Update module github.com/labstack/echo/v4 to v4.9.0 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
github.com/labstack/echo/v4	require	minor	v4.7.2 -> v4.9.0

GitHub Vulnerability Alerts

CVE-2022-40083

Labstack Echo v4.8.0 was discovered to contain an open redirect vulnerability via the Static Handler component. This vulnerability can be leveraged by attackers to cause a Server-Side Request Forgery (SSRF). Version 4.9.0 contains a patch for the issue.

---

Release Notes

labstack/echo (github.com/labstack/echo/v4)

v4.9.0

Compare Source

Security

• Fix open redirect vulnerability in handlers serving static directories (e.Static, e.StaticFs, echo.StaticDirectoryHandler) #​2260

Enhancements

• Allow configuring ErrorHandler in CSRF middleware #​2257
• Replace HTTP method constants in tests with stdlib constants #​2247

v4.8.0

Compare Source

Most notable things

You can now add any arbitrary HTTP method type as a route #​2237

e.Add("COPY", "/*", func(c echo.Context) error 
  return c.String(http.StatusOK, "OK COPY")
})

You can add custom 404 handler for specific paths #​2217

e.RouteNotFound("/*", func(c echo.Context) error { return c.NoContent(http.StatusNotFound) })

g := e.Group("/images")
g.RouteNotFound("/*", func(c echo.Context) error { return c.NoContent(http.StatusNotFound) })

Enhancements

• Add new value binding methods (UnixTimeMilli,TextUnmarshaler,JSONUnmarshaler) to Valuebinder #​2127
• Refactor: body_limit middleware unit test #​2145
• Refactor: Timeout mw: rework how test waits for timeout. #​2187
• BasicAuth middleware returns 500 InternalServerError on invalid base64 strings but should return 400 #​2191
• Refactor: duplicated findStaticChild process at findChildWithLabel #​2176
• Allow different param names in different methods with same path scheme #​2209
• Add support for registering handlers for different 404 routes #​2217
• Middlewares should use errors.As() instead of type assertion on HTTPError #​2227
• Allow arbitrary HTTP method types to be added as routes #​2237

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[renovate]

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update (v4.9.0). You will get a PR once a newer version is released. To ignore this dependency forever, add it to the ignoreDeps array of your Renovate config.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.