Bump github.com/pocketbase/pocketbase from 0.24.4 to 0.27.0

[dependabot]

Bumps github.com/pocketbase/pocketbase from 0.24.4 to 0.27.0.

Release notes

Sourced from github.com/pocketbase/pocketbase's releases.

v0.27.0 Release

To update the prebuilt executable you can run ./pocketbase update.

• ⚠️ Moved the Create and Manage API rule checks out of the OnRecordCreateRequest hook finalizer, aka. now all CRUD API rules are checked BEFORE triggering their corresponding *Request hook. This was done to minimize the confusion regarding the firing order of the request operations, making it more predictable and consistent with the other record List/View/Update/Delete request actions. It could be a minor breaking change if you are relying on the old behavior and have a Go tests.ApiScenario that is testing a Create API rule failure and expect OnRecordCreateRequest to be fired. In that case for example you may have to update your test scenario like:

  tests.ApiScenario{
      Name:   "Example test that checks a Create API rule failure"
      Method: http.MethodPost,
      URL:    "/api/collections/example/records",
      ...
      // old:
      ExpectedEvents:  map[string]int{
          "*":                     0,
          "OnRecordCreateRequest": 1,
      },
      // new:
      ExpectedEvents:  map[string]int{"*": 0},
  }

  If you are having difficulties adjusting your code, feel free to open a Q&A discussion with the failing/problematic code sample.

• Added new geoPoint field for storing {"lon":x,"lat":y} geographic coordinates. In addition, a new geoDistance(lonA, lotA, lonB, lotB) function was also implemented that could be used to apply an API rule or filter constraint based on the distance (in km) between 2 geo points.

• Updated the select field UI to accommodate better larger lists and RTL languages (#4674).

• Updated the mail attachments auto MIME type detection to use gabriel-vasile/mimetype for consistency and broader sniffing signatures support.

• Forced text/javascript Content-Type when serving .js/.mjs collection uploaded files with the /api/files/... endpoint (#6597).

• Added second optional JSVM DateTime constructor argument for specifying a default timezone as TZ identifier when parsing the date string as alternative to a fixed offset in order to better handle daylight saving time nuances (#6688):

  // the same as with CET offset: new DateTime("2025-10-26 03:00:00 +01:00")
  new DateTime("2025-10-26 03:00:00", "Europe/Amsterdam") // 2025-10-26 02:00:00.000Z
  // the same as with CEST offset: new DateTime("2025-10-26 01:00:00 +02:00")
  new DateTime("2025-10-26 01:00:00", "Europe/Amsterdam") // 2025-10-25 23:00:00.000Z

• Soft-deprecated the $http.send's result.raw field in favor of result.body that contains the response body as plain bytes slice to avoid the discrepancies between Go and the JSVM when casting binary data to string.

• Updated modernc.org/sqlite to 1.37.0.

• Other minor improvements (removed the superuser fields from the auth record create/update body examples, allowed programmatically updating the auth record password from the create/update hooks, fixed collections import error response, etc.).

v0.26.6 Release

To update the prebuilt executable you can run ./pocketbase update.

... (truncated)

Changelog

Sourced from github.com/pocketbase/pocketbase's changelog.

v0.27.0

• ⚠️ Moved the Create and Manage API rule checks out of the OnRecordCreateRequest hook finalizer, aka. now all CRUD API rules are checked BEFORE triggering their corresponding *Request hook. This was done to minimize the confusion regarding the firing order of the request operations, making it more predictable and consistent with the other record List/View/Update/Delete request actions. It could be a minor breaking change if you are relying on the old behavior and have a Go tests.ApiScenario that is testing a Create API rule failure and expect OnRecordCreateRequest to be fired. In that case for example you may have to update your test scenario like:

  tests.ApiScenario{
      Name:   "Example test that checks a Create API rule failure"
      Method: http.MethodPost,
      URL:    "/api/collections/example/records",
      ...
      // old:
      ExpectedEvents:  map[string]int{
          "*":                     0,
          "OnRecordCreateRequest": 1,
      },
      // new:
      ExpectedEvents:  map[string]int{"*": 0},
  }

  If you are having difficulties adjusting your code, feel free to open a Q&A discussion with the failing/problematic code sample.

• Added new geoPoint field for storing {"lon":x,"lat":y} geographic coordinates. In addition, a new geoDistance(lonA, lotA, lonB, lotB) function was also implemented that could be used to apply an API rule or filter constraint based on the distance (in km) between 2 geo points.

• Updated the select field UI to accommodate better larger lists and RTL languages (#4674).

• Updated the mail attachments auto MIME type detection to use gabriel-vasile/mimetype for consistency and broader sniffing signatures support.

• Forced text/javascript Content-Type when serving .js/.mjs collection uploaded files with the /api/files/... endpoint (#6597).

• Added second optional JSVM DateTime constructor argument for specifying a default timezone as TZ identifier when parsing the date string as alternative to a fixed offset in order to better handle daylight saving time nuances (#6688):

  // the same as with CET offset: new DateTime("2025-10-26 03:00:00 +01:00")
  new DateTime("2025-10-26 03:00:00", "Europe/Amsterdam") // 2025-10-26 02:00:00.000Z
  // the same as with CEST offset: new DateTime("2025-10-26 01:00:00 +02:00")
  new DateTime("2025-10-26 01:00:00", "Europe/Amsterdam") // 2025-10-25 23:00:00.000Z

• Soft-deprecated the $http.send's result.raw field in favor of result.body that contains the response body as plain bytes slice to avoid the discrepancies between Go and the JSVM when casting binary data to string.

• Updated modernc.org/sqlite to 1.37.0.

• Other minor improvements (removed the superuser fields from the auth record create/update body examples, allowed programmatically updating the auth record password from the create/update hooks, fixed collections import error response, etc.).

v0.26.6

• Allow OIDC email_verified to be int or boolean string since some OIDC providers like AWS Cognito has non-standard userinfo response (#6657).

... (truncated)

Commits

• a2b89d7 updated changelog
• 6988bf0 updated leaflet search autocomplete z-index
• 02c9754 regenerated jsvm types
• c7ebd68 updated changelog
• 0876413 added types.GeoPoint.AsMap method
• c0fe600 updated npm deps and bumped app version
• aec4870 reversed the default geoPoint column props for consistency with the types.Geo...
• bf9a7b1 updated changelog and exposed search.TokenFunctions
• 46186f8 #6718 fixed collections import error response
• 4cc7970 updated dependencies and golangci-lint to v2
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #34.