From 4523c6280f45a4a837a9a74d890d62ff5113d7a1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cemal=20K=C4=B1l=C4=B1=C3=A7?= Date: Thu, 2 Oct 2025 16:17:25 +0200 Subject: [PATCH 01/14] feat(kong): Add `.well-known/oauth-authorization-server` endpoint (#4239) feat(kong): Add `.well-known/oauth-authorization-server` endpoint routing --- internal/start/templates/kong.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/internal/start/templates/kong.yml b/internal/start/templates/kong.yml index d722139af..fb76e42ea 100644 --- a/internal/start/templates/kong.yml +++ b/internal/start/templates/kong.yml @@ -45,6 +45,16 @@ services: replace: headers: - "Authorization: {{ .BearerToken }}" + - name: well-known-oauth + _comment: "GoTrue: /.well-known/oauth-authorization-server -> http://auth:9999/.well-known/oauth-authorization-server" + url: http://{{ .GotrueId }}:9999/.well-known/oauth-authorization-server + routes: + - name: well-known-oauth + strip_path: true + paths: + - /.well-known/oauth-authorization-server + plugins: + - name: cors - name: auth-v1 _comment: "GoTrue: /auth/v1/* -> http://auth:9999/*" url: http://{{ .GotrueId }}:9999/ From e14e6297e41fa8866dfe23b63b5e6545daa99e68 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 3 Oct 2025 04:32:47 +0000 Subject: [PATCH 02/14] chore(deps): bump supabase/postgres from 17.6.1.011 to 17.6.1.012 in /pkg/config/templates (#4241) chore(deps): bump supabase/postgres in /pkg/config/templates Bumps supabase/postgres from 17.6.1.011 to 17.6.1.012. --- updated-dependencies: - dependency-name: supabase/postgres dependency-version: 17.6.1.012 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pkg/config/templates/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/config/templates/Dockerfile b/pkg/config/templates/Dockerfile index 1afea6435..496c39121 100644 --- a/pkg/config/templates/Dockerfile +++ b/pkg/config/templates/Dockerfile @@ -1,5 +1,5 @@ # Exposed for updates by .github/dependabot.yml -FROM supabase/postgres:17.6.1.011 AS pg +FROM supabase/postgres:17.6.1.012 AS pg # Append to ServiceImages when adding new dependencies below FROM library/kong:2.8.1 AS kong FROM axllent/mailpit:v1.22.3 AS mailpit From 1d337c9e24df3be2fdcf450f25488eb700c88f2d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 3 Oct 2025 04:38:13 +0000 Subject: [PATCH 03/14] chore(deps): bump the docker-minor group in /pkg/config/templates with 2 updates (#4240) chore(deps): bump the docker-minor group Bumps the docker-minor group in /pkg/config/templates with 2 updates: supabase/supavisor and supabase/realtime. Updates `supabase/supavisor` from 2.7.0 to 2.7.1 Updates `supabase/realtime` from v2.51.11 to v2.51.15 --- updated-dependencies: - dependency-name: supabase/supavisor dependency-version: 2.7.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: docker-minor - dependency-name: supabase/realtime dependency-version: v2.51.15 dependency-type: direct:production dependency-group: docker-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pkg/config/templates/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/config/templates/Dockerfile b/pkg/config/templates/Dockerfile index 496c39121..3d3391905 100644 --- a/pkg/config/templates/Dockerfile +++ b/pkg/config/templates/Dockerfile @@ -9,9 +9,9 @@ FROM supabase/studio:2025.10.01-sha-8460121 AS studio FROM darthsim/imgproxy:v3.8.0 AS imgproxy FROM supabase/edge-runtime:v1.69.12 AS edgeruntime FROM timberio/vector:0.28.1-alpine AS vector -FROM supabase/supavisor:2.7.0 AS supavisor +FROM supabase/supavisor:2.7.1 AS supavisor FROM supabase/gotrue:v2.180.0 AS gotrue -FROM supabase/realtime:v2.51.11 AS realtime +FROM supabase/realtime:v2.51.15 AS realtime FROM supabase/storage-api:v1.28.0 AS storage FROM supabase/logflare:1.22.4 AS logflare # Append to JobImages when adding new dependencies below From 4d029641e65f4b5ac9ff11019059d8fb89397a44 Mon Sep 17 00:00:00 2001 From: issuedat <165281975+issuedat@users.noreply.github.com> Date: Fri, 3 Oct 2025 16:48:12 +0200 Subject: [PATCH 04/14] feat(auth): introduce `EmailOptional` config for providers (#4179) * feat(auth): introduce `EmailOptional` config for providers * chore: add config to template * chore: enable new config in tests --------- Co-authored-by: Qiao Han --- internal/start/start.go | 1 + pkg/config/auth.go | 37 ++++++++++++++++++++++++++++++++ pkg/config/templates/config.toml | 2 ++ pkg/config/testdata/config.toml | 2 ++ 4 files changed, 42 insertions(+) diff --git a/internal/start/start.go b/internal/start/start.go index f0fa76e75..5e07d9dd1 100644 --- a/internal/start/start.go +++ b/internal/start/start.go @@ -685,6 +685,7 @@ EOF fmt.Sprintf("GOTRUE_EXTERNAL_%s_CLIENT_ID=%s", strings.ToUpper(name), config.ClientId), fmt.Sprintf("GOTRUE_EXTERNAL_%s_SECRET=%s", strings.ToUpper(name), config.Secret.Value), fmt.Sprintf("GOTRUE_EXTERNAL_%s_SKIP_NONCE_CHECK=%t", strings.ToUpper(name), config.SkipNonceCheck), + fmt.Sprintf("GOTRUE_EXTERNAL_%s_EMAIL_OPTIONAL=%t", strings.ToUpper(name), config.EmailOptional), ) redirectUri := config.RedirectUri diff --git a/pkg/config/auth.go b/pkg/config/auth.go index 053c8296c..c8f017a5c 100644 --- a/pkg/config/auth.go +++ b/pkg/config/auth.go @@ -354,6 +354,7 @@ type ( Url string `toml:"url"` RedirectUri string `toml:"redirect_uri"` SkipNonceCheck bool `toml:"skip_nonce_check"` + EmailOptional bool `toml:"email_optional"` } solana struct { @@ -952,6 +953,7 @@ func (e external) toAuthConfigBody(body *v1API.UpdateAuthConfigBody) { if len(p.Secret.SHA256) > 0 { body.ExternalAppleSecret = nullable.NewNullableWithValue(p.Secret.Value) } + body.ExternalAppleEmailOptional = nullable.NewNullableWithValue(p.EmailOptional) } } if p, ok := e["azure"]; ok { @@ -961,6 +963,7 @@ func (e external) toAuthConfigBody(body *v1API.UpdateAuthConfigBody) { body.ExternalAzureSecret = nullable.NewNullableWithValue(p.Secret.Value) } body.ExternalAzureUrl = nullable.NewNullableWithValue(p.Url) + body.ExternalAzureEmailOptional = nullable.NewNullableWithValue(p.EmailOptional) } } if p, ok := e["bitbucket"]; ok { @@ -969,6 +972,7 @@ func (e external) toAuthConfigBody(body *v1API.UpdateAuthConfigBody) { if len(p.Secret.SHA256) > 0 { body.ExternalBitbucketSecret = nullable.NewNullableWithValue(p.Secret.Value) } + body.ExternalBitbucketEmailOptional = nullable.NewNullableWithValue(p.EmailOptional) } } if p, ok := e["discord"]; ok { @@ -977,6 +981,7 @@ func (e external) toAuthConfigBody(body *v1API.UpdateAuthConfigBody) { if len(p.Secret.SHA256) > 0 { body.ExternalDiscordSecret = nullable.NewNullableWithValue(p.Secret.Value) } + body.ExternalDiscordEmailOptional = nullable.NewNullableWithValue(p.EmailOptional) } } if p, ok := e["facebook"]; ok { @@ -985,6 +990,7 @@ func (e external) toAuthConfigBody(body *v1API.UpdateAuthConfigBody) { if len(p.Secret.SHA256) > 0 { body.ExternalFacebookSecret = nullable.NewNullableWithValue(p.Secret.Value) } + body.ExternalFacebookEmailOptional = nullable.NewNullableWithValue(p.EmailOptional) } } if p, ok := e["figma"]; ok { @@ -993,6 +999,7 @@ func (e external) toAuthConfigBody(body *v1API.UpdateAuthConfigBody) { if len(p.Secret.SHA256) > 0 { body.ExternalFigmaSecret = nullable.NewNullableWithValue(p.Secret.Value) } + body.ExternalFigmaEmailOptional = nullable.NewNullableWithValue(p.EmailOptional) } } if p, ok := e["github"]; ok { @@ -1001,6 +1008,7 @@ func (e external) toAuthConfigBody(body *v1API.UpdateAuthConfigBody) { if len(p.Secret.SHA256) > 0 { body.ExternalGithubSecret = nullable.NewNullableWithValue(p.Secret.Value) } + body.ExternalGithubEmailOptional = nullable.NewNullableWithValue(p.EmailOptional) } } if p, ok := e["gitlab"]; ok { @@ -1010,6 +1018,7 @@ func (e external) toAuthConfigBody(body *v1API.UpdateAuthConfigBody) { body.ExternalGitlabSecret = nullable.NewNullableWithValue(p.Secret.Value) } body.ExternalGitlabUrl = nullable.NewNullableWithValue(p.Url) + body.ExternalGitlabEmailOptional = nullable.NewNullableWithValue(p.EmailOptional) } } if p, ok := e["google"]; ok { @@ -1019,6 +1028,7 @@ func (e external) toAuthConfigBody(body *v1API.UpdateAuthConfigBody) { body.ExternalGoogleSecret = nullable.NewNullableWithValue(p.Secret.Value) } body.ExternalGoogleSkipNonceCheck = nullable.NewNullableWithValue(p.SkipNonceCheck) + body.ExternalGoogleEmailOptional = nullable.NewNullableWithValue(p.EmailOptional) } } if p, ok := e["kakao"]; ok { @@ -1027,6 +1037,7 @@ func (e external) toAuthConfigBody(body *v1API.UpdateAuthConfigBody) { if len(p.Secret.SHA256) > 0 { body.ExternalKakaoSecret = nullable.NewNullableWithValue(p.Secret.Value) } + body.ExternalKakaoEmailOptional = nullable.NewNullableWithValue(p.EmailOptional) } } if p, ok := e["keycloak"]; ok { @@ -1036,6 +1047,7 @@ func (e external) toAuthConfigBody(body *v1API.UpdateAuthConfigBody) { body.ExternalKeycloakSecret = nullable.NewNullableWithValue(p.Secret.Value) } body.ExternalKeycloakUrl = nullable.NewNullableWithValue(p.Url) + body.ExternalKeycloakEmailOptional = nullable.NewNullableWithValue(p.EmailOptional) } } if p, ok := e["linkedin_oidc"]; ok { @@ -1044,6 +1056,7 @@ func (e external) toAuthConfigBody(body *v1API.UpdateAuthConfigBody) { if len(p.Secret.SHA256) > 0 { body.ExternalLinkedinOidcSecret = nullable.NewNullableWithValue(p.Secret.Value) } + body.ExternalLinkedinOidcEmailOptional = nullable.NewNullableWithValue(p.EmailOptional) } } if p, ok := e["notion"]; ok { @@ -1052,6 +1065,7 @@ func (e external) toAuthConfigBody(body *v1API.UpdateAuthConfigBody) { if len(p.Secret.SHA256) > 0 { body.ExternalNotionSecret = nullable.NewNullableWithValue(p.Secret.Value) } + body.ExternalNotionEmailOptional = nullable.NewNullableWithValue(p.EmailOptional) } } if p, ok := e["slack_oidc"]; ok { @@ -1060,6 +1074,7 @@ func (e external) toAuthConfigBody(body *v1API.UpdateAuthConfigBody) { if len(p.Secret.SHA256) > 0 { body.ExternalSlackOidcSecret = nullable.NewNullableWithValue(p.Secret.Value) } + body.ExternalSlackOidcEmailOptional = nullable.NewNullableWithValue(p.EmailOptional) } } if p, ok := e["spotify"]; ok { @@ -1068,6 +1083,7 @@ func (e external) toAuthConfigBody(body *v1API.UpdateAuthConfigBody) { if len(p.Secret.SHA256) > 0 { body.ExternalSpotifySecret = nullable.NewNullableWithValue(p.Secret.Value) } + body.ExternalSpotifyEmailOptional = nullable.NewNullableWithValue(p.EmailOptional) } } if p, ok := e["twitch"]; ok { @@ -1076,6 +1092,7 @@ func (e external) toAuthConfigBody(body *v1API.UpdateAuthConfigBody) { if len(p.Secret.SHA256) > 0 { body.ExternalTwitchSecret = nullable.NewNullableWithValue(p.Secret.Value) } + body.ExternalTwitchEmailOptional = nullable.NewNullableWithValue(p.EmailOptional) } } if p, ok := e["twitter"]; ok { @@ -1084,6 +1101,7 @@ func (e external) toAuthConfigBody(body *v1API.UpdateAuthConfigBody) { if len(p.Secret.SHA256) > 0 { body.ExternalTwitterSecret = nullable.NewNullableWithValue(p.Secret.Value) } + body.ExternalTwitterEmailOptional = nullable.NewNullableWithValue(p.EmailOptional) } } if p, ok := e["workos"]; ok { @@ -1101,6 +1119,7 @@ func (e external) toAuthConfigBody(body *v1API.UpdateAuthConfigBody) { if len(p.Secret.SHA256) > 0 { body.ExternalZoomSecret = nullable.NewNullableWithValue(p.Secret.Value) } + body.ExternalZoomEmailOptional = nullable.NewNullableWithValue(p.EmailOptional) } } } @@ -1119,6 +1138,7 @@ func (e external) fromAuthConfig(remoteConfig v1API.AuthConfigResponse) { if len(p.Secret.SHA256) > 0 { p.Secret.SHA256 = ValOrDefault(remoteConfig.ExternalAppleSecret, "") } + p.EmailOptional = ValOrDefault(remoteConfig.ExternalAppleEmailOptional, false) } p.Enabled = ValOrDefault(remoteConfig.ExternalAppleEnabled, false) e["apple"] = p @@ -1131,6 +1151,7 @@ func (e external) fromAuthConfig(remoteConfig v1API.AuthConfigResponse) { p.Secret.SHA256 = ValOrDefault(remoteConfig.ExternalAzureSecret, "") } p.Url = ValOrDefault(remoteConfig.ExternalAzureUrl, "") + p.EmailOptional = ValOrDefault(remoteConfig.ExternalAzureEmailOptional, false) } p.Enabled = ValOrDefault(remoteConfig.ExternalAzureEnabled, false) e["azure"] = p @@ -1142,6 +1163,7 @@ func (e external) fromAuthConfig(remoteConfig v1API.AuthConfigResponse) { if len(p.Secret.SHA256) > 0 { p.Secret.SHA256 = ValOrDefault(remoteConfig.ExternalBitbucketSecret, "") } + p.EmailOptional = ValOrDefault(remoteConfig.ExternalBitbucketEmailOptional, false) } p.Enabled = ValOrDefault(remoteConfig.ExternalBitbucketEnabled, false) e["bitbucket"] = p @@ -1153,6 +1175,7 @@ func (e external) fromAuthConfig(remoteConfig v1API.AuthConfigResponse) { if len(p.Secret.SHA256) > 0 { p.Secret.SHA256 = ValOrDefault(remoteConfig.ExternalDiscordSecret, "") } + p.EmailOptional = ValOrDefault(remoteConfig.ExternalDiscordEmailOptional, false) } p.Enabled = ValOrDefault(remoteConfig.ExternalDiscordEnabled, false) e["discord"] = p @@ -1164,6 +1187,7 @@ func (e external) fromAuthConfig(remoteConfig v1API.AuthConfigResponse) { if len(p.Secret.SHA256) > 0 { p.Secret.SHA256 = ValOrDefault(remoteConfig.ExternalFacebookSecret, "") } + p.EmailOptional = ValOrDefault(remoteConfig.ExternalFacebookEmailOptional, false) } p.Enabled = ValOrDefault(remoteConfig.ExternalFacebookEnabled, false) e["facebook"] = p @@ -1175,6 +1199,7 @@ func (e external) fromAuthConfig(remoteConfig v1API.AuthConfigResponse) { if len(p.Secret.SHA256) > 0 { p.Secret.SHA256 = ValOrDefault(remoteConfig.ExternalFigmaSecret, "") } + p.EmailOptional = ValOrDefault(remoteConfig.ExternalFigmaEmailOptional, false) } p.Enabled = ValOrDefault(remoteConfig.ExternalFigmaEnabled, false) e["figma"] = p @@ -1186,6 +1211,7 @@ func (e external) fromAuthConfig(remoteConfig v1API.AuthConfigResponse) { if len(p.Secret.SHA256) > 0 { p.Secret.SHA256 = ValOrDefault(remoteConfig.ExternalGithubSecret, "") } + p.EmailOptional = ValOrDefault(remoteConfig.ExternalGithubEmailOptional, false) } p.Enabled = ValOrDefault(remoteConfig.ExternalGithubEnabled, false) e["github"] = p @@ -1198,6 +1224,7 @@ func (e external) fromAuthConfig(remoteConfig v1API.AuthConfigResponse) { p.Secret.SHA256 = ValOrDefault(remoteConfig.ExternalGitlabSecret, "") } p.Url = ValOrDefault(remoteConfig.ExternalGitlabUrl, "") + p.EmailOptional = ValOrDefault(remoteConfig.ExternalGitlabEmailOptional, false) } p.Enabled = ValOrDefault(remoteConfig.ExternalGitlabEnabled, false) e["gitlab"] = p @@ -1213,6 +1240,7 @@ func (e external) fromAuthConfig(remoteConfig v1API.AuthConfigResponse) { p.Secret.SHA256 = ValOrDefault(remoteConfig.ExternalGoogleSecret, "") } p.SkipNonceCheck = ValOrDefault(remoteConfig.ExternalGoogleSkipNonceCheck, false) + p.EmailOptional = ValOrDefault(remoteConfig.ExternalGoogleEmailOptional, false) } p.Enabled = ValOrDefault(remoteConfig.ExternalGoogleEnabled, false) e["google"] = p @@ -1224,6 +1252,7 @@ func (e external) fromAuthConfig(remoteConfig v1API.AuthConfigResponse) { if len(p.Secret.SHA256) > 0 { p.Secret.SHA256 = ValOrDefault(remoteConfig.ExternalKakaoSecret, "") } + p.EmailOptional = ValOrDefault(remoteConfig.ExternalKakaoEmailOptional, false) } p.Enabled = ValOrDefault(remoteConfig.ExternalKakaoEnabled, false) e["kakao"] = p @@ -1236,6 +1265,7 @@ func (e external) fromAuthConfig(remoteConfig v1API.AuthConfigResponse) { p.Secret.SHA256 = ValOrDefault(remoteConfig.ExternalKeycloakSecret, "") } p.Url = ValOrDefault(remoteConfig.ExternalKeycloakUrl, "") + p.EmailOptional = ValOrDefault(remoteConfig.ExternalKeycloakEmailOptional, false) } p.Enabled = ValOrDefault(remoteConfig.ExternalKeycloakEnabled, false) e["keycloak"] = p @@ -1247,6 +1277,7 @@ func (e external) fromAuthConfig(remoteConfig v1API.AuthConfigResponse) { if len(p.Secret.SHA256) > 0 { p.Secret.SHA256 = ValOrDefault(remoteConfig.ExternalLinkedinOidcSecret, "") } + p.EmailOptional = ValOrDefault(remoteConfig.ExternalLinkedinOidcEmailOptional, false) } p.Enabled = ValOrDefault(remoteConfig.ExternalLinkedinOidcEnabled, false) e["linkedin_oidc"] = p @@ -1258,6 +1289,7 @@ func (e external) fromAuthConfig(remoteConfig v1API.AuthConfigResponse) { if len(p.Secret.SHA256) > 0 { p.Secret.SHA256 = ValOrDefault(remoteConfig.ExternalNotionSecret, "") } + p.EmailOptional = ValOrDefault(remoteConfig.ExternalNotionEmailOptional, false) } p.Enabled = ValOrDefault(remoteConfig.ExternalNotionEnabled, false) e["notion"] = p @@ -1269,6 +1301,7 @@ func (e external) fromAuthConfig(remoteConfig v1API.AuthConfigResponse) { if len(p.Secret.SHA256) > 0 { p.Secret.SHA256 = ValOrDefault(remoteConfig.ExternalSlackOidcSecret, "") } + p.EmailOptional = ValOrDefault(remoteConfig.ExternalSlackOidcEmailOptional, false) } p.Enabled = ValOrDefault(remoteConfig.ExternalSlackOidcEnabled, false) e["slack_oidc"] = p @@ -1280,6 +1313,7 @@ func (e external) fromAuthConfig(remoteConfig v1API.AuthConfigResponse) { if len(p.Secret.SHA256) > 0 { p.Secret.SHA256 = ValOrDefault(remoteConfig.ExternalSpotifySecret, "") } + p.EmailOptional = ValOrDefault(remoteConfig.ExternalSpotifyEmailOptional, false) } p.Enabled = ValOrDefault(remoteConfig.ExternalSpotifyEnabled, false) e["spotify"] = p @@ -1291,6 +1325,7 @@ func (e external) fromAuthConfig(remoteConfig v1API.AuthConfigResponse) { if len(p.Secret.SHA256) > 0 { p.Secret.SHA256 = ValOrDefault(remoteConfig.ExternalTwitchSecret, "") } + p.EmailOptional = ValOrDefault(remoteConfig.ExternalTwitchEmailOptional, false) } p.Enabled = ValOrDefault(remoteConfig.ExternalTwitchEnabled, false) e["twitch"] = p @@ -1302,6 +1337,7 @@ func (e external) fromAuthConfig(remoteConfig v1API.AuthConfigResponse) { if len(p.Secret.SHA256) > 0 { p.Secret.SHA256 = ValOrDefault(remoteConfig.ExternalTwitterSecret, "") } + p.EmailOptional = ValOrDefault(remoteConfig.ExternalTwitterEmailOptional, false) } p.Enabled = ValOrDefault(remoteConfig.ExternalTwitterEnabled, false) e["twitter"] = p @@ -1325,6 +1361,7 @@ func (e external) fromAuthConfig(remoteConfig v1API.AuthConfigResponse) { if len(p.Secret.SHA256) > 0 { p.Secret.SHA256 = ValOrDefault(remoteConfig.ExternalZoomSecret, "") } + p.EmailOptional = ValOrDefault(remoteConfig.ExternalZoomEmailOptional, false) } p.Enabled = ValOrDefault(remoteConfig.ExternalZoomEnabled, false) e["zoom"] = p diff --git a/pkg/config/templates/config.toml b/pkg/config/templates/config.toml index 5be2af89a..ebdb83103 100644 --- a/pkg/config/templates/config.toml +++ b/pkg/config/templates/config.toml @@ -275,6 +275,8 @@ redirect_uri = "" url = "" # If enabled, the nonce check will be skipped. Required for local sign in with Google auth. skip_nonce_check = false +# If enabled, it will allow the user to successfully authenticate when the provider does not return an email address. +email_optional = false # Allow Solana wallet holders to sign in to your project via the Sign in with Solana (SIWS, EIP-4361) standard. # You can configure "web3" rate limit in the [auth.rate_limit] section and set up [auth.captcha] if self-hosting. diff --git a/pkg/config/testdata/config.toml b/pkg/config/testdata/config.toml index 10d439399..cc3e7e907 100644 --- a/pkg/config/testdata/config.toml +++ b/pkg/config/testdata/config.toml @@ -285,6 +285,8 @@ secret = "env(AZURE_SECRET)" url = "https://login.microsoftonline.com/tenant" # If enabled, the nonce check will be skipped. Required for local sign in with Google auth. skip_nonce_check = true +# If enabled, it will allow the user to successfully authenticate when the provider does not return an email address. +email_optional = true # Allow Solana wallet holders to sign in to your project via the Sign in with Solana (SIWS, EIP-4361) standard. # You can configure "web3" rate limit in the [auth.rate_limit] section and set up [auth.captcha] if self-hosting. From b9c81963e2dc1a48b19e553aa02a00977329fe0e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 3 Oct 2025 22:48:28 +0800 Subject: [PATCH 05/14] chore(deps): bump the go-minor group across 1 directory with 2 updates (#4243) Bumps the go-minor group with 2 updates in the / directory: [github.com/docker/cli](https://github.com/docker/cli) and [github.com/docker/docker](https://github.com/docker/docker). Updates `github.com/docker/cli` from 28.4.0+incompatible to 28.5.0+incompatible - [Commits](https://github.com/docker/cli/compare/v28.4.0...v28.5.0) Updates `github.com/docker/docker` from 28.4.0+incompatible to 28.5.0+incompatible - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v28.4.0...v28.5.0) --- updated-dependencies: - dependency-name: github.com/docker/cli dependency-version: 28.5.0+incompatible dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor - dependency-name: github.com/docker/docker dependency-version: 28.5.0+incompatible dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 6 +++--- go.sum | 8 ++++---- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/go.mod b/go.mod index b1aae5c68..8f248cc1b 100644 --- a/go.mod +++ b/go.mod @@ -13,14 +13,15 @@ require ( github.com/charmbracelet/lipgloss v1.1.1-0.20250404203927-76690c660834 github.com/containerd/errdefs v1.0.0 github.com/containers/common v0.64.2 - github.com/docker/cli v28.4.0+incompatible - github.com/docker/docker v28.4.0+incompatible + github.com/docker/cli v28.5.0+incompatible + github.com/docker/docker v28.5.0+incompatible github.com/docker/go-connections v0.6.0 github.com/fsnotify/fsnotify v1.9.0 github.com/getsentry/sentry-go v0.35.3 github.com/go-errors/errors v1.5.1 github.com/go-git/go-git/v5 v5.16.2 github.com/go-playground/validator/v10 v10.27.0 + github.com/go-viper/mapstructure/v2 v2.4.0 github.com/go-xmlfmt/xmlfmt v1.1.3 github.com/golang-jwt/jwt/v5 v5.3.0 github.com/google/go-github/v62 v62.0.0 @@ -153,7 +154,6 @@ require ( github.com/go-toolsmith/astp v1.1.0 // indirect github.com/go-toolsmith/strparse v1.1.0 // indirect github.com/go-toolsmith/typep v1.1.0 // indirect - github.com/go-viper/mapstructure/v2 v2.4.0 // indirect github.com/gobwas/glob v0.2.3 // indirect github.com/godbus/dbus/v5 v5.1.0 // indirect github.com/gofrs/flock v0.12.1 // indirect diff --git a/go.sum b/go.sum index 718c44908..ac32a3a09 100644 --- a/go.sum +++ b/go.sum @@ -237,13 +237,13 @@ github.com/dlclark/regexp2 v1.11.5 h1:Q/sSnsKerHeCkc/jSTNq1oCm7KiVgUMZRDUoRu0JQZ github.com/dlclark/regexp2 v1.11.5/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8= github.com/dnephin/pflag v1.0.7 h1:oxONGlWxhmUct0YzKTgrpQv9AUA1wtPBn7zuSjJqptk= github.com/dnephin/pflag v1.0.7/go.mod h1:uxE91IoWURlOiTUIA8Mq5ZZkAv3dPUfZNaT80Zm7OQE= -github.com/docker/cli v28.4.0+incompatible h1:RBcf3Kjw2pMtwui5V0DIMdyeab8glEw5QY0UUU4C9kY= -github.com/docker/cli v28.4.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= +github.com/docker/cli v28.5.0+incompatible h1:crVqLrtKsrhC9c00ythRx435H8LiQnUKRtJLRR+Auxk= +github.com/docker/cli v28.5.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/docker v28.4.0+incompatible h1:KVC7bz5zJY/4AZe/78BIvCnPsLaC9T/zh72xnlrTTOk= -github.com/docker/docker v28.4.0+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v28.5.0+incompatible h1:ZdSQoRUE9XxhFI/B8YLvhnEFMmYN9Pp8Egd2qcaFk1E= +github.com/docker/docker v28.5.0+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.9.3 h1:gAm/VtF9wgqJMoxzT3Gj5p4AqIjCBS4wrsOh9yRqcz8= github.com/docker/docker-credential-helpers v0.9.3/go.mod h1:x+4Gbw9aGmChi3qTLZj8Dfn0TD20M/fuWy0E5+WDeCo= github.com/docker/go v1.5.1-1.0.20160303222718-d30aec9fd63c h1:lzqkGL9b3znc+ZUgi7FlLnqjQhcXxkNM/quxIjBVMD0= From aa27154343a579acde387722b07c8bf8638da003 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 6 Oct 2025 04:30:46 +0000 Subject: [PATCH 06/14] chore(deps): bump supabase/postgres from 17.6.1.012 to 17.6.1.013 in /pkg/config/templates (#4249) chore(deps): bump supabase/postgres in /pkg/config/templates Bumps supabase/postgres from 17.6.1.012 to 17.6.1.013. --- updated-dependencies: - dependency-name: supabase/postgres dependency-version: 17.6.1.013 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pkg/config/templates/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/config/templates/Dockerfile b/pkg/config/templates/Dockerfile index 3d3391905..360d9d856 100644 --- a/pkg/config/templates/Dockerfile +++ b/pkg/config/templates/Dockerfile @@ -1,5 +1,5 @@ # Exposed for updates by .github/dependabot.yml -FROM supabase/postgres:17.6.1.012 AS pg +FROM supabase/postgres:17.6.1.013 AS pg # Append to ServiceImages when adding new dependencies below FROM library/kong:2.8.1 AS kong FROM axllent/mailpit:v1.22.3 AS mailpit From e43b5c6c66505aca7082783c785a1d5d7d92c893 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 6 Oct 2025 04:42:46 +0000 Subject: [PATCH 07/14] chore(deps): bump the docker-minor group in /pkg/config/templates with 2 updates (#4251) chore(deps): bump the docker-minor group Bumps the docker-minor group in /pkg/config/templates with 2 updates: supabase/studio and supabase/realtime. Updates `supabase/studio` from 2025.10.01-sha-8460121 to 2025.10.06-sha-426fda2 Updates `supabase/realtime` from v2.51.15 to v2.52.0 --- updated-dependencies: - dependency-name: supabase/studio dependency-version: 2025.10.06-sha-426fda2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: docker-minor - dependency-name: supabase/realtime dependency-version: v2.52.0 dependency-type: direct:production dependency-group: docker-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pkg/config/templates/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/config/templates/Dockerfile b/pkg/config/templates/Dockerfile index 360d9d856..84c43fac9 100644 --- a/pkg/config/templates/Dockerfile +++ b/pkg/config/templates/Dockerfile @@ -5,13 +5,13 @@ FROM library/kong:2.8.1 AS kong FROM axllent/mailpit:v1.22.3 AS mailpit FROM postgrest/postgrest:v13.0.7 AS postgrest FROM supabase/postgres-meta:v0.91.6 AS pgmeta -FROM supabase/studio:2025.10.01-sha-8460121 AS studio +FROM supabase/studio:2025.10.06-sha-426fda2 AS studio FROM darthsim/imgproxy:v3.8.0 AS imgproxy FROM supabase/edge-runtime:v1.69.12 AS edgeruntime FROM timberio/vector:0.28.1-alpine AS vector FROM supabase/supavisor:2.7.1 AS supavisor FROM supabase/gotrue:v2.180.0 AS gotrue -FROM supabase/realtime:v2.51.15 AS realtime +FROM supabase/realtime:v2.52.0 AS realtime FROM supabase/storage-api:v1.28.0 AS storage FROM supabase/logflare:1.22.4 AS logflare # Append to JobImages when adding new dependencies below From 6e9af16cc948906ae2cb4fa4175fae7e69e5afb7 Mon Sep 17 00:00:00 2001 From: Han Qiao Date: Mon, 6 Oct 2025 17:25:44 +0800 Subject: [PATCH 08/14] fix(DEVWF-755): remember profile after login (#4253) fix: remember profile after login --- cmd/login.go | 8 ++++++++ cmd/root.go | 1 + internal/utils/misc.go | 1 + internal/utils/profile.go | 17 +++++++++++++++-- 4 files changed, 25 insertions(+), 2 deletions(-) diff --git a/cmd/login.go b/cmd/login.go index ca9aea666..d1d4086fd 100644 --- a/cmd/login.go +++ b/cmd/login.go @@ -6,6 +6,7 @@ import ( "github.com/go-errors/errors" "github.com/spf13/afero" "github.com/spf13/cobra" + "github.com/spf13/viper" "github.com/supabase/cli/internal/login" "github.com/supabase/cli/internal/utils" "golang.org/x/term" @@ -38,6 +39,13 @@ var ( } return login.Run(cmd.Context(), os.Stdout, params) }, + PostRunE: func(cmd *cobra.Command, args []string) error { + if prof := viper.GetString("PROFILE"); viper.IsSet("PROFILE") { + // Failure to save should block subsequent commands on CI + return utils.WriteFile(utils.ProfilePath, []byte(prof), afero.NewOsFs()) + } + return nil + }, } ) diff --git a/cmd/root.go b/cmd/root.go index db1cfabbc..8329cd86c 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -120,6 +120,7 @@ var ( if viper.GetBool("DEBUG") { http.DefaultTransport = debug.NewTransport() fmt.Fprintln(os.Stderr, cmd.Root().Short) + fmt.Fprintf(os.Stderr, "Using profile: %s (%s)\n", utils.CurrentProfile.Name, utils.CurrentProfile.ProjectHost) } cmd.SetContext(ctx) // Setup sentry last to ignore errors from parsing cli flags diff --git a/internal/utils/misc.go b/internal/utils/misc.go index 80fb13b27..84d65eaeb 100644 --- a/internal/utils/misc.go +++ b/internal/utils/misc.go @@ -74,6 +74,7 @@ var ( PoolerVersionPath = filepath.Join(TempDir, "pooler-version") RealtimeVersionPath = filepath.Join(TempDir, "realtime-version") CliVersionPath = filepath.Join(TempDir, "cli-latest") + ProfilePath = filepath.Join(TempDir, "profile") CurrBranchPath = filepath.Join(SupabaseDirPath, ".branches", "_current_branch") SchemasDir = filepath.Join(SupabaseDirPath, "schemas") MigrationsDir = filepath.Join(SupabaseDirPath, "migrations") diff --git a/internal/utils/profile.go b/internal/utils/profile.go index 53da75858..d05d493f3 100644 --- a/internal/utils/profile.go +++ b/internal/utils/profile.go @@ -43,10 +43,9 @@ var allProfiles = []Profile{{ var CurrentProfile Profile func LoadProfile(ctx context.Context, fsys afero.Fs) error { - prof := viper.GetString("PROFILE") + prof := getProfileName(fsys) for _, p := range allProfiles { if strings.EqualFold(p.Name, prof) { - fmt.Fprintln(GetDebugLogger(), "Using project host:", p.ProjectHost) CurrentProfile = p return nil } @@ -68,3 +67,17 @@ func LoadProfile(ctx context.Context, fsys afero.Fs) error { } return nil } + +func getProfileName(fsys afero.Fs) string { + debuglogger := GetDebugLogger() + if prof := viper.GetString("PROFILE"); viper.IsSet("PROFILE") { + fmt.Fprintln(debuglogger, "Loading profile from flag:", prof) + return prof + } else if content, err := afero.ReadFile(fsys, ProfilePath); err == nil { + fmt.Fprintln(debuglogger, "Loading profile from file:", ProfilePath) + return string(content) + } else { + fmt.Fprintln(debuglogger, err) + return prof + } +} From 4da30e7535ea88eea7e1d635a8e2e061dca0c3e4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 7 Oct 2025 04:10:54 +0800 Subject: [PATCH 09/14] chore(deps): bump the go-minor group across 1 directory with 2 updates (#4252) Bumps the go-minor group with 2 updates in the / directory: [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) and [github.com/go-playground/validator/v10](https://github.com/go-playground/validator). Updates `github.com/go-git/go-git/v5` from 5.16.2 to 5.16.3 - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.16.2...v5.16.3) Updates `github.com/go-playground/validator/v10` from 10.27.0 to 10.28.0 - [Release notes](https://github.com/go-playground/validator/releases) - [Commits](https://github.com/go-playground/validator/compare/v10.27.0...v10.28.0) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-version: 5.16.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go-minor - dependency-name: github.com/go-playground/validator/v10 dependency-version: 10.28.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 6 +++--- go.sum | 12 ++++++------ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index 8f248cc1b..e6064fa62 100644 --- a/go.mod +++ b/go.mod @@ -19,8 +19,8 @@ require ( github.com/fsnotify/fsnotify v1.9.0 github.com/getsentry/sentry-go v0.35.3 github.com/go-errors/errors v1.5.1 - github.com/go-git/go-git/v5 v5.16.2 - github.com/go-playground/validator/v10 v10.27.0 + github.com/go-git/go-git/v5 v5.16.3 + github.com/go-playground/validator/v10 v10.28.0 github.com/go-viper/mapstructure/v2 v2.4.0 github.com/go-xmlfmt/xmlfmt v1.1.3 github.com/golang-jwt/jwt/v5 v5.3.0 @@ -135,7 +135,7 @@ require ( github.com/firefart/nonamedreturns v1.0.6 // indirect github.com/fvbommel/sortorder v1.1.0 // indirect github.com/fzipp/gocyclo v0.6.0 // indirect - github.com/gabriel-vasile/mimetype v1.4.8 // indirect + github.com/gabriel-vasile/mimetype v1.4.10 // indirect github.com/getkin/kin-openapi v0.131.0 // indirect github.com/ghostiam/protogetter v0.3.15 // indirect github.com/go-critic/go-critic v0.13.0 // indirect diff --git a/go.sum b/go.sum index ac32a3a09..d581260fb 100644 --- a/go.sum +++ b/go.sum @@ -296,8 +296,8 @@ github.com/fvbommel/sortorder v1.1.0 h1:fUmoe+HLsBTctBDoaBwpQo5N+nrCp8g/BjKb/6ZQ github.com/fvbommel/sortorder v1.1.0/go.mod h1:uk88iVf1ovNn1iLfgUVU2F9o5eO30ui720w+kxuqRs0= github.com/fzipp/gocyclo v0.6.0 h1:lsblElZG7d3ALtGMx9fmxeTKZaLLpU8mET09yN4BBLo= github.com/fzipp/gocyclo v0.6.0/go.mod h1:rXPyn8fnlpa0R2csP/31uerbiVBugk5whMdlyaLkLoA= -github.com/gabriel-vasile/mimetype v1.4.8 h1:FfZ3gj38NjllZIeJAmMhr+qKL8Wu+nOoI3GqacKw1NM= -github.com/gabriel-vasile/mimetype v1.4.8/go.mod h1:ByKUIKGjh1ODkGM1asKUbQZOLGrPjydw3hYPU2YU9t8= +github.com/gabriel-vasile/mimetype v1.4.10 h1:zyueNbySn/z8mJZHLt6IPw0KoZsiQNszIpU+bX4+ZK0= +github.com/gabriel-vasile/mimetype v1.4.10/go.mod h1:d+9Oxyo1wTzWdyVUPMmXFvp4F9tea18J8ufA774AB3s= github.com/getkin/kin-openapi v0.131.0 h1:NO2UeHnFKRYhZ8wg6Nyh5Cq7dHk4suQQr72a4pMrDxE= github.com/getkin/kin-openapi v0.131.0/go.mod h1:3OlG51PCYNsPByuiMB0t4fjnNlIDnaEDsjiKUV8nL58= github.com/getsentry/sentry-go v0.35.3 h1:u5IJaEqZyPdWqe/hKlBKBBnMTSxB/HenCqF3QLabeds= @@ -316,8 +316,8 @@ github.com/go-git/go-billy/v5 v5.6.2 h1:6Q86EsPXMa7c3YZ3aLAQsMA0VlWmy43r6FHqa/UN github.com/go-git/go-billy/v5 v5.6.2/go.mod h1:rcFC2rAsp/erv7CMz9GczHcuD0D32fWzH+MJAU+jaUU= github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMje31YglSBqCdIqdhKBW8lokaMrL3uTkpGYlE2OOT4= github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII= -github.com/go-git/go-git/v5 v5.16.2 h1:fT6ZIOjE5iEnkzKyxTHK1W4HGAsPhqEqiSAssSO77hM= -github.com/go-git/go-git/v5 v5.16.2/go.mod h1:4Ge4alE/5gPs30F2H1esi2gPd69R0C39lolkucHBOp8= +github.com/go-git/go-git/v5 v5.16.3 h1:Z8BtvxZ09bYm/yYNgPKCzgWtaRqDTgIKRgIRHBfU6Z8= +github.com/go-git/go-git/v5 v5.16.3/go.mod h1:4Ge4alE/5gPs30F2H1esi2gPd69R0C39lolkucHBOp8= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= @@ -342,8 +342,8 @@ github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/o github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY= github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY= github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY= -github.com/go-playground/validator/v10 v10.27.0 h1:w8+XrWVMhGkxOaaowyKH35gFydVHOvC0/uWoy2Fzwn4= -github.com/go-playground/validator/v10 v10.27.0/go.mod h1:I5QpIEbmr8On7W0TktmJAumgzX4CA1XNl4ZmDuVHKKo= +github.com/go-playground/validator/v10 v10.28.0 h1:Q7ibns33JjyW48gHkuFT91qX48KG0ktULL6FgHdG688= +github.com/go-playground/validator/v10 v10.28.0/go.mod h1:GoI6I1SjPBh9p7ykNE/yj3fFYbyDOpwMn5KXd+m2hUU= github.com/go-quicktest/qt v1.101.0 h1:O1K29Txy5P2OK0dGo59b7b0LR6wKfIhttaAhHUyn7eI= github.com/go-quicktest/qt v1.101.0/go.mod h1:14Bz/f7NwaXPtdYEgzsx46kqSxVwTbzVZsDC26tQJow= github.com/go-sql-driver/mysql v1.3.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= From bb968ebfeeff8c8b31216e1adca1f14c773ddc0f Mon Sep 17 00:00:00 2001 From: Han Qiao Date: Tue, 7 Oct 2025 12:07:58 +0800 Subject: [PATCH 10/14] fix: pass down apikey as query param to realtime (#4255) * fix: pass down apikey as query param to realtime * fix: resolve jwks when initialising realtime tenant --- internal/db/start/start.go | 9 +++++++-- internal/start/start.go | 10 +++++++++- internal/start/templates/kong.yml | 6 +++--- pkg/config/config.go | 3 +-- 4 files changed, 20 insertions(+), 8 deletions(-) diff --git a/internal/db/start/start.go b/internal/db/start/start.go index 7febc9294..344227040 100644 --- a/internal/db/start/start.go +++ b/internal/db/start/start.go @@ -272,7 +272,7 @@ func InitSchema14(ctx context.Context, conn *pgx.Conn) error { return file.ExecBatch(ctx, conn) } -func initRealtimeJob(host string) utils.DockerJob { +func initRealtimeJob(host, jwks string) utils.DockerJob { return utils.DockerJob{ Image: utils.Config.Realtime.Image, Env: []string{ @@ -284,6 +284,7 @@ func initRealtimeJob(host string) utils.DockerJob { "DB_NAME=postgres", "DB_AFTER_CONNECT_QUERY=SET search_path TO _realtime", "DB_ENC_KEY=" + utils.Config.Realtime.EncryptionKey, + fmt.Sprintf("API_JWT_JWKS=%s", jwks), "API_JWT_SECRET=" + utils.Config.Auth.JwtSecret.Value, "METRICS_JWT_SECRET=" + utils.Config.Auth.JwtSecret.Value, "APP_NAME=realtime", @@ -341,7 +342,11 @@ func initSchema15(ctx context.Context, host string) error { // Apply service migrations var initJobs []utils.DockerJob if utils.Config.Realtime.Enabled { - initJobs = append(initJobs, initRealtimeJob(host)) + jwks, err := utils.Config.Auth.ResolveJWKS(context.Background()) + if err != nil { + return err + } + initJobs = append(initJobs, initRealtimeJob(host, jwks)) } if utils.Config.Storage.Enabled { initJobs = append(initJobs, initStorageJob(host)) diff --git a/internal/start/start.go b/internal/start/start.go index 5e07d9dd1..c1a57293f 100644 --- a/internal/start/start.go +++ b/internal/start/start.go @@ -87,6 +87,7 @@ type kongConfig struct { ApiHost string ApiPort uint16 BearerToken string + QueryToken string } var ( @@ -145,7 +146,7 @@ func run(ctx context.Context, fsys afero.Fs, excludedContainers []string, dbConf excluded[name] = true } - jwks, err := utils.Config.Auth.ResolveJWKS(ctx, fsys) + jwks, err := utils.Config.Auth.ResolveJWKS(ctx) if err != nil { return err } @@ -362,6 +363,13 @@ EOF utils.Config.Auth.PublishableKey.Value, utils.Config.Auth.AnonKey.Value, ), + QueryToken: fmt.Sprintf( + `$((function() return (query_params.apikey == '%s' and '%s') or (query_params.apikey == '%s' and '%s') or query_params.apikey end)())`, + utils.Config.Auth.SecretKey.Value, + utils.Config.Auth.ServiceRoleKey.Value, + utils.Config.Auth.PublishableKey.Value, + utils.Config.Auth.AnonKey.Value, + ), }); err != nil { return errors.Errorf("failed to exec template: %w", err) } diff --git a/internal/start/templates/kong.yml b/internal/start/templates/kong.yml index fb76e42ea..21489ce08 100644 --- a/internal/start/templates/kong.yml +++ b/internal/start/templates/kong.yml @@ -132,9 +132,9 @@ services: - name: request-transformer config: replace: - headers: - - "Authorization: {{ .BearerToken }}" - - name: realtime-v1-longpoll + querystring: + - "apikey:{{ .QueryToken }}" + - name: realtime-v1-longpoll-not-working _comment: "Realtime: /realtime/v1/* -> ws://realtime:4000/socket/longpoll" url: http://{{ .RealtimeId }}:4000/socket protocol: http diff --git a/pkg/config/config.go b/pkg/config/config.go index d21f1847c..ea49a76ca 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -28,7 +28,6 @@ import ( "github.com/go-errors/errors" "github.com/go-viper/mapstructure/v2" "github.com/joho/godotenv" - "github.com/spf13/afero" "github.com/spf13/viper" "github.com/supabase/cli/pkg/cast" "github.com/supabase/cli/pkg/fetcher" @@ -1428,7 +1427,7 @@ type ( // ResolveJWKS creates the JWKS from the JWT secret and Third-Party Auth // configs by resolving the JWKS via the OIDC discovery URL. // It always returns a JWKS string, except when there's an error fetching. -func (a *auth) ResolveJWKS(ctx context.Context, fsys afero.Fs) (string, error) { +func (a *auth) ResolveJWKS(ctx context.Context) (string, error) { var jwks remoteJWKS if issuerURL := a.ThirdParty.IssuerURL(); issuerURL != "" { From 937942ee5bb9a4f04ec35052c7fa3970176918a4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 7 Oct 2025 04:26:54 +0000 Subject: [PATCH 11/14] chore(deps): bump supabase/postgres from 17.6.1.013 to 17.6.1.015 in /pkg/config/templates (#4259) chore(deps): bump supabase/postgres in /pkg/config/templates Bumps supabase/postgres from 17.6.1.013 to 17.6.1.015. --- updated-dependencies: - dependency-name: supabase/postgres dependency-version: 17.6.1.015 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pkg/config/templates/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/config/templates/Dockerfile b/pkg/config/templates/Dockerfile index 84c43fac9..fb6afa4f1 100644 --- a/pkg/config/templates/Dockerfile +++ b/pkg/config/templates/Dockerfile @@ -1,5 +1,5 @@ # Exposed for updates by .github/dependabot.yml -FROM supabase/postgres:17.6.1.013 AS pg +FROM supabase/postgres:17.6.1.015 AS pg # Append to ServiceImages when adding new dependencies below FROM library/kong:2.8.1 AS kong FROM axllent/mailpit:v1.22.3 AS mailpit From 86f2535d133a83c75dc47f74c872b2b7b029e63e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 7 Oct 2025 12:30:42 +0800 Subject: [PATCH 12/14] chore(deps): bump aws-actions/configure-aws-credentials from 5.0.0 to 5.1.0 in the action-minor group (#4257) chore(deps): bump aws-actions/configure-aws-credentials Bumps the action-minor group with 1 update: [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials). Updates `aws-actions/configure-aws-credentials` from 5.0.0 to 5.1.0 - [Release notes](https://github.com/aws-actions/configure-aws-credentials/releases) - [Changelog](https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md) - [Commits](https://github.com/aws-actions/configure-aws-credentials/compare/v5.0.0...v5.1.0) --- updated-dependencies: - dependency-name: aws-actions/configure-aws-credentials dependency-version: 5.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: action-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/mirror-image.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/mirror-image.yml b/.github/workflows/mirror-image.yml index 9423799ce..d55881de5 100644 --- a/.github/workflows/mirror-image.yml +++ b/.github/workflows/mirror-image.yml @@ -29,7 +29,7 @@ jobs: TAG=${{ inputs.image }} echo "image=${TAG##*/}" >> $GITHUB_OUTPUT - name: configure aws credentials - uses: aws-actions/configure-aws-credentials@v5.0.0 + uses: aws-actions/configure-aws-credentials@v5.1.0 with: role-to-assume: ${{ secrets.PROD_AWS_ROLE }} aws-region: us-east-1 From d04892c86e993047205145f0c0a8b3c0bbf081e0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 7 Oct 2025 12:53:51 +0800 Subject: [PATCH 13/14] chore(deps): bump the go-minor group across 2 directories with 1 update (#4260) Bumps the go-minor group with 1 update in the / directory: [google.golang.org/grpc](https://github.com/grpc/grpc-go). Bumps the go-minor group with 1 update in the /pkg directory: [google.golang.org/grpc](https://github.com/grpc/grpc-go). Updates `google.golang.org/grpc` from 1.75.1 to 1.76.0 - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.75.1...v1.76.0) Updates `google.golang.org/grpc` from 1.75.1 to 1.76.0 - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.75.1...v1.76.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-version: 1.76.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor - dependency-name: google.golang.org/grpc dependency-version: 1.76.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 6 +++--- go.sum | 12 ++++++------ pkg/go.mod | 8 ++++---- pkg/go.sum | 12 ++++++------ 4 files changed, 19 insertions(+), 19 deletions(-) diff --git a/go.mod b/go.mod index e6064fa62..c142207f5 100644 --- a/go.mod +++ b/go.mod @@ -52,7 +52,7 @@ require ( golang.org/x/net v0.44.0 golang.org/x/oauth2 v0.31.0 golang.org/x/term v0.35.0 - google.golang.org/grpc v1.75.1 + google.golang.org/grpc v1.76.0 gopkg.in/yaml.v3 v3.0.1 ) @@ -345,8 +345,8 @@ require ( golang.org/x/tools v0.36.0 // indirect golang.org/x/tools/go/expect v0.1.1-deprecated // indirect golang.org/x/tools/go/packages/packagestest v0.1.1-deprecated // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20250707201910-8d1bb00bc6a7 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20250707201910-8d1bb00bc6a7 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20250804133106-a7a43d27e69b // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20250804133106-a7a43d27e69b // indirect google.golang.org/protobuf v1.36.6 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect diff --git a/go.sum b/go.sum index d581260fb..4a150c8c2 100644 --- a/go.sum +++ b/go.sum @@ -1472,10 +1472,10 @@ google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7Fc google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto/googleapis/api v0.0.0-20250707201910-8d1bb00bc6a7 h1:FiusG7LWj+4byqhbvmB+Q93B/mOxJLN2DTozDuZm4EU= -google.golang.org/genproto/googleapis/api v0.0.0-20250707201910-8d1bb00bc6a7/go.mod h1:kXqgZtrWaf6qS3jZOCnCH7WYfrvFjkC51bM8fz3RsCA= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250707201910-8d1bb00bc6a7 h1:pFyd6EwwL2TqFf8emdthzeX+gZE1ElRq3iM8pui4KBY= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250707201910-8d1bb00bc6a7/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A= +google.golang.org/genproto/googleapis/api v0.0.0-20250804133106-a7a43d27e69b h1:ULiyYQ0FdsJhwwZUwbaXpZF5yUE3h+RA+gxvBu37ucc= +google.golang.org/genproto/googleapis/api v0.0.0-20250804133106-a7a43d27e69b/go.mod h1:oDOGiMSXHL4sDTJvFvIB9nRQCGdLP1o/iVaqQK8zB+M= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250804133106-a7a43d27e69b h1:zPKJod4w6F1+nRGDI9ubnXYhU9NSWoFAijkHkUXeTK8= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250804133106-a7a43d27e69b/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A= google.golang.org/grpc v1.0.5/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= @@ -1489,8 +1489,8 @@ google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKa google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.75.1 h1:/ODCNEuf9VghjgO3rqLcfg8fiOP0nSluljWFlDxELLI= -google.golang.org/grpc v1.75.1/go.mod h1:JtPAzKiq4v1xcAB2hydNlWI2RnF85XXcV0mhKXr2ecQ= +google.golang.org/grpc v1.76.0 h1:UnVkv1+uMLYXoIz6o7chp59WfQUYA2ex/BXQ9rHZu7A= +google.golang.org/grpc v1.76.0/go.mod h1:Ju12QI8M6iQJtbcsV+awF5a4hfJMLi4X0JLo94ULZ6c= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= diff --git a/pkg/go.mod b/pkg/go.mod index 78d0b999c..26264d477 100644 --- a/pkg/go.mod +++ b/pkg/go.mod @@ -11,7 +11,6 @@ require ( github.com/go-errors/errors v1.5.1 github.com/go-viper/mapstructure/v2 v2.4.0 github.com/golang-jwt/jwt/v5 v5.3.0 - github.com/google/uuid v1.6.0 github.com/h2non/gock v1.2.0 github.com/jackc/pgconn v1.14.3 github.com/jackc/pgerrcode v0.0.0-20240316143900-6e2875d9b438 @@ -27,7 +26,7 @@ require ( github.com/stretchr/testify v1.11.1 github.com/tidwall/jsonc v0.3.2 golang.org/x/mod v0.28.0 - google.golang.org/grpc v1.75.1 + google.golang.org/grpc v1.76.0 ) require ( @@ -36,6 +35,7 @@ require ( github.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.0 // indirect github.com/ethereum/go-ethereum v1.15.8 // indirect github.com/fsnotify/fsnotify v1.9.0 // indirect + github.com/google/uuid v1.6.0 // indirect github.com/h2non/parth v0.0.0-20190131123155-b4df798d6542 // indirect github.com/jackc/chunkreader/v2 v2.0.1 // indirect github.com/jackc/pgio v1.0.0 // indirect @@ -52,8 +52,8 @@ require ( github.com/stretchr/objx v0.5.2 // indirect github.com/subosito/gotenv v1.6.0 // indirect go.yaml.in/yaml/v3 v3.0.4 // indirect - golang.org/x/crypto v0.39.0 // indirect - golang.org/x/sys v0.33.0 // indirect + golang.org/x/crypto v0.40.0 // indirect + golang.org/x/sys v0.34.0 // indirect golang.org/x/text v0.28.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/pkg/go.sum b/pkg/go.sum index 58135e559..33e3f8def 100644 --- a/pkg/go.sum +++ b/pkg/go.sum @@ -217,8 +217,8 @@ golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/crypto v0.20.0/go.mod h1:Xwo95rrVNIoSMx9wa1JroENMToLWn3RNVrTBpLHgZPQ= -golang.org/x/crypto v0.39.0 h1:SHs+kF4LP+f+p14esP5jAoDpHU8Gu/v9lFRK6IT5imM= -golang.org/x/crypto v0.39.0/go.mod h1:L+Xg3Wf6HoL4Bn4238Z6ft6KfEpN0tJGo53AAPC632U= +golang.org/x/crypto v0.40.0 h1:r4x+VvoG5Fm+eJcxMaY8CQM7Lb0l1lsmjGBQ6s8BfKM= +golang.org/x/crypto v0.40.0/go.mod h1:Qr1vMER5WyS2dfPHAlsOj01wgLbsyWtFn/aY+5+ZdxY= golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= @@ -255,8 +255,8 @@ golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw= -golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= +golang.org/x/sys v0.34.0 h1:H5Y5sJ2L2JRdyv7ROF1he/lPdvFsd0mJHFw2ThKHxLA= +golang.org/x/sys v0.34.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -290,8 +290,8 @@ golang.org/x/xerrors v0.0.0-20190513163551-3ee3066db522/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/grpc v1.75.1 h1:/ODCNEuf9VghjgO3rqLcfg8fiOP0nSluljWFlDxELLI= -google.golang.org/grpc v1.75.1/go.mod h1:JtPAzKiq4v1xcAB2hydNlWI2RnF85XXcV0mhKXr2ecQ= +google.golang.org/grpc v1.76.0 h1:UnVkv1+uMLYXoIz6o7chp59WfQUYA2ex/BXQ9rHZu7A= +google.golang.org/grpc v1.76.0/go.mod h1:Ju12QI8M6iQJtbcsV+awF5a4hfJMLi4X0JLo94ULZ6c= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= From d0e262c4c2a172c72de9b9f53e6e14a66a7e0549 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 7 Oct 2025 13:51:41 +0800 Subject: [PATCH 14/14] chore(deps): bump supabase/realtime from v2.52.0 to v2.53.0 in /pkg/config/templates in the docker-minor group (#4258) chore(deps): bump supabase/realtime Bumps the docker-minor group in /pkg/config/templates with 1 update: supabase/realtime. Updates `supabase/realtime` from v2.52.0 to v2.53.0 --- updated-dependencies: - dependency-name: supabase/realtime dependency-version: v2.53.0 dependency-type: direct:production dependency-group: docker-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pkg/config/templates/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/config/templates/Dockerfile b/pkg/config/templates/Dockerfile index fb6afa4f1..296857341 100644 --- a/pkg/config/templates/Dockerfile +++ b/pkg/config/templates/Dockerfile @@ -11,7 +11,7 @@ FROM supabase/edge-runtime:v1.69.12 AS edgeruntime FROM timberio/vector:0.28.1-alpine AS vector FROM supabase/supavisor:2.7.1 AS supavisor FROM supabase/gotrue:v2.180.0 AS gotrue -FROM supabase/realtime:v2.52.0 AS realtime +FROM supabase/realtime:v2.53.0 AS realtime FROM supabase/storage-api:v1.28.0 AS storage FROM supabase/logflare:1.22.4 AS logflare # Append to JobImages when adding new dependencies below