build(deps): bump github.com/pocketbase/pocketbase from 0.35.0 to 0.36.3

[dependabot]

Bumps github.com/pocketbase/pocketbase from 0.35.0 to 0.36.3.

Release notes

Sourced from github.com/pocketbase/pocketbase's releases.

v0.36.3 Release

To update the prebuilt executable you can run ./pocketbase update.

• Added Accept-Encoding: identity to the S3 requests per the suggestion in #7523. This should help fixing the 0-bytes file response when S3 API compression is enabled.

• Bumped min Go GitHub action version to 1.26.0 (it comes with minor GC performance improvements).

• Other minor fixes (updated modernc.org/sqlite to v1.45.0, updated goja_nodejs adding Buffer.concat, updated the arguments of app.DeleteTable(...), app.DeleteView(...) and other similar methods to make it more clear that they are dangerous and shouldn't be used with untrusted input, etc.).

v0.36.2 Release

To update the prebuilt executable you can run ./pocketbase update.

• Updated modernc.org/sqlite to v1.44.3 (race check fix), goja (circular references fix) and other go deps.

• Other minor fixes (updated tests to silence some of the race detector errors, updated FindFirstRecordByData with more clear error message when missing or invalid key is used, etc.).

v0.36.1 Release

To update the prebuilt executable you can run ./pocketbase update.

• Reverted the DISTINCT with GROUP BY replacement optimization from v0.36.0 as it was reported to negatively impact the indexes utilization for some queries and the minor performance boost that you may get when used on large records is not enough to justify the more common use (#7461). A better generic deduplication optimization for large records (aka. records with large text/json fields or many small ones) will be researched but there are no ETAs.

• Updated modernc.org/sqlite to v1.44.2 (SQLite 3.51.2).

• Fixed code comment typos.

v0.36.0 Release

To update the prebuilt executable you can run ./pocketbase update.

• List query and API rules optimizations:

  • Removed unnecessary correlated subquery expression when using back-relations via single relation field.
  • Replaced DISTINCT with GROUP BY id when rows deduplication is needed and when deemed safe. This should help with having a more stable and predictable performance even if the collection records are on the larger side.

  For some queries and data sets the above 2 optimizations have shown significant improvements but if you notice a performance degradation after upgrading, please open a Q&A discussion with export of your collections structure and the problematic request so that it can be analyzed.

• Added strftime(format, timevalue, modifiers...) date formatting filter and API rules function. It works similarly to the SQLite strftime builtin function with the main difference that NULL results will be normalized for consistency with the non-nullable PocketBase text and date fields. Multi-match expressions are also supported and works the same as if the collection field is referenced, for example:

  // requires ANY/AT-LEAST-ONE-OF multiRel records to have "created" date matching the formatted string "2026-01"
  strftime('%Y-%m', multiRel.created) ?= '2026-01'
  // requires ALL multiRel records to have "created" date matching the formatted string "2026-01"
  strftime('%Y-%m', multiRel.created) = '2026-01'

• ⚠️ Minor changes to the search.ResolverResult struct (mostly used internally):

  • Replaced NoCoalesce field with the more explicit NullFallback (NullFallbackDisabled is the same as NoCoalesce:true).

... (truncated)

Changelog

Sourced from github.com/pocketbase/pocketbase's changelog.

v0.36.3

• Added Accept-Encoding: identity to the S3 requests per the suggestion in #7523. This should help fixing the 0-bytes file response when S3 API compression is enabled.

• Bumped min Go GitHub action version to 1.26.0 (it comes with minor GC performance improvements).

• Other minor fixes (updated modernc.org/sqlite to v1.45.0, updated goja_nodejs adding Buffer.concat, updated the arguments of app.DeleteTable(...), app.DeleteView(...) and other similar methods to make it more clear that they are dangerous and shouldn't be used with untrusted input, etc.).

v0.36.2

• Updated modernc.org/sqlite to v1.44.3 (race check fix), goja (circular references fix) and other go deps.

• Other minor fixes (updated tests to silence some of the race detector errors, updated FindFirstRecordByData with more clear error message when missing or invalid key is used, etc.).

v0.36.1

• Reverted the DISTINCT with GROUP BY replacement optimization from v0.36.0 as it was reported to negatively impact the indexes utilization for some queries and the minor performance boost that you may get when used on large records is not enough to justify the more common use (#7461). A better generic deduplication optimization for large records (aka. records with large text/json fields or many small ones) will be researched but there are no ETAs.

• Updated modernc.org/sqlite to v1.44.2 (SQLite 3.51.2).

• Fixed code comment typos.

v0.36.0

• List query and API rules optimizations:

  • Removed unnecessary correlated subquery expression when using back-relations via single relation field.
  • Replaced DISTINCT with GROUP BY id when rows deduplication is needed and when deemed safe. This should help with having a more stable and predictable performance even if the collection records are on the larger side.

  For some queries and data sets the above 2 optimizations have shown significant improvements but if you notice a performance degradation after upgrading, please open a Q&A discussion with export of your collections structure and the problematic request so that it can be analyzed.

• Added strftime(format, timevalue, modifiers...) date formatting filter and API rules function. It works similarly to the SQLite strftime builtin function with the main difference that NULL results will be normalized for consistency with the non-nullable PocketBase text and date fields. Multi-match expressions are also supported and works the same as if the collection field is referenced, for example:

  // requires ANY/AT-LEAST-ONE-OF multiRel records to have "created" date matching the formatted string "2026-01"
  strftime('%Y-%m', multiRel.created) ?= '2026-01'
  // requires ALL multiRel records to have "created" date matching the formatted string "2026-01"
  strftime('%Y-%m', multiRel.created) = '2026-01'

... (truncated)

Commits

• 266b56e updated goja deps
• ac8a458 updated test status codes to 2xx due to go 1.26.0 stricter checks
• 1d72c84 bumped app version
• 97eb9b3 renamed arguments to make it more clear that they are dangeous
• 5b2cae8 #7523 added Accept-Encoding:identity to the S3 requests
• 5715e11 bumped go deps
• 90e9fa7 bumped app version
• d4101be updated go deps
• 6cec679 updated changelog
• 0e0b862 silenced race detector errors per #7484
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #998.