Update module github.com/labstack/echo/v4 to v4.12.0

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
github.com/labstack/echo/v4	v4.9.1 -> v4.12.0

---

Release Notes

labstack/echo (github.com/labstack/echo/v4)

v4.12.0

Compare Source

Security

• Update golang.org/x/net dep because of GO-2024-2687 by @​aldas in https://github.com/labstack/echo/pull/2625

Enhancements

• binder: make binding to Map work better with string destinations by @​aldas in https://github.com/labstack/echo/pull/2554
• README.md: add Encore as sponsor by @​marcuskohlberg in https://github.com/labstack/echo/pull/2579
• Reorder paragraphs in README.md by @​aldas in https://github.com/labstack/echo/pull/2581
• CI: upgrade actions/checkout to v4 by @​aldas in https://github.com/labstack/echo/pull/2584
• Remove default charset from 'application/json' Content-Type header by @​doortts in https://github.com/labstack/echo/pull/2568
• CI: Use Go 1.22 by @​aldas in https://github.com/labstack/echo/pull/2588
• binder: allow binding to a nil map by @​georgmu in https://github.com/labstack/echo/pull/2574
• Add Skipper Unit Test In BasicBasicAuthConfig and Add More Detail Explanation regarding BasicAuthValidator by @​RyoKusnadi in https://github.com/labstack/echo/pull/2461
• fix some typos by @​teslaedison in https://github.com/labstack/echo/pull/2603
• fix: some typos by @​pomadev in https://github.com/labstack/echo/pull/2596
• Allow ResponseWriters to unwrap writers when flushing/hijacking by @​aldas in https://github.com/labstack/echo/pull/2595
• Add SPDX licence comments to files. by @​aldas in https://github.com/labstack/echo/pull/2604
• Upgrade deps by @​aldas in https://github.com/labstack/echo/pull/2605
• Change type definition blocks to single declarations. This helps copy… by @​aldas in https://github.com/labstack/echo/pull/2606
• Fix Real IP logic by @​cl-bvl in https://github.com/labstack/echo/pull/2550
• Default binder can use UnmarshalParams(params []string) error inter… by @​aldas in https://github.com/labstack/echo/pull/2607
• Default binder can bind pointer to slice as struct field. For example *[]string by @​aldas in https://github.com/labstack/echo/pull/2608
• Remove maxparam dependence from Context by @​aldas in https://github.com/labstack/echo/pull/2611
• When route is registered with empty path it is normalized to /. by @​aldas in https://github.com/labstack/echo/pull/2616
• proxy middleware should use httputil.ReverseProxy for SSE requests by @​aldas in https://github.com/labstack/echo/pull/2624

v4.11.4

Compare Source

Security

• Upgrade golang.org/x/crypto to v0.17.0 to fix vulnerability issue #​2562

Enhancements

• Update deps and mark Go version to 1.18 as this is what golang.org/x/* use #​2563
• Request logger: add example for Slog https://pkg.go.dev/log/slog #​2543

v4.11.3

Compare Source

Security

• 'c.Attachment' and 'c.Inline' should escape filename in 'Content-Disposition' header to avoid 'Reflect File Download' vulnerability. #​2541

Enhancements

• Tests: refactor context tests to be separate functions #​2540
• Proxy middleware: reuse echo request context #​2537
• Mark unmarshallable yaml struct tags as ignored #​2536

v4.11.2

Compare Source

Security

• Bump golang.org/x/net to prevent CVE-2023-39325 / CVE-2023-44487 HTTP/2 Rapid Reset Attack #​2527
• fix(sec): randomString bias introduced by #​2490 #​2492
• CSRF/RequestID mw: switch math/random usage to crypto/random #​2490

Enhancements

• Delete unused context in body_limit.go #​2483
• Use Go 1.21 in CI #​2505
• Fix some typos #​2511
• Allow CORS middleware to send Access-Control-Max-Age: 0 #​2518
• Bump dependancies #​2522

v4.11.1

Compare Source

Fixes

• Fix Gzip middleware not sending response code for no content responses (404, 301/302 redirects etc) #​2481

v4.11.0

Compare Source

Fixes

• Fixes the proxy middleware concurrency issue of calling the Next() proxy target on Round Robin Balancer #​2409
• Fix group.RouteNotFound not working when group has attached middlewares #​2411
• Fix global error handler return error message when message is an error #​2456
• Do not use global timeNow variables #​2477

Enhancements

• Added a optional config variable to disable centralized error handler in recovery middleware #​2410
• refactor: use strings.ReplaceAll directly #​2424
• Add support for Go1.20 http.rwUnwrapper to Response struct #​2425
• Check whether is nil before invoking centralized error handling #​2429
• Proper colon support in echo.Reverse method #​2416
• Fix misuses of a vs an in documentation comments #​2436
• Add link to slog.Handler library for Echo logging into README.md #​2444
• In proxy middleware Support retries of failed proxy requests #​2414
• gofmt fixes to comments #​2452
• gzip response only if it exceeds a minimal length #​2267
• Upgrade packages #​2475

v4.10.2

Compare Source

Security

• filepath.Clean behaviour has changed in Go 1.20 - adapt to it #​2406
• Add middleware.CORSConfig.UnsafeWildcardOriginWithAllowCredentials to make UNSAFE usages of wildcard origin + allow cretentials less likely #​2405

Enhancements

• Add more HTTP error values #​2277

v4.10.1

Compare Source

Security

• Upgrade deps due to the latest golang.org/x/net vulnerability #​2402

Enhancements

• Add new JWT repository to the README #​2377
• Return an empty string for ctx.path if there is no registered path #​2385
• Add context timeout middleware #​2380
• Update link to jaegertracing #​2394

v4.10.0

Compare Source

Security

• We are deprecating JWT middleware in this repository. Please use https://github.com/labstack/echo-jwt instead.

  JWT middleware is moved to separate repository to allow us to bump/upgrade version of JWT implementation (github.com/golang-jwt/jwt) we are using
  which we can not do in Echo core because this would break backwards compatibility guarantees we try to maintain.

• This minor version bumps minimum Go version to 1.17 (from 1.16) due golang.org/x/ packages we depend on. There are
  several vulnerabilities fixed in these libraries.

  Echo still tries to support last 4 Go versions but there are occasions we can not guarantee this promise.

Enhancements

• Bump x/text to 0.3.8 #​2305
• Bump dependencies and add notes about Go releases we support #​2336
• Add helper interface for ProxyBalancer interface #​2316
• Expose middleware.CreateExtractors function so we can use it from echo-contrib repository #​2338
• Refactor func(Context) error to HandlerFunc #​2315
• Improve function comments #​2329
• Add new method HTTPError.WithInternal #​2340
• Replace io/ioutil package usages #​2342
• Add staticcheck to CI flow #​2343
• Replace relative path determination from proprietary to std #​2345
• Remove square brackets from ipv6 addresses in XFF (X-Forwarded-For header) #​2182
• Add testcases for some BodyLimit middleware configuration options #​2350
• Additional configuration options for RequestLogger and Logger middleware #​2341
• Add route to request log #​2162
• GitHub Workflows security hardening #​2358
• Add govulncheck to CI and bump dependencies #​2362
• Fix rate limiter docs #​2366
• Refactor how e.Routes() work and introduce e.OnAddRouteHandler callback #​2337

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.