Update module github.com/labstack/echo to v4 - autoclosed

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
github.com/labstack/echo	require	major	v3.3.10+incompatible -> v4.6.1

---

Release Notes

labstack/echo

v4.6.1

Compare Source

Enhancements

• Add start time to request logger middleware values #​1991

v4.6.0

Compare Source

Introduced a new request logger middleware
to help with cases when you want to use some other logging library in your application.

Fixes

• fix timeout middleware warning: superfluous response.WriteHeader #​1905

Enhancements

• Add Cookie to KeyAuth middleware's KeyLookup #​1929
• JWT middleware should ignore case of auth scheme in request header #​1951
• Refactor default error handler to return first if response is already committed #​1956
• Added request logger middleware which helps to use custom logger library for logging requests. #​1980
• Allow escaping of colon in route path so Google Cloud API "custom methods" could be implemented #​1988

v4.5.0

Compare Source

Important notes

A BREAKING CHANGE is introduced for JWT middleware users.
The JWT library used for the JWT middleware had to be changed from github.com/dgrijalva/jwt-go to
github.com/golang-jwt/jwt due former library being unmaintained and affected by security
issues.
The github.com/golang-jwt/jwt project is a drop-in replacement, but supports only the latest 2 Go versions.
So for JWT middleware users Go 1.15+ is required. For detailed information please read #​1940

To change the library imports in all .go files in your project replace all occurrences of dgrijalva/jwt-go with golang-jwt/jwt.

For Linux CLI you can use:

find -type f -name "*.go" -exec sed -i "s/dgrijalva\/jwt-go/golang-jwt\/jwt/g" {} \;
go mod tidy

Fixes

• Change JWT library to github.com/golang-jwt/jwt #​1946

v4.4.0

Compare Source

Fixes

• Split HeaderXForwardedFor header only by comma #​1878
• Fix Timeout middleware Context propagation #​1910

Enhancements

• Bind data using headers as source #​1866
• Adds JWTConfig.ParseTokenFunc to JWT middleware to allow different libraries implementing JWT parsing. #​1887
• Adding tests for Echo#Host #​1895
• Adds RequestIDHandler function to RequestID middleware #​1898
• Allow for custom JSON encoding implementations #​1880

v4.3.0

Compare Source

Important notes

• Route matching has improvements for following cases:
  1. Correctly match routes with parameter part as last part of route (with trailing backslash)
  2. Considering handlers when resolving routes and search for matching http method handler
• Echo minimal Go version is now 1.13.

Fixes

• When url ends with slash first param route is the match #​1804
• Router should check if node is suitable as matching route by path+method and if not then continue search in tree #​1808
• Fix timeout middleware not writing response correctly when handler panics #​1864
• Fix binder not working with embedded pointer structs #​1861
• Add Go 1.16 to CI and drop 1.12 specific code #​1850

Enhancements

• Make KeyFunc public in JWT middleware #​1756
• Add support for optional filesystem to the static middleware #​1797
• Add a custom error handler to key-auth middleware #​1847
• Allow JWT token to be looked up from multiple sources #​1845

v4.2.2

Compare Source

Fixes

• Allow proxy middleware to use query part in rewrite (#​1802)
• Fix timeout middleware not sending status code when handler returns an error (#​1805)
• Fix Bind() when target is array/slice and path/query params complains bind target not being struct (#​1835)
• Fix panic in redirect middleware on short host name (#​1813)
• Fix timeout middleware docs (#​1836)

v4.2.1

Compare Source

Important notes

Due to a datarace the config parameters for the newly added timeout middleware required a change.
See the docs.
A performance regression has been fixed, even bringing better performance than before for some routing scenarios.

Fixes

• Fix performance regression caused by path escaping (#​1777, #​1798, #​1799, aldas)
• Avoid context canceled errors (#​1789, clwluvw)
• Improve router to use on stack backtracking (#​1791, aldas, stffabi)
• Fix panic in timeout middleware not being not recovered and cause application crash (#​1794, aldas)
• Fix Echo.Serve() not serving on HTTP port correctly when TLSListener is used (#​1785, #​1793, aldas)
• Apply go fmt (#​1788, Le0tk0k)
• Uses strings.Equalfold (#​1790, rkilingr)
• Improve code quality (#​1792, withshubh)

This release was made possible by our contributors:
aldas, clwluvw, lammel, Le0tk0k, maciej-jezierski, rkilingr, stffabi, withshubh

v4.2.0

Compare Source

Important notes

The behaviour for binding data has been reworked for compatibility with echo before v4.1.11 by
enforcing explicit tagging for processing parameters. This may break your code if you
expect combined handling of query/path/form params.
Please see the updated documentation for request and binding

The handling for rewrite rules has been slightly adjusted to expand * to a non-greedy (.*?) capture group. This is only relevant if multiple asterisks are used in your rules.
Please see rewrite and proxy for details.

Security

• Fix directory traversal vulnerability for Windows (#​1718, little-cui)
• Fix open redirect vulnerability with trailing slash (#​1771,#​1775 aldas,GeoffreyFrogeye)

Enhancements

• Add Echo#ListenerNetwork as configuration (#​1667, pafuent)
• Add ability to change the status code using response beforeFuncs (#​1706, RashadAnsari)
• Echo server startup to allow data race free access to listener address
• Binder: Restore pre v4.1.11 behaviour for c.Bind() to use query params only for GET or DELETE methods (#​1727, aldas)
• Binder: Add separate methods to bind only query params, path params or request body (#​1681, aldas)
• Binder: New fluent binder for query/path/form parameter binding (#​1717, #​1736, aldas)
• Router: Performance improvements for missed routes (#​1689, pafuent)
• Router: Improve performance for Real-IP detection using IndexByte instead of Split (#​1640, imxyb)
• Middleware: Support real regex rules for rewrite and proxy middleware (#​1767)
• Middleware: New rate limiting middleware (#​1724, iambenkay)
• Middleware: New timeout middleware implementation for go1.13+ (#​1743, )
• Middleware: Allow regex pattern for CORS middleware (#​1623, KlotzAndrew)
• Middleware: Add IgnoreBase parameter to static middleware (#​1701, lnenad, iambenkay)
• Middleware: Add an optional custom function to CORS middleware to validate origin (#​1651, curvegrid)
• Middleware: Support form fields in JWT middleware (#​1704, rkfg)
• Middleware: Use sync.Pool for (de)compress middleware to improve performance (#​1699, #​1672, pafuent)
• Middleware: Add decompress middleware to support gzip compressed requests (#​1687, arun0009)
• Middleware: Add ErrJWTInvalid for JWT middleware (#​1627, juanbelieni)
• Middleware: Add SameSite mode for CSRF cookies to support iframes (#​1524, pr0head)

Fixes

• Fix handling of special trailing slash case for partial prefix (#​1741, stffabi)
• Fix handling of static routes with trailing slash (#​1747)
• Fix Static files route not working (#​1671, pwli0755, lammel)
• Fix use of caret(^) in regex for rewrite middleware (#​1588, chotow)
• Fix Echo#Reverse for Any type routes (#​1695, pafuent)
• Fix Router#Find panic with infinite loop (#​1661, pafuent)
• Fix Router#Find panic fails on Param paths (#​1659, pafuent)
• Fix DefaultHTTPErrorHandler with Debug=true (#​1477, lammel)
• Fix incorrect CORS headers (#​1669, ulasakdeniz)
• Fix proxy middleware rewritePath to use url with updated tests (#​1630, arun0009)
• Fix rewritePath for proxy middleware to use escaped path in (#​1628, arun0009)
• Remove unless defer (#​1656, imxyb)

General

• New maintainers for Echo: Roland Lammel (@​lammel) and Pablo Andres Fuente (@​pafuent)
• Add GitHub action to compare benchmarks (#​1702, pafuent)
• Binding query/path params and form fields to struct only works for explicit tags (#​1729,#​1734, aldas)
• Add support for Go 1.15 in CI (#​1683, asahasrabuddhe)
• Add test for request id to remain unchanged if provided (#​1719, iambenkay)
• Refactor echo instance listener access and startup to speed up testing (#​1735, aldas)
• Refactor and improve various tests for binding and routing
• Run test workflow only for relevant changes (#​1637, #​1636, pofl)
• Update .travis.yml (#​1662, santosh653)
• Update README.md with an recents framework benchmark (#​1679, pafuent)

This release was made possible by over 100 commits from more than 20 contributors:
asahasrabuddhe, aldas, AndrewKlotz, arun0009, chotow, curvegrid, iambenkay, imxyb,
juanbelieni, lammel, little-cui, lnenad, pafuent, pofl, pr0head, pwli, RashadAnsari,
rkfg, santosh653, segfiner, stffabi, ulasakdeniz

v4.1.17

Compare Source

v4.1.16

Compare Source

• https://github.com/labstack/echo/pull/1525
• https://github.com/labstack/echo/pull/1541
• https://github.com/labstack/echo/pull/1535

v4.1.15

Compare Source

• Fix panic in FormFile if file not found (#​1515)
• Safer/trustable extraction of real ip from request (#​1478)
• Fix #​1493 router loop for param routes (#​1502)
• Fix crash on OpenBSD due to unsupported TCP KeepAlivePeriod (#​1456)
• Migrate to GitHub Actions (#​1473)
• Support HTTP/2 h2c mode (cleartext) (#​1489)

v4.1.14

Compare Source

v4.1.13

Compare Source

Fix param value bug (#​1467)

v4.1.12

Compare Source

#​1412 Fix multi level match any routes
Add ability to set the logger on echo.Context (#​1377)
Fixed comment typo in BodyDump (#​1431)
Reset p.values to echo.maxParam (#​1429)
Close file descriptor returned by request.FormFile (#​1411)
Fixed #​988

v4.1.11

Compare Source

• Fixed #​1409
• Fixed reporting error from proxy middleware

v4.1.10

Compare Source

Updated dependencies

v4.1.9

Compare Source

• Assign new ResponseWriter after calling http.HandlerFunc (#​1341)
• Include internal error in http error handler (ecc01d2)

v4.1.8

Compare Source

Fixed version and default http error handler

v4.1.7

Compare Source

• Enhanced default http error handler ed51400
• Add a new ErrorHandlerWithContext (#​1328)
• Add ReferrerPolicy to Secure middleware (#​1363)
• Don't make router parse duplicated param when backtracking happens (#​1368)
• Fix #​1260 change middleware.Logger's default output (#​1336)
• Nil check for bind #​988
• Added feature to map url params to a struct with the default binder
• Tests and fix for findChildByKind executed on nil node (Router)

v4.1.6

Compare Source

• Fixed indentation in code example (#​1338)
• Provide possibility to use key ids (#​1289)
• Fix for #​1334 (#​1335)
• Update x/sys module to support Risc-V (#​1344)
• Added support for the REPORT method (#​1332)
• Add support for encoding.TextUnmarshaler in bind (#​1314)
• Added param: lookup option to JWT Middleware (#​1296)
• Bug #​1323

v4.1.5

Compare Source

Code cleanup

v4.1.4

Compare Source

Fixed group middleware

v4.1.3

Compare Source

Fixed invalid json value for error in logger middleware

v4.1.2

Compare Source

Fixed sub-group for virtual hosts

v4.1.1

Compare Source

Added a method to return map of routers

v4.1.0

Compare Source

• Built-in capability to run multiple hosts via Echo#Host()
• Fix unhandled errors (#​1271)
• Simplify code of Add/Remove trailing slash and fix bug (#​1275)
• Use concurrency safe context by default. (#​1158)
• Echo.StartTLS: accept string or []byte as parameters. (#​1277)
• Support Content-Security-Policy-Report-Only header (#​1287)
• Refactor DefaultProxyConfig Skipper & WebSocket Check in Context (#​1297)
• Enable adding preload tag to HSTS header (#​1247)
• Set subdomains to AllowOrigins with wildcard (#​1301)
• Ensure that the TLS config contains the ALPN protocol (#​1305)
• Fix flushing in Gzip middleware (#​1317)
• Updated dependencies

v4.0.0

Compare Source

This reintroduces support for Go modules, as v4. Please see the README for compatibility.

CloseNotifier() is removed as it has been obsoleted, see https://golang.org/doc/go1.11#net/http

It was already NOT working (not sending signals) as of 1.11 the functionality was gone, we merely
deleted the functions that exposed it. If anyone still relies on it they should migrate to using
c.Request().Context().Done() instead.

---

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box.

---

This PR has been generated by WhiteSource Renovate. View repository job log here.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻️ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you check the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: go.sum

Command failed: docker run --rm --name=renovate_go --label=renovate_child -v "/mnt/renovate/gh/jessie-codes/echo-relic":"/mnt/renovate/gh/jessie-codes/echo-relic" -v "/tmp/renovate-cache":"/tmp/renovate-cache" -v "/tmp/renovate-cache/others/go":"/tmp/renovate-cache/others/go" -e GOPATH -e CGO_ENABLED -w "/mnt/renovate/gh/jessie-codes/echo-relic" docker.io/renovate/go:1.16.3 bash -l -c "git config --global url.\"https://**redacted**@github.com/\".insteadOf \"https://github.com/\" && go get -d ./... && go mod tidy && go mod tidy"
go: downloading golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2
go: downloading github.com/mattn/go-colorable v0.1.8
go: downloading github.com/mattn/go-isatty v0.0.12
go: downloading github.com/valyala/fasttemplate v1.2.1
go: downloading golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4
go: downloading golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57
go: downloading golang.org/x/text v0.3.6
go get: added github.com/labstack/echo v3.3.10+incompatible
go get: upgraded golang.org/x/crypto v0.0.0-20191002192127-34f69633bfdc => v0.0.0-20210322153248-0c34fe9e7dc2
go: downloading github.com/stretchr/testify v1.6.1
go: downloading github.com/davecgh/go-spew v1.1.0
go: downloading github.com/pmezard/go-difflib v1.0.0
go: downloading gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c
github.com/jessie-codes/echo-relic/v3 imports
	github.com/labstack/echo tested by
	github.com/labstack/echo.test imports
	github.com/stretchr/testify/assert imports
	gopkg.in/yaml.v3: fstatat /tmp/renovate-cache/others/go/pkg/mod/gopkg.in/yaml.v3@v3.0.0-20200313102051-9f266ea9e77c: permission denied