Skip to content

Bump github.com/pocketbase/pocketbase from 0.24.4 to 0.25.9#27

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/github.com/pocketbase/pocketbase-0.25.9
Closed

Bump github.com/pocketbase/pocketbase from 0.24.4 to 0.25.9#27
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/github.com/pocketbase/pocketbase-0.25.9

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 6, 2025

Bumps github.com/pocketbase/pocketbase from 0.24.4 to 0.25.9.

Release notes

Sourced from github.com/pocketbase/pocketbase's releases.

v0.25.9 Release

To update the prebuilt executable you can run ./pocketbase update.

  • Fixed DynamicModel object/array props reflect type caching (#6563).

v0.25.8 Release

To update the prebuilt executable you can run ./pocketbase update.

  • Added a default leeway of 5 minutes for the Apple/OIDC id_token timestamp claims check to account for clock-skew (#6529). It can be further customized if needed with the PB_ID_TOKEN_LEEWAY env variable (the value must be in seconds, e.g. PB_ID_TOKEN_LEEWAY=60 for 1 minute).

v0.25.7 Release

To update the prebuilt executable you can run ./pocketbase update.

  • Fixed @request.body.jsonObjOrArr.* values extraction (#6493).

v0.25.6 Release

To update the prebuilt executable you can run ./pocketbase update.

  • Restore the missing meta.isNew field of the OAuth2 success response (#6490).

  • Updated npm dependencies.

v0.25.5 Release

To update the prebuilt executable you can run ./pocketbase update.

  • Set the current working directory as a default goja script path when executing inline JS strings to allow require(m) traversing parent node_modules directories.

  • Updated modernc.org/sqlite and modernc.org/libc dependencies.

v0.25.4 Release

To update the prebuilt executable you can run ./pocketbase update.

  • Downgraded aws-sdk-go-v2 to the version before the default data integrity checks because there have been reports for non-AWS S3 providers in addition to Backblaze (IDrive, R2) that no longer or partially work with the latest AWS SDK changes.

    While we try to enforce when_required by default, it is not enough to disable the new AWS SDK integrity checks entirely and some providers will require additional manual adjustments to make them compatible with the latest AWS SDK (e.g. removing the x-aws-checksum-* headers, unsetting the checksums calculation or reinstantiating the old MD5 checksums for some of the required operations, etc.) which as a result leads to a configuration mess that I'm not sure it would be a good idea to introduce.

    This unfortunately is not a PocketBase or Go specific issue and the official AWS SDKs for other languages are in the same situation (even the latest aws-cli).

    For those of you that extend PocketBase with Go: if your S3 vendor doesn't support the AWS Data integrity checks and you are updating with go get -u, then make sure that the aws-sdk-go-v2 dependencies in your go.mod are the same as in the repo:

    // go.mod
github.com/aws/aws-sdk-go-v2 v1.36.1
github.com/aws/aws-sdk-go-v2/config v1.28.10
github.com/aws/aws-sdk-go-v2/credentials v1.17.51
github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.48
github.com/aws/aws-sdk-go-v2/service/s3 v1.72.2

    // after that run
    
go clean -modcache && go mod tidy

... (truncated)

Changelog

Sourced from github.com/pocketbase/pocketbase's changelog.

v0.25.9

  • Fixed DynamicModel object/array props reflect type caching (#6563).

v0.25.8

  • Added a default leeway of 5 minutes for the Apple/OIDC id_token timestamp claims check to account for clock-skew (#6529). It can be further customized if needed with the PB_ID_TOKEN_LEEWAY env variable (the value must be in seconds, e.g. "PB_ID_TOKEN_LEEWAY=60" for 1 minute).

v0.25.7

  • Fixed @request.body.jsonObjOrArr.* values extraction (#6493).

v0.25.6

  • Restore the missing meta.isNew field of the OAuth2 success response (#6490).

  • Updated npm dependencies.

v0.25.5

  • Set the current working directory as a default goja script path when executing inline JS strings to allow require(m) traversing parent node_modules directories.

  • Updated modernc.org/sqlite and modernc.org/libc dependencies.

v0.25.4

  • Downgraded aws-sdk-go-v2 to the version before the default data integrity checks because there have been reports for non-AWS S3 providers in addition to Backblaze (IDrive, R2) that no longer or partially work with the latest AWS SDK changes.

    While we try to enforce when_required by default, it is not enough to disable the new AWS SDK integrity checks entirely and some providers will require additional manual adjustments to make them compatible with the latest AWS SDK (e.g. removing the x-aws-checksum-* headers, unsetting the checksums calculation or reinstantiating the old MD5 checksums for some of the required operations, etc.) which as a result leads to a configuration mess that I'm not sure it would be a good idea to introduce.

    This unfornuatelly is not a PocketBase or Go specific issue and the official AWS SDKs for other languages are in the same situation (even the latest aws-cli).

    For those of you that extend PocketBase with Go: if your S3 vendor doesn't support the AWS Data integrity checks and you are updating with go get -u, then make sure that the aws-sdk-go-v2 dependencies in your go.mod are the same as in the repo:

    // go.mod
github.com/aws/aws-sdk-go-v2 v1.36.1
github.com/aws/aws-sdk-go-v2/config v1.28.10
github.com/aws/aws-sdk-go-v2/credentials v1.17.51
github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.48
github.com/aws/aws-sdk-go-v2/service/s3 v1.72.2

    // after that run
    
go clean -modcache && go mod tidy

... (truncated)

Commits
  • 3912874 updated changelog
  • 5c58703 #6563 fixed DynamicModel object/array props reflect type caching
  • 4155f50 #6529 added default leeway for the id_token checks
  • 653f2d8 #6493 fixed request.body.json.* values extraction
  • d607695 #6490 restore meta.isNew OAuth2 response field
  • 3f51fb9 updated modernc deps and bumped app version
  • 4d40463 specified a default goja script name when executing plain JS strings
  • 5aa3809 dowgraded aws-sdk-go-v2
  • c0b7762 #6440 added a temporary exception for Backblaze S3 endpoints to exclude the...
  • 2e26f61 updated changelog
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump github.com/pocketbase/pocketbase from 0.24.4 to 0.25.9
c176531 
Bumps [github.com/pocketbase/pocketbase](https://github.com/pocketbase/pocketbase) from 0.24.4 to 0.25.9.
- [Release notes](https://github.com/pocketbase/pocketbase/releases)
- [Changelog](https://github.com/pocketbase/pocketbase/blob/master/CHANGELOG.md)
- [Commits](pocketbase/pocketbase@v0.24.4...v0.25.9)

---
updated-dependencies:
- dependency-name: github.com/pocketbase/pocketbase
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Mar 6, 2025
@dependabot dependabot bot mentioned this pull request Mar 6, 2025
Closed
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Mar 17, 2025

Superseded by #29.

@dependabot dependabot bot closed this Mar 17, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants