Skip to content

go-dep: bump github.com/pocketbase/pocketbase from 0.36.6 to 0.36.7 in /backend#1703

Merged
github-actions[bot] merged 1 commit intomasterfrom
dependabot/go_modules/backend/github.com/pocketbase/pocketbase-0.36.7
Mar 17, 2026
Merged

go-dep: bump github.com/pocketbase/pocketbase from 0.36.6 to 0.36.7 in /backend#1703
github-actions[bot] merged 1 commit intomasterfrom
dependabot/go_modules/backend/github.com/pocketbase/pocketbase-0.36.7

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 17, 2026

Bumps github.com/pocketbase/pocketbase from 0.36.6 to 0.36.7.

Release notes

Sourced from github.com/pocketbase/pocketbase's releases.

v0.36.7 Release

To update the prebuilt executable you can run ./pocketbase update.

  • Fixed high memory usage with large file uploads (#7572).

  • Updated the rate limiter reset rules to follow a more traditional fixed window strategy (aka. to be more close to how it is presented in the UI - allow max X user requests under Ys) since several users complained that the older algorithm was not intuitive and not suitable for large intervals. Approximated sliding window strategy was also suggested as a better compromise option to help minimize traffic spikes right after reset but the additional tracking could introduce some overhead and for now it is left aside until we have more tests.

  • Updated modernc.org/sqlite to v1.46.2 and SQLite 3.51.3. ⚠️ SQLite 3.51.3 fixed a database corruption bug that is very unlikely to happen (with PocketBase even more so because we queue on app level all writes and explicit transactions through a single db connection), but still it is advised to upgrade.

  • Updated other minor Go and npm deps. The min Go version in the go.mod of the package was also bumped to Go 1.25.0 because some of the newer deps require it.

v0.36.7-rc.1

[!CAUTION] This is a prerelease to validate a fix for high memory usage when uploading large files (#7572).

Changelog

Sourced from github.com/pocketbase/pocketbase's changelog.

v0.36.7

  • Fixed high memory usage with large file uploads (#7572).

  • Updated the rate limiter reset rules to follow a more traditional fixed window strategy (aka. to be more close to how it is presented in the UI - allow max X user requests under Ys) since several users complained that the older algorithm was not intuitive and not suitable for large intervals. Approximated sliding window strategy was also suggested as a better compromise option to help minimize traffic spikes right after reset but the additional tracking could introduce some overhead and for now it is left aside until we have more tests.

  • Updated modernc.org/sqlite to v1.46.2 and SQLite 3.51.3. ⚠️ SQLite 3.51.3 fixed a database corruption bug that is very unlikely to happen (with PocketBase even more so because we queue on app level all writes and explicit transactions through a single db connection), but still it is advised to upgrade.

  • Updated other minor Go and npm deps. The min Go version in the go.mod of the package was also bumped to Go 1.25.0 because some of the newer dep versions require it.

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
go-dep: bump github.com/pocketbase/pocketbase in /backend
1147df9 
Bumps [github.com/pocketbase/pocketbase](https://github.com/pocketbase/pocketbase) from 0.36.6 to 0.36.7.
- [Release notes](https://github.com/pocketbase/pocketbase/releases)
- [Changelog](https://github.com/pocketbase/pocketbase/blob/master/CHANGELOG.md)
- [Commits](pocketbase/pocketbase@v0.36.6...v0.36.7)

---
updated-dependencies:
- dependency-name: github.com/pocketbase/pocketbase
  dependency-version: 0.36.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Mar 17, 2026
@github-actions github-actions bot merged commit c5613a5 into master Mar 17, 2026
2 of 3 checks passed
@dependabot dependabot bot deleted the dependabot/go_modules/backend/github.com/pocketbase/pocketbase-0.36.7 branch March 17, 2026 09:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants