惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

C
CERT Recently Published Vulnerability Notes
U
Unit 42
T
The Blog of Author Tim Ferriss
H
Hackread – Cybersecurity News, Data Breaches, AI and More
B
Blog RSS Feed
Microsoft Azure Blog
Microsoft Azure Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
S
Securelist
L
Lohrmann on Cybersecurity
Blog — PlanetScale
Blog — PlanetScale
Recorded Future
Recorded Future
D
DataBreaches.Net
Spread Privacy
Spread Privacy
T
Threat Research - Cisco Blogs
I
Intezer
P
Palo Alto Networks Blog
Simon Willison's Weblog
Simon Willison's Weblog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
I
InfoQ
宝玉的分享
宝玉的分享
Security Latest
Security Latest
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
T
Threatpost
Cisco Talos Blog
Cisco Talos Blog
P
Proofpoint News Feed
博客园 - 司徒正美
H
Hacker News: Front Page
Y
Y Combinator Blog
爱范儿
爱范儿
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
NISL@THU
NISL@THU
月光博客
月光博客
有赞技术团队
有赞技术团队
Cloudbric
Cloudbric
酷 壳 – CoolShell
酷 壳 – CoolShell
G
Google Developers Blog
A
Arctic Wolf
博客园 - 【当耐特】
W
WeLiveSecurity
V
Visual Studio Blog
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
V
V2EX
C
Cyber Attacks, Cyber Crime and Cyber Security
S
SegmentFault 最新的问题
The GitHub Blog
The GitHub Blog
The Cloudflare Blog
Stack Overflow Blog
Stack Overflow Blog

Supabase Blog

AI Agents Know About Supabase. They Don't Always Use It Right. Custom OIDC Providers for Supabase Auth 100,000 GitHub stars Supabase docs over SSH Navigating Regional Network Blocks Supabase Joins the Stripe Projects Developer Preview Log Drains: Now available on Pro Supabase Storage: major performance, security, and reliability updates Supabase incident on February 12, 2026 Hydra joins Supabase X / Twitter OAuth 2.0 is now available for Supabase Auth BKND joins Supabase Supabase is now an official Claude connector Supabase PrivateLink is now available Introducing: Postgres Best Practices When to use Read Replicas vs. bigger compute Introducing TRAE SOLO integration with Supabase Supabase Security Retro: 2025 Sync Stripe Data to Your Supabase Database in One Click Building ChatGPT Apps with Supabase Edge Functions and mcp-use Own Your Observability: Supabase Metrics API Introducing iceberg-js: A JavaScript Client for Apache Iceberg Introducing Supabase for Platforms Adding Async Streaming to Postgres Foreign Data Wrappers Build "Sign in with Your App" using Supabase Auth Introducing Seven New Email Templates for Supabase Auth The new Supabase power for Kiro Introducing Supabase ETL Introducing Analytics Buckets Introducing Vector Buckets Snap, Inc. Launches Snap Cloud, Powered by Supabase Triplit joins Supabase Supabase Series E 1000 Y Combinator Founders Choose Supabase gm 👋 web3, welcome aboard to Sign in with Web3 (Solana, Ethereum) Announcing the Supabase Remote MCP Server Enterprise speed, enterprise standards with Bolt Cloud + Supabase Lovable Cloud + Supabase: The Default Platform for AI Builders Processing large jobs with Edge Functions, Cron, and Queues Defense in Depth for MCP Servers OrioleDB Patent: now freely available to the Postgres community Supabase Launch Week 15 Hackathon Winner Announcement The Vibe Coder's Guide to Supabase Environments Testing for Vibe Coders: From Zero to Production Confidence The Vibe Coding Master Checklist Vibe Coding: Best Practices for Prompting Supabase Auth: Build vs. Buy Top 10 Launches of Launch Week 15 Supabase Launch Week 15 Hackathon Storage: 10x Larger Uploads, 3x Cheaper Cached Egress, and 2x Egress Quota Persistent Storage and 97% Faster Cold Starts for Edge Functions Algolia Connector for Supabase New Observability Features in Supabase Improved Security Controls and A New Home for Security Introducing Branching 2.0 Stripe-To-Postgres Sync Engine as standalone Library Supabase Analytics Buckets with Iceberg Support Create a Supabase backend using Figma Make Introducing JWT Signing Keys Supabase UI: Platform Kit Build a Personalized AI Assistant with Postgres Announcing Multigres: Vitess for Postgres Building on open table formats Open Data Standards: Postgres, OTel, and Iceberg Simplifying back-end complexity with Supabase Data APIs PostgreSQL Event Triggers without superuser access Top 10 Launches of Launch Week 14 Supabase MCP Server Data API Routes to Nearest Read Replica Declarative Schemas for Simpler Database Management Realtime: Broadcast from Database Keeping Tabs on What's New in Supabase Studio Edge Functions: Deploy from the Dashboard + Deno 2.1 Automatic Embeddings in Postgres Introducing the Supabase UI Library Supabase Auth: Bring Your Own Clerk Postgres Language Server: Initial Release Migrating from Fauna to Supabase Migrating from the MongoDB Data API to Supabase Dedicated Poolers Postgres as a Graph Database: (Ab)using pgRouting AI Hackathon at Y Combinator Calendars in Postgres using Foreign Data Wrappers Supabase Launch Week 13 Hackathon Winners How to Hack the Base! Running Durable Workflows in Postgres using DBOS database.build v2: Bring-your-own-LLM Restore to a New Project Hack the Base! with Supabase Top 10 Launches of Launch Week 13 Supabase Queues High Performance Disk Supabase Cron Supabase CLI v2: Config as Code Supabase Edge Functions: Introducing Background Tasks, Ephemeral Storage, and WebSockets Supabase AI Assistant v2 OrioleDB Public Alpha Executing Dynamic JavaScript Code on Supabase with Edge Functions ClickHouse Partnership, improved Postgres Replication, and Disk Management Live Share: Connect to in-browser PGlite with any Postgres client
PostgREST 13
Steve Chavez, Laurence Isla, Andrew Valleteau · 2025-09-30 · via Supabase Blog

PostgREST 13

PostgREST 13 is out! It comes with API and Observabilty improvements. In this post, we'll see what's new.

This new feature allows you to represent one-to-many and many-to-many relationships as flat JSON arrays.

For example, if you have database similar to IMDB and you’d like to represent it as a hierarchical JSON structure for your frontend, like so:


_17

[

_17

{

_17

"title": "The Shawshank Redemption",

_17

"actors": ["Tim Robbins", "Morgan Freeman"],

_17

"genres": ["Drama"]

_17

},

_17

{

_17

"title": "The Godfather",

_17

"actors": ["Marlon Brando", "Al Pacino"],

_17

"genres": ["Drama", "Crime"]

_17

},

_17

{

_17

"title": "The Dark Knight",

_17

"actors": ["Christian Bale", "Heath Ledger"],

_17

"genres": ["Drama", "Crime", "Action"]

_17

}

_17

]


You can now do it this way:

The above ...people is “spreading” the many-to-many relationship between titles and people, forming a flat array only consisting of the primary_name column. This flat array is then renamed to actors. We do a similar process for genres , which also forms a many-to-many relationship with people.

You can see the data model used for this example on this gist. There are more details about this feature on the official docs.

Previously you could only use the full text search operator on tsvector columns, now you can do it on text and json/jsonb columns too:

This works because text and json/jsonb columns will be automatically converted with to_tsvector.

To ensure this operation is fast, add an index:


_10

create index idx_titles on people

_10

using gin (to_tsvector('english', primary_name));


You can now limit to the amount of rows affected by an update or delete operation with maxAffected:

If the rows affected by the operation surpass the limit in maxAffected, an error will be thrown.

This also works with rpc(), given that it modifies rows and returns the affected rows. More on details on the official docs.

Content-Length header#

For observability, you can now verify the response body size in bytes in the Content-Length header.


_10

HTTP/1.1 200 OK

_10

Content-Length: 104

_10

Content-Location: /items


This helps in cases where you want to know which requests consume the most traffic to avoid exceeding egress limits.

The PostgREST error code is now present in the Proxy-Status header.


_10

HTTP/1.1 406 Not Acceptable

_10

Proxy-Status: PostgREST; error=PGRST116


You can check the Proxy-Status and Content-Length headers in the Supabase Logs Explorer.

JWT kid validation#

PostgREST now validates the JWT kid claim. If your JWT contains a Key ID (kid), it will try to match this with one of the kid's in the configured JSON Web Key Set. Check the official docs for more details.

If you use Supabase Auth or the CLI to create JSON Web Keys, you shouldn’t worry about this change as both systems will ensure kid's are present in the JSON Web Key Set.

For users that integrate with other Auth systems, make sure that both your JWT and JWKS follow the above rules.

Schema validation in PostgREST search path#

The schemas inside db-schemas and db-extra-search-path are now validated. This means you cannot put a nonexistent schema there, if you do PostgREST will fail with an error message.

If you drop a schema during a migration, you should make sure this is synced with the PostgREST search path, which is possible thanks to postgres transactional DDL:


_10

begin;

_10

drop schema old_schema;

_10

alter role authenticator set pgrst.db_schemas = 'public, pg_graphql, others'; -- make sure old_schema is not present here

_10

commit;


PostgREST v13 is now available for all new projects on the Supabase platform, old projects can upgrade to get this new version.

You can look at the full changelog on the release notes.