Upgrade dependencies (#113)

* Upgrade dependencies
* Add note about supported versions
* update ci versions

.github/workflows/echo-contrib.yml

@@ -14,23 +14,23 @@ permissions:
 
 env:
   # run coverage and benchmarks only with the latest Go version
-  LATEST_GO_VERSION: "1.20"
+  LATEST_GO_VERSION: "1.22"
 
 jobs:
   test:
     strategy:
       matrix:
         os: [ubuntu-latest, macos-latest, windows-latest]
         # Each major Go release is supported until there are two newer major releases. https://golang.org/doc/devel/release.html#policy
-        # Echo tests with last four major releases (unless there are pressing vulnerabilities)
-        # As we depend on `golang.org/x/` libraries which only support last 2 Go releases we could have situations when
+        # Echo CORE tests with last four major releases (unless there are pressing vulnerabilities)
+        # As we depend on MANY DIFFERENT libraries which of SOME support last 2 Go releases we could have situations when
         # we derive from last four major releases promise.
-        go: ["1.18", "1.19", "1.20"]
+        go: ["1.21", "1.22"]
     name: ${{ matrix.os }} @ Go ${{ matrix.go }}
     runs-on: ${{ matrix.os }}
     steps:
       - name: Checkout Code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Set up Go ${{ matrix.go }}
         uses: actions/setup-go@v4
@@ -53,13 +53,13 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Code (Previous)
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           ref: ${{ github.base_ref }}
           path: previous
 
       - name: Checkout Code (New)
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           path: new
 

README.md

@@ -6,13 +6,11 @@
  [![Codecov](https://img.shields.io/codecov/c/github/labstack/echo-contrib.svg?style=flat-square)](https://codecov.io/gh/labstack/echo-contrib)
  [![Twitter](https://img.shields.io/badge/[email protected]?style=flat-square)](https://twitter.com/labstack)
 
-## Packages
+# Supported Go version
 
-Name | Description | Author
---- | --- | ---
-[casbin](https://github.com/casbin/casbin) | Access control library | [hsluoyz](https://github.com/hsluoyz)
-session | Session middleware backed by [gorilla/sessions](https://github.com/gorilla/sessions) | [vishr](https://github.com/vishr)
-jaegertracing | Jaeger tracer middleware | [carlosedp](https://github.com/carlosedp)
-prometheus | Prometheus metrics | [carlosedp](https://github.com/carlosedp)
-pprof      | pprof middlware | [arun0009](https://github.com/arun0009)
-zipkin | [Zipkin](https://github.com/openzipkin/zipkin-go) middleware | [arun0009](https://github.com/arun0009)
+Each major Go release is supported until there are two newer major releases. https://golang.org/doc/devel/release.html#policy
+[Echo CORE](https://github.com/labstack/echo) tests with last FOUR major releases (unless there are pressing vulnerabilities)
+As this library depends on MANY DIFFERENT libraries which of SOME support only last 2 Go releases we could have situations when
+we derive from last four major releases promise.
+
+p.s. you really should use latest versions of Go as there are many vulnerebilites fixed only in supported versions. Please see https://pkg.go.dev/vuln/

go.mod

@@ -1,50 +1,46 @@
 module github.com/labstack/echo-contrib
 
-go 1.18
+go 1.21
 
 require (
-	github.com/casbin/casbin/v2 v2.77.2
-	github.com/gorilla/context v1.1.1
-	github.com/gorilla/sessions v1.2.1
-	github.com/labstack/echo/v4 v4.11.2
-	github.com/labstack/gommon v0.4.0
+	github.com/casbin/casbin/v2 v2.85.0
+	github.com/gorilla/context v1.1.2
+	github.com/gorilla/sessions v1.2.2
+	github.com/labstack/echo/v4 v4.11.4
+	github.com/labstack/gommon v0.4.2
 	github.com/opentracing/opentracing-go v1.2.0
 	github.com/openzipkin/zipkin-go v0.4.2
-	github.com/prometheus/client_golang v1.17.0
-	github.com/prometheus/common v0.44.0
-	github.com/stretchr/testify v1.8.4
+	github.com/prometheus/client_golang v1.19.0
+	github.com/prometheus/common v0.50.0
+	github.com/stretchr/testify v1.9.0
 	github.com/uber/jaeger-client-go v2.30.0+incompatible
 )
 
 require (
 	github.com/HdrHistogram/hdrhistogram-go v1.1.2 // indirect
-	github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/casbin/govaluate v1.1.1 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/golang-jwt/jwt v3.2.2+incompatible // indirect
-	github.com/golang/protobuf v1.5.3 // indirect
-	github.com/gorilla/securecookie v1.1.1 // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
+	github.com/gorilla/securecookie v1.1.2 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
-	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/prometheus/client_model v0.5.0 // indirect
-	github.com/prometheus/procfs v0.12.0 // indirect
-	github.com/tidwall/gjson v1.17.0 // indirect
-	github.com/tidwall/match v1.1.1 // indirect
-	github.com/tidwall/pretty v1.2.1 // indirect
+	github.com/prometheus/client_model v0.6.0 // indirect
+	github.com/prometheus/procfs v0.13.0 // indirect
 	github.com/uber/jaeger-lib v2.4.1+incompatible // indirect
 	github.com/valyala/bytebufferpool v1.0.0 // indirect
 	github.com/valyala/fasttemplate v1.2.2 // indirect
 	go.uber.org/atomic v1.11.0 // indirect
-	golang.org/x/crypto v0.17.0 // indirect
-	golang.org/x/net v0.17.0 // indirect
-	golang.org/x/sys v0.15.0 // indirect
+	golang.org/x/crypto v0.21.0 // indirect
+	golang.org/x/net v0.22.0 // indirect
+	golang.org/x/sys v0.18.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
-	golang.org/x/time v0.3.0 // indirect
-	google.golang.org/grpc v1.59.0 // indirect
-	google.golang.org/protobuf v1.31.0 // indirect
+	golang.org/x/time v0.5.0 // indirect
+	google.golang.org/grpc v1.62.1 // indirect
+	google.golang.org/protobuf v1.33.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )