Update module github.com/labstack/echo/v4 to v4.13.2

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
github.com/labstack/echo/v4	v4.12.0 -> v4.13.2

---

Release Notes

labstack/echo (github.com/labstack/echo/v4)

v4.13.2

Compare Source

Security

• Update dependencies (dependabot reports GO-2024-3321) in https://github.com/labstack/echo/pull/2721

v4.13.1

Compare Source

Fixes

• Fix BindBody ignoring Transfer-Encoding: chunked requests by @​178inaba in https://github.com/labstack/echo/pull/2717

v4.13.0

Compare Source

BREAKING CHANGE JWT Middleware Removed from Core use labstack/echo-jwt instead

The JWT middleware has been removed from Echo core due to another security vulnerability, CVE-2024-51744. For more details, refer to issue #​2699. A drop-in replacement is available in the labstack/echo-jwt repository.

Important: Direct assignments like token := c.Get("user").(*jwt.Token) will now cause a panic due to an invalid cast. Update your code accordingly. Replace the current imports from "github.com/golang-jwt/jwt" in your handlers to the new middleware version using "github.com/golang-jwt/jwt/v5".

Background:

The version of golang-jwt/jwt (v3.2.2) previously used in Echo core has been in an unmaintained state for some time. This is not the first vulnerability affecting this library; earlier issues were addressed in PR #​1946.
JWT middleware was marked as deprecated in Echo core as of v4.10.0 on 2022-12-27. If you did not notice that, consider leveraging tools like Staticcheck to catch such deprecations earlier in you dev/CI flow. For bonus points - check out gosec.

We sincerely apologize for any inconvenience caused by this change. While we strive to maintain backward compatibility within Echo core, recurring security issues with third-party dependencies have forced this decision.

Enhancements

• remove jwt middleware by @​stevenwhitehead in https://github.com/labstack/echo/pull/2701
• optimization: struct alignment by @​behnambm in https://github.com/labstack/echo/pull/2636
• bind: Maintain backwards compatibility for map[string]interface{} binding by @​thesaltree in https://github.com/labstack/echo/pull/2656
• Add Go 1.23 to CI by @​aldas in https://github.com/labstack/echo/pull/2675
• improve MultipartForm test by @​martinyonatann in https://github.com/labstack/echo/pull/2682
• bind : add support of multipart multi files by @​martinyonatann in https://github.com/labstack/echo/pull/2684
• Add TemplateRenderer struct to ease creating renderers for html/template and text/template packages. by @​aldas in https://github.com/labstack/echo/pull/2690
• Refactor TestBasicAuth to utilize table-driven test format by @​ErikOlson in https://github.com/labstack/echo/pull/2688
• Remove broken header by @​aldas in https://github.com/labstack/echo/pull/2705
• fix(bind body): content-length can be -1 by @​phamvinhdat in https://github.com/labstack/echo/pull/2710
• CORS middleware should compile allowOrigin regexp at creation by @​aldas in https://github.com/labstack/echo/pull/2709
• Shorten Github issue template and add test example by @​aldas in https://github.com/labstack/echo/pull/2711

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 2 additional dependencies were updated

Details:

Package	Change
golang.org/x/net	v0.24.0 -> v0.32.0
golang.org/x/time	v0.5.0 -> v0.8.0