fix(deps): update dependency pocketbase to ^0.26.0

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
pocketbase	^0.14.0 → ^0.26.0

---

Release Notes

pocketbase/js-sdk (pocketbase)

v0.26.8

Compare Source

• Properly reject the authWithOAuth2() Promise when manually calling pb.cancelRequest(requestKey) (previously the manual cancellation didn't account for the waiting realtime subscription).

v0.26.7

Compare Source

• Normalized pb.files.getURL() to serialize the URL query params in the same manner as in the fetch methods (e.g. passing null or undefined as query param value will be skipped from the generated URL).

v0.26.6

Compare Source

• Fixed abort request error detection on React Native Android/iOS (#​361; thanks @​nathanstitt).

• Updated the default getFullList() batch size to 1000 for consistency with the Dart SDK and the v0.23+ API limits.

v0.26.5

Compare Source

• Fixed abort request error detection on Safari introduced with the previous release because it seems to throw DOMException.SyntaxError on response.json() failure (#pocketbase/pocketbase#7369).

v0.26.4

Compare Source

• Catch aborted request error during response.json() failure (e.g. in case of tcp connection reset) and rethrow it as normalized ClientResponseError.isAbort=true error.

v0.26.3

Compare Source

• Fixed outdated OAuth2Provider TS fields (pocketbase/site#110).

v0.26.2

Compare Source

• Allow body object without constructor (#​352).

v0.26.1

Compare Source

• Set the cause property of ClientResponseError to the original thrown error/data for easier debugging (#​349; thanks @​shish).

v0.26.0

Compare Source

• Ignore undefined properties when submitting an object that has Blob/File fields (which is under the hood converted to FormData)
  for consistency with how JSON.stringify works (see pocketbase#6731).

v0.25.2

Compare Source

• Removed unnecessary checks in serializeQueryParams and added automated tests.

v0.25.1

Compare Source

• Ignore query parameters with undefined value (#​330).

v0.25.0

Compare Source

• Added pb.crons service to interact with the cron Web APIs.

v0.24.0

Compare Source

• Added support for assigning FormData as body to individual batch requests (pocketbase#6145).

v0.23.0

Compare Source

• Added optional pb.realtime.onDisconnect hook function.
  Note that the realtime client autoreconnect on its own and this hook is useful only for the cases where you want to apply a special behavior on server error or after closing the realtime connection.

v0.22.1

Compare Source

• Fixed old pb.authStore.isAdmin/pb.authStore.isAuthRecord and marked them as deprecated in favour of pb.authStore.isSuperuser (#​323).
  Note that with PocketBase v0.23.0 superusers are converted to a system auth collection so you can always simply check the value of pb.authStore.record?.collectionName.

v0.22.0

Compare Source

⚠️ This release introduces some breaking changes and works only with PocketBase v0.23.0+.

• Added support for sending batch/transactional create/updated/delete/upsert requests with the new batch Web APIs.

  const batch = pb.createBatch();
  
  batch.collection("example1").create({ ... });
  batch.collection("example2").update("RECORD_ID", { ... });
  batch.collection("example3").delete("RECORD_ID");
  batch.collection("example4").upsert({ ... });
  
  const result = await batch.send();

• Added support for authenticating with OTP (email code):

  const result = await pb.collection("users").requestOTP("test@example.com");
  
  // ... show a modal for users to check their email and to enter the received code ...
  
  await pb.collection("users").authWithOTP(result.otpId, "EMAIL_CODE");

  Note that PocketBase v0.23.0 comes also with Multi-factor authentication (MFA) support.
  When enabled from the dashboard, the first auth attempt will result in 401 response and a mfaId response,
  that will have to be submitted with the second auth request. For example:

  try {
    await pb.collection("users").authWithPassword("test@example.com", "1234567890");
  } catch (err) {
    const mfaId = err.response?.mfaId;
    if (!mfaId) {
      throw err; // not mfa -> rethrow
    }
  
    // the user needs to authenticate again with another auth method, for example OTP
    const result = await pb.collection("users").requestOTP("test@example.com");
    // ... show a modal for users to check their email and to enter the received code ...
    await pb.collection("users").authWithOTP(result.otpId, "EMAIL_CODE", { "mfaId": mfaId });
  }

• Added new pb.collection("users").impersonate("RECORD_ID") method for superusers.
  It authenticates with the specified record id and returns a new client with the impersonated auth state loaded in a memory store.

  // authenticate as superusers (with v0.23.0 admins is converted to a special system auth collection "_superusers"):
  await pb.collection("_superusers").authWithPassword("test@example.com", "1234567890");
  
  // impersonate
  const impersonateClient = pb.collection("users").impersonate("USER_RECORD_ID", 3600 /* optional token duration in seconds */)
  
  // log the impersonate token and user data
  console.log(impersonateClient.authStore.token);
  console.log(impersonateClient.authStore.record);
  
  // send requests as the impersonated user
  impersonateClient.collection("example").getFullList();

• Added new pb.collections.getScaffolds() method to retrieve a type indexed map with the collection models (base, auth, view) loaded with their defaults.

• Added new pb.collections.truncate(idOrName) to delete all records associated with the specified collection.

• Added the submitted fetch options as 3rd last argument in the pb.afterSend hook.

• Instead of replacing the entire pb.authStore.record, on auth record update we now only replace the available returned response record data (pocketbase#5638).

• ⚠️ Admins are converted to _superusers auth collection and there is no longer AdminService and AdminModel types.
  pb.admins is soft-deprecated and aliased to pb.collection("_superusers").

  // before   ->  after
  pb.admins.* ->  pb.collection("_superusers").*

• ⚠️ pb.authStore.model is soft-deprecated and superseded by pb.authStore.record.

• ⚠️ Soft-deprecated the OAuth2 success auth meta.avatarUrl response field in favour of meta.avatarURL for consistency with the Go conventions.

• ⚠️ Changed AuthMethodsList inerface fields to accomodate the new auth methods and listAuthMethods() response.

  {
    "mfa": {
      "duration": 100,
      "enabled": true
    },
    "otp": {
      "duration": 0,
      "enabled": false
    },
    "password": {
      "enabled": true,
      "identityFields": ["email", "username"]
    },
    "oauth2": {
      "enabled": true,
      "providers": [{"name": "gitlab", ...}, {"name": "google", ...}]
    }
  }
  

• ⚠️ Require specifying collection id or name when sending test email because the email templates can be changed per collection.

  // old
  pb.settings.testEmail(email, "verification")
  
  // new
  pb.settings.testEmail("users", email, "verification")

• ⚠️ Soft-deprecated and aliased *Url() -> *URL() methods for consistency with other similar native JS APIs and the accepted Go conventions.
  The old methods still works but you may get a console warning to replace them because they will be removed in the future.

  pb.baseUrl                  -> pb.baseURL
  pb.buildUrl()               -> pb.buildURL()
  pb.files.getUrl()           -> pb.files.getURL()
  pb.backups.getDownloadUrl() -> pb.backups.getDownloadURL()

• ⚠️ Renamed CollectionModel.schema to CollectionModel.fields.

• ⚠️ Renamed type SchemaField to CollectionField.

v0.21.5

Compare Source

• Shallow copy the realtime subscribe options argument for consistency with the other methods (#​308).

v0.21.4

Compare Source

• Fixed the requestKey handling in authWithOAuth2({...}) to allow manually cancelling the entire OAuth2 pending request flow using pb.cancelRequest(requestKey).
  Due to the window.close caveats note that the OAuth2 popup window may still remain open depending on which stage of the OAuth2 flow the cancellation has been invoked.

v0.21.3

Compare Source

• Enforce temporary the atob polyfill for ReactNative until Expo 51+ and React Native v0.74+ atob fix get released.

v0.21.2

Compare Source

• Exported HealthService types (#​289).

v0.21.1

Compare Source

• Manually update the verified state of the current matching AuthStore model on successful "confirm-verification" call.

• Manually clear the current matching AuthStore on "confirm-email-change" call because previous tokens are always invalidated.

• Updated the fetch mock tests to check also the sent body params.

• Formatted the source and tests with prettier.

v0.21.0

Compare Source

⚠️ This release works only with PocketBase v0.21.0+ due to changes of how the multipart/form-data body is handled.

• Properly sent json body with multipart/form-data requests.
  This should fix the edge cases mentioned in the v0.20.3 release.

• Gracefully handle OAuth2 redirect error with the authWithOAuth2() call.

v0.20.3

Compare Source

• Partial and temporary workaround for the auto application/json -> multipart/form-data request serialization of a json field when a Blob/File is found in the request body (#​274).

  The "fix" is partial because there are still 2 edge cases that are not handled - when a json field value is empty array (eg. []) or array of strings (eg. ["a","b"]).
  The reason for this is because the SDK doesn't have information about the field types and doesn't know which field is a json or an arrayable select, file or relation, so it can't serialize it properly on its own as FormData string value.

  If you are having troubles with persisting json values as part of a multipart/form-data request the easiest fix for now is to manually stringify the json field value:

  await pb.collection("example").create({
    // having a Blob/File as object value will convert the request to multipart/form-data
    "someFileField": new Blob([123]),
    "someJsonField": JSON.stringify(["a","b","c"]),
  })

  A proper fix for this will be implemented with PocketBase v0.21.0 where we'll have support for a special @jsonPayload multipart body key, which will allow us to submit mixed multipart/form-data content (kindof similar to the multipart/mixed MIME).

v0.20.2

Compare Source

• Throw 404 error for getOne("") when invoked with empty id (#​271).

• Added @throw {ClientResponseError} jsdoc annotation to the regular request methods (#​262).

v0.20.1

Compare Source

• Propagate the PB_CONNECT event to allow listening to the realtime connect/reconnect events.

  pb.realtime.subscribe("PB_CONNECT", (e) => {
    console.log(e.clientId);
  })

v0.20.0

Compare Source

• Added expand, filter, fields, custom query and headers parameters support for the realtime subscriptions.

  pb.collection("example").subscribe("*", (e) => {
    ...
  }, { filter: "someField > 10" });

  This works only with PocketBase v0.20.0+.

• Changes to the logs service methods in relation to the logs generalization in PocketBase v0.20.0+:

  pb.logs.getRequestsList(...)  -> pb.logs.getList(...)
  pb.logs.getRequest(...)       -> pb.logs.getOne(...)
  pb.logs.getRequestsStats(...) -> pb.logs.getStats(...)

• Added missing SchemaField.presentable field.

• Added new AuthProviderInfo.displayName string field.

• Added new AuthMethodsList.onlyVerified bool field.

v0.19.0

Compare Source

• Added pb.filter(rawExpr, params?) helper to construct a filter string with placeholder parameters populated from an object.

  const record = await pb.collection("example").getList(1, 20, {
    // the same as: "title ~ 'te\\'st' && (totalA = 123 || totalB = 123)"
    filter: pb.filter("title ~ {:title} && (totalA = {:num} || totalB = {:num})", { title: "te'st", num: 123 })
  })

  The supported placeholder parameter values are:

  • string (single quotes will be autoescaped)
  • number
  • boolean
  • Date object (will be stringified into the format expected by PocketBase)
  • null
  • anything else is converted to a string using JSON.stringify()

v0.18.3

Compare Source

• Added optional generic support for the RecordService (#​251).
  This should allow specifying a single TypeScript definition for the client, eg. using type assertion:

  interface Task {
    id:   string;
    name: string;
  }
  
  interface Post {
    id:     string;
    title:  string;
    active: boolean;
  }
  
  interface TypedPocketBase extends PocketBase {
    collection(idOrName: string): RecordService // default fallback for any other collection
    collection(idOrName: 'tasks'): RecordService<Task>
    collection(idOrName: 'posts'): RecordService<Post>
  }
  
  ...
  
  const pb = new PocketBase("http://127.0.0.1:8090") as TypedPocketBase;
  
  // the same as pb.collection('tasks').getOne<Task>("RECORD_ID")
  await pb.collection('tasks').getOne("RECORD_ID") // -> results in Task
  
  // the same as pb.collection('posts').getOne<Post>("RECORD_ID")
  await pb.collection('posts').getOne("RECORD_ID") // -> results in Post

v0.18.2

Compare Source

• Added support for assigning a Promise as AsyncAuthStore initial value (#​249).

v0.18.1

Compare Source

• Fixed realtime subscriptions auto cancellation to use the proper requestKey param.

v0.18.0

Compare Source

• Added pb.backups.upload(data) action (available with PocketBase v0.18.0).

• Added experimental autoRefreshThreshold option to auto refresh (or reauthenticate) the AuthStore when authenticated as admin.
  This could be used as an alternative to fixed Admin API keys.

  await pb.admins.authWithPassword("test@example.com", "1234567890", {
    // This will trigger auto refresh or auto reauthentication in case
    // the token has expired or is going to expire in the next 30 minutes.
    autoRefreshThreshold: 30 * 60
  })

v0.17.3

Compare Source

• Loosen the type check when calling pb.files.getUrl(user, filename) to allow passing the pb.authStore.model without type assertion.

v0.17.2

Compare Source

• Fixed mulitple File/Blob array values not transformed properly to their FormData equivalent when an object syntax is used.

v0.17.1

Compare Source

• Fixed typo in the deprecation console.warn messages (#​235; thanks @​heloineto).

v0.17.0

Compare Source

• To simplify file uploads, we now allow sending the multipart/form-data request body also as plain object if at least one of the object props has File or Blob value.

  // the standard way to create multipart/form-data body
  const data = new FormData();
  data.set("title", "lorem ipsum...")
  data.set("document", new File(...))
  
  // this is the same as above
  // (it will be converted behind the scenes to FormData)
  const data = {
    "title":    "lorem ipsum...",
    "document": new File(...),
  };
  
  await pb.collection("example").create(data);

• Added new pb.authStore.isAdmin and pb.authStore.isAuthRecord helpers to check the type of the current auth state.

• The default LocalAuthStore now listen to the browser storage event,
  so that we can sync automatically the pb.authStore state between multiple tabs.

• Added new helper AsyncAuthStore class that can be used to integrate with any 3rd party async storage implementation (usually this is needed when working with React Native):

  import AsyncStorage from "@​react-native-async-storage/async-storage";
  import PocketBase, { AsyncAuthStore } from "pocketbase";
  
  const store = new AsyncAuthStore({
      save:    async (serialized) => AsyncStorage.setItem("pb_auth", serialized),
      initial: AsyncStorage.getItem("pb_auth"),
  });
  
  const pb = new PocketBase("https://example.com", store)

• pb.files.getUrl() now returns empty string in case an empty filename is passed.

• ⚠️ All API actions now return plain object (POJO) as response, aka. the custom class wrapping was removed and you no longer need to manually call structuredClone(response) when using with SSR frameworks.

  This could be a breaking change if you use the below classes (and respectively their helper methods like $isNew, $load(), etc.) since they were replaced with plain TS interfaces:

  class BaseModel    -> interface BaseModel
  class Admin        -> interface AdminModel
  class Record       -> interface RecordModel
  class LogRequest   -> interface LogRequestModel
  class ExternalAuth -> interface ExternalAuthModel
  class Collection   -> interface CollectionModel
  class SchemaField  -> interface SchemaField
  class ListResult   -> interface ListResult

  Side-note: If you use somewhere in your code the Record and Admin classes to determine the type of your pb.authStore.model,
  you can safely replace it with the new pb.authStore.isAdmin and pb.authStore.isAuthRecord getters.

• ⚠️ Added support for per-request fetch options, including also specifying completely custom fetch implementation.

  In addition to the default fetch options, the following configurable fields are supported:

  interface SendOptions extends RequestInit {
      // any other custom key will be merged with the query parameters
      // for backward compatibility and to minimize the verbosity
      [key: string]: any;
  
      // optional custom fetch function to use for sending the request
      fetch?: (url: RequestInfo | URL, config?: RequestInit) => Promise<Response>;
  
      // custom headers to send with the requests
      headers?: { [key: string]: string };
  
      // the body of the request (serialized automatically for json requests)
      body?: any;
  
      // query params that will be appended to the request url
      query?: { [key: string]: any };
  
      // the request identifier that can be used to cancel pending requests
      requestKey?:  string|null;
  
      // @&#8203;deprecated use `requestKey:string` instead
      $cancelKey?:  string;
  
      // @&#8203;deprecated use `requestKey:null` instead
      $autoCancel?: boolean;
  }

  For most users the above will not be a breaking change since there are available function overloads (when possible) to preserve the old behavior, but you can get a warning message in the console to update to the new format.
  For example:

  // OLD (should still work but with a warning in the console)
  await pb.collection("example").authRefresh({}, {
    "expand": "someRelField",
  })
  
  // NEW
  await pb.collection("example").authRefresh({
    "expand": "someRelField",
    // send some additional header
    "headers": {
      "X-Custom-Header": "123",
    },
    "cache": "no-store" // also usually used by frameworks like Next.js
  })

• Eagerly open the default OAuth2 signin popup in case no custom urlCallback is provided as a workaround for Safari.

• Internal refactoring (updated dev dependencies, refactored the tests to use Vitest instead of Mocha, etc.).

v0.16.0

Compare Source

• Added skipTotal=1 query parameter by default for the getFirstListItem() and getFullList() requests.
  Note that this have performance boost only with PocketBase v0.17+.

• Added optional download=1 query parameter to force file urls with Content-Disposition: attachment (supported with PocketBase v0.17+).

v0.15.3

Compare Source

• Automatically resolve pending realtime connect Promises in case unsubscribe is called before
  subscribe is being able to complete (pocketbase#2897).

v0.15.2

Compare Source

• Replaced new URL(...) with manual url parsing as it is not fully supported in React Native (pocketbase#2484).

• Fixed nested ClientResponseError.originalError wrapping and added ClientResponseError constructor tests.

v0.15.1

Compare Source

• Cancel any pending subscriptions submit requests on realtime disconnect (#​204).

v0.15.0

Compare Source

• Added fields to the optional query parameters for limiting the returned API fields (available with PocketBase v0.16.0).

• Added pb.backups service for the new PocketBase backup and restore APIs (available with PocketBase v0.16.0).

• Updated pb.settings.testS3(filesystem) to allow specifying a filesystem to test - storage or backups (available with PocketBase v0.16.0).

v0.14.4

Compare Source

• Removed the legacy aliased BaseModel.isNew getter since it conflicts with similarly named record fields (pocketbase#2385).
  This helper is mainly used in the Admin UI, but if you are also using it in your code you can replace it with the $ prefixed version, aka. BaseModel.$isNew.

v0.14.3

Compare Source

• Added OAuth2AuthConfig.query prop to send optional query parameters with the authWithOAuth2(config) call.

v0.14.2

Compare Source

• Use location.origin + location.pathname instead of full location.href when constructing the browser absolute url to ignore any extra hash or query parameter passed to the base url.
  This is a small addition to the earlier change from v0.14.1.

v0.14.1

Compare Source

• Use an absolute url when the SDK is initialized with a relative base path in a browser env to ensure that the generated OAuth2 redirect and file urls are absolute.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.