Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

build(deps): bump github.com/caddyserver/caddy/v2 from 2.7.6 to 2.8.4 #197

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jun 3, 2024

Bumps github.com/caddyserver/caddy/v2 from 2.7.6 to 2.8.4.

Release notes

Sourced from github.com/caddyserver/caddy/v2's releases.

v2.8.4

Hotfix for the Caddyfile detection regression in v2.8.2. The v2.8.3 tag was mistakenly made on the wrong commit and is skipped.

Changelog

  • 7088605c cmd: fix regression in auto-detect of Caddyfile (#6362)

v2.8.2

A few more fixes of reported bugs related to ARI, try_files with the root path (/), and Caddyfile adapter detection on the CLI. See 2.8.0 release notes for details on 2.8.

Changelog

  • 01308b4b I'm so tired of typos
  • a63767d3 build(deps): bump golangci/golangci-lint-action from 5 to 6 (#6361)
  • f8a2c602 caddyhttp: properly sanitize requests for root path (#6360)
  • b7280e69 caddytls: Implement certmagic.RenewalInfoGetter
  • 15faeacb cmd: fix auto-detetction of .caddyfile extension (#6356)

Full Changelog: caddyserver/caddy@v2.8.1...v2.8.2

v2.8.1

Quick fixes for a few users related to directory permissions and matcher parsing.

Changelog

  • 40c582ce caddyhttp: Fix merging consecutive client_ip or remote_ip matchers (#6350)
  • a52917a3 core: MkdirAll appDataDir in InstanceID with 0o700 (#6340)

v2.8.0

Caddy 2.8 is here! With hundreds of improvements, Caddy is more scalable and capable than ever before. Featuring ACME Renewal Information (ARI) support, HTTP/3 to proxy backends, and so much more than we can list in a sentence, we are pleased to bring you one of the biggest Caddy updates yet. Documentation on our website will be updated in the coming days.

We've implemented a ton of improvements, fixes, and awesome new features based on your feedback. While some of them aren't particularly visible changes, they allow Caddy to scale better and be more reliable in demanding deployments. Many of the changes are quality-of-life improvements we hope you'll appreciate. Then there's improvements to ACMEz, CertMagic, and other dependencies which make Caddy better that may not show up in this list.

There was a lot of code that had been documented as deprecated in place for a long time, so this version introduces a few more breaking changes than usual; please review the notes below.

Thank you to our sponsors and everyone in the community who contributed -- over 40 of you made your first contribution for this release. We couldn't have done it without your help. In particular, we'd like to recognize sponsors Stripe, Framer, and ZeroSSL for their positive influence which have greatly enhanced the project. Caddy 2.8 is already being used in our sponsors' large-scale, multi-region production deployments.

Want to join those ranks? Sponsor the Caddy project and benefit from development priority, dedicated private support, and much more.

As with any server upgrades, please be sure to test and validate your configurations in a staging or test environment before deploying to production. Thank you and have a great day!

⚠️ Breaking changes:

  • ZeroSSL (#6229) (this is one overall change, but requires some explanation):
    • Up to now, Caddy used both Let's Encrypt and ZeroSSL by default to get certificates without any configuration. In 2.8, this is changing slightly. Due to upcoming changes to ZeroSSL accounting policies, ZeroSSL now requires your email address to be able to access their free ACME endpoint.
    • As such, Caddy will only implicitly add the ZeroSSL issuer to your config if you provide an email address in your Caddyfile using the email global option. (We have already recommended this for years.) If you already do this, you don't have to make any changes and you'll still get Let's Encrypt and ZeroSSL automatically as defaults.
    • If you use JSON to configure certificate automation policies, you will need to ensure you use the acme issuer with your email filled out, and the ca field set to ZeroSSL's ACME server URL.
    • The zerossl issuer module is no longer ACME-capable and is now exclusively for the ZeroSSL API. An API key from your ZeroSSL account is required. (The ZeroSSL ACME server can still be used with the acme module pointed to ZeroSSL's ACME server. You can provide your account email and/or EAB as well.) If you were using the ZeroSSL issuer with an API key, it will now start using ZeroSSL's API, which was probably the expected behavior anyways. The API has several advantages over the ACME endpoint, but may require payment:
      • Faster response times
      • IP certificates
      • Management tools in your ZeroSSL account dashboard

... (truncated)

Commits
  • 7088605 cmd: fix regression in auto-detect of Caddyfile (#6362)
  • 15faeac cmd: fix auto-detetction of .caddyfile extension (#6356)
  • f8a2c60 caddyhttp: properly sanitize requests for root path (#6360)
  • 01308b4 I'm so tired of typos
  • b7280e6 caddytls: Implement certmagic.RenewalInfoGetter
  • a63767d build(deps): bump golangci/golangci-lint-action from 5 to 6 (#6361)
  • 40c582c caddyhttp: Fix merging consecutive client_ip or remote_ip matchers (#6350)
  • a52917a core: MkdirAll appDataDir in InstanceID with 0o700 (#6340)
  • e6f46c8 acmeserver: Add sign_with_root for Caddyfile (#6345)
  • f6d2c29 caddyfile: Reject global request matchers earlier (#6339)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github.com/caddyserver/caddy/v2](https://github.com/caddyserver/caddy) from 2.7.6 to 2.8.4.
- [Release notes](https://github.com/caddyserver/caddy/releases)
- [Changelog](https://github.com/caddyserver/caddy/blob/master/.goreleaser.yml)
- [Commits](caddyserver/caddy@v2.7.6...v2.8.4)

---
updated-dependencies:
- dependency-name: github.com/caddyserver/caddy/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jun 3, 2024
@mohammed90 mohammed90 closed this Jun 3, 2024
Copy link
Contributor Author

dependabot bot commented on behalf of github Jun 3, 2024

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot bot deleted the dependabot/go_modules/github.com/caddyserver/caddy/v2-2.8.4 branch June 3, 2024 18:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file go Pull requests that update Go code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant