🔄 Sync with upstream changes#17
Open
h0lybyte wants to merge 560 commits into
Open
Conversation
* feat: add PartitonedTables Peep.Storage implementation using N ETS tables with optional tag-based routing. Each metric write is routed to a specific table based on a `:routing_tag` option. If the routing tag is present in the metric's tags, `:erlang.phash2/2` is used to select the table. Otherwise, the first table is used. This reduces lock contention by routing different tag values (e.g. different tenants) to different ETS tables, without partitioning metrics within a table.
Co-authored-by: supabase-workflow-trigger[bot] <266661614+supabase-workflow-trigger[bot]@users.noreply.github.com>
Improve the local setup to make it straightforward to run the server: ``` mise run db-start mix setup mise run dev ``` - Introduce mise to manage tool versions, tasks, and envs - Removed .tool-versions and Makefile in favor of mise.toml - Introduce `Realtime.Env` to use in runtime.exs with tests and more validations to make it more resilient to avoid hard to debug errors in the server booting process - Group all envs together in `runtime.exs` to have better discoverability, especially for docs (self-hosting) and config - Break readme into dedicated docs to reduce noise in the main readme (easier to scan) - Add Code of Conduct and Contributing guides based on https://github.com/supabase/.github and https://github.com/supabase/supabase - Added env vars into ENVS.md: API_TOKEN_BLOCKLIST, CLUSTER_STRATEGIES, DB_MASTER_REGION, DB_HOST_REPLICA_FRA, DB_HOST_REPLICA_IAD, DB_HOST_REPLICA_SIN, DB_HOST_REPLICA_SJC, REGION, LOGS_ENGINE, LOGFLARE_LOGGER_BACKEND_URL, LOGFLARE_API_KEY, LOGFLARE_SOURCE_ID, JWT_CLAIM_VALIDATORS, METRICS_JWT_SECRET, METRICS_TOKEN_BLOCKLIST, MAX_GEN_RPC_CALL_CLIENTS, PROM_POLL_RATE, AWS_EXECUTION_ENV, JANITOR_MAX_CHILDREN, JANITOR_CHILDREN_TIMEOUT, LOG_THROTTLE_JANITOR_INTERVAL_IN_MS, MEASURE_TRAFFIC_INTERVAL_IN_MS, NO_CHANNEL_TIMEOUT_IN_MS, RPC_TIMEOUT - Removed stale env vars from ENVS.md: DISCONNECT_SOCKET_ON_NO_CHANNELS_INTERVAL_IN_MS, JANITOR_CLEANUP_MAX_CHILDREN, JANITOR_CLEANUP_CHILDREN_TIMEOUT
Used Elixir 1.20 type system to identify violations.
now we can setup otel to track performance of each test and have properly defined spans per test
Co-authored-by: supabase-workflow-trigger[bot] <266661614+supabase-workflow-trigger[bot]@users.noreply.github.com>
Co-authored-by: supabase-workflow-trigger[bot] <266661614+supabase-workflow-trigger[bot]@users.noreply.github.com>
--------- Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Leandro Pereira <leandro@leandro.io>
--------- Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Leandro Pereira <leandro@leandro.io>
--------- Co-authored-by: supabase-autofix-bot <noreply@supabase.com>
add back the log warning for ipv4 address
- Apply schema restrictions when supautils grants are available to avoid unintentional and unexpected changes to realtime schema that's supposed to be protected. - Always connect as `db_user` and removes `db_user_realtime`. The restriction is controlled by migrations only. - Remove feature flag `use_supabase_realtime_admin` Ref REAL-25, REAL-527, REAL-630, REAL-631, REAL-773, REAL-778, SEC-562
* chore: update @supabase/supabase-js to v2.110.1 * chore: update nix node_modules hash --------- Co-authored-by: supabase-workflow-trigger[bot] <266661614+supabase-workflow-trigger[bot]@users.noreply.github.com> Co-authored-by: supabase-autofix-bot <noreply@supabase.com>
Bump mint, req, plug, decimal, etc https://diff.hex.pm/diffs?diffs%5B%5D=castore:1.0.15:1.0.19&diffs%5B%5D=decimal:3.1.0:3.1.1&diffs%5B%5D=finch:0.20.0:0.23.0&diffs%5B%5D=hpax:1.0.3:1.0.4&diffs%5B%5D=mint:1.7.1:1.9.1&diffs%5B%5D=plug:1.19.3:1.20.2&diffs%5B%5D=req:0.5.15:0.6.2 mint 1.7.1 - EEF-CVE-2026-48861 (LOW) aka: CVE-2026-48861, GHSA-2pg6-44cx-c49v CRLF injection in HTTP/1 request line via unvalidated method in Mint https://osv.dev/vulnerability/EEF-CVE-2026-48861 mint 1.7.1 - EEF-CVE-2026-56810 (HIGH) aka: CVE-2026-56810, GHSA-c59h-fq4p-r36r mint buffers an entire chunked response chunk in memory in Mint.HTTP1.decode_body/5 https://osv.dev/vulnerability/EEF-CVE-2026-56810 mint 1.7.1 - EEF-CVE-2026-49753 (MEDIUM) aka: CVE-2026-49753, GHSA-mjqx-c6f6-7rc2 HTTP response smuggling in Mint HTTP/1 client via lenient Content-Length parsing https://osv.dev/vulnerability/EEF-CVE-2026-49753 mint 1.7.1 - EEF-CVE-2026-49754 (HIGH) aka: CVE-2026-49754, GHSA-2p26-p43x-fhp8 HTTP/2 CONTINUATION flood in Mint client via unbounded header-block accumulation https://osv.dev/vulnerability/EEF-CVE-2026-49754 mint 1.7.1 - EEF-CVE-2026-48862 (HIGH) aka: CVE-2026-48862, GHSA-g586-ccqf-7x4r Unbounded conn.streams growth in Mint HTTP/2 client via unenforced PUSH_PROMISE concurrency https://osv.dev/vulnerability/EEF-CVE-2026-48862 req 0.5.15 - EEF-CVE-2026-49755 (HIGH) aka: CVE-2026-49755, GHSA-655f-mp8p-96gv Decompression bomb DoS in Req via auto-decoded archive and compressed response bodies https://osv.dev/vulnerability/EEF-CVE-2026-49755 req 0.5.15 - EEF-CVE-2026-49756 (LOW) aka: CVE-2026-49756, GHSA-px9f-whj3-246m Multipart form-data header injection in Req via unescaped name/filename/content_type https://osv.dev/vulnerability/EEF-CVE-2026-49756 hpax 1.0.3 - EEF-CVE-2026-58226 (HIGH) aka: CVE-2026-58226, GHSA-jj2p-32j7-whj2 Unauthenticated denial-of-service via unbounded HPACK integer decoding in hpax https://osv.dev/vulnerability/EEF-CVE-2026-58226
* fix: role leak on apply_rls Fix the `subscriptions` query in `apply_rls` to reset the role during the FOR loop execution to avoid leaking the query to `working_role` which 1) is not expected role and 2) might lack execution grants causing supabase#2001 Ref REAL-902
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Upstream Sync
This PR contains the latest changes from the upstream repository.
Changes included:
Review checklist:
This PR was automatically created by the upstream sync workflow