chore(deps): bump github.com/caddyserver/caddy/v2 from 2.8.4 to 2.9.0

[dependabot]

Bumps github.com/caddyserver/caddy/v2 from 2.8.4 to 2.9.0.

Release notes

Sourced from github.com/caddyserver/caddy/v2's releases.

v2.9.0

Happy New Year! We're pleased to release Caddy 2.9. Aside from some minor new features, this release is mainly focused on refinements and bug fixes in many areas, including:

• Config loading
• Events
• Logging
• Placeholders
• Reverse proxy and HTTP server performance
• Matchers
• HTTP (esp. HTTP/3)
• Metrics (per-host metrics)
• Security
• TLS automation & ACME ARI

We realize there is extensive interest in Encrypted Client Hello (ECH) and post-quantum ciphers. These are slated to be supported in Go 1.24, which is scheduled for a stable release in approximately February. We did not want to force users to go through the inconvenience of installing pre-release, non-stock installations of Go, even though the RCs are quite stable and production-ready, in order to even compile Caddy, which is quite common given our plugin ecosystem. We anticipate a Caddy 2.10 release in the near future with these capabilities, built on Go 1.24.

We hope you will enjoy the 2.9 release. Thanks to all contributors, bug reporters, and helpers, and those organizations which deployed pre-release versions to production to help verify patches and features.

Changelog

• ef4e0224a8495fc29847d865087febdee8736e3b caddyfile: Fix comma edgecase in address parsing (#6616)
• b116dcea3d022cd2b060a978c499ac17e5d0a2e1 caddyhttp: Add {?query} placeholder (#6714)
• c216cf551dcbd2de1da1b9fe8a7e179b76827753 caddyhttp: Allow matching Transfer-Encoding, add to access logs (#6629)
• 197c564f2032becba14aeec0152fe5eeb639d6c1 caddyhttp: Set default ReadHeaderTimeout (1 min)
• 09b2cbcf4d839adec91b189fea549d64a69e0595 caddyhttp: Add MatchWithError to replace SetVar hack (#6596)
• c6f2979986d87d7236b132c687c8887c92248dd8 caddyhttp: Close http3 server gracefully (#6213)
• 88fd5f3491ab888f69f0be02cea68a49164298eb caddyhttp: Use internal issuer for IPs when no APs configured
• 5c8dc344181c49bc7feade4a293bb4eed882b838 caddytls: Allow disabling storage cleaning, avoids writing two files (#6593)
• d7564d632fbed209e81978c5c2c529a7bf1836f7 caddytls: Drop rate_limit and burst, has been deprecated (#6611)
• d398898b352a6a7e8ac5c24da01dd948fc334d77 cmd: Allow add-package to select version of package (#6665)
• 66c80caf236e2d98e61bf1bc8bb062d7b8c25430 cmd: Disable go1.23 tlskyber=1 experiment
• fb72793269d419b2b37b5f1db8141c63818be514 cmd: Reject multiple configs for fmt command (#6717)
• b3ce260389a88a35c9b0e0a19a93abfe92fb6e9f cmd: ignore missing keys during storage export (#6697)
• 0182fb87fa7276463086c2360431a1c0dc797edf core: addresses.go funcs renames (#6622)
• e76405d55058b0a3e5ba222b44b5ef00516116aa core: Change ListenerFunc signature (#6651)
• 315715e90ffa25c4ad0d8a96e828dbdf6f638583 core: Implement FastAbs to avoid repeated os.Getwd calls (#6687)
• d0e209e1da6cd6d7d61e83b851f2913ee31454f8 encode: good defaults (#6737)
• 5ba1e06fd661aac2cbaab6d4a2ef63a9eb877a46 encode: try to use sendfile when compression is not used (#6749)
• bcaa8aaf114629031d10dcef0ca7680ae8163e32 encode: write status immediate for success response for CONNECT requests (#6738)
• 1d156527ea8fef0a96faa54d7ff61244e4be4094 events: Use WithLazy to prevent eager serialization of the event data (#6671)
• 6790c0e38abcc534c4b3365b6e438148001fd6df fastcgi: check for CONTENT_LENGTH when sending requests (#6661)
• eddbccd298f637c4785c891f5f96dbf103580fa8 fastcgi: remove dir redirection when useless in php_fastcgi (#6698)
• efd9251ad38a4fd9f7d900445400ac3c8e564c28 fileserver: Add first_exist_fallback strategy for try_files (#6699)
• d0123bd760f6c140f3b935159a55ba64899c84f8 fileserver: Fix policy Validate() oversight (#6727)
• 290cfea08f2486fb86dbc11eec96d79751180eda fileserver: add a test for precompressed defaults (#6743)
• 5c2617ebf9303100fc8c6be2a80b966b2c7fb7f1 fileserver: good default for precompressed (#6736)
• cc23ad6402e6dace30b04f0d9113530a4d9541a9 fileserver: Add file_limit option for browse (to be experimental) (#6648)
• 350ad38f63f7a49ceb3821c58d689b85a27ec4e5 fileserver: Fix Caddyfile parsing
• 9753c4451077d4459ec10cb3df27ab9dc4456290 fileserver: fix try_policy when instantiating file matcher from CEL (#6624)
• 05cfb121ec3f214c0e45206c188f34bad4d4eb8c forwardauth: Skip copying missing response headers (#6608)
• ed1c594cdbddf89829eaf1174f414028577b432d go.mod: Upgrade ACMEz to v3; and upgrade CertMagic

... (truncated)

Commits

• 3f3f8b3 go.mod: Upgrade CertMagic to v0.21.5
• f2c17d1 testing: sort force-automated hosts (#6756)
• afa778a httpcaddyfile: Implement experimental force_automate option (#6712)
• 5ba1e06 encode: try to use sendfile when compression is not used (#6749)
• c216cf5 caddyhttp: Allow matching Transfer-Encoding, add to access logs (#6629)
• ed1c594 go.mod: Upgrade ACMEz to v3; and upgrade CertMagic
• 66c80ca cmd: Disable go1.23 tlskyber=1 experiment
• 47391e4 Update SECURITY.md
• 6790c0e fastcgi: check for CONTENT_LENGTH when sending requests (#6661)
• c864b82 reverseproxy: Set Content-Length when body is fully buffered (#6638)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

The following labels could not be found: dependencies.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[dependabot]

Superseded by #14.