chore(deps): update module github.com/pocketbase/pocketbase to v0.25.4

[gabe565-renovate]

This PR contains the following updates:

Package	Type	Update	Change
github.com/pocketbase/pocketbase	require	minor	v0.24.4 -> v0.25.4

---

Release Notes

pocketbase/pocketbase (github.com/pocketbase/pocketbase)

v0.25.4

Compare Source

• Downgraded aws-sdk-go-v2 to the version before the default data integrity checks because there have been reports for non-AWS S3 providers in addition to Backblaze (IDrive, R2) that no longer or partially work with the latest AWS SDK changes.

  While we try to enforce when_required by default, it is not enough to disable the new AWS SDK integrity checks entirely and some providers will require additional manual adjustments to make them compatible with the latest AWS SDK (e.g. removing the x-aws-checksum-* headers, unsetting the checksums calculation or reinstantiating the old MD5 checksums for some of the required operations, etc.) which as a result leads to a configuration mess that I'm not sure it would be a good idea to introduce.

  This unfornuatelly is not a PocketBase or Go specific issue and the official AWS SDKs for other languages are in the same situation (even the latest aws-cli).

  For those of you that extend PocketBase with Go: if your S3 vendor doesn't support the AWS Data integrity checks and you are updating with go get -u, then make sure that the aws-sdk-go-v2 dependencies in your go.mod are the same as in the repo:

  // go.mod
  github.com/aws/aws-sdk-go-v2 v1.36.1
  github.com/aws/aws-sdk-go-v2/config v1.28.10
  github.com/aws/aws-sdk-go-v2/credentials v1.17.51
  github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.48
  github.com/aws/aws-sdk-go-v2/service/s3 v1.72.2
  
  // after that run
  go clean -modcache && go mod tidy
  

  The versions pinning is temporary until the non-AWS S3 vendors patch their implementation or until I manage to find time to remove/replace the aws-sdk-go-v2 dependency (I'll consider prioritizing it for the v0.26 or v0.27 release).

v0.25.3

Compare Source

• Added a temporary exception for Backblaze S3 endpoints to exclude the new aws-sdk-go-v2 checksum headers (#​6440).

v0.25.2

Compare Source

• Fixed realtime delete event not being fired for RecordProxy-ies and added basic realtime record resolve automated tests (#​6433).

v0.25.1

Compare Source

• Fixed the batch API Preview success sample response.

• Bumped GitHub action min Go version to 1.23.6 as it comes with a minor security fix for the ppc64le build.

v0.25.0

Compare Source

• ⚠️ Upgraded Google OAuth2 auth, token and userinfo endpoints to their latest versions.
  For users that don't do anything custom with the Google OAuth2 data or the OAuth2 auth URL, this should be a non-breaking change. The exceptions that I could find are:

  • /v3/userinfo auth response changes:
    meta.rawUser.id => meta.rawUser.sub
    meta.rawUser.verified_email => meta.rawUser.email_verified
  • /v2/auth query parameters changes:
    If you are specifying custom approval_prompt=force query parameter for the OAuth2 auth URL, you'll have to replace it with prompt=consent.

• Added Trakt OAuth2 provider (#​6338; thanks @​aidan-)

• Added support for case-insensitive password auth based on the related UNIQUE index field collation (#​6337).

• Enforced when_required for the new AWS SDK request and response checksum validations to allow other non-AWS vendors to catch up with new AWS SDK changes (see #​6313 and aws/aws-sdk-go-v2#2960).
  You can set the environment variables AWS_REQUEST_CHECKSUM_CALCULATION and AWS_RESPONSE_CHECKSUM_VALIDATION to when_supported if your S3 vendor supports the new default integrity protections.

• Soft-deprecated Record.GetUploadedFiles in favor of Record.GetUnsavedFiles to minimize the ambiguities what the method do (#​6269).

• Replaced archived github.com/AlecAivazis/survey dependency with a simpler osutils.YesNoPrompt(message, fallback) helper.

• Upgraded to golang-jwt/jwt/v5.

• Added JSVM new Timezone(name) binding for constructing time.Location value (#​6219).

• Added inflector.Camelize(str) and inflector.Singularize(str) helper methods.

• Use the non-transactional app instance during the realtime records delete access checks to ensure that cascade deleted records with API rules relying on the parent will be resolved.

• Other minor improvements (replaced all bool exists db scans with int for broader drivers compatibility, updated API Preview sample error responses, updated UI dependencies, etc.)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[gabe565-renovate]

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 29 additional dependencies were updated

Details:

Package	Change
github.com/spf13/pflag	v1.0.5 -> v1.0.6
github.com/aws/aws-sdk-go-v2	v1.32.8 -> v1.36.1
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream	v1.6.7 -> v1.6.8
github.com/aws/aws-sdk-go-v2/feature/ec2/imds	v1.16.23 -> v1.16.28
github.com/aws/aws-sdk-go-v2/internal/configsources	v1.3.27 -> v1.3.32
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2	v2.6.27 -> v2.6.32
github.com/aws/aws-sdk-go-v2/internal/ini	v1.8.1 -> v1.8.2
github.com/aws/aws-sdk-go-v2/internal/v4a	v1.3.27 -> v1.3.32
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding	v1.12.1 -> v1.12.2
github.com/aws/aws-sdk-go-v2/service/internal/checksum	v1.4.8 -> v1.6.0
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url	v1.12.8 -> v1.12.13
github.com/aws/aws-sdk-go-v2/service/internal/s3shared	v1.18.8 -> v1.18.13
github.com/aws/aws-sdk-go-v2/service/sso	v1.24.9 -> v1.24.15
github.com/aws/aws-sdk-go-v2/service/ssooidc	v1.28.8 -> v1.28.14
github.com/aws/aws-sdk-go-v2/service/sts	v1.33.6 -> v1.33.14
github.com/aws/smithy-go	v1.22.1 -> v1.22.2
golang.org/x/crypto	v0.32.0 -> v0.33.0
golang.org/x/image	v0.23.0 -> v0.24.0
golang.org/x/net	v0.34.0 -> v0.35.0
golang.org/x/oauth2	v0.25.0 -> v0.26.0
golang.org/x/sync	v0.10.0 -> v0.11.0
golang.org/x/sys	v0.29.0 -> v0.30.0
golang.org/x/text	v0.21.0 -> v0.22.0
google.golang.org/api	v0.216.0 -> v0.220.0
google.golang.org/genproto/googleapis/rpc	v0.0.0-20250106144421-5f5ef82da422 -> v0.0.0-20250207221924-e9438ea467c6
google.golang.org/grpc	v1.69.2 -> v1.70.0
google.golang.org/protobuf	v1.36.2 -> v1.36.5
modernc.org/memory	v1.8.1 -> v1.8.2
modernc.org/sqlite	v1.34.4 -> v1.34.5

[cloudflare-workers-and-pages]

Deploying gabecook with    Cloudflare Pages

Latest commit:	a63822b
Status:	✅  Deploy successful!
Preview URL:	https://17ca3c39.gabecook.pages.dev
Branch Preview URL:	https://renovate-github-com-pocketba.gabecook.pages.dev

View logs

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud