Bump github.com/labstack/echo/v5 from 5.0.0-20230722203903-ec5b858dab61 to 5.0.4

[dependabot]

Bumps github.com/labstack/echo/v5 from 5.0.0-20230722203903-ec5b858dab61 to 5.0.4.

Release notes

Sourced from github.com/labstack/echo/v5's releases.

v5.0.4 small fixes and improvements

What's Changed

• Remove unused import 'errors' from README example by @​kumapower17 in labstack/echo#2889
• Fix Graceful shutdown: after http.Server.Serve returns we need to wait for graceful shutdown goroutine to finish by @​aldas in labstack/echo#2898
• Update location of oapi-codegen in README by @​mromaszewicz in labstack/echo#2896
• Add Go 1.26 to CI flow by @​aldas in labstack/echo#2899
• Add new function echo.StatusCode by @​suwakei in labstack/echo#2892
• CSRF: support older token-based CSRF protection handler that want to render token into template by @​aldas in labstack/echo#2894
• Add echo.ResolveResponseStatus function to help middleware/handlers determine HTTP status code and echo.Response by @​aldas in labstack/echo#2900

New Contributors

• @​mromaszewicz made their first contribution in labstack/echo#2896
• @​suwakei made their first contribution in labstack/echo#2892

Full Changelog: labstack/echo@v5.0.3...v5.0.4

v5.0.3 security (static middleware directory traversal under Windows)

Fix directory traversal vulnerability under Windows in Static middleware when default Echo filesystem is used. Reported by @​shblue21 (labstack/echo#2891).

This applies to cases when:

• Windows is used as OS
• middleware.StaticConfig.Filesystem is nil (default)
• echo.Filesystem is has not been set explicitly (default)

Full Changelog: labstack/echo@v5.0.2...v5.0.3

v5.0.2 security (static middleware folder browsing)

Security

• Fix Static middleware when folder browsing is enabled (config.Browse=true , defaults to false) lists all files/subfolders from config.Filesystem root folder and not starting from config.Root and requested folder in labstack/echo#2887 . Reported by @​shblue21 in labstack/echo#2886

Full Changelog: labstack/echo@v5.0.1...v5.0.2

v5.0.1 small fixes

What's Changed

• Panic MW: will now return a custom PanicStackError with stack trace by @​aldas in labstack/echo#2871
• Docs: add missing err parameter to DenyHandler example by @​cgalibern in labstack/echo#2878
• Context: improve websocket checks in IsWebSocket() [per RFC 6455] by @​raju-mechatronics in labstack/echo#2875
• Fix: Context.Json() should not send status code before serialization is complete by @​aldas in labstack/echo#2877

New Contributors

• @​cgalibern made their first contribution in labstack/echo#2878

... (truncated)

Changelog

Sourced from github.com/labstack/echo/v5's changelog.

v5.0.4 - 2026-02-15

Enhancements

• Remove unused import 'errors' from README example by @​kumapower17 in labstack/echo#2889
• Fix Graceful shutdown: after http.Server.Serve returns we need to wait for graceful shutdown goroutine to finish by @​aldas in labstack/echo#2898
• Update location of oapi-codegen in README by @​mromaszewicz in labstack/echo#2896
• Add Go 1.26 to CI flow by @​aldas in labstack/echo#2899
• Add new function echo.StatusCode by @​suwakei in labstack/echo#2892
• CSRF: support older token-based CSRF protection handler that want to render token into template by @​aldas in labstack/echo#2894
• Add echo.ResolveResponseStatus function to help middleware/handlers determine HTTP status code and echo.Response by @​aldas in labstack/echo#2900

v5.0.3 - 2026-02-06

Security

• Fix directory traversal vulnerability under Windows in Static middleware when default Echo filesystem is used. Reported by @​shblue21.

This applies to cases when:

• Windows is used as OS
• middleware.StaticConfig.Filesystem is nil (default)
• echo.Filesystem is has not been set explicitly (default)

Exposure is restricted to the active process working directory and its subfolders.

v5.0.2 - 2026-02-02

Security

• Fix Static middleware with config.Browse=true lists all files/subfolders from config.Filesystem root and not starting from config.Root in labstack/echo#2887

v5.0.1 - 2026-01-28

• Panic MW: will now return a custom PanicStackError with stack trace by @​aldas in labstack/echo#2871
• Docs: add missing err parameter to DenyHandler example by @​cgalibern in labstack/echo#2878
• improve: improve websocket checks in IsWebSocket() [per RFC 6455] by @​raju-mechatronics in labstack/echo#2875
• fix: Context.Json() should not send status code before serialization is complete by @​aldas in labstack/echo#2877

v5.0.0 - 2026-01-18

Echo v5 is maintenance release with major breaking changes

• Context is now struct instead of interface and we can add method to it in the future in minor versions.
• Adds new Router interface for possible new routing implementations.
• Drops old logging interface and uses moderm log/slog instead.
• Rearranges alot of methods/function signatures to make them more consistent.

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)