Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Bump github.com/labstack/echo/v4 from 4.9.1 to 4.10.2 (#85)
Bumps [github.com/labstack/echo/v4](https://github.com/labstack/echo) from 4.9.1 to 4.10.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/labstack/echo/releases">github.com/labstack/echo/v4's releases</a>.</em></p> <blockquote> <h2>v4.10.2</h2> <p><strong>Security</strong></p> <ul> <li><code>filepath.Clean</code> behaviour has changed in Go 1.20 - adapt to it <a href="https://github-redirect.dependabot.com/labstack/echo/pull/2406">#2406</a></li> <li>Add <code>middleware.CORSConfig.UnsafeWildcardOriginWithAllowCredentials</code> to make UNSAFE usages of wildcard origin + allow cretentials less likely <a href="https://github-redirect.dependabot.com/labstack/echo/pull/2405">#2405</a></li> </ul> <p><strong>Enhancements</strong></p> <ul> <li>Add more HTTP error values <a href="https://github-redirect.dependabot.com/labstack/echo/pull/2277">#2277</a></li> </ul> <h2>v4.10.1</h2> <p><strong>Security</strong></p> <ul> <li>Upgrade deps due to the latest golang.org/x/net vulnerability <a href="https://github-redirect.dependabot.com/labstack/echo/pull/2402">#2402</a></li> </ul> <p><strong>Enhancements</strong></p> <ul> <li>Add new JWT repository to the README <a href="https://github-redirect.dependabot.com/labstack/echo/pull/2377">#2377</a></li> <li>Return an empty string for ctx.path if there is no registered path <a href="https://github-redirect.dependabot.com/labstack/echo/pull/2385">#2385</a></li> <li>Add context timeout middleware <a href="https://github-redirect.dependabot.com/labstack/echo/pull/2380">#2380</a></li> <li>Update link to jaegertracing <a href="https://github-redirect.dependabot.com/labstack/echo/pull/2394">#2394</a></li> </ul> <h2>v4.10.0</h2> <p><strong>Security</strong></p> <ul> <li> <p>We are deprecating JWT middleware in this repository. Please use <a href="https://github.com/labstack/echo-jwt">https://github.com/labstack/echo-jwt</a> instead.</p> <p>JWT middleware is moved to separate repository to allow us to bump/upgrade version of JWT implementation (<code>github.com/golang-jwt/jwt</code>) we are using which we can not do in Echo core because this would break backwards compatibility guarantees we try to maintain.</p> </li> <li> <p>This minor version bumps minimum Go version to 1.17 (from 1.16) due <code>golang.org/x/</code> packages we depend on. There are several vulnerabilities fixed in these libraries.</p> <p>Echo still tries to support last 4 Go versions but there are occasions we can not guarantee this promise.</p> </li> </ul> <p><strong>Enhancements</strong></p> <ul> <li>Bump x/text to 0.3.8 <a href="https://github-redirect.dependabot.com/labstack/echo/pull/2305">#2305</a></li> <li>Bump dependencies and add notes about Go releases we support <a href="https://github-redirect.dependabot.com/labstack/echo/pull/2336">#2336</a></li> <li>Add helper interface for ProxyBalancer interface <a href="https://github-redirect.dependabot.com/labstack/echo/pull/2316">#2316</a></li> <li>Expose <code>middleware.CreateExtractors</code> function so we can use it from echo-contrib repository <a href="https://github-redirect.dependabot.com/labstack/echo/pull/2338">#2338</a></li> <li>Refactor func(Context) error to HandlerFunc <a href="https://github-redirect.dependabot.com/labstack/echo/pull/2315">#2315</a></li> <li>Improve function comments <a href="https://github-redirect.dependabot.com/labstack/echo/pull/2329">#2329</a></li> <li>Add new method HTTPError.WithInternal <a href="https://github-redirect.dependabot.com/labstack/echo/pull/2340">#2340</a></li> <li>Replace io/ioutil package usages <a href="https://github-redirect.dependabot.com/labstack/echo/pull/2342">#2342</a></li> <li>Add staticcheck to CI flow <a href="https://github-redirect.dependabot.com/labstack/echo/pull/2343">#2343</a></li> <li>Replace relative path determination from proprietary to std <a href="https://github-redirect.dependabot.com/labstack/echo/pull/2345">#2345</a></li> <li>Remove square brackets from ipv6 addresses in XFF (X-Forwarded-For header) <a href="https://github-redirect.dependabot.com/labstack/echo/pull/2182">#2182</a></li> <li>Add testcases for some BodyLimit middleware configuration options <a href="https://github-redirect.dependabot.com/labstack/echo/pull/2350">#2350</a></li> <li>Additional configuration options for RequestLogger and Logger middleware <a href="https://github-redirect.dependabot.com/labstack/echo/pull/2341">#2341</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/labstack/echo/blob/master/CHANGELOG.md">github.com/labstack/echo/v4's changelog</a>.</em></p> <blockquote> <h2>v4.10.2 - 2023-02-22</h2> <p><strong>Security</strong></p> <ul> <li><code>filepath.Clean</code> behaviour has changed in Go 1.20 - adapt to it <a href="https://github-redirect.dependabot.com/labstack/echo/pull/2406">#2406</a></li> <li>Add <code>middleware.CORSConfig.UnsafeWildcardOriginWithAllowCredentials</code> to make UNSAFE usages of wildcard origin + allow cretentials less likely <a href="https://github-redirect.dependabot.com/labstack/echo/pull/2405">#2405</a></li> </ul> <p><strong>Enhancements</strong></p> <ul> <li>Add more HTTP error values <a href="https://github-redirect.dependabot.com/labstack/echo/pull/2277">#2277</a></li> </ul> <h2>v4.10.1 - 2023-02-19</h2> <p><strong>Security</strong></p> <ul> <li>Upgrade deps due to the latest golang.org/x/net vulnerability <a href="https://github-redirect.dependabot.com/labstack/echo/pull/2402">#2402</a></li> </ul> <p><strong>Enhancements</strong></p> <ul> <li>Add new JWT repository to the README <a href="https://github-redirect.dependabot.com/labstack/echo/pull/2377">#2377</a></li> <li>Return an empty string for ctx.path if there is no registered path <a href="https://github-redirect.dependabot.com/labstack/echo/pull/2385">#2385</a></li> <li>Add context timeout middleware <a href="https://github-redirect.dependabot.com/labstack/echo/pull/2380">#2380</a></li> <li>Update link to jaegertracing <a href="https://github-redirect.dependabot.com/labstack/echo/pull/2394">#2394</a></li> </ul> <h2>v4.10.0 - 2022-12-27</h2> <p><strong>Security</strong></p> <ul> <li> <p>We are deprecating JWT middleware in this repository. Please use <a href="https://github.com/labstack/echo-jwt">https://github.com/labstack/echo-jwt</a> instead.</p> <p>JWT middleware is moved to separate repository to allow us to bump/upgrade version of JWT implementation (<code>github.com/golang-jwt/jwt</code>) we are using which we can not do in Echo core because this would break backwards compatibility guarantees we try to maintain.</p> </li> <li> <p>This minor version bumps minimum Go version to 1.17 (from 1.16) due <code>golang.org/x/</code> packages we depend on. There are several vulnerabilities fixed in these libraries.</p> <p>Echo still tries to support last 4 Go versions but there are occasions we can not guarantee this promise.</p> </li> </ul> <p><strong>Enhancements</strong></p> <ul> <li>Bump x/text to 0.3.8 <a href="https://github-redirect.dependabot.com/labstack/echo/pull/2305">#2305</a></li> <li>Bump dependencies and add notes about Go releases we support <a href="https://github-redirect.dependabot.com/labstack/echo/pull/2336">#2336</a></li> <li>Add helper interface for ProxyBalancer interface <a href="https://github-redirect.dependabot.com/labstack/echo/pull/2316">#2316</a></li> <li>Expose <code>middleware.CreateExtractors</code> function so we can use it from echo-contrib repository <a href="https://github-redirect.dependabot.com/labstack/echo/pull/2338">#2338</a></li> <li>Refactor func(Context) error to HandlerFunc <a href="https://github-redirect.dependabot.com/labstack/echo/pull/2315">#2315</a></li> <li>Improve function comments <a href="https://github-redirect.dependabot.com/labstack/echo/pull/2329">#2329</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/labstack/echo/commit/47844c9b7f83e5bf4efbe1f449bf2a155f465da8"><code>47844c9</code></a> Changelog for v4.10.2</li> <li><a href="https://github.com/labstack/echo/commit/f909660bb9fa0fed50a897a5169422e3bd92106b"><code>f909660</code></a> Add middleware.CORSConfig.UnsafeWildcardOriginWithAllowCredentials to make UN...</li> <li><a href="https://github.com/labstack/echo/commit/ef4aea97ef344bf0f61ba3b50844987b7dac8169"><code>ef4aea9</code></a> use different variable name so returned function would not accidentally be ab...</li> <li><a href="https://github.com/labstack/echo/commit/7c7531002d4fb5fd2fc573a5e32f6482cd54f153"><code>7c75310</code></a> Clean on go1.20 (<a href="https://github-redirect.dependabot.com/labstack/echo/issues/2406">#2406</a>)</li> <li><a href="https://github.com/labstack/echo/commit/04ba8e2f9d3f39d7c05f3f0340d27ccec6535e7f"><code>04ba8e2</code></a> Add more http error values (<a href="https://github-redirect.dependabot.com/labstack/echo/issues/2277">#2277</a>)</li> <li><a href="https://github.com/labstack/echo/commit/b888a30fe394deeeb14e18226be51b5928115dd3"><code>b888a30</code></a> Changelog for v4.10.1</li> <li><a href="https://github.com/labstack/echo/commit/2c25767e45bdcb881645ebb7f962c4f3c2adc20c"><code>2c25767</code></a> remediate flaky timeout tests</li> <li><a href="https://github.com/labstack/echo/commit/a3998ac96ad155e132e08bdae67f26a379f99385"><code>a3998ac</code></a> Upgrade deps due to the latest golang.org/x/net vulnerability</li> <li><a href="https://github.com/labstack/echo/commit/45da0f888b8d642125b860af1c996a71f3f50bec"><code>45da0f8</code></a> remove .travis.yml</li> <li><a href="https://github.com/labstack/echo/commit/6b09f3ffeb5085bf23a3e0749155752f574c331b"><code>6b09f3f</code></a> Update link to jaegertracing</li> <li>Additional commits viewable in <a href="https://github.com/labstack/echo/compare/v4.9.1...v4.10.2">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>> **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days. Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
- Loading branch information
1 parent
b1600ab
commit 33c69f2