TrailBase releases

• Fix reset of sort/ordering state in admin table explorer when changing active schema.
• Support a truly arbitrary number of databases in admin list tables API.
• Stop using cached metadata for table explorer API.
• Make shutdown watchdog more informative and robust, i.e. don't rely on runtime being shut down.
• Update dependencies.

Full Changelog: https://github.com/trailbaseio/trailbase/compare/v0.27.2...v0.27.3

• Mainline many Postgres related changes and wiring. This is mostly a no-op, since everything is behind a cargo feature flag. When enabled, this is far from being ready and many tests are failing, especially tests requiring schema metadata.
  • Add a runtime ConnectionType to polymorphic connection allowing refinery's version_history schema to apply conditionally.
  • Alternate psql-compatible "base" migrations.
  • Support named PG parameters with underscores.
  • Fork pgrow2serde and add support for more types: arrays (e.g. [u8; 16]), UUID, ... .
  • Wire up pglite-oxide for testing. Pretty promising but still new and issues to be worked out (e.g. error handling, broken RNG).
  • Support a wider set of FromSql/ToSql conversions for trailbase_sqlite::Value.
  • Hoist ExecuteReturnedResults error and fix execute() for PG.
• Fix connection clean-up.
• Overhaul custom-endpoint/UI tutorial.
• Update dependencies.

Full Changelog: https://github.com/trailbaseio/trailbase/compare/v0.27.1...v0.27.2

• Consistently initialize rustls TLS binaries at the binary root. Previously, outgoing HTTPS traffic may have caused panics when not properly initialized. Thanks @jimmydjabali 🙏.
• Small optimization: increase connection re-use and reduce spawning of threads across admin APIs.
• Remove legacy _session table. Session data now lives in a separate DB.
• Update dependencies.

Full Changelog: https://github.com/trailbaseio/trailbase/compare/v0.27.0...v0.27.1

• Cleanup release: remove the Sqlean's define() extensions for stored procedures. Breaking for users of Sqlean.
  • Read queries modify connection state, therefore doesn't work with query_only pragma and has elevated scheduling requirements.
  • Doesn't allow anything that isn't possible with VIEW + WASM SQLite extensions.
  • Is another source on SQLite lock-in. We're currently working to loosening the coupling .
• Other major changes since the previous major release are mostly around DB coupling and execution model.
  • There is a proof-of-concept Postgres driver now but it would still be a long way to hook it up:
    • different SQL dialects,
    • schema extraction missing,
    • dependencies on SQLite extensions for CHECK(), migrations, etc.,
    • change notifications for RecordApi subscriptions would need to work very differently,
    • more fun surprises...?
• Lift Rust MVRV (1.93) and Rust toolchain (1.95) versions.

Full Changelog: https://github.com/trailbaseio/trailbase/compare/v0.26.9...v0.27.0

• Enable custom WASM SQLite extension functions in multi-DB migrations.
• Apply migrations asynchronously to further untangle DB implementation from execution model.
• Improve error handling and simplify bespoke initialization order of DB connection.
• Update dependencies.

Full Changelog: https://github.com/trailbaseio/trailbase/compare/v0.26.8...v0.26.9

• Add two new SQL connection types: a postgres one and a polymorphic one with runtime dispatch.
  • This is mostly a proof-of-concept. Tests pass with the polymorphic connection pointing at SQLite but using postgres entails many more challenges:
    • Different SQL dialects.
    • Schema extraction missing.
    • Change notifications for RecordApi subscriptions work very differently.
• Introduce a new AsyncReactive + snapshot primitive to further entangle DB connection establishment from the execution model, i.e. allow establishing connection asynchronously and thus RecordApis.
• Update dependencies.

Full Changelog: https://github.com/trailbaseio/trailbase/compare/v0.26.7...v0.26.8

• Fix CLI regression for user and admin commands due to DB initialization order changes.
• Fix missing version identifier in --version for CI release builds. There were two issues: shallow checkouts and permissions for docker MUSL builds.
• Admin UI: For geospatial data show EWKT SRID only when present and fix form prefill during record update for WKT.
• Add &skip_cursor parameter for RecordAPI listing to help with GeoJSON consumers who don't support the foreign_member standard extension.
• More work towards untangling TrailBase from SQLite specifics: make lock acquisition fallible.
• Update dependencies.

Full Changelog: https://github.com/trailbaseio/trailbase/compare/v0.26.6...v0.26.7

• Admin UI improvements:
  • Allow using WKT-formatted geometries in row insert/update forms.
  • Early client-side validation of RecordAPI names.
  • Show toast close button on small screens w/o hover.
• Add execute_batch() to SyncConnectionTrait for downstream schema metadata building code.
• Remove more use-cases of leaky Connection::write_lock() abstraction.
• Update dependencies.

Full Changelog: https://github.com/trailbaseio/trailbase/compare/v0.26.5...v0.26.6

• Remove most leaky abstractions from trailbase_sqlite::Connection:
  • Introduce an async Connection::transaction() API to remove many .call_reader() calls.
  • Add a SyncConnection for the remaining batch uses of .call_reader().
  • Add a dedicated backup API.
  • Add a first-party Statement abstraction to allow binding parameters to other clients.
  • Clean-up a few more overlooked uses and narrow ToSqlProxy's lifetimes.
• Add a new refinery driver using above async transaction() API.
• Use new APIs in TransactionRecorder used for migrations.
• Increase statement cache size.
• Minor: replace kanal with flume everywhere.
• Update dependencies.

Full Changelog: https://github.com/trailbaseio/trailbase/compare/v0.26.4...v0.26.5

• Use WASI resources to model WASM transactions more correctly. Also spawn a watcher task that force-unlocks the DB after a deadline for better isolation from user code.
  • The new APIs are transparent and implemented in a backwards-compatible way, i.e. if you rebuild your WASM guests against future releases of the guest runtimes you'll pick up those changes.
• Make server limits more configurable: rate limits and body size limits.
• Add "created" and "last-updated" timestamps to accounts page in admin UI.
• Switch SQLite execution model from kanal to flume to allow the writer to lend a hand with reads.
• Mark read connections as explicitly query_only.
• More work towards untangling from rusqlite: remove more uses of leaky abstractions and make error handling generic.
• Update dependencies.

Full Changelog: https://github.com/trailbaseio/trailbase/compare/v0.26.3...v0.26.4

• Make trailbase-sqlite's abstractions less leaky, i.e. don't depend on rusqlite's internals as much. This is a pre-requisite if we wanted to support other drivers and DBs.
• Fix and clean-up trailbase-sqlite's execution engine.
• Update clients across all languages to automatically "log out" on token refresh when a 401 (Unauthorized) error is received.
• Stricter "read-only" query filtering for WASM guests. Sqlean's SELECT define() statements are actually mutating. Maybe it's time to remove sqlean. It predates JS and WASM components and may have overstayed its welcome.
• Allow loading *.wasm components from symlinks.
• Tweak auth-ui's profile page to properly clean-up invalid cookie tokens.
• Fix a few small issues with the blog example.
• Update dependencies.

Full Changelog: https://github.com/trailbaseio/trailbase/compare/v0.26.2...v0.26.3

• Fork the reactivate crate to streamline it and make it lock-free. Previously, accessing the config would require claiming an eclusive lock.
• Remove unsafe query construction from WASM guest examples and add utilities for escaping safe SQL string literals to the guest runtimes.
• Fix wiring of new redirect_uri_allowlist config option.

Full Changelog: https://github.com/trailbaseio/trailbase/compare/v0.26.1...v0.26.2

• Add an redirect_uri_allowlist config option to enable select off-site auth redirects.
• Fix escaping of migration file names to work for any unicode characters.
• Fix escaping of named placeholders to work for any unicode characters.
• Update Rust and JavaScript dependencies.

Full Changelog: https://github.com/trailbaseio/trailbase/compare/v0.26.0...v0.26.1

• Overhaul change subscriptions:
  • Minimize work done on SQLite's pre-update hook.
  • Push brokering into separate thread and ACL-checking+filtering into handler tasks.
  • Simplify locking.
  • Add layered sequence numbers to track both, server-side event losses (e.g. due to back-pressure) and allow clients to detect client-side losses (e.g. due to unreliable network).
  • Add structured status to error events. This changes the wire-format and is a breaking change. While this only affects errors, users of change subscriptions should update their client.
    • We did also explore switching from an externally to an internally tagged union format. However, externally tagged is the way to go for change event schemas with something like JSON schema or Avro.
  • Update all the clients that support change subscriptions, i.e. all but Swift.
  • Add stress-tests.
• Fix ATTACH DATABASE calls from WASM guests.
• Update dependencies.

Full Changelog: https://github.com/trailbaseio/trailbase/compare/v0.25.4...v0.26.0

• Fix MacOS release workflows.

Full Changelog: https://github.com/trailbaseio/trailbase/compare/v0.25.3...v0.25.4

• Concurrent SELECTs for WASM guests.
  • The guest APIs don't distinguish between reads and writes, hence everything was assumed to be potentially mutating.
  • We're now "pre-parsing" queries to handle SELECTs and ATTACH/DETACH DATABASE specially and multiplex to multiple connections.
• Stricter Content-Type handling and some preparations for supporting more encodings. This is part of an exploration to support Avro.
• Fix JSON schemas for nullable JSON and expanded foreign key columns.
• Add JSON input/output validation to record APIs in debug builds.
• Update dependencies.

What's Changed

• Blog example: Increase Node version to 22 in Dockerfile by @yguenduez in https://github.com/trailbaseio/trailbase/pull/224

New Contributors

• @yguenduez made their first contribution in https://github.com/trailbaseio/trailbase/pull/224

Full Changelog: https://github.com/trailbaseio/trailbase/compare/v0.25.2...v0.25.3

• Update clients for all eight supported language environments to allow injecting custom "transport" implementations.
  • This can be used for testing but also in prod. For example, a backend may want to inject users' original IPs via X-Forwarded-For to make sure logging and rate limiting works correctly.
• Update JS/TS WASM guest runtime to use canonical jco generated types.
• Update Rust and JavaScript dependencies including latest Wasmtime & TS6.

Full Changelog: https://github.com/trailbaseio/trailbase/compare/v0.25.1...v0.25.2

• Add GitHub OAuth provider (validated).
• Minor: stable, lexicograpic sorting of OAuth providers.
• Fix smaller cookie issues and inconsistencies, previously:
  • same-site policy shouldn't depend on dev-mode to avoid inconsitencies and late surprises.
  • OAuth state cookies were secure in dev-mode and not as strict as they could be in prod-mode. Now all cookies secure policy depends on dev-mode + HTTPS site.
  • Empty override-cookies during logout API should not bet secure, i.e require TLS.
• QoL: Trim whitespaces from OAuth client id/secret in UI.
• Update Rust and JS dependencies (Astro 6, vite 8, ...).

Full Changelog: https://github.com/trailbaseio/trailbase/compare/v0.25.0...v0.25.1

• Add support for TOTP (e.g. authenticator app) two-factor auth: APIs, auth UI and admin UI 🎉.
  • Added support for two-factor login to client libraries in all 8 languages.
• Add support for single-factor OTP authentication, i.e. receive a code/link by email: APIs, auth UI and admin UI.
  • Note that this is disabled by default. Using single-factor OTPs delegates security to your users' inboxes, which may be more or less secure.
  • Access is rate-limited to avoid brute-force, enumeration attacks.
  • Added support for request/login OTP to client libraries in all 8 languages.
• Hardening: move all session-like, ephemeral state into JWTs or a separate session.db database.
  • This way a WASM component-level SQL injection vulnerability cannot leak session artifacts.
  • This also makes it possible to just drop the entire session.db to invalidate all refresh tokens and other auth codes (however not JWTs like the auth token).
  • The new setup may also allow more flexible expiration times for various codes and tokens.
• Many small and big (breaking) improvements to auth APIs and auth UIs. If you're using the auth-ui WASM component, make sure to update:

  trail --data-dir client/testfixture components add trailbase/auth_ui
  

  • If you're running your own auth UI or customized the auth-ui component, this update will prompt significant but hopefully welcome changes on your end. If you run into any issues, don't hesitate to reach out.
  • Auth APIs and UI are no fully decoupled allowing custom UIs to use all of the same facilities.
• Stop sending emails in dev-mode, instead print to stderr.
• Minor: fix DB size formatting in admin UI.
• Update dependencies, including critical SQLite update.

Full Changelog: https://github.com/trailbaseio/trailbase/compare/v0.24.4...v0.25.0

• Disable SQLite FK constraints during migrations and re-enable just before the transaction is committed to avoid getting stuck with inconsistencies while allowing more flexible table alterations in preparation for major auth changes.
• Fix HTTP routing ambiguities for JS/TS WASM guests.
• Add support for "realtime" change subscriptions to Kotlin client.
• Release Kotlin client as multi-platform library.
• Update dependencies.

Full Changelog: https://github.com/trailbaseio/trailbase/compare/v0.24.3...v0.24.4

• Add a Yandex OAuth provider.
• Expose RNG to Rust WASM guests.
• Update Rust WASM guest integration to avoid repeated calls to Guest::Init() and avoid repeated sqlite function registration.
• Update dependencies.

Full Changelog: https://github.com/trailbaseio/trailbase/compare/v0.24.2...v0.24.3

• Revert WASM execution model to not share state between HTTP requests. Rust Guests seem fine but JS guests can get stuck. This requires further investigation.
• Pass Client-Id header for Twitch OAuth provider.
• Update realtime SSR docs.
• Update dependencies.

Full Changelog: https://github.com/trailbaseio/trailbase/compare/v0.24.1...v0.24.2

• Add experimental Twitch OAuth provider.
• Use defer_foreign_keys for schema alterations.
• Update dependencies.

Full Changelog: https://github.com/trailbaseio/trailbase/compare/v0.24.0...v0.24.1

• TrailBase received first-class support for geometric/geospatial data and querying 🎉
  • We published LiteGIS, an in-house GEOS SQLite extension.
    It's early days but we hope for this to become useful to folks beyond TrailBase.
    Alternatively check out the amazing SpatiaLite.
  • TrailBase recognizes columns tagged as CHECK(ST_IsValid(_)), e.g.:

    CREATE TABLE table_with_geometry (
        id         INTEGER PRIMARY KEY,
        geometry   BLOB CHECK(ST_IsValid(geometry))
    ) STRICT;
    INSERT INTO table_with_geometry (geometry) VALUES (ST_MakeEnvelope(-180, -90, 180, 90));
    

    and updates its API/JSON schemas to expect and produce GeoJSON Geometry objects.
  • Internally geometries are represented in the "Well Known Binary" format (WKB). This enables INDEXes to accelerate filtering based on certain geometric relationships, see next.
  • The spatial filter operators @within, @intersects and @contains were added to the list API to allow filtering on spatial relations like:
    • List records with bounding boxes that contain my point.
    • List records with points, lines or polygons intersecting my bounding box.
      Reference geometries are specified in the "Well Known Text" (WKT) format, e.g. ?filter[geometry][@contains]=POINT (11.393 47.268).
      All clients were updated to support these new filter relations.
  • Using the new list query parameter ?geojson=<geo_column_name> will return a GeoJSON FeatureCollection directly instead of a ListResponse.
    The geometry of the collection's features is derived from the column specified by <geo_column_name>.
  • The admin UI parses a geometry column's WKB and displays readable WKT but doesn't yet support convenient WKT insertion.
    Similarly clients don't aid in the construction of WKT parameters, this is left to the user, however WKT libraries exist in most languages.
  • Thanks for making it to here 🙏 - would love to hear your input.
• For visibility, other notable changes since the prior major release:
  • Much improved admin UI: better maps and stats on the logs page, improved accounts page, tables handle the loading state to reduce layout jank, ...
  • Allow change subscriptions via WebSockets in addition to SSE.
  • Support bcrypt password hashes for auth. Support importing auth data from Auth0: trail user import --auth0-json=<file>.
    • The goal is to provide more horizontal mobility, i.e. reduce lock-in, by allowing auth in and export.
  • Make TrailBase's SQLite extensions available standalone to reduce lock-in, see /crates/extensions-so.
  • Dual-licensed clients under permissive Apache-2.0.
• More idiomatic HTTP handling in WASM JS/TS: [email protected].
• Redo cross-platform builds to deal with new C++ & CMake dependencies introduced by geos. MUSL releases are now built with Docker.
• Remove default features from core crate, to get better build coverage of feature permutations and fix latent no-WASM issue.
• Update dependencies.

Full Changelog: https://github.com/trailbaseio/trailbase/compare/v0.23.10...v0.24.0

• Add a standalone SQLite extension with all of TrailBase's custom functions to minimize lock-in and make it easier on folks who'd like to move off.
• Overhaul schema metadata handling. More consistency and simplicity across (Table|View)Metadata and RecordApi. Fewer allocations.
• Make status codes more consistent across auth: user registration, email verification and reset password.
  • Also fix and update the corresponding OpenAPI documentation.
• Update dependencies.

Full Changelog: https://github.com/trailbaseio/trailbase/compare/v0.23.9...v0.23.10

• Support bcrypt password hashes in addition to argon2.
• Add a user import function to CLI. Currently supports Auth0 user exports.
  • Will be straight forward to support other providers that use bcrypt or argon2, please reach out 🙏.
• Update dependencies.

Full Changelog: https://github.com/trailbaseio/trailbase/compare/v0.23.8...v0.23.9

• Show validation errors for TABLE/VIEWs that do not qualify for Record APIs.
• Improve config validation errors.
• Allow GROUP BY expressions on VIEW's non-PK column for MIN/MAX PK aggregations.
• Add body extraction back to FetchError.
• Update dependencies.

Full Changelog: https://github.com/trailbaseio/trailbase/compare/v0.23.7...v0.23.8

• Clean up the accounts UI.
• Fix ephemeral invalid cell access in admin UI on VIEWs for first access due to column schema fallback.
• Further improve error handling in TS client and admin UI.
• Update JavaScript and Rust dependencies.

Full Changelog: https://github.com/trailbaseio/trailbase/compare/v0.23.6...v0.23.7

• Handle permission errors (401 & 403) and 429 more gracefully in admin UI.
• Add uptime to dashboard.
• Update Rust dependencies.

Full Changelog: https://github.com/trailbaseio/trailbase/compare/v0.23.5...v0.23.6

• Switch map of the admin UI's logs page from leaflet to maplibre and vector tiles.
• Switch rate graph to a bar chart.
• No longer "auto-hide" stats on pageIndex > 0. Instead add an explicit collapse option.
• Split "list logs" from stats endpoint.
• Make break-down by country, e.g. the map, correctly reflect filter queries.
• Update dependencies.

Full Changelog: https://github.com/trailbaseio/trailbase/compare/v0.23.4...v0.23.5

• Include cursors in list responses only when properly supported.
• Fix cursor state handling in Admin UI with respect to both reactivity and pageIndex-based indexing.
• Add an explicit security/vulnerability policy with SECURITY.md.
• Update dependencies.

Full Changelog: https://github.com/trailbaseio/trailbase/compare/v0.23.3...v0.23.4

• Polish admin UI: use skeletons/shimmers during data loads for tables to reduce layout jank.
• Minor: improve initial screen fill in ERD graph.
• Update serde_qs resulting in stricter query string parsing. This is technically a breaking API change, however affects edge-cases only and users of the client libraries won't have any issues.
• Update dependencies and switch back to upstream serde_rusqlite.

Full Changelog: https://github.com/trailbaseio/trailbase/compare/v0.23.2...v0.23.3

• Switch to case-sensitive LIKE expression, thus making list queries with filter[col][$like]=val case-sensitive as well.
  • This is technically a breaking change, though sneaking it into a minor release assuming that nobody actually expected case-insensitive filtering.
• Hoist external SQLite extension loading up to the CLI level and replace upstream sqlite-vec with maintained fork: https://github.com/vlasky/sqlite-vec.
• Add a join-order benchmark for further performance tuning.
• Update dependencies.

Full Changelog: https://github.com/trailbaseio/trailbase/compare/v0.23.1...v0.23.2

• Dual license clients under permissive Apache-2.0 license. The server continues to be under OSL-3.0.
• Add a WebSocket subscription feature to the Rust client. Requires the server to be compiled with the non-default "ws" feature as well.
• Update dependencies.

Full Changelog: https://github.com/trailbaseio/trailbase/compare/v0.23.0...v0.23.1

• WASM component model:
  • Merge Host implementations for HTTP/Job handlers and custom SQLite extension functions
  • Extend state life-cycle for SQLite extension functions to allow for statefulness and avoid overhead of repeat initialization.
  • Use async | store | task_exit exports and Store::run_concurrent in preparation for component-model-async, which will enable much richer async host-backed plugin APIs.
• Enable "late" authentication for WebSocket subscriptions to support clients (e.g. Browsers) that don't allow setting the headers of the HTTP UPGRADE request.
  • Add early, yet private support for WASM to JS/TS client and tests. We still cannot upstream the WebSocket support for the Rust client due to stale reqwest-websocket dependency.
• Update Rust toolchain to latest stable: 1.93.
• Update dependencies.

Full Changelog: https://github.com/trailbaseio/trailbase/compare/v0.22.13...v0.23.0

• Support realtime change subscriptions via WebSockets behind the "ws" cargo build feature.
  • When built with the feature and the ?ws=true parameter is passed a ws:// protocol upgrade is attempted.
  • The Rust client on the ws_client branch supports WebSocket-based subscriptions. We cannot currently mainline it, due to a stale crate dependency.
• Internal: improve Rust client's test setup.
• Update dependencies.

Full Changelog: https://github.com/trailbaseio/trailbase/compare/v0.22.12...v0.22.13

• Enable sorting of columns in table explorer, logs and accounts page 🎉.
• Update column's data type when picking a foreign key table in create/alter table form.
• Reduce table jank by setting fixed sizes for well-known columns.
• Fix stability (e.g. during re-ordering) of column card's accordion collapse state.
• Add execution timestamp to any SQL editor's execution result, including errors.
• Cleanup: split table state from table UI.
• Update Rust and JavaScript dependencies.

Full Changelog: https://github.com/trailbaseio/trailbase/compare/v0.22.11...v0.22.12

• Allow re-ordering of columns in Create/Alter table admin UI.
• Optimization for filtered realtime subscriptions: enforce filter before access check.
• Admin UI: filter foreign key options based on column type.
• Minor: remove stale mentions of V8 in admin UI.
• Update dependencies.

Full Changelog: https://github.com/trailbaseio/trailbase/compare/v0.22.10...v0.22.11

• Fix list record edge case: ?limit=0&count=true to yield a potentially incorrect total_count of 0. #207
• Fix overly eager de-registration of record subscriptions.
• Update Rust and JavaScript dependencies.

Full Changelog: https://github.com/trailbaseio/trailbase/compare/v0.22.9...v0.22.10

• Allow streaming of HTTP respones from WASM.
• Internal: major overhaul of WASM integration, remove indirection and scaffolds from previous execution model.
• Update Rust dependencies.

Full Changelog: https://github.com/trailbaseio/trailbase/compare/v0.22.8...v0.22.9

• Expose SQL CREATE (TABLE|VIEW) statements in admin UI's explorer.
• Move API's JSON schemas in to explorer's API dialog.
• Update Rust dependencies including reqwest, which changes default rustls crypto provider from ring to aws_lc.

Full Changelog: https://github.com/trailbaseio/trailbase/compare/v0.22.7...v0.22.8

• Add IP-based rate limiting to all auth POST endpoints to further reduce abuse surface like sign-up bombing (sign-ins were already limited).
  • The ip-based nature means that, if you're using a reverse-proxy you should set the X-Forwarded-For header. This was already true to get correct log entries.
• Do not instantiate parts of the WASM runtime when no WASM component is found. This reduces the memory footprint for instances that don't use WASM.
• Update SQLite from v3.50.2 -> v3.51.1 (i.e. rusqlite v0.38).
• Update Rust dependencies.

Full Changelog: https://github.com/trailbaseio/trailbase/compare/v0.22.6...v0.22.7

• Stop using baseline WASM compiler "winch" in dev-mode on MacOS. Previously loading WASM components on MacOS with --dev would cause a panic related to nested tokio runtimes. This increases initial-load & hot-reload times, thus isn't ideal for DevEx but better than crashing. This will require further investigation: https://github.com/trailbaseio/trailbase/issues/206.
• Upon request: add re-serialization of list queries to trailbase-qs.
• Update Rust and JavaScript dependencies.

Full Changelog: https://github.com/trailbaseio/trailbase/compare/v0.22.5...v0.22.6

• New "--spa" command-line option for serving SPAs from --public-dir. Any path that doesn't look like a file/asset request, i.e. doesn't have a file extension, will fall back to <public_dir>/index.html to let a client-side router take over. Otherwise, navigating to non-root paths would serve 404. Thanks @takumi3488.
• Improve error handling and cleanup OAuth callback handling.
• Internal: build queries at build-time rather than relying on lazy-statics whenvever possible.
• Update dependencies.

Full Changelog: https://github.com/trailbaseio/trailbase/compare/v0.22.4...v0.22.5