Build(deps): Bump @supabase/supabase-js from 2.95.3 to 2.106.1

[dependabot]

Bumps @supabase/supabase-js from 2.95.3 to 2.106.1.

Release notes

Sourced from @​supabase/supabase-js's releases.

v2.106.1

2.106.1 (2026-05-20)

🩹 Fixes

• auth: encode client-id in oauth requests (#2383)
• misc: hide dynamic import from hermesc (#2381)

❤️ Thank You

• Etienne Stalmans @​staaldraad
• Katerina Skroumpelou @​mandarini

v2.106.1-canary.1

2.106.1-canary.1 (2026-05-20)

🩹 Fixes

• misc: hide dynamic import from hermesc (#2381)

❤️ Thank You

• Katerina Skroumpelou @​mandarini

v2.106.1-canary.0

2.106.1-canary.0 (2026-05-20)

🩹 Fixes

• auth: encode client-id in oauth requests (#2383)

❤️ Thank You

• Etienne Stalmans @​staaldraad

v2.106.1-beta.3

2.106.1-beta.3 (2026-05-20)

🩹 Fixes

• auth: encode client-id in oauth requests (#2383)
• misc: otel import issue (8aa1ba2b)
• misc: add tests (459f429d)
• misc: address comments (6fdf9145)
• misc: another approach (334de162)
• misc: more fixes (26c6bbcb)
• misc: fix build (ebfbb428)
• misc: consolidate magic comments for rolldown (149ae914)
• misc: format (1a3f34b7)
• misc: trim comments (2c01bd16)

... (truncated)

Changelog

Sourced from @​supabase/supabase-js's changelog.

2.106.1 (2026-05-20)

🩹 Fixes

• misc: hide dynamic import from hermesc (#2381)

❤️ Thank You

• Katerina Skroumpelou @​mandarini

2.106.0 (2026-05-18)

🚀 Features

• supabase: W3C/OpenTelemetry trace context propagation (#2163)

🩹 Fixes

• release: mark @​supabase/tracing private and snapshot it for JSR (#2370)

❤️ Thank You

• Claude Sonnet 4.5
• Guilherme Souza
• Katerina Skroumpelou @​mandarini

2.105.4 (2026-05-08)

This was a version bump only for @​supabase/supabase-js to align it with other projects, there were no code changes.

2.105.2 (2026-05-04)

🩹 Fixes

• auth: forward lockAcquireTimeout to SupabaseAuthClient (#2309)
• misc: widen enum-like unions with (string & {}) for forward compat (#2303)

❤️ Thank You

• Muzzaiyyan Hussain @​MuzzaiyyanHussain

2.105.1 (2026-04-28)

This was a version bump only for @​supabase/supabase-js to align it with other projects, there were no code changes.

2.105.0 (2026-04-27)

🚀 Features

• auth: add passkey support with WebAuthn registration, authentication, and management (#2283)

... (truncated)

Commits

• 3f9628a fix(misc): hide dynamic import from hermesc (#2381)
• 1761a62 chore(release): version 2.106.0 changelogs (#2379)
• 1c48755 chore(deps): cleanups and updates (#2371)
• 9dfba1c chore(repo): migrate to pnpm (#2368)
• 6731c4a fix(release): mark @​supabase/tracing private and snapshot it for JSR (#2370)
• 2fe1801 feat(supabase): W3C/OpenTelemetry trace context propagation (#2163)
• fae6772 chore(repo): update to nx 22 (#2353)
• c6f7a38 chore(release): version 2.105.4 changelogs (#2342)
• db53b0f chore(release): version 2.105.2 changelogs (#2323)
• 5223888 [patchback] docs(repo): @​category and @​subcategory tags across all packages (...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.