JavaGolangJavaScriptSwiftAndroidRustMiddleware
15 hours ago
wails
wailsapp

Wails v3.0.0-alpha.55

Wails v3 Alpha Release - v3.0.0-alpha.55

Changed

  • Switch to goccy/go-json for all runtime JSON processing (method bindings, events, webview requests, notifications, kvstore), improving performance by 21-63% and reducing memory allocations by 40-60%
  • Optimize BoundMethod struct layout and cache isVariadic flag to reduce per-call overhead
  • Use stack-allocated argument buffer for methods with <=8 arguments to avoid heap allocations
  • Optimize result collection in method calls to avoid slice allocation for single return values
  • Use sync.Map for MIME type cache to improve concurrent performance
  • Use buffer pool for HTTP transport request body reading
  • Lazily allocate CloseNotify channel in content type sniffer to reduce per-request allocations
  • Remove debug CSS logging from asset server
  • Expand MIME type extension map to cover 50+ common web formats (fonts, audio, video, etc.)

Fixed

  • Update all commands in Taskfile.yml files for all operating systems to accommodate spaces in variables such as APP_NAME by @ndianabasi

Removed

  • Remove github.com/wailsapp/mimetype dependency in favor of expanded extension map + stdlib http.DetectContentType, reducing binary size by ~1.2MB
  • Remove gopkg.in/ini.v1 dependency by implementing minimal .desktop file parser for Linux file explorer, saving ~45KB
  • Remove samber/lo from runtime code by using Go 1.21+ stdlib slices package and minimal internal helpers, saving ~310KB

🤖 This is an automated nightly release generated from the latest changes in the v3-alpha branch.

Installation:

go install github.com/wailsapp/wails/v3/cmd/wails3@v3.0.0-alpha.55

⚠️ Alpha Warning: This is pre-release software and may contain bugs or incomplete features.

1 days ago
echo
labstack

v4.15.0

Security

WARNING: If your application relies on cross-origin or same-site (same subdomain) requests do not blindly push this version to production

The CSRF middleware now supports the Sec-Fetch-Site header as a modern, defense-in-depth approach to CSRF protection, implementing the OWASP-recommended Fetch Metadata API alongside the traditional token-based mechanism.

How it works:

Modern browsers automatically send the Sec-Fetch-Site header with all requests, indicating the relationship between the request origin and the target. The middleware uses this to make security decisions:

  • same-origin or none: Requests are allowed (exact origin match or direct user navigation)
  • same-site: Falls back to token validation (e.g., subdomain to main domain)
  • cross-site: Blocked by default with 403 error for unsafe methods (POST, PUT, DELETE, PATCH)

For browsers that don't send this header (older browsers), the middleware seamlessly falls back to traditional token-based CSRF protection.

New Configuration Options:

  • TrustedOrigins []string: Allowlist specific origins for cross-site requests (useful for OAuth callbacks, webhooks)
  • AllowSecFetchSiteFunc func(echo.Context) (bool, error): Custom logic for same-site/cross-site request validation

Example:

e.Use(middleware.CSRFWithConfig(middleware.CSRFConfig{
    // Allow OAuth callbacks from trusted provider
    TrustedOrigins: []string{"https://oauth-provider.com"},

    // Custom validation for same-site requests
    AllowSecFetchSiteFunc: func(c echo.Context) (bool, error) {
        // Your custom authorization logic here
        return validateCustomAuth(c), nil
        // return true, err  // blocks request with error
        // return true, nil  // allows CSRF request through
        // return false, nil // falls back to legacy token logic
    },
}))

PR: https://github.com/labstack/echo/pull/2858

Type-Safe Generic Parameter Binding

  • Added generic functions for type-safe parameter extraction and context access by @aldas in https://github.com/labstack/echo/pull/2856

    Echo now provides generic functions for extracting path, query, and form parameters with automatic type conversion, eliminating manual string parsing and type assertions.

    New Functions:

    • Path parameters: PathParam[T], PathParamOr[T]
    • Query parameters: QueryParam[T], QueryParamOr[T], QueryParams[T], QueryParamsOr[T]
    • Form values: FormParam[T], FormParamOr[T], FormParams[T], FormParamsOr[T]
    • Context store: ContextGet[T], ContextGetOr[T]

    Supported Types: Primitives (bool, string, int/uint variants, float32/float64), time.Duration, time.Time (with custom layouts and Unix timestamp support), and custom types implementing BindUnmarshaler, TextUnmarshaler, or JSONUnmarshaler.

    Example:

    // Before: Manual parsing
idStr := c.Param("id")
id, err := strconv.Atoi(idStr)

// After: Type-safe with automatic parsing
id, err := echo.PathParam[int](c, "id")

// With default values
page, err := echo.QueryParamOr[int](c, "page", 1)
limit, err := echo.QueryParamOr[int](c, "limit", 20)

// Type-safe context access (no more panics from type assertions)
user, err := echo.ContextGet[*User](c, "user")

PR: https://github.com/labstack/echo/pull/2856

DEPRECATION NOTICE Timeout Middleware Deprecated - Use ContextTimeout Instead

The middleware.Timeout middleware has been deprecated due to fundamental architectural issues that cause data races. Use middleware.ContextTimeout or middleware.ContextTimeoutWithConfig instead.

Why is this being deprecated?

The Timeout middleware manipulates response writers across goroutine boundaries, which causes data races that cannot be reliably fixed without a complete architectural redesign. The middleware:

  • Swaps the response writer using http.TimeoutHandler
  • Must be the first middleware in the chain (fragile constraint)
  • Can cause races with other middleware (Logger, metrics, custom middleware)
  • Has been the source of multiple race condition fixes over the years

What should you use instead?

The ContextTimeout middleware (available since v4.12.0) provides timeout functionality using Go's standard context mechanism. It is:

  • Race-free by design
  • Can be placed anywhere in the middleware chain
  • Simpler and more maintainable
  • Compatible with all other middleware

Migration Guide:

// Before (deprecated):
e.Use(middleware.Timeout())

// After (recommended):
e.Use(middleware.ContextTimeout(30 * time.Second))

Important Behavioral Differences:

  1. Handler cooperation required: With ContextTimeout, your handlers must check context.Done() for cooperative cancellation. The old Timeout middleware would send a 503 response regardless of handler cooperation, but had data race issues.

  2. Error handling: ContextTimeout returns errors through the standard error handling flow. Handlers that receive context.DeadlineExceeded should handle it appropriately:

e.GET("/long-task", func(c echo.Context) error {
    ctx := c.Request().Context()

    // Example: database query with context
    result, err := db.QueryContext(ctx, "SELECT * FROM large_table")
    if err != nil {
        if errors.Is(err, context.DeadlineExceeded) {
            // Handle timeout
            return echo.NewHTTPError(http.StatusServiceUnavailable, "Request timeout")
        }
        return err
    }

    return c.JSON(http.StatusOK, result)
})
  1. Background tasks: For long-running background tasks, use goroutines with context:
e.GET("/async-task", func(c echo.Context) error {
    ctx := c.Request().Context()

    resultCh := make(chan Result, 1)
    errCh := make(chan error, 1)

    go func() {
        result, err := performLongTask(ctx)
        if err != nil {
            errCh <- err
            return
        }
        resultCh <- result
    }()

    select {
    case result := <-resultCh:
        return c.JSON(http.StatusOK, result)
    case err := <-errCh:
        return err
    case <-ctx.Done():
        return echo.NewHTTPError(http.StatusServiceUnavailable, "Request timeout")
    }
})

Full Changelog: https://github.com/labstack/echo/compare/v4.14.0...v4.15.0

2 days ago
tcell
gdamore

Version 3.0.6 Bug Fix Release

This address some minor bug fixes, and it reduces some of the writing we do to the terminal when changing attributes and using color.

Most of the rest of the commits in this release are related to improving test coverage, and enhancing the mock terminal backend. Note that the very useless SimScreen has been removed, as the MockBackend is far more functional.

Also some demos have moved from _demos to demos -- and they are now verified in the CI/CD. We will be doing this with the rest of the demos over time.

What's Changed

Full Changelog: https://github.com/gdamore/tcell/compare/v3.0.5...v3.0.6

2 days ago
Open-IM-Server
OpenIMSDK

v3.8.3-patch.15

What's Changed

New Contributors

Full Changelog: https://github.com/openimsdk/open-im-server/compare/v3.8.3-patch.12...v3.8.3-patch.15

4 days ago
resty
go-resty

v3.0.0-beta.6

v3 Beta 6 Release

v3 Upgrade Guide

https://resty.dev/docs/upgrading-to-v3/

New Features and Enhancements

https://resty.dev/docs/new-features-and-enhancements/

Bug Fixes

Features & Enhancements

Tests

New Contributors

Full Changelog: https://github.com/go-resty/resty/compare/v3.0.0-beta.5...v3.0.0-beta.6

4 days ago
wails
wailsapp

Wails v3.0.0-alpha.54

Wails v3 Alpha Release - v3.0.0-alpha.54

Added

  • Add CollectionBehavior option to MacWindow for controlling window behavior across macOS Spaces and fullscreen (#4756) by @leaanthony

Fixed

  • Fix command argument error when executing 'build:universal:lipo:go' task on Linux by @wux1an
  • Fix Docker error "undefined symbol: ___ubsan_handle_xxxxxxx" when running 'wails3 build GOOS=darwin GOARCH=arm64' on Linux by @wux1an

Removed

  • Remove debug printf statements from Darwin URL scheme handler (#4834)

🤖 This is an automated nightly release generated from the latest changes in the v3-alpha branch.

Installation:

go install github.com/wailsapp/wails/v3/cmd/wails3@v3.0.0-alpha.54

⚠️ Alpha Warning: This is pre-release software and may contain bugs or incomplete features.

6 days ago
wails
wailsapp

Wails v3.0.0-alpha.53

Wails v3 Alpha Release - v3.0.0-alpha.53

Added

  • Add unit tests for pkg/application by @leaanthony
  • Add custom protocol support to MSIX packaging by @leaanthony

Fixed

  • Consolidate custom protocol documentation and add Universal Links sections by @leaanthony

🤖 This is an automated nightly release generated from the latest changes in the v3-alpha branch.

Installation:

go install github.com/wailsapp/wails/v3/cmd/wails3@v3.0.0-alpha.53

⚠️ Alpha Warning: This is pre-release software and may contain bugs or incomplete features.

7 days ago
wails
wailsapp

Wails v3.0.0-alpha.52

Wails v3 Alpha Release - v3.0.0-alpha.52

Fixed

  • Fix Windows systray menu crash when clicking icon repeatedly by adding guard against concurrent TrackPopupMenuEx calls (#4151) by @leaanthony

🤖 This is an automated nightly release generated from the latest changes in the v3-alpha branch.

Installation:

go install github.com/wailsapp/wails/v3/cmd/wails3@v3.0.0-alpha.52

⚠️ Alpha Warning: This is pre-release software and may contain bugs or incomplete features.

7 days ago
tcell
gdamore

Version 3.0.5 Bug Fix and Refactor Release

This release is principally a bug fix release, but we also took this opportunity to remove the views sub-package.

This is technically a breaking change, but we don't think anyone has converted to v3 and is using the views package, and we meant to to do this as part of v3 originally.

The content that was in the views package might be introduced in another repository later, if desired. (If you were using the views package and miss it, please let us know! We'd be happy to resurrect it in another sub package.)

What's Changed

Full Changelog: https://github.com/gdamore/tcell/compare/v3.0.4...v3.0.5

8 days ago
Open-IM-Server
OpenIMSDK

v3.8.3-patch.14

What's Changed

Full Changelog: https://github.com/openimsdk/open-im-server/compare/v3.8.3...v3.8.3-patch.14