chore(deps): bump @supabase/supabase-js from 2.99.1 to 2.106.1

[dependabot]

Bumps @supabase/supabase-js from 2.99.1 to 2.106.1.

Release notes

Sourced from @​supabase/supabase-js's releases.

v2.106.1

2.106.1 (2026-05-20)

🩹 Fixes

• auth: encode client-id in oauth requests (#2383)
• misc: hide dynamic import from hermesc (#2381)

❤️ Thank You

• Etienne Stalmans @​staaldraad
• Katerina Skroumpelou @​mandarini

v2.106.1-canary.1

2.106.1-canary.1 (2026-05-20)

🩹 Fixes

• misc: hide dynamic import from hermesc (#2381)

❤️ Thank You

• Katerina Skroumpelou @​mandarini

v2.106.1-canary.0

2.106.1-canary.0 (2026-05-20)

🩹 Fixes

• auth: encode client-id in oauth requests (#2383)

❤️ Thank You

• Etienne Stalmans @​staaldraad

v2.106.1-beta.3

2.106.1-beta.3 (2026-05-20)

🩹 Fixes

• auth: encode client-id in oauth requests (#2383)
• misc: otel import issue (8aa1ba2b)
• misc: add tests (459f429d)
• misc: address comments (6fdf9145)
• misc: another approach (334de162)
• misc: more fixes (26c6bbcb)
• misc: fix build (ebfbb428)
• misc: consolidate magic comments for rolldown (149ae914)
• misc: format (1a3f34b7)
• misc: trim comments (2c01bd16)

... (truncated)

Changelog

Sourced from @​supabase/supabase-js's changelog.

2.106.1 (2026-05-20)

🩹 Fixes

• misc: hide dynamic import from hermesc (#2381)

❤️ Thank You

• Katerina Skroumpelou @​mandarini

2.106.0 (2026-05-18)

🚀 Features

• supabase: W3C/OpenTelemetry trace context propagation (#2163)

🩹 Fixes

• release: mark @​supabase/tracing private and snapshot it for JSR (#2370)

❤️ Thank You

• Claude Sonnet 4.5
• Guilherme Souza
• Katerina Skroumpelou @​mandarini

2.105.4 (2026-05-08)

This was a version bump only for @​supabase/supabase-js to align it with other projects, there were no code changes.

2.105.2 (2026-05-04)

🩹 Fixes

• auth: forward lockAcquireTimeout to SupabaseAuthClient (#2309)
• misc: widen enum-like unions with (string & {}) for forward compat (#2303)

❤️ Thank You

• Muzzaiyyan Hussain @​MuzzaiyyanHussain

2.105.1 (2026-04-28)

This was a version bump only for @​supabase/supabase-js to align it with other projects, there were no code changes.

2.105.0 (2026-04-27)

🚀 Features

• auth: add passkey support with WebAuthn registration, authentication, and management (#2283)

... (truncated)

Commits

• 3f9628a fix(misc): hide dynamic import from hermesc (#2381)
• 1761a62 chore(release): version 2.106.0 changelogs (#2379)
• 1c48755 chore(deps): cleanups and updates (#2371)
• 9dfba1c chore(repo): migrate to pnpm (#2368)
• 6731c4a fix(release): mark @​supabase/tracing private and snapshot it for JSR (#2370)
• 2fe1801 feat(supabase): W3C/OpenTelemetry trace context propagation (#2163)
• fae6772 chore(repo): update to nx 22 (#2353)
• c6f7a38 chore(release): version 2.105.4 changelogs (#2342)
• db53b0f chore(release): version 2.105.2 changelogs (#2323)
• 5223888 [patchback] docs(repo): @​category and @​subcategory tags across all packages (...
• Additional commits viewable in compare view

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
gestabiz	Ready	Preview, Comment	May 21, 2026 1:55am