v4 from 4.4.0 to 4.5.0 #170

New issue

Closed

opened 2026-03-04 00:24:29 +03:00 by kerem · 0 comments

kerem commented

2026-03-04 00:24:29 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/SignTools/SignTools/pull/91
Author: @dependabot[bot]
Created: 8/9/2021
Status: ❌ Closed

Base: master ← Head: dependabot/go_modules/github.com/labstack/echo/v4-4.5.0

📝 Commits (1)

81a59f5 fix(deps): bump github.com/labstack/echo/v4 from 4.4.0 to 4.5.0

📊 Changes

2 files changed (+5 additions, -3 deletions)

View changed files

📝 go.mod (+1 -1)
📝 go.sum (+4 -2)

📄 Description

Bumps github.com/labstack/echo/v4 from 4.4.0 to 4.5.0.

Release notes

Sourced from github.com/labstack/echo/v4's releases.

v4.5.0

Important notes

A BREAKING CHANGE is introduced for JWT middleware users.

The JWT library used for the JWT middleware had to be changed from github.com/dgrijalva/jwt-go to github.com/golang-jwt/jwt due former library being unmaintained and affected by security issues. The github.com/golang-jwt/jwt project is a drop-in replacement, but supports only the latest 2 Go versions. So for JWT middleware users Go 1.15+ is required. For detailed information please read #1940

To change the library imports in all .go files in your project replace all occurrences of dgrijalva/jwt-go with golang-jwt/jwt.

For Linux CLI you can use:
find -type f -name "*.go" -exec sed -i "s/dgrijalva\/jwt-go/golang-jwt\/jwt/g" {} \;
go mod tidy
Fixes

Change JWT library to github.com/golang-jwt/jwt #1946

Changelog

Sourced from github.com/labstack/echo/v4's changelog.

v4.5.0 - 2021-08-01

Important notes

A BREAKING CHANGE is introduced for JWT middleware users. The JWT library used for the JWT middleware had to be changed from github.com/dgrijalva/jwt-go to github.com/golang-jwt/jwt due former library being unmaintained and affected by security issues. The github.com/golang-jwt/jwt project is a drop-in replacement, but supports only the latest 2 Go versions. So for JWT middleware users Go 1.15+ is required. For detailed information please read #1940

To change the library imports in all .go files in your project replace all occurrences of dgrijalva/jwt-go with golang-jwt/jwt.

For Linux CLI you can use:
find -type f -name "*.go" -exec sed -i "s/dgrijalva\/jwt-go/golang-jwt\/jwt/g" {} \;
go mod tidy
Fixes

Change JWT library to github.com/golang-jwt/jwt #1946

Commits

5b8fa69 Update version and changelog for 4.5.0
647af2a JWT middleware has been changed from github.com/dgrijalva/jwt-go to github....
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/SignTools/SignTools/pull/91 **Author:** [@dependabot[bot]](https://github.com/apps/dependabot) **Created:** 8/9/2021 **Status:** ❌ Closed **Base:** `master` ← **Head:** `dependabot/go_modules/github.com/labstack/echo/v4-4.5.0` --- ### 📝 Commits (1) - [`81a59f5`](https://github.com/SignTools/SignTools/commit/81a59f5731bc7f2abe4203c706a15ec843b02515) fix(deps): bump github.com/labstack/echo/v4 from 4.4.0 to 4.5.0 ### 📊 Changes **2 files changed** (+5 additions, -3 deletions) <details> <summary>View changed files</summary> 📝 `go.mod` (+1 -1) 📝 `go.sum` (+4 -2) </details> ### 📄 Description Bumps [github.com/labstack/echo/v4](https://github.com/labstack/echo) from 4.4.0 to 4.5.0. <details> <summary>Release notes</summary> Sourced from <a href="https://github.com/labstack/echo/releases">github.com/labstack/echo/v4's releases</a>. <blockquote> <h2>v4.5.0</h2> Important notes A BREAKING CHANGE is introduced for JWT middleware users. The JWT library used for the JWT middleware had to be changed from <a href="https://github.com/dgrijalva/jwt-go">github.com/dgrijalva/jwt-go</a> to <a href="https://github.com/golang-jwt/jwt">github.com/golang-jwt/jwt</a> due former library being unmaintained and affected by security issues. The <a href="https://github.com/golang-jwt/jwt">github.com/golang-jwt/jwt</a> project is a drop-in replacement, but supports only the latest 2 Go versions. So for JWT middleware users Go 1.15+ is required. For detailed information please read <a href="https://github.com/labstack/echo/discussions/">#1940</a> To change the library imports in all .go files in your project replace all occurrences of <code>dgrijalva/jwt-go</code> with <code>golang-jwt/jwt</code>. For Linux CLI you can use: <pre lang="bash"><code>find -type f -name "*.go" -exec sed -i "s/dgrijalva\/jwt-go/golang-jwt\/jwt/g" {} \; go mod tidy </code></pre> Fixes <ul> <li>Change JWT library to <code>github.com/golang-jwt/jwt</code> <a href="https://github-redirect.dependabot.com/labstack/echo/pull/1946">#1946</a></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> Sourced from <a href="https://github.com/labstack/echo/blob/master/CHANGELOG.md">github.com/labstack/echo/v4's changelog</a>. <blockquote> <h2>v4.5.0 - 2021-08-01</h2> Important notes A BREAKING CHANGE is introduced for JWT middleware users. The JWT library used for the JWT middleware had to be changed from <a href="https://github.com/dgrijalva/jwt-go">github.com/dgrijalva/jwt-go</a> to <a href="https://github.com/golang-jwt/jwt">github.com/golang-jwt/jwt</a> due former library being unmaintained and affected by security issues. The <a href="https://github.com/golang-jwt/jwt">github.com/golang-jwt/jwt</a> project is a drop-in replacement, but supports only the latest 2 Go versions. So for JWT middleware users Go 1.15+ is required. For detailed information please read <a href="https://github.com/labstack/echo/discussions/">#1940</a> To change the library imports in all .go files in your project replace all occurrences of <code>dgrijalva/jwt-go</code> with <code>golang-jwt/jwt</code>. For Linux CLI you can use: <pre lang="bash"><code>find -type f -name "*.go" -exec sed -i "s/dgrijalva\/jwt-go/golang-jwt\/jwt/g" {} \; go mod tidy </code></pre> Fixes <ul> <li>Change JWT library to <code>github.com/golang-jwt/jwt</code> <a href="https://github-redirect.dependabot.com/labstack/echo/pull/1946">#1946</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/labstack/echo/commit/5b8fa6979f5803ff091e24c9a0331aa1b38de302"><code>5b8fa69</code></a> Update version and changelog for 4.5.0</li> <li><a href="https://github.com/labstack/echo/commit/647af2acec9ba160cb247e5c26eb0c671a0c1f2a"><code>647af2a</code></a> JWT middleware has been changed from <code>github.com/dgrijalva/jwt-go</code> to github....</li> <li>See full diff in <a href="https://github.com/labstack/echo/compare/v4.4.0...v4.5.0">compare view</a></li> </ul> </details> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/labstack/echo/v4&package-manager=go_modules&previous-version=4.4.0&new-version=4.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> --- 🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.