build(deps): bump github.com/pocketbase/pocketbase from 0.35.0 to 0.36.2

[dependabot]

Bumps github.com/pocketbase/pocketbase from 0.35.0 to 0.36.2.

Release notes

Sourced from github.com/pocketbase/pocketbase's releases.

v0.36.2 Release

To update the prebuilt executable you can run ./pocketbase update.

• Updated modernc.org/sqlite to v1.44.3 (race check fix), goja (circular references fix) and other go deps.

• Other minor fixes (updated tests to silence some of the race detector errors, updated FindFirstRecordByData with more clear error message when missing or invalid key is used, etc.).

v0.36.1 Release

To update the prebuilt executable you can run ./pocketbase update.

• Reverted the DISTINCT with GROUP BY replacement optimization from v0.36.0 as it was reported to negatively impact the indexes utilization for some queries and the minor performance boost that you may get when used on large records is not enough to justify the more common use (#7461). A better generic deduplication optimization for large records (aka. records with large text/json fields or many small ones) will be researched but there are no ETAs.

• Updated modernc.org/sqlite to v1.44.2 (SQLite 3.51.2).

• Fixed code comment typos.

v0.36.0 Release

To update the prebuilt executable you can run ./pocketbase update.

• List query and API rules optimizations:

  • Removed unnecessary correlated subquery expression when using back-relations via single relation field.
  • Replaced DISTINCT with GROUP BY id when rows deduplication is needed and when deemed safe. This should help with having a more stable and predictable performance even if the collection records are on the larger side.

  For some queries and data sets the above 2 optimizations have shown significant improvements but if you notice a performance degradation after upgrading, please open a Q&A discussion with export of your collections structure and the problematic request so that it can be analyzed.

• Added strftime(format, timevalue, modifiers...) date formatting filter and API rules function. It works similarly to the SQLite strftime builtin function with the main difference that NULL results will be normalized for consistency with the non-nullable PocketBase text and date fields. Multi-match expressions are also supported and works the same as if the collection field is referenced, for example:

  // requires ANY/AT-LEAST-ONE-OF multiRel records to have "created" date matching the formatted string "2026-01"
  strftime('%Y-%m', multiRel.created) ?= '2026-01'
  // requires ALL multiRel records to have "created" date matching the formatted string "2026-01"
  strftime('%Y-%m', multiRel.created) = '2026-01'

• ⚠️ Minor changes to the search.ResolverResult struct (mostly used internally):

  • Replaced NoCoalesce field with the more explicit NullFallback (NullFallbackDisabled is the same as NoCoalesce:true).
  • Replaced the expression interface of the MultiMatchSubQuery field with the concrete struct type search.MultiMatchSubquery to avoid excessive type assertions and allow direct mutations of the field.

• Updated modernc.org/sqlite to v1.44.1 (SQLite 3.51.1).

• Bumped min Go GitHub action version to 1.25.6 because it comes with some minor security fixes.

v0.36.0-rc.1

[!CAUTION] This is a prerelease for test purposes only!

... (truncated)

Changelog

Sourced from github.com/pocketbase/pocketbase's changelog.

v0.36.2

• Updated modernc.org/sqlite to v1.44.3 (race check fix), goja (circular references fix) and other go deps.

• Other minor fixes (updated tests to silence some of the race detector errors, updated FindFirstRecordByData with more clear error message when missing or invalid key is used, etc.).

v0.36.1

• Reverted the DISTINCT with GROUP BY replacement optimization from v0.36.0 as it was reported to negatively impact the indexes utilization for some queries and the minor performance boost that you may get when used on large records is not enough to justify the more common use (#7461). A better generic deduplication optimization for large records (aka. records with large text/json fields or many small ones) will be researched but there are no ETAs.

• Updated modernc.org/sqlite to v1.44.2 (SQLite 3.51.2).

• Fixed code comment typos.

v0.36.0

• List query and API rules optimizations:

  • Removed unnecessary correlated subquery expression when using back-relations via single relation field.
  • Replaced DISTINCT with GROUP BY id when rows deduplication is needed and when deemed safe. This should help with having a more stable and predictable performance even if the collection records are on the larger side.

  For some queries and data sets the above 2 optimizations have shown significant improvements but if you notice a performance degradation after upgrading, please open a Q&A discussion with export of your collections structure and the problematic request so that it can be analyzed.

• Added strftime(format, timevalue, modifiers...) date formatting filter and API rules function. It works similarly to the SQLite strftime builtin function with the main difference that NULL results will be normalized for consistency with the non-nullable PocketBase text and date fields. Multi-match expressions are also supported and works the same as if the collection field is referenced, for example:

  // requires ANY/AT-LEAST-ONE-OF multiRel records to have "created" date matching the formatted string "2026-01"
  strftime('%Y-%m', multiRel.created) ?= '2026-01'
  // requires ALL multiRel records to have "created" date matching the formatted string "2026-01"
  strftime('%Y-%m', multiRel.created) = '2026-01'

• ⚠️ Minor changes to the search.ResolverResult struct (mostly used internally):

  • Replaced NoCoalesce field with the more explicit NullFallback (NullFallbackDisabled is the same as NoCoalesce:true).
  • Replaced the expression interface of the MultiMatchSubQuery field with the concrete struct type search.MultiMatchSubquery to avoid excessive type assertions and allow direct mutations of the field.

• Updated modernc.org/sqlite to v1.44.1 (SQLite 3.51.1).

• Bumped min Go GitHub action version to 1.25.6 because it comes with some minor security fixes.

v0.35.1

... (truncated)

Commits

• 90e9fa7 bumped app version
• d4101be updated go deps
• 6cec679 updated changelog
• 0e0b862 silenced race detector errors per #7484
• b2bf261 updated changelog
• adc5c3c updated goja
• 4a1e3ae added extra collection field exist check to minimize misuse and have a more c...
• 55e2434 updated modernc.org/sqlite to v1.44.3
• 1708672 updated thumb style and title for non-previewable files
• 9b036fb updated modernc.org/sqlite to 1.44.2
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

• 🔍 Trigger a full review

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[dependabot]

Superseded by #976.