Skip to content
This repository has been archived by the owner on Mar 26, 2023. It is now read-only.

Bump github.com/labstack/echo/v4 from 4.4.0 to 4.10.2 #287

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 22, 2023

Bumps github.com/labstack/echo/v4 from 4.4.0 to 4.10.2.

Release notes

Sourced from github.com/labstack/echo/v4's releases.

v4.10.2

Security

  • filepath.Clean behaviour has changed in Go 1.20 - adapt to it #2406
  • Add middleware.CORSConfig.UnsafeWildcardOriginWithAllowCredentials to make UNSAFE usages of wildcard origin + allow cretentials less likely #2405

Enhancements

  • Add more HTTP error values #2277

v4.10.1

Security

  • Upgrade deps due to the latest golang.org/x/net vulnerability #2402

Enhancements

  • Add new JWT repository to the README #2377
  • Return an empty string for ctx.path if there is no registered path #2385
  • Add context timeout middleware #2380
  • Update link to jaegertracing #2394

v4.10.0

Security

  • We are deprecating JWT middleware in this repository. Please use https://github.com/labstack/echo-jwt instead.

    JWT middleware is moved to separate repository to allow us to bump/upgrade version of JWT implementation (github.com/golang-jwt/jwt) we are using which we can not do in Echo core because this would break backwards compatibility guarantees we try to maintain.

  • This minor version bumps minimum Go version to 1.17 (from 1.16) due golang.org/x/ packages we depend on. There are several vulnerabilities fixed in these libraries.

    Echo still tries to support last 4 Go versions but there are occasions we can not guarantee this promise.

Enhancements

  • Bump x/text to 0.3.8 #2305
  • Bump dependencies and add notes about Go releases we support #2336
  • Add helper interface for ProxyBalancer interface #2316
  • Expose middleware.CreateExtractors function so we can use it from echo-contrib repository #2338
  • Refactor func(Context) error to HandlerFunc #2315
  • Improve function comments #2329
  • Add new method HTTPError.WithInternal #2340
  • Replace io/ioutil package usages #2342
  • Add staticcheck to CI flow #2343
  • Replace relative path determination from proprietary to std #2345
  • Remove square brackets from ipv6 addresses in XFF (X-Forwarded-For header) #2182
  • Add testcases for some BodyLimit middleware configuration options #2350
  • Additional configuration options for RequestLogger and Logger middleware #2341

... (truncated)

Changelog

Sourced from github.com/labstack/echo/v4's changelog.

v4.10.2 - 2023-02-22

Security

  • filepath.Clean behaviour has changed in Go 1.20 - adapt to it #2406
  • Add middleware.CORSConfig.UnsafeWildcardOriginWithAllowCredentials to make UNSAFE usages of wildcard origin + allow cretentials less likely #2405

Enhancements

  • Add more HTTP error values #2277

v4.10.1 - 2023-02-19

Security

  • Upgrade deps due to the latest golang.org/x/net vulnerability #2402

Enhancements

  • Add new JWT repository to the README #2377
  • Return an empty string for ctx.path if there is no registered path #2385
  • Add context timeout middleware #2380
  • Update link to jaegertracing #2394

v4.10.0 - 2022-12-27

Security

  • We are deprecating JWT middleware in this repository. Please use https://github.com/labstack/echo-jwt instead.

    JWT middleware is moved to separate repository to allow us to bump/upgrade version of JWT implementation (github.com/golang-jwt/jwt) we are using which we can not do in Echo core because this would break backwards compatibility guarantees we try to maintain.

  • This minor version bumps minimum Go version to 1.17 (from 1.16) due golang.org/x/ packages we depend on. There are several vulnerabilities fixed in these libraries.

    Echo still tries to support last 4 Go versions but there are occasions we can not guarantee this promise.

Enhancements

  • Bump x/text to 0.3.8 #2305
  • Bump dependencies and add notes about Go releases we support #2336
  • Add helper interface for ProxyBalancer interface #2316
  • Expose middleware.CreateExtractors function so we can use it from echo-contrib repository #2338
  • Refactor func(Context) error to HandlerFunc #2315
  • Improve function comments #2329

... (truncated)

Commits
  • 47844c9 Changelog for v4.10.2
  • f909660 Add middleware.CORSConfig.UnsafeWildcardOriginWithAllowCredentials to make UN...
  • ef4aea9 use different variable name so returned function would not accidentally be ab...
  • 7c75310 Clean on go1.20 (#2406)
  • 04ba8e2 Add more http error values (#2277)
  • b888a30 Changelog for v4.10.1
  • 2c25767 remediate flaky timeout tests
  • a3998ac Upgrade deps due to the latest golang.org/x/net vulnerability
  • 45da0f8 remove .travis.yml
  • 6b09f3f Update link to jaegertracing
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github.com/labstack/echo/v4](https://github.com/labstack/echo) from 4.4.0 to 4.10.2.
- [Release notes](https://github.com/labstack/echo/releases)
- [Changelog](https://github.com/labstack/echo/blob/master/CHANGELOG.md)
- [Commits](labstack/echo@v4.4.0...v4.10.2)

---
updated-dependencies:
- dependency-name: github.com/labstack/echo/v4
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Feb 22, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants