JavaGolangJavaScriptSwiftAndroidRustMiddleware
2 days ago
fasthttp
valyala

v1.69.0

What's Changed

Full Changelog: https://github.com/valyala/fasthttp/compare/v1.68.0...v1.69.0

3 days ago
wails
wailsapp

Wails v3.0.0-alpha.57

Wails v3 Alpha Release - v3.0.0-alpha.57

Changed

  • Replace various debug logs from Info to Debug (by @mbaklor)

Fixed

  • Fix SaveFileDialog.SetFilename() having no effect on Linux (#4841) by @samstanier
  • Fix drop coordinates showing as undefined in drag-n-drop example
  • Fix macOS app bundle creation failing when APP_NAME contains spaces (brace expansion issue)
  • Fix index out of bounds panic on Windows when calling service methods (revert goccy/go-json)

🤖 This is an automated nightly release generated from the latest changes in the v3-alpha branch.

Installation:

go install github.com/wailsapp/wails/v3/cmd/wails3@v3.0.0-alpha.57

⚠️ Alpha Warning: This is pre-release software and may contain bugs or incomplete features.

4 days ago
wails
wailsapp

Wails v3.0.0-alpha.56

Wails v3 Alpha Release - v3.0.0-alpha.56

Added

  • Add internal/libpath package for finding native library paths on Linux with parallel search, caching, and support for Flatpak/Snap/Nix

Changed

  • BREAKING: Rename EnableDragAndDrop to EnableFileDrop in window options
  • BREAKING: Rename DropZoneDetails to DropTargetDetails in event context
  • BREAKING: Rename DropZoneDetails() method to DropTargetDetails() on WindowEventContext
  • BREAKING: Remove WindowDropZoneFilesDropped event, use WindowFilesDropped instead
  • BREAKING: Change HTML attribute from data-wails-dropzone to data-file-drop-target
  • BREAKING: Change CSS hover class from wails-dropzone-hover to file-drop-target-active
  • BREAKING: Remove DragEffect, OnEnterEffect, OnOverEffect options from Windows (were part of removed IDropTarget)

Fixed

  • Fix file drag-and-drop on Windows not working at non-100% display scaling
  • Fix HTML5 internal drag-and-drop being broken when file drop was enabled on Windows
  • Fix file drop coordinates being in wrong pixel space on Windows (physical vs CSS pixels)
  • Fix file drag-and-drop on Linux not working reliably with hover effects
  • Fix HTML5 internal drag-and-drop being broken when file drop was enabled on Linux

Removed

  • Remove native IDropTarget implementation on Windows in favor of JavaScript-based approach (matches v2 behavior)

🤖 This is an automated nightly release generated from the latest changes in the v3-alpha branch.

Installation:

go install github.com/wailsapp/wails/v3/cmd/wails3@v3.0.0-alpha.56

⚠️ Alpha Warning: This is pre-release software and may contain bugs or incomplete features.

5 days ago
fyne
fyne-io

New Year new Fyne release :) - lots of bug fixes

Changed

  • Added Japanese translation

Fixed

  • Crash in accordion (#3966)
  • Extended list does not focus correctly when tapped (#5997)
  • TextGrid: Ensure we are refreshing the correct row (#6023)
  • Entry doesn't lose focus when clicking on button elsewhere (#5107)
  • Mouse clicks missed (#4672)
  • Possible crash when form is truncated when an Entry is focused
  • Alt-Tab'ing should not open MainMenu (#2998)
  • Wayland: ALT key steals focus to the menubar if it exists (#5960)
  • Extending the build-In theme only works fully when theme is set after app has started (#6056)
  • Multi-segment RichText not right aligning correctly (#6060)
6 days ago
wails
wailsapp

Wails v3.0.0-alpha.55

Wails v3 Alpha Release - v3.0.0-alpha.55

Changed

  • Switch to goccy/go-json for all runtime JSON processing (method bindings, events, webview requests, notifications, kvstore), improving performance by 21-63% and reducing memory allocations by 40-60%
  • Optimize BoundMethod struct layout and cache isVariadic flag to reduce per-call overhead
  • Use stack-allocated argument buffer for methods with <=8 arguments to avoid heap allocations
  • Optimize result collection in method calls to avoid slice allocation for single return values
  • Use sync.Map for MIME type cache to improve concurrent performance
  • Use buffer pool for HTTP transport request body reading
  • Lazily allocate CloseNotify channel in content type sniffer to reduce per-request allocations
  • Remove debug CSS logging from asset server
  • Expand MIME type extension map to cover 50+ common web formats (fonts, audio, video, etc.)

Fixed

  • Update all commands in Taskfile.yml files for all operating systems to accommodate spaces in variables such as APP_NAME by @ndianabasi

Removed

  • Remove github.com/wailsapp/mimetype dependency in favor of expanded extension map + stdlib http.DetectContentType, reducing binary size by ~1.2MB
  • Remove gopkg.in/ini.v1 dependency by implementing minimal .desktop file parser for Linux file explorer, saving ~45KB
  • Remove samber/lo from runtime code by using Go 1.21+ stdlib slices package and minimal internal helpers, saving ~310KB

🤖 This is an automated nightly release generated from the latest changes in the v3-alpha branch.

Installation:

go install github.com/wailsapp/wails/v3/cmd/wails3@v3.0.0-alpha.55

⚠️ Alpha Warning: This is pre-release software and may contain bugs or incomplete features.

7 days ago
echo
labstack

v4.15.0

Security

WARNING: If your application relies on cross-origin or same-site (same subdomain) requests do not blindly push this version to production

The CSRF middleware now supports the Sec-Fetch-Site header as a modern, defense-in-depth approach to CSRF protection, implementing the OWASP-recommended Fetch Metadata API alongside the traditional token-based mechanism.

How it works:

Modern browsers automatically send the Sec-Fetch-Site header with all requests, indicating the relationship between the request origin and the target. The middleware uses this to make security decisions:

  • same-origin or none: Requests are allowed (exact origin match or direct user navigation)
  • same-site: Falls back to token validation (e.g., subdomain to main domain)
  • cross-site: Blocked by default with 403 error for unsafe methods (POST, PUT, DELETE, PATCH)

For browsers that don't send this header (older browsers), the middleware seamlessly falls back to traditional token-based CSRF protection.

New Configuration Options:

  • TrustedOrigins []string: Allowlist specific origins for cross-site requests (useful for OAuth callbacks, webhooks)
  • AllowSecFetchSiteFunc func(echo.Context) (bool, error): Custom logic for same-site/cross-site request validation

Example:

e.Use(middleware.CSRFWithConfig(middleware.CSRFConfig{
    // Allow OAuth callbacks from trusted provider
    TrustedOrigins: []string{"https://oauth-provider.com"},

    // Custom validation for same-site requests
    AllowSecFetchSiteFunc: func(c echo.Context) (bool, error) {
        // Your custom authorization logic here
        return validateCustomAuth(c), nil
        // return true, err  // blocks request with error
        // return true, nil  // allows CSRF request through
        // return false, nil // falls back to legacy token logic
    },
}))

PR: https://github.com/labstack/echo/pull/2858

Type-Safe Generic Parameter Binding

  • Added generic functions for type-safe parameter extraction and context access by @aldas in https://github.com/labstack/echo/pull/2856

    Echo now provides generic functions for extracting path, query, and form parameters with automatic type conversion, eliminating manual string parsing and type assertions.

    New Functions:

    • Path parameters: PathParam[T], PathParamOr[T]
    • Query parameters: QueryParam[T], QueryParamOr[T], QueryParams[T], QueryParamsOr[T]
    • Form values: FormParam[T], FormParamOr[T], FormParams[T], FormParamsOr[T]
    • Context store: ContextGet[T], ContextGetOr[T]

    Supported Types: Primitives (bool, string, int/uint variants, float32/float64), time.Duration, time.Time (with custom layouts and Unix timestamp support), and custom types implementing BindUnmarshaler, TextUnmarshaler, or JSONUnmarshaler.

    Example:

    // Before: Manual parsing
idStr := c.Param("id")
id, err := strconv.Atoi(idStr)

// After: Type-safe with automatic parsing
id, err := echo.PathParam[int](c, "id")

// With default values
page, err := echo.QueryParamOr[int](c, "page", 1)
limit, err := echo.QueryParamOr[int](c, "limit", 20)

// Type-safe context access (no more panics from type assertions)
user, err := echo.ContextGet[*User](c, "user")

PR: https://github.com/labstack/echo/pull/2856

DEPRECATION NOTICE Timeout Middleware Deprecated - Use ContextTimeout Instead

The middleware.Timeout middleware has been deprecated due to fundamental architectural issues that cause data races. Use middleware.ContextTimeout or middleware.ContextTimeoutWithConfig instead.

Why is this being deprecated?

The Timeout middleware manipulates response writers across goroutine boundaries, which causes data races that cannot be reliably fixed without a complete architectural redesign. The middleware:

  • Swaps the response writer using http.TimeoutHandler
  • Must be the first middleware in the chain (fragile constraint)
  • Can cause races with other middleware (Logger, metrics, custom middleware)
  • Has been the source of multiple race condition fixes over the years

What should you use instead?

The ContextTimeout middleware (available since v4.12.0) provides timeout functionality using Go's standard context mechanism. It is:

  • Race-free by design
  • Can be placed anywhere in the middleware chain
  • Simpler and more maintainable
  • Compatible with all other middleware

Migration Guide:

// Before (deprecated):
e.Use(middleware.Timeout())

// After (recommended):
e.Use(middleware.ContextTimeout(30 * time.Second))

Important Behavioral Differences:

  1. Handler cooperation required: With ContextTimeout, your handlers must check context.Done() for cooperative cancellation. The old Timeout middleware would send a 503 response regardless of handler cooperation, but had data race issues.

  2. Error handling: ContextTimeout returns errors through the standard error handling flow. Handlers that receive context.DeadlineExceeded should handle it appropriately:

e.GET("/long-task", func(c echo.Context) error {
    ctx := c.Request().Context()

    // Example: database query with context
    result, err := db.QueryContext(ctx, "SELECT * FROM large_table")
    if err != nil {
        if errors.Is(err, context.DeadlineExceeded) {
            // Handle timeout
            return echo.NewHTTPError(http.StatusServiceUnavailable, "Request timeout")
        }
        return err
    }

    return c.JSON(http.StatusOK, result)
})
  1. Background tasks: For long-running background tasks, use goroutines with context:
e.GET("/async-task", func(c echo.Context) error {
    ctx := c.Request().Context()

    resultCh := make(chan Result, 1)
    errCh := make(chan error, 1)

    go func() {
        result, err := performLongTask(ctx)
        if err != nil {
            errCh <- err
            return
        }
        resultCh <- result
    }()

    select {
    case result := <-resultCh:
        return c.JSON(http.StatusOK, result)
    case err := <-errCh:
        return err
    case <-ctx.Done():
        return echo.NewHTTPError(http.StatusServiceUnavailable, "Request timeout")
    }
})

Full Changelog: https://github.com/labstack/echo/compare/v4.14.0...v4.15.0

8 days ago
tcell
gdamore

Version 3.0.6 Bug Fix Release

This address some minor bug fixes, and it reduces some of the writing we do to the terminal when changing attributes and using color.

Most of the rest of the commits in this release are related to improving test coverage, and enhancing the mock terminal backend. Note that the very useless SimScreen has been removed, as the MockBackend is far more functional.

Also some demos have moved from _demos to demos -- and they are now verified in the CI/CD. We will be doing this with the rest of the demos over time.

What's Changed

Full Changelog: https://github.com/gdamore/tcell/compare/v3.0.5...v3.0.6

8 days ago
Open-IM-Server
OpenIMSDK

v3.8.3-patch.15

What's Changed

New Contributors

Full Changelog: https://github.com/openimsdk/open-im-server/compare/v3.8.3-patch.12...v3.8.3-patch.15

10 days ago
resty
go-resty

v3.0.0-beta.6

v3 Beta 6 Release

v3 Upgrade Guide

https://resty.dev/docs/upgrading-to-v3/

New Features and Enhancements

https://resty.dev/docs/new-features-and-enhancements/

Bug Fixes

Features & Enhancements

Tests

New Contributors

Full Changelog: https://github.com/go-resty/resty/compare/v3.0.0-beta.5...v3.0.0-beta.6

10 days ago
wails
wailsapp

Wails v3.0.0-alpha.54

Wails v3 Alpha Release - v3.0.0-alpha.54

Added

  • Add CollectionBehavior option to MacWindow for controlling window behavior across macOS Spaces and fullscreen (#4756) by @leaanthony

Fixed

  • Fix command argument error when executing 'build:universal:lipo:go' task on Linux by @wux1an
  • Fix Docker error "undefined symbol: ___ubsan_handle_xxxxxxx" when running 'wails3 build GOOS=darwin GOARCH=arm64' on Linux by @wux1an

Removed

  • Remove debug printf statements from Darwin URL scheme handler (#4834)

🤖 This is an automated nightly release generated from the latest changes in the v3-alpha branch.

Installation:

go install github.com/wailsapp/wails/v3/cmd/wails3@v3.0.0-alpha.54

⚠️ Alpha Warning: This is pre-release software and may contain bugs or incomplete features.