Skip to content

deps: bump github.com/labstack/echo/v4 from 4.11.1 to 4.11.3 #2373

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 10, 2023
Merged

deps: bump github.com/labstack/echo/v4 from 4.11.1 to 4.11.3 #2373

merged 1 commit into from
Nov 10, 2023

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 9, 2023
edited
Loading

Bumps github.com/labstack/echo/v4 from 4.11.1 to 4.11.3.

Release notes

Sourced from github.com/labstack/echo/v4's releases.

v4.11.3

Security

  • 'c.Attachment' and 'c.Inline' should escape filename in 'Content-Disposition' header to avoid 'Reflect File Download' vulnerability. #2541

Enhancements

  • Tests: refactor context tests to be separate functions #2540
  • Proxy middleware: reuse echo request context #2537
  • Mark unmarshallable yaml struct tags as ignored #2536

v4.11.2

Security

Enhancements

  • Delete unused context in body_limit.go #2483
  • Use Go 1.21 in CI #2505
  • Fix some typos #2511
  • Allow CORS middleware to send Access-Control-Max-Age: 0 #2518
  • Bump dependancies #2522
Changelog

Sourced from github.com/labstack/echo/v4's changelog.

v4.11.3 - 2023-11-07

Security

  • 'c.Attachment' and 'c.Inline' should escape filename in 'Content-Disposition' header to avoid 'Reflect File Download' vulnerability. #2541

Enhancements

  • Tests: refactor context tests to be separate functions #2540
  • Proxy middleware: reuse echo request context #2537
  • Mark unmarshallable yaml struct tags as ignored #2536

v4.11.2 - 2023-10-11

Security

Enhancements

  • Delete unused context in body_limit.go #2483
  • Use Go 1.21 in CI #2505
  • Fix some typos #2511
  • Allow CORS middleware to send Access-Control-Max-Age: 0 #2518
  • Bump dependancies #2522
Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot will merge this PR once it's up-to-date and CI passes on it, as requested by @rbtr.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot requested a review from a team as a code owner November 9, 2023 22:12
@dependabot dependabot bot requested a review from nairashu November 9, 2023 22:12
@dependabot dependabot bot added dependencies Dependencies only. go Pull requests that update Go code labels Nov 9, 2023
@dependabot dependabot bot assigned matmerr and rbtr Nov 9, 2023
@dependabot dependabot bot mentioned this pull request Nov 9, 2023
Closed
@dependabot dependabot bot requested a review from smittal22 November 9, 2023 22:12
@dependabot dependabot bot force-pushed the 1ba5dependabot/go_modules/github.com/labstack/echo/v4-4.11.3 branch 2 times, most recently from 955c8a5 to dcf879f Compare November 10, 2023 02:04
@jpayne3506
Copy link
Contributor

jpayne3506 commented Nov 10, 2023

/azp run

@azure-pipelines
Copy link

azure-pipelines bot commented Nov 10, 2023

Azure Pipelines successfully started running 2 pipeline(s).

jpayne3506
jpayne3506 previously approved these changes Nov 10, 2023
View reviewed changes
@dependabot
deps: bump github.com/labstack/echo/v4 from 4.11.1 to 4.11.3
ef5ad7d 
Bumps [github.com/labstack/echo/v4](https://github.com/labstack/echo) from 4.11.1 to 4.11.3.
- [Release notes](https://github.com/labstack/echo/releases)
- [Changelog](https://github.com/labstack/echo/blob/master/CHANGELOG.md)
- [Commits](labstack/echo@v4.11.1...v4.11.3)

---
updated-dependencies:
- dependency-name: github.com/labstack/echo/v4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the 1ba5dependabot/go_modules/github.com/labstack/echo/v4-4.11.3 branch from dcf879f to ef5ad7d Compare November 10, 2023 12:00
@rbtr
Copy link
Collaborator

rbtr commented Nov 10, 2023

/azp run Azure Container Networking PR

rbtr
rbtr approved these changes Nov 10, 2023
View reviewed changes
Copy link
Collaborator

@rbtr rbtr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dependabot squash and merge

@azure-pipelines
Copy link

azure-pipelines bot commented Nov 10, 2023

Azure Pipelines successfully started running 1 pipeline(s).

@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Nov 10, 2023

One of your CI runs failed on this pull request, so Dependabot won't merge it.

Dependabot will still automatically merge this pull request if you amend it and your tests pass.

@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Nov 10, 2023

Dependabot tried to merge this PR, but received the following error from GitHub:

At least 2 approving reviews are required by reviewers with write access.

@jpayne3506
Copy link
Contributor

jpayne3506 commented Nov 10, 2023

https://github.com/dependabot squash and merge

@dependabot dependabot bot merged commit ba3a5a6 into master Nov 10, 2023
@dependabot dependabot bot deleted the 1ba5dependabot/go_modules/github.com/labstack/echo/v4-4.11.3 branch November 10, 2023 18:59
matmerr pushed a commit that referenced this pull request Jan 17, 2024
@dependabot @matmerr
deps: bump github.com/labstack/echo/v4 from 4.11.1 to 4.11.3 (#2373)
7de3163
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rbtr rbtr rbtr approved these changes

@jpayne3506 jpayne3506 jpayne3506 approved these changes

@nairashu nairashu Awaiting requested review from nairashu nairashu is a code owner automatically assigned from Azure/azure-sdn-members

@smittal22 smittal22 Awaiting requested review from smittal22

Assignees

@rbtr rbtr

@matmerr matmerr

Labels

dependencies Dependencies only. go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@jpayne3506 @rbtr @matmerr