PocketBase - Package Updates

Package Updates

[1.4.2]

• Update pocketbase to 0.27.2
• Full Changelog
• Added workers pool when cascade deleting record files to minimize "thread exhaustion" errors (#​6780).
• Updated the :excerpt fields modifier to properly account for multibyte characters (#​6778).
• Use rowid as count column for non-view collections to minimize the need of having the id field in a covering index (#​6739)

Package Updates

[1.5.0]

• Update pocketbase to 0.28.0
• Full Changelog
• Write the default response body of *Request hooks that are wrapped in a transaction after the related transaction completes to allow propagating the transaction error (#​6462).
• Updated app.DB() to automatically routes raw write SQL statements to the nonconcurrent db pool (#​6689).
• Changed the default json field max size to 1MB.
• Soft-deprecated and replaced filesystem.System.GetFile(fileKey) with filesystem.System.GetReader(fileKey) to avoid the confusion with filesystem.File.
• Added new filesystem.System.GetReuploadableFile(fileKey, preserveName) method to return an existing blob as a *filesystem.File value (#​6792).

Package Updates

[1.5.1]

• Update pocketbase to 0.28.1
• Full Changelog
• Fixed json_each/json_array_length normalizations to properly check for array values (#​6835).

Package Updates

[1.5.2]

• Update pocketbase to 0.28.2
• Full Changelog
• Loaded latin-ext charset for the default text fonts (#​6869).
• Updated view query CAST regex to properly recognize multiline expressions (#​6860; thanks @​azat-ismagilov).
• Updated Go and npm dependencies.

Package Updates

[1.5.3]

• Update pocketbase to 0.28.3
• Full Changelog
• Skip sending empty Range header when fetching blobs from S3 (#6914).
• Updated Go deps and particularly modernc.org/sqlite to 1.38.0 (SQLite 3.50.1).
• Bumped GitHub action min Go version to 1.23.10 as it comes with some minor security net/http fixes.

Package Updates

[1.5.4]

• Update pocketbase to 0.28.4
• Full Changelog
• Added global JSVM toBytes() helper to return the bytes slice representation of a value such as io.Reader or string (other types are first serialized to Go string).
• Fixed security.RandomStringByRegex random distribution (#​6947; thanks @​yerTools).
• Minor docs and typos fixes.

Package Updates

[1.6.0]

• Update pocketbase to 0.29.0
• Full Changelog
• Enabled calling the /auth-refresh endpoint with nonrenewable tokens.
• Added the triggered rate rimit rule in the error log details.
• Added optional ServeEvent.Listener field to initialize a custom network listener (e.g. unix) instead of the default tcp (#​3233).
• Added toBytes JSVM helper (#​6935).
• Fixed request data unmarshalization for the DynamicModel array/object fields (#​7022).
• Fixed Dashboard page title - escaping (#​6982).
• Other minor improvements (updated first superuser console text when running with go run, clarified trusted IP proxy header label, wrapped the backup restore in a transaction as an extra precaution, updated deps, etc.).

Package Updates

[1.6.1]

• Update pocketbase to 0.29.1
• Full Changelog
• Updated the X/Twitter provider to return the confirmed_email field and to use the x.com domain (#​7035).
• Added Box.com OAuth2 provider (#​7056; thanks @​blakepatteson).
• Updated modernc.org/sqlite to 1.38.2 (SQLite 3.50.3).
• Fixed example List API response (#​7049; thanks @​williamtguerra).

Package Updates

[1.6.2]

• Update pocketbase to 0.29.2
• Full Changelog
• Bumped min Go GitHub action version to 1.23.12 since it comes with some minor fixes for the runtime and database/sql package.

Package Updates

[1.6.3]

• Update pocketbase to 0.29.3
• Full Changelog
• Try to forward Apple OAuth2 POST redirect user's name so that it can be returned (and eventually assigned) with the success response of the all-in-one auth call (#​7090).
• Fixed RateLimitRule.Audience code comment (#​7098; thanks @​iustin05).
• Mocked syscall.Exec when building for WASM (#​7116; thanks @​joas8211).
• Registered missing $filesystem, $mails, $template and __hooks bindings in the JSVM migrations (#​7125).
• Regenerated JSVM types to include methods from structs with single generic parameter.

Package Updates

[1.7.0]

• Update pocketbase to 0.30.0
• Full Changelog
• Eagerly escape the S3 request path following the same rules as in the S3 signing header (#7153).
• Added Lark OAuth2 provider (#7130; thanks @mashizora).
• Increased test tokens exp claim to minimize eventual issues with reproducible builds (#7123).
• Added os.Root bindings to the JSVM ($os.openRoot, $os.openInRoot).
• Added osutils.IsProbablyGoRun() helper to loosely check if the program was started using go run.
• Various minor UI improvements (updated collections indexes UI, enabled seconds in the datepicker, updated helper texts, etc.).
• Updated the minimum package Go version to 1.24.0 and bumped Go dependencies.

Package Updates

[1.7.1]

• Update pocketbase to 0.30.1
• Full Changelog
• Excluded the lost+found directory from the backups (#​7208; thanks @​lbndev).
• Minor tests improvements (disabled initial superuser creation for the test app to avoid cluttering the std output, added more tests for the s3.Uploader.MaxConcurrency, etc.).
• Updated modernc.org/sqlite and other Go dependencies.

Package Updates

[1.7.2]

• Update pocketbase to 0.30.2
• Full Changelog
• Bumped min Go GitHub action version to 1.24.8 since it comes with some minor security fixes

Package Updates

[1.8.0]

• Use requiresValidCertificate instead of email addon (required Cloudron 9)

Package Updates

[1.8.1]

• Update pocketbase to 0.30.3
• Full Changelog
• Fixed legacy identitity field priority check when a username is a valid email address (#​7256).
• Workaround autocomplete overflow issue with Firefox 144 (#​7223).
• Updated modernc.org/sqlite to 1.39.1 (SQLite 3.50.4).

Package Updates

[1.8.2]

• Update pocketbase to 0.30.4
• Full Changelog
• Fixed json field CSS regression introduced with the overflow workaround in v0.30.3 (#​7259).

Package Updates

[1.9.0]

• Update pocketbase to 0.31.0
• Full Changelog
• Visualize presentable multiple relation fields (#​7260).
• Support Ed25519 in the optional OIDC id_token signature validation (#​7252; thanks @​shynome).
• Added ApiScenario.DisableTestAppCleanup optional field to skip the auto test app cleanup and leave it up to the developers to do the cleanup manually (#​7267).
• Added FileDownloadRequestEvent.ThumbError field that is populated in case of a thumb generation failure (e.g. unsupported format, timing out, etc.), allowing developers to reject the thumb fallback and/or supply their own custom thumb generation (#​7268).
• Disallow client-side filtering and sorting of relations where the collection of the last targeted relation field has superusers-only List/Search API rule to further minimize the risk of eventual side-channel attack.

Package Updates

[1.10.0]

• Update pocketbase to 0.32.0
• Full Changelog
• Added extra List/Search API rules checks for the client-side filter/sort relations.
• Increased the default SQLite PRAGMA cache_size to ~32MB.
• Fixed deadlock when manually triggering the OnTerminate hook (#7305; thanks @yerTools).
• Fixed some code comment typos, regenerated the JSVM types and updated npm dependencies.
• Updated modernc.org/sqlite to 1.40.0.

Package Updates

[1.11.0]

• Update pocketbase to 0.33.0
• Full Changelog
• Added extra id characters validation in addition to the user specified regex pattern (#7312).
• Added {ALERT_INFO} placeholder to the auth alert mail template (#7314).

Package Updates

[1.12.0]

• Update pocketbase to 0.34.0
• Full Changelog
• Added @request.body.someField:changed modifier. It could be used when you want to ensure that a body field either wasn't submitted or was submitted with the same value. Or in other words, if you want to disallow a field change the below 2 expressions would be equivalent:
• Added MailerRecordEvent.Meta["info"] property for the OnMailerRecordAuthAlertSend hook.
• Updated the backup restore popup with a short info about the performed restore steps.
• Updated Go deps.