[Snyk] Upgrade @supabase/supabase-js from 2.0.4 to 2.49.4

[nerdy-tech-com-gitub]

Snyk has created this PR to upgrade @supabase/supabase-js from 2.0.4 to 2.49.4.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 133 versions ahead of your current version.

• The recommended version was released a month ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Incorrect Authorization SNYK-JS-VITE-9653016	188	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ES5EXT-6095076	188	Proof of Concept
	Access Control Bypass SNYK-JS-VITE-6182924	188	Proof of Concept
	Access Control Bypass SNYK-JS-VITE-9576207	188	Proof of Concept
	Information Exposure SNYK-JS-VITE-9685035	188	Proof of Concept
	Improper Input Validation SNYK-JS-NANOID-8492085	188	No Known Exploit
	Improper Input Validation SNYK-JS-POSTCSS-5926692	188	No Known Exploit
	Cross-site Scripting (XSS) SNYK-JS-ROLLUP-8073097	188	Proof of Concept
	Improper Access Control SNYK-JS-VITE-6531286	188	Proof of Concept
	Information Exposure SNYK-JS-VITE-8023174	188	Proof of Concept
	Origin Validation Error SNYK-JS-VITE-8648411	188	Proof of Concept
	Incorrect Authorization SNYK-JS-VITE-9512410	188	Mature
	Cross-site Scripting (XSS) SNYK-JS-VITE-8022916	188	Proof of Concept

Release notes

Package name: @supabase/supabase-js

• 2.49.4 - 2025-03-29
  

  2.49.4 (2025-03-29)

  Bug Fixes

  • deps: upgrade postgrest-js to 1.19.4 (692e8e8)
• 2.49.3 - 2025-03-24
  

  2.49.3 (2025-03-24)

  Bug Fixes

  • bump auth-js to 2.69.1 (#1383) (f08bfd9)
• 2.49.2 - 2025-03-24
  

  2.49.2 (2025-03-24)

  Bug Fixes

  • bump auth-js to v2.69.0 (#1380) (73ab30d)
• 2.49.1 - 2025-02-24
  

  2.49.1 (2025-02-24)

  Bug Fixes

  • deps: upgrade postgrest-js 1.19.2 (3f01c3f)
• 2.49.0 - 2025-02-24
  

  2.49.0 (2025-02-24)

  Features

  • bump @ supabase/auth-js to 2.68.0 (#1359) (a9ece9a)
• 2.48.1 - 2025-01-24
  

  2.48.1 (2025-01-24)

  Bug Fixes

  • types: bump postgrest-js 1.18.1 (da9e26d), closes #1354
• 2.48.0 - 2025-01-20
  

  2.48.0 (2025-01-20)

  Features

  • deps: bump postgrest-js to 1.18.0 (4397e57)
• 2.47.16 - 2025-01-17
  

  2.47.16 (2025-01-17)

  Bug Fixes

  • 🐛 Fix nullish coalescing operator issue in hasCustomAuthorizationHeader (e8cffda), closes #1338
• 2.47.15 - 2025-01-16
  

  2.47.15 (2025-01-16)

  Bug Fixes

  • Make the return value of accessToken nullable (f8e48ff)
• 2.47.14 - 2025-01-15
  

  2.47.14 (2025-01-15)

  Bug Fixes

  • bump postgrest-js to 1.17.11 (6822cdc)
• 2.47.13 - 2025-01-14
• 2.47.12 - 2025-01-08
• 2.47.11 - 2025-01-07
• 2.47.10 - 2024-12-19
• 2.47.9 - 2024-12-18
• 2.47.8 - 2024-12-16
• 2.47.7 - 2024-12-13
• 2.47.6 - 2024-12-12
• 2.47.5 - 2024-12-11
• 2.47.4 - 2024-12-11
• 2.47.4-rc.1 - 2024-12-11
• 2.47.3 - 2024-12-09
• 2.47.2 - 2024-12-06
• 2.47.1 - 2024-12-05
• 2.47.0 - 2024-12-05
• 2.46.2 - 2024-11-27
• 2.46.2-rc.3 - 2024-11-13
• 2.46.2-rc.2 - 2024-11-13
• 2.46.2-rc.1 - 2024-11-06
• 2.46.1 - 2024-10-30
• 2.46.0 - 2024-10-29
• 2.46.0-rc.5 - 2024-10-29
• 2.46.0-rc.4 - 2024-10-28
• 2.46.0-rc.3 - 2024-10-28
• 2.46.0-rc.2 - 2024-10-18
• 2.46.0-rc.1 - 2024-10-18
• 2.45.6 - 2024-10-19
• 2.45.5 - 2024-10-18
• 2.45.4 - 2024-09-10
• 2.45.3 - 2024-08-30
• 2.45.2 - 2024-08-23
• 2.45.1 - 2024-08-06
• 2.45.0 - 2024-07-29
• 2.44.4 - 2024-07-15
• 2.44.3 - 2024-07-08
• 2.44.2 - 2024-06-28
• 2.44.1 - 2024-06-27
• 2.44.0 - 2024-06-25
• 2.43.6 - 2024-06-25
• 2.43.5 - 2024-06-16
• 2.43.4 - 2024-05-23
• 2.43.3 - 2024-05-22
• 2.43.2 - 2024-05-15
• 2.43.1 - 2024-05-03
• 2.43.0 - 2024-05-01
• 2.42.7 - 2024-04-25
• 2.42.6 - 2024-04-25
• 2.42.5 - 2024-04-18
• 2.42.4 - 2024-04-15
• 2.42.3 - 2024-04-12
• 2.42.2 - 2024-04-12
• 2.42.1 - 2024-04-11
• 2.42.0 - 2024-04-03
• 2.41.1 - 2024-03-28
• 2.41.0 - 2024-03-28
• 2.40.0 - 2024-03-25
• 2.39.8 - 2024-03-12
• 2.39.7 - 2024-02-19
• 2.39.6 - 2024-02-14
• 2.39.5 - 2024-02-14
• 2.39.4 - 2024-02-13
• 2.39.3 - 2024-01-11
• 2.39.2 - 2024-01-02
• 2.39.1 - 2023-12-18
• 2.39.0 - 2023-11-28
• 2.38.5 - 2023-11-20
• 2.38.4 - 2023-10-26
• 2.38.3 - 2023-10-24
• 2.38.2 - 2023-10-19
• 2.38.1 - 2023-10-13
• 2.38.0 - 2023-10-04
• 2.37.0 - 2023-09-29
• 2.36.0 - 2023-09-20
• 2.35.0 - 2023-09-20
• 2.34.0 - 2023-09-19
• 2.33.2 - 2023-09-11
• 2.33.1 - 2023-08-22
• 2.33.0 - 2023-08-22
• 2.32.0 - 2023-08-07
• 2.31.0 - 2023-07-26
• 2.30.0 - 2023-07-26
• 2.29.0 - 2023-07-24
• 2.28.0 - 2023-07-24
• 2.27.0 - 2023-07-23
• 2.26.0 - 2023-06-20
• 2.25.0 - 2023-06-12
• 2.24.0 - 2023-05-30
• 2.23.0 - 2023-05-26
• 2.22.0 - 2023-05-15
• 2.21.0 - 2023-04-19
• 2.20.0 - 2023-04-12
• 2.19.0 - 2023-04-11
• 2.18.0 - 2023-04-11
• 2.17.0 - 2023-04-10
• 2.16.0 - 2023-04-10
• 2.15.0 - 2023-04-07
• 2.14.0 - 2023-04-03
• 2.13.1 - 2023-03-31
• 2.13.0 - 2023-03-30
• 2.12.1 - 2023-03-23
• 2.12.0 - 2023-03-20
• 2.11.0 - 2023-03-16
• 2.10.0 - 2023-03-02
• 2.9.0 - 2023-03-01
• 2.8.0 - 2023-02-15
• 2.7.1 - 2023-02-05
• 2.7.0 - 2023-02-01
• 2.6.0 - 2023-01-31
• 2.5.0 - 2023-01-27
• 2.4.1 - 2023-01-20
• 2.4.0 - 2023-01-11
• 2.3.0 - 2023-01-11
• 2.2.3 - 2022-12-30
• 2.2.2 - 2022-12-22
• 2.2.1 - 2022-12-17
• 2.2.0 - 2022-12-13
• 2.1.4 - 2022-12-13
• 2.1.3 - 2022-12-08
• 2.1.2 - 2022-12-06
• 2.1.1 - 2022-11-23
• 2.1.0 - 2022-11-11
• 2.0.6 - 2022-11-10
• 2.0.5 - 2022-11-01
• 2.0.4 - 2022-10-21

from @supabase/supabase-js GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Summary by Sourcery

Upgrade @supabase/supabase-js from version 2.0.4 to 2.49.4 to address multiple security vulnerabilities

Bug Fixes:

• Upgrade resolves several security vulnerabilities across different Vite, ES5-ext, and other dependencies

Enhancements:

• Update package to the latest version with improved security and potential performance improvements

[sourcery-ai]

Reviewer's Guide by Sourcery

This pull request upgrades the @supabase/supabase-js package from version 2.0.4 to 2.49.4. This resolves multiple vulnerabilities.

No diagrams generated as the changes look simple and do not need a visual representation.

File-Level Changes

Change	Details	Files
The pull request upgrades the @supabase/supabase-js package to version 2.49.4.	Updated the @supabase/supabase-js dependency version from 2.0.4 to 2.49.4.	examples/user-management/vue3-user-management/package.json

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

We have skipped reviewing this pull request. Here's why:

• It seems to have been created by a bot ('[Snyk]' found in title). We assume it knows what it's doing!
• We don't review packaging changes - Let us know if you'd like us to change this.