[Snyk] Upgrade @supabase/supabase-js from 2.45.4 to 2.76.1 #297

nerdy-tech-com-gitub · 2025-11-18T10:55:18Z

Snyk has created this PR to upgrade @supabase/supabase-js from 2.45.4 to 2.76.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 144 versions ahead of your current version.
The recommended version was released a month ago.

Issues fixed by the recommended upgrade:

Issue	Score	Exploit Maturity
Insecure Randomness SNYK-JS-UNDICI-8641354	70	Proof of Concept
Incorrect Authorization SNYK-JS-VITE-9512410	70	Mature
Incorrect Authorization SNYK-JS-VITE-9653016	70	Proof of Concept
Denial of Service (DoS) SNYK-JS-WS-7266574	70	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-CROSSSPAWN-8303230	70	Proof of Concept
Improper Neutralization of Special Elements in Data Query Logic SNYK-JS-MONGOOSE-8446504	70	No Known Exploit
Improper Neutralization of Special Elements in Data Query Logic SNYK-JS-MONGOOSE-8623536	70	Proof of Concept
Remote Code Execution (RCE) SNYK-JS-NUXT-7640974	70	No Known Exploit
Acceptance of Extraneous Untrusted Data With Trusted Data SNYK-JS-NUXT-9486043	70	No Known Exploit
Directory Traversal SNYK-JS-NUXTDEVTOOLS-7640977	70	Proof of Concept
Directory Traversal SNYK-JS-SUPABASEAUTHJS-10255365	70	No Known Exploit
Improper Validation of Specified Type of Input SNYK-JS-VALIDATOR-13395830	70	Proof of Concept
Directory Traversal SNYK-JS-VITE-13644406	70	Proof of Concept
Information Exposure SNYK-JS-VITE-8023174	70	Proof of Concept
Origin Validation Error SNYK-JS-VITE-8648411	70	Proof of Concept
Access Control Bypass SNYK-JS-VITE-9576207	70	Proof of Concept
Information Exposure SNYK-JS-VITE-9685035	70	Proof of Concept
Directory Traversal SNYK-JS-VITE-9919777	70	Proof of Concept
Cross-site Scripting (XSS) SNYK-JS-VUETEMPLATECOMPILER-7554675	70	Proof of Concept
Open Redirect SNYK-JS-KOA-10944994	70	Proof of Concept
Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	70	No Known Exploit
Improper Input Validation SNYK-JS-NANOID-8492085	70	No Known Exploit
Improper Input Validation SNYK-JS-NANOID-8492085	70	No Known Exploit
Cross-site Scripting (XSS) SNYK-JS-NUXT-7640972	70	Proof of Concept
Cross-site Scripting (XSS) SNYK-JS-NUXTDEVTOOLS-13849298	70	No Known Exploit
Origin Validation Error SNYK-JS-NUXTVITEBUILDER-8663232	70	Proof of Concept
Prototype Pollution SNYK-JS-PARSEGITCONFIG-9403763	70	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHTOREGEXP-7925106	70	Proof of Concept
Cross-site Scripting (XSS) SNYK-JS-ROLLUP-8073097	70	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-BABELHELPERS-9397697	70	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-BABELRUNTIME-10044504	70	Proof of Concept
Cross-site Scripting SNYK-JS-SERVESTATIC-7926865	70	No Known Exploit
Directory Traversal SNYK-JS-SIRV-12558119	70	Proof of Concept
Missing Release of Memory after Effective Lifetime SNYK-JS-UNDICI-10176064	70	Proof of Concept
Relative Path Traversal SNYK-JS-VITE-12558116	70	Proof of Concept
Cross-site Scripting (XSS) SNYK-JS-VITE-8022916	70	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-VUETEMPLATECOMPILER-8219888	70	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-BRACEEXPANSION-9789073	70	Proof of Concept
Prototype Pollution SNYK-JS-DEVALUE-12205530	70	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-KOA-8720152	70	No Known Exploit
Cross-site Scripting (XSS) SNYK-JS-KOA-9679272	70	Proof of Concept
Directory Traversal SNYK-JS-NUXT-12878602	70	Proof of Concept
Cross-site Scripting SNYK-JS-SEND-7926862	70	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-BRACEEXPANSION-9789073	70	Proof of Concept

Release notes

Package name: @supabase/supabase-js

2.76.1 - 2025-10-21
2.76.1 (2025-10-21)

🩹 Fixes
- repo: add missing tslib dependency to core packages (#1789)
❤️ Thank You
- Katerina Skroumpelou @ mandarini
2.76.0 - 2025-10-20
2.76.0 (2025-10-20)

🚀 Features
- realtime: realtime explicit REST call (#1751)
- realtime: enhance RealtimeChannel type (#1747)
- storage: storage vectors and analytics in storage-js (#1752)
🩹 Fixes
- functions: missing body when Content-Type header supplied by dev (#1758)
- functions: add application/pdf response parsing to FunctionsClient (#1757)
- realtime: manipulate URLs using URL object (#1769)
- repo: convert postbuild to explicit codegen (#1778)
- storage: correct list v2 types to correctly match data returned from api (#1761)
- storage: use backward compatible return type in download function (#1750)
- storage: api types (#1784)
❤️ Thank You
- Fabrizio @ fenos
- Filipe Cabaço @ filipecabaco
- Guilherme Souza
- Katerina Skroumpelou @ mandarini
- Lenny @ itslenny
2.75.2-canary.1 - 2025-10-20
2.75.2-canary.1 (2025-10-20)

🩹 Fixes
- storage: api types (#1784)
❤️ Thank You
- Fabrizio @ fenos
2.75.2-canary.0 - 2025-10-17
2.75.2-canary.0 (2025-10-17)

🚀 Features
- realtime: realtime explicit REST call (#1751)
- realtime: enhance RealtimeChannel type (#1747)
- storage: storage vectors and analytics in storage-js (#1752)
🩹 Fixes
- functions: missing body when Content-Type header supplied by dev (#1758)
- functions: add application/pdf response parsing to FunctionsClient (#1757)
- realtime: manipulate URLs using URL object (#1769)
- repo: convert postbuild to explicit codegen (#1778)
- storage: correct list v2 types to correctly match data returned from api (#1761)
- storage: use backward compatible return type in download function (#1750)
❤️ Thank You
- Filipe Cabaço @ filipecabaco
- Guilherme Souza
- Katerina Skroumpelou @ mandarini
- Lenny @ itslenny
2.75.1 - 2025-10-17
2.75.1 (2025-10-17)

🩹 Fixes
- storage: use backward compatible return type in download function (#1750)
❤️ Thank You
- Lenny @ itslenny
2.75.1-canary.5 - 2025-10-16
2.75.1-canary.5 (2025-10-16)

🩹 Fixes
- repo: convert postbuild to explicit codegen (#1778)
❤️ Thank You
- Katerina Skroumpelou @ mandarini
2.75.1-canary.4 - 2025-10-16
2.75.1-canary.4 (2025-10-16)

🩹 Fixes
- functions: missing body when Content-Type header supplied by dev (#1758)
- functions: add application/pdf response parsing to FunctionsClient (#1757)
❤️ Thank You
- Katerina Skroumpelou @ mandarini
2.75.1-canary.3 - 2025-10-13
2.75.1-canary.3 (2025-10-13)

🩹 Fixes
- realtime: manipulate URLs using URL object (#1769)
❤️ Thank You
- Guilherme Souza
2.75.1-canary.2 - 2025-10-13
2.75.1-canary.2 (2025-10-13)

🚀 Features
- realtime: enhance RealtimeChannel type (#1747)
❤️ Thank You
- Katerina Skroumpelou @ mandarini
2.75.1-canary.1 - 2025-10-09
2.75.1-canary.1 (2025-10-09)

🩹 Fixes
- storage: correct list v2 types to correctly match data returned from api (#1761)
- storage: use backward compatible return type in download function (#1750)
❤️ Thank You
- Lenny @ itslenny
2.75.1-canary.0 - 2025-10-09
2.75.0 - 2025-10-09
2.74.1-canary.7 - 2025-10-08
2.74.1-canary.6 - 2025-10-07
2.74.1-canary.5 - 2025-10-07
2.74.1-canary.4 - 2025-10-07
2.74.1-canary.3 - 2025-10-07
2.74.1-canary.2 - 2025-10-06
2.74.1-canary.1 - 2025-10-06
2.74.1-canary.0 - 2025-10-06
2.74.0 - 2025-10-06
2.73.1-canary.8 - 2025-10-06
2.73.1-canary.7 - 2025-10-06
2.73.1-canary.6 - 2025-10-06
2.73.1-canary.5 - 2025-10-06
2.72.1-canary.15 - 2025-09-26
2.72.1-canary.14 - 2025-09-26
2.72.1-canary.13 - 2025-09-26
2.72.1-canary.12 - 2025-09-26
2.72.1-canary.11 - 2025-09-26
2.72.1-canary.10 - 2025-09-26
2.72.1-canary.9 - 2025-09-26
2.72.1-canary.8 - 2025-09-26
2.72.1-canary.7 - 2025-09-26
2.72.1-canary.6 - 2025-09-26
2.72.1-canary.5 - 2025-09-26
2.72.1-canary.2 - 2025-09-24
2.72.1-canary.0 - 2025-09-30
2.71.2-canary.29 - 2025-09-23
2.71.2-canary.28 - 2025-09-23
2.71.2-canary.27 - 2025-09-23
2.71.2-canary.7 - 2025-09-19
2.71.2-canary.6 - 2025-09-19
2.71.2-canary.4 - 2025-09-19
2.71.2-canary.3 - 2025-09-19
2.71.2-canary.2 - 2025-09-19
2.71.2-canary.1 - 2025-09-19
2.71.2-canary.0 - 2025-09-18
2.58.1-canary.0 - 2025-10-01
2.58.0 - 2025-09-25
2.57.4 - 2025-09-09
2.57.3 - 2025-09-09
2.57.2 - 2025-09-05
2.57.1 - 2025-09-05
2.57.0 - 2025-09-02
2.57.0-next.4 - 2025-08-29
2.57.0-next.3 - 2025-08-29
2.57.0-next.2 - 2025-08-29
2.57.0-next.1 - 2025-08-29
2.56.1 - 2025-08-29
2.56.1-next.1 - 2025-08-29
2.56.0 - 2025-08-21
2.55.0 - 2025-08-12
2.55.0-next.1 - 2025-08-12
2.54.0 - 2025-08-07
2.53.1 - 2025-08-07
2.53.0 - 2025-07-28
2.52.1 - 2025-07-23
2.52.0 - 2025-07-17
2.51.0 - 2025-07-14
2.50.5 - 2025-07-10
2.50.5-next.4 - 2025-07-14
2.50.5-next.3 - 2025-07-12
2.50.5-next.2 - 2025-07-10
2.50.5-next.1 - 2025-07-10
2.50.4 - 2025-07-09
2.50.3 - 2025-07-02
2.50.2 - 2025-06-25
2.50.2-next.1 - 2025-06-25
2.50.1 - 2025-06-24
2.50.1-next.8 - 2025-06-24
2.50.1-next.7 - 2025-06-24
2.50.1-next.6 - 2025-06-20
2.50.1-next.5 - 2025-06-12
2.50.1-next.4 - 2025-06-10
2.50.1-next.3 - 2025-06-09
2.50.1-next.2 - 2025-06-06
2.50.1-next.1 - 2025-06-06
2.50.0 - 2025-06-06
2.49.10 - 2025-06-04
2.49.10-next.2 - 2025-06-04
2.49.10-next.1 - 2025-06-03
2.49.9 - 2025-06-02
2.49.9-next.3 - 2025-06-03
2.49.9-next.2 - 2025-05-29
2.49.9-next.1 - 2025-05-23
2.49.8 - 2025-05-21
2.49.7 - 2025-05-20
2.49.6 - 2025-05-20
2.49.6-next.1 - 2025-05-20
2.49.5 - 2025-05-19
2.49.5-next.5 - 2025-05-13
2.49.5-next.4 - 2025-05-12
2.49.5-next.3 - 2025-05-12
2.49.5-next.2 - 2025-05-09
2.49.5-next.1 - 2025-05-09
2.49.4 - 2025-03-29
2.49.3 - 2025-03-24
2.49.2 - 2025-03-24
2.49.1 - 2025-02-24
2.49.0 - 2025-02-24
2.48.1 - 2025-01-24
2.48.0 - 2025-01-20
2.47.16 - 2025-01-17
2.47.15 - 2025-01-16
2.47.14 - 2025-01-15
2.47.13 - 2025-01-14
2.47.12 - 2025-01-08
2.47.11 - 2025-01-07
2.47.10 - 2024-12-19
2.47.9 - 2024-12-18
2.47.8 - 2024-12-16
2.47.7 - 2024-12-13
2.47.6 - 2024-12-12
2.47.5 - 2024-12-11
2.47.4 - 2024-12-11
2.47.4-rc.1 - 2024-12-11
2.47.3 - 2024-12-09
2.47.2 - 2024-12-06
2.47.1 - 2024-12-05
2.47.0 - 2024-12-05
2.46.2 - 2024-11-27
2.46.2-rc.3 - 2024-11-13
2.46.2-rc.2 - 2024-11-13
2.46.2-rc.1 - 2024-11-06
2.46.1 - 2024-10-30
2.46.0 - 2024-10-29
2.46.0-rc.5 - 2024-10-29
2.46.0-rc.4 - 2024-10-28
2.46.0-rc.3 - 2024-10-28
2.46.0-rc.2 - 2024-10-18
2.46.0-rc.1 - 2024-10-18
2.45.6 - 2024-10-19
2.45.5 - 2024-10-18
2.45.4 - 2024-09-10

from @supabase/supabase-js GitHub release notes

Important

Check the changes in this PR to ensure they won't cause issues with your project.
This PR was automatically created by Snyk using the credentials of a real user.
Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

📜 Customise PR templates

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade @supabase/supabase-js from 2.45.4 to 2.76.1. See this package in npm: @supabase/supabase-js See this project in Snyk: https://app.snyk.io/org/nerds-github/project/ef708957-d107-4807-bb9b-ffb67ea15337?utm_source=github&utm_medium=referral&page=upgrade-pr

[Snyk] Upgrade @supabase/supabase-js from 2.45.4 to 2.76.1 #297

Are you sure you want to change the base?

[Snyk] Upgrade @supabase/supabase-js from 2.45.4 to 2.76.1 #297

Uh oh!

Conversation

nerdy-tech-com-gitub commented Nov 18, 2025

Snyk has created this PR to upgrade @supabase/supabase-js from 2.45.4 to 2.76.1.

Issues fixed by the recommended upgrade:

2.76.1 (2025-10-21)

🩹 Fixes

❤️ Thank You

2.76.0 (2025-10-20)

🚀 Features

🩹 Fixes

❤️ Thank You

2.75.2-canary.1 (2025-10-20)

🩹 Fixes

❤️ Thank You

2.75.2-canary.0 (2025-10-17)

🚀 Features

🩹 Fixes

❤️ Thank You

2.75.1 (2025-10-17)

🩹 Fixes

❤️ Thank You

2.75.1-canary.5 (2025-10-16)

🩹 Fixes

❤️ Thank You

2.75.1-canary.4 (2025-10-16)

🩹 Fixes

❤️ Thank You

2.75.1-canary.3 (2025-10-13)

🩹 Fixes

❤️ Thank You

2.75.1-canary.2 (2025-10-13)

🚀 Features

❤️ Thank You

2.75.1-canary.1 (2025-10-09)

🩹 Fixes

❤️ Thank You

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants