search

hahwul / dalfox

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
https://dalfox.hahwul.com
MIT License
3.55k stars 397 forks source link

Bump github.com/labstack/echo/v4 from 4.9.1 to 4.10.0 #435

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 1 year ago

Bumps github.com/labstack/echo/v4 from 4.9.1 to 4.10.0.

Release notes

Sourced from github.com/labstack/echo/v4's releases.

v4.10.0

Security

  • We are deprecating JWT middleware in this repository. Please use https://github.com/labstack/echo-jwt instead.

    JWT middleware is moved to separate repository to allow us to bump/upgrade version of JWT implementation (github.com/golang-jwt/jwt) we are using which we can not do in Echo core because this would break backwards compatibility guarantees we try to maintain.

  • This minor version bumps minimum Go version to 1.17 (from 1.16) due golang.org/x/ packages we depend on. There are several vulnerabilities fixed in these libraries.

    Echo still tries to support last 4 Go versions but there are occasions we can not guarantee this promise.

Enhancements

  • Bump x/text to 0.3.8 #2305
  • Bump dependencies and add notes about Go releases we support #2336
  • Add helper interface for ProxyBalancer interface #2316
  • Expose middleware.CreateExtractors function so we can use it from echo-contrib repository #2338
  • Refactor func(Context) error to HandlerFunc #2315
  • Improve function comments #2329
  • Add new method HTTPError.WithInternal #2340
  • Replace io/ioutil package usages #2342
  • Add staticcheck to CI flow #2343
  • Replace relative path determination from proprietary to std #2345
  • Remove square brackets from ipv6 addresses in XFF (X-Forwarded-For header) #2182
  • Add testcases for some BodyLimit middleware configuration options #2350
  • Additional configuration options for RequestLogger and Logger middleware #2341
  • Add route to request log #2162
  • GitHub Workflows security hardening #2358
  • Add govulncheck to CI and bump dependencies #2362
  • Fix rate limiter docs #2366
  • Refactor how e.Routes() work and introduce e.OnAddRouteHandler callback #2337
Changelog

Sourced from github.com/labstack/echo/v4's changelog.

v4.10.0 - 2022-12-27

Security

  • We are deprecating JWT middleware in this repository. Please use https://github.com/labstack/echo-jwt instead.

    JWT middleware is moved to separate repository to allow us to bump/upgrade version of JWT implementation (github.com/golang-jwt/jwt) we are using which we can not do in Echo core because this would break backwards compatibility guarantees we try to maintain.

  • This minor version bumps minimum Go version to 1.17 (from 1.16) due golang.org/x/ packages we depend on. There are several vulnerabilities fixed in these libraries.

    Echo still tries to support last 4 Go versions but there are occasions we can not guarantee this promise.

Enhancements

  • Bump x/text to 0.3.8 #2305
  • Bump dependencies and add notes about Go releases we support #2336
  • Add helper interface for ProxyBalancer interface #2316
  • Expose middleware.CreateExtractors function so we can use it from echo-contrib repository #2338
  • Refactor func(Context) error to HandlerFunc #2315
  • Improve function comments #2329
  • Add new method HTTPError.WithInternal #2340
  • Replace io/ioutil package usages #2342
  • Add staticcheck to CI flow #2343
  • Replace relative path determination from proprietary to std #2345
  • Remove square brackets from ipv6 addresses in XFF (X-Forwarded-For header) #2182
  • Add testcases for some BodyLimit middleware configuration options #2350
  • Additional configuration options for RequestLogger and Logger middleware #2341
  • Add route to request log #2162
  • GitHub Workflows security hardening #2358
  • Add govulncheck to CI and bump dependencies #2362
  • Fix rate limiter docs #2366
  • Refactor how e.Routes() work and introduce e.OnAddRouteHandler callback #2337
Commits
  • f36d566 Changelog for 4.10.0
  • a69727e Mark JWT middleware deprecated
  • 0056cc8 Improve comments wording
  • 45402bb Add echo.OnAddRouteHandler field. As name says - this handler is called when ...
  • f1cf1ec Fix adding route with host overwrites default host route with same method+pat...
  • 895121d Fix rate limiter docs (#2366)
  • abecadc Merge pull request #2362 from aldas/add_govulncheck_2_ci
  • bc75cc2 Add govulncheck to CI and bump dependencies. Refactor GitHub workflows.
  • 40eb889 build: harden echo.yml permissions
  • 135c511 Add request route with "route" tag to logger middleware (#2162)
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
codecov-commenter commented 1 year ago

Codecov Report

Merging #435 (136c853) into main (f78a653) will not change coverage. The diff coverage is n/a.

@@           Coverage Diff           @@
##             main     #435   +/-   ##
=======================================
  Coverage   82.88%   82.88%           
=======================================
  Files          11       11           
  Lines         590      590           
=======================================
  Hits          489      489           
  Misses         79       79           
  Partials       22       22

:mega: We’re building smart automated test selection to slash your CI/CD build times. Learn more

dependabot[bot] commented 1 year ago

Superseded by #444.