go-starter icon indicating copy to clipboard operation
go-starter copied to clipboard

Published 20 hours ago verified publisher icon allaboutapps

Bump github.com/labstack/echo/v4 from 4.7.2 to 4.10.2

Open dependabot[bot] opened this issue 2 years ago • 1 comments

Bumps github.com/labstack/echo/v4 from 4.7.2 to 4.10.2.

Release notes

Sourced from github.com/labstack/echo/v4's releases.

v4.10.2

Security

  • filepath.Clean behaviour has changed in Go 1.20 - adapt to it #2406
  • Add middleware.CORSConfig.UnsafeWildcardOriginWithAllowCredentials to make UNSAFE usages of wildcard origin + allow cretentials less likely #2405

Enhancements

  • Add more HTTP error values #2277

v4.10.1

Security

  • Upgrade deps due to the latest golang.org/x/net vulnerability #2402

Enhancements

  • Add new JWT repository to the README #2377
  • Return an empty string for ctx.path if there is no registered path #2385
  • Add context timeout middleware #2380
  • Update link to jaegertracing #2394

v4.10.0

Security

  • We are deprecating JWT middleware in this repository. Please use https://github.com/labstack/echo-jwt instead.

    JWT middleware is moved to separate repository to allow us to bump/upgrade version of JWT implementation (github.com/golang-jwt/jwt) we are using which we can not do in Echo core because this would break backwards compatibility guarantees we try to maintain.

  • This minor version bumps minimum Go version to 1.17 (from 1.16) due golang.org/x/ packages we depend on. There are several vulnerabilities fixed in these libraries.

    Echo still tries to support last 4 Go versions but there are occasions we can not guarantee this promise.

Enhancements

  • Bump x/text to 0.3.8 #2305
  • Bump dependencies and add notes about Go releases we support #2336
  • Add helper interface for ProxyBalancer interface #2316
  • Expose middleware.CreateExtractors function so we can use it from echo-contrib repository #2338
  • Refactor func(Context) error to HandlerFunc #2315
  • Improve function comments #2329
  • Add new method HTTPError.WithInternal #2340
  • Replace io/ioutil package usages #2342
  • Add staticcheck to CI flow #2343
  • Replace relative path determination from proprietary to std #2345
  • Remove square brackets from ipv6 addresses in XFF (X-Forwarded-For header) #2182
  • Add testcases for some BodyLimit middleware configuration options #2350
  • Additional configuration options for RequestLogger and Logger middleware #2341

... (truncated)

Changelog

Sourced from github.com/labstack/echo/v4's changelog.

v4.10.2 - 2023-02-22

Security

  • filepath.Clean behaviour has changed in Go 1.20 - adapt to it #2406
  • Add middleware.CORSConfig.UnsafeWildcardOriginWithAllowCredentials to make UNSAFE usages of wildcard origin + allow cretentials less likely #2405

Enhancements

  • Add more HTTP error values #2277

v4.10.1 - 2023-02-19

Security

  • Upgrade deps due to the latest golang.org/x/net vulnerability #2402

Enhancements

  • Add new JWT repository to the README #2377
  • Return an empty string for ctx.path if there is no registered path #2385
  • Add context timeout middleware #2380
  • Update link to jaegertracing #2394

v4.10.0 - 2022-12-27

Security

  • We are deprecating JWT middleware in this repository. Please use https://github.com/labstack/echo-jwt instead.

    JWT middleware is moved to separate repository to allow us to bump/upgrade version of JWT implementation (github.com/golang-jwt/jwt) we are using which we can not do in Echo core because this would break backwards compatibility guarantees we try to maintain.

  • This minor version bumps minimum Go version to 1.17 (from 1.16) due golang.org/x/ packages we depend on. There are several vulnerabilities fixed in these libraries.

    Echo still tries to support last 4 Go versions but there are occasions we can not guarantee this promise.

Enhancements

  • Bump x/text to 0.3.8 #2305
  • Bump dependencies and add notes about Go releases we support #2336
  • Add helper interface for ProxyBalancer interface #2316
  • Expose middleware.CreateExtractors function so we can use it from echo-contrib repository #2338
  • Refactor func(Context) error to HandlerFunc #2315
  • Improve function comments #2329

... (truncated)

Commits
  • 47844c9 Changelog for v4.10.2
  • f909660 Add middleware.CORSConfig.UnsafeWildcardOriginWithAllowCredentials to make UN...
  • ef4aea9 use different variable name so returned function would not accidentally be ab...
  • 7c75310 Clean on go1.20 (#2406)
  • 04ba8e2 Add more http error values (#2277)
  • b888a30 Changelog for v4.10.1
  • 2c25767 remediate flaky timeout tests
  • a3998ac Upgrade deps due to the latest golang.org/x/net vulnerability
  • 45da0f8 remove .travis.yml
  • 6b09f3f Update link to jaegertracing
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependabot[bot] avatar Feb 22 '23 04:02 dependabot[bot]

Codecov Report

Patch and project coverage have no change.

Comparison is base (efa9f04) 66.13% compared to head (d5d4f1d) 66.13%.

Additional details and impacted files 
@@           Coverage Diff           @@
##           master     #260   +/-   ##
=======================================
  Coverage   66.13%   66.13%           
=======================================
  Files          72       72           
  Lines        5670     5670           
=======================================
  Hits         3750     3750           
  Misses       1325     1325           
  Partials      595      595

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

:umbrella: View full report at Codecov.
:loudspeaker: Do you have feedback about the report comment? Let us know in this issue.

codecov[bot] avatar Mar 03 '23 09:03 codecov[bot]