[PR #245] [MERGED] fix(deps): bump github.com/labstack/echo/v4 from 4.7.2 to 4.9.0 #289

New issue

Closed

opened 2026-03-04 00:25:05 +03:00 by kerem · 0 comments

kerem commented 2026-03-04 00:25:05 +03:00

Owner

Copy link

📋 Pull Request Information

Original PR: https://github.com/SignTools/SignTools/pull/245
Author: @dependabot[bot]
Created: 9/5/2022
Status: ✅ Merged
Merged: 9/16/2022
Merged by: @ViRb3

Base: master ← Head: dependabot/go_modules/github.com/labstack/echo/v4-4.9.0

---

📝 Commits (1)

• 7888041 fix(deps): bump github.com/labstack/echo/v4 from 4.7.2 to 4.9.0

📊 Changes

2 files changed (+3 additions, -3 deletions)

View changed files

📝 go.mod (+1 -1)
📝 go.sum (+2 -2)

📄 Description

Bumps github.com/labstack/echo/v4 from 4.7.2 to 4.9.0.

Release notes

Sourced from github.com/labstack/echo/v4's releases.

v4.9.0

Security

• Fix open redirect vulnerability in handlers serving static directories (e.Static, e.StaticFs, echo.StaticDirectoryHandler) #2260

Enhancements

• Allow configuring ErrorHandler in CSRF middleware #2257
• Replace HTTP method constants in tests with stdlib constants #2247

v4.8.0

Most notable things

You can now add any arbitrary HTTP method type as a route #2237

e.Add("COPY", "/*", func(c echo.Context) error 
  return c.String(http.StatusOK, "OK COPY")
})

You can add custom 404 handler for specific paths #2217

e.RouteNotFound("/*", func(c echo.Context) error { return c.NoContent(http.StatusNotFound) })
g := e.Group("/images")
g.RouteNotFound("/*", func(c echo.Context) error { return c.NoContent(http.StatusNotFound) })

Enhancements

• Add new value binding methods (UnixTimeMilli,TextUnmarshaler,JSONUnmarshaler) to Valuebinder #2127
• Refactor: body_limit middleware unit test #2145
• Refactor: Timeout mw: rework how test waits for timeout. #2187
• BasicAuth middleware returns 500 InternalServerError on invalid base64 strings but should return 400 #2191
• Refactor: duplicated findStaticChild process at findChildWithLabel #2176
• Allow different param names in different methods with same path scheme #2209
• Add support for registering handlers for different 404 routes #2217
• Middlewares should use errors.As() instead of type assertion on HTTPError #2227
• Allow arbitrary HTTP method types to be added as routes #2237

Changelog

Sourced from github.com/labstack/echo/v4's changelog.

v4.9.0 - 2022-09-04

Security

• Fix open redirect vulnerability in handlers serving static directories (e.Static, e.StaticFs, echo.StaticDirectoryHandler) #2260

Enhancements

• Allow configuring ErrorHandler in CSRF middleware #2257
• Replace HTTP method constants in tests with stdlib constants #2247

v4.8.0 - 2022-08-10

Most notable things

You can now add any arbitrary HTTP method type as a route #2237

e.Add("COPY", "/*", func(c echo.Context) error 
  return c.String(http.StatusOK, "OK COPY")
})

You can add custom 404 handler for specific paths #2217

e.RouteNotFound("/*", func(c echo.Context) error { return c.NoContent(http.StatusNotFound) })
g := e.Group("/images")
g.RouteNotFound("/*", func(c echo.Context) error { return c.NoContent(http.StatusNotFound) })

Enhancements

• Add new value binding methods (UnixTimeMilli,TextUnmarshaler,JSONUnmarshaler) to Valuebinder #2127
• Refactor: body_limit middleware unit test #2145
• Refactor: Timeout mw: rework how test waits for timeout. #2187
• BasicAuth middleware returns 500 InternalServerError on invalid base64 strings but should return 400 #2191
• Refactor: duplicated findStaticChild process at findChildWithLabel #2176
• Allow different param names in different methods with same path scheme #2209
• Add support for registering handlers for different 404 routes #2217
• Middlewares should use errors.As() instead of type assertion on HTTPError #2227
• Allow arbitrary HTTP method types to be added as routes #2237

Commits

• 16d3b65 Changelog for 4.9.0
• 0ac4d74 Fix #2259 open redirect vulnerability in echo.StaticDirectoryHandler (used by...
• d77e8c0 Added ErrorHandler and ErrorHandlerWithContext in CSRF middleware (#2257)
• 534bbb8 replace POST constance with stdlib constance
• fb57d96 replace GET constance with stdlib constance
• d48197d Changelog for 4.8.0
• cba12a5 Allow arbitrary HTTP method types to be added as routes
• a327884 add:README.md-Third-party middlewares-github.com/go-woo/protoc-gen-echo
• 61422dd Update CI-flow (Go 1.19 +deps)
• a9879ff Middlewares should use errors.As() instead of type assertion on HTTPError
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/SignTools/SignTools/pull/245 **Author:** [@dependabot[bot]](https://github.com/apps/dependabot) **Created:** 9/5/2022 **Status:** ✅ Merged **Merged:** 9/16/2022 **Merged by:** [@ViRb3](https://github.com/ViRb3) **Base:** `master` ← **Head:** `dependabot/go_modules/github.com/labstack/echo/v4-4.9.0` --- ### 📝 Commits (1) - [`7888041`](https://github.com/SignTools/SignTools/commit/7888041d73b913ee565f57845fb4c74a128627ec) fix(deps): bump github.com/labstack/echo/v4 from 4.7.2 to 4.9.0 ### 📊 Changes **2 files changed** (+3 additions, -3 deletions) <details> <summary>View changed files</summary> 📝 `go.mod` (+1 -1) 📝 `go.sum` (+2 -2) </details> ### 📄 Description Bumps [github.com/labstack/echo/v4](https://github.com/labstack/echo) from 4.7.2 to 4.9.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/labstack/echo/releases">github.com/labstack/echo/v4's releases</a>.</em></p> <blockquote> <h2>v4.9.0</h2> <p><strong>Security</strong></p> <ul> <li>Fix open redirect vulnerability in handlers serving static directories (e.Static, e.StaticFs, echo.StaticDirectoryHandler) <a href="https://github-redirect.dependabot.com/labstack/echo/pull/2260">#2260</a></li> </ul> <p><strong>Enhancements</strong></p> <ul> <li>Allow configuring ErrorHandler in CSRF middleware <a href="https://github-redirect.dependabot.com/labstack/echo/pull/2257">#2257</a></li> <li>Replace HTTP method constants in tests with stdlib constants <a href="https://github-redirect.dependabot.com/labstack/echo/pull/2247">#2247</a></li> </ul> <h2>v4.8.0</h2> <p><strong>Most notable things</strong></p> <p>You can now add any arbitrary HTTP method type as a route <a href="https://github-redirect.dependabot.com/labstack/echo/pull/2237">#2237</a></p> <pre lang="go"><code>e.Add(&quot;COPY&quot;, &quot;/*&quot;, func(c echo.Context) error return c.String(http.StatusOK, &quot;OK COPY&quot;) }) </code></pre> <p>You can add custom 404 handler for specific paths <a href="https://github-redirect.dependabot.com/labstack/echo/pull/2217">#2217</a></p> <pre lang="go"><code>e.RouteNotFound(&quot;/*&quot;, func(c echo.Context) error { return c.NoContent(http.StatusNotFound) }) <p>g := e.Group(&quot;/images&quot;) g.RouteNotFound(&quot;/*&quot;, func(c echo.Context) error { return c.NoContent(http.StatusNotFound) }) </code></pre></p> <p><strong>Enhancements</strong></p> <ul> <li>Add new value binding methods (UnixTimeMilli,TextUnmarshaler,JSONUnmarshaler) to Valuebinder <a href="https://github-redirect.dependabot.com/labstack/echo/pull/2127">#2127</a></li> <li>Refactor: body_limit middleware unit test <a href="https://github-redirect.dependabot.com/labstack/echo/pull/2145">#2145</a></li> <li>Refactor: Timeout mw: rework how test waits for timeout. <a href="https://github-redirect.dependabot.com/labstack/echo/pull/2187">#2187</a></li> <li>BasicAuth middleware returns 500 InternalServerError on invalid base64 strings but should return 400 <a href="https://github-redirect.dependabot.com/labstack/echo/pull/2191">#2191</a></li> <li>Refactor: duplicated findStaticChild process at findChildWithLabel <a href="https://github-redirect.dependabot.com/labstack/echo/pull/2176">#2176</a></li> <li>Allow different param names in different methods with same path scheme <a href="https://github-redirect.dependabot.com/labstack/echo/pull/2209">#2209</a></li> <li>Add support for registering handlers for different 404 routes <a href="https://github-redirect.dependabot.com/labstack/echo/pull/2217">#2217</a></li> <li>Middlewares should use errors.As() instead of type assertion on HTTPError <a href="https://github-redirect.dependabot.com/labstack/echo/pull/2227">#2227</a></li> <li>Allow arbitrary HTTP method types to be added as routes <a href="https://github-redirect.dependabot.com/labstack/echo/pull/2237">#2237</a></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/labstack/echo/blob/master/CHANGELOG.md">github.com/labstack/echo/v4's changelog</a>.</em></p> <blockquote> <h2>v4.9.0 - 2022-09-04</h2> <p><strong>Security</strong></p> <ul> <li>Fix open redirect vulnerability in handlers serving static directories (e.Static, e.StaticFs, echo.StaticDirectoryHandler) <a href="https://github-redirect.dependabot.com/labstack/echo/pull/2260">#2260</a></li> </ul> <p><strong>Enhancements</strong></p> <ul> <li>Allow configuring ErrorHandler in CSRF middleware <a href="https://github-redirect.dependabot.com/labstack/echo/pull/2257">#2257</a></li> <li>Replace HTTP method constants in tests with stdlib constants <a href="https://github-redirect.dependabot.com/labstack/echo/pull/2247">#2247</a></li> </ul> <h2>v4.8.0 - 2022-08-10</h2> <p><strong>Most notable things</strong></p> <p>You can now add any arbitrary HTTP method type as a route <a href="https://github-redirect.dependabot.com/labstack/echo/pull/2237">#2237</a></p> <pre lang="go"><code>e.Add(&quot;COPY&quot;, &quot;/*&quot;, func(c echo.Context) error return c.String(http.StatusOK, &quot;OK COPY&quot;) }) </code></pre> <p>You can add custom 404 handler for specific paths <a href="https://github-redirect.dependabot.com/labstack/echo/pull/2217">#2217</a></p> <pre lang="go"><code>e.RouteNotFound(&quot;/*&quot;, func(c echo.Context) error { return c.NoContent(http.StatusNotFound) }) <p>g := e.Group(&quot;/images&quot;) g.RouteNotFound(&quot;/*&quot;, func(c echo.Context) error { return c.NoContent(http.StatusNotFound) }) </code></pre></p> <p><strong>Enhancements</strong></p> <ul> <li>Add new value binding methods (UnixTimeMilli,TextUnmarshaler,JSONUnmarshaler) to Valuebinder <a href="https://github-redirect.dependabot.com/labstack/echo/pull/2127">#2127</a></li> <li>Refactor: body_limit middleware unit test <a href="https://github-redirect.dependabot.com/labstack/echo/pull/2145">#2145</a></li> <li>Refactor: Timeout mw: rework how test waits for timeout. <a href="https://github-redirect.dependabot.com/labstack/echo/pull/2187">#2187</a></li> <li>BasicAuth middleware returns 500 InternalServerError on invalid base64 strings but should return 400 <a href="https://github-redirect.dependabot.com/labstack/echo/pull/2191">#2191</a></li> <li>Refactor: duplicated findStaticChild process at findChildWithLabel <a href="https://github-redirect.dependabot.com/labstack/echo/pull/2176">#2176</a></li> <li>Allow different param names in different methods with same path scheme <a href="https://github-redirect.dependabot.com/labstack/echo/pull/2209">#2209</a></li> <li>Add support for registering handlers for different 404 routes <a href="https://github-redirect.dependabot.com/labstack/echo/pull/2217">#2217</a></li> <li>Middlewares should use errors.As() instead of type assertion on HTTPError <a href="https://github-redirect.dependabot.com/labstack/echo/pull/2227">#2227</a></li> <li>Allow arbitrary HTTP method types to be added as routes <a href="https://github-redirect.dependabot.com/labstack/echo/pull/2237">#2237</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/labstack/echo/commit/16d3b65eb09664fe95dc6e4e7e2a082010d0eb68"><code>16d3b65</code></a> Changelog for 4.9.0</li> <li><a href="https://github.com/labstack/echo/commit/0ac4d74402391912ff6da733bb09fd4c3980b4e1"><code>0ac4d74</code></a> Fix <a href="https://github-redirect.dependabot.com/labstack/echo/issues/2259">#2259</a> open redirect vulnerability in echo.StaticDirectoryHandler (used by...</li> <li><a href="https://github.com/labstack/echo/commit/d77e8c09b21bb23fa8d2dc0250c998d0da0815fa"><code>d77e8c0</code></a> Added ErrorHandler and ErrorHandlerWithContext in CSRF middleware (<a href="https://github-redirect.dependabot.com/labstack/echo/issues/2257">#2257</a>)</li> <li><a href="https://github.com/labstack/echo/commit/534bbb81e3a13f04c7c1513d23659ae599e421c0"><code>534bbb8</code></a> replace POST constance with stdlib constance</li> <li><a href="https://github.com/labstack/echo/commit/fb57d96a6dc0e35c7016153ac6d028ced1ca0e41"><code>fb57d96</code></a> replace GET constance with stdlib constance</li> <li><a href="https://github.com/labstack/echo/commit/d48197db7af19becf2363496493ed0e2a8d1caea"><code>d48197d</code></a> Changelog for 4.8.0</li> <li><a href="https://github.com/labstack/echo/commit/cba12a570e8caa1fafabc2d41afc97bd7a83d758"><code>cba12a5</code></a> Allow arbitrary HTTP method types to be added as routes</li> <li><a href="https://github.com/labstack/echo/commit/a327884b682cc1458580ac583e04dc610429b6fc"><code>a327884</code></a> add:README.md-Third-party middlewares-github.com/go-woo/protoc-gen-echo</li> <li><a href="https://github.com/labstack/echo/commit/61422dd7de9b0359708ff56b67099b91b5954c31"><code>61422dd</code></a> Update CI-flow (Go 1.19 +deps)</li> <li><a href="https://github.com/labstack/echo/commit/a9879ffa6b6fe73e43a0e062884f83eb959e6c1a"><code>a9879ff</code></a> Middlewares should use errors.As() instead of type assertion on HTTPError</li> <li>Additional commits viewable in <a href="https://github.com/labstack/echo/compare/v4.7.2...v4.9.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

kerem 2026-03-04 00:25:05 +03:00

• closed this issue
• added the
  pull-request
  label

kerem referenced this issue 2026-03-04 00:25:15 +03:00

[PR #289] [MERGED] fix(deps): bump alpine from 3.16.2 to 3.17.2 #327

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

dependabot/npm_and_yarn/prettier-3.8.2

dependabot/docker/golang-1.26.2-alpine

dependabot/github_actions/docker/build-push-action-7.1.0

dependabot/go_modules/golang.org/x/crypto-0.50.0

dependabot/github_actions/docker/login-action-4.1.0

dependabot/github_actions/actions/setup-go-6.4.0

dependabot/go_modules/github.com/rs/zerolog-1.35.0

dependabot/go_modules/golang.org/x/oauth2-0.36.0

dependabot/github_actions/docker/metadata-action-6.0.0

dependabot/github_actions/docker/setup-buildx-action-4.0.0

dependabot/github_actions/docker/setup-qemu-action-4.0.0

dependabot/go_modules/github.com/labstack/echo/v4-4.15.1

dependabot/github_actions/goreleaser/goreleaser-action-7.0.0

dependabot/docker/alpine-3.23.3

dependabot/github_actions/actions/checkout-6.0.2

develop

v3.0.11

v3.0.10

v3.0.9

v3.0.8

v3.0.7

v3.0.6

v3.0.5

v3.0.4

v3.0.3

v3.0.2

v3.0.1

v3.0.0

v2.6.2

v2.6.1

v2.6.0

v2.5.21

v2.5.20

v2.5.19

v2.5.18

v2.5.17

v2.5.16

v2.5.15

v2.5.14

v2.5.13

v2.5.12

v2.5.11

v2.5.10

v2.5.9

v2.5.8

v2.5.7

v2.5.6

v2.5.5

v2.5.4

v2.5.3

v2.5.2

v2.5.1

v2.5.0

v2.4.18

v2.4.17

v2.4.16

v2.4.15

v2.4.14

v2.4.13

v2.4.12

v2.4.11

v2.4.10

v2.4.9

v2.4.8

v2.4.7

v2.4.6

v2.4.5

v2.4.4

v2.4.3

v2.4.2

v2.4.1

v2.4.0

v2.3.15

v2.3.14

v2.3.13

v2.3.12

v2.3.11

v2.3.10

v2.3.9

v2.3.8

v2.3.7

v2.3.6

v2.3.5

v2.3.4

v2.3.3

v2.3.2

v2.3.1

v2.3.0

v2.2.6

v2.2.5

v2.2.4

v2.2.3

v2.2.2

v2.2.1

v2.2.0

v2.1.8

v2.1.7

v2.1.6

v2.1.5

v2.1.4

v2.1.3

v2.1.2

v2.1.1

v2.1.0

v2.0.1

v2.0.0

v1.9.3

v1.9.2

v1.9.1

v1.9.0

v1.8.5

v1.8.4

v1.8.3

v1.8.2

v1.8.1

v1.8.0

v1.7.3

v1.7.2

v1.7.1

v1.7.0

v1.6.0

v1.5.4

v1.5.3

v1.5.2

v1.5.1

v1.5.0

v1.4.5

v1.4.4

v1.4.3

v1.4.2

v1.4.1

v1.4.0

v1.3.3

v1.3.2

v1.3.1

v1.3.0

v1.2.0

v1.1.0

v1.0.1

v1.0.0

Labels

Clear labels   

bug

  

enhancement

  

enhancement

  

good first issue

  

help wanted

  

pull-request

Mirrored from GitHub Pull Request

  

question

No labels

bug

enhancement

enhancement

good first issue

help wanted

pull-request

question

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/SignTools#289

No description provided.