Bump github.com/labstack/echo/v5 from 5.0.0-20230722203903-ec5b858dab61 to 5.1.0 by dependabot[bot] · Pull Request #115 · puzzad/wom

dependabot · 2026-05-04T01:17:38Z

Bumps github.com/labstack/echo/v5 from 5.0.0-20230722203903-ec5b858dab61 to 5.1.0.

Release notes

Sourced from github.com/labstack/echo/v5's releases.

v5.1.0

Security

This change does not break the API contract, but it does introduce breaking changes in logic/behavior. If your application is using c.RealIP() beware and read https://echo.labstack.com/docs/ip-address

In v5 the c.RealIP() will now return request.RemoteAddr unless e.IPExtractor has been configured. No potentially spoofable headers are used by default anymore.

Configure IPExtractor with proper trust options when you want to read IP from headers. See:

https://pkg.go.dev/github.com/labstack/echo/v5#ExtractIPFromRealIPHeader

https://pkg.go.dev/github.com/labstack/echo/v5#ExtractIPFromXFFHeader

v4 behavior can be restored with:
e := echo.New()
e.IPExtractor = echo.LegacyIPExtractor()
Related PR: Remove legacy IP extraction logic from context.RealIP method by @aldas in labstack/echo#2933

What's Changed

Add echo-opentelemetry to the README.md by @aldas in labstack/echo#2908

fix: correct spelling mistakes in comments and field name by @crawfordxx in labstack/echo#2916

Add https://github.com/labstack/echo-prometheus to the middleware list in README.md by @aldas in labstack/echo#2919

Add StartConfig.Listener so server with custom Listener is easier to create by @aldas in labstack/echo#2920

Fix rate limiter documentation for default burst value by @karesansui-u in labstack/echo#2925

Add doc comments to clarify usage of File related methods and leading slash handling by @aldas in labstack/echo#2928

Add NewDefaultFS function to help create filesystem that allows absolute paths by @aldas in labstack/echo#2931

Do not set http.Server.WriteTimeout in StartConfig by @aldas in labstack/echo#2932

Remove legacy IP extraction logic from context.RealIP method by @aldas in labstack/echo#2933

New Contributors

@crawfordxx made their first contribution in labstack/echo#2916

@karesansui-u made their first contribution in labstack/echo#2925

Full Changelog: labstack/echo@v5.0.4...v5.1.0

v5.0.4 small fixes and improvements

What's Changed

Remove unused import 'errors' from README example by @kumapower17 in labstack/echo#2889

Fix Graceful shutdown: after http.Server.Serve returns we need to wait for graceful shutdown goroutine to finish by @aldas in labstack/echo#2898

Update location of oapi-codegen in README by @mromaszewicz in labstack/echo#2896

Add Go 1.26 to CI flow by @aldas in labstack/echo#2899

Add new function echo.StatusCode by @suwakei in labstack/echo#2892

CSRF: support older token-based CSRF protection handler that want to render token into template by @aldas in labstack/echo#2894

Add echo.ResolveResponseStatus function to help middleware/handlers determine HTTP status code and echo.Response by @aldas in labstack/echo#2900

... (truncated)

Changelog

Sourced from github.com/labstack/echo/v5's changelog.

v5.1.0 - 2026-03-31

Security

This change does not break the API contract, but it does introduce breaking changes in logic/behavior. If your application is using c.RealIP() beware and read https://echo.labstack.com/docs/ip-address

v4 behavior can be restored with:
e := echo.New()
e.IPExtractor = echo.LegacyIPExtractor()
Remove legacy IP extraction logic from context.RealIP method by @aldas in labstack/echo#2933

Enhancements

Add echo-opentelemetry to the README.md by @aldas in labstack/echo#2908

fix: correct spelling mistakes in comments and field name by @crawfordxx in labstack/echo#2916

Add https://github.com/labstack/echo-prometheus to the middleware list in README.md by @aldas in labstack/echo#2919

Add StartConfig.Listener so server with custom Listener is easier to create by @aldas in labstack/echo#2920

Fix rate limiter documentation for default burst value by @karesansui-u in labstack/echo#2925

Add doc comments to clarify usage of File related methods and leading slash handling by @aldas in labstack/echo#2928

Add NewDefaultFS function to help create filesystem that allows absolute paths by @aldas in labstack/echo#2931

Do not set http.Server.WriteTimeout in StartConfig by @aldas in labstack/echo#2932

v5.0.4 - 2026-02-15

Enhancements

Remove unused import 'errors' from README example by @kumapower17 in labstack/echo#2889

Fix Graceful shutdown: after http.Server.Serve returns we need to wait for graceful shutdown goroutine to finish by @aldas in labstack/echo#2898

Update location of oapi-codegen in README by @mromaszewicz in labstack/echo#2896

Add Go 1.26 to CI flow by @aldas in labstack/echo#2899

Add new function echo.StatusCode by @suwakei in labstack/echo#2892

CSRF: support older token-based CSRF protection handler that want to render token into template by @aldas in labstack/echo#2894

Add echo.ResolveResponseStatus function to help middleware/handlers determine HTTP status code and echo.Response by @aldas in labstack/echo#2900

v5.0.3 - 2026-02-06

Security

Fix directory traversal vulnerability under Windows in Static middleware when default Echo filesystem is used. Reported by @shblue21.

This applies to cases when:

Windows is used as OS

... (truncated)

Commits

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github.com/labstack/echo/v5](https://github.com/labstack/echo) from 5.0.0-20230722203903-ec5b858dab61 to 5.1.0. - [Release notes](https://github.com/labstack/echo/releases) - [Changelog](https://github.com/labstack/echo/blob/master/CHANGELOG.md) - [Commits](https://github.com/labstack/echo/commits/v5.1.0) --- updated-dependencies: - dependency-name: github.com/labstack/echo/v5 dependency-version: 5.1.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels May 4, 2026

dependabot Bot mentioned this pull request May 4, 2026

Bump github.com/labstack/echo/v5 from 5.0.0-20230722203903-ec5b858dab61 to 5.0.4 #114

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump github.com/labstack/echo/v5 from 5.0.0-20230722203903-ec5b858dab61 to 5.1.0#115

Bump github.com/labstack/echo/v5 from 5.0.0-20230722203903-ec5b858dab61 to 5.1.0#115
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/go_modules/github.com/labstack/echo/v5-5.1.0

dependabot Bot commented on behalf of github May 4, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github May 4, 2026

v5.1.0

Security

What's Changed

New Contributors

v5.0.4 small fixes and improvements

What's Changed

v5.1.0 - 2026-03-31

v5.0.4 - 2026-02-15

v5.0.3 - 2026-02-06

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants