Sourced from github.com/labstack/echo/v4's releases.

v4.9.1

Fixes

• Fix logger panicing (when template is set to empty) by bumping dependency version #2295

Enhancements

• Improve CORS documentation #2272
• Update readme about supported Go versions #2291
• Tests: improve error handling on closing body #2254
• Tests: refactor some of the assertions in tests #2275
• Tests: refactor assertions #2301

v4.9.0

Security

• Fix open redirect vulnerability in handlers serving static directories (e.Static, e.StaticFs, echo.StaticDirectoryHandler) #2260

Enhancements

• Allow configuring ErrorHandler in CSRF middleware #2257
• Replace HTTP method constants in tests with stdlib constants #2247

v4.8.0

Most notable things

You can now add any arbitrary HTTP method type as a route #2237

e.Add("COPY", "/*", func(c echo.Context) error 
  return c.String(http.StatusOK, "OK COPY")
})

You can add custom 404 handler for specific paths #2217

e.RouteNotFound("/*", func(c echo.Context) error { return c.NoContent(http.StatusNotFound) })
g := e.Group("/images")
g.RouteNotFound("/*", func(c echo.Context) error { return c.NoContent(http.StatusNotFound) })

Enhancements

• Add new value binding methods (UnixTimeMilli,TextUnmarshaler,JSONUnmarshaler) to Valuebinder #2127
• Refactor: body_limit middleware unit test #2145
• Refactor: Timeout mw: rework how test waits for timeout. #2187
• BasicAuth middleware returns 500 InternalServerError on invalid base64 strings but should return 400 #2191
• Refactor: duplicated findStaticChild process at findChildWithLabel #2176
• Allow different param names in different methods with same path scheme #2209

... (truncated)

Sourced from github.com/labstack/echo/v4's changelog.

v4.9.1 - 2022-10-12

Fixes

• Fix logger panicing (when template is set to empty) by bumping dependency version #2295

Enhancements

• Improve CORS documentation #2272
• Update readme about supported Go versions #2291
• Tests: improve error handling on closing body #2254
• Tests: refactor some of the assertions in tests #2275
• Tests: refactor assertions #2301

v4.9.0 - 2022-09-04

Security

• Fix open redirect vulnerability in handlers serving static directories (e.Static, e.StaticFs, echo.StaticDirectoryHandler) #2260

Enhancements

• Allow configuring ErrorHandler in CSRF middleware #2257
• Replace HTTP method constants in tests with stdlib constants #2247

v4.8.0 - 2022-08-10

Most notable things

You can now add any arbitrary HTTP method type as a route #2237

e.Add("COPY", "/*", func(c echo.Context) error 
  return c.String(http.StatusOK, "OK COPY")
})

You can add custom 404 handler for specific paths #2217

e.RouteNotFound("/*", func(c echo.Context) error { return c.NoContent(http.StatusNotFound) })
g := e.Group("/images")
g.RouteNotFound("/*", func(c echo.Context) error { return c.NoContent(http.StatusNotFound) })

Enhancements

• Add new value binding methods (UnixTimeMilli,TextUnmarshaler,JSONUnmarshaler) to Valuebinder #2127
• Refactor: body_limit middleware unit test #2145
• Refactor: Timeout mw: rework how test waits for timeout. #2187

... (truncated)

• 8ad2230 Changelog for v4.9.1
• 56f63c3 bump github.com/labstack/gommon dependency version
• 1d5f335 refactor assertions (#2301)
• 4c44305 update tests (#2275)
• 79221d9 Update readme about supported Go versions (#2291)
• 666938e tests: error handling on closing body (#2254)
• 50e7e56 Improve CORS documentation
• 16d3b65 Changelog for 4.9.0
• 0ac4d74 Fix #2259 open redirect vulnerability in echo.StaticDirectoryHandler (used by...
• d77e8c0 Added ErrorHandler and ErrorHandlerWithContext in CSRF middleware (#2257)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from github.com/labstack/echo/v4's releases.

v4.9.0

Security

• Fix open redirect vulnerability in handlers serving static directories (e.Static, e.StaticFs, echo.StaticDirectoryHandler) #2260

Enhancements

• Allow configuring ErrorHandler in CSRF middleware #2257
• Replace HTTP method constants in tests with stdlib constants #2247

v4.8.0

Most notable things

You can now add any arbitrary HTTP method type as a route #2237

e.Add("COPY", "/*", func(c echo.Context) error 
  return c.String(http.StatusOK, "OK COPY")
})

You can add custom 404 handler for specific paths #2217

e.RouteNotFound("/*", func(c echo.Context) error { return c.NoContent(http.StatusNotFound) })
g := e.Group("/images")
g.RouteNotFound("/*", func(c echo.Context) error { return c.NoContent(http.StatusNotFound) })

Enhancements

• Add new value binding methods (UnixTimeMilli,TextUnmarshaler,JSONUnmarshaler) to Valuebinder #2127
• Refactor: body_limit middleware unit test #2145
• Refactor: Timeout mw: rework how test waits for timeout. #2187
• BasicAuth middleware returns 500 InternalServerError on invalid base64 strings but should return 400 #2191
• Refactor: duplicated findStaticChild process at findChildWithLabel #2176
• Allow different param names in different methods with same path scheme #2209
• Add support for registering handlers for different 404 routes #2217
• Middlewares should use errors.As() instead of type assertion on HTTPError #2227
• Allow arbitrary HTTP method types to be added as routes #2237

v4.7.2

Fixes

• Fix nil pointer exception when calling Start again after address binding error #2131
• Fix CSRF middleware not being able to extract token from multipart/form-data form #2136
• Fix Timeout middleware write race #2126

Enhancements

... (truncated)

Sourced from github.com/labstack/echo/v4's changelog.

v4.9.0 - 2022-09-04

Security

• Fix open redirect vulnerability in handlers serving static directories (e.Static, e.StaticFs, echo.StaticDirectoryHandler) #2260

Enhancements

• Allow configuring ErrorHandler in CSRF middleware #2257
• Replace HTTP method constants in tests with stdlib constants #2247

v4.8.0 - 2022-08-10

Most notable things

You can now add any arbitrary HTTP method type as a route #2237

e.Add("COPY", "/*", func(c echo.Context) error 
  return c.String(http.StatusOK, "OK COPY")
})

You can add custom 404 handler for specific paths #2217

e.RouteNotFound("/*", func(c echo.Context) error { return c.NoContent(http.StatusNotFound) })
g := e.Group("/images")
g.RouteNotFound("/*", func(c echo.Context) error { return c.NoContent(http.StatusNotFound) })

Enhancements

• Add new value binding methods (UnixTimeMilli,TextUnmarshaler,JSONUnmarshaler) to Valuebinder #2127
• Refactor: body_limit middleware unit test #2145
• Refactor: Timeout mw: rework how test waits for timeout. #2187
• BasicAuth middleware returns 500 InternalServerError on invalid base64 strings but should return 400 #2191
• Refactor: duplicated findStaticChild process at findChildWithLabel #2176
• Allow different param names in different methods with same path scheme #2209
• Add support for registering handlers for different 404 routes #2217
• Middlewares should use errors.As() instead of type assertion on HTTPError #2227
• Allow arbitrary HTTP method types to be added as routes #2237

v4.7.2 - 2022-03-16

Fixes

• Fix nil pointer exception when calling Start again after address binding error #2131
• Fix CSRF middleware not being able to extract token from multipart/form-data form #2136
• Fix Timeout middleware write race #2126

... (truncated)

• 16d3b65 Changelog for 4.9.0
• 0ac4d74 Fix #2259 open redirect vulnerability in echo.StaticDirectoryHandler (used by...
• d77e8c0 Added ErrorHandler and ErrorHandlerWithContext in CSRF middleware (#2257)
• 534bbb8 replace POST constance with stdlib constance
• fb57d96 replace GET constance with stdlib constance
• d48197d Changelog for 4.8.0
• cba12a5 Allow arbitrary HTTP method types to be added as routes
• a327884 add:README.md-Third-party middlewares-github.com/go-woo/protoc-gen-echo
• 61422dd Update CI-flow (Go 1.19 +deps)
• a9879ff Middlewares should use errors.As() instead of type assertion on HTTPError
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from github.com/labstack/echo/v4's releases.

v4.8.0

Most notable things

You can now add any arbitrary HTTP method type as a route #2237

e.Add("COPY", "/*", func(c echo.Context) error 
  return c.String(http.StatusOK, "OK COPY")
})

You can add custom 404 handler for specific paths #2217

e.RouteNotFound("/*", func(c echo.Context) error { return c.NoContent(http.StatusNotFound) })
g := e.Group("/images")
g.RouteNotFound("/*", func(c echo.Context) error { return c.NoContent(http.StatusNotFound) })

Enhancements

• Add new value binding methods (UnixTimeMilli,TextUnmarshaler,JSONUnmarshaler) to Valuebinder #2127
• Refactor: body_limit middleware unit test #2145
• Refactor: Timeout mw: rework how test waits for timeout. #2187
• BasicAuth middleware returns 500 InternalServerError on invalid base64 strings but should return 400 #2191
• Refactor: duplicated findStaticChild process at findChildWithLabel #2176
• Allow different param names in different methods with same path scheme #2209
• Add support for registering handlers for different 404 routes #2217
• Middlewares should use errors.As() instead of type assertion on HTTPError #2227
• Allow arbitrary HTTP method types to be added as routes #2237

v4.7.2

Fixes

• Fix nil pointer exception when calling Start again after address binding error #2131
• Fix CSRF middleware not being able to extract token from multipart/form-data form #2136
• Fix Timeout middleware write race #2126

Enhancements

• Recover middleware should not log panic for aborted handler #2134

v4.7.1

Fixes

• Fix e.Static, .File(), c.Attachment() being picky with paths starting with ./, ../ and / after 4.7.0 introduced echo.Filesystem support (Go1.16+) #2123

Enhancements

• Remove some unused code #2116

... (truncated)

Sourced from github.com/labstack/echo/v4's changelog.

v4.8.0 - 2022-08-10

Most notable things

You can now add any arbitrary HTTP method type as a route #2237

e.Add("COPY", "/*", func(c echo.Context) error 
  return c.String(http.StatusOK, "OK COPY")
})

You can add custom 404 handler for specific paths #2217

e.RouteNotFound("/*", func(c echo.Context) error { return c.NoContent(http.StatusNotFound) })
g := e.Group("/images")
g.RouteNotFound("/*", func(c echo.Context) error { return c.NoContent(http.StatusNotFound) })

Enhancements

• Add new value binding methods (UnixTimeMilli,TextUnmarshaler,JSONUnmarshaler) to Valuebinder #2127
• Refactor: body_limit middleware unit test #2145
• Refactor: Timeout mw: rework how test waits for timeout. #2187
• BasicAuth middleware returns 500 InternalServerError on invalid base64 strings but should return 400 #2191
• Refactor: duplicated findStaticChild process at findChildWithLabel #2176
• Allow different param names in different methods with same path scheme #2209
• Add support for registering handlers for different 404 routes #2217
• Middlewares should use errors.As() instead of type assertion on HTTPError #2227
• Allow arbitrary HTTP method types to be added as routes #2237

v4.7.2 - 2022-03-16

Fixes

• Fix nil pointer exception when calling Start again after address binding error #2131
• Fix CSRF middleware not being able to extract token from multipart/form-data form #2136
• Fix Timeout middleware write race #2126

Enhancements

• Recover middleware should not log panic for aborted handler #2134

v4.7.1 - 2022-03-13

Fixes

• Fix e.Static, .File(), c.Attachment() being picky with paths starting with ./, ../ and / after 4.7.0 introduced echo.Filesystem support (Go1.16+) #2123

... (truncated)

• d48197d Changelog for 4.8.0
• cba12a5 Allow arbitrary HTTP method types to be added as routes
• a327884 add:README.md-Third-party middlewares-github.com/go-woo/protoc-gen-echo
• 61422dd Update CI-flow (Go 1.19 +deps)
• a9879ff Middlewares should use errors.As() instead of type assertion on HTTPError
• 70acd57 Fix case when routeNotFound handler is lost when new route is added to the ro...
• 690e339 Add support for registering handlers for 404 routes (#2217)
• 9bf1e3c Allow different param names in different methods with same path scheme (#2209)
• ddb66e1 Add logger middleware template variables: ${time_unix_milli} and `${time_un...
• 0644cd6 fix: duplicated findStaticChild process at findChildWithLabel (#2176)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from github.com/gin-gonic/gin's releases.

v1.8.1

Changelog

Features

• f197a8b feat(context): add ContextWithFallback feature flag (#3166) (#3172)

v1.8.0

Changelog

Break Changes

• TrustedProxies: Add default IPv6 support and refactor #2967. Please replace RemoteIP() (net.IP, bool) with RemoteIP() net.IP
• gin.Context with fallback value from gin.Context.Request.Context() #2751

BUGFIXES

• Fixed SetOutput() panics on go 1.17 #2861
• Fix: wrong when wildcard follows named param #2983
• Fix: missing sameSite when do context.reset() #3123

ENHANCEMENTS

• Use Header() instead of deprecated HeaderMap #2694
• RouterGroup.Handle regular match optimization of http method #2685
• Add support go-json, another drop-in json replacement #2680
• Use errors.New to replace fmt.Errorf will much better #2707
• Use Duration.Truncate for truncating precision #2711
• Get client IP when using Cloudflare #2723
• Optimize code adjust #2700
• Optimize code and reduce code cyclomatic complexity #2737
• gin.Context with fallback value from gin.Context.Request.Context() #2751
• Improve sliceValidateError.Error performance #2765
• Support custom struct tag #2720
• Improve router group tests #2787
• Fallback Context.Deadline() Context.Done() Context.Err() to Context.Request.Context() #2769
• Some codes optimize #2830 #2834 #2838 #2837 #2788 #2848 #2851 #2701
• Test(route): expose performRequest func #3012
• Support h2c with prior knowledge #1398
• Feat attachment filename support utf8 #3071
• Feat: add StaticFileFS #2749
• Feat(context): return GIN Context from Value method #2825
• Feat: automatically SetMode to TestMode when run go test #3139
• Add TOML bining for gin #3081
• IPv6 add default trusted proxies #3033

DOCS

• Add note about nomsgpack tag to the readme #2703

... (truncated)

Sourced from github.com/gin-gonic/gin's changelog.

Gin v1.8.1

ENHANCEMENTS

• feat(context): add ContextWithFallback feature flag #3172

Gin v1.8.0

Break Changes

• TrustedProxies: Add default IPv6 support and refactor #2967. Please replace RemoteIP() (net.IP, bool) with RemoteIP() net.IP
• gin.Context with fallback value from gin.Context.Request.Context() #2751

BUGFIXES

• Fixed SetOutput() panics on go 1.17 #2861
• Fix: wrong when wildcard follows named param #2983
• Fix: missing sameSite when do context.reset() #3123

ENHANCEMENTS

• Use Header() instead of deprecated HeaderMap #2694
• RouterGroup.Handle regular match optimization of http method #2685
• Add support go-json, another drop-in json replacement #2680
• Use errors.New to replace fmt.Errorf will much better #2707
• Use Duration.Truncate for truncating precision #2711
• Get client IP when using Cloudflare #2723
• Optimize code adjust #2700
• Optimize code and reduce code cyclomatic complexity #2737
• Improve sliceValidateError.Error performance #2765
• Support custom struct tag #2720
• Improve router group tests #2787
• Fallback Context.Deadline() Context.Done() Context.Err() to Context.Request.Context() #2769
• Some codes optimize #2830 #2834 #2838 #2837 #2788 #2848 #2851 #2701
• TrustedProxies: Add default IPv6 support and refactor #2967
• Test(route): expose performRequest func #3012
• Support h2c with prior knowledge #1398
• Feat attachment filename support utf8 #3071
• Feat: add StaticFileFS #2749
• Feat(context): return GIN Context from Value method #2825
• Feat: automatically SetMode to TestMode when run go test #3139
• Add TOML bining for gin #3081
• IPv6 add default trusted proxies #3033

DOCS

• Add note about nomsgpack tag to the readme #2703

• ed049dd docs: release v1.8.1 version (#3176)
• f197a8b feat(context): add ContextWithFallback feature flag (#3166) (#3172)
• 92ba8e1 fix: typo (#3171)
• 58303bd docs(changelog): add break changes section (#3170)
• 5fa3452 chore(deps): bump goreleaser/goreleaser-action from 2 to 3 (#3163)
• 38eb5ac add v1.8.0 changelog (#3160)
• 60e24d5 chore(CI/CD): add go version release flow (#3159)
• 4b68a5f chore: update go.mod and remove space from copyright (#3158)
• ed03102 [GIN-001] - Add TOML bining for gin (#3081)
• aa60021 Fix intercepting headers in middlewares (#1271)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from github.com/gin-gonic/gin's releases.

v1.8.0

Changelog

BUGFIXES

• Fixed SetOutput() panics on go 1.17 #2861
• Fix: wrong when wildcard follows named param #2983
• Fix: missing sameSite when do context.reset() #3123

ENHANCEMENTS

• Use Header() instead of deprecated HeaderMap #2694
• RouterGroup.Handle regular match optimization of http method #2685
• Add support go-json, another drop-in json replacement #2680
• Use errors.New to replace fmt.Errorf will much better #2707
• Use Duration.Truncate for truncating precision #2711
• Get client IP when using Cloudflare #2723
• Optimize code adjust #2700
• Optimize code and reduce code cyclomatic complexity #2737
• gin.Context with fallback value from gin.Context.Request.Context() #2751
• Improve sliceValidateError.Error performance #2765
• Support custom struct tag #2720
• Improve router group tests #2787
• Fallback Context.Deadline() Context.Done() Context.Err() to Context.Request.Context() #2769
• Some codes optimize #2830 #2834 #2838 #2837 #2788 #2848 #2851 #2701
• TrustedProxies: Add default IPv6 support and refactor #2967
• Test(route): expose performRequest func #3012
• Support h2c with prior knowledge #1398
• Feat attachment filename support utf8 #3071
• Feat: add StaticFileFS #2749
• Feat(context): return GIN Context from Value method #2825
• Feat: automatically SetMode to TestMode when run go test #3139
• Add TOML bining for gin #3081
• IPv6 add default trusted proxies #3033

DOCS

• Add note about nomsgpack tag to the readme #2703

Sourced from github.com/gin-gonic/gin's changelog.

Gin v1.8.0

BUGFIXES

• Fixed SetOutput() panics on go 1.17 #2861
• Fix: wrong when wildcard follows named param #2983
• Fix: missing sameSite when do context.reset() #3123

ENHANCEMENTS

• Use Header() instead of deprecated HeaderMap #2694
• RouterGroup.Handle regular match optimization of http method #2685
• Add support go-json, another drop-in json replacement #2680
• Use errors.New to replace fmt.Errorf will much better #2707
• Use Duration.Truncate for truncating precision #2711
• Get client IP when using Cloudflare #2723
• Optimize code adjust #2700
• Optimize code and reduce code cyclomatic complexity #2737
• gin.Context with fallback value from gin.Context.Request.Context() #2751
• Improve sliceValidateError.Error performance #2765
• Support custom struct tag #2720
• Improve router group tests #2787
• Fallback Context.Deadline() Context.Done() Context.Err() to Context.Request.Context() #2769
• Some codes optimize #2830 #2834 #2838 #2837 #2788 #2848 #2851 #2701
• TrustedProxies: Add default IPv6 support and refactor #2967
• Test(route): expose performRequest func #3012
• Support h2c with prior knowledge #1398
• Feat attachment filename support utf8 #3071
• Feat: add StaticFileFS #2749
• Feat(context): return GIN Context from Value method #2825
• Feat: automatically SetMode to TestMode when run go test #3139
• Add TOML bining for gin #3081
• IPv6 add default trusted proxies #3033

DOCS

• Add note about nomsgpack tag to the readme #2703

• 38eb5ac add v1.8.0 changelog (#3160)
• 60e24d5 chore(CI/CD): add go version release flow (#3159)
• 4b68a5f chore: update go.mod and remove space from copyright (#3158)
• ed03102 [GIN-001] - Add TOML bining for gin (#3081)
• aa60021 Fix intercepting headers in middlewares (#1271)
• 87811a9 fix: the trusted proxies should support ipv6 address by default (#3033)
• f1e9428 chore(deps): bump golangci/golangci-lint-action from 3.1.0 to 3.2.0 (#3150)
• ef687e0 feat: automatically SetMode to TestMode when run go test. (#3139)
• 90e7073 chore(deps): bump github/codeql-action from 1 to 2 (#3132)
• c131704 chore(deps): bump github.com/goccy/go-json from 0.9.6 to 0.9.7 (#3131)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from actions/cache's releases.

v3.0.1

• Added support for caching from GHES 3.5.
• Fixed download issue for files > 2GB during restore.

v3.0.0

• This change adds a minimum runner version(node12 -> node16), which can break users using an out-of-date/fork of the runner. This would be most commonly affecting users on GHES 3.3 or before, as those runners do not support node16 actions and they can use actions from github.com via github connect or manually copying the repo to their GHES instance.

• Few dependencies and cache action usage examples have also been updated.

v2.1.7

Support 10GB cache upload using the latest version 1.0.8 of @actions/cache

v2.1.6

• Catch unhandled "bad file descriptor" errors that sometimes occurs when the cache server returns non-successful response (actions/cache#596)

v2.1.5

• Fix permissions error seen when extracting caches with GNU tar that were previously created using BSD tar (actions/cache#527)

v2.1.4

• Make caching more verbose #650
• Use GNU tar on macOS if available #701

v2.1.3

• Upgrades @actions/core to v1.2.6 for CVE-2020-15228. This action was not using the affected methods.
• Fix error handling in uploadChunk where 400-level errors were not being detected and handled correctly

v2.1.2

• Adds input to limit the chunk upload size, useful for self-hosted runners with slower upload speeds
• No-op when executing on GHES

v2.1.1

• Update @actions/cache package to v1.0.2 which allows cache action to use posix format when taring files.

v2.1.0

• Replaces the http-client with the Azure Storage SDK for NodeJS when downloading cache content from Azure. This should help improve download performance and reliability as the SDK downloads files in 4 MB chunks, which can be parallelized and retried independently
• Display download progress and speed

Sourced from actions/cache's changelog.

3.0.1

• Added support for caching from GHES 3.5.
• Fixed download issue for files > 2GB during restore.

• 136d96b Enabling actions/cache for GHES based on presence of AC service (#774)
• 7d4f40b Bumping up the version to fix download issue for files > 2 GB. (#775)
• 2d8d0d1 Updated what's new. (#771)
• 7799d86 Updated the usage and docs to the major version release. (#770)
• 4b0cf6c Merge pull request #769 from actions/users/ashwinsangem/bump_major_version
• 60c606a Update licensed files
• b6e9a91 Revert "Updated to the latest version."
• c842503 Updated to the latest version.
• 2b7da2a Bumped up to a major version.
• deae296 Merge pull request #651 from magnetikonline/fix-golang-windows-example
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from github.com/labstack/echo/v4's releases.

v4.7.1

Fixes

• Fix e.Static, .File(), c.Attachment() being picky with paths starting with ./, ../ and / after 4.7.0 introduced echo.Filesystem support (Go1.16+) #2123

Enhancements

• Remove some unused code #2116

v4.7.0 - 2022-03-01

Enhancements

• Add JWT, KeyAuth, CSRF multivalue extractors #2060
• Add LogErrorFunc to recover middleware #2072
• Add support for HEAD method query params binding #2027
• Improve filesystem support with echo.FileFS, echo.StaticFS, group.FileFS, group.StaticFS #2064

Fixes

• Fix X-Real-IP bug, improve tests #2007
• Minor syntax fixes #1994, #2102, #2102

General

• Add cache-control and connection headers #2103
• Add Retry-After header constant #2078
• Upgrade go directive in go.mod to 1.17 #2049
• Add Pagoda #2077 and Souin #2069 to 3rd-party middlewares in README

v4.6.3 - Fix Echo version number

Fixes

• Fixed Echo version number in greeting message which was not incremented to 4.6.2 #2066

v4.6.2

Fixes

• Fixed route containing escaped colon should be matchable but is not matched to request path #2047
• Fixed a problem that returned wrong content-encoding when the gzip compressed content was empty. #1921
• Update (test) dependencies #2021

Enhancements

• Add support for configurable target header for the request_id middleware #2040
• Change decompress middleware to use stream decompression instead of buffering #2018
• Documentation updates

Sourced from github.com/labstack/echo/v4's changelog.

v4.7.1 - 2022-03-13

Fixes

• Fix e.Static, .File(), c.Attachment() being picky with paths starting with ./, ../ and / after 4.7.0 introduced echo.Filesystem support (Go1.16+) #2123

Enhancements

• Remove some unused code #2116

v4.7.0 - 2022-03-01

Enhancements

• Add JWT, KeyAuth, CSRF multivalue extractors #2060
• Add LogErrorFunc to recover middleware #2072
• Add support for HEAD method query params binding #2027
• Improve filesystem support with echo.FileFS, echo.StaticFS, group.FileFS, group.StaticFS #2064

Fixes

• Fix X-Real-IP bug, improve tests #2007
• Minor syntax fixes #1994, #2102, #2102

General

• Add cache-control and connection headers #2103
• Add Retry-After header constant #2078
• Upgrade go directive in go.mod to 1.17 #2049
• Add Pagoda #2077 and Souin #2069 to 3rd-party middlewares in README

v4.6.3 - 2022-01-10

Fixes

• Fixed Echo version number in greeting message which was not incremented to 4.6.2 #2066

v4.6.2 - 2022-01-08

Fixes

• Fixed route containing escaped colon should be matchable but is not matched to request path #2047
• Fixed a problem that returned wrong content-encoding when the gzip compressed content was empty. #1921
• Update (test) dependencies #2021

Enhancements

... (truncated)

• b445958 Update version and changelog for 4.7.1
• 54efc38 remove some unused code (#2116)
• 3f5b733 Fix e.Static, .File(), c.Attachment() being picky with paths starting w...
• 5ebed44 Update version to v4.7.0
• da85d23 Revert "Update direct golang deps"
• d66712b Update direct golang deps
• 7e719b4 Add cache-control and connection headers (#2103)
• 124825e Bugfix/1834 Fix X-Real-IP bug (#2007)
• 27b404b remove unused notFoundHandler in echo struct (#2102)
• 6cb3b7c remove redundant 0 in make chan (#2101)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from github.com/labstack/echo/v4's releases.

v4.7.0 - 2022-03-01

Enhancements

• Add JWT, KeyAuth, CSRF multivalue extractors #2060
• Add LogErrorFunc to recover middleware #2072
• Add support for HEAD method query params binding #2027
• Improve filesystem support with echo.FileFS, echo.StaticFS, group.FileFS, group.StaticFS #2064

Fixes

• Fix X-Real-IP bug, improve tests #2007
• Minor syntax fixes #1994, #2102, #2102

General

• Add cache-control and connection headers #2103
• Add Retry-After header constant #2078
• Upgrade go directive in go.mod to 1.17 #2049
• Add Pagoda #2077 and Souin #2069 to 3rd-party middlewares in README

v4.6.3 - Fix Echo version number

Fixes

• Fixed Echo version number in greeting message which was not incremented to 4.6.2 #2066

v4.6.2

Fixes

• Fixed route containing escaped colon should be matchable but is not matched to request path #2047
• Fixed a problem that returned wrong content-encoding when the gzip compressed content was empty. #1921
• Update (test) dependencies #2021

Enhancements

• Add support for configurable target header for the request_id middleware #2040
• Change decompress middleware to use stream decompression instead of buffering #2018
• Documentation updates

Sourced from github.com/labstack/echo/v4's changelog.

v4.7.0 - 2022-03-01

Enhancements

• Add JWT, KeyAuth, CSRF multivalue extractors #2060
• Add LogErrorFunc to recover middleware #2072
• Add support for HEAD method query params binding #2027
• Improve filesystem support with echo.FileFS, echo.StaticFS, group.FileFS, group.StaticFS #2064

Fixes

• Fix X-Real-IP bug, improve tests #2007
• Minor syntax fixes #1994, #2102, #2102

General

• Add cache-control and connection headers #2103
• Add Retry-After header constant #2078
• Upgrade go directive in go.mod to 1.17 #2049
• Add Pagoda #2077 and Souin #2069 to 3rd-party middlewares in README

v4.6.3 - 2022-01-10

Fixes

• Fixed Echo version number in greeting message which was not incremented to 4.6.2 #2066

v4.6.2 - 2022-01-08

Fixes

• Fixed route containing escaped colon should be matchable but is not matched to request path #2047
• Fixed a problem that returned wrong content-encoding when the gzip compressed content was empty. #1921
• Update (test) dependencies #2021

Enhancements

• Add support for configurable target header for the request_id middleware #2040
• Change decompress middleware to use stream decompression instead of buffering #2018
• Documentation updates

• 5ebed44 Update version to v4.7.0
• da85d23 Revert "Update direct golang deps"
• d66712b Update direct golang deps
• 7e719b4 Add cache-control and connection headers (#2103)
• 124825e Bugfix/1834 Fix X-Real-IP bug (#2007)
• 27b404b remove unused notFoundHandler in echo struct (#2102)
• 6cb3b7c remove redundant 0 in make chan (#2101)
• 4a1ccdf JWT, KeyAuth, CSRF multivalue extractors (#2060)
• 9e9924d build: upgrade go directive in go.mod to 1.17 (#2049)
• feaa6ed improve comments
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from actions/checkout's releases.

v3.0.0

• Update default runtime to node16

v2.4.0

• Convert SSH URLs like org-<ORG_ID>@github.com: to https://github.com/ - pr

v2.3.5

Update dependencies

v2.3.4

• Add missing awaits
• Swap to Environment Files

v2.3.3

• Remove Unneeded commit information from build logs
• Add Licensed to verify third party dependencies

v2.3.2

Add Third Party License Information to Dist Files

v2.3.1

Fix default branch resolution for .wiki and when using SSH

v2.3.0

Fallback to the default branch

v2.2.0

Fetch all history for all tags and branches when fetch-depth=0

v2.1.1

Changes to support GHES (here and here)

v2.1.0

• Group output
• Changes to support GHES alpha release
• Persist core.sshCommand for submodules
• Add support ssh
• Convert submodule SSH URL to HTTPS, when not using SSH
• Add submodule support
• Follow proxy settings
• Fix ref for pr closed event when a pr is merged
• Fix issue checking detached when git less than 2.22

Sourced from actions/checkout's changelog.

Changelog

v2.3.1

• Fix default branch resolution for .wiki and when using SSH

v2.3.0

• Fallback to the default branch

v2.2.0

• Fetch all history for all tags and branches when fetch-depth=0

v2.1.1

• Changes to support GHES (here and here)

v2.1.0

• Group output
• Changes to support GHES alpha release
• Persist core.sshCommand for submodules
• Add support ssh
• Convert submodule SSH URL to HTTPS, when not using SSH
• Add submodule support
• Follow proxy settings
• Fix ref for pr closed event when a pr is merged
• Fix issue checking detached when git less than 2.22

v2.0.0

• Do not pass cred on command line
• Add input persist-credentials
• Fallback to REST API to download repo

• a12a394 update readme for v3 (#708)
• 8f9e05e Update to node 16 (#689)
• 230611d Change secret name for PAT to not start with GITHUB_ (#623)
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from golangci/golangci-lint-action's releases.

v3.0.0

What's Changed

• Fix grammar in action.yml by @​abennett in golangci/golangci-lint-action#356
• Add description for permissions settings by @​sg0hsmt in golangci/golangci-lint-action#298
• Remove Setup-Go by @​StevenACoffman in golangci/golangci-lint-action#403
• Update all direct dependencies by @​SVilgelm in golangci/golangci-lint-action#404
• 139 Dependabot updates

New Contributors

• @​abennett made their first contribution in golangci/golangci-lint-action#356
• @​sg0hsmt made their first contribution in golangci/golangci-lint-action#298
• @​StevenACoffman made their first contribution in golangci/golangci-lint-action#403

Full Changelog: https://github.com/golangci/golangci-lint-action/compare/v2...v3.0.0

Bump version v2.5.2

Bug fixes

• 5c56cd6 Extract and don't mangle User Args. (#200)

Dependencies

• e3c53fe bump @​typescript-eslint/eslint-plugin (#194)
• 3b9f80e bump @​typescript-eslint/parser from 4.18.0 to 4.19.0 (#195)
• 9845713 bump @​types/node from 14.14.35 to 14.14.37 (#197)
• e789ee1 bump eslint from 7.22.0 to 7.23.0 (#196)
• f2e9a96 bump @​typescript-eslint/eslint-plugin (#188)
• 818081a bump @​types/node from 14.14.34 to 14.14.35 (#189)
• 6671836 bump @​typescript-eslint/parser from 4.17.0 to 4.18.0 (#190)
• 526907e bump @​typescript-eslint/parser from 4.16.1 to 4.17.0 (#185)
• 6b6ba16 bump @​typescript-eslint/eslint-plugin (#186)
• 9cab4ef bump eslint from 7.21.0 to 7.22.0 (#187)
• 0c76572 bump @​types/node from 14.14.32 to 14.14.34 (#184)
• 0dfde21 bump @​typescript-eslint/parser from 4.15.2 to 4.16.1 (#182)
• 9dcf389 bump typescript from 4.2.2 to 4.2.3 (#181)
• 34d3904 bump @​types/node from 14.14.31 to 14.14.32 (#180)
• e30b22f bump @​typescript-eslint/eslint-plugin (#179)
• 8f30d25 bump eslint from 7.20.0 to 7.21.0 (#177)
• 0b64a40 bump @​typescript-eslint/parser from 4.15.1 to 4.15.2 (#176)
• 973b3a3 bump eslint-config-prettier from 8.0.0 to 8.1.0 (#178)
• 6ea3de1 bump @​typescript-eslint/eslint-plugin (#175)
• 6eec6af bump typescript from 4.1.5 to 4.2.2 (#174)

v2.5.1

Bug fixes:

• d9f0e73 Check that go.mod exists in reading the version (#173)

v2.5.0

New Features:

• 51485a4 Try to get version from go.mod file (#118)

... (truncated)

• c675eb7 Update all direct dependencies (#404)
• 423fbaf Remove Setup-Go (#403)
• bcfc6f9 build(deps-dev): bump eslint-plugin-import from 2.25.3 to 2.25.4 (#402)
• d34ac2a build(deps): bump setup-go from v2.1.4 to v2.2.0 (#401)
• e4b538e build(deps-dev): bump @​types/node from 16.11.10 to 17.0.19 (#400)
• a288c0d build(deps): bump @​actions/cache from 1.0.8 to 1.0.9 (#399)
• b7a34f8 build(deps): bump @​types/tmp from 0.2.2 to 0.2.3 (#398)
• 129bcf9 build(deps-dev): bump @​types/uuid from 8.3.3 to 8.3.4 (#397)
• 153576c build(deps-dev): bump eslint-config-prettier from 8.3.0 to 8.4.0 (#396)
• a9a9dff build(deps): bump ansi-regex from 5.0.0 to 5.0.1 (#395)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from github.com/labstack/echo/v4's releases.

v4.6.3 - Fix Echo version number

Fixes

• Fixed Echo version number in greeting message which was not incremented to 4.6.2 #2066

v4.6.2

Fixes

• Fixed route containing escaped colon should be matchable but is not matched to request path #2047
• Fixed a problem that returned wrong content-encoding when the gzip compressed content was empty. #1921
• Update (test) dependencies #2021

Enhancements

• Add support for configurable target header for the request_id middleware #2040
• Change decompress middleware to use stream decompression instead of buffering #2018
• Documentation updates

Sourced from github.com/labstack/echo/v4's changelog.

v4.6.3 - 2022-01-10

Fixes

• Fixed Echo version number in greeting message which was not incremented to 4.6.2 #2066

v4.6.2 - 2022-01-08

Fixes

• Fixed route containing escaped colon should be matchable but is not matched to request path #2047
• Fixed a problem that returned wrong content-encoding when the gzip compressed content was empty. #1921
• Update (test) dependencies #2021

Enhancements

• Add support for configurable target header for the request_id middleware #2040
• Change decompress middleware to use stream decompression instead of buffering #2018
• Documentation updates

• 04e5981 Fix Echo version number which was not incremented with Release 4.6.2. Now bum...
• 6b5e62b fix: route containing escaped colon should be matchable but is not matched to...
• 7bde9ae Fixed a problem that returned wrong content-encoding when the gzip compressed...
• c32fafa Add support for configurable target header for the request_id middleware
• b437ee3 stream decompression instead of buffering (#2018)
• 902c553 Added comments for RateLimiterMemoryStoreConfig and RateLimiterMemoryStore
• 3f09966 removed unnecessary comments
• bd29ef9 added references to Limiter docs for 0-1 behaviour
• 8b4cce5 Sort import order on example in README.md
• 0c4ad86 update dependencies
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from github.com/labstack/echo/v4's releases.

v4.10.0

Security

• We are deprecating JWT middleware in this repository. Please use https://github.com/labstack/echo-jwt instead.

  JWT middleware is moved to separate repository to allow us to bump/upgrade version of JWT implementation (github.com/golang-jwt/jwt) we are using which we can not do in Echo core because this would break backwards compatibility guarantees we try to maintain.

• This minor version bumps minimum Go version to 1.17 (from 1.16) due golang.org/x/ packages we depend on. There are several vulnerabilities fixed in these libraries.

  Echo still tries to support last 4 Go versions but there are occasions we can not guarantee this promise.

Enhancements

• Bump x/text to 0.3.8 #2305
• Bump dependencies and add notes about Go releases we support #2336
• Add helper interface for ProxyBalancer interface #2316
• Expose middleware.CreateExtractors function so we can use it from echo-contrib repository #2338
• Refactor func(Context) error to HandlerFunc #2315
• Improve function comments #2329
• Add new method HTTPError.WithInternal #2340
• Replace io/ioutil package usages #2342
• Add staticcheck to CI flow #2343
• Replace relative path determination from proprietary to std #2345
• Remove square brackets from ipv6 addresses in XFF (X-Forwarded-For header) #2182
• Add testcases for some BodyLimit middleware configuration options #2350
• Additional configuration options for RequestLogger and Logger middleware #2341
• Add route to request log #2162
• GitHub Workflows security hardening #2358
• Add govulncheck to CI and bump dependencies #2362
• Fix rate limiter docs #2366
• Refactor how e.Routes() work and introduce e.OnAddRouteHandler callback #2337

v4.9.1

Fixes

• Fix logger panicing (when template is set to empty) by bumping dependency version #2295

Enhancements

• Improve CORS documentation #2272
• Update readme about supported Go versions #2291
• Tests: improve error handling on closing body #2254
• Tests: refactor some of the assertions in tests #2275
• Tests: refactor assertions #2301

v4.9.0

Security

• Fix open redirect vulnerability in handlers serving static directories (e.Static, e.StaticFs, echo.StaticDirectoryHandler) #2260

... (truncated)

Sourced from github.com/labstack/echo/v4's changelog.

v4.10.0 - 2022-12-27

Security

• We are deprecating JWT middleware in this repository. Please use https://github.com/labstack/echo-jwt instead.

  JWT middleware is moved to separate repository to allow us to bump/upgrade version of JWT implementation (github.com/golang-jwt/jwt) we are using which we can not do in Echo core because this would break backwards compatibility guarantees we try to maintain.

• This minor version bumps minimum Go version to 1.17 (from 1.16) due golang.org/x/ packages we depend on. There are several vulnerabilities fixed in these libraries.

  Echo still tries to support last 4 Go versions but there are occasions we can not guarantee this promise.

Enhancements

• Bump x/text to 0.3.8 #2305
• Bump dependencies and add notes about Go releases we support #2336
• Add helper interface for ProxyBalancer interface #2316
• Expose middleware.CreateExtractors function so we can use it from echo-contrib repository #2338
• Refactor func(Context) error to HandlerFunc #2315
• Improve function comments #2329
• Add new method HTTPError.WithInternal #2340
• Replace io/ioutil package usages #2342
• Add staticcheck to CI flow #2343
• Replace relative path determination from proprietary to std #2345
• Remove square brackets from ipv6 addresses in XFF (X-Forwarded-For header) #2182
• Add testcases for some BodyLimit middleware configuration options #2350
• Additional configuration options for RequestLogger and Logger middleware #2341
• Add route to request log #2162
• GitHub Workflows security hardening #2358
• Add govulncheck to CI and bump dependencies #2362
• Fix rate limiter docs #2366
• Refactor how e.Routes() work and introduce e.OnAddRouteHandler callback #2337

v4.9.1 - 2022-10-12

Fixes

• Fix logger panicing (when template is set to empty) by bumping dependency version #2295

Enhancements

• Improve CORS documentation #2272
• Update readme about supported Go versions #2291
• Tests: improve error handling on closing body #2254
• Tests: refactor some of the assertions in tests #2275
• Tests: refactor assertions #2301

... (truncated)

• f36d566 Changelog for 4.10.0
• a69727e Mark JWT middleware deprecated
• 0056cc8 Improve comments wording
• 45402bb Add echo.OnAddRouteHandler field. As name says - this handler is called when ...
• f1cf1ec Fix adding route with host overwrites default host route with same method+pat...
• 895121d Fix rate limiter docs (#2366)
• abecadc Merge pull request #2362 from aldas/add_govulncheck_2_ci
• bc75cc2 Add govulncheck to CI and bump dependencies. Refactor GitHub workflows.
• 40eb889 build: harden echo.yml permissions
• 135c511 Add request route with "route" tag to logger middleware (#2162)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from github.com/gin-gonic/gin's releases.

v1.8.2

Changelog

Bug fixes

• 0c2a691 fix(engine): missing route params for CreateTestContext (#2778) (#2803)
• e305e21 fix(route): redirectSlash bug (#3227)

Others

• 6a2a260 Fix the GO-2022-1144 vulnerability (#3432)

v1.8.1

Changelog

Features

• f197a8b feat(context): add ContextWithFallback feature flag (#3166) (#3172)

v1.8.0

Changelog

Break Changes

• TrustedProxies: Add default IPv6 support and refactor #2967. Please replace RemoteIP() (net.IP, bool) with RemoteIP() net.IP
• gin.Context with fallback value from gin.Context.Request.Context() #2751

BUGFIXES

• Fixed SetOutput() panics on go 1.17 #2861
• Fix: wrong when wildcard follows named param #2983
• Fix: missing sameSite when do context.reset() #3123

ENHANCEMENTS

• Use Header() instead of deprecated HeaderMap #2694
• RouterGroup.Handle regular match optimization of http method #2685
• Add support go-json, another drop-in json replacement #2680
• Use errors.New to replace fmt.Errorf will much better #2707
• Use Duration.Truncate for truncating precision #2711
• Get client IP when using Cloudflare #2723
• Optimize code adjust #2700
• Optimize code and reduce code cyclomatic complexity #2737
• gin.Context with fallback value from gin.Context.Request.Context() #2751
• Improve sliceValidateError.Error performance #2765
• Support custom struct tag #2720
• Improve router group tests #2787
• Fallback Context.Deadline() Context.Done() Context.Err() to Context.Request.Context() #2769
• Some codes optimize #2830 #2834 #2838 #2837 #2788 #2848 #2851 #2701
• Test(route): expose performRequest func #3012
• Support h2c with prior knowledge #1398

... (truncated)

Sourced from github.com/gin-gonic/gin's changelog.

Gin v1.8.2

Bugs

• fix(route): redirectSlash bug (#3227)
• fix(engine): missing route params for CreateTestContext (#2778) (#2803)

Security

• Fix the GO-2022-1144 vulnerability (#3432)

Gin v1.8.1

ENHANCEMENTS

• feat(context): add ContextWithFallback feature flag #3172

Gin v1.8.0

Break Changes

• TrustedProxies: Add default IPv6 support and refactor #2967. Please replace RemoteIP() (net.IP, bool) with RemoteIP() net.IP
• gin.Context with fallback value from gin.Context.Request.Context() #2751

BUGFIXES

• Fixed SetOutput() panics on go 1.17 #2861
• Fix: wrong when wildcard follows named param #2983
• Fix: missing sameSite when do context.reset() #3123

ENHANCEMENTS

• Use Header() instead of deprecated HeaderMap #2694
• RouterGroup.Handle regular match optimization of http method #2685
• Add support go-json, another drop-in json replacement #2680
• Use errors.New to replace fmt.Errorf will much better #2707
• Use Duration.Truncate for truncating precision #2711
• Get client IP when using Cloudflare #2723
• Optimize code adjust #2700
• Optimize code and reduce code cyclomatic complexity #2737
• Improve sliceValidateError.Error performance #2765
• Support custom struct tag #2720
• Improve router group tests #2787
• Fallback Context.Deadline() Context.Done() Context.Err() to Context.Request.Context() #2769
• Some codes optimize #2830 #2834 #2838 #2837 #2788 #2848 #2851 #2701
• TrustedProxies: Add default IPv6 support and refactor #2967
• Test(route): expose performRequest func #3012
• Support h2c with prior knowledge #1398
• Feat attachment filename support utf8 #3071
• Feat: add StaticFileFS #2749

... (truncated)

• 6a2a260 Fix the GO-2022-1144 vulnerability (#3432)
• f38c9c8 docs(readme): release v1.8.2 version (#3420)
• 0c2a691 fix(engine): missing route params for CreateTestContext (#2778) (#2803)
• e305e21 fix(route): redirectSlash bug (#3227)
• ed049dd docs: release v1.8.1 version (#3176)
• f197a8b feat(context): add ContextWithFallback feature flag (#3166) (#3172)
• 92ba8e1 fix: typo (#3171)
• 58303bd docs(changelog): add break changes section (#3170)
• 5fa3452 chore(deps): bump goreleaser/goreleaser-action from 2 to 3 (#3163)
• 38eb5ac add v1.8.0 changelog (#3160)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

• a3920d7 Merge pull request #176 from jwtracy/master
• 36628a9 Update daaku/go.zipexe package version
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from actions/cache's releases.

v3.0.11

What's Changed

• Call out cache not saved on hit by @​Phantsure in actions/cache#946
• Update @​actions/core to 1.10.0 by @​rentziass in actions/cache#950
• Update cache to use @​actions/core@^1.10.0 by @​pdotl in actions/cache#956

New Contributors

• @​rentziass made their first contribution in actions/cache#950

Full Changelog: https://github.com/actions/cache/compare/v3...v3.0.11

v3.0.10

• Fix a bug with sorting inputs.
• Update definition for restore-keys in README.md

v3.0.9

• Enhanced the warning message for cache unavailability in case of GHES.

v3.0.8

What's Changed

• Fix zstd not working for windows on gnu tar in issues.
• Allow users to provide a custom timeout as input for aborting cache segment download using the environment variable SEGMENT_DOWNLOAD_TIMEOUT_MIN. Default is 60 minutes.

v3.0.7

What's Changed

• Fix for the download stuck problem has been added in actions/cache for users who were intermittently facing the issue. As part of this fix, new timeout has been introduced in the download step to stop the download if it doesn't complete within an hour and run the rest of the workflow without erroring out.

v3.0.6

What's Changed

• Add example for clojure lein project dependencies by @​shivamarora1 in PR actions/cache#835
• Update toolkit's cache npm module to latest. Bump cache version to v3.0.6 by @​pdotl in PR actions/cache#887
• Fix issue #809 where cache save/restore was failing for Amazon Linux 2 runners due to older tar version
• Fix issue #833 where cache save was not working for caching github workspace directory

New Contributors

• @​shivamarora1 made their first contribution in actions/cache#835
• @​pdotl made their first contribution in actions/cache#887

Full Changelog: https://github.com/actions/cache/compare/v3...v3.0.6

v3.0.5

Removed error handling by consuming actions/cache 3.0 toolkit, Now cache server error handling will be done by toolkit.

v3.0.4

In this release, we have fixed the tar creation error while trying to create it with path as ~/ home folder on ubuntu-latest.

v3.0.3

Fixed avoiding empty cache save when no files are available for caching. (actions/cache#624)

v3.0.2

... (truncated)

Sourced from actions/cache's changelog.

3.0.11

• Update toolkit version to 3.0.5 to include @actions/core@^1.10.0
• Update @actions/cache to use updated saveState and setOutput functions from @actions/core@^1.10.0

• 9b0c1fc Merge pull request #956 from actions/pdotl-version-bump
• 18103f6 Fix licensed status error
• 3e383cd Update RELEASES
• 43428ea toolkit versioon update and version bump for cache
• 1c73980 3.0.11
• a3f5edc Merge pull request #950 from rentziass/rentziass/update-actions-core
• 831ee69 Update licenses
• b9c8bfe Update @​actions/core to 1.10.0
• 0f20846 Merge pull request #946 from actions/Phantsure-patch-2
• 862fc14 Update README.md
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from actions/checkout's releases.

v3.1.0

What's Changed

• Inject GitHub host to be able to clone from another GitHub instance by @​peter-murray in actions/checkout#922
• Bump @​actions/core to 1.10.0 by @​rentziass in actions/checkout#939

New Contributors

• @​peter-murray made their first contribution in actions/checkout#922
• @​rentziass made their first contribution in actions/checkout#939

Full Changelog: https://github.com/actions/checkout/compare/v3.0.2...v3.1.0

v3.0.2

What's Changed

• Add set-safe-directory input to allow customers to take control. by @​TingluoHuang in actions/checkout#770
• Prepare changelog for v3.0.2. by @​TingluoHuang in actions/checkout#777

Full Changelog: https://github.com/actions/checkout/compare/v3...v3.0.2

v3.0.1

• Fixed an issue where checkout failed to run in container jobs due to the new git setting safe.directory
• Bumped various npm package versions

v3.0.0

• Updated to the node16 runtime by default
  • This requires a minimum Actions Runner version of v2.285.0 to run, which is by default available in GHES 3.4 or later.

v2.4.2

What's Changed

• Add set-safe-directory input to allow customers to take control. (#770) by @​TingluoHuang in actions/checkout#776
• Prepare changelog for v2.4.2. by @​TingluoHuang in actions/checkout#778

Full Changelog: https://github.com/actions/checkout/compare/v2...v2.4.2

v2.4.1

• Fixed an issue where checkout failed to run in container jobs due to the new git setting safe.directory

v2.4.0

• Convert SSH URLs like org-<ORG_ID>@github.com: to https://github.com/ - pr

v2.3.5

Update dependencies

v2.3.4

• Add missing awaits
• Swap to Environment Files

v2.3.3

• Remove Unneeded commit information from build logs

... (truncated)

Sourced from actions/checkout's changelog.

v3.1.0

• Use @​actions/core saveState and getState
• Add github-server-url input

v3.0.2

• Add input set-safe-directory

v3.0.1

• Fixed an issue where checkout failed to run in container jobs due to the new git setting safe.directory
• Bumped various npm package versions

v3.0.0

• Update to node 16

v2.3.1

• Fix default branch resolution for .wiki and when using SSH

v2.3.0

• Fallback to the default branch

v2.2.0

• Fetch all history for all tags and branches when fetch-depth=0

v2.1.1

• Changes to support GHES (here and here)

v2.1.0

• Group output
• Changes to support GHES alpha release
• Persist core.sshCommand for submodules
• Add support ssh
• Convert submodule SSH URL to HTTPS, when not using SSH
• Add submodule support
• Follow proxy settings
• Fix ref for pr closed event when a pr is merged
• Fix issue checking detached when git less than 2.22

v2.0.0

• Do not pass cred on command line
• Add input persist-credentials
• Fallback to REST API to download repo

• 93ea575 Prepare release v3.1.0 (#940)
• 6a84743 Bump @​actions/core to 1.10.0 (#939)
• e6d535c Inject GitHub host to be able to clone from another GitHub instance (#922)
• 2541b12 Prepare changelog for v3.0.2. (#777)
• 0ffe6f9 Add set-safe-directory input to allow customers to take control. (#770)
• dcd71f6 Enforce safe directory (#762)
• add3486 Patch to fix the dependbot alert. (#744)
• 5126516 Bump minimist from 1.2.5 to 1.2.6 (#741)
• d50f8ea Add v3.0 release information to changelog (#740)
• 2d1c119 update test workflows to checkout v3 (#709)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from actions/setup-go's releases.

v3.0.0

What's Changed

• Update default runtime to node16 (actions/setup-go#192)
• Update package-lock.json file version to 2 (actions/setup-go#193) and @types/node to 16.11.25 (actions/setup-go#194)
• Remove the stable input and fix SemVer notation (actions/setup-go#195)

Breaking Changes

With the update to Node 16, all scripts will now be run with Node 16 rather than Node 12.

This new major release removes the stable input, so there is no need to specify additional input to use pre-release versions. This release also corrects the pre-release versions syntax to satisfy the SemVer notation (1.18.0-beta1 -> 1.18.0-beta.1, 1.18.0-rc1 -> 1.18.0-rc.1).

steps:
  - uses: actions/checkout@v2
  - uses: actions/setup-go@v3
    with:
      go-version: '1.18.0-rc.1' 
  - run: go version

Add check-latest input

In scope of this release we add the check-latest input. If check-latest is set to true, the action first checks if the cached version is the latest one. If the locally cached version is not the most up-to-date, a Go version will then be downloaded from go-versions repository. By default check-latest is set to false. Example of usage:

steps:
  - uses: actions/checkout@v2
  - uses: actions/setup-go@v2
    with:
      go-version: '1.16'
      check-latest: true
  - run: go version

Moreover, we updated @actions/core from 1.2.6 to 1.6.0

v2.1.5

In scope of this release we updated matchers.json to improve the problem matcher pattern. For more information please refer to this pull request

v2.1.4

What's Changed

• Fix extractor selection on windows by @​paulcacheux in actions/setup-go#141

New Contributors

• @​paulcacheux made their first contribution in actions/setup-go#141

Full Changelog: https://github.com/actions/setup-go/compare/v2.1.3...v2.1.4

v2.1.3

• Updated communication with runner to use environment files rather then workflow commands

v2.1.2

This release includes vendored licenses for this action's npm dependencies.

... (truncated)

• f6164bd Remove stable input and fix SemVer notation (#195)
• 2bb2aab update types node (#194)
• edcbc0c update lockfileVersion (#193)
• fb9a043 Update default runtime to node16 (#192)
• 5b0ae0e Bump pathval from 1.1.0 to 1.1.1 (#188)
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)