Conversation
- Updated package dependencies in package.json: - Upgraded @redocly/cli from ^1.31.0 to 2.15.1 - Upgraded jsdom from ^27.4.0 to 28.0.0 - Added glob as a dependency with version ^13.0.1 - Added node-domexception as a dependency with version ^2.0.2 - Added source-map as a dependency with version ^0.8.0-beta.0 - Increased timeout for authentication service requests from 5s to 15s in save-token route to handle slow backends and network latency. - Enhanced error handling for connection issues in save-token route, logging specific error codes and providing user-friendly messages. - Added conditional service worker registration in development mode based on ENABLE_SW_IN_DEV environment variable. - Improved session management in Supabase middleware by clearing invalid session cookies when token refresh fails and logging the error.
Codecov Report❌ Patch coverage is
📢 Thoughts on this report? Let us know! |
Contributor
There was a problem hiding this comment.
Pull request overview
This pull request bumps the version to 1.4.7 and makes several improvements to dependency management, error handling, and development experience.
Changes:
- Updated multiple npm dependencies including major version upgrades to @redocly/cli (v2.15.1) and jsdom (v28.0.0)
- Enhanced error handling for authentication timeout/connection issues with expanded error code coverage
- Improved session management to clear invalid cookies when token refresh fails
- Added conditional service worker registration control for development environments
Reviewed changes
Copilot reviewed 9 out of 10 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
| package.json | Version bump to 1.4.7; dependency updates including @redocly/cli, jsdom, glob, node-domexception, and source-map; removed glob override |
| package-lock.json | Lock file updates reflecting dependency changes |
| src/lib/supabase/middleware.ts | Added try-catch error handling for getUser() with cookie cleanup on failure |
| src/components/sw-register.tsx | Added development mode check to conditionally register service worker based on ENABLE_SW_IN_DEV |
| src/app/api/auth/save-token/route.ts | Increased timeout from 5s to 15s; enhanced error handling for multiple network error codes |
| supabase/migrations/20260205195751_remote_schema.sql | Added auth_password and auth_password_iv columns with consistency constraints |
| supabase/migrations/20260203_add_auth_password_column.sql | Deleted separate migration file (consolidated into remote schema) |
| next.config.ts | Added SERWIST_SUPPRESS_TURBOPACK_WARNING environment variable |
| Dockerfile | Added SERWIST_SUPPRESS_TURBOPACK_WARNING=1 to build environment |
| .example.env | Updated version number to 1.4.7 |
Comments suppressed due to low confidence (2)
supabase/migrations/20260205195751_remote_schema.sql:234
- The
auth_passwordandauth_password_ivcolumns were added to the remote schema in this migration, but the separate migration file20260203_add_auth_password_column.sqlwas deleted. If that migration was previously applied in any environment, this creates a migration history inconsistency. Consider: (1) Keeping the old migration file for history, or (2) Documenting why it was consolidated, or (3) Ensuring no environment has applied the old migration yet.
supabase/migrations/20260205195751_remote_schema.sql:234 - The constraint syntax uses
<> ''::"text"which appears to have an unusual cast syntax. This should be either<> ''or<> ''::text(without the double colon before the quotes). The current syntax''::"text"may cause SQL parsing errors. Please verify this syntax is correct for PostgreSQL.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Owner
Author
|
@copilot open a new pull request to apply changes based on the comments in this thread |
Contributor
…agement (#265) * Initial plan * fix: address PR review feedback on error handling and dependencies Co-authored-by: devakesu <61821107+devakesu@users.noreply.github.com> * refactor: optimize middleware error detection Co-authored-by: devakesu <61821107+devakesu@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: devakesu <61821107+devakesu@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 9 out of 10 changed files in this pull request and generated 4 comments.
Comments suppressed due to low confidence (1)
supabase/migrations/20260205195751_remote_schema.sql:234
- The check constraints use the empty string comparison pattern (
<> ''::"text"). While this is syntactically valid PostgreSQL, it's unusual syntax. The standard pattern would be<> ''or!= ''. The::textcast on an empty string literal is redundant since it's already a text literal. Consider simplifying to:CHECK ((auth_password_iv IS NULL) OR (auth_password_iv <> ''))for better readability and consistency with PostgreSQL conventions.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Owner
Author
|
@copilot open a new pull request to apply changes based on the comments in this thread |
Contributor
…logic (#266) * Initial plan * Address PR review: add ECONNREFUSED error code and remove redundant checks Co-authored-by: devakesu <61821107+devakesu@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: devakesu <61821107+devakesu@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 9 out of 10 changed files in this pull request and generated 3 comments.
Comments suppressed due to low confidence (2)
supabase/migrations/20260205195751_remote_schema.sql:234
- The migration consolidation is good - the separate auth_password migration file has been removed and its changes have been incorporated into the remote_schema migration. However, ensure that any environments where the 20260203_add_auth_password_column.sql migration was already applied won't encounter issues. The new remote_schema.sql should handle this idempotently with IF NOT EXISTS checks or similar safeguards.
supabase/migrations/20260205195751_remote_schema.sql:234 - The check constraints use empty string comparison with '' which could be clearer using '' IS NULL pattern or a more explicit check. However, the current logic (auth_password <> ''::"text") correctly prevents empty strings while allowing NULL values. Consider adding a comment to clarify that these constraints ensure both fields are either both NULL or both non-empty strings.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Owner
Author
|
@copilot open a new pull request to apply changes based on the comments in this thread |
Contributor
…pendency (#267) * Initial plan * fix: improve error handling and remove deprecated package Co-authored-by: devakesu <61821107+devakesu@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: devakesu <61821107+devakesu@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 9 out of 10 changed files in this pull request and generated 4 comments.
Comments suppressed due to low confidence (1)
supabase/migrations/20260203_add_auth_password_column.sql:1
- The migration file
20260203_add_auth_password_column.sqlis being deleted entirely, and its changes appear to be consolidated into the20260205195751_remote_schema.sqlfile. However, if this migration has already been applied in any environment, deleting it could cause migration tracking issues. Ensure that the migration history is properly managed and that this deletion doesn't break environments where the original migration was already applied.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Owner
Author
|
@copilot open a new pull request to apply changes based on the comments in this thread |
Contributor
…n middleware (#268) * Initial plan * Improve error handling with structured properties and add npm version requirement Co-authored-by: devakesu <61821107+devakesu@users.noreply.github.com> * Optimize error handling: move constants to module scope and improve type safety Co-authored-by: devakesu <61821107+devakesu@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: devakesu <61821107+devakesu@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 9 out of 10 changed files in this pull request and generated 3 comments.
Comments suppressed due to low confidence (1)
supabase/migrations/20260205195751_remote_schema.sql:234
- The migration file
20260203_add_auth_password_column.sqlhas been completely deleted, but the schema changes it contained (addingauth_passwordandauth_password_ivcolumns with constraints) have been moved into the20260205195751_remote_schema.sqlfile. This creates a potential issue: if the earlier migration has already been applied in some environments, applying the remote schema migration might fail due to the columns already existing. Consider verifying that this consolidation won't cause issues in existing deployments, or add conditional logic (IF NOT EXISTS) to handle both scenarios.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Owner
Author
|
@copilot open a new pull request to apply changes based on the comments in this thread |
Contributor
…_DEV (#269) * Initial plan * Fix environment variable inconsistency in service worker registration - Check both ENABLE_SW_IN_DEV and NEXT_PUBLIC_ENABLE_SW_IN_DEV - Prioritize ENABLE_SW_IN_DEV (matching next.config.ts) with NEXT_PUBLIC_ as fallback - Update logger message to document both options for backwards compatibility Co-authored-by: devakesu <61821107+devakesu@users.noreply.github.com> * Use consistent environment variable NEXT_PUBLIC_ENABLE_SW_IN_DEV in both config and component - Update next.config.ts to use NEXT_PUBLIC_ENABLE_SW_IN_DEV instead of ENABLE_SW_IN_DEV - Update comments in next.config.ts to reflect the correct variable name - Simplify sw-register.tsx to only check NEXT_PUBLIC_ENABLE_SW_IN_DEV - This ensures users only need to set one environment variable for both build-time and runtime SW control Co-authored-by: devakesu <61821107+devakesu@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: devakesu <61821107+devakesu@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 9 out of 10 changed files in this pull request and generated 2 comments.
Comments suppressed due to low confidence (1)
supabase/migrations/20260205195751_remote_schema.sql:234
- The new
auth_passwordandauth_password_ivcolumns store user authentication secrets in a reversibly encrypted form, which means that if the encryption key is ever exposed (e.g., via server compromise or logs), all user passwords can be decrypted. For password-like credentials, best practice is to use a one-way password hashing algorithm (e.g., bcrypt, scrypt, Argon2) so that even with full database and key access, attackers cannot directly recover the original passwords. Consider redesigning this flow to avoid storing decryptable user passwords at all (e.g., store non-reversible hashes or opaque tokens instead) and ensure that any remaining encrypted secrets are strictly limited and key-managed as high-value secrets.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Owner
Author
|
@copilot open a new pull request to apply changes based on the comments in this thread |
Contributor
* Initial plan * Fix README and package.json per review feedback Co-authored-by: devakesu <61821107+devakesu@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: devakesu <61821107+devakesu@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 10 out of 11 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Owner
Author
|
@copilot open a new pull request to apply changes based on the comments in this thread |
Contributor
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
chore: update dependencies and improve error handling
Updated package dependencies in package.json:
Upgraded @redocly/cli from ^1.31.0 to 2.15.1
Upgraded jsdom from ^27.4.0 to 28.0.0
Added glob as a dependency with version ^13.0.1
Added node-domexception as a dependency with version ^2.0.2
Added source-map as a dependency with version ^0.8.0-beta.0
Increased timeout for authentication service requests from 5s to 15s in save-token route to handle slow backends and network latency.
Enhanced error handling for connection issues in save-token route, logging specific error codes and providing user-friendly messages.
Added conditional service worker registration in development mode based on ENABLE_SW_IN_DEV environment variable.
Improved session management in Supabase middleware by clearing invalid session cookies when token refresh fails and logging the error.