releases.shpreview
Supabase/Supabase Changelog/PostgREST 13

PostgREST 13

September 30, 2025Supabase ChangelogView original ↗
$npx -y @buildinternet/releases show rel_Alo3w-znIDovLaHncCGXS

PostgREST 13 is out! It comes with API and Observability improvements.

Spread To-Many relationships

This new feature allows you to represent one-to-many and many-to-many relationships as flat JSON arrays.

For example, you can now query hierarchical JSON structures like:

[
  {
    "title": "The Shawshank Redemption",
    "actors": ["Tim Robbins", "Morgan Freeman"],
    "genres": ["Drama"]
  },
  {
    "title": "The Godfather",
    "actors": ["Marlon Brando", "Al Pacino"],
    "genres": ["Drama", "Crime"]
  },
  {
    "title": "The Dark Knight",
    "actors": ["Christian Bale", "Heath Ledger"],
    "genres": ["Drama", "Crime", "Action"]
  }
]

Using the spread operator:

const { data, error } = await supabase.from('titles').select(`
  title:primary_title,
  ...people(actors:primary_name),
  ...genres(genres:name)
`)

Automatic tsvector conversion

You can now use full text search on text and json/jsonb columns in addition to tsvector columns:

const { data, error } = await supabase.from('titles').textSearch('primary_name', `'god' & 'father'`)

Text and JSON/JSONB columns are automatically converted with to_tsvector. For performance, add an index:

create index idx_titles on people
using gin (to_tsvector('english', primary_name));

Max Affected

Limit the number of rows affected by update or delete operations:

const { data, error } = await supabase
  .from('people')
  .update({ primary_name: 'Marlon Brando Jr.' })
  .eq('nconst', 'nm0000008')
  .maxAffected(1)

If rows affected exceed the limit, an error is thrown. This also works with rpc() calls that modify rows.

Content-Length header

Response body size in bytes is now available in the Content-Length header:

HTTP/1.1 200 OK
Content-Length: 104
Content-Location: /items

This helps identify requests consuming the most traffic to avoid exceeding egress limits.

Proxy-Status header

The PostgREST error code is now present in the Proxy-Status header:

HTTP/1.1 406 Not Acceptable
Proxy-Status: PostgREST; error=PGRST116

You can check these headers in the Supabase Logs Explorer.

Breaking Changes

JWT kid validation

PostgREST now validates the JWT kid claim, matching it against the configured JSON Web Key Set. If you use Supabase Auth or the CLI, this is handled automatically. For integrations with other Auth systems, ensure both JWT and JWKS follow these rules.

Schema validation in PostgREST search path

Schemas in db-schemas and db-extra-search-path are now validated. Non-existent schemas will cause PostgREST to fail. When dropping a schema during migration, sync it with the PostgREST search path:

begin;
drop schema old_schema;
alter role authenticator set pgrst.db_schemas = 'public, pg_graphql, others';
commit;

Try it out

PostgREST v13 is now available for all new projects on Supabase. Existing projects can upgrade to get this new version. See the full changelog for more details.

Fetched March 31, 2026