From cbdb600bfc0b68946cf4f3f65e1033f4d49d5c38 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 5 Dec 2024 09:42:31 +0100 Subject: [PATCH] fix(deps): update module github.com/labstack/echo/v4 to v4.13.0 (#6404) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [github.com/labstack/echo/v4](https://redirect.github.com/labstack/echo) | `v4.12.0` -> `v4.13.0` | [![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2flabstack%2fecho%2fv4/v4.13.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/go/github.com%2flabstack%2fecho%2fv4/v4.13.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/go/github.com%2flabstack%2fecho%2fv4/v4.12.0/v4.13.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2flabstack%2fecho%2fv4/v4.12.0/v4.13.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes
labstack/echo (github.com/labstack/echo/v4) ### [`v4.13.0`](https://redirect.github.com/labstack/echo/blob/HEAD/CHANGELOG.md#v4130---2024-12-04) [Compare Source](https://redirect.github.com/labstack/echo/compare/v4.12.0...v4.13.0) **BREAKING CHANGE** JWT Middleware Removed from Core use [labstack/echo-jwt](https://redirect.github.com/labstack/echo-jwt) instead The JWT middleware has been **removed from Echo core** due to another security vulnerability, [CVE-2024-51744](https://nvd.nist.gov/vuln/detail/CVE-2024-51744). For more details, refer to issue [#​2699](https://redirect.github.com/labstack/echo/issues/2699). A drop-in replacement is available in the [labstack/echo-jwt](https://redirect.github.com/labstack/echo-jwt) repository. **Important**: Direct assignments like `token := c.Get("user").(*jwt.Token)` will now cause a panic due to an invalid cast. Update your code accordingly. Replace the current imports from `"github.com/golang-jwt/jwt"` in your handlers to the new middleware version using `"github.com/golang-jwt/jwt/v5"`. Background: The version of `golang-jwt/jwt` (v3.2.2) previously used in Echo core has been in an unmaintained state for some time. This is not the first vulnerability affecting this library; earlier issues were addressed in [PR #​1946](https://redirect.github.com/labstack/echo/pull/1946). JWT middleware was marked as deprecated in Echo core as of [v4.10.0](https://redirect.github.com/labstack/echo/releases/tag/v4.10.0) on 2022-12-27. If you did not notice that, consider leveraging tools like [Staticcheck](https://staticcheck.dev/) to catch such deprecations earlier in you dev/CI flow. For bonus points - check out [gosec](https://redirect.github.com/securego/gosec). We sincerely apologize for any inconvenience caused by this change. While we strive to maintain backward compatibility within Echo core, recurring security issues with third-party dependencies have forced this decision. **Enhancements** - remove jwt middleware by [@​stevenwhitehead](https://redirect.github.com/stevenwhitehead) in [https://github.com/labstack/echo/pull/2701](https://redirect.github.com/labstack/echo/pull/2701) - optimization: struct alignment by [@​behnambm](https://redirect.github.com/behnambm) in [https://github.com/labstack/echo/pull/2636](https://redirect.github.com/labstack/echo/pull/2636) - bind: Maintain backwards compatibility for map\[string]interface{} binding by [@​thesaltree](https://redirect.github.com/thesaltree) in [https://github.com/labstack/echo/pull/2656](https://redirect.github.com/labstack/echo/pull/2656) - Add Go 1.23 to CI by [@​aldas](https://redirect.github.com/aldas) in [https://github.com/labstack/echo/pull/2675](https://redirect.github.com/labstack/echo/pull/2675) - improve `MultipartForm` test by [@​martinyonatann](https://redirect.github.com/martinyonatann) in [https://github.com/labstack/echo/pull/2682](https://redirect.github.com/labstack/echo/pull/2682) - `bind` : add support of multipart multi files by [@​martinyonatann](https://redirect.github.com/martinyonatann) in [https://github.com/labstack/echo/pull/2684](https://redirect.github.com/labstack/echo/pull/2684) - Add TemplateRenderer struct to ease creating renderers for `html/template` and `text/template` packages. by [@​aldas](https://redirect.github.com/aldas) in [https://github.com/labstack/echo/pull/2690](https://redirect.github.com/labstack/echo/pull/2690) - Refactor TestBasicAuth to utilize table-driven test format by [@​ErikOlson](https://redirect.github.com/ErikOlson) in [https://github.com/labstack/echo/pull/2688](https://redirect.github.com/labstack/echo/pull/2688) - Remove broken header by [@​aldas](https://redirect.github.com/aldas) in [https://github.com/labstack/echo/pull/2705](https://redirect.github.com/labstack/echo/pull/2705) - fix(bind body): content-length can be -1 by [@​phamvinhdat](https://redirect.github.com/phamvinhdat) in [https://github.com/labstack/echo/pull/2710](https://redirect.github.com/labstack/echo/pull/2710) - CORS middleware should compile allowOrigin regexp at creation by [@​aldas](https://redirect.github.com/aldas) in [https://github.com/labstack/echo/pull/2709](https://redirect.github.com/labstack/echo/pull/2709) - Shorten Github issue template and add test example by [@​aldas](https://redirect.github.com/aldas) in [https://github.com/labstack/echo/pull/2711](https://redirect.github.com/labstack/echo/pull/2711)
--- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/open-telemetry/opentelemetry-go-contrib). Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .../github.com/labstack/echo/otelecho/example/go.mod | 3 +-- .../github.com/labstack/echo/otelecho/example/go.sum | 6 ++---- instrumentation/github.com/labstack/echo/otelecho/go.mod | 3 +-- instrumentation/github.com/labstack/echo/otelecho/go.sum | 6 ++---- .../github.com/labstack/echo/otelecho/test/go.mod | 3 +-- .../github.com/labstack/echo/otelecho/test/go.sum | 6 ++---- 6 files changed, 9 insertions(+), 18 deletions(-) diff --git a/instrumentation/github.com/labstack/echo/otelecho/example/go.mod b/instrumentation/github.com/labstack/echo/otelecho/example/go.mod index 01915bac30d..f027340f262 100644 --- a/instrumentation/github.com/labstack/echo/otelecho/example/go.mod +++ b/instrumentation/github.com/labstack/echo/otelecho/example/go.mod @@ -8,7 +8,7 @@ replace ( ) require ( - github.com/labstack/echo/v4 v4.12.0 + github.com/labstack/echo/v4 v4.13.0 go.opentelemetry.io/contrib/instrumentation/github.com/labstack/echo/otelecho v0.57.0 go.opentelemetry.io/otel v1.32.0 go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.32.0 @@ -19,7 +19,6 @@ require ( require ( github.com/go-logr/logr v1.4.2 // indirect github.com/go-logr/stdr v1.2.2 // indirect - github.com/golang-jwt/jwt v3.2.2+incompatible // indirect github.com/google/uuid v1.6.0 // indirect github.com/labstack/gommon v0.4.2 // indirect github.com/mattn/go-colorable v0.1.13 // indirect diff --git a/instrumentation/github.com/labstack/echo/otelecho/example/go.sum b/instrumentation/github.com/labstack/echo/otelecho/example/go.sum index 35f66cb9424..e50a9be3917 100644 --- a/instrumentation/github.com/labstack/echo/otelecho/example/go.sum +++ b/instrumentation/github.com/labstack/echo/otelecho/example/go.sum @@ -5,14 +5,12 @@ github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= -github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY= -github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/labstack/echo/v4 v4.12.0 h1:IKpw49IMryVB2p1a4dzwlhP1O2Tf2E0Ir/450lH+kI0= -github.com/labstack/echo/v4 v4.12.0/go.mod h1:UP9Cr2DJXbOK3Kr9ONYzNowSh7HP0aG0ShAyycHSJvM= +github.com/labstack/echo/v4 v4.13.0 h1:8DjSi4H/k+RqoOmwXkxW14A2H1pdPdS95+qmdJ4q1Tg= +github.com/labstack/echo/v4 v4.13.0/go.mod h1:61j7WN2+bp8V21qerqRs4yVlVTGyOagMBpF0vE7VcmM= github.com/labstack/gommon v0.4.2 h1:F8qTUNXgG1+6WQmqoUWnz8WiEU60mXVVw0P4ht1WRA0= github.com/labstack/gommon v0.4.2/go.mod h1:QlUFxVM+SNXhDL/Z7YhocGIBYOiwB0mXm1+1bAPHPyU= github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= diff --git a/instrumentation/github.com/labstack/echo/otelecho/go.mod b/instrumentation/github.com/labstack/echo/otelecho/go.mod index c8d278cb9c5..d4211af10d0 100644 --- a/instrumentation/github.com/labstack/echo/otelecho/go.mod +++ b/instrumentation/github.com/labstack/echo/otelecho/go.mod @@ -5,7 +5,7 @@ go 1.22 replace go.opentelemetry.io/contrib/propagators/b3 => ../../../../../propagators/b3 require ( - github.com/labstack/echo/v4 v4.12.0 + github.com/labstack/echo/v4 v4.13.0 github.com/stretchr/testify v1.10.0 go.opentelemetry.io/contrib/propagators/b3 v1.32.0 go.opentelemetry.io/otel v1.32.0 @@ -16,7 +16,6 @@ require ( github.com/davecgh/go-spew v1.1.1 // indirect github.com/go-logr/logr v1.4.2 // indirect github.com/go-logr/stdr v1.2.2 // indirect - github.com/golang-jwt/jwt v3.2.2+incompatible // indirect github.com/labstack/gommon v0.4.2 // indirect github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.20 // indirect diff --git a/instrumentation/github.com/labstack/echo/otelecho/go.sum b/instrumentation/github.com/labstack/echo/otelecho/go.sum index df326eb7217..3f17cb61fcf 100644 --- a/instrumentation/github.com/labstack/echo/otelecho/go.sum +++ b/instrumentation/github.com/labstack/echo/otelecho/go.sum @@ -5,12 +5,10 @@ github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= -github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY= -github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/labstack/echo/v4 v4.12.0 h1:IKpw49IMryVB2p1a4dzwlhP1O2Tf2E0Ir/450lH+kI0= -github.com/labstack/echo/v4 v4.12.0/go.mod h1:UP9Cr2DJXbOK3Kr9ONYzNowSh7HP0aG0ShAyycHSJvM= +github.com/labstack/echo/v4 v4.13.0 h1:8DjSi4H/k+RqoOmwXkxW14A2H1pdPdS95+qmdJ4q1Tg= +github.com/labstack/echo/v4 v4.13.0/go.mod h1:61j7WN2+bp8V21qerqRs4yVlVTGyOagMBpF0vE7VcmM= github.com/labstack/gommon v0.4.2 h1:F8qTUNXgG1+6WQmqoUWnz8WiEU60mXVVw0P4ht1WRA0= github.com/labstack/gommon v0.4.2/go.mod h1:QlUFxVM+SNXhDL/Z7YhocGIBYOiwB0mXm1+1bAPHPyU= github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= diff --git a/instrumentation/github.com/labstack/echo/otelecho/test/go.mod b/instrumentation/github.com/labstack/echo/otelecho/test/go.mod index 0eca896a2b9..ea2bfb4ac16 100644 --- a/instrumentation/github.com/labstack/echo/otelecho/test/go.mod +++ b/instrumentation/github.com/labstack/echo/otelecho/test/go.mod @@ -4,7 +4,7 @@ module go.opentelemetry.io/contrib/instrumentation/github.com/labstack/echo/otel go 1.22 require ( - github.com/labstack/echo/v4 v4.12.0 + github.com/labstack/echo/v4 v4.13.0 github.com/stretchr/testify v1.10.0 go.opentelemetry.io/contrib/instrumentation/github.com/labstack/echo/otelecho v0.57.0 go.opentelemetry.io/otel v1.32.0 @@ -16,7 +16,6 @@ require ( github.com/davecgh/go-spew v1.1.1 // indirect github.com/go-logr/logr v1.4.2 // indirect github.com/go-logr/stdr v1.2.2 // indirect - github.com/golang-jwt/jwt v3.2.2+incompatible // indirect github.com/google/uuid v1.6.0 // indirect github.com/labstack/gommon v0.4.2 // indirect github.com/mattn/go-colorable v0.1.13 // indirect diff --git a/instrumentation/github.com/labstack/echo/otelecho/test/go.sum b/instrumentation/github.com/labstack/echo/otelecho/test/go.sum index d7499d6f230..0bc39292138 100644 --- a/instrumentation/github.com/labstack/echo/otelecho/test/go.sum +++ b/instrumentation/github.com/labstack/echo/otelecho/test/go.sum @@ -5,14 +5,12 @@ github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= -github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY= -github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/labstack/echo/v4 v4.12.0 h1:IKpw49IMryVB2p1a4dzwlhP1O2Tf2E0Ir/450lH+kI0= -github.com/labstack/echo/v4 v4.12.0/go.mod h1:UP9Cr2DJXbOK3Kr9ONYzNowSh7HP0aG0ShAyycHSJvM= +github.com/labstack/echo/v4 v4.13.0 h1:8DjSi4H/k+RqoOmwXkxW14A2H1pdPdS95+qmdJ4q1Tg= +github.com/labstack/echo/v4 v4.13.0/go.mod h1:61j7WN2+bp8V21qerqRs4yVlVTGyOagMBpF0vE7VcmM= github.com/labstack/gommon v0.4.2 h1:F8qTUNXgG1+6WQmqoUWnz8WiEU60mXVVw0P4ht1WRA0= github.com/labstack/gommon v0.4.2/go.mod h1:QlUFxVM+SNXhDL/Z7YhocGIBYOiwB0mXm1+1bAPHPyU= github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=