vikunja
/
vikunja
6
43
Fork 69
Code Issues 152 Pull Requests 10 Packages Releases 32 Activity

fix(deps): update module github.com/labstack/echo/v4 to v4.10.0 #1343

Merged
konrad merged 2 commits from renovate/github.com-labstack-echo-v4-4.x into main 2022-12-28 10:32:17 +00:00
Conversation 0 Commits 2 Files Changed 3 +18 -105
renovate commented 2022-12-27 21:01:19 +00:00
Member
Copy Link

This PR contains the following updates:

Package Type Update Change
github.com/labstack/echo/v4 require minor v4.9.1 -> v4.10.0

⚠ Dependency Lookup Warnings ⚠

Warnings were logged while processing this repo. Please check the Dependency Dashboard for more information.

Release Notes

labstack/echo

v4.10.0

Compare Source

Security

  • We are deprecating JWT middleware in this repository. Please use https://github.com/labstack/echo-jwt instead.

    JWT middleware is moved to separate repository to allow us to bump/upgrade version of JWT implementation (github.com/golang-jwt/jwt) we are using
    which we can not do in Echo core because this would break backwards compatibility guarantees we try to maintain.

  • This minor version bumps minimum Go version to 1.17 (from 1.16) due golang.org/x/ packages we depend on. There are
    several vulnerabilities fixed in these libraries.

    Echo still tries to support last 4 Go versions but there are occasions we can not guarantee this promise.

Enhancements

  • Bump x/text to 0.3.8 #​2305
  • Bump dependencies and add notes about Go releases we support #​2336
  • Add helper interface for ProxyBalancer interface #​2316
  • Expose middleware.CreateExtractors function so we can use it from echo-contrib repository #​2338
  • Refactor func(Context) error to HandlerFunc #​2315
  • Improve function comments #​2329
  • Add new method HTTPError.WithInternal #​2340
  • Replace io/ioutil package usages #​2342
  • Add staticcheck to CI flow #​2343
  • Replace relative path determination from proprietary to std #​2345
  • Remove square brackets from ipv6 addresses in XFF (X-Forwarded-For header) #​2182
  • Add testcases for some BodyLimit middleware configuration options #​2350
  • Additional configuration options for RequestLogger and Logger middleware #​2341
  • Add route to request log #​2162
  • GitHub Workflows security hardening #​2358
  • Add govulncheck to CI and bump dependencies #​2362
  • Fix rate limiter docs #​2366
  • Refactor how e.Routes() work and introduce e.OnAddRouteHandler callback #​2337

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, click this checkbox.

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [github.com/labstack/echo/v4](https://github.com/labstack/echo) | require | minor | `v4.9.1` -> `v4.10.0` | --- ### ⚠ Dependency Lookup Warnings ⚠ Warnings were logged while processing this repo. Please check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>labstack/echo</summary> ### [`v4.10.0`](https://github.com/labstack/echo/blob/HEAD/CHANGELOG.md#v4100---2022-12-27) [Compare Source](https://github.com/labstack/echo/compare/v4.9.1...v4.10.0) **Security** - We are deprecating JWT middleware in this repository. Please use https://github.com/labstack/echo-jwt instead. JWT middleware is moved to separate repository to allow us to bump/upgrade version of JWT implementation (`github.com/golang-jwt/jwt`) we are using which we can not do in Echo core because this would break backwards compatibility guarantees we try to maintain. - This minor version bumps minimum Go version to 1.17 (from 1.16) due `golang.org/x/` packages we depend on. There are several vulnerabilities fixed in these libraries. Echo still tries to support last 4 Go versions but there are occasions we can not guarantee this promise. **Enhancements** - Bump x/text to 0.3.8 [#&#8203;2305](https://github.com/labstack/echo/pull/2305) - Bump dependencies and add notes about Go releases we support [#&#8203;2336](https://github.com/labstack/echo/pull/2336) - Add helper interface for ProxyBalancer interface [#&#8203;2316](https://github.com/labstack/echo/pull/2316) - Expose `middleware.CreateExtractors` function so we can use it from echo-contrib repository [#&#8203;2338](https://github.com/labstack/echo/pull/2338) - Refactor func(Context) error to HandlerFunc [#&#8203;2315](https://github.com/labstack/echo/pull/2315) - Improve function comments [#&#8203;2329](https://github.com/labstack/echo/pull/2329) - Add new method HTTPError.WithInternal [#&#8203;2340](https://github.com/labstack/echo/pull/2340) - Replace io/ioutil package usages [#&#8203;2342](https://github.com/labstack/echo/pull/2342) - Add staticcheck to CI flow [#&#8203;2343](https://github.com/labstack/echo/pull/2343) - Replace relative path determination from proprietary to std [#&#8203;2345](https://github.com/labstack/echo/pull/2345) - Remove square brackets from ipv6 addresses in XFF (X-Forwarded-For header) [#&#8203;2182](https://github.com/labstack/echo/pull/2182) - Add testcases for some BodyLimit middleware configuration options [#&#8203;2350](https://github.com/labstack/echo/pull/2350) - Additional configuration options for RequestLogger and Logger middleware [#&#8203;2341](https://github.com/labstack/echo/pull/2341) - Add route to request log [#&#8203;2162](https://github.com/labstack/echo/pull/2162) - GitHub Workflows security hardening [#&#8203;2358](https://github.com/labstack/echo/pull/2358) - Add govulncheck to CI and bump dependencies [#&#8203;2362](https://github.com/labstack/echo/pull/2362) - Fix rate limiter docs [#&#8203;2366](https://github.com/labstack/echo/pull/2366) - Refactor how `e.Routes()` work and introduce `e.OnAddRouteHandler` callback [#&#8203;2337](https://github.com/labstack/echo/pull/2337) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, click this checkbox. --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzMi4yNDAuMiIsInVwZGF0ZWRJblZlciI6IjMyLjI0MC4yIn0=-->
renovate added the
dependencies
 label 2022-12-27 21:01:19 +00:00
renovate added 1 commit 2022-12-27 21:01:20 +00:00
konrad added 1 commit 2022-12-28 10:13:07 +00:00
continuous-integration/drone/pr Build is passing Details
0d13f2add6
fix: use echo jwt properly
konrad merged commit c6429c8b13 into main 2022-12-28 10:32:16 +00:00
konrad deleted branch renovate/github.com-labstack-echo-v4-4.x 2022-12-28 10:32:17 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
dependencies

   
duplicate

This issue or pull request already exists

  
help wanted

Need some help

  
invalid

Something is wrong

  
kind/bug

Something is not working

  
kind/feature

New feature

  
needs reproduction

   
question

More information is needed

  
security

   
wontfix

This won't be fixed

No Label
dependencies
duplicate
help wanted
invalid
kind/bug
kind/feature
needs reproduction
question
security
wontfix
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: vikunja/vikunja#1343
No description provided.
Delete Branch "renovate/github.com-labstack-echo-v4-4.x"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?