labstack/echo (github.com/labstack/echo/v4)
### [`v4.12.0`](https://togithub.com/labstack/echo/blob/HEAD/CHANGELOG.md#v4120---2024-04-15)
[Compare Source](https://togithub.com/labstack/echo/compare/v4.11.4...v4.12.0)
**Security**
- Update golang.org/x/net dep because of [GO-2024-2687](https://pkg.go.dev/vuln/GO-2024-2687) by [@aldas](https://togithub.com/aldas) in [https://github.com/labstack/echo/pull/2625](https://togithub.com/labstack/echo/pull/2625)
**Enhancements**
- binder: make binding to Map work better with string destinations by [@aldas](https://togithub.com/aldas) in [https://github.com/labstack/echo/pull/2554](https://togithub.com/labstack/echo/pull/2554)
- README.md: add Encore as sponsor by [@marcuskohlberg](https://togithub.com/marcuskohlberg) in [https://github.com/labstack/echo/pull/2579](https://togithub.com/labstack/echo/pull/2579)
- Reorder paragraphs in README.md by [@aldas](https://togithub.com/aldas) in [https://github.com/labstack/echo/pull/2581](https://togithub.com/labstack/echo/pull/2581)
- CI: upgrade actions/checkout to v4 by [@aldas](https://togithub.com/aldas) in [https://github.com/labstack/echo/pull/2584](https://togithub.com/labstack/echo/pull/2584)
- Remove default charset from 'application/json' Content-Type header by [@doortts](https://togithub.com/doortts) in [https://github.com/labstack/echo/pull/2568](https://togithub.com/labstack/echo/pull/2568)
- CI: Use Go 1.22 by [@aldas](https://togithub.com/aldas) in [https://github.com/labstack/echo/pull/2588](https://togithub.com/labstack/echo/pull/2588)
- binder: allow binding to a nil map by [@georgmu](https://togithub.com/georgmu) in [https://github.com/labstack/echo/pull/2574](https://togithub.com/labstack/echo/pull/2574)
- Add Skipper Unit Test In BasicBasicAuthConfig and Add More Detail Explanation regarding BasicAuthValidator by [@RyoKusnadi](https://togithub.com/RyoKusnadi) in [https://github.com/labstack/echo/pull/2461](https://togithub.com/labstack/echo/pull/2461)
- fix some typos by [@teslaedison](https://togithub.com/teslaedison) in [https://github.com/labstack/echo/pull/2603](https://togithub.com/labstack/echo/pull/2603)
- fix: some typos by [@pomadev](https://togithub.com/pomadev) in [https://github.com/labstack/echo/pull/2596](https://togithub.com/labstack/echo/pull/2596)
- Allow ResponseWriters to unwrap writers when flushing/hijacking by [@aldas](https://togithub.com/aldas) in [https://github.com/labstack/echo/pull/2595](https://togithub.com/labstack/echo/pull/2595)
- Add SPDX licence comments to files. by [@aldas](https://togithub.com/aldas) in [https://github.com/labstack/echo/pull/2604](https://togithub.com/labstack/echo/pull/2604)
- Upgrade deps by [@aldas](https://togithub.com/aldas) in [https://github.com/labstack/echo/pull/2605](https://togithub.com/labstack/echo/pull/2605)
- Change type definition blocks to single declarations. This helps copy… by [@aldas](https://togithub.com/aldas) in [https://github.com/labstack/echo/pull/2606](https://togithub.com/labstack/echo/pull/2606)
- Fix Real IP logic by [@cl-bvl](https://togithub.com/cl-bvl) in [https://github.com/labstack/echo/pull/2550](https://togithub.com/labstack/echo/pull/2550)
- Default binder can use `UnmarshalParams(params []string) error` inter… by [@aldas](https://togithub.com/aldas) in [https://github.com/labstack/echo/pull/2607](https://togithub.com/labstack/echo/pull/2607)
- Default binder can bind pointer to slice as struct field. For example `*[]string` by [@aldas](https://togithub.com/aldas) in [https://github.com/labstack/echo/pull/2608](https://togithub.com/labstack/echo/pull/2608)
- Remove maxparam dependence from Context by [@aldas](https://togithub.com/aldas) in [https://github.com/labstack/echo/pull/2611](https://togithub.com/labstack/echo/pull/2611)
- When route is registered with empty path it is normalized to `/`. by [@aldas](https://togithub.com/aldas) in [https://github.com/labstack/echo/pull/2616](https://togithub.com/labstack/echo/pull/2616)
- proxy middleware should use httputil.ReverseProxy for SSE requests by [@aldas](https://togithub.com/aldas) in [https://github.com/labstack/echo/pull/2624](https://togithub.com/labstack/echo/pull/2624)
### [`v4.11.4`](https://togithub.com/labstack/echo/blob/HEAD/CHANGELOG.md#v4114---2023-12-20)
[Compare Source](https://togithub.com/labstack/echo/compare/v4.11.3...v4.11.4)
**Security**
- Upgrade golang.org/x/crypto to v0.17.0 to fix vulnerability [issue](https://pkg.go.dev/vuln/GO-2023-2402) [#2562](https://togithub.com/labstack/echo/pull/2562)
**Enhancements**
- Update deps and mark Go version to 1.18 as this is what golang.org/x/\* use [#2563](https://togithub.com/labstack/echo/pull/2563)
- Request logger: add example for Slog https://pkg.go.dev/log/slog [#2543](https://togithub.com/labstack/echo/pull/2543)
### [`v4.11.3`](https://togithub.com/labstack/echo/blob/HEAD/CHANGELOG.md#v4113---2023-11-07)
[Compare Source](https://togithub.com/labstack/echo/compare/v4.11.2...v4.11.3)
**Security**
- 'c.Attachment' and 'c.Inline' should escape filename in 'Content-Disposition' header to avoid 'Reflect File Download' vulnerability. [#2541](https://togithub.com/labstack/echo/pull/2541)
**Enhancements**
- Tests: refactor context tests to be separate functions [#2540](https://togithub.com/labstack/echo/pull/2540)
- Proxy middleware: reuse echo request context [#2537](https://togithub.com/labstack/echo/pull/2537)
- Mark unmarshallable yaml struct tags as ignored [#2536](https://togithub.com/labstack/echo/pull/2536)
### [`v4.11.2`](https://togithub.com/labstack/echo/blob/HEAD/CHANGELOG.md#v4112---2023-10-11)
[Compare Source](https://togithub.com/labstack/echo/compare/v4.11.1...v4.11.2)
**Security**
- Bump golang.org/x/net to prevent CVE-2023-39325 / CVE-2023-44487 HTTP/2 Rapid Reset Attack [#2527](https://togithub.com/labstack/echo/pull/2527)
- fix(sec): randomString bias introduced by [#2490](https://togithub.com/labstack/echo/issues/2490) [#2492](https://togithub.com/labstack/echo/pull/2492)
- CSRF/RequestID mw: switch math/random usage to crypto/random [#2490](https://togithub.com/labstack/echo/pull/2490)
**Enhancements**
- Delete unused context in body_limit.go [#2483](https://togithub.com/labstack/echo/pull/2483)
- Use Go 1.21 in CI [#2505](https://togithub.com/labstack/echo/pull/2505)
- Fix some typos [#2511](https://togithub.com/labstack/echo/pull/2511)
- Allow CORS middleware to send Access-Control-Max-Age: 0 [#2518](https://togithub.com/labstack/echo/pull/2518)
- Bump dependancies [#2522](https://togithub.com/labstack/echo/pull/2522)
### [`v4.11.1`](https://togithub.com/labstack/echo/blob/HEAD/CHANGELOG.md#v4111---2023-07-16)
[Compare Source](https://togithub.com/labstack/echo/compare/v4.11.0...v4.11.1)
**Fixes**
- Fix `Gzip` middleware not sending response code for no content responses (404, 301/302 redirects etc) [#2481](https://togithub.com/labstack/echo/pull/2481)
### [`v4.11.0`](https://togithub.com/labstack/echo/blob/HEAD/CHANGELOG.md#v4110---2023-07-14)
[Compare Source](https://togithub.com/labstack/echo/compare/v4.10.2...v4.11.0)
**Fixes**
- Fixes the proxy middleware concurrency issue of calling the Next() proxy target on Round Robin Balancer [#2409](https://togithub.com/labstack/echo/pull/2409)
- Fix `group.RouteNotFound` not working when group has attached middlewares [#2411](https://togithub.com/labstack/echo/pull/2411)
- Fix global error handler return error message when message is an error [#2456](https://togithub.com/labstack/echo/pull/2456)
- Do not use global timeNow variables [#2477](https://togithub.com/labstack/echo/pull/2477)
**Enhancements**
- Added a optional config variable to disable centralized error handler in recovery middleware [#2410](https://togithub.com/labstack/echo/pull/2410)
- refactor: use `strings.ReplaceAll` directly [#2424](https://togithub.com/labstack/echo/pull/2424)
- Add support for Go1.20 `http.rwUnwrapper` to Response struct [#2425](https://togithub.com/labstack/echo/pull/2425)
- Check whether is nil before invoking centralized error handling [#2429](https://togithub.com/labstack/echo/pull/2429)
- Proper colon support in `echo.Reverse` method [#2416](https://togithub.com/labstack/echo/pull/2416)
- Fix misuses of a vs an in documentation comments [#2436](https://togithub.com/labstack/echo/pull/2436)
- Add link to slog.Handler library for Echo logging into README.md [#2444](https://togithub.com/labstack/echo/pull/2444)
- In proxy middleware Support retries of failed proxy requests [#2414](https://togithub.com/labstack/echo/pull/2414)
- gofmt fixes to comments [#2452](https://togithub.com/labstack/echo/pull/2452)
- gzip response only if it exceeds a minimal length [#2267](https://togithub.com/labstack/echo/pull/2267)
- Upgrade packages [#2475](https://togithub.com/labstack/echo/pull/2475)
### [`v4.10.2`](https://togithub.com/labstack/echo/blob/HEAD/CHANGELOG.md#v4102---2023-02-22)
[Compare Source](https://togithub.com/labstack/echo/compare/v4.10.1...v4.10.2)
**Security**
- `filepath.Clean` behaviour has changed in Go 1.20 - adapt to it [#2406](https://togithub.com/labstack/echo/pull/2406)
- Add `middleware.CORSConfig.UnsafeWildcardOriginWithAllowCredentials` to make UNSAFE usages of wildcard origin + allow cretentials less likely [#2405](https://togithub.com/labstack/echo/pull/2405)
**Enhancements**
- Add more HTTP error values [#2277](https://togithub.com/labstack/echo/pull/2277)
### [`v4.10.1`](https://togithub.com/labstack/echo/blob/HEAD/CHANGELOG.md#v4101---2023-02-19)
[Compare Source](https://togithub.com/labstack/echo/compare/v4.10.0...v4.10.1)
**Security**
- Upgrade deps due to the latest golang.org/x/net vulnerability [#2402](https://togithub.com/labstack/echo/pull/2402)
**Enhancements**
- Add new JWT repository to the README [#2377](https://togithub.com/labstack/echo/pull/2377)
- Return an empty string for ctx.path if there is no registered path [#2385](https://togithub.com/labstack/echo/pull/2385)
- Add context timeout middleware [#2380](https://togithub.com/labstack/echo/pull/2380)
- Update link to jaegertracing [#2394](https://togithub.com/labstack/echo/pull/2394)
### [`v4.10.0`](https://togithub.com/labstack/echo/blob/HEAD/CHANGELOG.md#v4100---2022-12-27)
[Compare Source](https://togithub.com/labstack/echo/compare/v4.9.1...v4.10.0)
**Security**
- We are deprecating JWT middleware in this repository. Please use https://github.com/labstack/echo-jwt instead.
JWT middleware is moved to separate repository to allow us to bump/upgrade version of JWT implementation (`github.com/golang-jwt/jwt`) we are using
which we can not do in Echo core because this would break backwards compatibility guarantees we try to maintain.
- This minor version bumps minimum Go version to 1.17 (from 1.16) due `golang.org/x/` packages we depend on. There are
several vulnerabilities fixed in these libraries.
Echo still tries to support last 4 Go versions but there are occasions we can not guarantee this promise.
**Enhancements**
- Bump x/text to 0.3.8 [#2305](https://togithub.com/labstack/echo/pull/2305)
- Bump dependencies and add notes about Go releases we support [#2336](https://togithub.com/labstack/echo/pull/2336)
- Add helper interface for ProxyBalancer interface [#2316](https://togithub.com/labstack/echo/pull/2316)
- Expose `middleware.CreateExtractors` function so we can use it from echo-contrib repository [#2338](https://togithub.com/labstack/echo/pull/2338)
- Refactor func(Context) error to HandlerFunc [#2315](https://togithub.com/labstack/echo/pull/2315)
- Improve function comments [#2329](https://togithub.com/labstack/echo/pull/2329)
- Add new method HTTPError.WithInternal [#2340](https://togithub.com/labstack/echo/pull/2340)
- Replace io/ioutil package usages [#2342](https://togithub.com/labstack/echo/pull/2342)
- Add staticcheck to CI flow [#2343](https://togithub.com/labstack/echo/pull/2343)
- Replace relative path determination from proprietary to std [#2345](https://togithub.com/labstack/echo/pull/2345)
- Remove square brackets from ipv6 addresses in XFF (X-Forwarded-For header) [#2182](https://togithub.com/labstack/echo/pull/2182)
- Add testcases for some BodyLimit middleware configuration options [#2350](https://togithub.com/labstack/echo/pull/2350)
- Additional configuration options for RequestLogger and Logger middleware [#2341](https://togithub.com/labstack/echo/pull/2341)
- Add route to request log [#2162](https://togithub.com/labstack/echo/pull/2162)
- GitHub Workflows security hardening [#2358](https://togithub.com/labstack/echo/pull/2358)
- Add govulncheck to CI and bump dependencies [#2362](https://togithub.com/labstack/echo/pull/2362)
- Fix rate limiter docs [#2366](https://togithub.com/labstack/echo/pull/2366)
- Refactor how `e.Routes()` work and introduce `e.OnAddRouteHandler` callback [#2337](https://togithub.com/labstack/echo/pull/2337)
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
v4.9.1
->v4.12.0
Release Notes
labstack/echo (github.com/labstack/echo/v4)
### [`v4.12.0`](https://togithub.com/labstack/echo/blob/HEAD/CHANGELOG.md#v4120---2024-04-15) [Compare Source](https://togithub.com/labstack/echo/compare/v4.11.4...v4.12.0) **Security** - Update golang.org/x/net dep because of [GO-2024-2687](https://pkg.go.dev/vuln/GO-2024-2687) by [@aldas](https://togithub.com/aldas) in [https://github.com/labstack/echo/pull/2625](https://togithub.com/labstack/echo/pull/2625) **Enhancements** - binder: make binding to Map work better with string destinations by [@aldas](https://togithub.com/aldas) in [https://github.com/labstack/echo/pull/2554](https://togithub.com/labstack/echo/pull/2554) - README.md: add Encore as sponsor by [@marcuskohlberg](https://togithub.com/marcuskohlberg) in [https://github.com/labstack/echo/pull/2579](https://togithub.com/labstack/echo/pull/2579) - Reorder paragraphs in README.md by [@aldas](https://togithub.com/aldas) in [https://github.com/labstack/echo/pull/2581](https://togithub.com/labstack/echo/pull/2581) - CI: upgrade actions/checkout to v4 by [@aldas](https://togithub.com/aldas) in [https://github.com/labstack/echo/pull/2584](https://togithub.com/labstack/echo/pull/2584) - Remove default charset from 'application/json' Content-Type header by [@doortts](https://togithub.com/doortts) in [https://github.com/labstack/echo/pull/2568](https://togithub.com/labstack/echo/pull/2568) - CI: Use Go 1.22 by [@aldas](https://togithub.com/aldas) in [https://github.com/labstack/echo/pull/2588](https://togithub.com/labstack/echo/pull/2588) - binder: allow binding to a nil map by [@georgmu](https://togithub.com/georgmu) in [https://github.com/labstack/echo/pull/2574](https://togithub.com/labstack/echo/pull/2574) - Add Skipper Unit Test In BasicBasicAuthConfig and Add More Detail Explanation regarding BasicAuthValidator by [@RyoKusnadi](https://togithub.com/RyoKusnadi) in [https://github.com/labstack/echo/pull/2461](https://togithub.com/labstack/echo/pull/2461) - fix some typos by [@teslaedison](https://togithub.com/teslaedison) in [https://github.com/labstack/echo/pull/2603](https://togithub.com/labstack/echo/pull/2603) - fix: some typos by [@pomadev](https://togithub.com/pomadev) in [https://github.com/labstack/echo/pull/2596](https://togithub.com/labstack/echo/pull/2596) - Allow ResponseWriters to unwrap writers when flushing/hijacking by [@aldas](https://togithub.com/aldas) in [https://github.com/labstack/echo/pull/2595](https://togithub.com/labstack/echo/pull/2595) - Add SPDX licence comments to files. by [@aldas](https://togithub.com/aldas) in [https://github.com/labstack/echo/pull/2604](https://togithub.com/labstack/echo/pull/2604) - Upgrade deps by [@aldas](https://togithub.com/aldas) in [https://github.com/labstack/echo/pull/2605](https://togithub.com/labstack/echo/pull/2605) - Change type definition blocks to single declarations. This helps copy… by [@aldas](https://togithub.com/aldas) in [https://github.com/labstack/echo/pull/2606](https://togithub.com/labstack/echo/pull/2606) - Fix Real IP logic by [@cl-bvl](https://togithub.com/cl-bvl) in [https://github.com/labstack/echo/pull/2550](https://togithub.com/labstack/echo/pull/2550) - Default binder can use `UnmarshalParams(params []string) error` inter… by [@aldas](https://togithub.com/aldas) in [https://github.com/labstack/echo/pull/2607](https://togithub.com/labstack/echo/pull/2607) - Default binder can bind pointer to slice as struct field. For example `*[]string` by [@aldas](https://togithub.com/aldas) in [https://github.com/labstack/echo/pull/2608](https://togithub.com/labstack/echo/pull/2608) - Remove maxparam dependence from Context by [@aldas](https://togithub.com/aldas) in [https://github.com/labstack/echo/pull/2611](https://togithub.com/labstack/echo/pull/2611) - When route is registered with empty path it is normalized to `/`. by [@aldas](https://togithub.com/aldas) in [https://github.com/labstack/echo/pull/2616](https://togithub.com/labstack/echo/pull/2616) - proxy middleware should use httputil.ReverseProxy for SSE requests by [@aldas](https://togithub.com/aldas) in [https://github.com/labstack/echo/pull/2624](https://togithub.com/labstack/echo/pull/2624) ### [`v4.11.4`](https://togithub.com/labstack/echo/blob/HEAD/CHANGELOG.md#v4114---2023-12-20) [Compare Source](https://togithub.com/labstack/echo/compare/v4.11.3...v4.11.4) **Security** - Upgrade golang.org/x/crypto to v0.17.0 to fix vulnerability [issue](https://pkg.go.dev/vuln/GO-2023-2402) [#2562](https://togithub.com/labstack/echo/pull/2562) **Enhancements** - Update deps and mark Go version to 1.18 as this is what golang.org/x/\* use [#2563](https://togithub.com/labstack/echo/pull/2563) - Request logger: add example for Slog https://pkg.go.dev/log/slog [#2543](https://togithub.com/labstack/echo/pull/2543) ### [`v4.11.3`](https://togithub.com/labstack/echo/blob/HEAD/CHANGELOG.md#v4113---2023-11-07) [Compare Source](https://togithub.com/labstack/echo/compare/v4.11.2...v4.11.3) **Security** - 'c.Attachment' and 'c.Inline' should escape filename in 'Content-Disposition' header to avoid 'Reflect File Download' vulnerability. [#2541](https://togithub.com/labstack/echo/pull/2541) **Enhancements** - Tests: refactor context tests to be separate functions [#2540](https://togithub.com/labstack/echo/pull/2540) - Proxy middleware: reuse echo request context [#2537](https://togithub.com/labstack/echo/pull/2537) - Mark unmarshallable yaml struct tags as ignored [#2536](https://togithub.com/labstack/echo/pull/2536) ### [`v4.11.2`](https://togithub.com/labstack/echo/blob/HEAD/CHANGELOG.md#v4112---2023-10-11) [Compare Source](https://togithub.com/labstack/echo/compare/v4.11.1...v4.11.2) **Security** - Bump golang.org/x/net to prevent CVE-2023-39325 / CVE-2023-44487 HTTP/2 Rapid Reset Attack [#2527](https://togithub.com/labstack/echo/pull/2527) - fix(sec): randomString bias introduced by [#2490](https://togithub.com/labstack/echo/issues/2490) [#2492](https://togithub.com/labstack/echo/pull/2492) - CSRF/RequestID mw: switch math/random usage to crypto/random [#2490](https://togithub.com/labstack/echo/pull/2490) **Enhancements** - Delete unused context in body_limit.go [#2483](https://togithub.com/labstack/echo/pull/2483) - Use Go 1.21 in CI [#2505](https://togithub.com/labstack/echo/pull/2505) - Fix some typos [#2511](https://togithub.com/labstack/echo/pull/2511) - Allow CORS middleware to send Access-Control-Max-Age: 0 [#2518](https://togithub.com/labstack/echo/pull/2518) - Bump dependancies [#2522](https://togithub.com/labstack/echo/pull/2522) ### [`v4.11.1`](https://togithub.com/labstack/echo/blob/HEAD/CHANGELOG.md#v4111---2023-07-16) [Compare Source](https://togithub.com/labstack/echo/compare/v4.11.0...v4.11.1) **Fixes** - Fix `Gzip` middleware not sending response code for no content responses (404, 301/302 redirects etc) [#2481](https://togithub.com/labstack/echo/pull/2481) ### [`v4.11.0`](https://togithub.com/labstack/echo/blob/HEAD/CHANGELOG.md#v4110---2023-07-14) [Compare Source](https://togithub.com/labstack/echo/compare/v4.10.2...v4.11.0) **Fixes** - Fixes the proxy middleware concurrency issue of calling the Next() proxy target on Round Robin Balancer [#2409](https://togithub.com/labstack/echo/pull/2409) - Fix `group.RouteNotFound` not working when group has attached middlewares [#2411](https://togithub.com/labstack/echo/pull/2411) - Fix global error handler return error message when message is an error [#2456](https://togithub.com/labstack/echo/pull/2456) - Do not use global timeNow variables [#2477](https://togithub.com/labstack/echo/pull/2477) **Enhancements** - Added a optional config variable to disable centralized error handler in recovery middleware [#2410](https://togithub.com/labstack/echo/pull/2410) - refactor: use `strings.ReplaceAll` directly [#2424](https://togithub.com/labstack/echo/pull/2424) - Add support for Go1.20 `http.rwUnwrapper` to Response struct [#2425](https://togithub.com/labstack/echo/pull/2425) - Check whether is nil before invoking centralized error handling [#2429](https://togithub.com/labstack/echo/pull/2429) - Proper colon support in `echo.Reverse` method [#2416](https://togithub.com/labstack/echo/pull/2416) - Fix misuses of a vs an in documentation comments [#2436](https://togithub.com/labstack/echo/pull/2436) - Add link to slog.Handler library for Echo logging into README.md [#2444](https://togithub.com/labstack/echo/pull/2444) - In proxy middleware Support retries of failed proxy requests [#2414](https://togithub.com/labstack/echo/pull/2414) - gofmt fixes to comments [#2452](https://togithub.com/labstack/echo/pull/2452) - gzip response only if it exceeds a minimal length [#2267](https://togithub.com/labstack/echo/pull/2267) - Upgrade packages [#2475](https://togithub.com/labstack/echo/pull/2475) ### [`v4.10.2`](https://togithub.com/labstack/echo/blob/HEAD/CHANGELOG.md#v4102---2023-02-22) [Compare Source](https://togithub.com/labstack/echo/compare/v4.10.1...v4.10.2) **Security** - `filepath.Clean` behaviour has changed in Go 1.20 - adapt to it [#2406](https://togithub.com/labstack/echo/pull/2406) - Add `middleware.CORSConfig.UnsafeWildcardOriginWithAllowCredentials` to make UNSAFE usages of wildcard origin + allow cretentials less likely [#2405](https://togithub.com/labstack/echo/pull/2405) **Enhancements** - Add more HTTP error values [#2277](https://togithub.com/labstack/echo/pull/2277) ### [`v4.10.1`](https://togithub.com/labstack/echo/blob/HEAD/CHANGELOG.md#v4101---2023-02-19) [Compare Source](https://togithub.com/labstack/echo/compare/v4.10.0...v4.10.1) **Security** - Upgrade deps due to the latest golang.org/x/net vulnerability [#2402](https://togithub.com/labstack/echo/pull/2402) **Enhancements** - Add new JWT repository to the README [#2377](https://togithub.com/labstack/echo/pull/2377) - Return an empty string for ctx.path if there is no registered path [#2385](https://togithub.com/labstack/echo/pull/2385) - Add context timeout middleware [#2380](https://togithub.com/labstack/echo/pull/2380) - Update link to jaegertracing [#2394](https://togithub.com/labstack/echo/pull/2394) ### [`v4.10.0`](https://togithub.com/labstack/echo/blob/HEAD/CHANGELOG.md#v4100---2022-12-27) [Compare Source](https://togithub.com/labstack/echo/compare/v4.9.1...v4.10.0) **Security** - We are deprecating JWT middleware in this repository. Please use https://github.com/labstack/echo-jwt instead. JWT middleware is moved to separate repository to allow us to bump/upgrade version of JWT implementation (`github.com/golang-jwt/jwt`) we are using which we can not do in Echo core because this would break backwards compatibility guarantees we try to maintain. - This minor version bumps minimum Go version to 1.17 (from 1.16) due `golang.org/x/` packages we depend on. There are several vulnerabilities fixed in these libraries. Echo still tries to support last 4 Go versions but there are occasions we can not guarantee this promise. **Enhancements** - Bump x/text to 0.3.8 [#2305](https://togithub.com/labstack/echo/pull/2305) - Bump dependencies and add notes about Go releases we support [#2336](https://togithub.com/labstack/echo/pull/2336) - Add helper interface for ProxyBalancer interface [#2316](https://togithub.com/labstack/echo/pull/2316) - Expose `middleware.CreateExtractors` function so we can use it from echo-contrib repository [#2338](https://togithub.com/labstack/echo/pull/2338) - Refactor func(Context) error to HandlerFunc [#2315](https://togithub.com/labstack/echo/pull/2315) - Improve function comments [#2329](https://togithub.com/labstack/echo/pull/2329) - Add new method HTTPError.WithInternal [#2340](https://togithub.com/labstack/echo/pull/2340) - Replace io/ioutil package usages [#2342](https://togithub.com/labstack/echo/pull/2342) - Add staticcheck to CI flow [#2343](https://togithub.com/labstack/echo/pull/2343) - Replace relative path determination from proprietary to std [#2345](https://togithub.com/labstack/echo/pull/2345) - Remove square brackets from ipv6 addresses in XFF (X-Forwarded-For header) [#2182](https://togithub.com/labstack/echo/pull/2182) - Add testcases for some BodyLimit middleware configuration options [#2350](https://togithub.com/labstack/echo/pull/2350) - Additional configuration options for RequestLogger and Logger middleware [#2341](https://togithub.com/labstack/echo/pull/2341) - Add route to request log [#2162](https://togithub.com/labstack/echo/pull/2162) - GitHub Workflows security hardening [#2358](https://togithub.com/labstack/echo/pull/2358) - Add govulncheck to CI and bump dependencies [#2362](https://togithub.com/labstack/echo/pull/2362) - Fix rate limiter docs [#2366](https://togithub.com/labstack/echo/pull/2366) - Refactor how `e.Routes()` work and introduce `e.OnAddRouteHandler` callback [#2337](https://togithub.com/labstack/echo/pull/2337)Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.