Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix(deps): Update module github.com/labstack/echo/v4 to v4.11.4 (#115)
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [github.com/labstack/echo/v4](https://github.com/labstack/echo) | indirect | patch | `v4.11.1` -> `v4.11.4` | --- ### Release Notes <details> <summary>labstack/echo (github.com/labstack/echo/v4)</summary> ### [`v4.11.4`](https://github.com/labstack/echo/blob/HEAD/CHANGELOG.md#v4114---2023-12-20) [Compare Source](https://github.com/labstack/echo/compare/v4.11.3...v4.11.4) **Security** - Upgrade golang.org/x/crypto to v0.17.0 to fix vulnerability [issue](https://pkg.go.dev/vuln/GO-2023-2402) [#​2562](https://github.com/labstack/echo/pull/2562) **Enhancements** - Update deps and mark Go version to 1.18 as this is what golang.org/x/\* use [#​2563](https://github.com/labstack/echo/pull/2563) - Request logger: add example for Slog https://pkg.go.dev/log/slog [#​2543](https://github.com/labstack/echo/pull/2543) ### [`v4.11.3`](https://github.com/labstack/echo/blob/HEAD/CHANGELOG.md#v4113---2023-11-07) [Compare Source](https://github.com/labstack/echo/compare/v4.11.2...v4.11.3) **Security** - 'c.Attachment' and 'c.Inline' should escape filename in 'Content-Disposition' header to avoid 'Reflect File Download' vulnerability. [#​2541](https://github.com/labstack/echo/pull/2541) **Enhancements** - Tests: refactor context tests to be separate functions [#​2540](https://github.com/labstack/echo/pull/2540) - Proxy middleware: reuse echo request context [#​2537](https://github.com/labstack/echo/pull/2537) - Mark unmarshallable yaml struct tags as ignored [#​2536](https://github.com/labstack/echo/pull/2536) ### [`v4.11.2`](https://github.com/labstack/echo/blob/HEAD/CHANGELOG.md#v4112---2023-10-11) [Compare Source](https://github.com/labstack/echo/compare/v4.11.1...v4.11.2) **Security** - Bump golang.org/x/net to prevent CVE-2023-39325 / CVE-2023-44487 HTTP/2 Rapid Reset Attack [#​2527](https://github.com/labstack/echo/pull/2527) - fix(sec): randomString bias introduced by [#​2490](https://github.com/labstack/echo/issues/2490) [#​2492](https://github.com/labstack/echo/pull/2492) - CSRF/RequestID mw: switch math/random usage to crypto/random [#​2490](https://github.com/labstack/echo/pull/2490) **Enhancements** - Delete unused context in body_limit.go [#​2483](https://github.com/labstack/echo/pull/2483) - Use Go 1.21 in CI [#​2505](https://github.com/labstack/echo/pull/2505) - Fix some typos [#​2511](https://github.com/labstack/echo/pull/2511) - Allow CORS middleware to send Access-Control-Max-Age: 0 [#​2518](https://github.com/labstack/echo/pull/2518) - Bump dependancies [#​2522](https://github.com/labstack/echo/pull/2522) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xMTUuMCIsInVwZGF0ZWRJblZlciI6IjM3LjExNS4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->
- Loading branch information
