This PR migrates the whole monorepo to use Tailwind v4:
- Removed `@tailwindcss/container-queries` plugin since it's included by
default in v4,
- Bump all instances of Tailwind to v4. Made minimal changes to the
shared config to remove non-supported features (`alpha` mentions),
- Migrate all apps to be compatible with v4 configs,
- Fix the `typography.css` import in 3 apps,
- Add missing rules which were included by default in v3,
- Run `pnpm dlx @tailwindcss/upgrade` on all apps, which renames a lot
of classes
- Rename all misnamed classes according to
https://tailwindcss.com/docs/upgrade-guide#renamed-utilities in all
apps.
---------
Co-authored-by: Jordi Enric <jordi.err@gmail.com>
This PR preps the monorepo for a migration to Tailwind v4:
- Bump all Tailwind dependencies and libraries to the latest possible
version, while still compatible with Tailwind 3.
- Cleans up obsolete Tailwind 3 specific options and configs.
- Cleans up unused CSS files and fixes the CSS imports.
- Migrates all `important` uses in `@apply` lines to using the `!`
prefix.
- Move `typography.css` to the `config` package and import it from the
apps.
- Migrated all occurrences of `flex-grow`, `flex-shrink`,
`overflow-clip` and `overflow-ellipsis` since they're deprecated and
will be removed in Tailwind 4.
- Make the default theme object typesafe in the `ui` package.
- Migrate all `bg-opacity`, `border-opacity`, `ring-opacity` and
`divider-opacity` to the new format where they're declared as part of
the property color.
- Bump and unify all imports of `postcss` dependency.
## Problem
We used to have a `_Shadcn_` suffix for all the shadcn form components
because we also had `formik` form components.
This is not needed anymore.
## Solution
- Remove the suffix
- Update all usages
fixes phone provider saves that showed success but did not persist the
enabled state
(smol regression from the refactor)
## ref:
- closes https://github.com/supabase/supabase/issues/44966
ig was introduced by 6b35cc8034
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Automatically clears certain conditional fields when their visibility
condition becomes false to avoid stale values.
* Preserves input values and registration state for fields removed from
the UI (they no longer unregister on hide), improving form continuity
during toggles.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Problem
We currently have 2 libraries for schema validation: `yup` that was used
with `formik` and `zod` which is now the preferred one.
## Solution
- Migrate the auth providers form to `zod`
- Remove `yup`
No visual changes.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Preserve empty numeric inputs in auth provider forms to avoid
unintended conversion.
* **Refactor**
* Migrated auth provider form validation to a new validation system for
more consistent rules.
* Strengthened provider-specific validation (email, phone/SMS, OAuth,
SAML, Web3), added improved SMS test-OTP/date checks, and adjusted
initial handling for password-required-characters.
* **Chores**
* Removed an unused validation dependency from project packages.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Problem
We'd like to update react to `19` but many of our dependencies don't
support it.
## Solution
Update those dependencies. This PR focuses on `react-markdown`
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Upgraded react-markdown to 10.1.0 (and remark-gfm to 4.0.0) across
projects for improved Markdown support.
* **Style**
* Adjusted Markdown rendering so typography and spacing are applied via
surrounding containers, improving consistent styling across docs and UI.
* **New Content**
* Added a new RSS feed item for a recent blog post.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Problem
When users have enabled a SMS hook, they can't update the TOPT test
values anymore.
This is because `formik` sent disabled inputs values in the form payload
while `react-hook-form` correctly does not.
## Solution
Make the inputs read only instead of disabled
## How to test
- Enable SMS auth
- Add a SMS hook
- Update the SMS auth settings
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Improvements**
* Authentication provider form fields now use read-only mode instead of
being disabled, preserving focus and interaction while preventing edits
across text, secret, multiline, numeric, select, boolean, and datetime
inputs.
* A new optional read-only prop was added to form fields for consistent
behavior.
* **Fixes**
* Initial form values recalculation was corrected so they update
reliably when the selected provider changes.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Summary by CodeRabbit
* **New Features**
* Added Passkeys configuration page to manage WebAuthn relying-party
settings and enable/disable passkey auth.
* Added a Beta "Passkeys" item to the Auth settings menu.
* Enabled saving passkey-related authentication parameters.
* **Tests**
* Added test coverage to ensure the Passkeys menu appears or is omitted
based on feature flags.
* **Chores**
* Removed an unused import to tidy the code.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: fadymak <dev@fadymak.com>
Co-authored-by: Ivan Vasilov <vasilov.ivan@gmail.com>
## Problem
The input groups components introduced in #44282 don't have the
validation attributes when invalid. This hurts accessibility and also
break the design:
<img width="1730" height="324" alt="image"
src="https://github.com/user-attachments/assets/a3fb8d86-f3a8-46bb-aa53-d0599c11f056"
/>
## Solution
This is because the wrapper `<FormControl_Shadcn_>` passes the
validation props to its direct child.
The solution is to avoid applying them on the `<InputGroup>` and to
apply them manually on the inputs.
I also fixed a small accessibility issue by moving the addon texts after
the input so that screen readers announce them in the correct order. No
visual change for this
<img width="587" height="158" alt="image"
src="https://github.com/user-attachments/assets/1f8858ea-6659-45f9-964e-8c43a7fe14ba"
/>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Style**
* Unified numeric input layout by moving unit labels/suffixes (e.g.,
"seconds", "GB", "%", "connections", "digits", "IOPS", "MB/s", "rows")
to appear after their inputs for a consistent, predictable form
appearance.
* **Accessibility**
* Form controls now expose IDs and ARIA attributes from form context
when available, improving screen-reader descriptions and error
association.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Ivan Vasilov <vasilov.ivan@gmail.com>
## Problem
- The auth providers forms still use `formik` and we want to remove it
in favour of `react-hook-form` to keep only one form library
- The auth providers forms do not follow the design system guidelines
## Solution
- Migrate to `react-hook-form`
- Apply the design system guidelines
## Screenshots
<img width="1530" height="1920" alt="image"
src="https://github.com/user-attachments/assets/04627e93-2aa5-4a7f-a24e-0ae41d6e6b10"
/>
---------
Co-authored-by: Danny White <3104761+dnywh@users.noreply.github.com>
### Changes
- Replaces the isPaid plan-based check on the "Prevent use of leaked
passwords" (PASSWORD_HIBP_ENABLED) setting with a proper entitlement
check using the `password_hibp` entitlement key
- Adds a new `useHasEntitlementAccess` hook that returns a reusable
checker function for any entitlement key, backed by the same cached
entitlements query
### Testing
- Head to `/project/_/auth/providers?provider=Email` with an Org on the
Free Plan
- Assert that the "Prevent use of leaked passwords" toggle is disabled.
- Head to `/project/_/auth/providers?provider=Email` with an Org on the
Pro Plan
- Assert that the "Prevent use of leaked passwords" toggle is enabled
and can be toggled and saved.
<img width="612" height="496" alt="image"
src="https://github.com/user-attachments/assets/fc1ccc79-016c-4265-96ac-bdb458d2a8de"
/>
## Context
Main fix is to adjust the new home page + connect dialog (and connect
sheet) to render the project's custom domain if available
<img width="471" height="255" alt="image"
src="https://github.com/user-attachments/assets/3a208b2e-bdeb-43f5-a2e7-3495881dbaaa"
/>
<img width="1065" height="233" alt="image"
src="https://github.com/user-attachments/assets/2a7b8f81-8c0b-4803-bf0a-fc16a2f1e0e1"
/>
## Changes involved
- Created a `useProjectApiUrl` hook that will return the API URL
depending if custom domains is available, otherwise default to default
project API URL
- Refactored all the other places that were manually deriving the
project's endpoint
- Storage Explorer -> copy URL
- Edge Functions
- Integrations -> Data API + API Docs
- Auth Providers -> Callback URL
- Also updated the copy CTA for the addons page
- Instead of just "Change xxx", make it a bit more actionable
- For add ons with binary states (Custom domains, IPv4)
- If not enabled yet, "Enable xxx", otherwise "Toggle xxx"
- For PITR
- If not enabled yet, "Enable PITR", otherwise "Change recovery
duration"
- Also added "Edit custom domain" CTA if enabled
<img width="1144" height="518" alt="image"
src="https://github.com/user-attachments/assets/4f152ea5-0cc7-412c-95e8-ad5bb37c19c3"
/>
## To test
- [ ] Verify that for a project with custom domain set up, all the
affected UI mentioned in the above section look correct
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
The changes required for this React Doctor need more thought that I can
hammer with AI. Just need to stop this from happening in the future with
Ratchet rules
* Bump the deps, refactor deprecated code.
* Migrate keepPreviousData usage.
* Migrate all uses of InfiniteQuery.
* Fix refetchInterval in queries.
* Migrate all use of isLoading to isPending in mutations.
* Fix accessing location in claim-project.
* Fix a bug in duplicate query keys.
* Migrate all queries to use isPending.
* Revert "Fix accessing location in claim-project."
This reverts commit 2a07df64b5.
* Revert the rss.xml file to master.
* fix attack projection and rate limit links in the web3 wallet configs view
* fix link rendering in provider form
---------
Co-authored-by: Illia Basalaiev <illiab@IMB3.local>
* Update Supabase docs URLs to use env variable
Co-authored-by: a <a@alaisteryoung.com>
* Refactor: Use DOCS_URL constant for documentation links
This change centralizes documentation links using a new DOCS_URL constant, improving maintainability and consistency.
Co-authored-by: a <a@alaisteryoung.com>
* Refactor: Use DOCS_URL constant for all documentation links
This change replaces hardcoded documentation URLs with a centralized constant, improving maintainability and consistency.
Co-authored-by: a <a@alaisteryoung.com>
* replace more instances
* ci: Autofix updates from GitHub workflow
* remaining instances
* fix duplicate useRouter
---------
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
Co-authored-by: alaister <10985857+alaister@users.noreply.github.com>
* Update perms checking in audit logs
* Deprecate useCheckPermissions, useIsPermissionsLoaded and useCheckProjectPermissions as they're no longer used
* Rename useAsyncCheckProjectPermissions to useAsyncCheckPermissions
* Fix TS
* Part 1 of swapping useCheckPermissions with useAsyncCheckProjectPermissions
* Update apps/studio/hooks/misc/useCheckPermissions.ts
Co-authored-by: Drake Costa <drake@saeris.io>
* Address feedback
---------
Co-authored-by: Drake Costa <drake@saeris.io>
* feat: add sign in with solana (web3) configuration UI
* Regenerate the api types.
* fix tiny things
---------
Co-authored-by: Ivan Vasilov <vasilov.ivan@gmail.com>
* improve some studio mobile layouts
* improve some studio mobile layouts
* improve settings
* assistant mobile
* assistant mobile
* assistant mobile
* responsive formlayout and new project layout
* improve dashboard pages headers
* improve dashboard auth pages
* mobile org settings
* mobile billing fixes
* adjust paused project container height
* remove comments
* triggers
* leftovers
* ai assistant
* fix errors
* remove 16px input size
* fix test
* merge access tokens settings page conflicsts
* smol integrations here and there
* Fix: unify Client ID handling for Google provider
* Ensure no spaces in Client IDs
* Update apps/studio/components/interfaces/Auth/AuthProvidersFormValidation.tsx
Co-authored-by: Kang Ming <kang.ming1996@gmail.com>
* Fix Apple provider client IDs
* Update apps/studio/components/interfaces/Auth/AuthProvidersFormValidation.tsx
Co-authored-by: Kang Ming <kang.ming1996@gmail.com>
* Update apps/studio/components/interfaces/Auth/AuthProvidersFormValidation.tsx
Co-authored-by: Kang Ming <kang.ming1996@gmail.com>
* Remove Secret key requirement
* Fix markdown component usage + apple client id
---------
Co-authored-by: Kang Ming <kang.ming1996@gmail.com>
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
* Fix the types for API settings to include protocol.
* Use the protocol property in all usages of endpoints.
* Update
* Lint
* Revert changes to retrieving protocol
* Remove console.logs
---------
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
* Add perms check in projects API query
* Start deprecating use of projects-api-query, move to projects-settings-v2-query
* PRETTY
* Shift all uses of project api query to project settings v2 query, and deprecate project api query
* Fix
* Fix
* Small unrelated styling fix on join page
* Fix
* Update apps/studio/components/interfaces/Auth/Users/UserOverview.tsx
Co-authored-by: Alaister Young <alaister@users.noreply.github.com>
---------
Co-authored-by: Alaister Young <alaister@users.noreply.github.com>
* Fix waiting for verification column as cell was not re-rendering after users are loaded
* Fix waiting for verification column as cell was not re-rendering after users are loaded
* Fix grid, overview panel and linking to providers for SAML users
* Midway implementing user management v2 panel
* Do up overview panel less provider information
* Midway provider info
* Wrap up provider information
* Add banned until banner
* Slight adjustment to search input
* Fix
* Fix provider icons in data grid
* Fix
* Moar fixes
* Add loading line
* Address some feedback
* Reorder some elements in the user overview panel
* Fix icons going over cell headers
* Chore: Add links to documentation to the Auth Providers page
* Update position of documentation button in provider form
---------
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
* Add lucide-react to docs (to make the autocomplete work).
* Migrate the docs app icons.
* Migrate the ui-patterns.
* Remove the old icons from ui package.
* Migrate the www app from react-feather icons.
* Migrate all of studio icons.
* Migrate the only component in design-system.
* Fix an old import in ui package. Revert an import in docs app.
* Fix some pages in www.
* Remove unneeded files used in generation of icons.
* Fix a prettier error.
* Fix more issues in www.
* Fix an issue in Log Date picker.
* Replace all string sizes with number sizes because the icons grew in some cases.
* Fix more imports in security page.
* Fix an extra import.
* Remove the size prop from all icons if they're in a button and they match the button size.
* Minor fixes for docs and www.
---------
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
Ivan Vasilov