[Snyk] Upgrade @supabase/supabase-js from 2.53.0 to 2.90.1

[antid]

Snyk has created this PR to upgrade @supabase/supabase-js from 2.53.0 to 2.90.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 144 versions ahead of your current version.

• The recommended version was released a month ago.

Release notes

Package name: @supabase/supabase-js

• 2.90.1 - 2026-01-08
  

  2.90.1 (2026-01-08)

  🩹 Fixes

  • postgrest: prevent shared state between query builder operations (#1978)
  • realtime: validate table filter in postgres_changes event dispatch (#1999)

  ❤️ Thank You

  • Vaibhav @ 7ttp
• 2.90.1-canary.1 - 2026-01-08
  

  2.90.1-canary.1 (2026-01-08)

  🩹 Fixes

  • postgrest: prevent shared state between query builder operations (#1978)

  ❤️ Thank You

  • Vaibhav @ 7ttp
• 2.90.1-canary.0 - 2026-01-07
  

  2.90.1-canary.0 (2026-01-07)

  🩹 Fixes

  • realtime: validate table filter in postgres_changes event dispatch (#1999)

  ❤️ Thank You

  • Vaibhav @ 7ttp
• 2.90.0 - 2026-01-07
  

  2.90.0 (2026-01-07)

  🚀 Features

  • realtime: expose heartbeat latency on heartbeat callback (#1982)

  🩹 Fixes

  • auth: add banned_until property to user type (#1989)
  • auth: add last_challenged_at property to factor type (#1990)
  • auth: clear initial setTimeout in stopAutoRefresh (#1993)
  • auth: preserve session when magic link is clicked twice (#1996)
  • auth: add configurable lock acquisition timeout to prevent deadlocks (#1962)
  • functions: auto-stringify object body when custom Content-Type header is provided (#1988)
  • postgrest: use post with return minimal for rpc head requests with object args (#1994)
  • supabase: split type-only exports to avoid unused import warnings (#1979)
  • supabase: inline string literal in databasewithoutinternals type (#1986)
  • supabase: avoid edge runtime warnings in next.js (#1998)

  ❤️ Thank You

  • Eduardo Gurgel
  • Nico Kempe @ nicokempe
  • Vaibhav @ 7ttp
  • yoshifumi kondo @ yoshifumi-kondo
• 2.89.1-canary.8 - 2026-01-07
  

  2.89.1-canary.8 (2026-01-07)

  🩹 Fixes

  • auth: add configurable lock acquisition timeout to prevent deadlocks (#1962)

  ❤️ Thank You

  • yoshifumi kondo @ yoshifumi-kondo
• 2.89.1-canary.7 - 2026-01-07
  

  2.89.1-canary.7 (2026-01-07)

  🩹 Fixes

  • functions: auto-stringify object body when custom Content-Type header is provided (#1988)
  • postgrest: use post with return minimal for rpc head requests with object args (#1994)

  ❤️ Thank You

  • Vaibhav @ 7ttp
• 2.89.1-canary.6 - 2026-01-05
  

  2.89.1-canary.6 (2026-01-05)

  🩹 Fixes

  • auth: preserve session when magic link is clicked twice (#1996)

  ❤️ Thank You

  • Vaibhav @ 7ttp
• 2.89.1-canary.5 - 2026-01-05
  

  2.89.1-canary.5 (2026-01-05)

  🩹 Fixes

  • auth: clear initial setTimeout in stopAutoRefresh (#1993)

  ❤️ Thank You

  • Vaibhav @ 7ttp
• 2.89.1-canary.4 - 2026-01-05
  

  2.89.1-canary.4 (2026-01-05)

  🩹 Fixes

  • supabase: avoid edge runtime warnings in next.js (#1998)

  ❤️ Thank You

  • Vaibhav @ 7ttp
• 2.89.1-canary.3 - 2026-01-05
  

  2.89.1-canary.3 (2026-01-05)

  🩹 Fixes

  • supabase: inline string literal in databasewithoutinternals type (#1986)

  ❤️ Thank You

  • Vaibhav @ 7ttp
• 2.89.1-canary.2 - 2026-01-05
• 2.89.1-canary.1 - 2025-12-23
• 2.89.1-canary.0 - 2025-12-23
• 2.89.0 - 2025-12-18
• 2.88.1-canary.1 - 2025-12-17
• 2.88.1-canary.0 - 2025-12-17
• 2.88.0 - 2025-12-16
• 2.87.4-canary.5 - 2025-12-16
• 2.87.4-canary.4 - 2025-12-16
• 2.87.4-canary.3 - 2025-12-16
• 2.87.4-canary.2 - 2025-12-16
• 2.87.4-canary.1 - 2025-12-16
• 2.87.4-canary.0 - 2025-12-15
• 2.87.3 - 2025-12-15
• 2.87.3-canary.1 - 2025-12-15
• 2.87.3-canary.0 - 2025-12-15
• 2.87.2 - 2025-12-15
• 2.87.2-canary.0 - 2025-12-15
• 2.87.1 - 2025-12-09
• 2.87.1-canary.1 - 2025-12-08
• 2.87.1-canary.0 - 2025-12-08
• 2.87.0 - 2025-12-08
• 2.86.3-canary.0 - 2025-12-05
• 2.86.2 - 2025-12-04
• 2.86.2-canary.0 - 2025-12-04
• 2.86.1 - 2025-12-04
• 2.86.1-canary.0 - 2025-12-04
• 2.86.0 - 2025-11-26
• 2.85.1-canary.0 - 2025-11-26
• 2.85.0 - 2025-11-26
• 2.84.1-canary.1 - 2025-11-26
• 2.84.1-canary.0 - 2025-11-26
• 2.84.0 - 2025-11-20
• 2.83.1-canary.2 - 2025-11-19
• 2.83.1-canary.1 - 2025-11-19
• 2.83.1-canary.0 - 2025-11-19
• 2.83.0 - 2025-11-18
• 2.82.1-canary.0 - 2025-11-18
• 2.82.0 - 2025-11-18
• 2.81.2-canary.3 - 2025-11-18
• 2.81.2-canary.2 - 2025-11-18
• 2.81.2-canary.1 - 2025-11-17
• 2.81.2-canary.0 - 2025-11-12
• 2.81.1 - 2025-11-11
• 2.81.1-canary.1 - 2025-11-11
• 2.81.1-canary.0 - 2025-11-11
• 2.81.0 - 2025-11-10
• 2.80.1-canary.5 - 2025-11-10
• 2.80.1-canary.4 - 2025-11-07
• 2.80.1-canary.3 - 2025-11-07
• 2.80.1-canary.2 - 2025-11-07
• 2.80.1-canary.1 - 2025-10-01
• 2.80.1-canary.0 - 2025-10-01
• 2.80.0 - 2025-11-06
• 2.79.1-canary.2 - 2025-10-03
• 2.79.1-canary.1 - 2025-10-02
• 2.79.1-canary.0 - 2025-10-02
• 2.79.0 - 2025-11-04
• 2.78.1-canary.1 - 2025-11-04
• 2.78.1-canary.0 - 2025-10-31
• 2.78.0 - 2025-10-30
• 2.77.1-canary.2 - 2025-10-30
• 2.77.1-canary.1 - 2025-10-30
• 2.77.1-canary.0 - 2025-10-29
• 2.77.0 - 2025-10-29
• 2.76.2-canary.2 - 2025-10-23
• 2.76.2-canary.1 - 2025-10-22
• 2.76.2-canary.0 - 2025-10-21
• 2.76.1 - 2025-10-21
• 2.76.0 - 2025-10-20
• 2.75.2-canary.1 - 2025-10-20
• 2.75.2-canary.0 - 2025-10-17
• 2.75.1 - 2025-10-17
• 2.75.1-canary.5 - 2025-10-16
• 2.75.1-canary.4 - 2025-10-16
• 2.75.1-canary.3 - 2025-10-13
• 2.75.1-canary.2 - 2025-10-13
• 2.75.1-canary.1 - 2025-10-09
• 2.75.1-canary.0 - 2025-10-09
• 2.75.0 - 2025-10-09
• 2.74.1-canary.7 - 2025-10-08
• 2.74.1-canary.6 - 2025-10-07
• 2.74.1-canary.5 - 2025-10-07
• 2.74.1-canary.4 - 2025-10-07
• 2.74.1-canary.3 - 2025-10-07
• 2.74.1-canary.2 - 2025-10-06
• 2.74.1-canary.1 - 2025-10-06
• 2.74.1-canary.0 - 2025-10-06
• 2.74.0 - 2025-10-06
• 2.73.1-canary.8 - 2025-10-06
• 2.73.1-canary.7 - 2025-10-06
• 2.73.1-canary.6 - 2025-10-06
• 2.73.1-canary.5 - 2025-10-06
• 2.72.1-canary.15 - 2025-09-26
• 2.72.1-canary.14 - 2025-09-26
• 2.72.1-canary.13 - 2025-09-26
• 2.72.1-canary.12 - 2025-09-26
• 2.72.1-canary.11 - 2025-09-26
• 2.72.1-canary.10 - 2025-09-26
• 2.72.1-canary.9 - 2025-09-26
• 2.72.1-canary.8 - 2025-09-26
• 2.72.1-canary.7 - 2025-09-26
• 2.72.1-canary.6 - 2025-09-26
• 2.72.1-canary.5 - 2025-09-26
• 2.72.1-canary.2 - 2025-09-24
• 2.72.1-canary.0 - 2025-09-30
• 2.71.2-canary.29 - 2025-09-23
• 2.71.2-canary.28 - 2025-09-23
• 2.71.2-canary.27 - 2025-09-23
• 2.71.2-canary.7 - 2025-09-19
• 2.71.2-canary.6 - 2025-09-19
• 2.71.2-canary.4 - 2025-09-19
• 2.71.2-canary.3 - 2025-09-19
• 2.71.2-canary.2 - 2025-09-19
• 2.71.2-canary.1 - 2025-09-19
• 2.71.2-canary.0 - 2025-09-18
• 2.58.1-canary.0 - 2025-10-01
• 2.58.0 - 2025-09-25
• 2.57.4 - 2025-09-09
• 2.57.3 - 2025-09-09
• 2.57.2 - 2025-09-05
• 2.57.1 - 2025-09-05
• 2.57.0 - 2025-09-02
• 2.57.0-next.4 - 2025-08-29
• 2.57.0-next.3 - 2025-08-29
• 2.57.0-next.2 - 2025-08-29
• 2.57.0-next.1 - 2025-08-29
• 2.56.1 - 2025-08-29
• 2.56.1-next.1 - 2025-08-29
• 2.56.0 - 2025-08-21
• 2.55.0 - 2025-08-12
• 2.55.0-next.1 - 2025-08-12
• 2.54.0 - 2025-08-07
• 2.53.1 - 2025-08-07
• 2.53.0 - 2025-07-28

from @supabase/supabase-js GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
devtoolbox	Error		Feb 8, 2026 11:40am