JavaGolangJavaScriptSwiftAndroidRustMiddleware
22 hours ago
tcell
gdamore

Version 2.13.5 Bug Fix Release

This release addresses a problem with keypad keys in certain terminal emulators.

Full Changelog: https://github.com/gdamore/tcell/compare/v2.13.5...v2.13.6

22 hours ago
tcell
gdamore

Version 3.1.0 Feature Release

What's New

The main new feature here is improved support for mouse chords and additional mouse button reporting. It is now possible for multiple mouse buttons to be pressed together, and reported together.

A great deal of additional work was done on the emulator subsystem and in the mocks, yielding over 80% test coverage, with a number of associated bug fixes as a result.

What's Changed

Full Changelog: https://github.com/gdamore/tcell/compare/v3.0.6...v3.1.0

1 days ago
wails
wailsapp

Wails v3.0.0-alpha.58

Wails v3 Alpha Release - v3.0.0-alpha.58

Fixed

  • Fix outdated Manager API references in documentation (31 files updated to use new pattern like app.Window.New(), app.Event.Emit(), etc.) by @leaanthony
  • Fix Linux crash on panic in JS-bound Go methods due to WebKit overriding signal handlers (#3965) by @leaanthony

🤖 This is an automated nightly release generated from the latest changes in the v3-alpha branch.

Installation:

go install github.com/wailsapp/wails/v3/cmd/wails3@v3.0.0-alpha.58

⚠️ Alpha Warning: This is pre-release software and may contain bugs or incomplete features.

1 days ago
lego
go-acme

v4.31.0

lego is an independent, free, and open-source project, if you value it, consider supporting it! ❤️

Everybody thinks that the others will donate, but in the end, nobody does.

So if you think that lego is worth it, please consider donating.

For key updates, see the changelog.

Changelog

  • 8b327005b3105a5a70c8ace5cfe7e1f83e148f7c Add DNS Provider for ISPConfig (DDNS Module) (#2760)
  • c5a259564fe8e0b183fe12fb926f5b3634497967 Add DNS provider for 35.com/三五互联 (#2779)
  • a6a73754af31fb65963f53845bb9ce55d09466a1 Add DNS provider for Alwaysdata (#2770)
  • 96168f78ded8a0db96b80d083834bf05d2bde313 Add DNS provider for ISPConfig (#2762)
  • dd6ab7ca95c90bde76719e9c8121ec8274f3aff8 Add DNS provider for JDCloud (#2782)
  • 1b634097c13285c9829dc9c16b74a9c86c4ff81e docs: remove email from examples (#2773)
  • ee616417a181239b0b77f6fe00acff3a22ae35b9 f5xc: add an option to configure the domain of the server (#2767)
  • a5cc0e155518e825ec2ec017610822f06aebb767 feat: improve ACME error types (#2761)
  • ff885d99c2e45f166a0c9592ea047d8c938604d3 gandiv5: fix API Key header (#2769)
  • 2eede6d6206a06e0b16fb3de45b8fa7aa0807de3 hetzner: fix compatibility with _FILE suffix (#2775)
  • b77b8709b6802da29a702b44bb0a5279c35eb337 namedotcom: follow CNAME (#2390)
4 days ago
fasthttp
valyala

v1.69.0

What's Changed

Full Changelog: https://github.com/valyala/fasthttp/compare/v1.68.0...v1.69.0

5 days ago
wails
wailsapp

Wails v3.0.0-alpha.57

Wails v3 Alpha Release - v3.0.0-alpha.57

Changed

  • Replace various debug logs from Info to Debug (by @mbaklor)

Fixed

  • Fix SaveFileDialog.SetFilename() having no effect on Linux (#4841) by @samstanier
  • Fix drop coordinates showing as undefined in drag-n-drop example
  • Fix macOS app bundle creation failing when APP_NAME contains spaces (brace expansion issue)
  • Fix index out of bounds panic on Windows when calling service methods (revert goccy/go-json)

🤖 This is an automated nightly release generated from the latest changes in the v3-alpha branch.

Installation:

go install github.com/wailsapp/wails/v3/cmd/wails3@v3.0.0-alpha.57

⚠️ Alpha Warning: This is pre-release software and may contain bugs or incomplete features.

6 days ago
wails
wailsapp

Wails v3.0.0-alpha.56

Wails v3 Alpha Release - v3.0.0-alpha.56

Added

  • Add internal/libpath package for finding native library paths on Linux with parallel search, caching, and support for Flatpak/Snap/Nix

Changed

  • BREAKING: Rename EnableDragAndDrop to EnableFileDrop in window options
  • BREAKING: Rename DropZoneDetails to DropTargetDetails in event context
  • BREAKING: Rename DropZoneDetails() method to DropTargetDetails() on WindowEventContext
  • BREAKING: Remove WindowDropZoneFilesDropped event, use WindowFilesDropped instead
  • BREAKING: Change HTML attribute from data-wails-dropzone to data-file-drop-target
  • BREAKING: Change CSS hover class from wails-dropzone-hover to file-drop-target-active
  • BREAKING: Remove DragEffect, OnEnterEffect, OnOverEffect options from Windows (were part of removed IDropTarget)

Fixed

  • Fix file drag-and-drop on Windows not working at non-100% display scaling
  • Fix HTML5 internal drag-and-drop being broken when file drop was enabled on Windows
  • Fix file drop coordinates being in wrong pixel space on Windows (physical vs CSS pixels)
  • Fix file drag-and-drop on Linux not working reliably with hover effects
  • Fix HTML5 internal drag-and-drop being broken when file drop was enabled on Linux

Removed

  • Remove native IDropTarget implementation on Windows in favor of JavaScript-based approach (matches v2 behavior)

🤖 This is an automated nightly release generated from the latest changes in the v3-alpha branch.

Installation:

go install github.com/wailsapp/wails/v3/cmd/wails3@v3.0.0-alpha.56

⚠️ Alpha Warning: This is pre-release software and may contain bugs or incomplete features.

7 days ago
fyne
fyne-io

New Year new Fyne release :) - lots of bug fixes

Changed

  • Added Japanese translation

Fixed

  • Crash in accordion (#3966)
  • Extended list does not focus correctly when tapped (#5997)
  • TextGrid: Ensure we are refreshing the correct row (#6023)
  • Entry doesn't lose focus when clicking on button elsewhere (#5107)
  • Mouse clicks missed (#4672)
  • Possible crash when form is truncated when an Entry is focused
  • Alt-Tab'ing should not open MainMenu (#2998)
  • Wayland: ALT key steals focus to the menubar if it exists (#5960)
  • Extending the build-In theme only works fully when theme is set after app has started (#6056)
  • Multi-segment RichText not right aligning correctly (#6060)
8 days ago
wails
wailsapp

Wails v3.0.0-alpha.55

Wails v3 Alpha Release - v3.0.0-alpha.55

Changed

  • Switch to goccy/go-json for all runtime JSON processing (method bindings, events, webview requests, notifications, kvstore), improving performance by 21-63% and reducing memory allocations by 40-60%
  • Optimize BoundMethod struct layout and cache isVariadic flag to reduce per-call overhead
  • Use stack-allocated argument buffer for methods with <=8 arguments to avoid heap allocations
  • Optimize result collection in method calls to avoid slice allocation for single return values
  • Use sync.Map for MIME type cache to improve concurrent performance
  • Use buffer pool for HTTP transport request body reading
  • Lazily allocate CloseNotify channel in content type sniffer to reduce per-request allocations
  • Remove debug CSS logging from asset server
  • Expand MIME type extension map to cover 50+ common web formats (fonts, audio, video, etc.)

Fixed

  • Update all commands in Taskfile.yml files for all operating systems to accommodate spaces in variables such as APP_NAME by @ndianabasi

Removed

  • Remove github.com/wailsapp/mimetype dependency in favor of expanded extension map + stdlib http.DetectContentType, reducing binary size by ~1.2MB
  • Remove gopkg.in/ini.v1 dependency by implementing minimal .desktop file parser for Linux file explorer, saving ~45KB
  • Remove samber/lo from runtime code by using Go 1.21+ stdlib slices package and minimal internal helpers, saving ~310KB

🤖 This is an automated nightly release generated from the latest changes in the v3-alpha branch.

Installation:

go install github.com/wailsapp/wails/v3/cmd/wails3@v3.0.0-alpha.55

⚠️ Alpha Warning: This is pre-release software and may contain bugs or incomplete features.

8 days ago
echo
labstack

v4.15.0

Security

WARNING: If your application relies on cross-origin or same-site (same subdomain) requests do not blindly push this version to production

The CSRF middleware now supports the Sec-Fetch-Site header as a modern, defense-in-depth approach to CSRF protection, implementing the OWASP-recommended Fetch Metadata API alongside the traditional token-based mechanism.

How it works:

Modern browsers automatically send the Sec-Fetch-Site header with all requests, indicating the relationship between the request origin and the target. The middleware uses this to make security decisions:

  • same-origin or none: Requests are allowed (exact origin match or direct user navigation)
  • same-site: Falls back to token validation (e.g., subdomain to main domain)
  • cross-site: Blocked by default with 403 error for unsafe methods (POST, PUT, DELETE, PATCH)

For browsers that don't send this header (older browsers), the middleware seamlessly falls back to traditional token-based CSRF protection.

New Configuration Options:

  • TrustedOrigins []string: Allowlist specific origins for cross-site requests (useful for OAuth callbacks, webhooks)
  • AllowSecFetchSiteFunc func(echo.Context) (bool, error): Custom logic for same-site/cross-site request validation

Example:

e.Use(middleware.CSRFWithConfig(middleware.CSRFConfig{
    // Allow OAuth callbacks from trusted provider
    TrustedOrigins: []string{"https://oauth-provider.com"},

    // Custom validation for same-site requests
    AllowSecFetchSiteFunc: func(c echo.Context) (bool, error) {
        // Your custom authorization logic here
        return validateCustomAuth(c), nil
        // return true, err  // blocks request with error
        // return true, nil  // allows CSRF request through
        // return false, nil // falls back to legacy token logic
    },
}))

PR: https://github.com/labstack/echo/pull/2858

Type-Safe Generic Parameter Binding

  • Added generic functions for type-safe parameter extraction and context access by @aldas in https://github.com/labstack/echo/pull/2856

    Echo now provides generic functions for extracting path, query, and form parameters with automatic type conversion, eliminating manual string parsing and type assertions.

    New Functions:

    • Path parameters: PathParam[T], PathParamOr[T]
    • Query parameters: QueryParam[T], QueryParamOr[T], QueryParams[T], QueryParamsOr[T]
    • Form values: FormParam[T], FormParamOr[T], FormParams[T], FormParamsOr[T]
    • Context store: ContextGet[T], ContextGetOr[T]

    Supported Types: Primitives (bool, string, int/uint variants, float32/float64), time.Duration, time.Time (with custom layouts and Unix timestamp support), and custom types implementing BindUnmarshaler, TextUnmarshaler, or JSONUnmarshaler.

    Example:

    // Before: Manual parsing
idStr := c.Param("id")
id, err := strconv.Atoi(idStr)

// After: Type-safe with automatic parsing
id, err := echo.PathParam[int](c, "id")

// With default values
page, err := echo.QueryParamOr[int](c, "page", 1)
limit, err := echo.QueryParamOr[int](c, "limit", 20)

// Type-safe context access (no more panics from type assertions)
user, err := echo.ContextGet[*User](c, "user")

PR: https://github.com/labstack/echo/pull/2856

DEPRECATION NOTICE Timeout Middleware Deprecated - Use ContextTimeout Instead

The middleware.Timeout middleware has been deprecated due to fundamental architectural issues that cause data races. Use middleware.ContextTimeout or middleware.ContextTimeoutWithConfig instead.

Why is this being deprecated?

The Timeout middleware manipulates response writers across goroutine boundaries, which causes data races that cannot be reliably fixed without a complete architectural redesign. The middleware:

  • Swaps the response writer using http.TimeoutHandler
  • Must be the first middleware in the chain (fragile constraint)
  • Can cause races with other middleware (Logger, metrics, custom middleware)
  • Has been the source of multiple race condition fixes over the years

What should you use instead?

The ContextTimeout middleware (available since v4.12.0) provides timeout functionality using Go's standard context mechanism. It is:

  • Race-free by design
  • Can be placed anywhere in the middleware chain
  • Simpler and more maintainable
  • Compatible with all other middleware

Migration Guide:

// Before (deprecated):
e.Use(middleware.Timeout())

// After (recommended):
e.Use(middleware.ContextTimeout(30 * time.Second))

Important Behavioral Differences:

  1. Handler cooperation required: With ContextTimeout, your handlers must check context.Done() for cooperative cancellation. The old Timeout middleware would send a 503 response regardless of handler cooperation, but had data race issues.

  2. Error handling: ContextTimeout returns errors through the standard error handling flow. Handlers that receive context.DeadlineExceeded should handle it appropriately:

e.GET("/long-task", func(c echo.Context) error {
    ctx := c.Request().Context()

    // Example: database query with context
    result, err := db.QueryContext(ctx, "SELECT * FROM large_table")
    if err != nil {
        if errors.Is(err, context.DeadlineExceeded) {
            // Handle timeout
            return echo.NewHTTPError(http.StatusServiceUnavailable, "Request timeout")
        }
        return err
    }

    return c.JSON(http.StatusOK, result)
})
  1. Background tasks: For long-running background tasks, use goroutines with context:
e.GET("/async-task", func(c echo.Context) error {
    ctx := c.Request().Context()

    resultCh := make(chan Result, 1)
    errCh := make(chan error, 1)

    go func() {
        result, err := performLongTask(ctx)
        if err != nil {
            errCh <- err
            return
        }
        resultCh <- result
    }()

    select {
    case result := <-resultCh:
        return c.JSON(http.StatusOK, result)
    case err := <-errCh:
        return err
    case <-ctx.Done():
        return echo.NewHTTPError(http.StatusServiceUnavailable, "Request timeout")
    }
})

Full Changelog: https://github.com/labstack/echo/compare/v4.14.0...v4.15.0