build(go): bump github.com/caddyserver/caddy/v2 from 2.7.5 to 2.8.4 in the caddy group

[dependabot]

Bumps the caddy group with 1 update: github.com/caddyserver/caddy/v2.

Updates github.com/caddyserver/caddy/v2 from 2.7.5 to 2.8.4

Release notes

Sourced from github.com/caddyserver/caddy/v2's releases.

v2.8.4

Hotfix for the Caddyfile detection regression in v2.8.2. The v2.8.3 tag was mistakenly made on the wrong commit and is skipped.

Changelog

• 7088605c cmd: fix regression in auto-detect of Caddyfile (#6362)

v2.8.2

A few more fixes of reported bugs related to ARI, try_files with the root path (/), and Caddyfile adapter detection on the CLI. See 2.8.0 release notes for details on 2.8.

Changelog

• 01308b4b I'm so tired of typos
• a63767d3 build(deps): bump golangci/golangci-lint-action from 5 to 6 (#6361)
• f8a2c602 caddyhttp: properly sanitize requests for root path (#6360)
• b7280e69 caddytls: Implement certmagic.RenewalInfoGetter
• 15faeacb cmd: fix auto-detetction of .caddyfile extension (#6356)

Full Changelog: caddyserver/caddy@v2.8.1...v2.8.2

v2.8.1

Quick fixes for a few users related to directory permissions and matcher parsing.

Changelog

• 40c582ce caddyhttp: Fix merging consecutive client_ip or remote_ip matchers (#6350)
• a52917a3 core: MkdirAll appDataDir in InstanceID with 0o700 (#6340)

v2.8.0

Caddy 2.8 is here! With hundreds of improvements, Caddy is more scalable and capable than ever before. Featuring ACME Renewal Information (ARI) support, HTTP/3 to proxy backends, and so much more than we can list in a sentence, we are pleased to bring you one of the biggest Caddy updates yet. Documentation on our website will be updated in the coming days.

We've implemented a ton of improvements, fixes, and awesome new features based on your feedback. While some of them aren't particularly visible changes, they allow Caddy to scale better and be more reliable in demanding deployments. Many of the changes are quality-of-life improvements we hope you'll appreciate. Then there's improvements to ACMEz, CertMagic, and other dependencies which make Caddy better that may not show up in this list.

There was a lot of code that had been documented as deprecated in place for a long time, so this version introduces a few more breaking changes than usual; please review the notes below.

Thank you to our sponsors and everyone in the community who contributed -- over 40 of you made your first contribution for this release. We couldn't have done it without your help. In particular, we'd like to recognize sponsors Stripe, Framer, and ZeroSSL for their positive influence which have greatly enhanced the project. Caddy 2.8 is already being used in our sponsors' large-scale, multi-region production deployments.

Want to join those ranks? Sponsor the Caddy project and benefit from development priority, dedicated private support, and much more.

As with any server upgrades, please be sure to test and validate your configurations in a staging or test environment before deploying to production. Thank you and have a great day!

⚠️ Breaking changes:

• ZeroSSL (#6229) (this is one overall change, but requires some explanation):
  • Up to now, Caddy used both Let's Encrypt and ZeroSSL by default to get certificates without any configuration. In 2.8, this is changing slightly. Due to upcoming changes to ZeroSSL accounting policies, ZeroSSL now requires your email address to be able to access their free ACME endpoint.
  • As such, Caddy will only implicitly add the ZeroSSL issuer to your config if you provide an email address in your Caddyfile using the email global option. (We have already recommended this for years.) If you already do this, you don't have to make any changes and you'll still get Let's Encrypt and ZeroSSL automatically as defaults.
  • If you use JSON to configure certificate automation policies, you will need to ensure you use the acme issuer with your email filled out, and the ca field set to ZeroSSL's ACME server URL.
  • The zerossl issuer module is no longer ACME-capable and is now exclusively for the ZeroSSL API. An API key from your ZeroSSL account is required. (The ZeroSSL ACME server can still be used with the acme module pointed to ZeroSSL's ACME server. You can provide your account email and/or EAB as well.) If you were using the ZeroSSL issuer with an API key, it will now start using ZeroSSL's API, which was probably the expected behavior anyways. The API has several advantages over the ACME endpoint, but may require payment:
    • Faster response times
    • IP certificates
    • Management tools in your ZeroSSL account dashboard

... (truncated)

Commits

• 7088605 cmd: fix regression in auto-detect of Caddyfile (#6362)
• 15faeac cmd: fix auto-detetction of .caddyfile extension (#6356)
• f8a2c60 caddyhttp: properly sanitize requests for root path (#6360)
• 01308b4 I'm so tired of typos
• b7280e6 caddytls: Implement certmagic.RenewalInfoGetter
• a63767d build(deps): bump golangci/golangci-lint-action from 5 to 6 (#6361)
• 40c582c caddyhttp: Fix merging consecutive client_ip or remote_ip matchers (#6350)
• a52917a core: MkdirAll appDataDir in InstanceID with 0o700 (#6340)
• e6f46c8 acmeserver: Add sign_with_root for Caddyfile (#6345)
• f6d2c29 caddyfile: Reject global request matchers earlier (#6339)
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[dependabot]

The following labels could not be found: dependencies.

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml