Skip to content

Update module github.com/labstack/echo/v4 to v5#55

Open
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/github.com-labstack-echo-v4-5.x
Open

Update module github.com/labstack/echo/v4 to v5#55
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/github.com-labstack-echo-v4-5.x

Conversation

@renovate

@renovate renovate Bot commented Jan 20, 2026

Copy link
Copy Markdown
Contributor

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Confidence
github.com/labstack/echo/v4 v4.2.0v5.2.1 age confidence

Release Notes

labstack/echo (github.com/labstack/echo/v4)

v5.2.1

Compare Source

Security

Make serving static file releated methods and middleware not unescape path by default - so how the way Router interprets paths and Static methods/middleware is consistent.

Given following situation:

// 0.
// given folder structure:
// private.txt
// public/
// public/index.html
// public/text.txt
// public/admin/private.txt

// 1. share `public/` folder contents from the server root. This folder actually contains subfolder `admin` which
// contents we want to forbid from downloading
e.Static("/", "public")

// 2. naively assume that everything under /admin folder is now forbidden
e.GET("/admin/*", func(c *Context) error {
    return ErrForbidden
})

Then requests to /admin%2fprivate.txt would not be matched to GET /admin/* route (routing does not look unescaped path) and static file serving will use unescaped path to serve the file.

Note: this way of "guarding" subfolders will never work for for paths like /assets/../admin%2fprivate.txt which will path.Clean("/assets/../admin%2fprivate.txt") to /admin/private.txt and are servable if static file serving is configured to unescape paths.

If you want to guard routes - use middlewares on Static* methods and before Static middleware.


  • revert PR #​3009 changes to just disabling path escaping by default in static methods/middleware by @​aldas in #​3016

Closes GHSA-vfp3-v2gw-7wfq more completely: the previous fix (#​3009) rejected explicitly encoded
separators at the handler level; this patch makes the no-unescape behavior the default so new configurations are safe without extra opt-out steps.

What changed: DisablePathUnescaping (on StaticConfig and StaticDirectoryHandlerConfig) is deprecated and replaced by EnablePathUnescaping (default false). Path unescaping is now opt-in.

What this protects: With EnablePathUnescaping: false (new default), encoded separators (%2F, %5C) are never decoded before routing or file lookup, so they cannot
bypass route-level authentication or other middleware guards.

What this does NOT protect: Serving a directory with Static, StaticFS, or StaticDirectoryHandler exposes its entire subtree. Sibling routes are not a reliable
ACL boundary — attach authorization middleware directly to the static mount, or serve sensitive sub-trees under separate guarded routes.

Breaking change / migration: If you serve files whose names contain URL-encoded characters (e.g., /hello%20world.txthello world.txt), you must now opt in:

// Static middleware
e.Use(middleware.StaticWithConfig(middleware.StaticConfig{
    EnablePathUnescaping: true, // only safe when NOT relying on route-based ACL guards
    ...
}))

// StaticDirectoryHandler
middleware.StaticDirectoryHandler(fs, &middleware.StaticDirectoryHandlerConfig{
    EnablePathUnescaping: true,
})

Full Changelog: labstack/echo@v5.2.0...v5.2.1

v5.2.0

Compare Source

Security

Fixes GHSA-vfp3-v2gw-7wfq: an encoded path separator (%2F or %5C) in a static file URL could bypass route-level middleware (e.g. authentication on a sibling route) and disclose static files. Both StaticDirectoryHandler/StaticFS and the Static middleware are affected. Thanks to @​a-tt-om and @​oran-gugu for reporting.

Enhancements

New Contributors

Full Changelog: labstack/echo@v5.1.1...v5.2.0

v5.1.1

Compare Source

Security

Thanks to @​shblue21 for reporting this issue.

Enhancements

v5.1.0

Compare Source

Security

This change does not break the API contract, but it does introduce breaking changes in logic/behavior.
If your application is using c.RealIP() beware and read https://echo.labstack.com/docs/ip-address

v4 behavior can be restored with:

e := echo.New()
e.IPExtractor = echo.LegacyIPExtractor()
  • Remove legacy IP extraction logic from context.RealIP method by @​aldas in #​2933

Enhancements

v5.0.4

Compare Source

Enhancements

v5.0.3

Compare Source

Security

  • Fix directory traversal vulnerability under Windows in Static middleware when default Echo filesystem is used. Reported by @​shblue21.

This applies to cases when:

  • Windows is used as OS
  • middleware.StaticConfig.Filesystem is nil (default)
  • echo.Filesystem is has not been set explicitly (default)

Exposure is restricted to the active process working directory and its subfolders.

v5.0.2

Compare Source

Security

  • Fix Static middleware with config.Browse=true lists all files/subfolders from config.Filesystem root and not starting from config.Root in #​2887

v5.0.1

Compare Source

v5.0.0

Compare Source

Echo v5 is maintenance release with major breaking changes

  • Context is now struct instead of interface and we can add method to it in the future in minor versions.
  • Adds new Router interface for possible new routing implementations.
  • Drops old logging interface and uses moderm log/slog instead.
  • Rearranges alot of methods/function signatures to make them more consistent.

Upgrade notes and v4 support:

  • Echo v4 is supported with security* updates and bug fixes until 2026-12-31
  • If you are using Echo in a production environment, it is recommended to wait until after 2026-03-31 before upgrading.
  • Until 2026-03-31, any critical issues requiring breaking v5 API changes will be addressed, even if this violates semantic versioning.

See API_CHANGES_V5.md for public API changes between v4 and v5, notes on upgrading.

Upgrading TLDR:

If you are using Linux you can migrate easier parts like that:

find . -type f -name "*.go" -exec sed -i 's/ echo.Context/ *echo.Context/g' {} +
find . -type f -name "*.go" -exec sed -i 's/echo\/v4/echo\/v5/g' {} +

macOS

find . -type f -name "*.go" -exec sed -i '' 's/ echo.Context/ *echo.Context/g' {} +
find . -type f -name "*.go" -exec sed -i '' 's/echo\/v4/echo\/v5/g' {} +

or in your favorite IDE

Replace all:

  1. echo.Context -> *echo.Context
  2. echo/v4 -> echo/v5

This should solve most of the issues. Probably the hardest part is updating all the tests.

v4.15.4

Compare Source

Security

Fixes GHSA-vfp3-v2gw-7wfq: an encoded path separator (%2F or %5C) in a static file URL could bypass route-level middleware (e.g. authentication on a sibling route) and disclose static files. Both StaticDirectoryHandler (used by Static/StaticFS) and the Static middleware are affected. Backport of the v5 fix (#​3016, released in v5.2.1). Thanks to @​a-tt-om and @​oran-gugu for reporting.


Make serving static file releated methods and middleware not unescape path by default - so how the way Router interprets paths and Static methods/middleware is consistent.

Given following situation:

// 0.
// given folder structure:
// private.txt
// public/
// public/index.html
// public/text.txt
// public/admin/private.txt

// 1. share `public/` folder contents from the server root. This folder actually contains subfolder `admin` which
// contents we want to forbid from downloading
e.Static("/", "public")

// 2. naively assume that everything under /admin folder is now forbidden
e.GET("/admin/*", func(c *Context) error {
    return ErrForbidden
})

Then requests to /admin%2fprivate.txt would not be matched to GET /admin/* route (routing does not look unescaped path) and static file serving will use unescaped path to serve the file.

Note: this way of "guarding" subfolders will never work for for paths like /assets/../admin%2fprivate.txt which will path.Clean("/assets/../admin%2fprivate.txt") to /admin/private.txt and are servable if static file serving is configured to unescape paths.

If you want to guard routes - use middlewares on Static* methods and before Static middleware.

Breaking change / migration: If you serve files whose names contain URL-encoded characters (e.g., /hello%20world.txthello world.txt), you must now opt in:

	e := echo.New()
	e.EnablePathUnescapingStaticFiles = true  // <-- enable old behavior
	e.Static("/", "public")

for static middleware

	e.Use(middleware.StaticWithConfig(middleware.StaticConfig{
		EnablePathUnescaping: true, // <-- enable old behavior
	}))

Full Changelog: labstack/echo@v4.15.3...v4.15.4

v4.15.3: - Static encoded-separator route bypass fix (GHSA-vfp3-v2gw-7wfq)

Compare Source

Security

  • fix(static): reject encoded path separators that bypass route-level middleware by @​vishr in #​3011

Fixes GHSA-vfp3-v2gw-7wfq: an encoded path separator (%2F or %5C) in a static file URL could bypass route-level middleware (e.g. authentication on a sibling route) and disclose static files. Both StaticDirectoryHandler (used by Static/StaticFS) and the Static middleware are affected. Backport of the v5 fix (#​3009, released in v5.2.0). Thanks to @​a-tt-om and @​oran-gugu for reporting.

Full Changelog: labstack/echo@v4.15.2...v4.15.3

v4.15.2: - Context.Scheme() header validation

Compare Source

Security

Thanks to @​shblue21 for reporting this issue.

Full Changelog: labstack/echo@v4.15.1...v4.15.2

v4.15.1

Compare Source

What's Changed

  • CSRF: support older token-based CSRF protection handler that want to render token into template by @​aldas in #​2905

Full Changelog: labstack/echo@v4.15.0...v4.15.1

v4.15.0

Compare Source

Security

NB: If your application relies on cross-origin or same-site (same subdomain) requests do not blindly push this version to production

The CSRF middleware now supports the Sec-Fetch-Site header as a modern, defense-in-depth approach to CSRF
protection
, implementing the OWASP-recommended Fetch Metadata API alongside the traditional token-based mechanism.

How it works:

Modern browsers automatically send the Sec-Fetch-Site header with all requests, indicating the relationship
between the request origin and the target. The middleware uses this to make security decisions:

  • same-origin or none: Requests are allowed (exact origin match or direct user navigation)
  • same-site: Falls back to token validation (e.g., subdomain to main domain)
  • cross-site: Blocked by default with 403 error for unsafe methods (POST, PUT, DELETE, PATCH)

For browsers that don't send this header (older browsers), the middleware seamlessly falls back to
traditional token-based CSRF protection.

New Configuration Options:

  • TrustedOrigins []string: Allowlist specific origins for cross-site requests (useful for OAuth callbacks, webhooks)
  • AllowSecFetchSiteFunc func(echo.Context) (bool, error): Custom logic for same-site/cross-site request validation

Example:

e.Use(middleware.CSRFWithConfig(middleware.CSRFConfig{
    // Allow OAuth callbacks from trusted provider
    TrustedOrigins: []string{"https://oauth-provider.com"},

    // Custom validation for same-site requests
    AllowSecFetchSiteFunc: func(c echo.Context) (bool, error) {
        // Your custom authorization logic here
        return validateCustomAuth(c), nil
        // return true, err  // blocks request with error
        // return true, nil  // allows CSRF request through
        // return false, nil // falls back to legacy token logic
    },
}))

PR: #​2858

Type-Safe Generic Parameter Binding

  • Added generic functions for type-safe parameter extraction and context access by @​aldas in #​2856

    Echo now provides generic functions for extracting path, query, and form parameters with automatic type conversion,
    eliminating manual string parsing and type assertions.

    New Functions:

    • Path parameters: PathParam[T], PathParamOr[T]
    • Query parameters: QueryParam[T], QueryParamOr[T], QueryParams[T], QueryParamsOr[T]
    • Form values: FormParam[T], FormParamOr[T], FormParams[T], FormParamsOr[T]
    • Context store: ContextGet[T], ContextGetOr[T]

    Supported Types:
    Primitives (bool, string, int/uint variants, float32/float64), time.Duration, time.Time
    (with custom layouts and Unix timestamp support), and custom types implementing BindUnmarshaler,
    TextUnmarshaler, or JSONUnmarshaler.

    Example:

    // Before: Manual parsing
    idStr := c.Param("id")
    id, err := strconv.Atoi(idStr)
    
    // After: Type-safe with automatic parsing
    id, err := echo.PathParam[int](c, "id")
    
    // With default values
    page, err := echo.QueryParamOr[int](c, "page", 1)
    limit, err := echo.QueryParamOr[int](c, "limit", 20)
    
    // Type-safe context access (no more panics from type assertions)
    user, err := echo.ContextGet[*User](c, "user")

PR: #​2856

DEPRECATION NOTICE Timeout Middleware Deprecated - Use ContextTimeout Instead

The middleware.Timeout middleware has been deprecated due to fundamental architectural issues that cause
data races. Use middleware.ContextTimeout or middleware.ContextTimeoutWithConfig instead.

Why is this being deprecated?

The Timeout middleware manipulates response writers across goroutine boundaries, which causes data races that
cannot be reliably fixed without a complete architectural redesign. The middleware:

  • Swaps the response writer using http.TimeoutHandler
  • Must be the first middleware in the chain (fragile constraint)
  • Can cause races with other middleware (Logger, metrics, custom middleware)
  • Has been the source of multiple race condition fixes over the years

What should you use instead?

The ContextTimeout middleware (available since v4.12.0) provides timeout functionality using Go's standard
context mechanism. It is:

  • Race-free by design
  • Can be placed anywhere in the middleware chain
  • Simpler and more maintainable
  • Compatible with all other middleware

Migration Guide:

// Before (deprecated):
e.Use(middleware.Timeout())

// After (recommended):
e.Use(middleware.ContextTimeout(30 * time.Second))

Important Behavioral Differences:

  1. Handler cooperation required: With ContextTimeout, your handlers must check context.Done() for cooperative
    cancellation. The old Timeout middleware would send a 503 response regardless of handler cooperation, but had
    data race issues.

  2. Error handling: ContextTimeout returns errors through the standard error handling flow. Handlers that receive
    context.DeadlineExceeded should handle it appropriately:

e.GET("/long-task", func(c echo.Context) error {
    ctx := c.Request().Context()

    // Example: database query with context
    result, err := db.QueryContext(ctx, "SELECT * FROM large_table")
    if err != nil {
        if errors.Is(err, context.DeadlineExceeded) {
            // Handle timeout
            return echo.NewHTTPError(http.StatusServiceUnavailable, "Request timeout")
        }
        return err
    }

    return c.JSON(http.StatusOK, result)
})
  1. Background tasks: For long-running background tasks, use goroutines with context:
e.GET("/async-task", func(c echo.Context) error {
    ctx := c.Request().Context()

    resultCh := make(chan Result, 1)
    errCh := make(chan error, 1)

    go func() {
        result, err := performLongTask(ctx)
        if err != nil {
            errCh <- err
            return
        }
        resultCh <- result
    }()

    select {
    case result := <-resultCh:
        return c.JSON(http.StatusOK, result)
    case err := <-errCh:
        return err
    case <-ctx.Done():
        return echo.NewHTTPError(http.StatusServiceUnavailable, "Request timeout")
    }
})

Enhancements

v4.14.0

Compare Source

middleware.Logger has been deprecated. For request logging, use middleware.RequestLogger or
middleware.RequestLoggerWithConfig.

middleware.RequestLogger replaces middleware.Logger, offering comparable configuration while relying on the
Go standard library’s new slog logger.

The previous default output format was JSON. The new default follows the standard slog logger settings.
To continue emitting request logs in JSON, configure slog accordingly:

slog.SetDefault(slog.New(slog.NewJSONHandler(os.Stdout, nil)))
e.Use(middleware.RequestLogger())

Security

Enhancements

v4.13.4

Compare Source

Enhancements

Security

v4.13.3

Compare Source

Security

v4.13.2

Compare Source

Security

v4.13.1

Compare Source

Fixes

v4.13.0

Compare Source

BREAKING CHANGE JWT Middleware Removed from Core use labstack/echo-jwt instead

The JWT middleware has been removed from Echo core due to another security vulnerability, CVE-2024-51744. For more details, refer to issue #​2699. A drop-in replacement is available in the labstack/echo-jwt repository.

Important: Direct assignments like token := c.Get("user").(*jwt.Token) will now cause a panic due to an invalid cast. Update your code accordingly. Replace the current imports from "github.com/golang-jwt/jwt" in your handlers to the new middleware version using "github.com/golang-jwt/jwt/v5".

Background:

The version of golang-jwt/jwt (v3.2.2) previously used in Echo core has been in an unmaintained state for some time. This is not the first vulnerability affecting this library; earlier issues were addressed in PR #​1946.
JWT middleware was marked as deprecated in Echo core as of v4.10.0 on 2022-12-27. If you did not notice that, consider leveraging tools like Staticcheck to catch such deprecations earlier in you dev/CI flow. For bonus points - check out gosec.

We sincerely apologize for any inconvenience caused by this change. While we strive to maintain backward compatibility within Echo core, recurring security issues with third-party dependencies have forced this decision.

Enhancements

v4.12.0

Compare Source

Security

Enhancements

v4.11.4

Compare Source

Security

  • Upgrade golang.org/x/crypto to v0.17.0 to fix vulnerability issue #​2562

Enhancements

v4.11.3

Compare Source

Security

  • 'c.Attachment' and 'c.Inline' should escape filename in 'Content-Disposition' header to avoid 'Reflect File Download' vulnerability. #​2541

Enhancements

  • Tests: refactor context tests to be separate functions #​2540
  • Proxy middleware: reuse echo request context #​2537
  • Mark unmarshallable yaml struct tags as ignored #​2536

v4.11.2

Compare Source

Security

Enhancements

v4.11.1

Compare Source

Fixes

  • Fix Gzip middleware not sending response code for no content responses (404, 301/302 redirects etc) #​2481

v4.11.0

Compare Source

Fixes

  • Fixes the proxy middleware concurrency issue of calling the Next() proxy target on Round Robin Balancer #​2409
  • Fix group.RouteNotFound not working when group has attached middlewares #​2411
  • Fix global error handler return error message when message is an error #​2456
  • Do not use global timeNow variables #​2477

Enhancements

  • Added a optional config variable to disable centralized error handler in recovery middleware #​2410
  • refactor: use strings.ReplaceAll directly #​2424
  • Add support for Go1.20 http.rwUnwrapper to Response struct #​2425
  • Check whether is nil before invoking centralized error handling #​2429
  • Proper colon support in echo.Reverse method #​2416
  • Fix misuses of a vs an in documentation comments #​2436
  • Add link to slog.Handler library for Echo logging into README.md #​2444
  • In proxy middleware Support retries of failed proxy requests #​2414
  • gofmt fixes to comments #​2452
  • gzip response only if it exceeds a minimal length #​2267
  • Upgrade packages #​2475

v4.10.2

Compare Source

Security

  • filepath.Clean behaviour has changed in Go 1.20 - adapt to it #​2406
  • Add middleware.CORSConfig.UnsafeWildcardOriginWithAllowCredentials to make UNSAFE usages of wildcard origin + allow cretentials less likely #​2405

Enhancements

v4.10.1

Compare Source

Security

  • Upgrade deps due to the latest golang.org/x/net vulnerability #​2402

Enhancements

  • Add new JWT repository to the README #​2377
  • Return an empty string for ctx.path if there is no registered path #​2385
  • Add context timeout middleware #​2380
  • Update link to jaegertracing #​2394

v4.10.0

Compare Source

Security

  • We are deprecating JWT middleware in this repository. Please use https://github.com/labstack/echo-jwt instead.

    JWT middleware is moved to separate repository to allow us to bump/upgrade version of JWT implementation (github.com/golang-jwt/jwt) we are using
    which we can not do in Echo core because this would break backwards compatibility guarantees we try to maintain.

  • This minor version bumps minimum Go version to 1.17 (from 1.16) due golang.org/x/ packages we depend on. There are
    several vulnerabilities fixed in these libraries.

    Echo still tries to support last 4 Go versions but there are occasions we can not guarantee this promise.

Enhancements

  • Bump x/text to 0.3.8 #​2305
  • Bump dependencies and add notes about Go releases we support #​2336
  • Add helper interface for ProxyBalancer interface #​2316
  • Expose middleware.CreateExtractors function so we can use it from echo-contrib repository #​2338
  • Refactor func(Context) error to HandlerFunc #​2315
  • Improve function comments #​2329
  • Add new method HTTPError.WithInternal #​2340
  • Replace io/ioutil package usages #​2342
  • Add staticcheck to CI flow #​2343
  • Replace relative path determination from proprietary to std #​2345
  • Remove square brackets from ipv6 addresses in XFF (X-Forwarded-For header) #​2182
  • Add testcases for some BodyLimit middleware configuration options #​2350
  • Additional configuration options for RequestLogger and Logger middleware #​2341
  • Add route to request log #​2162
  • GitHub Workflows security hardening #​2358
  • Add govulncheck to CI and bump dependencies #​2362
  • Fix rate limiter docs #​2366
  • Refactor how e.Routes() work and introduce e.OnAddRouteHandler callback #​2337

v4.9.1

Compare Source

Fixes

  • Fix logger panicing (when template is set to empty) by bumping dependency version #​2295

Enhancements

  • Improve CORS documentation #​2272
  • Update readme about supported Go versions #​2291
  • Tests: improve error handling on closing body #​2254
  • Tests: refactor some of the assertions in tests #​2275
  • Tests: refactor assertions #​2301

v4.9.0

Compare Source

Security

  • Fix open redirect vulnerability in handlers serving static directories (e.Static, e.StaticFs, echo.StaticDirectoryHandler) #​2260

Enhancements

  • Allow configuring ErrorHandler in CSRF middleware #​2257
  • Replace HTTP method constants in tests with stdlib constants #​2247

v4.8.0

Compare Source

Most notable things

You can now add any arbitrary HTTP method type as a route #​2237

e.Add("COPY", "/*", func(c echo.Context) error 
  return c.String(http.StatusOK, "OK COPY")
})

You can add custom 404 handler for specific paths #​2217

e.RouteNotFound("/*", func(c echo.Context) error { return c.NoContent(http.StatusNotFound) })

g := e.Group("/images")
g.RouteNotFound("/*", func(c echo.Context) error { return c.NoContent(http.StatusNotFound) })

Enhancements

  • Add new value binding methods (UnixTimeMilli,TextUnmarshaler,JSONUnmarshaler) to Valuebinder #​2127
  • Refactor: body_limit middleware unit test #​2145
  • Refactor: Timeout mw: rework how test waits for timeout. #​2187
  • BasicAuth middleware returns 500 InternalServerError on invalid base64 strings but should return 400 #​2191
  • Refactor: duplicated findStaticChild process at findChildWithLabel #​2176
  • Allow different param names in different methods wit

Note

PR body was truncated to here.


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate

renovate Bot commented Jan 20, 2026

Copy link
Copy Markdown
Contributor Author

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: go.sum
Command failed: go get -t ./...
go: errors parsing go.mod:
go.mod:20:2: replace github.com/labstack/echo/v4: version "v5.2.1" invalid: should be v4, not v5

@renovate renovate Bot force-pushed the renovate/github.com-labstack-echo-v4-5.x branch 2 times, most recently from b980bda to e3eb2d2 Compare February 2, 2026 21:53
@renovate renovate Bot force-pushed the renovate/github.com-labstack-echo-v4-5.x branch from e3eb2d2 to 88800b8 Compare February 6, 2026 16:47
@renovate renovate Bot force-pushed the renovate/github.com-labstack-echo-v4-5.x branch from 88800b8 to 91ec4ec Compare February 15, 2026 16:43
@renovate renovate Bot changed the title Update module github.com/labstack/echo/v4 to v5 Update module github.com/labstack/echo/v4 to v5 - autoclosed Mar 30, 2026
@renovate renovate Bot closed this Mar 30, 2026
@renovate renovate Bot deleted the renovate/github.com-labstack-echo-v4-5.x branch March 30, 2026 13:50
@renovate renovate Bot changed the title Update module github.com/labstack/echo/v4 to v5 - autoclosed Update module github.com/labstack/echo/v4 to v5 Mar 30, 2026
@renovate renovate Bot reopened this Mar 30, 2026
@renovate renovate Bot force-pushed the renovate/github.com-labstack-echo-v4-5.x branch 3 times, most recently from 57e4b1c to 84e7e0f Compare April 1, 2026 01:24
@renovate renovate Bot changed the title Update module github.com/labstack/echo/v4 to v5 Update module github.com/labstack/echo/v4 to v5 - autoclosed Apr 29, 2026
@renovate renovate Bot closed this Apr 29, 2026
@renovate renovate Bot changed the title Update module github.com/labstack/echo/v4 to v5 - autoclosed Update module github.com/labstack/echo/v4 to v5 Apr 29, 2026
@renovate renovate Bot reopened this Apr 29, 2026
@renovate renovate Bot force-pushed the renovate/github.com-labstack-echo-v4-5.x branch 3 times, most recently from 19486bc to 08eefc4 Compare May 1, 2026 20:50
@renovate renovate Bot force-pushed the renovate/github.com-labstack-echo-v4-5.x branch 2 times, most recently from 9776a1d to 6c84fdc Compare June 16, 2026 00:37
@renovate renovate Bot changed the title Update module github.com/labstack/echo/v4 to v5 Update module github.com/labstack/echo/v4 to v5 - autoclosed Jun 21, 2026
@renovate renovate Bot closed this Jun 21, 2026
@renovate renovate Bot changed the title Update module github.com/labstack/echo/v4 to v5 - autoclosed Update module github.com/labstack/echo/v4 to v5 Jun 21, 2026
@renovate renovate Bot reopened this Jun 21, 2026
@renovate renovate Bot force-pushed the renovate/github.com-labstack-echo-v4-5.x branch 2 times, most recently from 6c84fdc to 5b7d5e8 Compare June 21, 2026 21:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants