[Snyk] Upgrade @supabase/supabase-js from 2.38.2 to 2.45.4 | Upgrade Supabase JS for improved features and security

[nerdy-tech-com-gitub]

Snyk has created this PR to upgrade @supabase/supabase-js from 2.38.2 to 2.45.4.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 40 versions ahead of your current version.

• The recommended version was released on a month ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Uncontrolled resource consumption SNYK-JS-BRACES-6838727	696	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ES5EXT-6095076	696	Proof of Concept
	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	696	No Known Exploit
	Denial of Service (DoS) SNYK-JS-WS-7266574	696	Proof of Concept
	Denial of Service (DoS) SNYK-JS-WS-7266574	696	Proof of Concept
	Denial of Service (DoS) SNYK-JS-WS-7266574	696	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-FASTXMLPARSER-7573289	696	No Known Exploit
	Cross-site Scripting SNYK-JS-SERVESTATIC-7926865	696	No Known Exploit

Release notes

Package name: @supabase/supabase-js

• 2.45.4 - 2024-09-10
  

  2.45.4 (2024-09-10)

  Bug Fixes

  • bump postgrest-js to v1.16.1 (96caa1d)
• 2.45.3 - 2024-08-30
  

  2.45.3 (2024-08-30)

  Bug Fixes

  • deps-dev: bump webpack from 5.82.1 to 5.94.0 (#1264) (2153874)
• 2.45.2 - 2024-08-23
  

  2.45.2 (2024-08-23)

  Bug Fixes

  • bump storage-js v2.7.0 (f0e6ee2)
• 2.45.1 - 2024-08-06
  

  2.45.1 (2024-08-06)

  Bug Fixes

  • Allow passing a custom lock function to supabase client (5f37e69)
• 2.45.0 - 2024-07-29
  

  2.45.0 (2024-07-29)

  Features

  • add third-party auth support (#1004) (fa97643)
• 2.44.4 - 2024-07-15
  

  2.44.4 (2024-07-15)

  Bug Fixes

  • bump auth-js to v2.64.4 (#1244) (51cd986)
• 2.44.3 - 2024-07-08
  

  2.44.3 (2024-07-08)

  Bug Fixes

  • imports not working w/ Metro bundler (564df44)
• 2.44.2 - 2024-06-28
  

  2.44.2 (2024-06-28)

  Bug Fixes

  • Bump up realtime-js 2.10.2 (#1235) (b8a5d71)
• 2.44.1 - 2024-06-27
  

  2.44.1 (2024-06-27)

  Bug Fixes

  • postgrest-js esm typings (5d92d48)
• 2.44.0 - 2024-06-25
  

  2.44.0 (2024-06-25)

  Features

  • Bump realtime-js 2.10.1 (#1231) (37dc1ae)
• 2.43.6 - 2024-06-25
• 2.43.5 - 2024-06-16
• 2.43.4 - 2024-05-23
• 2.43.3 - 2024-05-22
• 2.43.2 - 2024-05-15
• 2.43.1 - 2024-05-03
• 2.43.0 - 2024-05-01
• 2.42.7 - 2024-04-25
• 2.42.6 - 2024-04-25
• 2.42.5 - 2024-04-18
• 2.42.4 - 2024-04-15
• 2.42.3 - 2024-04-12
• 2.42.2 - 2024-04-12
• 2.42.1 - 2024-04-11
• 2.42.0 - 2024-04-03
• 2.41.1 - 2024-03-28
• 2.41.0 - 2024-03-28
• 2.40.0 - 2024-03-25
• 2.39.8 - 2024-03-12
• 2.39.7 - 2024-02-19
• 2.39.6 - 2024-02-14
• 2.39.5 - 2024-02-14
• 2.39.4 - 2024-02-13
• 2.39.3 - 2024-01-11
• 2.39.2 - 2024-01-02
• 2.39.1 - 2023-12-18
• 2.39.0 - 2023-11-28
• 2.38.5 - 2023-11-20
• 2.38.4 - 2023-10-26
• 2.38.3 - 2023-10-24
• 2.38.2 - 2023-10-19

from @supabase/supabase-js GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[trag-bot]

@trag-bot didn't find any issues in the code! ✅✨

[trag-bot]

prBody:

1. Updated the version of the @supabase/supabase-js package from ^2.38.2 to ^2.45.4.
2. This change ensures compatibility with the latest features and improvements introduced in the Supabase library.
3. The update may include bug fixes that address issues present in the previous version.
4. It may also provide enhancements to existing functionalities, allowing for better integration with Supabase services.
5. The change is specifically made in the package.json file for the Expo push notifications example.
6. This update is part of an effort to keep dependencies current and aligned with the latest releases.
7. The new version may also improve security by addressing vulnerabilities found in earlier versions.
8. Testing will be required to ensure that the application behaves as expected with the updated library.
9. Documentation should be reviewed to reflect any changes in usage or API that may come with the new version.
10. This update is a step towards maintaining a modern and efficient codebase.