renovate[bot]
commented
9 months ago Renovate Ignore Notification
Because you closed this PR without merging, Renovate will ignore this update (v4.11.4). You will get a PR once a newer version is released. To ignore this dependency forever, add it to the ignoreDeps array of your Renovate config.
If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.
This PR contains the following updates:
v4.11.1->v4.11.4Release Notes
labstack/echo (github.com/labstack/echo/v4)
### [`v4.11.4`](https://togithub.com/labstack/echo/blob/HEAD/CHANGELOG.md#v4114---2023-12-20) [Compare Source](https://togithub.com/labstack/echo/compare/v4.11.3...v4.11.4) **Security** - Upgrade golang.org/x/crypto to v0.17.0 to fix vulnerability [issue](https://pkg.go.dev/vuln/GO-2023-2402) [#2562](https://togithub.com/labstack/echo/pull/2562) **Enhancements** - Update deps and mark Go version to 1.18 as this is what golang.org/x/\* use [#2563](https://togithub.com/labstack/echo/pull/2563) - Request logger: add example for Slog https://pkg.go.dev/log/slog [#2543](https://togithub.com/labstack/echo/pull/2543) ### [`v4.11.3`](https://togithub.com/labstack/echo/blob/HEAD/CHANGELOG.md#v4113---2023-11-07) [Compare Source](https://togithub.com/labstack/echo/compare/v4.11.2...v4.11.3) **Security** - 'c.Attachment' and 'c.Inline' should escape filename in 'Content-Disposition' header to avoid 'Reflect File Download' vulnerability. [#2541](https://togithub.com/labstack/echo/pull/2541) **Enhancements** - Tests: refactor context tests to be separate functions [#2540](https://togithub.com/labstack/echo/pull/2540) - Proxy middleware: reuse echo request context [#2537](https://togithub.com/labstack/echo/pull/2537) - Mark unmarshallable yaml struct tags as ignored [#2536](https://togithub.com/labstack/echo/pull/2536) ### [`v4.11.2`](https://togithub.com/labstack/echo/blob/HEAD/CHANGELOG.md#v4112---2023-10-11) [Compare Source](https://togithub.com/labstack/echo/compare/v4.11.1...v4.11.2) **Security** - Bump golang.org/x/net to prevent CVE-2023-39325 / CVE-2023-44487 HTTP/2 Rapid Reset Attack [#2527](https://togithub.com/labstack/echo/pull/2527) - fix(sec): randomString bias introduced by [#2490](https://togithub.com/labstack/echo/issues/2490) [#2492](https://togithub.com/labstack/echo/pull/2492) - CSRF/RequestID mw: switch math/random usage to crypto/random [#2490](https://togithub.com/labstack/echo/pull/2490) **Enhancements** - Delete unused context in body_limit.go [#2483](https://togithub.com/labstack/echo/pull/2483) - Use Go 1.21 in CI [#2505](https://togithub.com/labstack/echo/pull/2505) - Fix some typos [#2511](https://togithub.com/labstack/echo/pull/2511) - Allow CORS middleware to send Access-Control-Max-Age: 0 [#2518](https://togithub.com/labstack/echo/pull/2518) - Bump dependancies [#2522](https://togithub.com/labstack/echo/pull/2522)Configuration
π Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
π¦ Automerge: Disabled by config. Please merge this manually once you are satisfied.
β» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
π Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.