build(deps): bump github.com/pocketbase/pocketbase from 0.35.0 to 0.36.7

[dependabot]

Bumps github.com/pocketbase/pocketbase from 0.35.0 to 0.36.7.

Release notes

Sourced from github.com/pocketbase/pocketbase's releases.

v0.36.7 Release

To update the prebuilt executable you can run ./pocketbase update.

• Fixed high memory usage with large file uploads (#7572).

• Updated the rate limiter reset rules to follow a more traditional fixed window strategy (aka. to be more close to how it is presented in the UI - allow max X user requests under Ys) since several users complained that the older algorithm was not intuitive and not suitable for large intervals. Approximated sliding window strategy was also suggested as a better compromise option to help minimize traffic spikes right after reset but the additional tracking could introduce some overhead and for now it is left aside until we have more tests.

• Updated modernc.org/sqlite to v1.46.2 and SQLite 3.51.3. ⚠️ SQLite 3.51.3 fixed a database corruption bug that is very unlikely to happen (with PocketBase even more so because we queue on app level all writes and explicit transactions through a single db connection), but still it is advised to upgrade.

• Updated other minor Go and npm deps. The min Go version in the go.mod of the package was also bumped to Go 1.25.0 because some of the newer deps require it.

v0.36.7-rc.1

[!CAUTION] This is a prerelease to validate a fix for high memory usage when uploading large files (#7572).

v0.36.6 Release

To update the prebuilt executable you can run ./pocketbase update.

• Set NumberField.OnlyInt:true for the generated View collection schema fields when a view column expression is known to return int-only values (#7538).

• Documented the unmarshal JSVM helper (#7543).

• Added extra read check after the Store.GetOrSet write lock to prevent races overwriting an already existing value.

• Added empty records check for the additional client-side filter's ListRule constraint that was introduced in v0.32.0 (presentator#206).

• Set a fixed routine.FireAndForget() debug stack trace limit to 2KB.

• Bumped min Go GitHub action version to 1.26.1 because it comes with some minor bug and security fixes.

• Typos and other minor doc fixes.

v0.36.5 Release

To update the prebuilt executable you can run ./pocketbase update.

• Disabled collection and fields name normalization while in IME mode (#7532; thanks @​miaopan607).

• Updated modernc.org/sqlite to v1.46.1 (resets connection state on Tx.Commit failure).

v0.36.4 Release

To update the prebuilt executable you can run ./pocketbase update.

• Made the optional Bearer token prefix case-insensitive (#7525; thanks @​benjamesfleming).

• Enabled $filesystem.s3(...) and $filesystem.local(...) JSVM bindings (#7526).

v0.36.3 Release

... (truncated)

Changelog

Sourced from github.com/pocketbase/pocketbase's changelog.

v0.36.7

• Fixed high memory usage with large file uploads (#7572).

• Updated the rate limiter reset rules to follow a more traditional fixed window strategy (aka. to be more close to how it is presented in the UI - allow max X user requests under Ys) since several users complained that the older algorithm was not intuitive and not suitable for large intervals. Approximated sliding window strategy was also suggested as a better compromise option to help minimize traffic spikes right after reset but the additional tracking could introduce some overhead and for now it is left aside until we have more tests.

• Updated modernc.org/sqlite to v1.46.2 and SQLite 3.51.3. ⚠️ SQLite 3.51.3 fixed a database corruption bug that is very unlikely to happen (with PocketBase even more so because we queue on app level all writes and explicit transactions through a single db connection), but still it is advised to upgrade.

• Updated other minor Go and npm deps. The min Go version in the go.mod of the package was also bumped to Go 1.25.0 because some of the newer dep versions require it.

v0.36.6

• Set NumberField.OnlyInt:true for the generated View collection schema fields when a view column expression is known to return int-only values (#7538).

• Documented the unmarshal JSVM helper (#7543).

• Added extra read check after the Store.GetOrSet write lock to prevent races overwriting an already existing value.

• Added empty records check for the additional client-side filter's ListRule constraint that was introduced in v0.32.0 (presentator#206).

• Set a fixed routine.FireAndForget() debug stack trace limit to 2KB.

• Bumped min Go GitHub action version to 1.26.1 because it comes with some minor bug and security fixes.

• Typos and other minor doc fixes.

v0.36.5

• Disabled collection and fields name normalization while in IME mode (#7532; thanks @​miaopan607).

• Updated modernc.org/sqlite to v1.46.1 (resets connection state on Tx.Commit failure).

v0.36.4

• Made the optional Bearer token prefix case-insensitive (#7525; thanks @​benjamesfleming).

• Enabled $filesystem.s3(...) and $filesystem.local(...) JSVM bindings (#7526).

v0.36.3

• Added Accept-Encoding: identity to the S3 requests per the suggestion in #7523. This should help fixing the 0-bytes file response when S3 API compression is enabled.

... (truncated)

Commits

• e3d2608 updated backport changelog
• 650a425 updated changelog
• de70af2 updated npm deps and ui/dist
• ba7ed78 updated modernc.org/sqlite to 1.46.2 (SQLite 3.51.3)
• cea149c updated jsvm types
• 70d8d1e replace the custom ratelimiter strategy with a fixed window
• 29c2e20 updated ui/dist
• ef46595 fixed comment typo
• ba8b51a #7575 use memory+file buffer when rereading the request body (fix #7572)
• 93e3eb3 regenerated jsvm types
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #1059.