fix(deps): update module github.com/labstack/echo/v4 to v4.13.3 - abandoned

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
github.com/labstack/echo/v4	v4.11.4 -> v4.13.3
github.com/labstack/echo/v4	v4.11.3 -> v4.13.3

---

Release Notes

labstack/echo (github.com/labstack/echo/v4)

v4.13.3

Compare Source

Security

• Update golang.org/x/net dependency GO-2024-3333 in https://github.com/labstack/echo/pull/2722

v4.13.2

Compare Source

Security

• Update dependencies (dependabot reports GO-2024-3321) in https://github.com/labstack/echo/pull/2721

v4.13.1

Compare Source

Fixes

• Fix BindBody ignoring Transfer-Encoding: chunked requests by @​178inaba in https://github.com/labstack/echo/pull/2717

v4.13.0

Compare Source

BREAKING CHANGE JWT Middleware Removed from Core use labstack/echo-jwt instead

The JWT middleware has been removed from Echo core due to another security vulnerability, CVE-2024-51744. For more details, refer to issue #​2699. A drop-in replacement is available in the labstack/echo-jwt repository.

Important: Direct assignments like token := c.Get("user").(*jwt.Token) will now cause a panic due to an invalid cast. Update your code accordingly. Replace the current imports from "github.com/golang-jwt/jwt" in your handlers to the new middleware version using "github.com/golang-jwt/jwt/v5".

Background:

The version of golang-jwt/jwt (v3.2.2) previously used in Echo core has been in an unmaintained state for some time. This is not the first vulnerability affecting this library; earlier issues were addressed in PR #​1946.
JWT middleware was marked as deprecated in Echo core as of v4.10.0 on 2022-12-27. If you did not notice that, consider leveraging tools like Staticcheck to catch such deprecations earlier in you dev/CI flow. For bonus points - check out gosec.

We sincerely apologize for any inconvenience caused by this change. While we strive to maintain backward compatibility within Echo core, recurring security issues with third-party dependencies have forced this decision.

Enhancements

• remove jwt middleware by @​stevenwhitehead in https://github.com/labstack/echo/pull/2701
• optimization: struct alignment by @​behnambm in https://github.com/labstack/echo/pull/2636
• bind: Maintain backwards compatibility for map[string]interface{} binding by @​thesaltree in https://github.com/labstack/echo/pull/2656
• Add Go 1.23 to CI by @​aldas in https://github.com/labstack/echo/pull/2675
• improve MultipartForm test by @​martinyonatann in https://github.com/labstack/echo/pull/2682
• bind : add support of multipart multi files by @​martinyonatann in https://github.com/labstack/echo/pull/2684
• Add TemplateRenderer struct to ease creating renderers for html/template and text/template packages. by @​aldas in https://github.com/labstack/echo/pull/2690
• Refactor TestBasicAuth to utilize table-driven test format by @​ErikOlson in https://github.com/labstack/echo/pull/2688
• Remove broken header by @​aldas in https://github.com/labstack/echo/pull/2705
• fix(bind body): content-length can be -1 by @​phamvinhdat in https://github.com/labstack/echo/pull/2710
• CORS middleware should compile allowOrigin regexp at creation by @​aldas in https://github.com/labstack/echo/pull/2709
• Shorten Github issue template and add test example by @​aldas in https://github.com/labstack/echo/pull/2711

v4.12.0

Compare Source

Security

• Update golang.org/x/net dep because of GO-2024-2687 by @​aldas in https://github.com/labstack/echo/pull/2625

Enhancements

• binder: make binding to Map work better with string destinations by @​aldas in https://github.com/labstack/echo/pull/2554
• README.md: add Encore as sponsor by @​marcuskohlberg in https://github.com/labstack/echo/pull/2579
• Reorder paragraphs in README.md by @​aldas in https://github.com/labstack/echo/pull/2581
• CI: upgrade actions/checkout to v4 by @​aldas in https://github.com/labstack/echo/pull/2584
• Remove default charset from 'application/json' Content-Type header by @​doortts in https://github.com/labstack/echo/pull/2568
• CI: Use Go 1.22 by @​aldas in https://github.com/labstack/echo/pull/2588
• binder: allow binding to a nil map by @​georgmu in https://github.com/labstack/echo/pull/2574
• Add Skipper Unit Test In BasicBasicAuthConfig and Add More Detail Explanation regarding BasicAuthValidator by @​RyoKusnadi in https://github.com/labstack/echo/pull/2461
• fix some typos by @​teslaedison in https://github.com/labstack/echo/pull/2603
• fix: some typos by @​pomadev in https://github.com/labstack/echo/pull/2596
• Allow ResponseWriters to unwrap writers when flushing/hijacking by @​aldas in https://github.com/labstack/echo/pull/2595
• Add SPDX licence comments to files. by @​aldas in https://github.com/labstack/echo/pull/2604
• Upgrade deps by @​aldas in https://github.com/labstack/echo/pull/2605
• Change type definition blocks to single declarations. This helps copy… by @​aldas in https://github.com/labstack/echo/pull/2606
• Fix Real IP logic by @​cl-bvl in https://github.com/labstack/echo/pull/2550
• Default binder can use UnmarshalParams(params []string) error inter… by @​aldas in https://github.com/labstack/echo/pull/2607
• Default binder can bind pointer to slice as struct field. For example *[]string by @​aldas in https://github.com/labstack/echo/pull/2608
• Remove maxparam dependence from Context by @​aldas in https://github.com/labstack/echo/pull/2611
• When route is registered with empty path it is normalized to /. by @​aldas in https://github.com/labstack/echo/pull/2616
• proxy middleware should use httputil.ReverseProxy for SSE requests by @​aldas in https://github.com/labstack/echo/pull/2624

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[cloudflare-workers-and-pages]

Deploying sharing with    Cloudflare Pages

Latest commit:	bfbcabd
Status:	✅  Deploy successful!
Preview URL:	https://1cb4fab9.sharing-dw8.pages.dev
Branch Preview URL:	https://renovate-github-com-labstack.sharing-dw8.pages.dev

View logs

[renovate]

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: cmd/blob/go.sum

Command failed: go get -d -t ./...
go: downloading github.com/google/uuid v1.5.0
go: downloading github.com/minio/minio-go/v7 v7.0.66
go: downloading github.com/sixwaaaay/must v0.1.0
go: downloading github.com/spf13/viper v1.15.0
go: downloading github.com/dustin/go-humanize v1.0.1
go: downloading github.com/json-iterator/go v1.1.12
verifying github.com/sixwaaaay/must@v0.1.0: checksum mismatch
	downloaded: h1:UrtFkBbKyDh2OwTH6173ww4VrRSJnKScz2HVWiZYpXU=
	go.sum:     h1:gYi55InyvD/YyGlQ+n+4N1gqoHIckGG6ijmN2F6bm8g=

SECURITY ERROR
This download does NOT match an earlier download recorded in go.sum.
The bits may have been replaced on the origin server, or an attacker may
have intercepted the download attempt.

For more information, see 'go help module-auth'.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

1 Skipped Deployment

Name	Status	Preview	Comments	Updated (UTC)
sharing	⬜️ Ignored (Inspect)	Visit Preview		Dec 30, 2024 0:27am

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: cmd/blob/go.sum

Command failed: go get -d -t ./...
go: -d flag is deprecated. -d=true is a no-op
go: downloading github.com/google/uuid v1.5.0
go: downloading github.com/labstack/echo/v4 v4.13.3
go: downloading github.com/labstack/gommon v0.4.2
go: downloading github.com/minio/minio-go/v7 v7.0.66
go: downloading github.com/sixwaaaay/must v0.1.0
verifying github.com/sixwaaaay/must@v0.1.0: checksum mismatch
	downloaded: h1:UrtFkBbKyDh2OwTH6173ww4VrRSJnKScz2HVWiZYpXU=
	go.sum:     h1:gYi55InyvD/YyGlQ+n+4N1gqoHIckGG6ijmN2F6bm8g=

SECURITY ERROR
This download does NOT match an earlier download recorded in go.sum.
The bits may have been replaced on the origin server, or an attacker may
have intercepted the download attempt.

For more information, see 'go help module-auth'.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 86.43%. Comparing base (dbecd43) to head (bfbcabd).
Report is 2 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #189      +/-   ##
==========================================
- Coverage   88.24%   86.43%   -1.81%     
==========================================
  Files          17        5      -12     
  Lines        1216      199    -1017     
  Branches       54        0      -54     
==========================================
- Hits         1073      172     -901     
+ Misses        131       17     -114     
+ Partials       12       10       -2     

Flag	Coverage Δ
content	?
users	86.43% <ø> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

[renovate]

Autoclosing Skipped

This PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error.