chore(deps): bump the production-minor-patch group with 2 updates

[dependabot]

Bumps the production-minor-patch group with 2 updates: @supabase/supabase-js and openai.

Updates @supabase/supabase-js from 2.105.4 to 2.106.1

Release notes

Sourced from @​supabase/supabase-js's releases.

v2.106.1

2.106.1 (2026-05-20)

🩹 Fixes

• auth: encode client-id in oauth requests (#2383)
• misc: hide dynamic import from hermesc (#2381)

❤️ Thank You

• Etienne Stalmans @​staaldraad
• Katerina Skroumpelou @​mandarini

v2.106.1-canary.1

2.106.1-canary.1 (2026-05-20)

🩹 Fixes

• misc: hide dynamic import from hermesc (#2381)

❤️ Thank You

• Katerina Skroumpelou @​mandarini

v2.106.1-canary.0

2.106.1-canary.0 (2026-05-20)

🩹 Fixes

• auth: encode client-id in oauth requests (#2383)

❤️ Thank You

• Etienne Stalmans @​staaldraad

v2.106.1-beta.3

2.106.1-beta.3 (2026-05-20)

🩹 Fixes

• auth: encode client-id in oauth requests (#2383)
• misc: otel import issue (8aa1ba2b)
• misc: add tests (459f429d)
• misc: address comments (6fdf9145)
• misc: another approach (334de162)
• misc: more fixes (26c6bbcb)
• misc: fix build (ebfbb428)
• misc: consolidate magic comments for rolldown (149ae914)
• misc: format (1a3f34b7)
• misc: trim comments (2c01bd16)

... (truncated)

Changelog

Sourced from @​supabase/supabase-js's changelog.

2.106.1 (2026-05-20)

🩹 Fixes

• misc: hide dynamic import from hermesc (#2381)

❤️ Thank You

• Katerina Skroumpelou @​mandarini

2.106.0 (2026-05-18)

🚀 Features

• supabase: W3C/OpenTelemetry trace context propagation (#2163)

🩹 Fixes

• release: mark @​supabase/tracing private and snapshot it for JSR (#2370)

❤️ Thank You

• Claude Sonnet 4.5
• Guilherme Souza
• Katerina Skroumpelou @​mandarini

Commits

• 3f9628a fix(misc): hide dynamic import from hermesc (#2381)
• 1761a62 chore(release): version 2.106.0 changelogs (#2379)
• 1c48755 chore(deps): cleanups and updates (#2371)
• 9dfba1c chore(repo): migrate to pnpm (#2368)
• 6731c4a fix(release): mark @​supabase/tracing private and snapshot it for JSR (#2370)
• 2fe1801 feat(supabase): W3C/OpenTelemetry trace context propagation (#2163)
• fae6772 chore(repo): update to nx 22 (#2353)
• c6f7a38 chore(release): version 2.105.4 changelogs (#2342)
• See full diff in compare view

Updates openai from 6.38.0 to 6.39.0

Release notes

Sourced from openai's releases.

v6.39.0

6.39.0 (2026-05-21)

Full Changelog: v6.38.0...v6.39.0

Features

• api: api update (33ea11f)
• api: manual updates (c210b09)
• api: manual updates (92df9dc)
• api: update OpenAPI spec or Stainless config (c7c0f52)

Bug Fixes

• types: allow runtime fetch options (8f5003d)
• typescript: upgrade tsc-multi so that it works with Node 26 (068f9c6)

Chores

• api: docs updates (9d43adb)
• tests: remove redundant File import (5465bbe)

Changelog

Sourced from openai's changelog.

6.39.0 (2026-05-21)

Full Changelog: v6.38.0...v6.39.0

Features

• api: api update (33ea11f)
• api: manual updates (c210b09)
• api: manual updates (92df9dc)
• api: update OpenAPI spec or Stainless config (c7c0f52)

Bug Fixes

• types: allow runtime fetch options (8f5003d)
• typescript: upgrade tsc-multi so that it works with Node 26 (068f9c6)

Chores

• api: docs updates (9d43adb)
• tests: remove redundant File import (5465bbe)

Commits

• 2002111 release: 6.39.0
• d6dc9b7 feat(api): manual updates
• 7444892 feat(api): api update
• f5db3f1 fix(types): allow runtime fetch options
• 33b391a chore(api): docs updates
• bfe3016 fix(typescript): upgrade tsc-multi so that it works with Node 26
• 3320b20 chore(tests): remove redundant File import
• 3250890 feat(api): manual updates
• d9fbf39 feat(api): update OpenAPI spec or Stainless config
• 8a8436e codegen metadata
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Summary by CodeRabbit

• Chores
  • Updated Supabase and OpenAI library versions to latest releases.

[dependabot]

Labels

The following labels could not be found: automated, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[greptile-apps]

dependabot[bot] has reached the 50-review limit for trial accounts. To continue receiving code reviews, upgrade your plan.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 22524275-ae6e-44ce-aea1-aa62c7081858

📥 Commits

Reviewing files that changed from the base of the PR and between 835db0e and ab12d8a.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (1)

• package.json

---

📝 Walkthrough

Walkthrough

Dependency versions are updated in package.json: @supabase/supabase-js from ^2.105.4 to ^2.106.1 and openai from ^6.38.0 to ^6.39.0.

Changes

Dependency Version Updates

Layer / File(s)	Summary
Dependency version bumps package.json	Two production dependencies are updated to newer minor versions: @supabase/supabase-js (^2.105.4 → ^2.106.1) and openai (^6.38.0 → ^6.39.0).

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

• AIX-Format/iqra#111: Both PRs bump the openai dependency with incremental version updates to package.json.

Suggested reviewers

• Moeabdelaziz007

Poem

🐰 A rabbit hops through version lands,
Where dependencies update their strands,
Supabase and OpenAI rise,
To heights of features, new and wise!
Minor bumps, the project flies. 🚀

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically summarizes the main change: dependency version bumps for two production packages in a minor-patch group.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dependabot/npm_and_yarn/production-minor-patch-03a24ee4f4

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}