homelab/bin-caddy
0
0
Fork 0
Code Issues 1 Pull requests Releases 31 Activity Actions

fix(deps): update module github.com/caddyserver/caddy/v2 to v2.10.0 #22

Merged
GregoryDosh merged 1 commit from renovate/github.com-caddyserver-caddy-v2-2.x into main 2025-05-01 21:24:30 +00:00
Conversation 2 Commits 1 Files changed 2 +96 -28
svc-renovate-bot commented 2025-04-18 20:38:48 +00:00
Member
Copy link

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
github.com/caddyserver/caddy/v2 v2.9.1 -> v2.10.0 age adoption passing confidence

Release Notes

caddyserver/caddy (github.com/caddyserver/caddy/v2)

v2.10.0

Compare Source

Caddy 2.10 is here! Aside from bug fixes, this release features:

  • Encrypted ClientHello (ECH): This new technology encrypts the last plaintext portion of a TLS connection: the ClientHello, which includes the domain name being connected to. The draft spec for ECH is almost finalized, so we can now support this privacy feature for TLS. This is a powerful but nuanced capability; we highly recommend reading the ECH documentation on our website.
  • Post-quantum (PQC) key exchange: Caddy now supports the standardized x25519mlkem768 cryptographic group by default.
  • ACME profiles: ACME profiles are an experimental draft that allow you to choose properties of your certificates with more flexibility than traditional CSR methods. For example, Let's Encrypt will issue 6-day certificates under a certain profile. Caddy may eventually use that profile by default.
  • Via header: The reverse proxy now sets a Via header instead of a duplicate Server header.
  • Global DNS provider: You can now specify a default "global" DNS module to use instead of having to configure it locally in every part of your config that requires a DNS provider (for example, ACME DNS challenges, and ECH). This is the dns global option in the Caddyfile, or in JSON config, it's the dns parameter in the tls app configuration.
  • Wildcards used by default: Previously, Caddy would obtain individual certificates for every domain in your config literally; now wildcards, if present, will be utilized for subdomains, rather than obtaining individual certificates. This change was motivated by the novel possibility for subdomain privacy afforded by ECH. It can be overridden with tls force_automate in the Caddyfile. The experimental auto_https prefer_wildcard option has been removed.
  • libdns 1.0 APIs: Many of you use DNS provider modules to solve ACME DNS challenges or to enable dynamic DNS. They implement interfaces defined by libdns to get, set, append, and delete DNS records. After 5 years of production experience, including lessons learned with ECH, libdns APIs have been updated and 1.0 beta has been tagged. DNS provider packages will need to update their code to be compatible, which will help ensure stability and well-defined semantics for the future. Several packages have already updated or are in the process of updating (cloudflare, rfc2136, and desec to name a few).
  • Global dns config: Now that several components of Caddy configuration may affect DNS records (ACME challenges, ECH publication, etc.), there is a new dns global option that can be used to specify your DNS provider config in a single place. This prevents repetition of credentials for servers where all the domains are managed by a single DNS provider.

Thank you to the many contributors who have helped to make this possible! 🎉 🥳 🍾

⚠️ While have traditionally supported the last 2 minor Go versions to accommodate some distribution / package manager policies, we now only support the latest minor Go version. The privacy and security benefits added in new Go versions (such as post-quantum cryptography) are worth making available to everyone as soon as possible, rather than holding back the entire user base or maintaining multiple code compilation configurations.

Encrypted ClientHello (ECH) details

(This is a brief overview. We recommend reading the full documentation.)

Typically, server names (domain names, or "SNI") are sent in the plaintext ClientHello when establishing TLS connections. With ECH, the true server name is encrypted (and wrapped) by an "outer" ClientHello which has a generic SNI of your choosing. With many sites on the same server sharing the same outer SNI, both clients and the server have more privacy related to domain names.

Caddy implements fully automated ECH, meaning that it generates (and soon, rotates), publishes, and serves ECH configurations simply by specifying a DNS provider, and the outer/public domain name to use.

Fully automated ECH requires a DNS module built into your Caddy binary. In order for a client, such as a browser, to know it can use ECH, and what parameters to use, the server's ECH configuration must be published. This config includes the public name, cryptographic parameters, and a public key for encrypting the inner ClientHello. By convention, browsers read the standardized HTTPS-type DNS record containing a ech SvcParamKey. Caddy sets this DNS record for all domains being protected, but it needs that DNS provider module plugged in and configured in order to do this. If you are already using the DNS ACME challenge, you should already have a DNS provider plugged in. If you prefer to build Caddy from source with a DNS module, it's easy with xcaddy, for example: $ xcaddy build --with github.com/caddy-dns/cloudflare

The minimum config needed to enable ClientHello is also the recommended config, as it maximizes privacy benefits in most situations. You just need the ech global option and a DNS provider specified. Here's an example using Cloudflare as the nameserver:

Caddyfile:

{
	debug  # not required; recommended while testing
	dns cloudflare {env.CLOUDFLARE_API_KEY}
	ech ech.example.net
}

example.com {
	respond "Hello there!"
}

This protects all your sites (example.com in this case) behind the public name of ech.example.net. (As another example, Cloudflare uses cloudflare-ech.com for all the sites it serves. We recommend choosing a single public domain and use it to protect all your sites.)

The outer/public name you choose should point to your server. Caddy will obtain a certificate for this name in order to facilitate safe, reliable connections for clients when needed. Without a certificate, clients may be forced to connect insecurely, or fail to connect at all, in some cases, which not only leaves them vulnerable, but also risks exposing the names of your server's sites.

Caddy then uses the specified DNS provider to publish the ECH config(s) for your various site names. It creates (or augments) HTTPS-type records for the domains of your sites (not your ECH public name). Note that DNS provider modules are independently-maintained, and may not have been tested for compatibility with HTTPS-type records. Please contact your module's maintainers if you experience issues.

If you have more advanced configuration needs, you can use the JSON configuration (more details coming soon; for now, see #​6862 or look at the source code; or use caddy adapt to convert a Caddyfile to JSON).

Testing and verifying Encrypted ClientHello

First make sure Caddy runs successfully with ECH enabled (and a DNS module) in the config. You should see logs that it is generating an ECH config and publishing it to your domain name(s).

You will need to use a client that supports ECH. Some custom builds of curl do, and Firefox and modern Chrome-based browsers do as well, but you need to enable DNS-over-HTTPS or DNS-over-TLS first (since, obviously, querying DNS in plaintext for a protected domain name will expose the domain and defeat the purpose of ECH).

If reusing an existing domain name, clear your DNS cache. Firefox has a way of doing this for its cache at about:networking#dns.

Once you have a suitable client, use Wireshark to capture network packets as you load your site. You should see only the outer/public name as SNI (ServerName Indicator) values in the packet capture. If at any time you see the true site name, ECH is not working properly -- it could be a client or server issue. Before filing a bug, please try to pinpoint it as a server issue first. But definitely report server bugs! Thank you!

(Note that ECH is not automatically published for CNAME'd domains, and the domain must already have a record in the zone.)

Commits

Beta 1:
Beta 2:
Beta 3:
  • b3e692e caddyfile: Fix formatting for backquote wrapped braces (#​6903)
  • 55c89cc caddytls: Convert AP subjects to punycode
  • 1f8dab5 caddytls: Don't publish ECH configs if other records don't exist
  • 782a3c7 caddytls: Don't publish HTTPS record for CNAME'd domain (fix #​6922)
  • 49f9af9 caddytls: Fix TrustedCACerts backwards compatibility (#​6889)
  • e276994 caddytls: Initialize permission module earlier (fix #​6901)
  • 39262f8 caddytls: Minor fixes for ECH
  • 1735730 core: add modular network_proxy support (#​6399)
  • 86c620f go.mod: Minor dependency upgrades
  • af2d33a headers: Allow nil HeaderOps (fix #​6893)
  • dccf3d8 requestbody: Add set option to replace request body (#​5795)
  • 2ac09fd requestbody: Fix ContentLength calculation after body replacement (#​6896)
v2.10.0:
  • f297bc0 admin: Remove host checking for UDS (close #​6832)
  • 0b2802f build(deps): bump golang.org/x/net from 0.37.0 to 0.38.0 (#​6960)
  • 5be77d0 caddyauth: Set authentication provider error in placeholder (#​6932)
  • b06a949 caddyhttp: Document side effect of HTTP/3 early data (close #​6936)
  • 35c8c2d caddytls: Add remote_ip to HTTP cert manager (close #​6952)
  • fb22a26 caddytls: Allow missing ECH meta file
  • 1bfa111 caddytls: Prefer managed wildcard certs over individual subdomain certs (#​6959)
  • ea77a9a caddytls: Temporarily treat "" and "@​" as equivalent for DNS publication
  • 5a6b2f8 events: Refactor; move Event into core, so core can emit events (#​6930)
  • 137711a go.mod: Upgrade acmez and certmagic
  • 9becf61 go.mod: Upgrade to libdns 1.0 beta APIs (requires upgraded DNS providers)
  • 6c38ae7 reverseproxy: Add valid Upstream to DialInfo in active health checks (#​6949)

What's Changed

New Contributors

Full Changelog: https://github.com/caddyserver/caddy/compare/v2.9.1...v2.10.0

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [github.com/caddyserver/caddy/v2](https://github.com/caddyserver/caddy) | `v2.9.1` -> `v2.10.0` | [![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fcaddyserver%2fcaddy%2fv2/v2.10.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/go/github.com%2fcaddyserver%2fcaddy%2fv2/v2.10.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/go/github.com%2fcaddyserver%2fcaddy%2fv2/v2.9.1/v2.10.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fcaddyserver%2fcaddy%2fv2/v2.9.1/v2.10.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>caddyserver/caddy (github.com/caddyserver/caddy/v2)</summary> ### [`v2.10.0`](https://github.com/caddyserver/caddy/releases/tag/v2.10.0) [Compare Source](https://github.com/caddyserver/caddy/compare/v2.9.1...v2.10.0) Caddy 2.10 is here! Aside from bug fixes, this release features: - **Encrypted ClientHello (ECH):** This new technology encrypts the last plaintext portion of a TLS connection: the ClientHello, which includes the domain name being connected to. The [draft spec](https://www.ietf.org/archive/id/draft-ietf-tls-esni-24.html) for ECH is almost finalized, so we can now support this privacy feature for TLS. This is a powerful but nuanced capability; we highly recommend reading [the ECH documentation](https://caddyserver.com/docs/automatic-https#encrypted-clienthello-ech) on our website. - **Post-quantum (PQC) key exchange:** Caddy now supports the standardized `x25519mlkem768` cryptographic group by default. - **ACME profiles:** ACME profiles are an experimental draft that allow you to choose properties of your certificates with more flexibility than traditional CSR methods. For example, [Let's Encrypt will issue 6-day certificates](https://letsencrypt.org/2025/01/16/6-day-and-ip-certs/) under a certain profile. Caddy may eventually use that profile by default. - **Via header:** The reverse proxy now sets a Via header instead of a duplicate Server header. - **Global DNS provider:** You can now specify a default "global" DNS module to use instead of having to configure it locally in every part of your config that requires a DNS provider (for example, ACME DNS challenges, and ECH). This is the `dns` global option in the Caddyfile, or in JSON config, it's the `dns` parameter in the `tls` app configuration. - **Wildcards used by default:** Previously, Caddy would obtain individual certificates for every domain in your config literally; now wildcards, if present, will be utilized for subdomains, rather than obtaining individual certificates. This change was motivated by the novel possibility for subdomain privacy afforded by ECH. It can be overridden with `tls force_automate` in the Caddyfile. The experimental `auto_https prefer_wildcard` option has been removed. - **libdns 1.0 APIs:** Many of you use [DNS provider modules](https://github.com/caddy-dns) to solve ACME DNS challenges or to enable dynamic DNS. They implement interfaces defined by [libdns](https://github.com/libdns/libdns) to get, set, append, and delete DNS records. After 5 years of production experience, including lessons learned with ECH, libdns APIs have been updated and 1.0 beta has been tagged. DNS provider packages will need to update their code to be compatible, which will help ensure stability and well-defined semantics for the future. Several packages have already updated or are in the process of updating (cloudflare, rfc2136, and desec to name a few). - **Global `dns` config:** Now that several components of Caddy configuration may affect DNS records (ACME challenges, ECH publication, etc.), there is a new `dns` global option that can be used to specify your DNS provider config in a single place. This prevents repetition of credentials for servers where all the domains are managed by a single DNS provider. **Thank you to the many contributors who have helped to make this possible!** :tada: :partying_face: :champagne: :warning: While have traditionally supported the last 2 minor Go versions to accommodate some distribution / package manager policies, we now only support the latest minor Go version. The privacy and security benefits added in new Go versions (such as post-quantum cryptography) are worth making available to everyone as soon as possible, rather than holding back the entire user base or maintaining multiple code compilation configurations. #### Encrypted ClientHello (ECH) details (This is a brief overview. We recommend reading [the full documentation](https://caddyserver.com/docs/automatic-https#encrypted-clienthello-ech).) Typically, server names (domain names, or "SNI") are sent in the plaintext ClientHello when establishing TLS connections. With ECH, the true server name is encrypted (and wrapped) by an "outer" ClientHello which has a generic SNI of your choosing. With many sites on the same server sharing the same outer SNI, both clients and the server have more privacy related to domain names. Caddy implements fully automated ECH, meaning that it generates (and [soon](https://github.com/golang/go/issues/71920), rotates), publishes, and serves ECH configurations simply by specifying a DNS provider, and the outer/public domain name to use. **Fully automated ECH requires a DNS module built into your Caddy binary.** In order for a client, such as a browser, to know it can use ECH, and what parameters to use, the server's ECH configuration must be published. This config includes the public name, cryptographic parameters, and a public key for encrypting the inner ClientHello. By convention, browsers read the standardized HTTPS-type DNS record containing a `ech` SvcParamKey. Caddy sets this DNS record for all domains being protected, but it needs that DNS provider module plugged in and configured in order to do this. If you are already using the DNS ACME challenge, you should already have a DNS provider plugged in. If you prefer to build Caddy from source with [a DNS module](https://github.com/caddy-dns), it's easy with [xcaddy](https://github.com/caddyserver/xcaddy), for example: `$ xcaddy build --with github.com/caddy-dns/cloudflare` The minimum config needed to enable ClientHello is also the *recommended* config, as it maximizes privacy benefits in most situations. You just need the `ech` global option and a DNS provider specified. Here's an example using Cloudflare as the nameserver: **Caddyfile:** ```caddy { debug # not required; recommended while testing dns cloudflare {env.CLOUDFLARE_API_KEY} ech ech.example.net } example.com { respond "Hello there!" } ``` This protects all your sites (`example.com` in this case) behind the public name of `ech.example.net`. (As another example, Cloudflare uses `cloudflare-ech.com` for all the sites it serves. We recommend choosing a single public domain and use it to protect all your sites.) **The outer/public name you choose should point to your server.** Caddy will obtain a certificate for this name in order to facilitate safe, reliable connections for clients when needed. Without a certificate, clients may be forced to connect insecurely, or fail to connect at all, in some cases, which not only leaves them vulnerable, but also risks exposing the names of your server's sites. Caddy then uses the specified DNS provider to publish the ECH config(s) for your various site names. It creates (or augments) HTTPS-type records for the domains of your sites (not your ECH public name). Note that DNS provider modules are independently-maintained, and may not have been tested for compatibility with HTTPS-type records. Please contact your module's maintainers if you experience issues. If you have more advanced configuration needs, you can use the JSON configuration (more details coming soon; for now, see [#&#8203;6862](https://github.com/caddyserver/caddy/issues/6862) or look at the source code; or use `caddy adapt` to convert a Caddyfile to JSON). ##### Testing and verifying Encrypted ClientHello First make sure Caddy runs successfully with ECH enabled (and a DNS module) in the config. You should see logs that it is generating an ECH config and publishing it to your domain name(s). You will need to use a client that supports ECH. Some custom builds of `curl` do, and Firefox and modern Chrome-based browsers do as well, but you need to enable DNS-over-HTTPS or DNS-over-TLS first (since, obviously, querying DNS in plaintext for a protected domain name will expose the domain and defeat the purpose of ECH). If reusing an existing domain name, clear your DNS cache. Firefox has a way of doing this for its cache at `about:networking#dns`. Once you have a suitable client, use [Wireshark](https://www.wireshark.org/) to capture network packets as you load your site. You should see *only* the outer/public name as SNI (ServerName Indicator) values in the packet capture. If at any time you see the true site name, ECH is not working properly -- it could be a client or server issue. Before filing a bug, please try to pinpoint it as a server issue first. But definitely report server bugs! Thank you! (Note that ECH is not automatically published for CNAME'd domains, and the domain must already have a record in the zone.) #### Commits ##### Beta 1: - [`96c5c55`](https://github.com/caddyserver/caddy/commit/96c5c554c1241430ac9ddea6f4b68948adcc961b) admin: fix index validation for PUT requests ([#&#8203;6824](https://github.com/caddyserver/caddy/issues/6824)) - [`3644ee3`](https://github.com/caddyserver/caddy/commit/3644ee31cae8e20493d7ccd0c55b0a9c21f20693) build(deps): bump github.com/cloudflare/circl from 1.3.3 to 1.3.7 ([#&#8203;6876](https://github.com/caddyserver/caddy/issues/6876)) - [`eacd772`](https://github.com/caddyserver/caddy/commit/eacd7720e99f51b6d2dd340849897c0ff812b8c8) build(deps): bump github.com/go-jose/go-jose/v3 from 3.0.3 to 3.0.4 ([#&#8203;6871](https://github.com/caddyserver/caddy/issues/6871)) - [`9996d6a`](https://github.com/caddyserver/caddy/commit/9996d6a70ba76a94dfc90548f25fbac0ce9da497) build(deps): bump github.com/golang/glog from 1.2.2 to 1.2.4 ([#&#8203;6814](https://github.com/caddyserver/caddy/issues/6814)) - [`1115158`](https://github.com/caddyserver/caddy/commit/11151586165946453275b66ef33794d41a5e047b) caddyhttp: ResponseRecorder sets stream regardless of 1xx - [`8861eae`](https://github.com/caddyserver/caddy/commit/8861eae22350d9e8f94653db951faf85a50a82da) caddytest: Support configuration defaults override ([#&#8203;6850](https://github.com/caddyserver/caddy/issues/6850)) - [`d7764df`](https://github.com/caddyserver/caddy/commit/d7764dfdbbee04d2f63aa1b05150737dfddc0bcf) caddytls: Encrypted ClientHello (ECH) ([#&#8203;6862](https://github.com/caddyserver/caddy/issues/6862)) - [`a807fe0`](https://github.com/caddyserver/caddy/commit/a807fe065959baa8ee2ad95156183c0850c2b584) caddytls: Enhance ECH documentation - [`bc3d497`](https://github.com/caddyserver/caddy/commit/bc3d497739444a5ce550696b7b0da36e6e3bc777) caddytls: Fix broken refactor - [`7b8f350`](https://github.com/caddyserver/caddy/commit/7b8f3505e33139de0d542566478e98b361bb84bf) caddytls: Fix sni_regexp matcher to obtain layer4 contexts ([#&#8203;6804](https://github.com/caddyserver/caddy/issues/6804)) - [`2c4295e`](https://github.com/caddyserver/caddy/commit/2c4295ee48f494bc8dda5fa09b37612d520c8b3b) caddytls: Initial support for ACME profiles - [`d7872c3`](https://github.com/caddyserver/caddy/commit/d7872c3bfa673ce9584d00f01a725b93fa7bedf1) caddytls: Refactor sni matcher ([#&#8203;6812](https://github.com/caddyserver/caddy/issues/6812)) - [`172136a`](https://github.com/caddyserver/caddy/commit/172136a0a0f6aa47be4eab3727fa2482d7af6617) caddytls: Support post-quantum key exchange mechanism X25519MLKEM768 - [`066d770`](https://github.com/caddyserver/caddy/commit/066d770409917b409d0bdc14cb5ba33d3e4cb33e) cmd: automatically set GOMEMLIMIT ([#&#8203;6809](https://github.com/caddyserver/caddy/issues/6809)) - [`1f35a8a`](https://github.com/caddyserver/caddy/commit/1f35a8a4029a338e89998acafa95e1e931a46a27) fastcgi: improve parsePHPFastCGI docs ([#&#8203;6779](https://github.com/caddyserver/caddy/issues/6779)) - [`22563a7`](https://github.com/caddyserver/caddy/commit/22563a70eb7b590fcb698680a3ec6d76c0968748) file_server: use the UTC timezone for modified time ([#&#8203;6830](https://github.com/caddyserver/caddy/issues/6830)) - [`cfc3af6`](https://github.com/caddyserver/caddy/commit/cfc3af67492eba22686fd13a2b2201c66cd737f3) fix: update broken link to Ardan Labs ([#&#8203;6800](https://github.com/caddyserver/caddy/issues/6800)) - [`99073ea`](https://github.com/caddyserver/caddy/commit/99073eaa33af62bff51c31305e3437c57d936284) go.mod: Upgrade CertMagic to v0.21.7 - [`1641e76`](https://github.com/caddyserver/caddy/commit/1641e76fd742408c85363e4826451ba9ef22bc99) go.mod: Upgrade dependencies - [`0d7c639`](https://github.com/caddyserver/caddy/commit/0d7c63920daecec510202c42816c883fd2dbe047) go.mod: remove glog dependency ([#&#8203;6838](https://github.com/caddyserver/caddy/issues/6838)) - [`932dac1`](https://github.com/caddyserver/caddy/commit/932dac157a3c4693b80576477498bb86208b9b30) logging: Always set fields func; fix [#&#8203;6829](https://github.com/caddyserver/caddy/issues/6829) - [`9e0e5a4`](https://github.com/caddyserver/caddy/commit/9e0e5a4b4c2babda81c58f28fe61adfa91d04524) logging: Fix crash if logging error is not HandlerError ([#&#8203;6777](https://github.com/caddyserver/caddy/issues/6777)) - [`904a0fa`](https://github.com/caddyserver/caddy/commit/904a0fa368b7eacac3c7156ce4a1f6ced8f61f34) reverse_proxy: re-add healthy upstreams metric ([#&#8203;6806](https://github.com/caddyserver/caddy/issues/6806)) - [`e7da3b2`](https://github.com/caddyserver/caddy/commit/e7da3b267bcec986aaca960dd22ef834d3b9d4a6) reverseproxy: Via header ([#&#8203;6275](https://github.com/caddyserver/caddy/issues/6275)) - [`9283770`](https://github.com/caddyserver/caddy/commit/9283770f68f570f47ca20aa9c6f9de8cc50063ba) reverseproxy: ignore duplicate collector registration error ([#&#8203;6820](https://github.com/caddyserver/caddy/issues/6820)) ##### Beta 2: - [`f4432a3`](https://github.com/caddyserver/caddy/commit/f4432a306ac59feee1fc45c8efefad3619e37629) caddyfile: add error handling for unrecognized subdirective/options in various modules ([#&#8203;6884](https://github.com/caddyserver/caddy/issues/6884)) - [`84364ff`](https://github.com/caddyserver/caddy/commit/84364ffcd06e35a93c9bb08ed80617bde72d4f74) caddypki: Remove lifetime check at Caddyfile parse (fix [#&#8203;6878](https://github.com/caddyserver/caddy/issues/6878)) - [`adbe7f8`](https://github.com/caddyserver/caddy/commit/adbe7f87e6bda96a1dddd94ecedefe3219a5304d) caddytls: Only make DNS solver if not already set (fix [#&#8203;6880](https://github.com/caddyserver/caddy/issues/6880)) - [`d57ab21`](https://github.com/caddyserver/caddy/commit/d57ab215a2f198a465ea33abe4588bb5696e7abd) caddytls: Pointer receiver (fix [#&#8203;6885](https://github.com/caddyserver/caddy/issues/6885)) - [`4ebcfed`](https://github.com/caddyserver/caddy/commit/4ebcfed9c942c59f473f12f8108e1d0fa92e0855) caddytls: Reorder provisioning steps (fix [#&#8203;6877](https://github.com/caddyserver/caddy/issues/6877)) - [`a686f7c`](https://github.com/caddyserver/caddy/commit/a686f7c346fe011ad153a3bd4ac3e31e6758bcce) cmd: Only set memory/CPU limits on run (fix [#&#8203;6879](https://github.com/caddyserver/caddy/issues/6879)) - [`1987620`](https://github.com/caddyserver/caddy/commit/19876208c79a476a46beec2430e554d4161ab426) cmd: Promote undo maxProcs func to caller - [`220cd1c`](https://github.com/caddyserver/caddy/commit/220cd1c2bcecc07bcf6a0141069538c1b1109907) reverseproxy: more comments about buffering and add new tests ([#&#8203;6778](https://github.com/caddyserver/caddy/issues/6778)) ##### Beta 3: - [`b3e692e`](https://github.com/caddyserver/caddy/commit/b3e692ed09f8ba15b741621c4b16d8bfee38f8a1) caddyfile: Fix formatting for backquote wrapped braces ([#&#8203;6903](https://github.com/caddyserver/caddy/issues/6903)) - [`55c89cc`](https://github.com/caddyserver/caddy/commit/55c89ccf2a39dcfd7286fcaed54787821ff9a1aa) caddytls: Convert AP subjects to punycode - [`1f8dab5`](https://github.com/caddyserver/caddy/commit/1f8dab572ca9681464fdadc65bfb5f250fc496c3) caddytls: Don't publish ECH configs if other records don't exist - [`782a3c7`](https://github.com/caddyserver/caddy/commit/782a3c7ac60c82311fe9fb8889dd843dfe26c0bc) caddytls: Don't publish HTTPS record for CNAME'd domain (fix [#&#8203;6922](https://github.com/caddyserver/caddy/issues/6922)) - [`49f9af9`](https://github.com/caddyserver/caddy/commit/49f9af9a4ab2a28fa5c445630017f5284a5afa48) caddytls: Fix TrustedCACerts backwards compatibility ([#&#8203;6889](https://github.com/caddyserver/caddy/issues/6889)) - [`e276994`](https://github.com/caddyserver/caddy/commit/e276994174983dbb190d4bb9acaab157ef14373b) caddytls: Initialize permission module earlier (fix [#&#8203;6901](https://github.com/caddyserver/caddy/issues/6901)) - [`39262f8`](https://github.com/caddyserver/caddy/commit/39262f86632401ae4915600b042ef5a28141d3d5) caddytls: Minor fixes for ECH - [`1735730`](https://github.com/caddyserver/caddy/commit/173573035c7484bb4aad4498a90bf5a1cf1bb5be) core: add modular `network_proxy` support ([#&#8203;6399](https://github.com/caddyserver/caddy/issues/6399)) - [`86c620f`](https://github.com/caddyserver/caddy/commit/86c620fb4e7bfad5888832c491147af53fd5390a) go.mod: Minor dependency upgrades - [`af2d33a`](https://github.com/caddyserver/caddy/commit/af2d33afbb52389cda139a6a0fd8a9d65f558676) headers: Allow nil HeaderOps (fix [#&#8203;6893](https://github.com/caddyserver/caddy/issues/6893)) - [`dccf3d8`](https://github.com/caddyserver/caddy/commit/dccf3d8982d1b428e840d43f71fa5c3becf6ea8f) requestbody: Add set option to replace request body ([#&#8203;5795](https://github.com/caddyserver/caddy/issues/5795)) - [`2ac09fd`](https://github.com/caddyserver/caddy/commit/2ac09fdb2046957597e17096adf6335a6d589a2f) requestbody: Fix ContentLength calculation after body replacement ([#&#8203;6896](https://github.com/caddyserver/caddy/issues/6896)) ##### v2.10.0: - [`f297bc0`](https://github.com/caddyserver/caddy/commit/f297bc0a04dcab6c2585b47f3672d045c4f6b54b) admin: Remove host checking for UDS (close [#&#8203;6832](https://github.com/caddyserver/caddy/issues/6832)) - [`0b2802f`](https://github.com/caddyserver/caddy/commit/0b2802faa47faa378181a3de5b0d1dcc769a715d) build(deps): bump golang.org/x/net from 0.37.0 to 0.38.0 ([#&#8203;6960](https://github.com/caddyserver/caddy/issues/6960)) - [`5be77d0`](https://github.com/caddyserver/caddy/commit/5be77d07ab730e6035ec7a47fb0fe161785af35c) caddyauth: Set authentication provider error in placeholder ([#&#8203;6932](https://github.com/caddyserver/caddy/issues/6932)) - [`b06a949`](https://github.com/caddyserver/caddy/commit/b06a9496d130cb06466156d53138a9691342e5a2) caddyhttp: Document side effect of HTTP/3 early data (close [#&#8203;6936](https://github.com/caddyserver/caddy/issues/6936)) - [`35c8c2d`](https://github.com/caddyserver/caddy/commit/35c8c2d92d26208642cea0d1549c77a00124e154) caddytls: Add remote_ip to HTTP cert manager (close [#&#8203;6952](https://github.com/caddyserver/caddy/issues/6952)) - [`fb22a26`](https://github.com/caddyserver/caddy/commit/fb22a26b1a08a2fa3b2526d1852467904ee140f6) caddytls: Allow missing ECH meta file - [`1bfa111`](https://github.com/caddyserver/caddy/commit/1bfa111552eff8b30bc1a5f76516426f29c66a88) caddytls: Prefer managed wildcard certs over individual subdomain certs ([#&#8203;6959](https://github.com/caddyserver/caddy/issues/6959)) - [`ea77a9a`](https://github.com/caddyserver/caddy/commit/ea77a9ab67d8c04f513adaf0a1c648c738e25922) caddytls: Temporarily treat "" and "@&#8203;" as equivalent for DNS publication - [`5a6b2f8`](https://github.com/caddyserver/caddy/commit/5a6b2f8d1d4633622b551357f3cc9d27ec669d02) events: Refactor; move Event into core, so core can emit events ([#&#8203;6930](https://github.com/caddyserver/caddy/issues/6930)) - [`137711a`](https://github.com/caddyserver/caddy/commit/137711ae3e2d9aa48d7c48dba5ca176af628f073) go.mod: Upgrade acmez and certmagic - [`9becf61`](https://github.com/caddyserver/caddy/commit/9becf61a9f5bafb88a15823ce80c1325d3a30a4f) go.mod: Upgrade to libdns 1.0 beta APIs (requires upgraded DNS providers) - [`6c38ae7`](https://github.com/caddyserver/caddy/commit/6c38ae7381b3338b173c59706673d11783091dee) reverseproxy: Add valid Upstream to DialInfo in active health checks ([#&#8203;6949](https://github.com/caddyserver/caddy/issues/6949)) #### What's Changed - docs: improve parsePHPFastCGI docs by [@&#8203;dunglas](https://github.com/dunglas) in https://github.com/caddyserver/caddy/pull/6779 - Fixes crash if logging error is not HandlerError by [@&#8203;kkroo](https://github.com/kkroo) in https://github.com/caddyserver/caddy/pull/6777 - chore: update quic-go to v0.49.0 by [@&#8203;marten-seemann](https://github.com/marten-seemann) in https://github.com/caddyserver/caddy/pull/6803 - chore: don't use deprecated `archives.format_overrides.format` by [@&#8203;mohammed90](https://github.com/mohammed90) in https://github.com/caddyserver/caddy/pull/6807 - caddytls: Fix sni_regexp matcher to obtain layer4 contexts by [@&#8203;vnxme](https://github.com/vnxme) in https://github.com/caddyserver/caddy/pull/6804 - feat: automatically set GOMEMLIMIT by [@&#8203;dunglas](https://github.com/dunglas) in https://github.com/caddyserver/caddy/pull/6809 - caddytls: Refactor sni matcher by [@&#8203;vnxme](https://github.com/vnxme) in https://github.com/caddyserver/caddy/pull/6812 - reverse_proxy: re-add healthy upstreams metric by [@&#8203;mohammed90](https://github.com/mohammed90) in https://github.com/caddyserver/caddy/pull/6806 - fix: update broken link to Ardan Labs by [@&#8203;sbruens](https://github.com/sbruens) in https://github.com/caddyserver/caddy/pull/6800 - build(deps): bump github.com/golang/glog from 1.2.2 to 1.2.4 by [@&#8203;dependabot](https://github.com/dependabot) in https://github.com/caddyserver/caddy/pull/6814 - reverseproxy: ignore duplicate collector registration error by [@&#8203;mohammed90](https://github.com/mohammed90) in https://github.com/caddyserver/caddy/pull/6820 - fix: fix index validation for PUT requests by [@&#8203;debug-ing](https://github.com/debug-ing) in https://github.com/caddyserver/caddy/pull/6824 - file_server: use the UTC timezone for modified time by [@&#8203;WeidiDeng](https://github.com/WeidiDeng) in https://github.com/caddyserver/caddy/pull/6830 - feat/tests: tests for error handling & metrics in admin endpoints by [@&#8203;gdhameeja](https://github.com/gdhameeja) in https://github.com/caddyserver/caddy/pull/6805 - chore: upgrade Go version to 1.24 by [@&#8203;mohammed90](https://github.com/mohammed90) in https://github.com/caddyserver/caddy/pull/6839 - remove glog dependency by [@&#8203;Ns2Kracy](https://github.com/Ns2Kracy) in https://github.com/caddyserver/caddy/pull/6838 - update quic-go to v0.50.0 by [@&#8203;marten-seemann](https://github.com/marten-seemann) in https://github.com/caddyserver/caddy/pull/6854 - Support Caddy Test Configuration Defaults Override. by [@&#8203;baruchyahalom](https://github.com/baruchyahalom) in https://github.com/caddyserver/caddy/pull/6850 - chore: upgrade cobra by [@&#8203;mohammed90](https://github.com/mohammed90) in https://github.com/caddyserver/caddy/pull/6868 - build(deps): bump github.com/go-jose/go-jose/v3 from 3.0.3 to 3.0.4 by [@&#8203;dependabot](https://github.com/dependabot) in https://github.com/caddyserver/caddy/pull/6871 - caddytls: Encrypted ClientHello (ECH) by [@&#8203;mholt](https://github.com/mholt) in https://github.com/caddyserver/caddy/pull/6862 - build(deps): bump github.com/cloudflare/circl from 1.3.3 to 1.3.7 by [@&#8203;dependabot](https://github.com/dependabot) in https://github.com/caddyserver/caddy/pull/6876 - docs: replaced the name and twitter link by [@&#8203;sashaphmn](https://github.com/sashaphmn) in https://github.com/caddyserver/caddy/pull/6874 - ci: allow using the toolchain Go "toolchain" by [@&#8203;dunglas](https://github.com/dunglas) in https://github.com/caddyserver/caddy/pull/6846 - chore: more comments about reverse_proxy buffering and add new tests by [@&#8203;WeidiDeng](https://github.com/WeidiDeng) in https://github.com/caddyserver/caddy/pull/6778 - Add error handling for unrecognized subdirective/options by [@&#8203;steffenbusch](https://github.com/steffenbusch) in https://github.com/caddyserver/caddy/pull/6884 - Fix TrustedCACerts backwards compatibility by [@&#8203;jjiang-stripe](https://github.com/jjiang-stripe) in https://github.com/caddyserver/caddy/pull/6889 - requestbody: Add `replace` for optional body replacement by [@&#8203;AdrienPensart](https://github.com/AdrienPensart) in https://github.com/caddyserver/caddy/pull/5795 - requestbody: Fix ContentLength calculation after body replacement by [@&#8203;steffenbusch](https://github.com/steffenbusch) in https://github.com/caddyserver/caddy/pull/6896 - Fix caddy fmt breaks backquote wrapped braces in template by [@&#8203;keystroke3](https://github.com/keystroke3) in https://github.com/caddyserver/caddy/pull/6903 - update quic-go to v0.50.1 by [@&#8203;marten-seemann](https://github.com/marten-seemann) in https://github.com/caddyserver/caddy/pull/6918 - core: add modular `network_proxy` support by [@&#8203;mohammed90](https://github.com/mohammed90) in https://github.com/caddyserver/caddy/pull/6399 - events: Refactor; move Event into core, so core can emit events by [@&#8203;mholt](https://github.com/mholt) in https://github.com/caddyserver/caddy/pull/6930 - chore: fix comment by [@&#8203;riyueguang](https://github.com/riyueguang) in https://github.com/caddyserver/caddy/pull/6950 - bug: Fix the incorrect parameter order by [@&#8203;cuishuang](https://github.com/cuishuang) in https://github.com/caddyserver/caddy/pull/6951 - Add a valid Upstream to the DialInfo when doing active health checks by [@&#8203;jbro](https://github.com/jbro) in https://github.com/caddyserver/caddy/pull/6949 - caddyauth: Set authentication provider error in placeholder by [@&#8203;steffenbusch](https://github.com/steffenbusch) in https://github.com/caddyserver/caddy/pull/6932 - build(deps): bump golang.org/x/net from 0.37.0 to 0.38.0 by [@&#8203;dependabot](https://github.com/dependabot) in https://github.com/caddyserver/caddy/pull/6960 - caddytls: Prefer managed wildcard certs over individual subdomain certs by [@&#8203;mholt](https://github.com/mholt) in https://github.com/caddyserver/caddy/pull/6959 #### New Contributors - [@&#8203;sbruens](https://github.com/sbruens) made their first contribution in https://github.com/caddyserver/caddy/pull/6800 - [@&#8203;debug-ing](https://github.com/debug-ing) made their first contribution in https://github.com/caddyserver/caddy/pull/6824 - [@&#8203;Ns2Kracy](https://github.com/Ns2Kracy) made their first contribution in https://github.com/caddyserver/caddy/pull/6838 - [@&#8203;baruchyahalom](https://github.com/baruchyahalom) made their first contribution in https://github.com/caddyserver/caddy/pull/6850 - [@&#8203;sashaphmn](https://github.com/sashaphmn) made their first contribution in https://github.com/caddyserver/caddy/pull/6874 - [@&#8203;AdrienPensart](https://github.com/AdrienPensart) made their first contribution in https://github.com/caddyserver/caddy/pull/5795 - [@&#8203;keystroke3](https://github.com/keystroke3) made their first contribution in https://github.com/caddyserver/caddy/pull/6903 - [@&#8203;riyueguang](https://github.com/riyueguang) made their first contribution in https://github.com/caddyserver/caddy/pull/6950 **Full Changelog**: https://github.com/caddyserver/caddy/compare/v2.9.1...v2.10.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yNTAuMiIsInVwZGF0ZWRJblZlciI6IjM5LjI1MC4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
fix(deps): update module github.com/caddyserver/caddy/v2 to v2.10.0
All checks were successful
Build Caddy / Build Caddy (pull_request) Successful in 9m37s
Details
fb728fe9f6
svc-renovate-bot commented 2025-04-18 20:38:48 +00:00
Author
Member
Copy link

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 26 additional dependencies were updated
  • The go directive was updated for compatibility reasons

Details:

Package Change
go 1.23.4 -> 1.24
github.com/alecthomas/chroma/v2 v2.14.0 -> v2.15.0
github.com/caddyserver/certmagic v0.21.6 -> v0.23.0
github.com/cpuguy83/go-md2man/v2 v2.0.4 -> v2.0.6
github.com/dgraph-io/ristretto v0.1.1 -> v0.2.0
github.com/dlclark/regexp2 v1.11.0 -> v1.11.4
github.com/go-chi/chi/v5 v5.0.12 -> v5.2.1
github.com/go-jose/go-jose/v3 v3.0.3 -> v3.0.4
github.com/google/cel-go v0.21.0 -> v0.24.1
github.com/klauspost/compress v1.17.11 -> v1.18.0
github.com/klauspost/cpuid/v2 v2.2.9 -> v2.2.10
github.com/libdns/libdns v0.2.2 -> v1.0.0-beta.1
github.com/mholt/acmez/v3 v3.0.0 -> v3.1.2
github.com/miekg/dns v1.1.62 -> v1.1.63
github.com/quic-go/quic-go v0.48.2 -> v0.50.1
github.com/spf13/cobra v1.8.1 -> v1.9.1
github.com/spf13/pflag v1.0.5 -> v1.0.6
golang.org/x/crypto v0.32.0 -> v0.36.0
golang.org/x/crypto/x509roots/fallback v0.0.0-20241211175049-b4f1988a35de -> v0.0.0-20250305170421-49bf5b80c810
golang.org/x/mod v0.22.0 -> v0.24.0
golang.org/x/net v0.34.0 -> v0.38.0
golang.org/x/sync v0.10.0 -> v0.12.0
golang.org/x/sys v0.29.0 -> v0.31.0
golang.org/x/term v0.28.0 -> v0.30.0
golang.org/x/text v0.21.0 -> v0.23.0
golang.org/x/time v0.8.0 -> v0.11.0
golang.org/x/tools v0.28.0 -> v0.31.0
### ℹ Artifact update notice ##### File name: go.mod In order to perform the update(s) described in the table above, Renovate ran the `go get` command, which resulted in the following additional change(s): - 26 additional dependencies were updated - The `go` directive was updated for compatibility reasons Details: | **Package** | **Change** | | :--------------------------------------- | :--------------------------------------------------------------------------- | | `go` | `1.23.4` -> `1.24` | | `github.com/alecthomas/chroma/v2` | `v2.14.0` -> `v2.15.0` | | `github.com/caddyserver/certmagic` | `v0.21.6` -> `v0.23.0` | | `github.com/cpuguy83/go-md2man/v2` | `v2.0.4` -> `v2.0.6` | | `github.com/dgraph-io/ristretto` | `v0.1.1` -> `v0.2.0` | | `github.com/dlclark/regexp2` | `v1.11.0` -> `v1.11.4` | | `github.com/go-chi/chi/v5` | `v5.0.12` -> `v5.2.1` | | `github.com/go-jose/go-jose/v3` | `v3.0.3` -> `v3.0.4` | | `github.com/google/cel-go` | `v0.21.0` -> `v0.24.1` | | `github.com/klauspost/compress` | `v1.17.11` -> `v1.18.0` | | `github.com/klauspost/cpuid/v2` | `v2.2.9` -> `v2.2.10` | | `github.com/libdns/libdns` | `v0.2.2` -> `v1.0.0-beta.1` | | `github.com/mholt/acmez/v3` | `v3.0.0` -> `v3.1.2` | | `github.com/miekg/dns` | `v1.1.62` -> `v1.1.63` | | `github.com/quic-go/quic-go` | `v0.48.2` -> `v0.50.1` | | `github.com/spf13/cobra` | `v1.8.1` -> `v1.9.1` | | `github.com/spf13/pflag` | `v1.0.5` -> `v1.0.6` | | `golang.org/x/crypto` | `v0.32.0` -> `v0.36.0` | | `golang.org/x/crypto/x509roots/fallback` | `v0.0.0-20241211175049-b4f1988a35de` -> `v0.0.0-20250305170421-49bf5b80c810` | | `golang.org/x/mod` | `v0.22.0` -> `v0.24.0` | | `golang.org/x/net` | `v0.34.0` -> `v0.38.0` | | `golang.org/x/sync` | `v0.10.0` -> `v0.12.0` | | `golang.org/x/sys` | `v0.29.0` -> `v0.31.0` | | `golang.org/x/term` | `v0.28.0` -> `v0.30.0` | | `golang.org/x/text` | `v0.21.0` -> `v0.23.0` | | `golang.org/x/time` | `v0.8.0` -> `v0.11.0` | | `golang.org/x/tools` | `v0.28.0` -> `v0.31.0` |
forgejo-actions commented 2025-04-18 20:40:13 +00:00
Copy link
## License & Vulnerability Scan 
# REUSE-IgnoreStart
// SPDX-FileCopyrightText: NONE
//
// SPDX-License-Identifier: AGPL-3.0-or-later
# REUSE-IgnoreEnd

Starting at Thu May  1 21:10:14 UTC 2025


[0001]  WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal)


NAME                            INSTALLED  FIXED-IN  TYPE       VULNERABILITY        SEVERITY 
github.com/corazawaf/coraza/v3  v3.3.2     3.3.3     go-module  GHSA-q9f5-625g-xm39  Medium    
github.com/golang/glog          v1.2.2     1.2.4     go-module  GHSA-6wxm-mpqj-6jpf  Medium


# SUMMARY

* Bad licenses: 0
* Deprecated licenses: 0
* Licenses without file extension: 0
* Missing licenses: 0
* Unused licenses: 0
* Used licenses: AGPL-3.0-or-later
* Read errors: 0
* Files with copyright information: 10 / 10
* Files with license information: 10 / 10

Congratulations! Your project is compliant with version 3.3 of the REUSE Specification :-)
# Caddy v2.10.0-49-fb728
## Build Log 
go: downloading github.com/caddyserver/caddy/v2 v2.10.0
go: downloading github.com/corazawaf/coraza-caddy/v2 v2.0.0
go: downloading github.com/mholt/caddy-l4 v0.0.0-20250124234235-87e3e5e2c7f9
go: downloading github.com/mholt/caddy-ratelimit v0.1.0
go: downloading github.com/KimMachineGun/automemlimit v0.7.1
go: downloading github.com/aryann/difflib v0.0.0-20210328193216-ff5ff6dc229b
go: downloading github.com/caddyserver/certmagic v0.23.0
go: downloading github.com/spf13/cobra v1.9.1
go: downloading github.com/spf13/pflag v1.0.6
go: downloading go.uber.org/automaxprocs v1.6.0
go: downloading go.uber.org/zap v1.27.0
go: downloading go.uber.org/zap/exp v0.3.0
go: downloading golang.org/x/crypto/x509roots/fallback v0.0.0-20250305170421-49bf5b80c810
go: downloading golang.org/x/crypto v0.36.0
go: downloading github.com/corazawaf/coraza-coreruleset/v4 v4.7.0
go: downloading github.com/corazawaf/coraza/v3 v3.3.2
go: downloading github.com/jcchavezs/mergefs v0.1.0
go: downloading github.com/magefile/mage v1.15.1-0.20241126214340-bdc92f694516
go: downloading github.com/smallstep/certificates v0.26.1
go: downloading github.com/smallstep/truststore v0.13.0
go: downloading go.step.sm/crypto v0.45.0
go: downloading github.com/go-chi/chi/v5 v5.2.1
go: downloading github.com/smallstep/nosql v0.6.1
go: downloading github.com/caddyserver/zerossl v0.1.3
go: downloading github.com/cloudflare/circl v1.6.0
go: downloading github.com/klauspost/cpuid/v2 v2.2.10
go: downloading github.com/libdns/libdns v1.0.0-beta.1
go: downloading github.com/mholt/acmez/v3 v3.1.2
go: downloading github.com/tailscale/tscert v0.0.0-20240608151842-d3f834017e53
go: downloading golang.org/x/net v0.38.0
go: downloading github.com/dustin/go-humanize v1.0.1
go: downloading golang.org/x/term v0.30.0
go: downloading gopkg.in/natefinch/lumberjack.v2 v2.2.1
go: downloading github.com/prometheus/client_golang v1.20.5
go: downloading github.com/cespare/xxhash/v2 v2.3.0
go: downloading github.com/google/uuid v1.6.0
go: downloading github.com/cespare/xxhash v1.1.0
go: downloading github.com/quic-go/quic-go v0.50.1
go: downloading golang.org/x/sys v0.31.0
go: downloading golang.org/x/time v0.11.0
go: downloading github.com/pbnjay/memory v0.0.0-20210728143218-7b4eea64cf58
go: downloading github.com/inconshreveable/mousetrap v1.1.0
go: downloading github.com/cpuguy83/go-md2man/v2 v2.0.6
go: downloading gopkg.in/yaml.v3 v3.0.1
go: downloading github.com/miekg/dns v1.1.63
go: downloading github.com/zeebo/blake3 v0.2.4
go: downloading go.uber.org/multierr v1.11.0
go: downloading github.com/mastercactapus/proxyprotocol v0.0.4
go: downloading github.com/things-go/go-socks5 v0.0.5
go: downloading github.com/google/cel-go v0.24.1
go: downloading golang.org/x/sync v0.12.0
go: downloading github.com/klauspost/compress v1.18.0
go: downloading github.com/pires/go-proxyproto v0.7.1-0.20240628150027-b718e7ce4964
go: downloading github.com/BurntSushi/toml v1.4.0
go: downloading github.com/Masterminds/sprig/v3 v3.3.0
go: downloading github.com/alecthomas/chroma/v2 v2.15.0
go: downloading github.com/yuin/goldmark v1.7.8
go: downloading github.com/yuin/goldmark-highlighting/v2 v2.0.0-20230729083705-37449abec8cc
go: downloading go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.56.0
go: downloading go.opentelemetry.io/contrib/propagators/autoprop v0.42.0
go: downloading go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.31.0
go: downloading go.opentelemetry.io/otel v1.31.0
go: downloading go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.31.0
go: downloading go.opentelemetry.io/otel/sdk v1.31.0
go: downloading go.opentelemetry.io/otel/trace v1.31.0
go: downloading github.com/pkg/errors v0.9.1
go: downloading go.step.sm/cli-utils v0.9.0
go: downloading go.step.sm/linkedca v0.20.1
go: downloading google.golang.org/grpc v1.67.1
go: downloading google.golang.org/protobuf v1.36.2
go: downloading howett.net/plist v1.0.0
go: downloading github.com/fxamacker/cbor/v2 v2.6.0
go: downloading github.com/google/go-tpm v0.9.0
go: downloading github.com/smallstep/go-attestation v0.4.4-0.20240109183208-413678f90935
go: downloading golang.org/x/exp v0.0.0-20241217172543-b2144cdd0a67
go: downloading github.com/slackhq/nebula v1.7.2
go: downloading golang.org/x/text v0.23.0
go: downloading github.com/beorn7/perks v1.0.1
go: downloading github.com/prometheus/client_model v0.6.1
go: downloading github.com/prometheus/common v0.61.0
go: downloading github.com/prometheus/procfs v0.15.1
go: downloading github.com/onsi/ginkgo/v2 v2.22.1
go: downloading go.uber.org/mock v0.5.0
go: downloading github.com/francoispqt/gojay v1.2.13
go: downloading github.com/quic-go/qpack v0.5.1
go: downloading github.com/russross/blackfriday/v2 v2.1.0
go: downloading golang.org/x/tools v0.31.0
go: downloading cel.dev/expr v0.19.1
go: downloading google.golang.org/genproto/googleapis/api v0.0.0-20241007155032-5fefd90f89a9
go: downloading github.com/stoewer/go-strcase v1.3.0
go: downloading github.com/antlr4-go/antlr/v4 v4.13.0
go: downloading dario.cat/mergo v1.0.1
go: downloading github.com/Masterminds/goutils v1.1.1
go: downloading github.com/Masterminds/semver/v3 v3.3.0
go: downloading github.com/huandu/xstrings v1.5.0
go: downloading github.com/mitchellh/copystructure v1.2.0
go: downloading github.com/shopspring/decimal v1.4.0
go: downloading github.com/spf13/cast v1.7.0
go: downloading github.com/felixge/httpsnoop v1.0.4
go: downloading go.opentelemetry.io/otel/metric v1.31.0
go: downloading go.opentelemetry.io/contrib/propagators/aws v1.17.0
go: downloading go.opentelemetry.io/contrib/propagators/b3 v1.17.0
go: downloading go.opentelemetry.io/contrib/propagators/jaeger v1.17.0
go: downloading go.opentelemetry.io/contrib/propagators/ot v1.17.0
go: downloading go.opentelemetry.io/proto/otlp v1.3.1
go: downloading google.golang.org/genproto/googleapis/rpc v0.0.0-20241007155032-5fefd90f89a9
go: downloading github.com/smallstep/pkcs7 v0.0.0-20231024181729-3b98ecc1ca81
go: downloading github.com/smallstep/scep v0.0.0-20231024192529-aee96d7ad34d
go: downloading github.com/urfave/cli v1.22.14
go: downloading github.com/go-jose/go-jose/v3 v3.0.4
go: downloading github.com/chzyer/readline v1.5.1
go: downloading github.com/manifoldco/promptui v0.9.0
go: downloading filippo.io/edwards25519 v1.1.0
go: downloading github.com/x448/float16 v0.8.4
go: downloading github.com/google/go-tspi v0.3.0
go: downloading github.com/sirupsen/logrus v1.9.3
go: downloading github.com/rs/xid v1.5.0
go: downloading github.com/dgraph-io/badger v1.6.2
go: downloading github.com/dgraph-io/badger/v2 v2.2007.4
go: downloading go.etcd.io/bbolt v1.3.9
go: downloading github.com/go-sql-driver/mysql v1.7.1
go: downloading github.com/jackc/pgx/v4 v4.18.3
go: downloading github.com/Microsoft/go-winio v0.6.1
go: downloading github.com/mitchellh/go-ps v1.0.0
go: downloading github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822
go: downloading golang.org/x/mod v0.24.0
go: downloading github.com/valllabh/ocsf-schema-golang v1.0.3
go: downloading github.com/tidwall/gjson v1.18.0
go: downloading github.com/corazawaf/libinjection-go v0.2.2
go: downloading github.com/petar-dambovaliev/aho-corasick v0.0.0-20240411101913-e07a1f0e8eb4
go: downloading rsc.io/binaryregexp v0.2.0
go: downloading github.com/mitchellh/reflectwalk v1.0.2
go: downloading github.com/dlclark/regexp2 v1.11.4
go: downloading github.com/go-logr/logr v1.4.2
go: downloading github.com/cenkalti/backoff/v4 v4.3.0
go: downloading github.com/grpc-ecosystem/grpc-gateway/v2 v2.22.0
go: downloading github.com/go-logr/stdr v1.2.2
go: downloading github.com/go-kit/kit v0.13.0
go: downloading github.com/google/certificate-transparency-go v1.1.8-0.20240110162603-74a5dd331745
go: downloading github.com/dgraph-io/ristretto v0.2.0
go: downloading github.com/golang/protobuf v1.5.4
go: downloading github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13
go: downloading github.com/jackc/pgconn v1.14.3
go: downloading github.com/jackc/pgproto3/v2 v2.3.3
go: downloading github.com/jackc/pgio v1.0.0
go: downloading github.com/jackc/pgtype v1.14.0
go: downloading github.com/go-task/slim-sprig/v3 v3.0.0
go: downloading github.com/tidwall/match v1.1.1
go: downloading github.com/tidwall/pretty v1.2.1
go: downloading github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572
go: downloading github.com/go-kit/log v0.2.1
go: downloading github.com/AndreasBriese/bbloom v0.0.0-20190825152654-46b345b51c96
go: downloading github.com/golang/snappy v0.0.4
go: downloading github.com/jackc/chunkreader/v2 v2.0.1
go: downloading github.com/jackc/pgpassfile v1.0.0
go: downloading github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a
go: downloading github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad
go: downloading github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d
go: downloading github.com/go-logfmt/logfmt v0.6.0
go: downloading github.com/mattn/go-colorable v0.1.13
go: downloading github.com/shurcooL/sanitized_anchor_name v1.0.0
go: downloading github.com/mattn/go-isatty v0.0.20
all modules verified
Building Linux/amd64
GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -o release/caddy-linux-amd64
sha256sum release/caddy-linux-amd64 | cut -f1 -d " " > release/caddy-linux-amd64.sha256
Building Linux/arm64
GOOS=linux GOARCH=arm64 CGO_ENABLED=0 go build -o release/caddy-linux-arm64
sha256sum release/caddy-linux-arm64 | cut -f1 -d " " > release/caddy-linux-arm64.sha256

Commit: fb728fe9f6
Actions: #49

<!-- Bot Anchor - Build Caddy --> <details open> <summary>## License & Vulnerability Scan</summary> ```shell # REUSE-IgnoreStart // SPDX-FileCopyrightText: NONE // // SPDX-License-Identifier: AGPL-3.0-or-later # REUSE-IgnoreEnd Starting at Thu May 1 21:10:14 UTC 2025 [0001] WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal) NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY github.com/corazawaf/coraza/v3 v3.3.2 3.3.3 go-module GHSA-q9f5-625g-xm39 Medium github.com/golang/glog v1.2.2 1.2.4 go-module GHSA-6wxm-mpqj-6jpf Medium # SUMMARY * Bad licenses: 0 * Deprecated licenses: 0 * Licenses without file extension: 0 * Missing licenses: 0 * Unused licenses: 0 * Used licenses: AGPL-3.0-or-later * Read errors: 0 * Files with copyright information: 10 / 10 * Files with license information: 10 / 10 Congratulations! Your project is compliant with version 3.3 of the REUSE Specification :-) ``` </details> # Caddy v2.10.0-49-fb728 <details> <summary>## Build Log</summary> ```shell go: downloading github.com/caddyserver/caddy/v2 v2.10.0 go: downloading github.com/corazawaf/coraza-caddy/v2 v2.0.0 go: downloading github.com/mholt/caddy-l4 v0.0.0-20250124234235-87e3e5e2c7f9 go: downloading github.com/mholt/caddy-ratelimit v0.1.0 go: downloading github.com/KimMachineGun/automemlimit v0.7.1 go: downloading github.com/aryann/difflib v0.0.0-20210328193216-ff5ff6dc229b go: downloading github.com/caddyserver/certmagic v0.23.0 go: downloading github.com/spf13/cobra v1.9.1 go: downloading github.com/spf13/pflag v1.0.6 go: downloading go.uber.org/automaxprocs v1.6.0 go: downloading go.uber.org/zap v1.27.0 go: downloading go.uber.org/zap/exp v0.3.0 go: downloading golang.org/x/crypto/x509roots/fallback v0.0.0-20250305170421-49bf5b80c810 go: downloading golang.org/x/crypto v0.36.0 go: downloading github.com/corazawaf/coraza-coreruleset/v4 v4.7.0 go: downloading github.com/corazawaf/coraza/v3 v3.3.2 go: downloading github.com/jcchavezs/mergefs v0.1.0 go: downloading github.com/magefile/mage v1.15.1-0.20241126214340-bdc92f694516 go: downloading github.com/smallstep/certificates v0.26.1 go: downloading github.com/smallstep/truststore v0.13.0 go: downloading go.step.sm/crypto v0.45.0 go: downloading github.com/go-chi/chi/v5 v5.2.1 go: downloading github.com/smallstep/nosql v0.6.1 go: downloading github.com/caddyserver/zerossl v0.1.3 go: downloading github.com/cloudflare/circl v1.6.0 go: downloading github.com/klauspost/cpuid/v2 v2.2.10 go: downloading github.com/libdns/libdns v1.0.0-beta.1 go: downloading github.com/mholt/acmez/v3 v3.1.2 go: downloading github.com/tailscale/tscert v0.0.0-20240608151842-d3f834017e53 go: downloading golang.org/x/net v0.38.0 go: downloading github.com/dustin/go-humanize v1.0.1 go: downloading golang.org/x/term v0.30.0 go: downloading gopkg.in/natefinch/lumberjack.v2 v2.2.1 go: downloading github.com/prometheus/client_golang v1.20.5 go: downloading github.com/cespare/xxhash/v2 v2.3.0 go: downloading github.com/google/uuid v1.6.0 go: downloading github.com/cespare/xxhash v1.1.0 go: downloading github.com/quic-go/quic-go v0.50.1 go: downloading golang.org/x/sys v0.31.0 go: downloading golang.org/x/time v0.11.0 go: downloading github.com/pbnjay/memory v0.0.0-20210728143218-7b4eea64cf58 go: downloading github.com/inconshreveable/mousetrap v1.1.0 go: downloading github.com/cpuguy83/go-md2man/v2 v2.0.6 go: downloading gopkg.in/yaml.v3 v3.0.1 go: downloading github.com/miekg/dns v1.1.63 go: downloading github.com/zeebo/blake3 v0.2.4 go: downloading go.uber.org/multierr v1.11.0 go: downloading github.com/mastercactapus/proxyprotocol v0.0.4 go: downloading github.com/things-go/go-socks5 v0.0.5 go: downloading github.com/google/cel-go v0.24.1 go: downloading golang.org/x/sync v0.12.0 go: downloading github.com/klauspost/compress v1.18.0 go: downloading github.com/pires/go-proxyproto v0.7.1-0.20240628150027-b718e7ce4964 go: downloading github.com/BurntSushi/toml v1.4.0 go: downloading github.com/Masterminds/sprig/v3 v3.3.0 go: downloading github.com/alecthomas/chroma/v2 v2.15.0 go: downloading github.com/yuin/goldmark v1.7.8 go: downloading github.com/yuin/goldmark-highlighting/v2 v2.0.0-20230729083705-37449abec8cc go: downloading go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.56.0 go: downloading go.opentelemetry.io/contrib/propagators/autoprop v0.42.0 go: downloading go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.31.0 go: downloading go.opentelemetry.io/otel v1.31.0 go: downloading go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.31.0 go: downloading go.opentelemetry.io/otel/sdk v1.31.0 go: downloading go.opentelemetry.io/otel/trace v1.31.0 go: downloading github.com/pkg/errors v0.9.1 go: downloading go.step.sm/cli-utils v0.9.0 go: downloading go.step.sm/linkedca v0.20.1 go: downloading google.golang.org/grpc v1.67.1 go: downloading google.golang.org/protobuf v1.36.2 go: downloading howett.net/plist v1.0.0 go: downloading github.com/fxamacker/cbor/v2 v2.6.0 go: downloading github.com/google/go-tpm v0.9.0 go: downloading github.com/smallstep/go-attestation v0.4.4-0.20240109183208-413678f90935 go: downloading golang.org/x/exp v0.0.0-20241217172543-b2144cdd0a67 go: downloading github.com/slackhq/nebula v1.7.2 go: downloading golang.org/x/text v0.23.0 go: downloading github.com/beorn7/perks v1.0.1 go: downloading github.com/prometheus/client_model v0.6.1 go: downloading github.com/prometheus/common v0.61.0 go: downloading github.com/prometheus/procfs v0.15.1 go: downloading github.com/onsi/ginkgo/v2 v2.22.1 go: downloading go.uber.org/mock v0.5.0 go: downloading github.com/francoispqt/gojay v1.2.13 go: downloading github.com/quic-go/qpack v0.5.1 go: downloading github.com/russross/blackfriday/v2 v2.1.0 go: downloading golang.org/x/tools v0.31.0 go: downloading cel.dev/expr v0.19.1 go: downloading google.golang.org/genproto/googleapis/api v0.0.0-20241007155032-5fefd90f89a9 go: downloading github.com/stoewer/go-strcase v1.3.0 go: downloading github.com/antlr4-go/antlr/v4 v4.13.0 go: downloading dario.cat/mergo v1.0.1 go: downloading github.com/Masterminds/goutils v1.1.1 go: downloading github.com/Masterminds/semver/v3 v3.3.0 go: downloading github.com/huandu/xstrings v1.5.0 go: downloading github.com/mitchellh/copystructure v1.2.0 go: downloading github.com/shopspring/decimal v1.4.0 go: downloading github.com/spf13/cast v1.7.0 go: downloading github.com/felixge/httpsnoop v1.0.4 go: downloading go.opentelemetry.io/otel/metric v1.31.0 go: downloading go.opentelemetry.io/contrib/propagators/aws v1.17.0 go: downloading go.opentelemetry.io/contrib/propagators/b3 v1.17.0 go: downloading go.opentelemetry.io/contrib/propagators/jaeger v1.17.0 go: downloading go.opentelemetry.io/contrib/propagators/ot v1.17.0 go: downloading go.opentelemetry.io/proto/otlp v1.3.1 go: downloading google.golang.org/genproto/googleapis/rpc v0.0.0-20241007155032-5fefd90f89a9 go: downloading github.com/smallstep/pkcs7 v0.0.0-20231024181729-3b98ecc1ca81 go: downloading github.com/smallstep/scep v0.0.0-20231024192529-aee96d7ad34d go: downloading github.com/urfave/cli v1.22.14 go: downloading github.com/go-jose/go-jose/v3 v3.0.4 go: downloading github.com/chzyer/readline v1.5.1 go: downloading github.com/manifoldco/promptui v0.9.0 go: downloading filippo.io/edwards25519 v1.1.0 go: downloading github.com/x448/float16 v0.8.4 go: downloading github.com/google/go-tspi v0.3.0 go: downloading github.com/sirupsen/logrus v1.9.3 go: downloading github.com/rs/xid v1.5.0 go: downloading github.com/dgraph-io/badger v1.6.2 go: downloading github.com/dgraph-io/badger/v2 v2.2007.4 go: downloading go.etcd.io/bbolt v1.3.9 go: downloading github.com/go-sql-driver/mysql v1.7.1 go: downloading github.com/jackc/pgx/v4 v4.18.3 go: downloading github.com/Microsoft/go-winio v0.6.1 go: downloading github.com/mitchellh/go-ps v1.0.0 go: downloading github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 go: downloading golang.org/x/mod v0.24.0 go: downloading github.com/valllabh/ocsf-schema-golang v1.0.3 go: downloading github.com/tidwall/gjson v1.18.0 go: downloading github.com/corazawaf/libinjection-go v0.2.2 go: downloading github.com/petar-dambovaliev/aho-corasick v0.0.0-20240411101913-e07a1f0e8eb4 go: downloading rsc.io/binaryregexp v0.2.0 go: downloading github.com/mitchellh/reflectwalk v1.0.2 go: downloading github.com/dlclark/regexp2 v1.11.4 go: downloading github.com/go-logr/logr v1.4.2 go: downloading github.com/cenkalti/backoff/v4 v4.3.0 go: downloading github.com/grpc-ecosystem/grpc-gateway/v2 v2.22.0 go: downloading github.com/go-logr/stdr v1.2.2 go: downloading github.com/go-kit/kit v0.13.0 go: downloading github.com/google/certificate-transparency-go v1.1.8-0.20240110162603-74a5dd331745 go: downloading github.com/dgraph-io/ristretto v0.2.0 go: downloading github.com/golang/protobuf v1.5.4 go: downloading github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13 go: downloading github.com/jackc/pgconn v1.14.3 go: downloading github.com/jackc/pgproto3/v2 v2.3.3 go: downloading github.com/jackc/pgio v1.0.0 go: downloading github.com/jackc/pgtype v1.14.0 go: downloading github.com/go-task/slim-sprig/v3 v3.0.0 go: downloading github.com/tidwall/match v1.1.1 go: downloading github.com/tidwall/pretty v1.2.1 go: downloading github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 go: downloading github.com/go-kit/log v0.2.1 go: downloading github.com/AndreasBriese/bbloom v0.0.0-20190825152654-46b345b51c96 go: downloading github.com/golang/snappy v0.0.4 go: downloading github.com/jackc/chunkreader/v2 v2.0.1 go: downloading github.com/jackc/pgpassfile v1.0.0 go: downloading github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a go: downloading github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad go: downloading github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d go: downloading github.com/go-logfmt/logfmt v0.6.0 go: downloading github.com/mattn/go-colorable v0.1.13 go: downloading github.com/shurcooL/sanitized_anchor_name v1.0.0 go: downloading github.com/mattn/go-isatty v0.0.20 all modules verified Building Linux/amd64 GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -o release/caddy-linux-amd64 sha256sum release/caddy-linux-amd64 | cut -f1 -d " " > release/caddy-linux-amd64.sha256 Building Linux/arm64 GOOS=linux GOARCH=arm64 CGO_ENABLED=0 go build -o release/caddy-linux-arm64 sha256sum release/caddy-linux-arm64 | cut -f1 -d " " > release/caddy-linux-arm64.sha256 ``` </details> --- **Commit:** fb728fe9f6b7fca6319f30d2e1b8599f759c2ec3 **Actions:** [**`#49`**](https://git.auengun.net/homelab/bin-caddy/actions/runs/49)
GregoryDosh deleted branch renovate/github.com-caddyserver-caddy-v2-2.x 2025-05-01 21:24:31 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels
  
action

Forgejo Action

  
automerge

   
dependencies

   
docker

   
pin-digest

   
skip-ci
No labels
action
automerge
dependencies
docker
pin-digest
skip-ci
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
homelab/bin-caddy!22
No description provided.