</code></a>)</li>
</ul>
<h2>v7.4.4</h2>
<h4>:scroll: Update Public Suffix List</h4>
<ul>
<li><code>tldts-experimental</code>, <code>tldts</code>
<ul>
<li>Update upstream public suffix list <a
href="https://redirect.github.com/remusao/tldts/pull/2614">#2614</a> (<a
href="https://github.com/remusao"><code>@​remusao</code></a>)</li>
</ul>
</li>
</ul>
<h4>Authors: 1</h4>
<ul>
<li>Rémi (<a
href="https://github.com/remusao"><code>@​remusao</code></a>)</li>
</ul>
<h2>v7.4.3</h2>
<h4>:scroll: Update Public Suffix List</h4>
<ul>
<li><code>tldts-experimental</code>, <code>tldts</code>
<ul>
<li>Update upstream public suffix list <a
href="https://redirect.github.com/remusao/tldts/pull/2605">#2605</a> (<a
href="https://github.com/remusao"><code>@​remusao</code></a>)</li>
</ul>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/remusao/tldts/blob/master/CHANGELOG.md">tldts's
changelog</a>.</em></p>
<blockquote>
<h1>v7.4.6 (Thu Jul 02 2026)</h1>
<h4>:scroll: Update Public Suffix List</h4>
<ul>
<li><code>tldts-experimental</code>, <code>tldts</code>
<ul>
<li>Update upstream public suffix list <a
href="https://redirect.github.com/remusao/tldts/pull/2626">#2626</a> (<a
href="https://github.com/remusao"><code>@​remusao</code></a>)</li>
</ul>
</li>
</ul>
<h4>:nut_and_bolt: Dependencies</h4>
<ul>
<li>Bump sigstore from 4.1.0 to 4.1.1 <a
href="https://redirect.github.com/remusao/tldts/pull/2629">#2629</a> (<a
href="https://github.com/dependabot%5Bbot%5D"><code>@​dependabot[bot]</code></a>)</li>
<li>Bump <code>@​babel/core</code> from 7.24.7 to 7.29.7 <a
href="https://redirect.github.com/remusao/tldts/pull/2618">#2618</a> (<a
href="https://github.com/dependabot%5Bbot%5D"><code>@​dependabot[bot]</code></a>)</li>
<li>Bump form-data from 4.0.5 to 4.0.6 <a
href="https://redirect.github.com/remusao/tldts/pull/2611">#2611</a> (<a
href="https://github.com/dependabot%5Bbot%5D"><code>@​dependabot[bot]</code></a>)</li>
<li>Bump rollup from 4.61.1 to 4.62.2 <a
href="https://redirect.github.com/remusao/tldts/pull/2612">#2612</a> (<a
href="https://github.com/dependabot%5Bbot%5D"><code>@​dependabot[bot]</code></a>)</li>
<li>Bump rollup-plugin-sourcemaps2 from 0.5.7 to 0.5.8 <a
href="https://redirect.github.com/remusao/tldts/pull/2619">#2619</a> (<a
href="https://github.com/dependabot%5Bbot%5D"><code>@​dependabot[bot]</code></a>)</li>
<li>Bump typescript-eslint from 8.60.1 to 8.62.1 <a
href="https://redirect.github.com/remusao/tldts/pull/2624">#2624</a> (<a
href="https://github.com/dependabot%5Bbot%5D"><code>@​dependabot[bot]</code></a>)</li>
<li>Bump <code>@​sigstore/core</code> from 3.1.0 to 3.2.1 <a
href="https://redirect.github.com/remusao/tldts/pull/2625">#2625</a> (<a
href="https://github.com/dependabot%5Bbot%5D"><code>@​dependabot[bot]</code></a>)</li>
<li>Bump <code>@​sigstore/verify</code> from 3.1.0 to 3.1.1 <a
href="https://redirect.github.com/remusao/tldts/pull/2628">#2628</a> (<a
href="https://github.com/dependabot%5Bbot%5D"><code>@​dependabot[bot]</code></a>)</li>
<li><code>tldts-core</code>, <code>tldts-experimental</code>,
<code>tldts-icann</code>, <code>tldts-tests</code>,
<code>tldts-utils</code>, <code>tldts</code>
<ul>
<li>Bump <code>@​types/node</code> from 25.9.1 to 26.1.0 <a
href="https://redirect.github.com/remusao/tldts/pull/2627">#2627</a> (<a
href="https://github.com/dependabot%5Bbot%5D"><code>@​dependabot[bot]</code></a>)</li>
</ul>
</li>
</ul>
<h4>Authors: 2</h4>
<ul>
<li><a
href="https://github.com/dependabot%5Bbot%5D"><code>@​dependabot[bot]</code></a></li>
<li>Rémi (<a
href="https://github.com/remusao"><code>@​remusao</code></a>)</li>
</ul>
<hr />
<h1>v7.4.5 (Sun Jun 28 2026)</h1>
<h4>:scroll: Update Public Suffix List</h4>
<ul>
<li><code>tldts-experimental</code>, <code>tldts</code>
<ul>
<li>Update upstream public suffix list <a
href="https://redirect.github.com/remusao/tldts/pull/2617">#2617</a> (<a
href="https://github.com/remusao"><code>@​remusao</code></a>)</li>
</ul>
</li>
</ul>
<h4>Authors: 1</h4>
<ul>
<li>Rémi (<a
href="https://github.com/remusao"><code>@​remusao</code></a>)</li>
</ul>
<hr />
<h1>v7.4.4 (Tue Jun 23 2026)</h1>
<h4>:scroll: Update Public Suffix List</h4>
<ul>
<li><code>tldts-experimental</code>, <code>tldts</code>
<ul>
<li>Update upstream public suffix list <a
href="https://redirect.github.com/remusao/tldts/pull/2614">#2614</a> (<a
href="https://github.com/remusao"><code>@​remusao</code></a>)</li>
</ul>
</li>
</ul>
<h4>Authors: 1</h4>
<ul>
<li>Rémi (<a
href="https://github.com/remusao"><code>@​remusao</code></a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/remusao/tldts/commit/92ee2b31e72433487577a6c027ad7ec69aa8c8fe"><code>92ee2b3</code></a>
Bump version to: v7.4.6 [skip ci]</li>
<li><a
href="https://github.com/remusao/tldts/commit/cd23a4106ee0ed11cecf7ec7ed9bc308743d99ca"><code>cd23a41</code></a>
Update CHANGELOG.md [skip ci]</li>
<li><a
href="https://github.com/remusao/tldts/commit/11b91adfef769de8dbd8c87b1ed0809e0371e9a2"><code>11b91ad</code></a>
Update upstream public suffix list (<a
href="https://redirect.github.com/remusao/tldts/issues/2626">#2626</a>)</li>
<li><a
href="https://github.com/remusao/tldts/commit/3136742bd2a089b2c9592cbbcc3de6c229bba5a9"><code>3136742</code></a>
Bump sigstore from 4.1.0 to 4.1.1 (<a
href="https://redirect.github.com/remusao/tldts/issues/2629">#2629</a>)</li>
<li><a
href="https://github.com/remusao/tldts/commit/258820f15ee126878921c2359921d27efef4ca31"><code>258820f</code></a>
Bump <code>@​babel/core</code> from 7.24.7 to 7.29.7 (<a
href="https://redirect.github.com/remusao/tldts/issues/2618">#2618</a>)</li>
<li><a
href="https://github.com/remusao/tldts/commit/e32bbb0fbece80aab696ce8abc89a22d5d4f6ee3"><code>e32bbb0</code></a>
Bump form-data from 4.0.5 to 4.0.6 (<a
href="https://redirect.github.com/remusao/tldts/issues/2611">#2611</a>)</li>
<li><a
href="https://github.com/remusao/tldts/commit/8b65da192769c0f1abc96ffe7d8b0a872fce80a8"><code>8b65da1</code></a>
Bump rollup from 4.61.1 to 4.62.2 (<a
href="https://redirect.github.com/remusao/tldts/issues/2612">#2612</a>)</li>
<li><a
href="https://github.com/remusao/tldts/commit/496e7f4cc06e5a85ad71dd040963a243b61962f5"><code>496e7f4</code></a>
Bump rollup-plugin-sourcemaps2 from 0.5.7 to 0.5.8 (<a
href="https://redirect.github.com/remusao/tldts/issues/2619">#2619</a>)</li>
<li><a
href="https://github.com/remusao/tldts/commit/0adcc645852f4ebacf3db76eaa62da4c79f4c9bf"><code>0adcc64</code></a>
Bump typescript-eslint from 8.60.1 to 8.62.1 (<a
href="https://redirect.github.com/remusao/tldts/issues/2624">#2624</a>)</li>
<li><a
href="https://github.com/remusao/tldts/commit/6401b1448e797716c13778679bc7d2eb022126a8"><code>6401b14</code></a>
Bump <code>@​sigstore/core</code> from 3.1.0 to 3.2.1 (<a
href="https://redirect.github.com/remusao/tldts/issues/2625">#2625</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/remusao/tldts/compare/v6.1.86...v7.4.6">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a
href="https://www.npmjs.com/~GitHub%20Actions">GitHub Actions</a>, a new
releaser for tldts since your current version.</p>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…s-major group (#5852)

Bumps the actions-major group with 1 update:
[docker/login-action](https://github.com/docker/login-action).

Updates `docker/login-action` from 4.3.0 to 4.4.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/login-action/releases">docker/login-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.4.0</h2>
<ul>
<li>Skip empty <code>registry-auth</code> secret mask by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> in <a
href="https://redirect.github.com/docker/login-action/pull/1035">docker/login-action#1035</a></li>
<li>Bump <code>@​aws-sdk/client-ecr</code> and
<code>@​aws-sdk/client-ecr-public</code> to 3.1077.0 <a
href="https://redirect.github.com/docker/login-action/pull/1034">docker/login-action#1034</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/login-action/compare/v4.3.0...v4.4.0">https://github.com/docker/login-action/compare/v4.3.0...v4.4.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/docker/login-action/commit/af1e73f918a031802d376d3c8bbc3fe56130a9b0"><code>af1e73f</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/login-action/issues/1034">#1034</a>
from docker/dependabot/npm_and_yarn/aws-sdk-dependen...</li>
<li><a
href="https://github.com/docker/login-action/commit/da722bde43bacb027adfc67d42dbaa4c0f9e550b"><code>da722bd</code></a>
[dependabot skip] chore: update generated content</li>
<li><a
href="https://github.com/docker/login-action/commit/2916ad60bd5cb72f07aa54c69fdcc61749c09b7a"><code>2916ad6</code></a>
build(deps): bump the aws-sdk-dependencies group across 1 directory with
2 up...</li>
<li><a
href="https://github.com/docker/login-action/commit/ca0a662f786e4cfddce972005bd68f3dafc3a903"><code>ca0a662</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/login-action/issues/1035">#1035</a>
from crazy-max/fix-registry-auth-empty-mask</li>
<li><a
href="https://github.com/docker/login-action/commit/c455755a579833bf0d2e4e54e3beb413ef10cc80"><code>c455755</code></a>
chore: update generated content</li>
<li><a
href="https://github.com/docker/login-action/commit/48351901f89581a7c12870c787d3f06d1f498438"><code>4835190</code></a>
skip empty registry-auth secret mask</li>
<li><a
href="https://github.com/docker/login-action/commit/992421c6e6806a7f6df609d1bfff374f9eca3004"><code>992421c</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/login-action/issues/1033">#1033</a>
from docker/dependabot/github_actions/docker/bake-ac...</li>
<li><a
href="https://github.com/docker/login-action/commit/b249b43765525dd7951068267a34cf63f22ab4f0"><code>b249b43</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/login-action/issues/1032">#1032</a>
from docker/dependabot/github_actions/docker/bake-ac...</li>
<li><a
href="https://github.com/docker/login-action/commit/1b67977736863551a88ff218642a2d7628b10520"><code>1b67977</code></a>
build(deps): bump docker/bake-action from 7.2.0 to 7.3.0</li>
<li><a
href="https://github.com/docker/login-action/commit/9d49d6a3234c78daa10c3c12183ef7b6caa8e69e"><code>9d49d6a</code></a>
build(deps): bump docker/bake-action/subaction/matrix</li>
<li>See full diff in <a
href="https://github.com/docker/login-action/compare/c99871dec2022cc055c062a10cc1a1310835ceb4...af1e73f918a031802d376d3c8bbc3fe56130a9b0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/login-action&package-manager=github_actions&previous-version=4.3.0&new-version=4.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…emplates with 3 updates (#5851)

Bumps the docker-minor group in /apps/cli-go/pkg/config/templates with 3
updates: supabase/realtime, supabase/storage-api and supabase/logflare.

Updates `supabase/realtime` from v2.112.9 to v2.112.10

Updates `supabase/storage-api` from v1.64.1 to v1.66.2

Updates `supabase/logflare` from 1.46.0 to 1.47.0


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
…te error on parse failures (CLI-1901) (#5844)

## What kind of change does this PR introduce?

Bug fix (legacy shell shared CLI runtime).

## What is the current behavior?

Fixes
[CLI-1901](https://linear.app/supabase/issue/CLI-1901/legacy-cli-required-flagchoice-parse-errors-double-print-and-dump-help),
originally surfaced as a side-finding during #5803's review (CLI-1859,
`gen bearer-jwt --role required`).

Any legacy command whose flag parsing fails with a
`CliError.ShowHelp`-wrapped error carrying a non-empty `errors` array
(missing required flag, invalid `Flag.choice` value, unrecognized flag,
etc.) printed a broken, non-Go-parity error:

```
$ supabase sso add --project-ref <ref>
DESCRIPTION
  Add and configure a new connection to a SSO identity provider...
USAGE
  supabase sso add [flags]
FLAGS
  ...
[... 20-30 line help doc, printed to STDOUT ...]

ERROR
  Missing required flag: --type
Error: required flag(s) "type" not set
Try rerunning the command with --debug to troubleshoot the error.
```

Root cause: the vendored `effect@4.0.0-beta.93` CLI library's
`Command.runWith`
(`.repos/effect/packages/effect/src/unstable/cli/Command.ts`) always
dumps the full help doc via `Console.log` and, when `errors.length > 0`,
also `Console.error`s the same errors — before this repo's own Go-parity
renderer (`normalize-error.ts` + `run.ts`'s `handledProgram`) renders
its own line for the same failure. This breaks stdout-piping scripts
(e.g. `TOKEN=$(supabase gen bearer-jwt --role "$ROLE")` with an empty
`$ROLE`) and violates this repo's own Go-parity contract
(`apps/cli/CLAUDE.md`).

## What is the new behavior?

`run.ts` gains `withoutParseErrorHelpDump`, which wraps
`Command.runWith(rootCommand, ...)(args)` with a buffering
`Console.Console` and, once the run's outcome is known, disposes of the
buffered writes per `classifyParseErrorConsoleOutput` — a three-way
split that mirrors Go cobra's *actual* behavior (verified directly
against the built `apps/cli-go/supabase-go` binary, not just assumed):

- **`drop`** — a missing required flag (`MissingOption`). Go's
`PersistentPreRunE` sets `SilenceUsage = true` (`cmd/root.go:97`)
*before* `ValidateRequiredFlags` runs, so this is a single clean stderr
line, nothing on stdout.
- **`flush-help-doc-to-stderr`** — every other genuine parse/validation
failure (unrecognized flag, invalid `Flag.choice` value, missing
positional argument, unknown subcommand). These are raised during
`ParseFlags`/`ValidateArgs`, *before* `SilenceUsage` is set — Go still
shows a usage block for these, always on stderr, never stdout. The
library's help doc isn't byte-identical to cobra's shorter usage
template (see judgement calls below), but it's now on the right stream
with no duplicate.
- **`flush-unchanged`** — success, `--help`, `--version`,
`--completions`, and the bare-group-command help dump (`errors: []`,
exit 0) — all untouched.

In every genuine-failure case, the library's own duplicate
`Console.error` render is dropped; this repo's own `handledProgram` +
`normalizeCause` render the single Go-parity line instead.

`normalize-error.ts`'s `ShowHelp`-envelope unwrap was also extended:
since the library's duplicate render is now gone, a wrapped inner error
with no Go-parity-specific mapping (`UnrecognizedOption`,
`DuplicateOption`, `MissingArgument`, `UnknownSubcommand`, or a
non-doubled-prefix `InvalidValue`) now falls back to that inner error's
own `.message` instead of the useless generic "Help requested" envelope
text — otherwise removing the duplicate would have silently regressed
those tags from "informative, but printed twice" to "printed once,
uselessly."

Tests: pure-predicate unit tests for the three-way classifier
(`run.unit.test.ts`), integration tests exercising the real
buffering/flush wiring against `legacyBranchesCommand` and a synthetic
required-flag command via a `Console.Console` test double
(`run.integration.test.ts` — not `vi.spyOn`, which reliably breaks call
detection when spying `console.log` and `console.error` in the same test
under this repo's Bun+Vitest combination), and e2e tests proving the
real subprocess stdout/stderr streams against `branches --bogus-flag`
and `sso add` (missing/invalid `--type`, the issue's own named repro
target).

### Judgement calls left open

- **Wording, not structure**: some of this repo's existing error wording
still differs from Go's exact text for these paths (e.g. Go's bare
`required flag(s) "type" not set` vs this repo's `Error: required
flag(s) "type" not set` with an extra `Error: ` prefix; Go's `invalid
argument "bogus" for "-t, --type" flag: must be one of [ saml ]` vs this
repo's `Invalid value for flag --type: "bogus". Expected "saml", got
"bogus"`). Both pre-date this fix and are unrelated to the
stdout-pollution/duplicate-print bug it targets — flagged by review as a
possible follow-up, not fixed here to keep this PR's diff focused.
- **Usage-block content, not stream**: the help/usage text now correctly
lands on stderr (never stdout) for the `flush-help-doc-to-stderr` class,
but its *content* is this library's own (longer) help doc, not cobra's
shorter usage template. True byte-parity there would need a second,
purpose-built "usage-only" formatter — out of scope for this fix.
- **Pre-existing terminal-escape echo**: user-supplied argv tokens (e.g.
an unrecognized flag name) are echoed verbatim into error messages with
no control-character stripping. Unaffected in kind by this change (just
relocated/de-duplicated); flagged by security review as low-priority and
better suited to its own issue if the team wants to harden it.
- The issue's secondary, explicitly-optional finding
(`internal/command.ts:243` misreporting `Flag.optional` status in
`--output-format json` help docs) is a separate, unrelated code path in
the same vendored module — deliberately left unaddressed here to keep
this PR scoped to the double-print/stdout-dump bug.
…numFlag parity) (#5855)

## What changed

Go's `isEnumFlag` (`apps/cli-go/cmd/root_analytics.go:110-116`)
unconditionally reports the value of any `*utils.EnumFlag`-backed pflag
verbatim in `cli_command_executed` telemetry — no per-flag annotation
needed. `--output`, `--dns-resolver`, and `--agent` are all registered
as `*utils.EnumFlag` on `rootCmd.PersistentFlags()`
(`cmd/root.go:330,331,333`), so Go always sends their real value.

The TS port's `withLegacyCommandInstrumentation` already auto-detects
`Flag.choice` flags declared in a command's own `config` (CLI-1866), and
already resolves global/persistent flag values as a fallback when a
command doesn't declare that CLI name locally (CLI-1896). But CLI-1896
deliberately scoped out the 3 global *choice* flags — nothing taught the
global-fallback path that a resolved value might itself be a safe enum,
so `--output`/`--dns-resolver`/`--agent` always fell through to
`"<redacted>"`.

This adds `GLOBAL_CHOICE_FLAG_NAMES`
(`legacy-command-instrumentation.ts`), derived from
`LEGACY_GLOBAL_FLAGS` by reusing the existing `getChoiceFlagNames`
helper (so the choice-detection predicate has exactly one home), and
consults it only on the global-fallback path — i.e. only when the
invoking command's own `flags` record doesn't already declare that CLI
name. A command that registers its own differently-typed local flag
under the same CLI name (`db diff`'s local string `output:
Flag.string("output")`, `cmd/db.go:622`) still shadows the global and
stays redacted, matching Go's `isEnumFlag` type-asserting that command's
own non-enum flag object instead of root's persistent `EnumFlag`.
Verified this is the real wiring, not a hypothetical: `db diff` passes
`output` in its own `flags` record with no matching `config` entry, so
`isFromHandler` is structurally `true` for it and the new global set is
never consulted.

Also verified Go's separate `output_format` telemetry property
(`PropOutputFormat`) is independent of the generic `flags.output` entry
— both already fire in Go too, so no double-counting concern from
un-redacting `flags.output`.

Fixes CLI-1904.

## Why

Found during CLI-1866's review as a pre-existing gap in the same problem
class, tracked separately since it was out of scope for that PR's diff,
then explicitly deferred again by CLI-1896 ("the 3 global choice flags
... remain redacted — that gap is the already-tracked CLI-1904, not this
ticket").

## Reviewer-relevant context

- All 4 `review-changes` agents (architect, engineer, security, DX)
reviewed this diff and approved with no blocking findings. Two
converging nits were fixed in a follow-up commit: deduped the
choice-detection predicate (`GLOBAL_CHOICE_FLAG_NAMES` now derives from
`getChoiceFlagNames` instead of re-implementing it) and clarified the
two `AGENTS.md` telemetry bullets.
- One deliberately-deferred judgement call from engineer-reviewer: no
command's own `*.integration.test.ts` today exercises
`withLegacyCommandInstrumentation`'s PostHog-capture behavior for *any*
flag (that coverage is entirely the job of
`legacy-command-instrumentation.unit.test.ts`'s own scenario suite) —
this is a pre-existing, repo-wide pattern, not something this PR narrows
or regresses. Adding integration-tier telemetry assertions to `db
diff`/`db query` specifically would set a new cross-cutting test
precedent well beyond this fix's scope, so left as a possible future
hardening rather than folded in here.
… globbing (#5856)

## Current Behavior

`legacyMatchPattern` (the glob matcher backing `[db.seed].sql_paths` and
`db reset --version`) treated a leading `!` inside a `[...]` bracket
class the same as `^` — shell/fnmatch-style negation. Go's `path.Match`
(which `apps/cli-go`'s `fs.Glob`/`afero.Glob` actually use for this)
only negates on `^`; `!` is an ordinary literal class member. So a
pattern like `[!a].sql` matched `b.sql` in the TS port where the Go CLI
would not, meaning `db push --include-seed` / `db reset` could read,
hash, and execute seed SQL outside the set the user's Go-compatible
config intended.

Verified directly against the real Go stdlib source
(`$GOROOT/src/path/match.go`) available on this machine, and against
`apps/cli-go/pkg/config/config.go` (`fs.Glob`) and
`apps/cli-go/internal/migration/repair/repair.go` (`GetMigrationFile` /
`afero.Glob`) — both go through the same `path.Match` grammar.

## New Behavior

Rather than patching the bug in place, this fixes it by deleting the
duplicate: `apps/cli/src/legacy/shared/legacy-path-match.ts`
(`legacyPathMatch`) is already a byte-faithful, already-tested port of
Go's `path.Match` — introduced earlier for the sibling `db
new`/migration seed pipeline (`legacy-seed.ts`) — with correct `^`-only
negation, escapes, and malformed-pattern (`ErrBadPattern`) detection.
`legacyMatchPattern` and its `matchClass`/`match` helpers are removed,
and both call sites are rewired onto `legacyPathMatch`:

- `legacy-seed-ops.ts`'s own seed glob (`globOne`)
- `reset.handler.ts`'s `--version` migration-file glob
(behavior-identical here — `v` is validated as digits-only before the
glob ever runs, so no bracket syntax is reachable on this path)

A follow-up commit closes a related gap all four `review-changes`
reviewers independently flagged: `legacyGlobSeedFiles` was discarding
`legacyPathMatch`'s `badPattern` signal, so a malformed pattern (e.g. an
unterminated `[` class) fell through to the generic `no files matched
pattern` warning instead of Go's `failed to glob files: syntax error in
pattern` (`fs.Glob`'s up-front `Match(pattern, "")` validation). The
sibling pipeline (`legacy-seed.ts:resolveSeedFiles`) already did this
correctly — mirrored it here now that both pipelines share
`legacyPathMatch`.

**Behavior change worth calling out for release notes:** any existing
`[db.seed].sql_paths` config relying on `[!x]` as shell-style negation
will now select a different (Go-correct) set of seed files with no error
— e.g. `[!0-9]` now means "the literal characters `!`, `0`-`9`", not
"not a digit". Use `[^x]` for negation, matching Go/the real Go CLI.
This is a correctness fix (the legacy shell's contract is strict Go
parity), but it is a silent behavior change for anyone who had
unknowingly depended on the old, non-Go-compatible negation.

## Related Issue(s)

Fixes https://linear.app/supabase/issue/CLI-1880

## Notes for reviewers

`review-changes` (architect/engineer/security/DX, run against the first
commit) all returned APPROVE/SHIP IT. Judgement calls deliberately left
open rather than expanded into this PR:

- The two seed pipelines (`legacy-seed-ops.ts` and `legacy-seed.ts`)
still duplicate the outer `fs.Glob`-style directory-walk/dedup logic
(both now delegate the leaf matcher to `legacyPathMatch`, but the
surrounding glob-resolution code is still two separate ports). Flagged
by the architect reviewer as a good candidate for a follow-up
consolidation, out of scope for this fix.
- `sql_paths`' glob dialect (Go `path.Match` semantics, `^`-only
negation, no POSIX classes) isn't documented anywhere user-facing
(`packages/config/src/db.ts`). Flagged by the DX reviewer as worth a
docs follow-up, not blocking.
…in /apps/cli-go in the go-minor group across 1 directory (#5858)

Bumps the go-minor group with 1 update in the /apps/cli-go directory:
[github.com/stripe/pg-schema-diff](https://github.com/stripe/pg-schema-diff).

Updates `github.com/stripe/pg-schema-diff` from 1.0.5 to 1.0.7
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/stripe/pg-schema-diff/releases">github.com/stripe/pg-schema-diff's
releases</a>.</em></p>
<blockquote>
<h2>v1.0.7</h2>
<h2>Security fixes</h2>
<p>Fixes two additional SQL injection sinks identified via the same root
cause as v1.0.6 (enum labels, <a
href="https://redirect.github.com/stripe/pg-schema-diff/issues/295">#295</a>).
Schema-derived values were re-emitted into generated DDL without proper
escaping.</p>
<h3>Policy role names (<code>policy_sql_generator.go</code>)</h3>
<p><code>AppliesTo</code> role names (sourced from
<code>pg_roles.rolname</code>) were interpolated raw into <code>CREATE
POLICY ... TO</code> and <code>ALTER POLICY ... TO</code> statements. A
user with <code>CREATEROLE</code> privilege could plant a role whose
name contains an embedded double-quote to inject arbitrary SQL during
plan execution.</p>
<p><strong>Fix</strong>: Added <code>escapeRoleNames()</code> helper
that applies <code>EscapeIdentifier</code> to each role name, preserving
<code>PUBLIC</code> as an unquoted SQL keyword.</p>
<h3>Function/procedure names (<code>schema.go</code>
<code>buildProcName</code>)</h3>
<p>The function used hand-rolled quoting
(<code>fmt.Sprintf(&quot;\&quot;%s\&quot;(%s)&quot;, name, ...)</code>)
that did not double embedded double-quotes. A user with <code>CREATE
FUNCTION</code> privilege could create a function with
<code>&quot;</code> in its name to inject SQL when <code>DROP
FUNCTION</code>/<code>DROP PROCEDURE</code> statements are
generated.</p>
<p><strong>Fix</strong>: Replaced the hand-rolled quoting with
<code>EscapeIdentifier(name)</code>.</p>
<h2>What's Changed</h2>
<ul>
<li>fix: escape policy role names and function/procedure names in
generated SQL (<a
href="https://redirect.github.com/stripe/pg-schema-diff/issues/296">#296</a>)</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/stripe/pg-schema-diff/compare/v1.0.6...v1.0.7">https://github.com/stripe/pg-schema-diff/compare/v1.0.6...v1.0.7</a></p>
<h2>v1.0.6</h2>
<h2>Security fix</h2>
<p>Escapes enum labels in generated SQL to prevent a second-order SQL
injection.</p>
<p>Enum labels were interpolated into generated DDL using raw
<code>fmt.Sprintf(&quot;'%s'&quot;, val)</code>. A label containing a
single quote could break out of the string literal and inject arbitrary
SQL, which then executes with the plan runner's (often superuser)
privileges when <code>pg-schema-diff</code> generates migration SQL —
enabling RCE via <code>COPY ... TO PROGRAM</code>.</p>
<p>All three enum sinks (<code>CREATE TYPE ... AS ENUM</code>,
<code>ALTER TYPE ... ADD VALUE</code>, and the <code>BEFORE</code>
ordering clause) now route through a new <code>EscapeLiteral</code>
helper that doubles single quotes and strips null bytes.</p>
<p>See <a
href="https://redirect.github.com/stripe/pg-schema-diff/issues/295">#295</a>
for details and test evidence.</p>
<p><strong>Recommendation:</strong> upgrade to <code>v1.0.6</code>,
especially if you run <code>pg-schema-diff</code> against databases
where lower-privileged users can create enum types.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/stripe/pg-schema-diff/commit/6208f8f3ceccae8ca634055dc47907a6a864cb76"><code>6208f8f</code></a>
fix: escape policy role names and function names in generated SQL (<a
href="https://redirect.github.com/stripe/pg-schema-diff/issues/296">#296</a>)</li>
<li><a
href="https://github.com/stripe/pg-schema-diff/commit/4ff84db14685190757157e2c08026aa4e3b7e859"><code>4ff84db</code></a>
fix: escape enum labels in generated SQL to prevent SQL injection (<a
href="https://redirect.github.com/stripe/pg-schema-diff/issues/295">#295</a>)</li>
<li>See full diff in <a
href="https://github.com/stripe/pg-schema-diff/compare/v1.0.5...v1.0.7">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/stripe/pg-schema-diff&package-manager=go_modules&previous-version=1.0.5&new-version=1.0.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the npm-major group with 3 updates:
[@anthropic-ai/claude-agent-sdk](https://github.com/anthropics/claude-agent-sdk-typescript),
[@clack/prompts](https://github.com/bombshell-dev/clack/tree/HEAD/packages/prompts)
and
[@typescript/native-preview](https://github.com/microsoft/typescript-go).

Updates `@anthropic-ai/claude-agent-sdk` from 0.3.199 to 0.3.201
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/anthropics/claude-agent-sdk-typescript/releases">@​anthropic-ai/claude-agent-sdk's
releases</a>.</em></p>
<blockquote>
<h2>v0.3.201</h2>
<h2>What's changed</h2>
<ul>
<li>Updated to parity with Claude Code v2.1.201</li>
</ul>
<h2>Update</h2>
<pre lang="sh"><code>npm install @anthropic-ai/claude-agent-sdk@0.3.201
# or
yarn add @anthropic-ai/claude-agent-sdk@0.3.201
# or
pnpm add @anthropic-ai/claude-agent-sdk@0.3.201
# or
bun add @anthropic-ai/claude-agent-sdk@0.3.201
</code></pre>
<h2>v0.3.200</h2>
<h2>What's changed</h2>
<ul>
<li>Added <code>'manual'</code> as an accepted alias for the
<code>'default'</code> permission mode in SDK inputs</li>
<li>Fixed <code>onSetPermissionMode</code> callback not firing for
SDK-hosted Remote Control sessions</li>
<li>Fixed <code>set_model</code> control request accepting unrecognized
model strings; invalid models are now rejected before latching</li>
</ul>
<h2>Update</h2>
<pre lang="sh"><code>npm install @anthropic-ai/claude-agent-sdk@0.3.200
# or
yarn add @anthropic-ai/claude-agent-sdk@0.3.200
# or
pnpm add @anthropic-ai/claude-agent-sdk@0.3.200
# or
bun add @anthropic-ai/claude-agent-sdk@0.3.200
</code></pre>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/anthropics/claude-agent-sdk-typescript/blob/main/CHANGELOG.md">@​anthropic-ai/claude-agent-sdk's
changelog</a>.</em></p>
<blockquote>
<h2>0.3.201</h2>
<ul>
<li>Updated to parity with Claude Code v2.1.201</li>
</ul>
<h2>0.3.200</h2>
<ul>
<li>Added <code>'manual'</code> as an accepted alias for the
<code>'default'</code> permission mode in SDK inputs</li>
<li>Fixed <code>onSetPermissionMode</code> callback not firing for
SDK-hosted Remote Control sessions</li>
<li>Fixed <code>set_model</code> control request accepting unrecognized
model strings; invalid models are now rejected before latching</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/anthropics/claude-agent-sdk-typescript/commit/6809c4ca30f74667391c1f30dc5023e518110326"><code>6809c4c</code></a>
chore: Update CHANGELOG.md</li>
<li><a
href="https://github.com/anthropics/claude-agent-sdk-typescript/commit/8d7e23f1ff86a20eed96ba64e2ac1ed44b68af14"><code>8d7e23f</code></a>
chore: Update CHANGELOG.md</li>
<li>See full diff in <a
href="https://github.com/anthropics/claude-agent-sdk-typescript/compare/v0.3.199...v0.3.201">compare
view</a></li>
</ul>
</details>
<br />

Updates `@clack/prompts` from 1.6.0 to 1.7.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/bombshell-dev/clack/releases">@​clack/prompts's
releases</a>.</em></p>
<blockquote>
<h2><code>@​clack/prompts</code><a
href="https://github.com/1"><code>@​1</code></a>.7.0</h2>
<h3>Minor Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/bombshell-dev/clack/pull/574">#574</a>
<a
href="https://github.com/bombshell-dev/clack/commit/8f1c380683cfb5fb7a094610342046ae1603e28e"><code>8f1c380</code></a>
Thanks <a
href="https://github.com/dreyfus92"><code>@​dreyfus92</code></a>! - Add
<code>showInstructions</code> option to <code>select</code>,
<code>multiselect</code>, and <code>groupMultiselect</code>. Keyboard
hints remain shown by default; pass <code>showInstructions: false</code>
to hide them.</li>
</ul>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/bombshell-dev/clack/pull/582">#582</a>
<a
href="https://github.com/bombshell-dev/clack/commit/4b249539e28eecc16c13b3a1bd0ba447e9f38d06"><code>4b24953</code></a>
Thanks <a href="https://github.com/43081j"><code>@​43081j</code></a>! -
Handle empty arrays in various prompts and utilities.</p>
</li>
<li>
<p>Updated dependencies [<a
href="https://github.com/bombshell-dev/clack/commit/4b249539e28eecc16c13b3a1bd0ba447e9f38d06"><code>4b24953</code></a>]:</p>
<ul>
<li><code>@​clack/core</code><a
href="https://github.com/1"><code>@​1</code></a>.4.3</li>
</ul>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/bombshell-dev/clack/blob/main/packages/prompts/CHANGELOG.md">@​clack/prompts's
changelog</a>.</em></p>
<blockquote>
<h2>1.7.0</h2>
<h3>Minor Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/bombshell-dev/clack/pull/574">#574</a>
<a
href="https://github.com/bombshell-dev/clack/commit/8f1c380683cfb5fb7a094610342046ae1603e28e"><code>8f1c380</code></a>
Thanks <a
href="https://github.com/dreyfus92"><code>@​dreyfus92</code></a>! - Add
<code>showInstructions</code> option to <code>select</code>,
<code>multiselect</code>, and <code>groupMultiselect</code>. Keyboard
hints remain shown by default; pass <code>showInstructions: false</code>
to hide them.</li>
</ul>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/bombshell-dev/clack/pull/582">#582</a>
<a
href="https://github.com/bombshell-dev/clack/commit/4b249539e28eecc16c13b3a1bd0ba447e9f38d06"><code>4b24953</code></a>
Thanks <a href="https://github.com/43081j"><code>@​43081j</code></a>! -
Handle empty arrays in various prompts and utilities.</p>
</li>
<li>
<p>Updated dependencies [<a
href="https://github.com/bombshell-dev/clack/commit/4b249539e28eecc16c13b3a1bd0ba447e9f38d06"><code>4b24953</code></a>]:</p>
<ul>
<li><code>@​clack/core</code><a
href="https://github.com/1"><code>@​1</code></a>.4.3</li>
</ul>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/bombshell-dev/clack/commit/dc5bce8aae84a57b5863124adfaa839c1db1fa23"><code>dc5bce8</code></a>
[ci] release (<a
href="https://github.com/bombshell-dev/clack/tree/HEAD/packages/prompts/issues/575">#575</a>)</li>
<li><a
href="https://github.com/bombshell-dev/clack/commit/4b249539e28eecc16c13b3a1bd0ba447e9f38d06"><code>4b24953</code></a>
chore: enable strict index checks (<a
href="https://github.com/bombshell-dev/clack/tree/HEAD/packages/prompts/issues/582">#582</a>)</li>
<li><a
href="https://github.com/bombshell-dev/clack/commit/8f1c380683cfb5fb7a094610342046ae1603e28e"><code>8f1c380</code></a>
feat(prompts): add showInstructions opt-out (<a
href="https://github.com/bombshell-dev/clack/tree/HEAD/packages/prompts/issues/574">#574</a>)</li>
<li><a
href="https://github.com/bombshell-dev/clack/commit/06c16c7b65b69dee44301e7e6c8f1110c6da4149"><code>06c16c7</code></a>
chore: update license copyright to Bombshell contributors (<a
href="https://github.com/bombshell-dev/clack/tree/HEAD/packages/prompts/issues/572">#572</a>)</li>
<li>See full diff in <a
href="https://github.com/bombshell-dev/clack/commits/@clack/prompts@1.7.0/packages/prompts">compare
view</a></li>
</ul>
</details>
<br />

Updates `@typescript/native-preview` from 7.0.0-dev.20260702.3 to
7.0.0-dev.20260703.1
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/microsoft/typescript-go/commits">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…n /apps/cli-go in the go-minor group across 1 directory (#5865)

Bumps the go-minor group with 1 update in the /apps/cli-go directory:
[github.com/posthog/posthog-go](https://github.com/posthog/posthog-go).

Updates `github.com/posthog/posthog-go` from 1.17.4 to 1.17.5
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/posthog/posthog-go/releases">github.com/posthog/posthog-go's
releases</a>.</em></p>
<blockquote>
<h2>1.17.5</h2>
<h2>Unreleased</h2>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/PostHog/posthog-go/blob/main/CHANGELOG.md">github.com/posthog/posthog-go's
changelog</a>.</em></p>
<blockquote>
<h2>1.17.5</h2>
<h3>Patch Changes</h3>
<ul>
<li>fe66557: Change the default capture delivery budget from 10 attempts
to 4 (<code>DefaultMaxAttempts</code>) when
<code>Config.MaxRetries</code> is unset, aligning with the cross-SDK
Capture V1 parity standard (posthog-rs uses the same envelope). This
affects <strong>both</strong> the v0 (<code>/batch/</code>) and v1 send
paths, since they share the attempt budget. Callers that set
<code>MaxRetries</code> explicitly are unaffected.</li>
<li>3d8404a: Unify the capture retry backoff ceiling at 30s.
<code>DefaultBackoff</code>'s cap changes from 10s to 30s (default only
— override via <code>Config.RetryAfter</code>), and the Capture V1 send
now clamps a server <code>Retry-After</code> to the same 30s so a
hostile or buggy header cannot park a batch goroutine.
<code>Retry-After</code> still acts as a minimum; the configured backoff
is never truncated. This aligns the default retry behavior with
posthog-rs and posthog-python.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/PostHog/posthog-go/commit/d7f8a22426389425e7874d302cedfbe86731a179"><code>d7f8a22</code></a>
chore: release v1.17.5 [version bump] [skip ci]</li>
<li><a
href="https://github.com/PostHog/posthog-go/commit/fe66557ddc3141ada0c1d9538186037c641614d9"><code>fe66557</code></a>
feat(capture): default to 4 delivery attempts (down from 10) (<a
href="https://redirect.github.com/posthog/posthog-go/issues/256">#256</a>)</li>
<li><a
href="https://github.com/PostHog/posthog-go/commit/3d8404afd554d1557a57c45deba05501a8288d44"><code>3d8404a</code></a>
fix(capture): unify retry backoff ceiling at 30s (<a
href="https://redirect.github.com/posthog/posthog-go/issues/255">#255</a>)</li>
<li><a
href="https://github.com/PostHog/posthog-go/commit/6affc1549498bbd8f8ee3fe5beaaab6da5d13ca1"><code>6affc15</code></a>
ci: Standardize SDK release failure telemetry (<a
href="https://redirect.github.com/posthog/posthog-go/issues/252">#252</a>)</li>
<li>See full diff in <a
href="https://github.com/posthog/posthog-go/compare/v1.17.4...v1.17.5">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/posthog/posthog-go&package-manager=go_modules&previous-version=1.17.4&new-version=1.17.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
….2.2 in the actions-major group (#5871)

Bumps the actions-major group with 1 update:
[aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials).

Updates `aws-actions/configure-aws-credentials` from 6.2.1 to 6.2.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/aws-actions/configure-aws-credentials/releases">aws-actions/configure-aws-credentials's
releases</a>.</em></p>
<blockquote>
<h2>v6.2.2</h2>
<h2><a
href="https://github.com/aws-actions/configure-aws-credentials/compare/v6.2.1...v6.2.2">6.2.2</a>
(2026-07-07)</h2>
<h3>Miscellaneous Chores</h3>
<ul>
<li>release 6.2.2 (<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/d01d678e65d6d2bd9d5ca7a95d6f07b00e25f2c2">d01d678</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md">aws-actions/configure-aws-credentials's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<p>All notable changes to this project will be documented in this file.
See <a
href="https://github.com/conventional-changelog/standard-version">standard-version</a>
for commit guidelines.</p>
<h2><a
href="https://github.com/aws-actions/configure-aws-credentials/compare/v6.2.1...v6.2.2">6.2.2</a>
(2026-07-07)</h2>
<h3>Miscellaneous Chores</h3>
<ul>
<li>release 6.2.2 (<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/d01d678e65d6d2bd9d5ca7a95d6f07b00e25f2c2">d01d678</a>)</li>
</ul>
<h2><a
href="https://github.com/aws-actions/configure-aws-credentials/compare/v6.2.0...v6.2.1">6.2.1</a>
(2026-06-26)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>enforce allowed-account-ids on all auth paths (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1847">#1847</a>)
(<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/4d281fbc56a82e63c3fc14f2cc22361f34c97493">4d281fb</a>)</li>
</ul>
<h2><a
href="https://github.com/aws-actions/configure-aws-credentials/compare/v6.1.3...v6.2.0">6.2.0</a>
(2026-06-01)</h2>
<h3>Features</h3>
<ul>
<li>add additional session tags by default (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1775">#1775</a>)
(<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/e0ba7685077379a14a82d01fefd511490344ebfc">e0ba768</a>)</li>
<li>add more retry logic and better logging (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1764">#1764</a>)
(<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/540d0c13aedb8d55501d220bd2f0b3cdedfe84e8">540d0c1</a>)</li>
<li>add regex validation to role-session-name (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1765">#1765</a>)
(<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/e35449909c6ede5083a48ba4b8bbfaaa1cf09ba1">e354499</a>)</li>
<li>Allow custom session tags to be passed when assuming a role (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1759">#1759</a>)
(<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/61f50f630f383628add73c1eab3f1935ba07da2b">61f50f6</a>)</li>
<li>expose run id in STS client user-agent (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1774">#1774</a>)
(<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/29d1be30273e7ef371d59fccf6ec54572c64ec89">29d1be3</a>)</li>
<li>support custom STS endpoints (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1762">#1762</a>)
(<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/8d52d05d7a4521fa52b39de50cb6114b12e5c332">8d52d05</a>)</li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li>skip credential check on output-env-credentials: false (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1778">#1778</a>)
(<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/58e7c47adf77846879008deadfeeef8a6969fe6c">58e7c47</a>)</li>
<li>assumeRole failing from session tag size too large (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1808">#1808</a>)
(<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/d6f5dc331b44474b19a52caaf85fa4d637b13c8e">d6f5dc3</a>)</li>
</ul>
<h2><a
href="https://github.com/aws-actions/configure-aws-credentials/compare/v6.1.2...v6.1.3">6.1.3</a>
(2026-05-28)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>fix: allow kubelet token symlink in <a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1805">#1805</a></li>
</ul>
<h2><a
href="https://github.com/aws-actions/configure-aws-credentials/compare/v6.1.1...v6.1.2">6.1.2</a>
(2026-05-26)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>additional filesystem checks (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1799">#1799</a>)
(<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/c39f282697aca8a78c522ecf1f7da9899a31432c">c39f282</a>)</li>
</ul>
<h2><a
href="https://github.com/aws-actions/configure-aws-credentials/compare/v6.1.0...v6.1.1">6.1.1</a>
(2026-05-05)</h2>
<h3>Miscellaneous Chores</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/aws-actions/configure-aws-credentials/commit/517a711dbcd0e402f90c77e7e2f81e849156e31d"><code>517a711</code></a>
chore(main): release 6.2.2 (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1876">#1876</a>)</li>
<li><a
href="https://github.com/aws-actions/configure-aws-credentials/commit/d01d678e65d6d2bd9d5ca7a95d6f07b00e25f2c2"><code>d01d678</code></a>
chore: release 6.2.2</li>
<li><a
href="https://github.com/aws-actions/configure-aws-credentials/commit/8efa52b2848773c500aa10726e251480b1a9eef6"><code>8efa52b</code></a>
chore(deps-dev): bump vitest dependencies (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1874">#1874</a>)</li>
<li><a
href="https://github.com/aws-actions/configure-aws-credentials/commit/8e1eed5c14c0831e3e8d3e79a355207770cfc534"><code>8e1eed5</code></a>
chore(deps-dev): bump <code>@​smithy/property-provider</code> from 4.4.4
to 4.4.6 (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1869">#1869</a>)</li>
<li><a
href="https://github.com/aws-actions/configure-aws-credentials/commit/112421a93aaa67421f2d14d7c469df0e5ca60e47"><code>112421a</code></a>
chore(deps-dev): bump <code>@​biomejs/biome</code> from 2.5.1 to 2.5.2
(<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1868">#1868</a>)</li>
<li><a
href="https://github.com/aws-actions/configure-aws-credentials/commit/fbc01c6585c59a56334d4803ca1f3f249a5fba3f"><code>fbc01c6</code></a>
chore(deps-dev): bump <code>@​types/node</code> from 26.0.1 to 26.1.0
(<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1871">#1871</a>)</li>
<li><a
href="https://github.com/aws-actions/configure-aws-credentials/commit/b12ca875eb3037b4cfbc4aa347bd62e1b475d439"><code>b12ca87</code></a>
chore(deps-dev): bump memfs from 4.57.8 to 4.58.0 (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1873">#1873</a>)</li>
<li><a
href="https://github.com/aws-actions/configure-aws-credentials/commit/d314f7f43d28771d47678a1ad87f05976e241846"><code>d314f7f</code></a>
chore: Update dist</li>
<li><a
href="https://github.com/aws-actions/configure-aws-credentials/commit/a53b65b84a3cea262b96b50376e409283f6f818b"><code>a53b65b</code></a>
chore(deps): bump <code>@​aws-sdk/client-sts</code> from 3.1076.0 to
3.1080.0 (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1867">#1867</a>)</li>
<li><a
href="https://github.com/aws-actions/configure-aws-credentials/commit/338d2c18392e9b3ace741e4547b315bda30f7b02"><code>338d2c1</code></a>
chore(deps-dev): bump sigstore from 4.1.0 to 4.1.1 (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1864">#1864</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/aws-actions/configure-aws-credentials/compare/254c19bd240aabef8777f48595e9d2d7b972184b...517a711dbcd0e402f90c77e7e2f81e849156e31d">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=aws-actions/configure-aws-credentials&package-manager=github_actions&previous-version=6.2.1&new-version=6.2.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the actions-major group with 2 updates:
[github/codeql-action/init](https://github.com/github/codeql-action) and
[github/codeql-action/analyze](https://github.com/github/codeql-action).

Updates `github/codeql-action/init` from 4.36.3 to 4.37.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action/init's
releases</a>.</em></p>
<blockquote>
<h2>v4.37.0</h2>
<ul>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.26.0">2.26.0</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3995">#3995</a></li>
<li>In addition to the existing input format, the
<code>config-file</code> input for the <code>codeql-action/init</code>
step will soon support a new <code>[owner/]repo[@ref][:path]</code>
format. All components except the repository name are optional. If
omitted, <code>owner</code> defaults to the same owner as the repository
the analysis is running for, <code>ref</code> to <code>main</code>, and
<code>path</code> to <code>.github/codeql-action.yaml</code>. Support
for this format ships in this version of the CodeQL Action, but will
only be enabled over the coming weeks. <a
href="https://redirect.github.com/github/codeql-action/pull/3973">#3973</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action/init's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>[UNRELEASED]</h2>
<ul>
<li><em>Upcoming breaking change</em>: Add a deprecation warning for
customers using CodeQL version 2.20.6 and earlier. These versions of
CodeQL were discontinued on 1 July 2026 alongside GitHub Enterprise
Server 3.16, and will be unsupported by the next minor release of the
CodeQL Action. <a
href="https://redirect.github.com/github/codeql-action/pull/3956">#3956</a></li>
</ul>
<h2>4.37.0 - 08 Jul 2026</h2>
<ul>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.26.0">2.26.0</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3995">#3995</a></li>
<li>In addition to the existing input format, the
<code>config-file</code> input for the <code>codeql-action/init</code>
step will soon support a new <code>[owner/]repo[@ref][:path]</code>
format. All components except the repository name are optional. If
omitted, <code>owner</code> defaults to the same owner as the repository
the analysis is running for, <code>ref</code> to <code>main</code>, and
<code>path</code> to <code>.github/codeql-action.yaml</code>. Support
for this format ships in this version of the CodeQL Action, but will
only be enabled over the coming weeks. <a
href="https://redirect.github.com/github/codeql-action/pull/3973">#3973</a></li>
</ul>
<h2>4.36.3 - 01 Jul 2026</h2>
<p>No user facing changes.</p>
<h2>4.36.2 - 04 Jun 2026</h2>
<ul>
<li>Cache CodeQL CLI version information across Actions steps. <a
href="https://redirect.github.com/github/codeql-action/pull/3943">#3943</a></li>
<li>Reduce requests while waiting for analysis processing by using
exponential backoff when polling SARIF processing status. <a
href="https://redirect.github.com/github/codeql-action/pull/3937">#3937</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.6">2.25.6</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3948">#3948</a></li>
</ul>
<h2>4.36.1 - 02 Jun 2026</h2>
<p>No user facing changes.</p>
<h2>4.36.0 - 22 May 2026</h2>
<ul>
<li><em>Breaking change</em>: Bump the minimum required CodeQL bundle
version to 2.19.4. <a
href="https://redirect.github.com/github/codeql-action/pull/3894">#3894</a></li>
<li>Add support for SHA-256 Git object IDs. <a
href="https://redirect.github.com/github/codeql-action/pull/3893">#3893</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5">2.25.5</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3926">#3926</a></li>
</ul>
<h2>4.35.5 - 15 May 2026</h2>
<ul>
<li>We have improved how the JavaScript bundles for the CodeQL Action
are generated to avoid duplication across bundles and reduce the size of
the repository by around 70%. This should have no effect on the runtime
behaviour of the CodeQL Action. <a
href="https://redirect.github.com/github/codeql-action/pull/3899">#3899</a></li>
<li>For performance and accuracy reasons, <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis</a> will now only be enabled on a pull request when
diff-informed analysis is also enabled for that run. If diff-informed
analysis is unavailable (for example, because the PR diff ranges could
not be computed), the action will fall back to a full analysis. <a
href="https://redirect.github.com/github/codeql-action/pull/3791">#3791</a></li>
<li>If multiple inputs are provided for the GitHub-internal
<code>analysis-kinds</code> input, only <code>code-scanning</code> will
be enabled. The <code>analysis-kinds</code> input is experimental, for
GitHub-internal use only, and may change without notice at any time. <a
href="https://redirect.github.com/github/codeql-action/pull/3892">#3892</a></li>
<li>Added an experimental change which, when running a Code Scanning
analysis for a PR with <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis</a> enabled, prefers CodeQL CLI versions that have
a cached overlay-base database for the configured languages. This speeds
up analysis for a repository when there is not yet a cached overlay-base
database for the latest CLI version. We expect to roll this change out
to everyone in May. <a
href="https://redirect.github.com/github/codeql-action/pull/3880">#3880</a></li>
</ul>
<h2>4.35.4 - 07 May 2026</h2>
<ul>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4">2.25.4</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3881">#3881</a></li>
</ul>
<h2>4.35.3 - 01 May 2026</h2>
<ul>
<li><em>Upcoming breaking change</em>: Add a deprecation warning for
customers using CodeQL version 2.19.3 and earlier. These versions of
CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise
Server 3.15, and will be unsupported by the next minor release of the
CodeQL Action. <a
href="https://redirect.github.com/github/codeql-action/pull/3837">#3837</a></li>
<li>Configurations for private registries that use Cloudsmith or GCP
OIDC are now accepted. <a
href="https://redirect.github.com/github/codeql-action/pull/3850">#3850</a></li>
<li>Best-effort connection tests for private registries now use
<code>GET</code> requests instead of <code>HEAD</code> for better
compatibility with various registry implementations. For NuGet feeds,
the test is now always performed against the service index. <a
href="https://redirect.github.com/github/codeql-action/pull/3853">#3853</a></li>
<li>Fixed a bug where two diagnostics produced within the same
millisecond could overwrite each other on disk, causing one of them to
be lost. <a
href="https://redirect.github.com/github/codeql-action/pull/3852">#3852</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/99df26d4f13ea111d4ec1a7dddef6063f76b97e9"><code>99df26d</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3996">#3996</a>
from github/update-v4.37.0-c7c896d71</li>
<li><a
href="https://github.com/github/codeql-action/commit/31c27074fda95256cda077009907f8a6022dd7c0"><code>31c2707</code></a>
Add changenote for <a
href="https://redirect.github.com/github/codeql-action/issues/3973">#3973</a></li>
<li><a
href="https://github.com/github/codeql-action/commit/72df2181aac054d1f4b44264399d2aac12cf11c6"><code>72df218</code></a>
Update changelog for v4.37.0</li>
<li><a
href="https://github.com/github/codeql-action/commit/c7c896d71b3055d36f2aff93b16bcc6c69923b91"><code>c7c896d</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3995">#3995</a>
from github/update-bundle/codeql-bundle-v2.26.0</li>
<li><a
href="https://github.com/github/codeql-action/commit/3f34ff0ea3f5153c96071437b7cbf71ea3757146"><code>3f34ff0</code></a>
Add changelog note</li>
<li><a
href="https://github.com/github/codeql-action/commit/43bec09f1dc368b430cab4b5d69799bc904079d1"><code>43bec09</code></a>
Update default bundle to codeql-bundle-v2.26.0</li>
<li><a
href="https://github.com/github/codeql-action/commit/f58f0d11ebf5dedd870fab2f999275f7602cfa46"><code>f58f0d1</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3973">#3973</a>
from github/mbg/repo-props/config-file-shorthands</li>
<li><a
href="https://github.com/github/codeql-action/commit/7dc37cbb5b3e37f0e1cd1f18b61e0ea849898fb8"><code>7dc37cb</code></a>
Merge remote-tracking branch 'origin/main' into
mbg/repo-props/config-file-sh...</li>
<li><a
href="https://github.com/github/codeql-action/commit/8e22350a7e28c34c82a5a499fc241923301c2c4f"><code>8e22350</code></a>
Thread <code>ActionState</code> to <code>initConfig</code></li>
<li><a
href="https://github.com/github/codeql-action/commit/69c9e8c7d918cf2fee13b8b72fdde15883ff155b"><code>69c9e8c</code></a>
Mark some <code>status-report</code> imports as <code>type</code>-only
to avoid circular dependencies</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/54f647b7e1bb85c95cddabcd46b0c578ec92bc1a...99df26d4f13ea111d4ec1a7dddef6063f76b97e9">compare
view</a></li>
</ul>
</details>
<br />

Updates `github/codeql-action/analyze` from 4.36.3 to 4.37.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action/analyze's
releases</a>.</em></p>
<blockquote>
<h2>v4.37.0</h2>
<ul>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.26.0">2.26.0</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3995">#3995</a></li>
<li>In addition to the existing input format, the
<code>config-file</code> input for the <code>codeql-action/init</code>
step will soon support a new <code>[owner/]repo[@ref][:path]</code>
format. All components except the repository name are optional. If
omitted, <code>owner</code> defaults to the same owner as the repository
the analysis is running for, <code>ref</code> to <code>main</code>, and
<code>path</code> to <code>.github/codeql-action.yaml</code>. Support
for this format ships in this version of the CodeQL Action, but will
only be enabled over the coming weeks. <a
href="https://redirect.github.com/github/codeql-action/pull/3973">#3973</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action/analyze's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>[UNRELEASED]</h2>
<ul>
<li><em>Upcoming breaking change</em>: Add a deprecation warning for
customers using CodeQL version 2.20.6 and earlier. These versions of
CodeQL were discontinued on 1 July 2026 alongside GitHub Enterprise
Server 3.16, and will be unsupported by the next minor release of the
CodeQL Action. <a
href="https://redirect.github.com/github/codeql-action/pull/3956">#3956</a></li>
</ul>
<h2>4.37.0 - 08 Jul 2026</h2>
<ul>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.26.0">2.26.0</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3995">#3995</a></li>
<li>In addition to the existing input format, the
<code>config-file</code> input for the <code>codeql-action/init</code>
step will soon support a new <code>[owner/]repo[@ref][:path]</code>
format. All components except the repository name are optional. If
omitted, <code>owner</code> defaults to the same owner as the repository
the analysis is running for, <code>ref</code> to <code>main</code>, and
<code>path</code> to <code>.github/codeql-action.yaml</code>. Support
for this format ships in this version of the CodeQL Action, but will
only be enabled over the coming weeks. <a
href="https://redirect.github.com/github/codeql-action/pull/3973">#3973</a></li>
</ul>
<h2>4.36.3 - 01 Jul 2026</h2>
<p>No user facing changes.</p>
<h2>4.36.2 - 04 Jun 2026</h2>
<ul>
<li>Cache CodeQL CLI version information across Actions steps. <a
href="https://redirect.github.com/github/codeql-action/pull/3943">#3943</a></li>
<li>Reduce requests while waiting for analysis processing by using
exponential backoff when polling SARIF processing status. <a
href="https://redirect.github.com/github/codeql-action/pull/3937">#3937</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.6">2.25.6</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3948">#3948</a></li>
</ul>
<h2>4.36.1 - 02 Jun 2026</h2>
<p>No user facing changes.</p>
<h2>4.36.0 - 22 May 2026</h2>
<ul>
<li><em>Breaking change</em>: Bump the minimum required CodeQL bundle
version to 2.19.4. <a
href="https://redirect.github.com/github/codeql-action/pull/3894">#3894</a></li>
<li>Add support for SHA-256 Git object IDs. <a
href="https://redirect.github.com/github/codeql-action/pull/3893">#3893</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5">2.25.5</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3926">#3926</a></li>
</ul>
<h2>4.35.5 - 15 May 2026</h2>
<ul>
<li>We have improved how the JavaScript bundles for the CodeQL Action
are generated to avoid duplication across bundles and reduce the size of
the repository by around 70%. This should have no effect on the runtime
behaviour of the CodeQL Action. <a
href="https://redirect.github.com/github/codeql-action/pull/3899">#3899</a></li>
<li>For performance and accuracy reasons, <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis</a> will now only be enabled on a pull request when
diff-informed analysis is also enabled for that run. If diff-informed
analysis is unavailable (for example, because the PR diff ranges could
not be computed), the action will fall back to a full analysis. <a
href="https://redirect.github.com/github/codeql-action/pull/3791">#3791</a></li>
<li>If multiple inputs are provided for the GitHub-internal
<code>analysis-kinds</code> input, only <code>code-scanning</code> will
be enabled. The <code>analysis-kinds</code> input is experimental, for
GitHub-internal use only, and may change without notice at any time. <a
href="https://redirect.github.com/github/codeql-action/pull/3892">#3892</a></li>
<li>Added an experimental change which, when running a Code Scanning
analysis for a PR with <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis</a> enabled, prefers CodeQL CLI versions that have
a cached overlay-base database for the configured languages. This speeds
up analysis for a repository when there is not yet a cached overlay-base
database for the latest CLI version. We expect to roll this change out
to everyone in May. <a
href="https://redirect.github.com/github/codeql-action/pull/3880">#3880</a></li>
</ul>
<h2>4.35.4 - 07 May 2026</h2>
<ul>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4">2.25.4</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3881">#3881</a></li>
</ul>
<h2>4.35.3 - 01 May 2026</h2>
<ul>
<li><em>Upcoming breaking change</em>: Add a deprecation warning for
customers using CodeQL version 2.19.3 and earlier. These versions of
CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise
Server 3.15, and will be unsupported by the next minor release of the
CodeQL Action. <a
href="https://redirect.github.com/github/codeql-action/pull/3837">#3837</a></li>
<li>Configurations for private registries that use Cloudsmith or GCP
OIDC are now accepted. <a
href="https://redirect.github.com/github/codeql-action/pull/3850">#3850</a></li>
<li>Best-effort connection tests for private registries now use
<code>GET</code> requests instead of <code>HEAD</code> for better
compatibility with various registry implementations. For NuGet feeds,
the test is now always performed against the service index. <a
href="https://redirect.github.com/github/codeql-action/pull/3853">#3853</a></li>
<li>Fixed a bug where two diagnostics produced within the same
millisecond could overwrite each other on disk, causing one of them to
be lost. <a
href="https://redirect.github.com/github/codeql-action/pull/3852">#3852</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/99df26d4f13ea111d4ec1a7dddef6063f76b97e9"><code>99df26d</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3996">#3996</a>
from github/update-v4.37.0-c7c896d71</li>
<li><a
href="https://github.com/github/codeql-action/commit/31c27074fda95256cda077009907f8a6022dd7c0"><code>31c2707</code></a>
Add changenote for <a
href="https://redirect.github.com/github/codeql-action/issues/3973">#3973</a></li>
<li><a
href="https://github.com/github/codeql-action/commit/72df2181aac054d1f4b44264399d2aac12cf11c6"><code>72df218</code></a>
Update changelog for v4.37.0</li>
<li><a
href="https://github.com/github/codeql-action/commit/c7c896d71b3055d36f2aff93b16bcc6c69923b91"><code>c7c896d</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3995">#3995</a>
from github/update-bundle/codeql-bundle-v2.26.0</li>
<li><a
href="https://github.com/github/codeql-action/commit/3f34ff0ea3f5153c96071437b7cbf71ea3757146"><code>3f34ff0</code></a>
Add changelog note</li>
<li><a
href="https://github.com/github/codeql-action/commit/43bec09f1dc368b430cab4b5d69799bc904079d1"><code>43bec09</code></a>
Update default bundle to codeql-bundle-v2.26.0</li>
<li><a
href="https://github.com/github/codeql-action/commit/f58f0d11ebf5dedd870fab2f999275f7602cfa46"><code>f58f0d1</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3973">#3973</a>
from github/mbg/repo-props/config-file-shorthands</li>
<li><a
href="https://github.com/github/codeql-action/commit/7dc37cbb5b3e37f0e1cd1f18b61e0ea849898fb8"><code>7dc37cb</code></a>
Merge remote-tracking branch 'origin/main' into
mbg/repo-props/config-file-sh...</li>
<li><a
href="https://github.com/github/codeql-action/commit/8e22350a7e28c34c82a5a499fc241923301c2c4f"><code>8e22350</code></a>
Thread <code>ActionState</code> to <code>initConfig</code></li>
<li><a
href="https://github.com/github/codeql-action/commit/69c9e8c7d918cf2fee13b8b72fdde15883ff155b"><code>69c9e8c</code></a>
Mark some <code>status-report</code> imports as <code>type</code>-only
to avoid circular dependencies</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/54f647b7e1bb85c95cddabcd46b0c578ec92bc1a...99df26d4f13ea111d4ec1a7dddef6063f76b97e9">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
## TL;DR

docker-based deploys could finish bundling and then fail with `failed to
open eszip: ENOENT ... output.eszip` <br>the [Go CLI wrote bundle output
to project-local
`supabase/.temp`](<https://github.com/supabase/cli/blob/249b9ec577f178350c686e1a581469d680e054ba/apps/cli-go/internal/functions/deploy/bundle.go#L36>)

but the [TypeScript port moved it to the host OS temporary
directory](<https://github.com/supabase/cli/blob/249b9ec577f178350c686e1a581469d680e054ba/apps/cli/src/shared/functions/deploy.ts#L1337-L1340>)
<br>typically under `/var/folders/...`, which may not be shared with
Docker Desktop's VM

this restores the Go CLI's project local output behavior while retaining
unique bundle directories & cleanup...

## ref:

* towards: #5735
* follow up to:
<br>[https://github.com/supabase/cli/pull/5755](<https://github.com/supabase/cli/pull/5755>)
<br>[https://github.com/supabase/cli/pull/5747](<https://github.com/supabase/cli/pull/5747>)
## TL;DR

`supabase gen types typescript --local` started requiring
`supabase/config.toml` after the ts port,
although the previous one used embedded defaults when the file was
absent

now it again uses the config schema defaults for the config-less
`--local` path,
restoring the previous behavior..

## ref

- Closes #5879
- Follow-up to #5514
This PR was automatically created to sync API types from the
infrastructure repository.

Changes were detected in the generated API code after syncing with the
latest spec from infrastructure.

Co-authored-by: supabase-cli-releaser[bot] <246109035+supabase-cli-releaser[bot]@users.noreply.github.com>
This PR was automatically created to sync API types from the
infrastructure repository.

Changes were detected in the generated API code after syncing with the
latest spec from infrastructure.

Co-authored-by: supabase-cli-releaser[bot] <246109035+supabase-cli-releaser[bot]@users.noreply.github.com>
This PR was automatically created to sync API types from the
infrastructure repository.

Changes were detected in the generated API code after syncing with the
latest spec from infrastructure.

Co-authored-by: supabase-cli-releaser[bot] <246109035+supabase-cli-releaser[bot]@users.noreply.github.com>
## TL;DR

`db advisors --local` silently missed API exposure lints when
`pgrst.db_schemas` was unset in its direct database session

This defaults the missing setting to PostgREST's `public` schema while
preserving explicitly configured and empty schema values.

## ref

- closes #5868
- follows supabase/splinter#168
This PR was automatically created to sync the generated `@supabase/api`
package with the latest Management API OpenAPI document.

Changes were detected in the upstream OpenAPI document exposed by
`https://api.supabase.com/api/v1-json`.

---------

Co-authored-by: jgoux <1443499+jgoux@users.noreply.github.com>
Co-authored-by: avallete <andrew.valleteau@supabase.io>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
…tes (#5885)

Bumps the go-minor group with 2 updates in the /apps/cli-go directory:
[golang.org/x/mod](https://github.com/golang/mod) and
[golang.org/x/net](https://github.com/golang/net).
Bumps the go-minor group with 1 update in the /apps/cli-go/pkg
directory: [golang.org/x/mod](https://github.com/golang/mod).

Updates `golang.org/x/mod` from 0.37.0 to 0.38.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/mod/commit/792ac169a90372d88fb14e712cb793061ba0c104"><code>792ac16</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="https://github.com/golang/mod/commit/fe2ec04f7c3c3aa6fad97631aafcff6e49e2d1db"><code>fe2ec04</code></a>
all: fix some comments to improve readability</li>
<li>See full diff in <a
href="https://github.com/golang/mod/compare/v0.37.0...v0.38.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `golang.org/x/net` from 0.56.0 to 0.57.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/net/commit/b8f09f6f062ceb4531b7af4bd17a5c8fe9c4b2b5"><code>b8f09f6</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="https://github.com/golang/net/commit/f05f21be5927155a88b371674c298ada54b71cf5"><code>f05f21b</code></a>
idna: reject all-ASCII xn-- labels on all Go versions</li>
<li><a
href="https://github.com/golang/net/commit/0f748cfbba95084c87723e3b7eb7dad9241fc2dd"><code>0f748cf</code></a>
internal/http3: clean up stream I/O methods usages in tests</li>
<li><a
href="https://github.com/golang/net/commit/0bb961e45132c680e2a0117e1df951538a19da61"><code>0bb961e</code></a>
internal/http3: add net/http.ResponseController support</li>
<li><a
href="https://github.com/golang/net/commit/0ca694d2a5adcce7f36d4d65e5f8d72390d94051"><code>0ca694d</code></a>
webdav: document Dir's lack of defense against filesystem
modification</li>
<li><a
href="https://github.com/golang/net/commit/bd5f1dcf71cf0d6d2424021d0a04f191396a46a7"><code>bd5f1dc</code></a>
http2: initialize Transport on NewClientConn</li>
<li><a
href="https://github.com/golang/net/commit/488ff63197ffddbcef2d01107f8a89906a4f28d1"><code>488ff63</code></a>
bpf: add security considerations to package docs</li>
<li><a
href="https://github.com/golang/net/commit/93d1f25be95961edfdf488b9398e53fb9f05f193"><code>93d1f25</code></a>
xsrftoken: avoid token collisions</li>
<li><a
href="https://github.com/golang/net/commit/5a3baee349e65853c34b4377bebe7676a64dbc87"><code>5a3baee</code></a>
internal/http3: prevent panic in QPACK decoder due to overflow</li>
<li>See full diff in <a
href="https://github.com/golang/net/compare/v0.56.0...v0.57.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `golang.org/x/term` from 0.44.0 to 0.45.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/term/commit/9f69229da31ca6a34b522f59dbe07cad5ea21587"><code>9f69229</code></a>
go.mod: update golang.org/x dependencies</li>
<li>See full diff in <a
href="https://github.com/golang/term/compare/v0.44.0...v0.45.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `golang.org/x/mod` from 0.37.0 to 0.38.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/mod/commit/792ac169a90372d88fb14e712cb793061ba0c104"><code>792ac16</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="https://github.com/golang/mod/commit/fe2ec04f7c3c3aa6fad97631aafcff6e49e2d1db"><code>fe2ec04</code></a>
all: fix some comments to improve readability</li>
<li>See full diff in <a
href="https://github.com/golang/mod/compare/v0.37.0...v0.38.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `golang.org/x/mod` from 0.37.0 to 0.38.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/mod/commit/792ac169a90372d88fb14e712cb793061ba0c104"><code>792ac16</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="https://github.com/golang/mod/commit/fe2ec04f7c3c3aa6fad97631aafcff6e49e2d1db"><code>fe2ec04</code></a>
all: fix some comments to improve readability</li>
<li>See full diff in <a
href="https://github.com/golang/mod/compare/v0.37.0...v0.38.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `golang.org/x/mod` from 0.37.0 to 0.38.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/mod/commit/792ac169a90372d88fb14e712cb793061ba0c104"><code>792ac16</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="https://github.com/golang/mod/commit/fe2ec04f7c3c3aa6fad97631aafcff6e49e2d1db"><code>fe2ec04</code></a>
all: fix some comments to improve readability</li>
<li>See full diff in <a
href="https://github.com/golang/mod/compare/v0.37.0...v0.38.0">compare
view</a></li>
</ul>
</details>
<br />

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This PR was automatically created to sync API types from the
infrastructure repository.

Changes were detected in the generated API code after syncing with the
latest spec from infrastructure.

Co-authored-by: supabase-cli-releaser[bot] <246109035+supabase-cli-releaser[bot]@users.noreply.github.com>
## TL;DR

fixes project keys being written to CLI traces, matching the Go cli's
behavior...

## Problem

The Go-cli use to send keys through the `apikey` header:


https://github.com/supabase/cli/blob/2cb2d6e83a3f7d65ebdab905c35b8f8257e685dc/apps/cli-go/pkg/fetcher/gateway.go#L22-L33

Its debug transport only logs the request method and URL:


https://github.com/supabase/cli/blob/2cb2d6e83a3f7d65ebdab905c35b8f8257e685dc/apps/cli-go/internal/debug/http.go#L14-L16

Effect tracing captures request headers, but `apikey` is not included in
its default redaction list...
this allowed values to be written to local traces...

## sol

exclude `apikey` header attributes at the tracing boundary....
requests and all other telemetry remain unchanged, while NDJSON and
debug output no longer contain project keys....

## ref:

- reported in: #5890
This PR was automatically created to sync the generated `@supabase/api`
package with the latest Management API OpenAPI document.

Changes were detected in the upstream OpenAPI document exposed by
`https://api.supabase.com/api/v1-json`.

Co-authored-by: jgoux <1443499+jgoux@users.noreply.github.com>
…dates (#5876)

Bumps the docker-minor group with 6 updates in the
/apps/cli-go/pkg/config/templates directory:

| Package | From | To |
| --- | --- | --- |
| postgrest/postgrest | `v14.14` | `v14.15` |
| supabase/studio | `2026.07.07-sha-a6a04f2` | `2026.07.13-sha-b5ada96`
|
| supabase/gotrue | `v2.192.0` | `v2.193.0` |
| supabase/realtime | `v2.112.10` | `v2.113.4` |
| supabase/storage-api | `v1.66.2` | `v1.66.4` |
| supabase/logflare | `1.47.0` | `1.47.1` |


Updates `postgrest/postgrest` from v14.14 to v14.15

Updates `supabase/studio` from 2026.07.07-sha-a6a04f2 to
2026.07.13-sha-b5ada96

Updates `supabase/gotrue` from v2.192.0 to v2.193.0

Updates `supabase/realtime` from v2.112.10 to v2.113.4

Updates `supabase/storage-api` from v1.66.2 to v1.66.4

Updates `supabase/logflare` from 1.47.0 to 1.47.1


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Julien Goux <hi@jgoux.dev>
…tes (#5886)

Bumps the npm-major group with 19 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [undici](https://github.com/nodejs/undici) | `8.6.0` | `8.7.0` |
|
[@supabase/supabase-js](https://github.com/supabase/supabase-js/tree/HEAD/packages/core/supabase-js)
| `2.110.0` | `2.110.2` |
|
[@anthropic-ai/claude-agent-sdk](https://github.com/anthropics/claude-agent-sdk-typescript)
| `0.3.201` | `0.3.206` |
|
[posthog-node](https://github.com/PostHog/posthog-js/tree/HEAD/packages/node)
| `5.39.4` | `5.40.0` |
| [fumadocs-core](https://github.com/fuma-nama/fumadocs) | `16.10.7` |
`16.11.1` |
| [fumadocs-mdx](https://github.com/fuma-nama/fumadocs) | `15.0.13` |
`15.1.0` |
| [fumadocs-ui](https://github.com/fuma-nama/fumadocs) | `16.10.7` |
`16.11.1` |
| [typescript](https://github.com/microsoft/TypeScript) | `6.0.3` |
`7.0.2` |
|
[@effect/atom-react](https://github.com/Effect-TS/effect-smol/tree/HEAD/packages/atom/react)
| `4.0.0-beta.93` | `4.0.0-beta.94` |
|
[@effect/platform-bun](https://github.com/Effect-TS/effect/tree/HEAD/packages/platform-bun)
| `4.0.0-beta.93` | `4.0.0-beta.94` |
|
[@effect/platform-node](https://github.com/Effect-TS/effect/tree/HEAD/packages/platform-node)
| `4.0.0-beta.93` | `4.0.0-beta.94` |
|
[@effect/sql-pg](https://github.com/Effect-TS/effect/tree/HEAD/packages/sql-pg)
| `4.0.0-beta.93` | `4.0.0-beta.94` |
|
[@effect/vitest](https://github.com/Effect-TS/effect/tree/HEAD/packages/vitest)
| `4.0.0-beta.93` | `4.0.0-beta.97` |
|
[@typescript/native-preview](https://github.com/microsoft/typescript-go)
| `7.0.0-dev.20260703.1` | `7.0.0-dev.20260707.2` |
|
[@vitest/coverage-istanbul](https://github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-istanbul)
| `4.1.9` | `4.1.10` |
|
[effect](https://github.com/Effect-TS/effect/tree/HEAD/packages/effect)
| `4.0.0-beta.93` | `4.0.0-beta.97` |
| [oxfmt](https://github.com/oxc-project/oxc/tree/HEAD/npm/oxfmt) |
`0.57.0` | `0.58.0` |
| [tldts](https://github.com/remusao/tldts) | `6.1.86` | `7.4.8` |
|
[vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest)
| `4.1.9` | `4.1.10` |


Updates `undici` from 8.6.0 to 8.7.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/nodejs/undici/releases">undici's
releases</a>.</em></p>
<blockquote>
<h2>v8.7.0</h2>
<h2>What's Changed</h2>
<ul>
<li>test: guard balanced-pool error port lookup by <a
href="https://github.com/mcollina"><code>@​mcollina</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/5463">nodejs/undici#5463</a></li>
<li>perf: optimize http/2 request hot path by <a
href="https://github.com/mcollina"><code>@​mcollina</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/5483">nodejs/undici#5483</a></li>
<li>fix: do not reject open-ended Range values in simpleRangeHeaderValue
by <a href="https://github.com/spokodev"><code>@​spokodev</code></a> in
<a
href="https://redirect.github.com/nodejs/undici/pull/5490">nodejs/undici#5490</a></li>
<li>fix(eventsource): set use-URL-credentials flag by <a
href="https://github.com/Ram-blip"><code>@​Ram-blip</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/5489">nodejs/undici#5489</a></li>
<li>test: deflake connect-timeout watchdog by <a
href="https://github.com/mcollina"><code>@​mcollina</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/5197">nodejs/undici#5197</a></li>
<li>docs: correct npm script name and JSON syntax in examples by <a
href="https://github.com/lenoxfernando"><code>@​lenoxfernando</code></a>
in <a
href="https://redirect.github.com/nodejs/undici/pull/5496">nodejs/undici#5496</a></li>
<li>fix: reject non-ascii octets in validateCookiePath by <a
href="https://github.com/spokodev"><code>@​spokodev</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/5452">nodejs/undici#5452</a></li>
<li>fix(readable): ignore late consume chunks by <a
href="https://github.com/marko1olo"><code>@​marko1olo</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/5375">nodejs/undici#5375</a></li>
<li>fix(h2): destroy the stream on abort instead of relying on close()
by <a href="https://github.com/staylor"><code>@​staylor</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/5462">nodejs/undici#5462</a></li>
<li>fix: ignore an unparseable Set-Cookie Expires attribute by <a
href="https://github.com/spokodev"><code>@​spokodev</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/5488">nodejs/undici#5488</a></li>
<li>docs: add reproduction guide and update bug report template by <a
href="https://github.com/mcollina"><code>@​mcollina</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/5451">nodejs/undici#5451</a></li>
<li>fix(h2): guard onResponse against a 'response' event delivered after
completion by <a
href="https://github.com/staylor"><code>@​staylor</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/5440">nodejs/undici#5440</a></li>
<li>fix(h2): requeue request on GOAWAY'd session instead of crashing by
<a href="https://github.com/staylor"><code>@​staylor</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/5453">nodejs/undici#5453</a></li>
<li>fix: add static buildDispatch method to RedirectHandler type
definition by <a
href="https://github.com/matthieusieben"><code>@​matthieusieben</code></a>
in <a
href="https://redirect.github.com/nodejs/undici/pull/5442">nodejs/undici#5442</a></li>
<li>fix: auto-detect HTTP proxy tunneling by <a
href="https://github.com/mcollina"><code>@​mcollina</code></a> in <a
href="https://redirect.github.com/nodejs/undici/pull/5116">nodejs/undici#5116</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/spokodev"><code>@​spokodev</code></a>
made their first contribution in <a
href="https://redirect.github.com/nodejs/undici/pull/5490">nodejs/undici#5490</a></li>
<li><a
href="https://github.com/lenoxfernando"><code>@​lenoxfernando</code></a>
made their first contribution in <a
href="https://redirect.github.com/nodejs/undici/pull/5496">nodejs/undici#5496</a></li>
<li><a href="https://github.com/staylor"><code>@​staylor</code></a> made
their first contribution in <a
href="https://redirect.github.com/nodejs/undici/pull/5462">nodejs/undici#5462</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/nodejs/undici/compare/v8.6.0...v8.7.0">https://github.com/nodejs/undici/compare/v8.6.0...v8.7.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/nodejs/undici/commit/cb4c2f1f7231d82bd699aa3a09efb5a235faaa3b"><code>cb4c2f1</code></a>
Bumped v8.7.0 (<a
href="https://redirect.github.com/nodejs/undici/issues/5501">#5501</a>)</li>
<li><a
href="https://github.com/nodejs/undici/commit/a8d1a95bae4d2502831b5cde35310ad45e42e88e"><code>a8d1a95</code></a>
fix: auto-detect HTTP proxy tunneling (<a
href="https://redirect.github.com/nodejs/undici/issues/5116">#5116</a>)</li>
<li><a
href="https://github.com/nodejs/undici/commit/cb30e58b45d7c92b03fa9ee0b4a54b5fde1e0573"><code>cb30e58</code></a>
fix: add static buildDispatch method to RedirectHandler type definition
(<a
href="https://redirect.github.com/nodejs/undici/issues/5442">#5442</a>)</li>
<li><a
href="https://github.com/nodejs/undici/commit/0c08579ebdf3712290803b03cb5b5986e284874b"><code>0c08579</code></a>
fix(h2): requeue request on GOAWAY'd session instead of crashing (<a
href="https://redirect.github.com/nodejs/undici/issues/5453">#5453</a>)</li>
<li><a
href="https://github.com/nodejs/undici/commit/e5b3364ddc620c0d1c61424d1278fc0965207477"><code>e5b3364</code></a>
fix(h2): guard onResponse against a 'response' event delivered after
completi...</li>
<li><a
href="https://github.com/nodejs/undici/commit/c0007f4b7998c5547ead5eda39e0dfd18a545639"><code>c0007f4</code></a>
docs: add reproduction guide and update bug report template (<a
href="https://redirect.github.com/nodejs/undici/issues/5451">#5451</a>)</li>
<li><a
href="https://github.com/nodejs/undici/commit/e529cabb88e3cf315cf3007af15db195fb649a45"><code>e529cab</code></a>
fix: ignore an unparseable Set-Cookie Expires attribute (<a
href="https://redirect.github.com/nodejs/undici/issues/5488">#5488</a>)</li>
<li><a
href="https://github.com/nodejs/undici/commit/754742ce63e7373f6c61a3b5052150e365bf9d54"><code>754742c</code></a>
fix(h2): destroy the stream on abort instead of relying on close() (<a
href="https://redirect.github.com/nodejs/undici/issues/5462">#5462</a>)</li>
<li><a
href="https://github.com/nodejs/undici/commit/db34f5ffa4b40f71c43dfbde1046040a350767e8"><code>db34f5f</code></a>
fix(readable): ignore late consume chunks (<a
href="https://redirect.github.com/nodejs/undici/issues/5375">#5375</a>)</li>
<li><a
href="https://github.com/nodejs/undici/commit/4ea05a899203cab2f4e87fe3e5dc76b64048e101"><code>4ea05a8</code></a>
fix: reject non-ascii octets in validateCookiePath (<a
href="https://redirect.github.com/nodejs/undici/issues/5452">#5452</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/nodejs/undici/compare/v8.6.0...v8.7.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `@supabase/supabase-js` from 2.110.0 to 2.110.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/supabase/supabase-js/releases">@​supabase/supabase-js's
releases</a>.</em></p>
<blockquote>
<h2>v2.110.2</h2>
<h2>2.110.2 (2026-07-09)</h2>
<h3>🩹 Fixes</h3>
<ul>
<li><strong>auth:</strong> clear local session on signout failures (<a
href="https://redirect.github.com/supabase/supabase-js/pull/2504">#2504</a>)</li>
</ul>
<h3>❤️ Thank You</h3>
<ul>
<li>Luc Peng</li>
</ul>
<h2>v2.110.2-canary.0</h2>
<h2>2.110.2-canary.0 (2026-07-07)</h2>
<h3>🩹 Fixes</h3>
<ul>
<li><strong>auth:</strong> clear local session on signout failures (<a
href="https://redirect.github.com/supabase/supabase-js/pull/2504">#2504</a>)</li>
</ul>
<h3>❤️ Thank You</h3>
<ul>
<li>Luc Peng</li>
</ul>
<h2>v2.110.1</h2>
<h2>2.110.1 (2026-07-07)</h2>
<h3>🩹 Fixes</h3>
<ul>
<li><strong>auth:</strong> defer init-time notifications until
initializePromise resolves (<a
href="https://redirect.github.com/supabase/supabase-js/pull/2498">#2498</a>)</li>
<li><strong>realtime:</strong> suppress disconnected status from
onHeartbeat consumers (<a
href="https://redirect.github.com/supabase/supabase-js/pull/2496">#2496</a>)</li>
</ul>
<h3>❤️ Thank You</h3>
<ul>
<li>Katerina Skroumpelou <a
href="https://github.com/mandarini"><code>@​mandarini</code></a></li>
</ul>
<h2>v2.110.1-canary.0</h2>
<h2>2.110.1-canary.0 (2026-07-07)</h2>
<h3>🩹 Fixes</h3>
<ul>
<li><strong>auth:</strong> defer init-time notifications until
initializePromise resolves (<a
href="https://redirect.github.com/supabase/supabase-js/pull/2498">#2498</a>)</li>
<li><strong>realtime:</strong> suppress disconnected status from
onHeartbeat consumers (<a
href="https://redirect.github.com/supabase/supabase-js/pull/2496">#2496</a>)</li>
</ul>
<h3>❤️ Thank You</h3>
<ul>
<li>Katerina Skroumpelou <a
href="https://github.com/mandarini"><code>@​mandarini</code></a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/supabase/supabase-js/blob/master/packages/core/supabase-js/CHANGELOG.md">@​supabase/supabase-js's
changelog</a>.</em></p>
<blockquote>
<h2>2.110.2 (2026-07-09)</h2>
<p>This was a version bump only for <code>@​supabase/supabase-js</code>
to align it with other projects, there were no code changes.</p>
<h2>2.110.1 (2026-07-07)</h2>
<p>This was a version bump only for <code>@​supabase/supabase-js</code>
to align it with other projects, there were no code changes.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/supabase/supabase-js/commit/559dfb0cc3c9567b493856ca8daa6b77bff550fa"><code>559dfb0</code></a>
chore(release): version 2.110.1 changelogs (<a
href="https://github.com/supabase/supabase-js/tree/HEAD/packages/core/supabase-js/issues/2505">#2505</a>)</li>
<li><a
href="https://github.com/supabase/supabase-js/commit/b05dc294b92ede4c9ee6a5d69c75d56325a38004"><code>b05dc29</code></a>
docs(repo): register custom typedoc tags and clean up jsdoc warnings (<a
href="https://github.com/supabase/supabase-js/tree/HEAD/packages/core/supabase-js/issues/2500">#2500</a>)</li>
<li><a
href="https://github.com/supabase/supabase-js/commit/291dfc8a568195a7120efeb57284ba99ce1da36f"><code>291dfc8</code></a>
chore(release): version 2.110.0 changelogs (<a
href="https://github.com/supabase/supabase-js/tree/HEAD/packages/core/supabase-js/issues/2483">#2483</a>)</li>
<li>See full diff in <a
href="https://github.com/supabase/supabase-js/commits/v2.110.2/packages/core/supabase-js">compare
view</a></li>
</ul>
</details>
<br />

Updates `@anthropic-ai/claude-agent-sdk` from 0.3.201 to 0.3.206
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/anthropics/claude-agent-sdk-typescript/releases">@​anthropic-ai/claude-agent-sdk's
releases</a>.</em></p>
<blockquote>
<h2>v0.3.206</h2>
<h2>What's changed</h2>
<ul>
<li>Added <code>command_lifecycle</code> frames to stream-json and SDK
sessions, reporting each uuid-stamped message's terminal state
(<code>queued</code>/<code>started</code>/<code>completed</code>/<code>cancelled</code>/<code>discarded</code>);
zero-API results no longer report stale
<code>duration_api_ms</code></li>
</ul>
<h2>Update</h2>
<pre lang="sh"><code>npm install @anthropic-ai/claude-agent-sdk@0.3.206
# or
yarn add @anthropic-ai/claude-agent-sdk@0.3.206
# or
pnpm add @anthropic-ai/claude-agent-sdk@0.3.206
# or
bun add @anthropic-ai/claude-agent-sdk@0.3.206
</code></pre>
<h2>v0.3.205</h2>
<h2>What's changed</h2>
<ul>
<li>Interrupt control responses now include <code>still_queued</code>
(UUIDs of queued async messages that will still run),
<code>Query.interrupt()</code> returns the typed receipt, and
<code>system/init</code> advertises an <code>interrupt_receipt_v1</code>
capability for feature detection</li>
<li>Added structured <code>name</code> and <code>body</code> fields to
peer-message session events, exposing the sender display name and
decoded message body</li>
</ul>
<h2>Update</h2>
<pre lang="sh"><code>npm install @anthropic-ai/claude-agent-sdk@0.3.205
# or
yarn add @anthropic-ai/claude-agent-sdk@0.3.205
# or
pnpm add @anthropic-ai/claude-agent-sdk@0.3.205
# or
bun add @anthropic-ai/claude-agent-sdk@0.3.205
</code></pre>
<h2>v0.3.204</h2>
<h2>What's changed</h2>
<ul>
<li>Updated to parity with Claude Code v2.1.204</li>
</ul>
<h2>Update</h2>
<pre lang="sh"><code>npm install @anthropic-ai/claude-agent-sdk@0.3.204
# or
yarn add @anthropic-ai/claude-agent-sdk@0.3.204
# or
pnpm add @anthropic-ai/claude-agent-sdk@0.3.204
# or
bun add @anthropic-ai/claude-agent-sdk@0.3.204
&lt;/tr&gt;&lt;/table&gt; 
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/anthropics/claude-agent-sdk-typescript/blob/main/CHANGELOG.md">@​anthropic-ai/claude-agent-sdk's
changelog</a>.</em></p>
<blockquote>
<h2>0.3.206</h2>
<ul>
<li>Added <code>command_lifecycle</code> frames to stream-json and SDK
sessions, reporting each uuid-stamped message's terminal state
(<code>queued</code>/<code>started</code>/<code>completed</code>/<code>cancelled</code>/<code>discarded</code>);
zero-API results no longer report stale
<code>duration_api_ms</code></li>
</ul>
<h2>0.3.205</h2>
<ul>
<li>Interrupt control responses now include <code>still_queued</code>
(UUIDs of queued async messages that will still run),
<code>Query.interrupt()</code> returns the typed receipt, and
<code>system/init</code> advertises an <code>interrupt_receipt_v1</code>
capability for feature detection</li>
<li>Added structured <code>name</code> and <code>body</code> fields to
peer-message session events, exposing the sender display name and
decoded message body</li>
</ul>
<h2>0.3.204</h2>
<ul>
<li>Added <code>terminal_reason</code> values
<code>tool_deferred_unavailable</code> (deferred tool resume found the
tool gone — previously an <code>is_error</code> result with no reason,
read as a clean completion by lifecycle sweeps) and
<code>turn_setup_failed</code> (the turn-input builder threw before the
turn started). Both classify as dead turns, so commands consumed by them
report <code>command_lifecycle</code> state <code>cancelled</code></li>
<li>Fixed the post-merge cancel backstop cancelling every member of a
coalesced prompt batch when a cancel named only one: uncancelled
siblings now re-merge and run (previously they were reported
<code>cancelled</code> — on remote transports that acknowledged them as
processed, silently dropping messages nobody cancelled)</li>
<li>Added <code>terminal_reason</code> values <code>api_error</code>,
<code>malformed_tool_use_exhausted</code>,
<code>budget_exhausted</code>, and
<code>structured_output_retry_exhausted</code>. Turns that die on an
exhausted-API-retry or malformed-tool-use give-up previously reported
<code>completed</code>; budget and structured-output exhaustion results
previously omitted <code>terminal_reason</code>. Commands consumed by
such turns now report <code>command_lifecycle</code> state
<code>cancelled</code> instead of <code>completed</code>
(dup-over-loss)</li>
<li>Updated to parity with Claude Code v2.1.204</li>
</ul>
<h2>0.3.203</h2>
<ul>
<li>Added a <code>background_tasks_changed</code> system message with
the full set of live background tasks on every membership change, so
consumers can track background activity as a level instead of pairing
<code>task_started</code>/<code>task_notification</code> edges</li>
<li>Fixed stable releases shipping a <code>sdk.d.ts</code> with
unresolved type references that broke consumer typechecking with
<code>skipLibCheck</code> disabled</li>
</ul>
<h2>0.3.202</h2>
<ul>
<li>Added <code>parent_agent_id</code> field to subagent session
messages for building depth-2+ agent trees from disk-persisted
metadata</li>
<li>Fixed <code>apply_flag_settings</code> with a non-object settings
value crashing the session instead of returning a control error</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/anthropics/claude-agent-sdk-typescript/commit/9fc7ea5ff6a2caa382fceabca2fde7e53064e5a9"><code>9fc7ea5</code></a>
chore: Update CHANGELOG.md</li>
<li><a
href="https://github.com/anthropics/claude-agent-sdk-typescript/commit/95e94bf8ba194fc956262ed77d83ce41a70d9e6d"><code>95e94bf</code></a>
chore: Update CHANGELOG.md</li>
<li><a
href="https://github.com/anthropics/claude-agent-sdk-typescript/commit/0aed196f5a99e8923f616810309bb1a0e2b122aa"><code>0aed196</code></a>
chore: Update CHANGELOG.md</li>
<li><a
href="https://github.com/anthropics/claude-agent-sdk-typescript/commit/7feb85d8294d681028c651f284480c635134042a"><code>7feb85d</code></a>
chore: Update CHANGELOG.md</li>
<li><a
href="https://github.com/anthropics/claude-agent-sdk-typescript/commit/eb18b2a6deaca8314389bb245e8198e49d49c58e"><code>eb18b2a</code></a>
chore: Update CHANGELOG.md</li>
<li><a
href="https://github.com/anthropics/claude-agent-sdk-typescript/commit/46d7df98eb69b8ef550d7299f3dfb53e5fb0a144"><code>46d7df9</code></a>
chore: Update CHANGELOG.md</li>
<li>See full diff in <a
href="https://github.com/anthropics/claude-agent-sdk-typescript/compare/v0.3.201...v0.3.206">compare
view</a></li>
</ul>
</details>
<br />

Updates `posthog-node` from 5.39.4 to 5.40.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/PostHog/posthog-js/releases">posthog-node's
releases</a>.</em></p>
<blockquote>
<h2>posthog-node@5.40.0</h2>
<h2>5.40.0</h2>
<h3>Minor Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/PostHog/posthog-js/pull/4060">#4060</a>
<a
href="https://github.com/PostHog/posthog-js/commit/0b49a4cc6e76285b6164a4a3e596049bb5b5d4ae"><code>0b49a4c</code></a>
Thanks <a
href="https://github.com/turnipdabeets"><code>@​turnipdabeets</code></a>!
- Add <code>secretKey</code> config as the canonical alias for the
deprecated <code>personalApiKey</code> (accepts a Personal API Key or
Project Secret API Key).
(2026-07-07)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/PostHog/posthog-js/blob/main/packages/node/CHANGELOG.md">posthog-node's
changelog</a>.</em></p>
<blockquote>
<h2>5.40.0</h2>
<h3>Minor Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/PostHog/posthog-js/pull/4060">#4060</a>
<a
href="https://github.com/PostHog/posthog-js/commit/0b49a4cc6e76285b6164a4a3e596049bb5b5d4ae"><code>0b49a4c</code></a>
Thanks <a
href="https://github.com/turnipdabeets"><code>@​turnipdabeets</code></a>!
- Add <code>secretKey</code> config as the canonical alias for the
deprecated <code>personalApiKey</code> (accepts a Personal API Key or
Project Secret API Key).
(2026-07-07)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/PostHog/posthog-js/commit/954919d1070090fb6b3893bbb2dcbf3c503ec020"><code>954919d</code></a>
chore: update versions and lockfile [version bump]</li>
<li><a
href="https://github.com/PostHog/posthog-js/commit/0b49a4cc6e76285b6164a4a3e596049bb5b5d4ae"><code>0b49a4c</code></a>
feat(node): add secretKey config, deprecate personalApiKey (<a
href="https://github.com/PostHog/posthog-js/tree/HEAD/packages/node/issues/4060">#4060</a>)</li>
<li><a
href="https://github.com/PostHog/posthog-js/commit/859fd4400168d93cb93b12b3eb3efb7c6c7c19c2"><code>859fd44</code></a>
chore(deps): weekly safe npm updates · 10 packages (<a
href="https://github.com/PostHog/posthog-js/tree/HEAD/packages/node/issues/4087">#4087</a>)</li>
<li>See full diff in <a
href="https://github.com/PostHog/posthog-js/commits/posthog-node@5.40.0/packages/node">compare
view</a></li>
</ul>
</details>
<br />

Updates `fumadocs-core` from 16.10.7 to 16.11.1
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/fuma-nama/fumadocs/commit/ab09f500cb0c7904b9e7fcf25debb8f53f54ded8"><code>ab09f50</code></a>
Version Packages (<a
href="https://redirect.github.com/fuma-nama/fumadocs/issues/3405">#3405</a>)</li>
<li><a
href="https://github.com/fuma-nama/fumadocs/commit/889a296d06f669308a51af994ddf5e62783f6b3c"><code>889a296</code></a>
docs: update stale content</li>
<li><a
href="https://github.com/fuma-nama/fumadocs/commit/a5c081d0c6ba6e4d57fdfeaa982925bdf9941215"><code>a5c081d</code></a>
fix: UI inconsistencies</li>
<li><a
href="https://github.com/fuma-nama/fumadocs/commit/9a269030dff857982d848aac5b4944abf30cfb77"><code>9a26903</code></a>
Version Packages</li>
<li><a
href="https://github.com/fuma-nama/fumadocs/commit/3e33f4362f257741f68806c9db96fe7f0828a2df"><code>3e33f43</code></a>
perf(satteri): reduce clones</li>
<li><a
href="https://github.com/fuma-nama/fumadocs/commit/3597c9d1e6b1a038cf3b52c5aed448ef13fbe5e5"><code>3597c9d</code></a>
perf(satteri): persist results</li>
<li><a
href="https://github.com/fuma-nama/fumadocs/commit/0f389cf3def8f8188316c13af7ec9e2adcd206c3"><code>0f389cf</code></a>
feat(satteri): decouple imports/exports from <code>compile()</code></li>
<li><a
href="https://github.com/fuma-nama/fumadocs/commit/4611f97d49f000c23600e09619bd13ae97d298b7"><code>4611f97</code></a>
feat(satteri): full rehype-toc functionality</li>
<li><a
href="https://github.com/fuma-nama/fumadocs/commit/d09530076098b3a297e1d90f295dd1ab7c6564d6"><code>d095300</code></a>
fix(satteri): workaround common issues</li>
<li><a
href="https://github.com/fuma-nama/fumadocs/commit/0297e25477d3120c9e4da796f244ab2866b61292"><code>0297e25</code></a>
configure pretrust</li>
<li>Additional commits viewable in <a
href="https://github.com/fuma-nama/fumadocs/compare/fumadocs@16.10.7...fumadocs@16.11.1">compare
view</a></li>
</ul>
</details>
<br />

Updates `fumadocs-mdx` from 15.0.13 to 15.1.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/fuma-nama/fumadocs/releases">fumadocs-mdx's
releases</a>.</em></p>
<blockquote>
<h2>fumadocs-mdx@15.1.0</h2>
<h3>Default to Base UI</h3>
<p>Internal packages &amp; templates now use Base UI rather than Radix
UI.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/fuma-nama/fumadocs/commit/9a269030dff857982d848aac5b4944abf30cfb77"><code>9a26903</code></a>
Version Packages</li>
<li><a
href="https://github.com/fuma-nama/fumadocs/commit/3e33f4362f257741f68806c9db96fe7f0828a2df"><code>3e33f43</code></a>
perf(satteri): reduce clones</li>
<li><a
href="https://github.com/fuma-nama/fumadocs/commit/3597c9d1e6b1a038cf3b52c5aed448ef13fbe5e5"><code>3597c9d</code></a>
perf(satteri): persist results</li>
<li><a
href="https://github.com/fuma-nama/fumadocs/commit/0f389cf3def8f8188316c13af7ec9e2adcd206c3"><code>0f389cf</code></a>
feat(satteri): decouple imports/exports from <code>compile()</code></li>
<li><a
href="https://github.com/fuma-nama/fumadocs/commit/4611f97d49f000c23600e09619bd13ae97d298b7"><code>4611f97</code></a>
feat(satteri): full rehype-toc functionality</li>
<li><a
href="https://github.com/fuma-nama/fumadocs/commit/d09530076098b3a297e1d90f295dd1ab7c6564d6"><code>d095300</code></a>
fix(satteri): workaround common issues</li>
<li><a
href="https://github.com/fuma-nama/fumadocs/commit/0297e25477d3120c9e4da796f244ab2866b61292"><code>0297e25</code></a>
configure pretrust</li>
<li><a
href="https://github.com/fuma-nama/fumadocs/commit/02c242b0daf08dee4f498bfd787604d039f3fa80"><code>02c242b</code></a>
chore(satteri): clean code</li>
<li><a
href="https://github.com/fuma-nama/fumadocs/commit/3d80b8b24221ef3cf788fe3f4f1e48fc9e0aefe1"><code>3d80b8b</code></a>
fix(mdx): ensure satteri integration is optional</li>
<li><a
href="https://github.com/fuma-nama/fumadocs/commit/0ec19af8682cf9c2149a3ea3e04af1fe4fe9cc0e"><code>0ec19af</code></a>
feat(satteri): more tests &amp; move remark-include</li>
<li>Additional commits viewable in <a
href="https://github.com/fuma-nama/fumadocs/compare/fumadocs-mdx@15.0.13...fumadocs-mdx@15.1.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `fumadocs-ui` from 16.10.7 to 16.11.1
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/fuma-nama/fumadocs/commit/ab09f500cb0c7904b9e7fcf25debb8f53f54ded8"><code>ab09f50</code></a>
Version Packages (<a
href="https://redirect.github.com/fuma-nama/fumadocs/issues/3405">#3405</a>)</li>
<li><a
href="https://github.com/fuma-nama/fumadocs/commit/889a296d06f669308a51af994ddf5e62783f6b3c"><code>889a296</code></a>
docs: update stale content</li>
<li><a
href="https://github.com/fuma-nama/fumadocs/commit/a5c081d0c6ba6e4d57fdfeaa982925bdf9941215"><code>a5c081d</code></a>
fix: UI inconsistencies</li>
<li><a
href="https://github.com/fuma-nama/fumadocs/commit/9a269030dff857982d848aac5b4944abf30cfb77"><code>9a26903</code></a>
Version Packages</li>
<li><a
href="https://github.com/fuma-nama/fumadocs/commit/3e33f4362f257741f68806c9db96fe7f0828a2df"><code>3e33f43</code></a>
perf(satteri): reduce clones</li>
<li><a
href="https://github.com/fuma-nama/fumadocs/commit/3597c9d1e6b1a038cf3b52c5aed448ef13fbe5e5"><code>3597c9d</code></a>
perf(satteri): persist results</li>
<li><a
href="https://github.com/fuma-nama/fumadocs/commit/0f389cf3def8f8188316c13af7ec9e2adcd206c3"><code>0f389cf</code></a>
feat(satteri): decouple imports/exports from <code>compile()</code></li>
<li><a
href="https://github.com/fuma-nama/fumadocs/commit/4611f97d49f000c23600e09619bd13ae97d298b7"><code>4611f97</code></a>
feat(satteri): full rehype-toc functionality</li>
<li><a
href="https://github.com/fuma-nama/fumadocs/commit/d09530076098b3a297e1d90f295dd1ab7c6564d6"><code>d095300</code></a>
fix(satteri): workaround common issues</li>
<li><a
href="https://github.com/fuma-nama/fumadocs/commit/0297e25477d3120c9e4da796f244ab2866b61292"><code>0297e25</code></a>
configure pretrust</li>
<li>Additional commits viewable in <a
href="https://github.com/fuma-nama/fumadocs/compare/fumadocs@16.10.7...fumadocs@16.11.1">compare
view</a></li>
</ul>
</details>
<br />

Updates `typescript` from 6.0.3 to 7.0.2
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/microsoft/TypeScript/commits">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a
href="https://www.npmjs.com/~microsoft1es">microsoft1es</a>, a new
releaser for typescript since your current version.</p>
</details>
<br />

Updates `@effect/atom-react` from 4.0.0-beta.93 to 4.0.0-beta.94
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/Effect-TS/effect-smol/releases">@​effect/atom-react's
releases</a>.</em></p>
<blockquote>
<h2><code>@​effect/atom-react</code><a
href="https://github.com/4"><code>@​4</code></a>.0.0-beta.94</h2>
<h3>Patch Changes</h3>
<ul>
<li>Updated dependencies [<a
href="https://github.com/Effect-TS/effect-smol/commit/95a0e9bb62797af0e81c9998773405f248f218c5"><code>95a0e9b</code></a>,
<a
href="https://github.com/Effect-TS/effect-smol/commit/a0a3490bbce765f199d8e077aceac504f0462e63"><code>a0a3490</code></a>,
<a
href="https://github.com/Effect-TS/effect-smol/commit/f11ce73af60823754dc24194f4ffc561b9ea1c2d"><code>f11ce73</code></a>,
<a
href="https://github.com/Effect-TS/effect-smol/commit/ff30b6e7c2c63ffc56a4c5818d6d86b01b5ad528"><code>ff30b6e</code></a>,
<a
href="https://github.com/Effect-TS/effect-smol/commit/1caab3cc30f626efbf15e59d74f539a487e5c85c"><code>1caab3c</code></a>,
<a
href="https://github.com/Effect-TS/effect-smol/commit/aa80c4775a04db87553e5568764cab7e32a72814"><code>aa80c47</code></a>,
<a
href="https://github.com/Effect-TS/effect-smol/commit/c2ae4fce2f03a4cd1861c2b1179da7df656e662d"><code>c2ae4fc</code></a>,
<a
href="https://github.com/Effect-TS/effect-smol/commit/a0a3490bbce765f199d8e077aceac504f0462e63"><code>a0a3490</code></a>]:
<ul>
<li>effect@4.0.0-beta.94</li>
</ul>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/Effect-TS/effect-smol/blob/main/packages/atom/react/CHANGELOG.md">@​effect/atom-react's
changelog</a>.</em></p>
<blockquote>
<h2>4.0.0-beta.94</h2>
<h3>Patch Changes</h3>
<ul>
<li>Updated dependencies [<a
href="https://github.com/Effect-TS/effect-smol/commit/95a0e9bb62797af0e81c9998773405f248f218c5"><code>95a0e9b</code></a>,
<a
href="https://github.com/Effect-TS/effect-smol/commit/a0a3490bbce765f199d8e077aceac504f0462e63"><code>a0a3490</code></a>,
<a
href="https://github.com/Effect-TS/effect-smol/commit/f11ce73af60823754dc24194f4ffc561b9ea1c2d"><code>f11ce73</code></a>,
<a
href="https://github.com/Effect-TS/effect-smol/commit/ff30b6e7c2c63ffc56a4c5818d6d86b01b5ad528"><code>ff30b6e</code></a>,
<a
href="https://github.com/Effect-TS/effect-smol/commit/1caab3cc30f626efbf15e59d74f539a487e5c85c"><code>1caab3c</code></a>,
<a
href="https://github.com/Effect-TS/effect-smol/commit/aa80c4775a04db87553e5568764cab7e32a72814"><code>aa80c47</code></a>,
<a
href="https://github.com/Effect-TS/effect-smol/commit/c2ae4fce2f03a4cd1861c2b1179da7df656e662d"><code>c2ae4fc</code></a>,
<a
href="https://github.com/Effect-TS/effect-smol/commit/a0a3490bbce765f199d8e077aceac504f0462e63"><code>a0a3490</code></a>]:
<ul>
<li>effect@4.0.0-beta.94</li>
</ul>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/Effect-TS/effect-smol/commit/82951e58d341d79b6fcb51bb9c122ced02f01b38"><code>82951e5</code></a>
Version Packages (beta) (<a
href="https://github.com/Effect-TS/effect-smol/tree/HEAD/packages/atom/react/issues/2525">#2525</a>)</li>
<li>See full diff in <a
href="https://github.com/Effect-TS/effect-smol/commits/@effect/atom-react@4.0.0-beta.94/packages/atom/react">compare
view</a></li>
</ul>
</details>
<br />

Updates `@effect/platform-bun` from 4.0.0-beta.93 to 4.0.0-beta.94
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/Effect-TS/effect/blob/main/packages/platform-bun/CHANGELOG.md">@​effect/platform-bun's
changelog</a>.</em></p>
<blockquote>
<h2>4.0.0-beta.94</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/Effect-TS/effect-smol/pull/2537">#2537</a>
<a
href="https://github.com/Effect-TS/effect-smol/commit/6d2c614fab3da932afbb52e849c2663cf32d7d57"><code>6d2c614</code></a>
Thanks <a
href="https://github.com/tim-smart"><code>@​tim-smart</code></a>! -
optimize bun stream reading</p>
</li>
<li>
<p>Updated dependencies [<a
href="https://github.com/Effect-TS/effect-smol/commit/95a0e9bb62797af0e81c9998773405f248f218c5"><code>95a0e9b</code></a>,
<a
href="https://github.com/Effect-TS/effect-smol/commit/a0a3490bbce765f199d8e077aceac504f0462e63"><code>a0a3490</code></a>,
<a
href="https://github.com/Effect-TS/effect-smol/commit/f11ce73af60823754dc24194f4ffc561b9ea1c2d"><code>f11ce73</code></a>,
<a
href="https://github.com/Effect-TS/effect-smol/commit/ff30b6e7c2c63ffc56a4c5818d6d86b01b5ad528"><code>ff30b6e</code></a>,
<a
href="https://github.com/Effect-TS/effect-smol/commit/1caab3cc30f626efbf15e59d74f539a487e5c85c"><code>1caab3c</code></a>,
<a
href="https://github.com/Effect-TS/effect-smol/commit/aa80c4775a04db87553e5568764cab7e32a72814"><code>aa80c47</code></a>,
<a
href="https://github.com/Effect-TS/effect-smol/commit/c2ae4fce2f03a4cd1861c2b1179da7df656e662d"><code>c2ae4fc</code></a>,
<a
href="https://github.com/Effect-TS/effect-smol/commit/a0a3490bbce765f199d8e077aceac504f0462e63"><code>a0a3490</code></a>]:</p>
<ul>
<li>effect@4.0.0-beta.94</li>
<li><code>@​effect/platform-node-shared</code><a
href="https://github.com/4"><code>@​4</code></a>.0.0-beta.94</li>
</ul>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/Effect-TS/effect/commit/82951e58d341d79b6fcb51bb9c122ced02f01b38"><code>82951e5</code></a>
Version Packages (beta) (<a
href="https://github.com/Effect-TS/effect/tree/HEAD/packages/platform-bun/issues/2525">#2525</a>)</li>
<li><a
href="https://github.com/Effect-TS/effect/commit/6d2c614fab3da932afbb52e849c2663cf32d7d57"><code>6d2c614</code></a>
optimize bun stream reading (<a
href="https://github.com/Effect-TS/effect/tree/HEAD/packages/platform-bun/issues/2537">#2537</a>)</li>
<li>See full diff in <a
href="https://github.com/Effect-TS/effect/commits/@effect/platform-bun@4.0.0-beta.94/packages/platform-bun">compare
view</a></li>
</ul>
</details>
<br />

Updates `@effect/platform-node` from 4.0.0-beta.93 to 4.0.0-beta.94
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/Effect-TS/effect/blob/main/packages/platform-node/CHANGELOG.md">@​effect/platform-node's
changelog</a>.</em></p>
<blockquote>
<h2>4.0.0-beta.94</h2>
<h3>Patch Changes</h3>
<ul>
<li>Updated dependencies [<a
href="https://github.com/Effect-TS/effect-smol/commit/95a0e9bb62797af0e81c9998773405f248f218c5"><code>95a0e9b</code></a>,
<a
href="https://github.com/Effect-TS/effect-smol/commit/a0a3490bbce765f199d8e077aceac504f0462e63"><code>a0a3490</code></a>,
<a
href="https://github.com/Effect-TS/effect-smol/commit/f11ce73af60823754dc24194f4ffc561b9ea1c2d"><code>f11ce73</code></a>,
<a
href="https://github.com/Effect-TS/effect-smol/commit/ff30b6e7c2c63ffc56a4c5818d6d86b01b5ad528"><code>ff30b6e</code></a>,
<a
href="https://github.com/Effect-TS/effect-smol/commit/1caab3cc30f626efbf15e59d74f539a487e5c85c"><code>1caab3c</code></a>,
<a
href="https://github.com/Effect-TS/effect-smol/commit/aa80c4775a04db87553e5568764cab7e32a72814"><code>aa80c47</code></a>,
<a
href="https://github.com/Effect-TS/effect-smol/commit/c2ae4fce2f03a4cd1861c2b1179da7df656e662d"><code>c2ae4fc</code></a>,
<a
href="https://github.com/Effect-TS/effect-smol/commit/a0a3490bbce765f199d8e077aceac504f0462e63"><code>a0a3490</code></a>]:
<ul>
<li>effect@4.0.0-beta.94</li>
<li><code>@​effect/platform-node-shared</code><a
href="https://github.com/4"><code>@​4</code></a>.0.0-beta.94</li>
</ul>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/Effect-TS/effect/commit/82951e58d341d79b6fcb51bb9c122ced02f01b38"><code>82951e5</code></a>
Version Packages (beta) (<a
href="https://github.com/Effect-TS/effect/tree/HEAD/packages/platform-node/issues/2525">#2525</a>)</li>
<li>See full diff in <a
href="https://github.com/Effect-TS/effect/commits/@effect/platform-node@4.0.0-beta.94/packages/platform-node">compare
view</a></li>
</ul>
</details>
<br />

Updates `@effect/sql-pg` from 4.0.0-beta.93 to 4.0.0-beta.94
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/Effect-TS/effect/commits/@effect/sql-pg@4.0.0-beta.94/packages/sql-pg">compare
view</a></li>
</ul>
</details>
<br />

Updates `@effect/vitest` from 4.0.0-beta.93 to 4.0.0-beta.97
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/Effect-TS/effect/blob/main/packages/vitest/CHANGELOG.md">@​effect/vitest's
changelog</a>.</em></p>
<blockquote>
<h2>4.0.0-beta.97</h2>
<h3>Patch Changes</h3>
<ul>
<li>Updated dependencies []:
<ul>
<li>effect@4.0.0-beta.97</li>
</ul>
</li>
</ul>
<h2>4.0.0-beta.96</h2>
<h3>Patch Changes</h3>
<ul>
<li>Updated dependencies [<a
href="https://github.com/Effect-TS/effect-smol/commit/1503f45cb5bb2a74f4705252ec505a1f0ade7e62"><code>1503f45</code></a>,
<a
href="https://github.com/Effect-TS/effect-smol/commit/57fe79316ffbc380b30626a168981fb26ae97459"><code>57fe793</code></a>,
<a
href="https://github.com/Effect-TS/effect-smol/commit/0c2f78f695ec474e1ff5474da183577975e418f5"><code>0c2f78f</code></a>,
<a
href="https://github.com/Effect-TS/effect-smol/commit/0c2f78f695ec474e1ff5474da183577975e418f5"><code>0c2f78f</code></a>,
<a
href="https://github.com/Effect-TS/effect-smol/commit/0c2f78f695ec474e1ff5474da183577975e418f5"><code>0c2f78f</code></a>,
<a
href="https://github.com/Effect-TS/effect-smol/commit/97f29df457f7ffd07cfb4b379315c12c086af805"><code>97f29df</code></a>]:
<ul>
<li>effect@4.0.0-beta.96</li>
</ul>
</li>
</ul>
<h2>4.0.0-beta.95</h2>
<h3>Patch Changes</h3>
<ul>
<li>Updated dependencies [<a
href="https://github.com/Effect-TS/effect-smol/commit/a482442abdeb490e9652b854ec3495e4aa7273e7"><code>a482442</code></a>,
<a
href="https://github.com/Effect-TS/effect-smol/commit/fbefa850fab2f0a302c20614496aeaaa2a8b5590"><code>fbefa85</code></a>,
<a
href="https://github.com/Effect-TS/effect-smol/commit/0b4a32f4260f0d8500942a133001b0d349328102"><code>0b4a32f</code></a>,
<a
href="https://github.com/Effect-TS/effect-smol/commit/18a49e1786679456258002ff9397faf02f678c2d"><code>18a49e1</code></a>,
<a
href="https://github.com/Effect-TS/effect-smol/commit/266cb90bb2c17aabc40563c32db334f09ba3d74b"><code>266cb90</code></a>,
<a
href="https://github.com/Effect-TS/effect-smol/commit/912f095a34572bbd3cedf6edb27878443e3e4a95"><code>912f095</code></a>,
<a
href="https://github.com/Effect-TS/effect-smol/commit/a6718f9e00a15ca903b0732da46116cbf3d6aca7"><code>a6718f9</code></a>,
<a
href="https://github.com/Effect-TS/effect-smol/commit/bef51540a243aa2f872a00c01d0cd58b7a769baa"><code>bef5154</code></a>,
<a
href="https://github.com/Effect-TS/effect-smol/commit/18e0564bd0f8ebbdfcaf1e2c21529948e9e4a81d"><code>18e0564</code></a>,
<a
href="https://github.com/Effect-TS/effect-smol/commit/fb50f14fc3657c1973785aa5b72ecf0b0d28e0b2"><code>fb50f14</code></a>]:
<ul>
<li>effect@4.0.0-beta.95</li>
</ul>
</li>
</ul>
<h2>4.0.0-beta.94</h2>
<h3>Patch Changes</h3>
<ul>
<li>Updated dependencies [<a
href="https://github.com/Effect-TS/effect-smol/commit/95a0e9bb62797af0e81c9998773405f248f218c5"><code>95a0e9b</code></a>,
<a
href="https://github.com/Effect-TS/effect-smol/commit/a0a3490bbce765f199d8e077aceac504f0462e63"><code>a0a3490</code></a>,
<a
href="https://github.com/Effect-TS/effect-smol/commit/f11ce73af60823754dc24194f4ffc561b9ea1c2d"><code>f11ce73</code></a>,
<a
href="https://github.com/Effect-TS/effect-smol/commit/ff30b6e7c2c63ffc56a4c5818d6d86b01b5ad528"><code>ff30b6e</code></a>,
<a
href="https://github.com/Effect-TS/effect-smol/commit/1caab3cc30f626efbf15e59d74f539a487e5c85c"><code>1caab3c</code></a>,
<a
href="https://github.com/Effect-TS/effect-smol/commit/aa80c4775a04db87553e5568764cab7e32a72814"><code>aa80c47</code></a>,
<a
href="https://github.com/Effect-TS/effect-smol/commit/c2ae4fce2f03a4cd1861c2b1179da7df656e662d"><code>c2ae4fc</code></a>,
<a
href="https://github.com/Effect-TS/effect-smol/commit/a0a3490bbce765f199d8e077aceac504f0462e63"><code>a0a3490</code></a>]:
<ul>
<li>effect@4.0.0-beta.94</li>
</ul>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/Effect-TS/effect/commit/8e6f66adf1bcfa842829bf787aef26c1d7979991"><code>8e6f66a</code></a>
Version Packages (beta) (<a
href="https://github.com/Effect-TS/effect/tree/HEAD/packages/vitest/issues/2571">#2571</a>)</li>
<li><a
href="https://github.com/Effect-TS/effect/commit/d6184fd6ce6288b146820e332ce79aba596aa59c"><code>d6184fd</code></a>
Version Packages (beta) (<a
href="https://github.com/Effect-TS/effect/tree/HEAD/packages/vitest/issues/2565">#2565</a>)</li>
<li><a
href="https://github.com/Effect-TS/effect/commit/1503f45cb5bb2a74f4705252ec505a1f0ade7e62"><code>1503f45</code></a>
update dependencies (<a
href="https://github.com/Effect-TS/effect/tree/HEAD/packages/vitest/issues/2563">#2563</a>)</li>
<li><a
href="https://github.com/Effect-TS/effect/commit/5434f2e88c16ffb65fd2cfdedc76f33df34c245c"><code>5434f2e</code></a>
Version Packages (beta) (<a
href="https://github.com/Effect-TS/effect/tree/HEAD/packages/vitest/issues/2548">#2548</a>)</li>
<li><a
href="https://github.com/Effect-TS/effect/commit/82951e58d341d79b6fcb51bb9c122ced02f01b38"><code>82951e5</code></a>
Version Packages (beta) (<a
href="https://github.com/Effect-TS/effect/tree/HEAD/packages/vitest/issues/2525">#2525</a>)</li>
<li>See full diff in <a
href="https://github.com/Effect-TS/effect/commits/@effect/vitest@4.0.0-beta.97/packages/vitest">compare
view</a></li>
</ul>
</details>
<br />

Updates `@typescript/native-preview` from 7.0.0-dev.20260703.1 to
7.0.0-dev.20260707.2
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/microsoft/typescript-go/commits">compare
view</a></li>
</ul>
</details>
<br />

Updates `@vitest/coverage-istanbul` from 4.1.9 to 4.1.10
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/vitest-dev/vitest/releases">@​vitest/coverage-istanbul's
releases</a>.</em></p>
<blockquote>
<h2>v4.1.10</h2>
<h3>   🐞 Bug Fixes</h3>
<ul>
<li><strong>browser</strong>: Check fs access in builtin commands
[backport to v4]  -  by <a
href="https://github.com/hi-ogawa"><code>@​hi-ogawa</code></a>,
<strong>Hiroshi Ogawa</strong> and <strong>OpenCode
(claude-opus-4-8)</strong> in <a
href="https://redirect.github.com/vitest-dev/vitest/issues/10680">vitest-dev/vitest#10680</a>
<a href="https://github.com/vitest-dev/vitest/commit/5c18dd267"><!-- raw
HTML omitted -->(5c18d)<!-- raw HTML omitted --></a></li>
<li><strong>vm</strong>: Fix external module resolve error with deps
optimizer query for encoded URI [backport to v4]  -  by <a
href="https://github.com/SveLil"><code>@​SveLil</code></a> and <a
href="https://github.com/hi-ogawa"><code>@​hi-ogawa</code></a> in <a
href="https://redirect.github.com/vitest-dev/vitest/issues/10661">vitest-dev/vitest#10661</a>
<a href="https://github.com/vitest-dev/vitest/commit/bae52b511"><!-- raw
HTML omitted -->(bae52)<!-- raw HTML omitted --></a></li>
</ul>
<h5>    <a
href="https://github.com/vitest-dev/vitest/compare/v4.1.9...v4.1.10">View
changes on GitHub</a></h5>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/vitest-dev/vitest/commit/db616d227b6e0cb07a94f5d1bba262ee95db7e46"><code>db616d2</code></a>
chore: release v4.1.10 (<a
href="https://github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-istanbul/issues/10718">#10718</a>)</li>
<li>See full diff in <a
href="https://github.com/vitest-dev/vitest/commits/v4.1.10/packages/coverage-istanbul">compare
view</a></li>
</ul>
</details>
<br />

Updates `effect` from 4.0.0-beta.93 to 4.0.0-beta.97
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/Effect-TS/effect/blob/main/packages/effect/CHANGELOG.md">effect's
changelog</a>.</em></p>
<blockquote>
<h2>4.0.0-beta.97</h2>
<h2>4.0.0-beta.96</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/Effect-TS/effect-smol/pull/2563">#2563</a>
<a
href="https://github.com/Effect-TS/effect-smol/commit/1503f45cb5bb2a74f4705252ec505a1f0ade7e62"><code>1503f45</code></a>
Thanks <a
href="https://github.com/tim-smart"><code>@​tim-smart</code></a>! -
update dependencies</p>
</li>
<li>
<p><a
href="https://redirect.github.com/Effect-TS/effect-smol/pull/2566">#2566</a>
<a
href="https://github.com/Effect-TS/effect-smol/commit/57fe79316ffbc380b30626a168981fb26ae97459"><code>57fe793</code></a>
Thanks <a
href="https://github.com/tim-smart"><code>@​tim-smart</code></a>! -
change rpc ids to string | number</p>
</li>
<li>
<p><a
href="https://redirect.github.com/Effect-TS/effect-smol/pull/2561">#2561</a>
<a
href="https://github.com/Effect-TS/effect-smol/commit/0c2f78f695ec474e1ff5474da183577975e418f5"><code>0c2f78f</code></a>
Thanks <a
href="https://github.com/tim-smart"><code>@​tim-smart</code></a>! -
Remove <code>Schedule.elapsed</code>.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/Effect-TS/effect-smol/pull/2561">#2561</a>
<a
href="https://github.com/Effect-TS/effect-smol/commit/0c2f78f695ec474e1ff5474da183577975e418f5"><code>0c2f78f</code></a>
Thanks <a
href="https://github.com/tim-smart"><code>@​tim-smart</code></a>! -
Remove <code>Schedule.tapInput</code> and
<code>Schedule.tapOutput</code>. Use <code>Schedule.tap</code>
instead.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/Effect-TS/effect-smol/pull/2561">#2561</a>
<a
href="https://github.com/Effect-TS/effect-smol/commit/0c2f78f695ec474e1ff5474da183577975e418f5"><code>0c2f78f</code></a>
Thanks <a
href="https://github.com/tim-smart"><code>@​tim-smart</code></a>! -
Update <code>Schedule.addDelay</code> and
<code>Schedule.modifyDelay</code> to receive full schedule metadata
instead of separate output and delay arguments.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/Effect-TS/effect-smol/pull/2562">#2562</a>
<a
href="https://github.com/Effect-TS/effect-smol/commit/97f29df457f7ffd07cfb4b379315c12c086af805"><code>97f29df</code></a>
Thanks <a
href="https://github.com/tim-smart"><code>@​tim-smart</code></a>! - use
Sets to track atom relationships</p>
</li>
</ul>
<h2>4.0.0-beta.95</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/Effect-TS/effect-smol/pull/2542">#2542</a>
<a
href="https://github.com/Effect-TS/effect-smol/commit/a482442abdeb490e9652b854ec3495e4aa7273e7"><code>a482442</code></a>
Thanks <a
href="https://github.com/IGassmann"><code>@​IGassmann</code></a>! - Add
<code>Schema.DateFromMillis</code> and
<code>SchemaTransformation.dateFromMillis</code> for decoding
millisecond timestamps into <code>Date</code> values.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/Effect-TS/effect-smol/pull/2559">#2559</a>
<a
href="https://github.com/Effect-TS/effect-smol/commit/fbefa850fab2f0a302c20614496aeaaa2a8b5590"><code>fbefa85</code></a>
Thanks <a
href="https://github.com/tim-smart"><code>@​tim-smart</code></a>! - fix
activity retry policy</p>
</li>
<li>
<p><a
href="https://redirect.github.com/Effect-TS/effect-smol/pull/2547">#2547</a>
<a
href="https://github.com/Effect-TS/effect-smol/commit/0b4a32f4260f0d8500942a133001b0d349328102"><code>0b4a32f</code></a>
Thanks <a href="https://github.com/fubhy"><code>@​fubhy</code></a>! -
Allow cron fields like <code>5/15</code> to expand from the starting
value through the field maximum.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/Effect-TS/effect-smol/pull/2557">#2557</a>
<a
href="https://github.com/Effect-TS/effect-smol/commit/18a49e1786679456258002ff9397faf02f678c2d"><code>18a49e1</code></a>
Thanks <a href="https://github.com/fubhy"><code>@​fubhy</code></a>! -
Fix <code>Schedule.cron</code> when the test clock is adjusted to
infinity.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/Effect-TS/effect-smol/pull/2560">#2560</a>
<a
href="https://github.com/Effect-TS/effect-smol/commit/266cb90bb2c17aabc40563c32db334f09ba3d74b"><code>266cb90</code></a>
Thanks <a href="https://github.com/gcanti"><code>@​gcanti</code></a>! -
Treat empty strings as missing values in built-in
<code>ConfigProvider</code>s by default.</p>
<p><code>ConfigProvider.fromEnv</code>,
<code>ConfigProvider.fromDotEnvContents</code>,
<code>ConfigProvider.fromDotEnv</code>,
<code>ConfigProvider.fromUnknown</code>, and
<code>ConfigProvider.fromDir</code> now treat literal empty strings as
absent values when loaded as values, allowing
<code>Config.withDefault</code> and <code>Config.option</code> to
recover. Container discovery still reflects the source structure. Pass
<code>preserveEmptyStrings: true</code> to restore the previous
behavior.</p>
<p><code>ConfigProvider.fromDotEnv({ expandVariables: true })</code> now
expands variables consistently with
<code>ConfigProvider.fromDotEnvContents</code>.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/Effect-TS/effect-smol/pull/2554">#2554</a>
<a
href="https://github.com/Effect-TS/effect-smol/commit/912f095a34572bbd3cedf6edb27878443e3e4a95"><code>912f095</code></a>
Thanks <a
href="https://github.com/tim-smart"><code>@​tim-smart</code></a>! - Add
Schedule.upTo options for limiting schedules by duration and/or
recurrence count.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/Effect-TS/effect-smol/pull/2556">#2556</a>
<a
href="https://github.com/Effect-TS/effect-smol/commit/a6718f9e00a15ca903b0732da46116cbf3d6aca7"><code>a6718f9</code></a>
Thanks <a href="https://github.com/fubhy"><code>@​fubhy</code></a>! -
Fix cron parsing and scheduling edge cases for whitespace, Sunday
<code>7</code>, strict numeric tokens, explicit full day ranges, and
month-constrained day-of-month / weekday matching.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/Effect-TS/effect-smol/pull/2551">#2551</a>
<a
href="https://github.com/Effect-TS/effect-smol/commit/bef51540a243aa2f872a00c01d0cd58b7a769baa"><code>bef5154</code></a>
Thanks <a
href="https://github.com/tim-smart"><code>@​tim-smart</code></a>! -
Remove the <code>Schedule.both</code> APIs and add
<code>Schedule.max</code> for combining schedules by their slowest
delay.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/Effect-TS/effect-smol/pull/2553">#2553</a>
<a
href="https://github.com/Effect-TS/effect-smol/commit/18e0564bd0f8ebbdfcaf1e2c21529948e9e4a81d"><code>18e0564</code></a>
Thanks <a
href="https://github.com/tim-smart"><code>@​tim-smart</code></a>! -
Remove some Schedule APIs: <code>collectInputs</code>,
<code>collectOutputs</code>, <code>collectWhile</code>,
<code>delays</code>, <code>reduce</code>,
<code>satisfiesErrorType</code>, <code>satisfiesInputType</code>,
<code>satisfiesOutputType</code>, <code>satisfiesServicesType</code>,
and <code>unfold</code>.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/Effect-TS/effect-smol/pull/2558">#2558</a>
<a
href="https://github.com/Effect-TS/effect-smol/commit/fb50f14fc3657c1973785aa5b72ecf0b0d28e0b2"><code>fb50f14</code></a>
Thanks <a
href="https://github.com/tim-smart"><code>@​tim-smart</code></a>! -
Remove the Schedule.either APIs and add Schedule.min for
fastest-duration schedule composition.</p>
</li>
</ul>
<h2>4.0.0-beta.94</h2>
<h3>Patch Changes</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/Effect-TS/effect/commit/8e6f66adf1bcfa842829bf787aef26c1d7979991"><code>8e6f66a</code></a>
Version Packages (beta) (<a
href="https://github.com/Effect-TS/effect/tree/HEAD/packages/effect/issues/2571">#2571</a>)</li>
<li><a
href="https://github.com/Effect-TS/effect/commit/3f0ccc04711b0a187b973e20fc9c3010c2560da2"><code>3f0ccc0</code></a>
Document interdependent HTTP API middleware (<a
href="https://github.com/Effect-TS/effect/tree/HEAD/packages/effect/issues/2569">#2569</a>)</li>
<li><a
href="https://github.com/Effect-TS/effect/commit/d6184fd6ce6288b146820e332ce79aba596aa59c"><code>d6184fd</code></a>
Version Packages (beta) (<a
href="https://github.com/Effect-TS/effect/tree/HEAD/packages/effect/issues/2565">#2565</a>)</li>
<li><a
href="https://github.com/Effect-TS/effect/commit/57fe79316ffbc380b30626a168981fb26ae97459"><code>57fe793</code></a>
change rpc ids to string | number (<a
href="https://github.com/Effect-TS/effect/tree/HEAD/packages/effect/issues/2566">#2566</a>)</li>
<li><a
href="https://github.com/Effect-TS/effect/commit/1503f45cb5bb2a74f4705252ec505a1f0ade7e62"><code>1503f45</code></a>
update dependencies (<a
href="https://github.com/Effect-TS/effect/tree/HEAD/packages/effect/issues/2563">#2563</a>)</li>
<li><a
href="https://github.com/Effect-TS/effect/commit/5434f2e88c16ffb65fd2cfdedc76f33df34c245c"><code>5434f2e</code></a>
Version Packages (beta) (<a
href="https://github.com/Effect-TS/effect/tree/HEAD/packages/effect/issues/2548">#2548</a>)</li>
<li><a
href="https://github.com/Effect-TS/effect/commit/97f29df457f7ffd07cfb4b379315c12c086af805"><code>97f29df</code></a>
use Sets to track atom relationships (<a
href="https://github.com/Effect-TS/effect/tree/HEAD/packages/effect/issues/2562">#2562</a>)</li>
<li><a
href="https://github.com/Effect-TS/effect/commit/0c2f78f695ec474e1ff5474da183577975e418f5"><code>0c2f78f</code></a>
Schedule simplification (<a
href="https://github.com/Effect-TS/effect/tree/HEAD/packages/effect/issues/2561">#2561</a>)</li>
<li><a
href="https://github.com/Effect-TS/effect/commit/266cb90bb2c17aabc40563c32db334f09ba3d74b"><code>266cb90</code></a>
Treat empty config strings as missing (<a
href="https://github.com/Effect-TS/effect/tree/HEAD/packages/effect/issues/2560">#2560</a>)</li>
<li><a
href="https://github.com/Effect-TS/effect/commit/fbefa850fab2f0a302c20614496aeaaa2a8b5590"><code>fbefa85</code></a>
fix activity retry policy (<a
href="https://github.com/Effect-TS/effect/tree/HEAD/packages/effect/issues/2559">#2559</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/Effect-TS/effect/commits/effect@4.0.0-beta.97/packages/effect">compare
view</a></li>
</ul>
</details>
<br />

Updates `oxfmt` from 0.57.0 to 0.58.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/oxc-project/oxc/commit/39677ba50d908ea09f6d9e58ded328461212f52a"><code>39677ba</code></a>
release(apps): oxlint v1.73.0 &amp;&amp; oxfmt v0.58.0 (<a
href="https://github.com/oxc-project/oxc/tree/HEAD/npm/oxfmt/issues/24219">#24219</a>)</li>
<li>See full diff in <a
href="https://github.com/oxc-project/oxc/commits/oxfmt_v0.58.0/npm/oxfmt">compare
view</a></li>
</ul>
</details>
<br />

Updates `tldts` from 6.1.86 to 7.4.8
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/remusao/tldts/releases">tldts's
releases</a>.</em></p>
<blockquote>
<h2>v7.4.8</h2>
<h4>:scroll: Update Public Suffix List</h4>
<ul>
<li><code>tldts-experimental</code>, <code>tldts</code>
<ul>
<li>Update upstream public suffix list <a
href="https://redirect.github.com/remusao/tldts/pull/2632">#2632</a> (<a
href="https://github.com/remusao"><code>@​remusao</code></a>)</li>
</ul>
</li>
</ul>
<h4>Authors: 1</h4>
<ul>
<li>Rémi (<a
href="https://github.com/remusao"><code>@​remusao</code></a>)</li>
</ul>
<h2>v7.4.7</h2>
<h4>:scroll: Update Public Suffix List</h4>
<ul>
<li><code>tldts-experimental</code>, <code>tldts</code>
<ul>
<li>Update upstream public suffix list <a
href="https://redirect.github.com/remusao/tldts/pull/2630">#2630</a> (<a
href="https://github.com/remusao"><code>@​remusao</code></a>)</li>
</ul>
</li>
</ul>
<h4>Authors: 1</h4>
<ul>
<li>Rémi (<a
href="https://github.com/remusao"><code>@​remusao</code></a>)</li>
</ul>
<h2>v7.4.6</h2>
<h4>:scroll: Update Public Suffix List</h4>
<ul>
<li><code>tldts-experimental</code>, <code>tldts</code>
<ul>
<li>Update upstream public suffix list <a
href="https://redirect.github.com/remusao/tldts/pull/2626">#2626</a> (<a
href="https://github.com/remusao"><code>@​remusao</code></a>)</li>
</ul>
</li>
</ul>
<h4>:nut_and_bolt: Dependencies</h4>
<ul>
<li>Bump sigstore from 4.1.0 to 4.1.1 <a
href="https://redirect.github.com/remusao/tldts/pull/2629">#2629</a> (<a
href="https://github.com/dependabot%5Bbot%5D"><code>@​dependabot[bot]</code></a>)</li>
<li>Bump <code>@​babel/core</code> from 7.24.7 to 7.29.7 <a
href="https://redirect.github.com/remusao/tldts/pull/2618">#2618</a> (<a
href="https://github.com/dependabot%5Bbot%5D"><code>@​dependabot[bot]</code></a>)</li>
<li>Bump form-data from 4.0.5 to 4.0.6 <a
href="https://redirect.github.com/remusao/tldts/pull/2611">#2611</a> (<a
href="https://github.com/dependabot%5Bbot%5D"><code>@​dependabot[bot]</code></a>)</li>
<li>Bump rollup from 4.61.1 to 4.62.2 <a
href="https://redirect.github.com/remusao/tldts/pull/2612">#2612</a> (<a
href="https://github.com/dependabot%5Bbot%5D"><code>@​dependabot[bot]</code></a>)</li>
<li>Bump rollup-plugin-sourcemaps2 from 0.5.7 to 0.5.8 <a
href="https://redirect.github.com/remusao/tldts/pull/2619">#2619</a> (<a
href="https://github.com/dependabot%5Bbot%5D"><code>@​dependabot[bot]</code></a>)</li>
<li>Bump typescript-eslint from 8.60.1 to 8.62.1 <a
href="https://redirect.github.com/remusao/tldts/pull/2624">#2624</a> (<a
href="https://github.com/dependabot%5Bbot%5D"><code>@​dependabot[bot]</code></a>)</li>
<li>Bump <code>@​sigstore/core</code> from 3.1.0 to 3.2.1 <a
href="https://redirect.github.com/remusao/tldts/pull/2625">#2625</a> (<a
href="https://github.com/dependabot%5Bbot%5D"><code>@​dependabot[bot]</code></a>)</li>
<li>Bump <code>@​sigstore/verify</code> from 3.1.0 to 3.1.1 <a
href="https://redirect.github.com/remusao/tldts/pull/2628">#2628</a> (<a
href="https://github.com/dependabot%5Bbot%5D"><code>@​dependabot[bot]</code></a>)</li>
<li><code>tldts-core</code>, <code>tldts-experimental</code>,
<code>tldts-icann</code>, <code>tldts-tests</code>,
<code>tldts-utils</code>, <code>tldts</code>
<ul>
<li>Bump <code>@​types/node</code> from 25.9.1 to 26.1.0 <a
href="https://redirect.github.com/remusao/tldts/pull/2627">#2627</a> (<a
href="https://github.com/dependabot%5Bbot%5D"><code>@​dependabot[bot]</code></a>)</li>
</ul>
</li>
</ul>
<h4>Authors: 2</h4>
<ul>
<li><a
href="https://github.com/dependabot%5Bbot%5D"><code>@​dependabot[bot]</code></a></li>
<li>Rémi (<a
href="https://github.com/remusao"><code>@​remusao</code></a>)</li>
</ul>
<h2>v7.4.5</h2>
<h4>:scroll: Update Public Suffix List</h4>
<ul>
<li><code>tldts-experimental</code>, <code>tldts</code>
<ul>
<li>Update upstream public suffix list <a
href="https://redirect.github.com/remusao/tldts/pull/2617">#2617</a> (<a
href="https://github.com/remusao"><code>@​remusao</code></a>)</li>
</ul>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/remusao/tldts/blob/master/CHANGELOG.md">tldts's
changelog</a>.</em></p>
<blockquote>
<h1>v7.4.8 (Thu Jul 09 2026)</h1>
<h4>:scroll: Update Public Suffix List</h4>
<ul>
<li><code>tldts-experimental</code>, <code>tldts</code>
<ul>
<li>Update upstream public suffix list <a
href="https://redirect.github.com/remusao/tldts/pull/2632">#2632</a> (<a
href="https://github.com/remusao"><code>@​remusao</code></a>)</li>
</ul>
</li>
</ul>
<h4>Authors: 1</h4>
<ul>
<li>Rémi (<a
href="https://github.com/remusao"><code>@​remusao</code></a>)</li>
</ul>
<hr />
<h1>v7.4.7 (Tue Jul 07 2026)</h1>
<h4>:scroll: Update Public Suffix List</h4>
<ul>
<li><code>tldts-experimental</code>, <code>tldts</code>
<ul>
<li>Update upstream public suffix list <a
href="https://redirect.github.com/remusao/tldts/pull/2630">#2630</a> (<a
href="https://github.com/remusao"><code>@​remusao</code></a>)</li>
</ul>
</li>
</ul>
<h4>Authors: 1</h4>
<ul>
<li>Rémi (<a
href="https://github.com/remusao"><code>@​remusao</code></a>)</li>
</ul>
<hr />
<h1>v7.4.6 (Thu Jul 02 2026)</h1>
<h4>:scroll: Update Public Suffix List</h4>
<ul>
<li><code>tldts-experimental</code>, <code>tldts</code>
<ul>
<li>Update upstream public suffix list <a
href="https://redirect.github.com/remusao/tldts/pull/2626">#2626</a> (<a
href="https://github.com/remusao"><code>@​remusao</code></a>)</li>
</ul>
</li>
</ul>
<h4>:nut_and_bolt: Dependencies</h4>
<ul>
<li>Bump sigstore from 4.1.0 to 4.1.1 <a
href="https://redirect.github.com/remusao/tldts/pull/2629">#2629</a> (<a
href="https://github.com/dependabot%5Bbot%5D"><code>@​dependabot[bot]</code></a>)</li>
<li>Bump <code>@​babel/core</code> from 7.24.7 to 7.29.7 <a
href="https://redirect.github.com/remusao/tldts/pull/2618">#2618</a> (<a
href="https://github.com/dependabot%5Bbot%5D"><code>@​dependabot[bot]</code></a>)</li>
<li>Bump form-data from 4.0.5 to 4.0.6 <a
href="https://redirect.github.com/remusao/tldts/pull/2611">#2611</a> (<a
href="https://github.com/dependabot%5Bbot%5D"><code>@​dependabot[bot]</code></a>)</li>
<li>Bump rollup from 4.61.1 to 4.62.2 <a
href="https://redirect.github.com/remusao/tldts/pull/2612">#2612</a> (<a
href="https://github.com/dependabot%5Bbot%5D"><code>@​dependabot[bot]</code></a>)</li>
<li>Bump rollup-plugin-sourcemaps2 from 0.5.7 to 0.5.8 <a
href="https://redirect.github.com/remusao/tldts/pull/2619">#2619</a> (<a
href="https://github.com/dependabot%5Bbot%5D"><code>@​dependabot[bot]</code></a>)</li>
<li>Bump typescript-eslint from 8.60.1 to 8.62.1 <a
href="https://redirect.github.com/remusao/tldts/pull/2624">#2624</a> (<a
href="https://github.com/dependabot%5Bbot%5D"><code>@​dependabot[bot]</code></a>)</li>
<li>Bump <code>@​sigstore/core</code> from 3.1.0 to 3.2.1 <a
href="https://redirect.github.com/remusao/tldts/pull/2625">#2625</a> (<a
href="https://github.com/dependabot%5Bbot%5D"><code>@​dependabot[bot]</code></a>)</li>
<li>Bump <code>@​sigstore/verify</code> from 3.1.0 to 3.1.1 <a
href="https://redirect.github.com/remusao/tldts/pull/2628">#2628</a> (<a
href="https://github.com/dependabot%5Bbot%5D"><code>@​dependabot[bot]</code></a>)</li>
<li><code>tldts-core</code>, <code>tldts-experimental</code>,
<code>tldts-icann</code>, <code>tldts-tests</code>,
<code>tldts-utils</code>, <code>tldts</code>
<ul>
<li>Bump <code>@​types/node</code> from 25.9.1 to 26.1.0 <a
href="https://redirect.github.com/remusao/tldts/pull/2627">#2627</a> (<a
href="https://github.com/dependabot%5Bbot%5D"><code>@​dependabot[bot]</code></a>)</li>
</ul>
</li>
</ul>
<h4>Authors: 2</h4>
<ul>
<li><a
href="https://github.com/dependabot%5Bbot%5D"><code>@​dependabot[bot]</code></a></li>
<li>Rémi (<a
href="https://github.com/remusao"><code>@​remusao</code></a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/remusao/tldts/commit/e46ca7aa952df519efae2d11dcdb4f3a817ac8e5"><code>e46ca7a</code></a>
Bump version to: v7.4.8 [skip ci]</li>
<li><a
href="https://github.com/remusao/tldts/commit/a4823cde0ae806f2feff89ce68d8895243168feb"><code>a4823cd</code></a>
Update CHANGELOG.md [skip ci]</li>
<li><a
href="https://github.com/remusao/tldts/commit/86a0a5799995ff495dfb15b00016c7314cf3454a"><code>86a0a57</code></a>
Update upstream public suffix list (<a
href="https://redirect.github.com/remusao/tldts/issues/2632">#2632</a>)</li>
<li><a
href="https://github.com/remusao/tldts/commit/c43f3f113164626a96ebbe71f8979f7c512ad382"><code>c43f3f1</code></a>
Bump version to: v7.4.7 [skip ci]</li>
<li><a
href="https://github.com/remusao/tldts/commit/22e72c3c68278bfb084c8acfaa1a830cefc9b6e0"><code>22e72c3</code></a>
Update CHANGELOG.md [skip ci]</li>
<li><a
href="https://github.com/remusao/tldts/commit/44a567cd9ebcdb6190ff9d1996047e95bc8d938a"><code>44a567c</code></a>
Update upstream public suffix list (<a
href="https://redirect.github.com/remusao/tldts/issues/2630">#2630</a>)</li>
<li><a
href="https://github.com/remusao/tldts/commit/92ee2b31e72433487577a6c027ad7ec69aa8c8fe"><code>92ee2b3</code></a>
Bump version to: v7.4.6 [skip ci]</li>
<li><a
href="https://github.com/remusao/tldts/commit/cd23a4106ee0ed11cecf7ec7ed9bc308743d99ca"><code>cd23a41</code></a>
Update CHANGELOG.md [skip ci]</li>
<li><a
href="https://github.com/remusao/tldts/commit/11b91adfef769de8dbd8c87b1ed0809e0371e9a2"><code>11b91ad</code></a>
Update upstream public suffix list (<a
href="https://redirect.github.com/remusao/tldts/issues/2626">#2626</a>)</li>
<li><a
href="https://github.com/remusao/tldts/commit/3136742bd2a089b2c9592cbbcc3de6c229bba5a9"><code>3136742</code></a>
Bump sigstore from 4.1.0 to 4.1.1 (<a
href="https://redirect.github.com/remusao/tldts/issues/2629">#2629</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/remusao/tldts/compare/v6.1.86...v7.4.8">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This versi…
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

8 participants