build(deps): bump github.com/caddyserver/caddy/v2 from 2.4.3 to 2.6.4

[dependabot]

Bumps github.com/caddyserver/caddy/v2 from 2.4.3 to 2.6.4.

Release notes

Sourced from github.com/caddyserver/caddy/v2's releases.

v2.6.4

This release contains a hotfix for a regression in v2.6.3 related to proxying chunked requests. We recommend that all users who do so upgrade to v2.6.4.

Note that, in an effort to make error-prone configs less likely, we have deprecated the reverse proxy options:

• buffer_requests
• buffer_responses
• max_buffer_size

and have introduced 2 new ones which take a size argument to enable buffering:

• request_buffers <size>
• response_buffers <size>

The deprecated options will be removed in a later version of Caddy, so please start using the new parameters instead.

Changelog

• 0db29e2c go.mod: Upgrade acmez and x/net
• 4b119a47 reverseproxy: Don't buffer chunked requests (fix #5366) (#5367)

v2.6.3

This release brings a number of bug fixes and minor features. We recommend that all users check the release notes/commits, then test and upgrade.

Notable changes:

• New trusted_proxies global option (within servers) can be used to specify trusted proxy IP ranges globally. This is important if relying on headers for client IP addresses.
• Unix sockets on Windows now supported as proxy upstreams.
• Proxied WebSocket connections are now logged with correct status code and "size" (bytes read + bytes written).
• The quic-go package has received significant optimizations, so HTTP/3 should be more efficient now.

Thank you to everyone who contributed to this release!

Changelog

• bfaf2a82 acme_server: Configurable default lifetime for issued certificates (#5232)
• ac83b7e2 admin: Add CADDY_ADMIN env var to override the default (#5332)
• ac96455a admin: fix certificate renewal for admin (#5169)
• 762b0278 admin: set certmagic cache logger (#5173)
• 329af5ce build(deps): bump actions/cache from 2 to 3 (#5263)
• 3b724a20 build(deps): bump actions/upload-artifact from 1 to 3 (#5262)
• af93517c build(deps): bump goreleaser/goreleaser-action from 2 to 4 (#5264)
• cd49847e build(deps): bump peter-evans/repository-dispatch from 1 to 2 (#5261)
• 8d3a1b8b caddyauth: Use singleflight for basic auth (#5344)
• bbe36631 caddyconfig: Fix httploader leak from unused responses (#5159)
• 7f2a93e6 caddyfile: Allow overriding server names (#5323)
• 223cbe3d caddyhttp: Add server-level trusted_proxies config (#5103)
• 087f126c caddyhttp: Canonicalize header field names (#5176)
• 12bcbe2c caddyhttp: Pluggable trusted proxy IP range sources (#5328)
• ed503118 caddyhttp: add placeholder {http.request.orig_uri.path.*} (#5161)
• 33fdea8f caddypki: Prefer user-configured root instead of generating new one (#5189)

... (truncated)

Commits

• 0db29e2 go.mod: Upgrade acmez and x/net
• 4b119a4 reverseproxy: Don't buffer chunked requests (fix #5366) (#5367)
• 90798f3 go.mod: Upgrade various dependencies (#5362)
• 536c28d core: Support Windows absolute paths for UDS proxy upstreams (#5114)
• c77a6be reverseproxy: Log status code and byte count for websockets (#5140)
• 12bcbe2 caddyhttp: Pluggable trusted proxy IP range sources (#5328)
• f6f1d8f Run go.mod tidy
• 8d3a1b8 caddyauth: Use singleflight for basic auth (#5344)
• ac83b7e admin: Add CADDY_ADMIN env var to override the default (#5332)
• e62b5fb chore: Build with Go 1.20, keep minimum at 1.18 for now (#5353)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)