Update dependencies

vendor/github.com/labstack/echo/v4/CHANGELOG.md

@@ -1,5 +1,19 @@
 # Changelog
 
+## v4.9.1 - 2022-10-12
+
+**Fixes**
+
+* Fix logger panicing (when template is set to empty) by bumping dependency version [#2295](https://github.com/labstack/echo/issues/2295)
+
+**Enhancements**
+
+* Improve CORS documentation [#2272](https://github.com/labstack/echo/pull/2272)
+* Update readme about supported Go versions [#2291](https://github.com/labstack/echo/pull/2291)
+* Tests: improve error handling on closing body [#2254](https://github.com/labstack/echo/pull/2254)
+* Tests: refactor some of the assertions in tests [#2275](https://github.com/labstack/echo/pull/2275)
+* Tests: refactor assertions [#2301](https://github.com/labstack/echo/pull/2301)
+
 ## v4.9.0 - 2022-09-04
 
 **Security**

vendor/github.com/labstack/echo/v4/README.md

@@ -11,12 +11,11 @@
 
 ## Supported Go versions
 
+Latest version of Echo supports last four Go major [releases](https://go.dev/doc/devel/release) and might work with older versions.
+
 As of version 4.0.0, Echo is available as a [Go module](https://github.com/golang/go/wiki/Modules).
 Therefore a Go version capable of understanding /vN suffixed imports is required:
 
-- 1.9.7+
-- 1.10.3+
-- 1.14+
 
 Any of these versions will allow you to import Echo as `github.com/labstack/echo/v4` which is the recommended
 way of using Echo going forward.

vendor/github.com/labstack/echo/v4/context.go

@@ -181,7 +181,7 @@ type (
 		// Logger returns the `Logger` instance.
 		Logger() Logger
 
-		// Set the logger
+		// SetLogger Set the logger
 		SetLogger(l Logger)
 
 		// Echo returns the `Echo` instance.

vendor/github.com/labstack/echo/v4/middleware/cors.go

@@ -15,46 +15,85 @@ type (
 		// Skipper defines a function to skip middleware.
 		Skipper Skipper
 
-		// AllowOrigin defines a list of origins that may access the resource.
+		// AllowOrigins determines the value of the Access-Control-Allow-Origin
+		// response header.  This header defines a list of origins that may access the
+		// resource.  The wildcard characters '*' and '?' are supported and are
+		// converted to regex fragments '.*' and '.' accordingly.
+		//
+		// Security: use extreme caution when handling the origin, and carefully
+		// validate any logic. Remember that attackers may register hostile domain names.
+		// See https://blog.portswigger.net/2016/10/exploiting-cors-misconfigurations-for.html
+		//
 		// Optional. Default value []string{"*"}.
+		//
+		// See also: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
 		AllowOrigins []string `yaml:"allow_origins"`
 
 		// AllowOriginFunc is a custom function to validate the origin. It takes the
 		// origin as an argument and returns true if allowed or false otherwise. If
 		// an error is returned, it is returned by the handler. If this option is
 		// set, AllowOrigins is ignored.
+		//
+		// Security: use extreme caution when handling the origin, and carefully
+		// validate any logic. Remember that attackers may register hostile domain names.
+		// See https://blog.portswigger.net/2016/10/exploiting-cors-misconfigurations-for.html
+		//
 		// Optional.
 		AllowOriginFunc func(origin string) (bool, error) `yaml:"allow_origin_func"`
 
-		// AllowMethods defines a list methods allowed when accessing the resource.
-		// This is used in response to a preflight request.
+		// AllowMethods determines the value of the Access-Control-Allow-Methods
+		// response header.  This header specified the list of methods allowed when
+		// accessing the resource.  This is used in response to a preflight request.
+		//
 		// Optional. Default value DefaultCORSConfig.AllowMethods.
-		// If `allowMethods` is left empty will fill for preflight request `Access-Control-Allow-Methods` header value
+		// If `allowMethods` is left empty, this middleware will fill for preflight
+		// request `Access-Control-Allow-Methods` header value
 		// from `Allow` header that echo.Router set into context.
+		//
+		// See also: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods
 		AllowMethods []string `yaml:"allow_methods"`
 
-		// AllowHeaders defines a list of request headers that can be used when
-		// making the actual request. This is in response to a preflight request.
+		// AllowHeaders determines the value of the Access-Control-Allow-Headers
+		// response header.  This header is used in response to a preflight request to
+		// indicate which HTTP headers can be used when making the actual request.
+		//
 		// Optional. Default value []string{}.
+		//
+		// See also: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers
 		AllowHeaders []string `yaml:"allow_headers"`
 
-		// AllowCredentials indicates whether or not the response to the request
-		// can be exposed when the credentials flag is true. When used as part of
-		// a response to a preflight request, this indicates whether or not the
-		// actual request can be made using credentials.
-		// Optional. Default value false.
+		// AllowCredentials determines the value of the
+		// Access-Control-Allow-Credentials response header.  This header indicates
+		// whether or not the response to the request can be exposed when the
+		// credentials mode (Request.credentials) is true. When used as part of a
+		// response to a preflight request, this indicates whether or not the actual
+		// request can be made using credentials.  See also
+		// [MDN: Access-Control-Allow-Credentials].
+		//
+		// Optional. Default value false, in which case the header is not set.
+		//
 		// Security: avoid using `AllowCredentials = true` with `AllowOrigins = *`.
-		// See http://blog.portswigger.net/2016/10/exploiting-cors-misconfigurations-for.html
+		// See "Exploiting CORS misconfigurations for Bitcoins and bounties",
+		// https://blog.portswigger.net/2016/10/exploiting-cors-misconfigurations-for.html
+		//
+		// See also: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials
 		AllowCredentials bool `yaml:"allow_credentials"`
 
-		// ExposeHeaders defines a whitelist headers that clients are allowed to
-		// access.
-		// Optional. Default value []string{}.
+		// ExposeHeaders determines the value of Access-Control-Expose-Headers, which
+		// defines a list of headers that clients are allowed to access.
+		//
+		// Optional. Default value []string{}, in which case the header is not set.
+		//
+		// See also: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Header
 		ExposeHeaders []string `yaml:"expose_headers"`
 
-		// MaxAge indicates how long (in seconds) the results of a preflight request
-		// can be cached.
-		// Optional. Default value 0.
+		// MaxAge determines the value of the Access-Control-Max-Age response header.
+		// This header indicates how long (in seconds) the results of a preflight
+		// request can be cached.
+		//
+		// Optional. Default value 0.  The header is set only if MaxAge > 0.
+		//
+		// See also: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Max-Age
 		MaxAge int `yaml:"max_age"`
 	}
 )
@@ -69,13 +108,22 @@ var (
 )
 
 // CORS returns a Cross-Origin Resource Sharing (CORS) middleware.
-// See: https://developer.mozilla.org/en/docs/Web/HTTP/Access_control_CORS
+// See also [MDN: Cross-Origin Resource Sharing (CORS)].
+//
+// Security: Poorly configured CORS can compromise security because it allows
+// relaxation of the browser's Same-Origin policy.  See [Exploiting CORS
+// misconfigurations for Bitcoins and bounties] and [Portswigger: Cross-origin
+// resource sharing (CORS)] for more details.
+//
+// [MDN: Cross-Origin Resource Sharing (CORS)]: https://developer.mozilla.org/en/docs/Web/HTTP/Access_control_CORS
+// [Exploiting CORS misconfigurations for Bitcoins and bounties]: https://blog.portswigger.net/2016/10/exploiting-cors-misconfigurations-for.html
+// [Portswigger: Cross-origin resource sharing (CORS)]: https://portswigger.net/web-security/cors
 func CORS() echo.MiddlewareFunc {
 	return CORSWithConfig(DefaultCORSConfig)
 }
 
 // CORSWithConfig returns a CORS middleware with config.
-// See: `CORS()`.
+// See: [CORS].
 func CORSWithConfig(config CORSConfig) echo.MiddlewareFunc {
 	// Defaults
 	if config.Skipper == nil {

vendor/github.com/labstack/gommon/bytes/bytes.go

@@ -12,19 +12,31 @@ type (
 	Bytes struct{}
 )
 
+// binary units (IEC 60027)
 const (
 	_ = 1.0 << (10 * iota) // ignore first value by assigning to blank identifier
-	KB
-	MB
-	GB
-	TB
-	PB
-	EB
+	KiB
+	MiB
+	GiB
+	TiB
+	PiB
+	EiB
+)
+
+// decimal units (SI international system of units)
+const (
+	KB = 1000
+	MB = KB * 1000
+	GB = MB * 1000
+	TB = GB * 1000
+	PB = TB * 1000
+	EB = PB * 1000
 )
 
 var (
-	pattern = regexp.MustCompile(`(?i)^(-?\d+(?:\.\d+)?)\s?([KMGTPE]B?|B?)$`)
-	global  = New()
+	patternBinary  = regexp.MustCompile(`(?i)^(-?\d+(?:\.\d+)?)\s?([KMGTPE]iB?)$`)
+	patternDecimal = regexp.MustCompile(`(?i)^(-?\d+(?:\.\d+)?)\s?([KMGTPE]B?|B?)$`)
+	global         = New()
 )
 
 // New creates a Bytes instance.
@@ -32,44 +44,97 @@ func New() *Bytes {
 	return &Bytes{}
 }
 
-// Format formats bytes integer to human readable string.
+// Format formats bytes integer to human readable string according to IEC 60027.
 // For example, 31323 bytes will return 30.59KB.
-func (*Bytes) Format(b int64) string {
+func (b *Bytes) Format(value int64) string {
+	return b.FormatBinary(value)
+}
+
+// FormatBinary formats bytes integer to human readable string according to IEC 60027.
+// For example, 31323 bytes will return 30.59KB.
+func (*Bytes) FormatBinary(value int64) string {
 	multiple := ""
-	value := float64(b)
+	val := float64(value)
 
 	switch {
-	case b >= EB:
-		value /= EB
-		multiple = "EB"
-	case b >= PB:
-		value /= PB
-		multiple = "PB"
-	case b >= TB:
-		value /= TB
-		multiple = "TB"
-	case b >= GB:
-		value /= GB
-		multiple = "GB"
-	case b >= MB:
-		value /= MB
-		multiple = "MB"
-	case b >= KB:
-		value /= KB
-		multiple = "KB"
-	case b == 0:
+	case value >= EiB:
+		val /= EiB
+		multiple = "EiB"
+	case value >= PiB:
+		val /= PiB
+		multiple = "PiB"
+	case value >= TiB:
+		val /= TiB
+		multiple = "TiB"
+	case value >= GiB:
+		val /= GiB
+		multiple = "GiB"
+	case value >= MiB:
+		val /= MiB
+		multiple = "MiB"
+	case value >= KiB:
+		val /= KiB
+		multiple = "KiB"
+	case value == 0:
 		return "0"
 	default:
-		return strconv.FormatInt(b, 10) + "B"
+		return strconv.FormatInt(value, 10) + "B"
 	}
 
-	return fmt.Sprintf("%.2f%s", value, multiple)
+	return fmt.Sprintf("%.2f%s", val, multiple)
+}
+
+// FormatDecimal formats bytes integer to human readable string according to SI international system of units.
+// For example, 31323 bytes will return 31.32KB.
+func (*Bytes) FormatDecimal(value int64) string {
+	multiple := ""
+	val := float64(value)
+
+	switch {
+	case value >= EB:
+		val /= EB
+		multiple = "EB"
+	case value >= PB:
+		val /= PB
+		multiple = "PB"
+	case value >= TB:
+		val /= TB
+		multiple = "TB"
+	case value >= GB:
+		val /= GB
+		multiple = "GB"
+	case value >= MB:
+		val /= MB
+		multiple = "MB"
+	case value >= KB:
+		val /= KB
+		multiple = "KB"
+	case value == 0:
+		return "0"
+	default:
+		return strconv.FormatInt(value, 10) + "B"
+	}
+
+	return fmt.Sprintf("%.2f%s", val, multiple)
 }
 
 // Parse parses human readable bytes string to bytes integer.
-// For example, 6GB (6G is also valid) will return 6442450944.
-func (*Bytes) Parse(value string) (i int64, err error) {
-	parts := pattern.FindStringSubmatch(value)
+// For example, 6GiB (6Gi is also valid) will return 6442450944, and
+// 6GB (6G is also valid) will return 6000000000.
+func (b *Bytes) Parse(value string) (int64, error) {
+
+	i, err := b.ParseBinary(value)
+	if err == nil {
+		return i, err
+	}
+
+	return b.ParseDecimal(value)
+}
+
+// ParseBinary parses human readable bytes string to bytes integer.
+// For example, 6GiB (6Gi is also valid) will return 6442450944.
+func (*Bytes) ParseBinary(value string) (i int64, err error) {
+	parts := patternBinary.FindStringSubmatch(value)
 	if len(parts) < 3 {
 		return 0, fmt.Errorf("error parsing value=%s", value)
 	}
@@ -81,8 +146,38 @@ func (*Bytes) Parse(value string) (i int64, err error) {
 	}
 
 	switch multiple {
+	case "KI", "KIB":
+		return int64(bytes * KiB), nil
+	case "MI", "MIB":
+		return int64(bytes * MiB), nil
+	case "GI", "GIB":
+		return int64(bytes * GiB), nil
+	case "TI", "TIB":
+		return int64(bytes * TiB), nil
+	case "PI", "PIB":
+		return int64(bytes * PiB), nil
+	case "EI", "EIB":
+		return int64(bytes * EiB), nil
 	default:
 		return int64(bytes), nil
+	}
+}
+
+// ParseDecimal parses human readable bytes string to bytes integer.
+// For example, 6GB (6G is also valid) will return 6000000000.
+func (*Bytes) ParseDecimal(value string) (i int64, err error) {
+	parts := patternDecimal.FindStringSubmatch(value)
+	if len(parts) < 3 {
+		return 0, fmt.Errorf("error parsing value=%s", value)
+	}
+	bytesString := parts[1]
+	multiple := strings.ToUpper(parts[2])
+	bytes, err := strconv.ParseFloat(bytesString, 64)
+	if err != nil {
+		return
+	}
+
+	switch multiple {
 	case "K", "KB":
 		return int64(bytes * KB), nil
 	case "M", "MB":
@@ -95,15 +190,27 @@ func (*Bytes) Parse(value string) (i int64, err error) {
 		return int64(bytes * PB), nil
 	case "E", "EB":
 		return int64(bytes * EB), nil
+	default:
+		return int64(bytes), nil
 	}
 }
 
 // Format wraps global Bytes's Format function.
-func Format(b int64) string {
-	return global.Format(b)
+func Format(value int64) string {
+	return global.Format(value)
+}
+
+// FormatBinary wraps global Bytes's FormatBinary function.
+func FormatBinary(value int64) string {
+	return global.FormatBinary(value)
+}
+
+// FormatDecimal wraps global Bytes's FormatDecimal function.
+func FormatDecimal(value int64) string {
+	return global.FormatDecimal(value)
 }
 
 // Parse wraps global Bytes's Parse function.
-func Parse(val string) (int64, error) {
-	return global.Parse(val)
+func Parse(value string) (int64, error) {
+	return global.Parse(value)
 }

vendor/github.com/labstack/gommon/log/log.go

@@ -391,7 +391,7 @@ func (l *Logger) log(level Lvl, format string, args ...interface{}) {
 		if err == nil {
 			s := buf.String()
 			i := buf.Len() - 1
-			if s[i] == '}' {
+			if i >= 0 && s[i] == '}' {
 				// JSON header
 				buf.Truncate(i)
 				buf.WriteByte(',')
@@ -404,7 +404,9 @@ func (l *Logger) log(level Lvl, format string, args ...interface{}) {
 				}
 			} else {
 				// Text header
-				buf.WriteByte(' ')
+				if len(s) > 0 {
+					buf.WriteByte(' ')
+				}
 				buf.WriteString(message)
 			}
 			buf.WriteByte('\n')