RepoJournal
Supabase

@supabase

The open-source Firebase alternative powering thousands of startups

Pick a date

  1. Sat 2 may
  2. Mon 4 may
  3. Tue 5 may
  4. Wed 6 may
  5. Thu 7 may
  6. Fri 8 may
  7. Sat 9 may
  8. Mon 11 may
  9. Tue 12 may
  10. Wed 13 may
  11. Thu 14 may
  12. Fri 15 may
  13. Sat 16 may
  14. Sun 17 may
  15. Tue 19 may
  16. Wed 20 may
  17. Thu 21 may
  18. Sat 23 may
  19. Sun 24 may
  20. Mon 25 may
  21. Tue 26 may
  22. Wed 27 may
  23. Thu 28 may
  24. Fri 29 may
  25. Sat 30 may
  26. Sun 31 may
  27. Mon 1 jun
  28. Mon 8 jun
  29. Tue 9 jun
  30. Today 10 jun

The Wire · Showcase

REALTIME PATCHES CVE, STUDIO CONSOLIDATES LOGIN FLOWS

By RepoJournal · Filed · About Supabase

Supabase Realtime shipped a security update addressing published CVE vulnerabilities in Decimal and Postgrex dependencies, while the Studio team unified CLI authentication onto a shared interstitial pattern.

The Realtime team [1] moved fast on dependency updates to close the CVE exposure, bundled into v2.94.0 [4] which also ships improved error tagging for metric pusher failures. This follows the pattern of the last 48 hours: small, focused security and observability wins stacking across the platform. On the frontend, Studio's CLI login route [2] now uses the shared connect interstitial layout instead of the legacy API auth pattern—a cleanup that mirrors the organisation invite refactoring work completed earlier this week [5]. The ETL pipeline tightened numeric type handling [3] to respect Postgres storage limits while preserving special values like `money` arrays, solving a class of silent data corruption bugs on BigQuery and ClickHouse syncs. Across all desks, the pattern is consistent: less UI debt, tighter type safety, faster security responses.

Action items

References

  1. [1] fix: update `Decimal` and `Postgrex` due to published CVE (#1862) supabase/realtime
  2. [2] feat(studio): move CLI login to connect interstitial (#45814) supabase/supabase
  3. [3] fix(types): Improve handling of data types ↗ supabase/etl
  4. [4] v2.94.0 ↗ supabase/realtime
  5. [5] refine organisation invite state helpers ↗ supabase/supabase

FAQ

What changed in Supabase on May 13, 2026?
Supabase Realtime shipped a security update addressing published CVE vulnerabilities in Decimal and Postgrex dependencies, while the Studio team unified CLI authentication onto a shared interstitial pattern.
What should Supabase teams do about it?
Deploy Realtime v2.94.0 to close CVE in Decimal and Postgrex • Verify ETL pipelines with updated numeric type handling before next sync • Monitor Realtime migration reconciliation for FunctionClauseError on tenant removal
Which Supabase repositories shipped on May 13, 2026?
supabase/realtime, supabase/supabase, supabase/etl

Related across the cluster

For your repos

The showcase is a teaser.
Your wire is the product.

Same engine. Different stack. Below: what changes when the wire is yours.

Showcase wire

  • 14 famous open source orgs
  • One wire per day
  • Public, generic
  • Read on the web, when you remember

Your wire

  • Up to 1,500 of your repos - orgs, deps, vendors
  • Morning and evening briefs
  • Action items routed to your team
  • Slack delivery, email, breaking-news CVE alerts

Want a hands-on demo first? Ask a current user for an invite link.