feat: SDK update for version 26.1.0

[ArnabChatterjee20k]

This PR contains updates to the SDK for version 26.1.0.

What's Changed

• Added: Realtime connections now send the configured JWT for authentication.
• Added: Forwarded impersonateUserId on avatars and storage file requests.
• Fixed: URL-encode path parameters across all services.
• Fixed: ping now sends an Accept: application/json header.

[greptile-apps]

Greptile Summary

This PR bumps the Web SDK to version 26.1.0, applying four changes across all service files: URL-encoding path parameters with encodeURIComponent, forwarding impersonateUserId on avatar and storage GET requests, threading the configured JWT into Realtime WebSocket URLs, and fixing ping to include an Accept: application/json header.

• Path-parameter encoding (account.ts, databases.ts, tables-db.ts, teams.ts, functions.ts, messaging.ts, presences.ts, storage.ts, avatars.ts): encodeURIComponent(String(param)) is applied consistently across every service — a correct, mechanical change.
• Realtime JWT auth (client.ts, realtime.ts): JWT is appended to the WebSocket query string only when this.config.jwt is truthy; the guard is present in both the Client and the Realtime service implementation.
• impersonateUserId forwarding (avatars.ts, storage.ts): this.client.config.impersonateuserid is assigned to the payload unconditionally; because Service.flatten does not filter empty values and the config field defaults to '', every avatar and storage URL gains an &impersonateuserid= parameter even when impersonation is not configured (flagged in the previous review round).

Confidence Score: 4/5

Safe to merge once the unconditional impersonateuserid append in avatars.ts and storage.ts is guarded — every request to those endpoints currently leaks an empty query parameter when impersonation is not in use.

The path-encoding fix and realtime JWT changes are correct. The outstanding concern is the unconditional payload['impersonateuserid'] = this.client.config.impersonateuserid assignment in seven avatar methods and three storage methods: Service.flatten passes all values through without filtering, so the empty-string default produces &impersonateuserid= on every URL for users who never call setImpersonateUserId. This was flagged in the previous review and remains unaddressed in the diff.

src/services/avatars.ts and src/services/storage.ts — the unconditional impersonateuserid payload assignment needs a guard mirroring the JWT pattern used elsewhere in this same PR.

Important Files Changed

Filename	Overview
src/services/avatars.ts	Adds encodeURIComponent for path params (correct) and unconditionally appends impersonateuserid to every avatar URL even when the config value is an empty string — already flagged as a P1 in the previous review round.
src/services/storage.ts	Same unconditional impersonateuserid append pattern as avatars.ts in download, preview, and view endpoints; path params now correctly URL-encoded.
src/client.ts	Version bump to 26.1.0; JWT appended to WebSocket URL query string when configured; ping gains Accept: application/json header.
src/services/realtime.ts	JWT correctly guarded with if (jwt) before being appended to the WebSocket URL; projectId left unencoded (pre-existing), consistent with prior behaviour.
src/services/databases.ts	All path parameters now URL-encoded; @deprecated JSDoc annotations added pointing to TablesDB replacements.
src/services/tables-db.ts	All path parameters now URL-encoded consistently across list, get, create, update, delete, increment, and decrement row operations.
src/services/account.ts	URL-encoding applied to all path parameters: identityId, MFA authenticator type, OAuth provider, sessionId, targetId — change is correct and complete.
src/services/teams.ts	URL-encoding applied uniformly to teamId, membershipId path segments across all team and membership endpoints.
src/services/functions.ts	URL-encoding added to functionId and executionId path parameters; no other logic changes.
src/services/messaging.ts	URL-encoding added to topicId and subscriberId path parameters.
src/services/presences.ts	URL-encoding added to presenceId path parameter across all four presence operations.

_{Reviews (2): Last reviewed commit: "chore: update Web SDK to 26.1.0" | Re-trigger Greptile}

[greptile-apps]

Misleading password placeholder in documentation examples

The previous placeholders ('' / '<OLD_PASSWORD>') were either clearly empty or explicitly tagged as placeholders. The new value 'password' reads like a literal password string that developers might copy verbatim into their code. A conventional placeholder such as '<NEW_PASSWORD>' and '<OLD_PASSWORD>' would make it unambiguous that these are template values to be replaced. The same pattern appears in docs/examples/account/create.md and docs/examples/account/update-recovery.md.

Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!