build(deps): bump github.com/labstack/echo/v5 from 5.0.0 to 5.0.3 in /echo

[dependabot]

Bumps github.com/labstack/echo/v5 from 5.0.0 to 5.0.3.

Release notes

Sourced from github.com/labstack/echo/v5's releases.

v5.0.3 security (static middleware directory traversal under Windows)

Fix directory traversal vulnerability under Windows in Static middleware when default Echo filesystem is used. Reported by @​shblue21 (labstack/echo#2891).

This applies to cases when:

• Windows is used as OS
• middleware.StaticConfig.Filesystem is nil (default)
• echo.Filesystem is has not been set explicitly (default)

Full Changelog: labstack/echo@v5.0.2...v5.0.3

v5.0.2 security (static middleware folder browsing)

Security

• Fix Static middleware when folder browsing is enabled (config.Browse=true , defaults to false) lists all files/subfolders from config.Filesystem root folder and not starting from config.Root and requested folder in labstack/echo#2887 . Reported by @​shblue21 in labstack/echo#2886

Full Changelog: labstack/echo@v5.0.1...v5.0.2

v5.0.1 small fixes

What's Changed

• Panic MW: will now return a custom PanicStackError with stack trace by @​aldas in labstack/echo#2871
• Docs: add missing err parameter to DenyHandler example by @​cgalibern in labstack/echo#2878
• Context: improve websocket checks in IsWebSocket() [per RFC 6455] by @​raju-mechatronics in labstack/echo#2875
• Fix: Context.Json() should not send status code before serialization is complete by @​aldas in labstack/echo#2877

New Contributors

• @​cgalibern made their first contribution in labstack/echo#2878
• @​raju-mechatronics made their first contribution in labstack/echo#2875

Full Changelog: labstack/echo@v5.0.0...v5.0.1

Changelog

Sourced from github.com/labstack/echo/v5's changelog.

v5.0.3 - 2026-02-06

Security

• Fix directory traversal vulnerability under Windows in Static middleware when default Echo filesystem is used. Reported by @​shblue21.

This applies to cases when:

• Windows is used as OS
• middleware.StaticConfig.Filesystem is nil (default)
• echo.Filesystem is has not been set explicitly (default)

Exposure is restricted to the active process working directory and its subfolders.

v5.0.2 - 2026-02-02

Security

• Fix Static middleware with config.Browse=true lists all files/subfolders from config.Filesystem root and not starting from config.Root in labstack/echo#2887

v5.0.1 - 2026-01-28

• Panic MW: will now return a custom PanicStackError with stack trace by @​aldas in labstack/echo#2871
• Docs: add missing err parameter to DenyHandler example by @​cgalibern in labstack/echo#2878
• improve: improve websocket checks in IsWebSocket() [per RFC 6455] by @​raju-mechatronics in labstack/echo#2875
• fix: Context.Json() should not send status code before serialization is complete by @​aldas in labstack/echo#2877

Commits

• b1d4430 Merge pull request #2891 from aldas/fix_staticmw
• 48f25a6 Fix test reporting different size due Windows / Linux line ending inconsisten...
• 6c16259 Fix directory traversal vulnerability under Windows in Static middleware when...
• 88d975a Fix directory traversal vulnerability under Windows in Static middleware when...
• 09ccfba Fill c.Request().Pattern field with route path to help standard library based...
• 68aaf3a Changelog for version 5.0.2
• 26ec148 security (static middleware): fix bowser=true listing all file names from giv...
• ba10490 Merge pull request #2880 from aldas/changelog_501
• 0954d6e Changelog for v5.0.1 release
• 8e4c91f Create SECURITY.md
• Additional commits viewable in compare view

[github-actions]

Semver Impact of This PR

🟢 Patch (bug fixes)

📋 Changelog Preview

This is how your changes will appear in the changelog.
Entries from this PR are highlighted with a left border (blockquote style).

---

Internal Changes 🔧

• (deps) Bump github.com/labstack/echo/v5 from 5.0.0 to 5.0.3 in /echo by dependabot[bot] in #1253

---

_{🤖 This preview updates automatically when you update the PR.}