Skip to content

Bump github.com/pocketbase/pocketbase from 0.24.4 to 0.25.4#21

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/github.com/pocketbase/pocketbase-0.25.4
Closed

Bump github.com/pocketbase/pocketbase from 0.24.4 to 0.25.4#21
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/github.com/pocketbase/pocketbase-0.25.4

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 12, 2025

Bumps github.com/pocketbase/pocketbase from 0.24.4 to 0.25.4.

Release notes

Sourced from github.com/pocketbase/pocketbase's releases.

v0.25.4 Release

To update the prebuilt executable you can run ./pocketbase update.

  • Downgraded aws-sdk-go-v2 to the version before the default data integrity checks because there have been reports for non-AWS S3 providers in addition to Backblaze (IDrive, R2) that no longer or partially work with the latest AWS SDK changes.

    While we try to enforce when_required by default, it is not enough to disable the new AWS SDK integrity checks entirely and some providers will require additional manual adjustments to make them compatible with the latest AWS SDK (e.g. removing the x-aws-checksum-* headers, unsetting the checksums calculation or reinstantiating the old MD5 checksums for some of the required operations, etc.) which as a result leads to a configuration mess that I'm not sure it would be a good idea to introduce.

    This unfornuatelly is not a PocketBase or Go specific issue and the official AWS SDKs for other languages are in the same situation (even the latest aws-cli).

    For those of you that extend PocketBase with Go: if your S3 vendor doesn't support the AWS Data integrity checks and you are updating with go get -u, then make sure that the aws-sdk-go-v2 dependencies in your go.mod are the same as in the repo:

    // go.mod
github.com/aws/aws-sdk-go-v2 v1.36.1
github.com/aws/aws-sdk-go-v2/config v1.28.10
github.com/aws/aws-sdk-go-v2/credentials v1.17.51
github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.48
github.com/aws/aws-sdk-go-v2/service/s3 v1.72.2

    // after that run
    
go clean -modcache && go mod tidy

    The versions pinning is temporary until the non-AWS S3 vendors patch their implementation or until I manage to find time to remove/replace the aws-sdk-go-v2 dependency (I'll consider prioritizing it for the v0.26 or v0.27 release).

v0.25.3 Release

To update the prebuilt executable you can run ./pocketbase update.

  • Added a temporary exception for Backblaze S3 endpoints to exclude the new aws-sdk-go-v2 checksum headers (#6440).

v0.25.2 Release

To update the prebuilt executable you can run ./pocketbase update.

  • Fixed realtime delete event not being fired for RecordProxy-ies and added basic realtime record resolve automated tests (#6433).

v0.25.1 Release

To update the prebuilt executable you can run ./pocketbase update.

  • Fixed the batch API Preview success sample response.

  • Bumped GitHub action min Go version to 1.23.6 as it comes with a minor security fix for the ppc64le build.

v0.25.0 Release

To update the prebuilt executable you can run ./pocketbase update.

  • ⚠️ Upgraded Google OAuth2 auth, token and userinfo endpoints to their latest versions. For users that don't do anything custom with the Google OAuth2 data or the OAuth2 auth URL, this should be a non-breaking change. The exceptions that I could find are:
    • /v3/userinfo auth response changes: 
      meta.rawUser.id             => meta.rawUser.sub
meta.rawUser.verified_email => meta.rawUser.email_verified

... (truncated)

Changelog

Sourced from github.com/pocketbase/pocketbase's changelog.

v0.25.4

  • Downgraded aws-sdk-go-v2 to the version before the default data integrity checks because there have been reports for non-AWS S3 providers in addition to Backblaze (IDrive, R2) that no longer or partially work with the latest AWS SDK changes.

    While we try to enforce when_required by default, it is not enough to disable the new AWS SDK integrity checks entirely and some providers will require additional manual adjustments to make them compatible with the latest AWS SDK (e.g. removing the x-aws-checksum-* headers, unsetting the checksums calculation or reinstantiating the old MD5 checksums for some of the required operations, etc.) which as a result leads to a configuration mess that I'm not sure it would be a good idea to introduce.

    This unfornuatelly is not a PocketBase or Go specific issue and the official AWS SDKs for other languages are in the same situation (even the latest aws-cli).

    For those of you that extend PocketBase with Go: if your S3 vendor doesn't support the AWS Data integrity checks and you are updating with go get -u, then make sure that the aws-sdk-go-v2 dependencies in your go.mod are the same as in the repo:

    // go.mod
github.com/aws/aws-sdk-go-v2 v1.36.1
github.com/aws/aws-sdk-go-v2/config v1.28.10
github.com/aws/aws-sdk-go-v2/credentials v1.17.51
github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.48
github.com/aws/aws-sdk-go-v2/service/s3 v1.72.2

    // after that run
    
go clean -modcache && go mod tidy

    The versions pinning is temporary until the non-AWS S3 vendors patch their implementation or until I manage to find time to remove/replace the aws-sdk-go-v2 dependency (I'll consider prioritizing it for the v0.26 or v0.27 release).

v0.25.3

  • Added a temporary exception for Backblaze S3 endpoints to exclude the new aws-sdk-go-v2 checksum headers (#6440).

v0.25.2

  • Fixed realtime delete event not being fired for RecordProxy-ies and added basic realtime record resolve automated tests (#6433).

v0.25.1

  • Fixed the batch API Preview success sample response.

  • Bumped GitHub action min Go version to 1.23.6 as it comes with a minor security fix for the ppc64le build.

v0.25.0

  • ⚠️ Upgraded Google OAuth2 auth, token and userinfo endpoints to their latest versions. For users that don't do anything custom with the Google OAuth2 data or the OAuth2 auth URL, this should be a non-breaking change. The exceptions that I could find are:
    • /v3/userinfo auth response changes: 
      meta.rawUser.id             => meta.rawUser.sub
meta.rawUser.verified_email => meta.rawUser.email_verified
    • /v2/auth query parameters changes:

... (truncated)

Commits
  • 5aa3809 dowgraded aws-sdk-go-v2
  • c0b7762 #6440 added a temporary exception for Backblaze S3 endpoints to exclude the...
  • 2e26f61 updated changelog
  • 59f98ca fixed flaky realtime record resolve test
  • 2a1fdc1 added realtime api record resolve tests
  • f767af0 bumped app version
  • 920e893 #6433 fixed realtime delete event for RecordProxy and other custom record m...
  • 048e534 bumped app version
  • acd7210 fixed batch API Preview sample response
  • fa343c3 fixed changelog typos
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump github.com/pocketbase/pocketbase from 0.24.4 to 0.25.4
3145ca8 
Bumps [github.com/pocketbase/pocketbase](https://github.com/pocketbase/pocketbase) from 0.24.4 to 0.25.4.
- [Release notes](https://github.com/pocketbase/pocketbase/releases)
- [Changelog](https://github.com/pocketbase/pocketbase/blob/master/CHANGELOG.md)
- [Commits](pocketbase/pocketbase@v0.24.4...v0.25.4)

---
updated-dependencies:
- dependency-name: github.com/pocketbase/pocketbase
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Feb 12, 2025
@dependabot dependabot bot mentioned this pull request Feb 12, 2025
Closed
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Feb 19, 2025

Superseded by #23.

@dependabot dependabot bot closed this Feb 19, 2025
@dependabot dependabot bot deleted the dependabot/go_modules/github.com/pocketbase/pocketbase-0.25.4 branch February 19, 2025 16:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants