[Snyk] Upgrade @nuxtjs/supabase from 1.4.6 to 1.6.2

[CedricDeVon]

Snyk has created this PR to upgrade @nuxtjs/supabase from 1.4.6 to 1.6.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 64 versions ahead of your current version.

• The recommended version was released 4 months ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Directory Traversal SNYK-JS-SUPABASEAUTHJS-10255365	479	No Known Exploit

Release notes

Package name: @nuxtjs/supabase

• 1.6.2 - 2025-09-09
  

  🐛 Bug Fixes

  • fix(cookies): guard writes when response headers already in #525

  ❤️ New Contributors

  • @ nicokempe made their first contribution in #525
  • @ Shooteger made their first contribution in #523

  Full Changelog: v1.6.1...v1.6.2

• 1.6.1 - 2025-08-22
  

  🐛 Bug Fixes

  • types: use "unjs/pathe" to make the exported type use relative path by @ Chrissi2812 in #516
  • demo: database types (8da11e6)
  • demo: link module (25cae97)
  • playground: database types (58549ab)

  New Contributors

  • @ Chrissi2812 made their first contribution in #516

  Full Changelog: v1.6.0...v1.6.1

• 1.6.0 - 2025-07-22
  

  Nuxt Supabase module is now compatible with Nuxt v4.

  Please read the uprade guide to learn how to upgrade to the latest Nuxt version.

  Full Changelog: v1.5.3...v1.6.0

• 1.5.4-20250721-080756-6a3a67c - 2025-07-21
• 1.5.4-20250721-075654-a957f79 - 2025-07-21
• 1.5.4-20250701-083244-0adb7d1 - 2025-07-01
• 1.5.4-20250627-093649-f078099 - 2025-06-27
• 1.5.4-20250627-093417-0248604 - 2025-06-27
• 1.5.4-20250627-092848-1fa5efb - 2025-06-27
• 1.5.3 - 2025-06-27
  

  1.5.3 (2025-06-27)

  Bug Fixes

  • ci: pnpm version (1acc409)
  • config: logo paths (891d3c8)
  • deps: upgrade supabase-js (162e559)
• 1.5.3-20250627-092650-1acc409 - 2025-06-27
• 1.5.3-20250617-152820-bc2d141 - 2025-06-17
• 1.5.3-20250617-131538-891d3c8 - 2025-06-17
• 1.5.3-20250617-101001-b1c8e1a - 2025-06-17
• 1.5.3-20250616-094548-aeff93b - 2025-06-16
• 1.5.3-20250616-091245-285b8e7 - 2025-06-16
• 1.5.3-20250612-091638-79f161b - 2025-06-12
• 1.5.3-20250612-091311-b7c55ea - 2025-06-12
• 1.5.3-20250612-090733-5b87b6c - 2025-06-12
• 1.5.3-20250612-090332-fbe9559 - 2025-06-12
• 1.5.2 - 2025-06-12
  

  1.5.2 (2025-06-12)

  Bug Fixes

  • demo: login screen height (09f697b)
  • demo: redirect github provider (be12884)
  • demo: redirect url for github provider (1fd67f8)
  • demo: remove toggle (e741537)
  • demo: use head (65832ba)
• 1.5.2-20250612-085749-99b3885 - 2025-06-12
• 1.5.2-20250612-085515-010ff5f - 2025-06-12
• 1.5.2-20250523-101344-e741537 - 2025-05-23
• 1.5.2-20250523-094807-e184337 - 2025-05-23
• 1.5.2-20250523-093937-71b2191 - 2025-05-23
• 1.5.2-20250523-093728-0ce82ea - 2025-05-23
• 1.5.2-20250523-091733-f692a5a - 2025-05-23
• 1.5.2-20250522-082215-65832ba - 2025-05-22
• 1.5.2-20250521-213811-09f697b - 2025-05-21
• 1.5.2-20250521-212807-6c161be - 2025-05-21
• 1.5.2-20250521-211041-1fd67f8 - 2025-05-21
• 1.5.2-20250521-210003-be12884 - 2025-05-21
• 1.5.2-20250521-204802-e77f9b9 - 2025-05-21
• 1.5.2-20250521-154620-a5fdfe4 - 2025-05-21
• 1.5.2-20250513-083107-e237204 - 2025-05-13
• 1.5.2-20250513-081507-af88b01 - 2025-05-13
• 1.5.1 - 2025-05-13
  

  1.5.1 (2025-05-13)

  📖 New Documentation

  https://supabase.nuxtjs.org/

  First Nuxt module documentation built with Docus v2 powered by Nuxt UI Pro (coming soon 👀)

  🐛 Bug Fixes

  • plugins: do not set states on client (#490) (6152a64)
  • serverSupabaseClient: pass H3Event into useRuntimeConfig (#491) (548e21e)
• 1.5.1-20250513-081139-6152a64 - 2025-05-13
• 1.5.1-20250507-152647-116e7bc - 2025-05-07
• 1.5.1-20250507-151621-ad39fd5 - 2025-05-07
• 1.5.1-20250507-144712-b68323c - 2025-05-07
• 1.5.1-20250507-144615-54b13f1 - 2025-05-07
• 1.5.1-20250507-144539-79a77ad - 2025-05-07
• 1.5.1-20250507-142059-13476cc - 2025-05-07
• 1.5.1-20250507-132306-410463e - 2025-05-07
• 1.5.1-20250507-130758-aa719d1 - 2025-05-07
• 1.5.1-20250506-160232-ab685fd - 2025-05-06
• 1.5.1-20250506-153253-e0cbd07 - 2025-05-06
• 1.5.1-20250506-152735-312f331 - 2025-05-06
• 1.5.1-20250506-152025-44f899e - 2025-05-06
• 1.5.1-20250506-145213-b2d2dca - 2025-05-06
• 1.5.1-20250506-141515-6ee3f8e - 2025-05-06
• 1.5.1-20250506-140734-57b5776 - 2025-05-06
• 1.5.1-20250506-140357-e283834 - 2025-05-06
• 1.5.1-20250506-135817-1a15832 - 2025-05-06
• 1.5.1-20250506-130717-6ce1f40 - 2025-05-06
• 1.5.1-20250506-130540-d2008e0 - 2025-05-06
• 1.5.1-20250505-120850-548e21e - 2025-05-05
• 1.5.1-20250409-075938-fc284c0 - 2025-04-09
• 1.5.1-20250409-075900-f69899f - 2025-04-09
• 1.5.1-20250304-101902-be41d94 - 2025-03-04
• 1.5.0 - 2025-03-04
  

  1.5.0 (2025-03-04)

  Bug Fixes

  This release addresses multiple inconsistencies with cookie handling x customization that might fix several issues:

  • Setting persistSession: false still persists auth session (#390)
  • The module doesn't recognize supabase.clientOptions.auth.flowType key (#449)
  • Detecting session in URL is not working when sending "Password recovery" email manually from Supabase dashboard (#397)
  • Static Hosting: Client side only rendering gives error when signing in with email - pw (#138)

  Features

  • Added useSsrCookies option (default: true) → Resolves #186

  This new option controls whether the module uses cookies to share session info between server and client. You must enable this option if you need to access session or user info from the server. It will use the SSR client from the @ supabase/ssr library.

  When disabled, the module will use the default Supabase client from the @ supabase/supabase-js library which stores session info in local storage. This is useful in certain cases, such as statically generated sites or mobile apps where cookies might not be available.

  • Renamed cookieName → cookiePrefix – More accurate naming.

  • Renamed cookieRedirect → saveRedirectToCookie – More accurate naming.

  • New useSupabaseCookieRedirect composable – Simplifies handling redirect cookies without hardcoded names

  • Docs updated:

    • useSsrCookies → https://supabase.nuxtjs.org/get-started#usessrcookies
    • cookiePrefix → https://supabase.nuxtjs.org/get-started#cookieprefixa
    • saveRedirectToCookie→ https://supabase.nuxtjs.org/get-started#redirectoptions
    • useSupabaseCookieRedirect → https://supabase.nuxtjs.org/usage/composables/usesupabasecookieredirect

  Breaking Changes?

  No. useSsrCookies default value keep the old behaviour and deprecated options (cookieName, cookieRedirect) maintain backward compatibility.

  Contributor 💚

  A massive thanks to @ Jordan-Ellis for this improvement.

• 1.4.7-20250228-164219-e3f6a24 - 2025-02-28
• 1.4.6 - 2025-01-20
  

  What's Changed

  Bug Fixes

  • serverSupabaseServiceRole: Pass H3Event into useRuntimeConfig (#450) (2de1c08)

  Full changelog (2025-01-20)

  Contributors 💚

  @ blackburn32

from @nuxtjs/supabase GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
vsu-ihs-connect-system	Ready	Preview, Comment	Dec 24, 2025 9:03pm