[pull] master from supabase:master#954
Merged
Merged
Conversation
## I have read the [CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md) file. YES ## What kind of change does this PR introduce? Refactor ## What is the current behavior? The Auth policy editor flow still uses the deprecated `Modal` component and `Modal.Content` / `Modal.Separator` helpers. ## What is the new behavior? The Auth policy editor flow now uses `Dialog` primitives instead: - `Dialog` - `DialogContent` - `DialogHeader` - `DialogTitle` - `DialogSection` - `DialogSectionSeparator` Behavior is intended to remain unchanged. ## Additional context - Fixes #46375 <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Refactor** * Updated the policy editor and review flows to a unified dialog layout for a cleaner, more consistent UI. * Sections and footer controls were reorganized for clearer grouping and improved button placement. * Existing behaviors (viewing templates, review/save flow, and close confirmation) are preserved. <!-- review_stack_entry_start --> [](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/46374?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack) <!-- review_stack_entry_end --> <!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Summary Switches the two `instanceSizeSpecs[instanceSize]!.priceMonthly` lookups (on the New Project page and its footer) to the existing `monthlyInstancePrice` helper, which has a defensive fallback. Fixes a render crash that fires when users switch between organizations of different plan tiers via the OrganizationSelector dropdown. Sentry: [SUPABASE-APP-EJT](https://supabase.sentry.io/issues/SUPABASE-APP-EJT) — 339 occurrences, 312 users impacted. Fixes FE-3481 ## Test plan - [x] On `/dashboard/new/<freeOrgSlug>`, open the org dropdown and switch to a paid org — no crash - [x] Verify the "Additional costs" total renders correctly once form state syncs - [x] `pnpm typecheck` passes <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Refactor** * Refactored pricing calculation logic across project creation components for improved code organization. <!-- review_stack_entry_start --> [](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/46395?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack) <!-- review_stack_entry_end --> <!-- end of auto-generated comment: release notes by coderabbit.ai -->
…46285) ## I have read the [CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md) file. YES ## What kind of change does this PR introduce? Feature — adds a new data-layer hook. No callers are switched over in this PR. ## What is the current behavior? The Schema Designer and Database > Tables list both call `useTablesQuery({ includeColumns: true })`, which fetches the full schema (every table, with every column, every relationship) in one round-trip. For customers with many tables this never loads. Towards FE-3428. ## What is the new behavior? Introduces `useInfiniteTablesQuery` — a cursor-paginated tables hook ready to be consumed by the two pages above in follow-up PRs. - `pg-meta`: new `getTablesPaginatedSql` SQL builder that picks a page of table OIDs first (cheap `pg_class` index scan) and constrains every enrichment CTE (primary keys, relationships, columns) to that set. Pagination is by `c.oid > $afterOid` rather than `OFFSET`, so deep pages stay O(limit). Relationships use a `UNION ALL` keyed by `table_id` so the downstream join is a plain equi-join. - `pg-meta`: `COLUMNS_SQL` is now produced by `getColumnsSql({ filter })`, letting a paginating caller push a table-OID predicate into the WHERE clause directly. The bare `COLUMNS_SQL` export is preserved for the 5 existing callers (`pg-meta-columns`, `pg-meta-tables`, `pg-meta-views`, `pg-meta-materialized-views`, `pg-meta-foreign-tables`). - `studio`: `useInfiniteTablesQuery` wires the new SQL into `useInfiniteQuery` via `executeSql`. `initialPageParam: 0`, `getNextPageParam` returns the last row's `id` or `undefined` on a short last page. - Tests: 12 new tests in `pg-meta` covering cursor invariants (no overlap / no gap), schema filtering, primary-key / relationship / column shape, and output parity against the existing `pgTableZod` schema. ## Additional context <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Enabled infinite scrolling for table listings with cursor-based pagination and optional page sizing. * Added an option to include per-table column data in paginated results. * Made column queries filterable for more targeted metadata retrieval. * **Tests** * Added comprehensive tests validating pagination, schema scoping, column inclusion, and relationship/PK shaping. <!-- review_stack_entry_start --> [](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/46285?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack) <!-- review_stack_entry_end --> <!-- end of auto-generated comment: release notes by coderabbit.ai -->
…46351) ## I have read the [CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md) file. YES ## What kind of change does this PR introduce? Refactor / type safety improvement ## What is the current behavior? The legacy log query stack (`genDefaultQuery`, `genCountQuery`, `genChartQuery`, `genWhereStatement`, `useLogsPreview`, `useSingleLog`) builds SQL from raw strings with no type-level guarantee that values are safely interpolated. Identifier helpers (`bqIdent`, `bqDottedIdent`, `clickhouseIdent`, `clickhouseDottedIdent`) are duplicated across BigQuery and ClickHouse variants, and `bqDottedIdent` wraps the entire dotted path in one backtick pair (`` `request.pathname` ``), which BigQuery treats as a literal column name rather than a UNNEST alias field — causing runtime query failures on dotted filter keys. ## What is the new behavior? - All gen functions return `SafeLogSqlFragment` and all callers route through `executeAnalyticsSql`, enforcing compile-time SQL provenance tracking across the legacy stack. - `bqIdent` / `bqDottedIdent` / `clickhouseIdent` / `clickhouseDottedIdent` are replaced by a single `quotedIdent` function that backtick-quotes each segment individually (e.g. `` `request`.`pathname` ``). ClickHouse natively accepts backticks, so one function serves both engines and the dotted-path quoting bug is fixed. - `SQL_FILTER_TEMPLATES` entries are converted to `SafeLogSqlFragment` (static via `safeSql`, dynamic via `safeSql` + `analyticsLiteral`). - `buildWhereClauses` is extracted as a private helper returning `SafeLogSqlFragment[]` so the pg_cron path can merge clauses without unsafe slice-and-cast. ## Additional context <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Refactor** * Logs query generation migrated to safer, engine-agnostic SQL fragments, typed filter templates, and unified identifier quoting for stronger injection protection and more consistent queries. * Logs preview and single-log retrieval now execute analytics SQL end-to-end using the unified executor. * **New Features** * Analytics SQL executor can call the backend via GET or POST and accepts method selection. * **Tests** * Updated tests to validate unified identifier quoting and safe-SQL helper behavior. <!-- review_stack_entry_start --> [](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/46351?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack) <!-- review_stack_entry_end --> <!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Summary - On the Free plan the GitHub integration form disables the branching section, but the create/update payloads still included `branch_limit`, `new_branch_per_pr`, and `supabase_changes_only`. - These three fields are now only sent when the org has the `branching_limit` entitlement. ## Manual testing - [ ] As a Free plan org, open Project Settings → Integrations → GitHub and connect a repository. In the network tab, verify the `POST /platform/integrations/github/connections` request body does **not** include `branch_limit`, `new_branch_per_pr`, or `supabase_changes_only`. - [ ] Still on a Free org, edit the working directory / production branch on an existing connection. Verify the `PATCH` body also omits those three fields. - [ ] As a Pro (or higher) plan org with branching enabled, repeat both flows and confirm the three branching fields are still sent with the values from the form. - [ ] Confirm the UI itself is unchanged: the branching controls remain disabled on Free and editable on Pro+. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Bug Fixes** * Fixed GitHub integration to conditionally send branching-related configuration fields based on user access permissions, preventing unnecessary data transmission for users without branching access. <!-- review_stack_entry_start --> [](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/46388?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack) <!-- review_stack_entry_end --> <!-- end of auto-generated comment: release notes by coderabbit.ai -->
… of Startups 2026 (#46401) ## I have read the [CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md) file. YES ## What kind of change does this PR introduce? Feature ## What is the current behavior? The 2026 State of Startups page is missing several selected pull quotes, the Outlook chapter ends on a single static quote, and the "Thank you" footer still renders the 2025 participants list as a static wrap of ~60 companies. ## What is the new behavior? - Wires the six selected pull quotes for chapters 1–4 and 7 (with section-level support so the Solo Founders quote sits inside its section). `SurveyPullQuote` now accepts optional author position and avatar. - Replaces the Outlook chapter quote with a new `SurveyPullQuoteCarousel` that rotates between four labelled quotes (Burn out, Pace of change, Competition, Runway) and reuses the existing stipple/checker timer-bar pattern. - Replaces the participants list with all 326 verified 2026 entries and renders them via a new `ParticipantsCarousel` — five horizontal marquee rows scrolling at different speeds and alternating directions, pausing on hover, with edge fades and `prefers-reduced-motion` support. ## Additional context Participants list sourced from the verified `state-of-startups-2026-companies-software-verified.csv` export. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Rotating quote carousels for survey chapters with progress indicators and subtle animations * Animated participants display as multi-row scrolling marquees * Optional author position and avatar shown with quotes * Reduced-motion support to disable animations * **Updates** * Refreshed State of Startups 2026 content and expanded participants list <!-- review_stack_entry_start --> [](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/46401?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack) <!-- review_stack_entry_end --> <!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the [CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md) file. YES ## What kind of change does this PR introduce? Added a new blog post to be published today. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Documentation** * Added a new blog post on securing Supabase projects against npm supply chain attacks, including guidance on common attack patterns and defensive best practices for dependency management. <!-- review_stack_entry_start --> [](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/46406?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack) <!-- review_stack_entry_end --> <!-- end of auto-generated comment: release notes by coderabbit.ai -->
## I have read the [CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md) file. YES ## What kind of change does this PR introduce? Chore — adds a static asset. ## What is the current behavior? The State of Startups 2026 page references `/images/state-of-startups/2026/state-of-startups-og.png` for its Open Graph image, but the file did not exist in the repo. ## What is the new behavior? Adds the OG image at the expected path so social previews render correctly when sharing `/state-of-startups`. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Style** * Adjusted the minimum height of the State of Startups header and its inner wrapper on non-medium breakpoints to refine spacing and visual balance. * Medium-breakpoint height remains unchanged, preserving the intended layout at that size. <!-- review_stack_entry_start --> [](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/46394?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack) <!-- review_stack_entry_end --> <!-- end of auto-generated comment: release notes by coderabbit.ai -->
](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/46374?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack){kind=link}
](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/46395?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack){kind=link}
](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/46285?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack){kind=link}
](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/46351?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack){kind=link}
](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/46388?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack){kind=link}
](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/46401?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack){kind=link}
](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/46406?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack){kind=link}
](https://app.coderabbit.ai/change-stack/supabase/supabase/pull/46394?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack){kind=link}
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )