[Snyk] Upgrade pocketbase from 0.20.3 to 0.21.0 #3

Closed

tygrdev wants to merge 1 commit from snyk-upgrade-4e2fc3b249ac310c428b2bf5c40bf0d0 into stable

tygrdev commented

2024-02-14 18:14:28 +01:00

Owner

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade pocketbase from 0.20.3 to 0.21.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 1 version ahead of your current version.
The recommended version was released 21 days ago, on 2024-01-24.

Release notes

Package name: pocketbase

0.21.0 - 2024-01-24
⚠️ This release works only with PocketBase v0.21.0+ due to changes of how the multipart/form-data body is handled.
- Properly sent json body with multipart/form-data requests.
  This should fix the edge cases mentioned in the v0.20.3 release.
- Gracefully handle OAuth2 redirect error with the authWithOAuth2() call.
0.20.3 - 2024-01-14
- Partial and temporary workaround for the auto application/json -> multipart/form-data request serialization of a json field when a Blob/File is found in the request body (#274).
  
  The "fix" is partial because there are still 2 edge cases that are not handled - when a json field value is empty array (eg. []) or array of strings (eg. ["a","b"]).
  The reason for this is because the SDK doesn't have information about the field types and doesn't know which field is a json or an arrayable select, file or relation, so it can't serialize it properly on its own as FormData string value.
  
  If you are having troubles with persisting json values as part of a multipart/form-data request the easiest fix for now is to manually stringify the json field value:
```
await pb.collection("example").create({
  // having a Blob/File as object value will convert the request to multipart/form-data
  "someFileField": new Blob([123]),
  "someJsonField": JSON.stringify(["a","b","c"]),
})
```
  A proper fix for this will be implemented with PocketBase v0.21.0 where we'll have support for a special @ jsonPayload multipart body key, which will allow us to submit mixed multipart/form-data content (kindof similar to the multipart/mixed MIME).

from pocketbase GitHub release notes

Commit messages

Package name: pocketbase

2fb8de9 bumped package version
9f25a9f use PocketBase v0.21 jsonPayload multipart/form-data field when sending mixed body
fd15854 gracefully handle oauth2 redirect error
a92bfc2 [#276] fixed README typo
efb5b67 updated changelog

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

This PR was automatically created by Snyk using the credentials of a real user. <h3>Snyk has created this PR to upgrade pocketbase from 0.20.3 to 0.21.0.</h3> :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/> - The recommended version is **1 version** ahead of your current version. - The recommended version was released **21 days ago**, on 2024-01-24. <details> <summary>Release notes</summary> <details> <summary>Package name: pocketbase</summary> <ul> <li> 0.21.0 - <a href="https://snyk.io/redirect/github/pocketbase/js-sdk/releases/tag/v0.21.0">2024-01-24</a><g-emoji class="g-emoji" alias="warning">⚠️</g-emoji> This release works only with PocketBase v0.21.0+ due to changes of how the <code>multipart/form-data</code> body is handled. <ul> <li> Properly sent json body with <code>multipart/form-data</code> requests. This should fix the edge cases mentioned in the v0.20.3 release. </li> <li> Gracefully handle OAuth2 redirect error with the <code>authWithOAuth2()</code> call. </li> </ul> </li> <li> 0.20.3 - <a href="https://snyk.io/redirect/github/pocketbase/js-sdk/releases/tag/v0.20.3">2024-01-14</a><ul> <li> Partial and temporary workaround for the auto <code>application/json</code> -> <code>multipart/form-data</code> request serialization of a <code>json</code> field when a <code>Blob</code>/<code>File</code> is found in the request body (<a href="https://snyk.io/redirect/github/pocketbase/js-sdk/issues/274" data-hovercard-type="issue" data-hovercard-url="/pocketbase/js-sdk/issues/274/hovercard">#274</a>). The "fix" is partial because there are still 2 edge cases that are not handled - when a <code>json</code> field value is empty array (eg. <code>[]</code>) or array of strings (eg. <code>["a","b"]</code>). The reason for this is because the SDK doesn't have information about the field types and doesn't know which field is a <code>json</code> or an arrayable <code>select</code>, <code>file</code> or <code>relation</code>, so it can't serialize it properly on its own as <code>FormData</code> string value. If you are having troubles with persisting <code>json</code> values as part of a <code>multipart/form-data</code> request the easiest fix for now is to manually stringify the <code>json</code> field value: <div class="highlight highlight-source-js notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="await pb.collection("example").create({ // having a Blob/File as object value will convert the request to multipart/form-data "someFileField": new Blob([123]), "someJsonField": JSON.stringify(["a","b","c"]), })"><pre>await pb.collection("example").create({ // having a Blob/File as object value will convert the request to multipart/form-data "someFileField": new Blob([123]), "someJsonField": JSON.stringify(["a","b","c"]), })</pre></div> A proper fix for this will be implemented with PocketBase v0.21.0 where we'll have support for a special <code>@ jsonPayload</code> multipart body key, which will allow us to submit mixed <code>multipart/form-data</code> content (kindof similar to the <code>multipart/mixed</code> MIME). </li> </ul> </li> </ul> from <a href="https://snyk.io/redirect/github/pocketbase/js-sdk/releases">pocketbase GitHub release notes</a> </details> </details> <details> <summary>Commit messages</summary> <details> <summary>Package name: pocketbase</summary> <ul> <li><a href="https://snyk.io/redirect/github/pocketbase/js-sdk/commit/2fb8de9d774c54b51bb2c4c0c6bd88ea4ebdbaa8">2fb8de9</a> bumped package version</li> <li><a href="https://snyk.io/redirect/github/pocketbase/js-sdk/commit/9f25a9f11625bf876ae9fff26aac946d05c6b14d">9f25a9f</a> use PocketBase v0.21 jsonPayload multipart/form-data field when sending mixed body</li> <li><a href="https://snyk.io/redirect/github/pocketbase/js-sdk/commit/fd1585411dd3f5c7a4ffecef70b8b39c4e09ed65">fd15854</a> gracefully handle oauth2 redirect error</li> <li><a href="https://snyk.io/redirect/github/pocketbase/js-sdk/commit/a92bfc28a57cffdbde45eee3f6312bb8e16b3428">a92bfc2</a> [#276] fixed README typo</li> <li><a href="https://snyk.io/redirect/github/pocketbase/js-sdk/commit/efb5b67a67347c529f51d9ac8a614e4210ac9868">efb5b67</a> updated changelog</li> </ul> <a href="https://snyk.io/redirect/github/pocketbase/js-sdk/compare/c66f9b894b679f097bf4dfe67a93a030f7fc3df7...2fb8de9d774c54b51bb2c4c0c6bd88ea4ebdbaa8">Compare</a> </details> </details> <hr/> **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.* For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiIxODBhZjcyZi0xYjY1LTRkZWEtOTcxMi00OWVlN2RkZDA5YjQiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjE4MGFmNzJmLTFiNjUtNGRlYS05NzEyLTQ5ZWU3ZGRkMDliNCJ9fQ==" width="0" height="0"/> 🧐 [View latest project report](https://app.snyk.io/org/tygerxqt/project/98af46aa-65a7-4fae-8b77-14e89d1f482d?utm_source=github&utm_medium=referral&page=upgrade-pr) 🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/tygerxqt/project/98af46aa-65a7-4fae-8b77-14e89d1f482d/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr) 🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/tygerxqt/project/98af46aa-65a7-4fae-8b77-14e89d1f482d/settings/integration?pkg=pocketbase&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)

vercel[bot] commented

2024-02-14 18:14:29 +01:00

(Migrated from github.com)

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
katarogu	❌ Failed (Inspect)			Feb 14, 2024 5:14pm

[vc]: #AEZnXN0lz4//MhEth8uqur98h8ahwmb9AjSO3TY6AuM=:eyJpc01vbm9yZXBvIjp0cnVlLCJ0eXBlIjoiZ2l0aHViIiwicHJvamVjdHMiOlt7Im5hbWUiOiJrYXRhcm9ndSIsImluc3BlY3RvclVybCI6Imh0dHBzOi8vdmVyY2VsLmNvbS90eWdlcnhxdC9rYXRhcm9ndS8zRU02RWEzU0xoQXFoSldqZ0Z1WTFEZ1AzVzZIIiwicHJldmlld1VybCI6IiIsIm5leHRDb21taXRTdGF0dXMiOiJGQUlMRUQiLCJsaXZlRmVlZGJhY2siOnsicmVzb2x2ZWQiOjAsInVucmVzb2x2ZWQiOjAsInRvdGFsIjowLCJsaW5rIjoiIn0sInJvb3REaXJlY3RvcnkiOm51bGx9XX0= **The latest updates on your projects**. Learn more about [Vercel for Git ↗︎](https://vercel.link/github-learn-more) | Name | Status | Preview | Comments | Updated (UTC) | | :--- | :----- | :------ | :------- | :------ | | **katarogu** | ❌ Failed ([Inspect](https://vercel.com/tygerxqt/katarogu/3EM6Ea3SLhAqhJWjgFuY1DgP3W6H)) | | | Feb 14, 2024 5:14pm |