build(deps): bump github.com/caddyserver/caddy/v2 from 2.9.0 to 2.11.3

[dependabot]

Bumps github.com/caddyserver/caddy/v2 from 2.9.0 to 2.11.3.

Release notes

Sourced from github.com/caddyserver/caddy/v2's releases.

v2.11.3

This release improves several aspects of Caddy with minor features, bug fixes, and security patches. Thank you to everyone and their bots who contributed to help make this release the best one yet!

Security patches:

• fastcgi: Carrying over a patch from FrankenPHP for a bug that could allow non-PHP files to be executed; collaborated on by @​dunglas, @​KC1zs4, and @​chenjj.
• vars: A more thorough fix for GHSA-m2w3-8f23-hxxf, collaborated by @​everping and @​vnxme.
• admin: Array index normalization to prevent remote admin socket auth bypass, by @​Amemoyoi and bot.
• admin: More rigorous path prefix matching to prevent remote admin socket auth bypass, by @​Amemoyoi and bot.

We've also merged a couple PRs that fix upstream security bugs in other projects like quic-go and CertMagic. Thank you to @​marten-seemann for maintaining quic-go so diligently!

What's Changed

• caddyhttp: Sync placeholder expansion in vars and vars_regexp by @​vnxme in caddyserver/caddy#7573
• caddytls: Avoid ACME fallback for implicit Tailscale *.ts.net policies by @​steadytao in caddyserver/caddy#7577
• chore: Resolve recent CI failures by @​mholt in caddyserver/caddy#7593
• caddytls: Consolidate empty APs more smartly by @​mholt in caddyserver/caddy#7567
• rewrite: skip query rename when source key is absent by @​steadytao in caddyserver/caddy#7599
• root: introduce down-propagating Helper.BlockState for other directives/plugins to use by @​henderkes in caddyserver/caddy#7594
• http: make zstd checksum configurable by @​ottenhoff in caddyserver/caddy#7586
• notify: Always send "READY=1" even after an error by @​francislavoie in caddyserver/caddy#7597
• reverseproxy: Fix check for header_up Host {upstream_hostport} redundancy by @​yubiuser in caddyserver/caddy#7564
• caddytls: Expand placeholders in dns_challenge override_domain tls parameter by @​pberkel in caddyserver/caddy#7609
• tls: add system and combined CA pool modules by @​HarshPatel5940 in caddyserver/caddy#7406
• vars: Don't expand placeholders in values by @​vnxme in caddyserver/caddy#7629
• build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp from 1.42.0 to 1.43.0 by @​dependabot[bot] in caddyserver/caddy#7637
• build(deps): bump the all-updates group across 1 directory with 11 updates by @​dependabot[bot] in caddyserver/caddy#7641
• reverseproxy: make stream copy buffer size configurable by @​steadytao in caddyserver/caddy#7627
• vars: Add matcher placeholder handling tests by @​steadytao in caddyserver/caddy#7640
• build(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 by @​dependabot[bot] in caddyserver/caddy#7621
• logging: Add journald encoder wrapper by @​steadytao in caddyserver/caddy#7623
• caddyfile: Improve import/global options UX for imports before global options by @​steadytao in caddyserver/caddy#7642
• chore: replace interface{} with any for modernization by @​tsinglua in caddyserver/caddy#7571
• chore: bump timberjack to v1.4.1 by @​DeRuina in caddyserver/caddy#7618
• logging: Preserve ts for journald-wrapped JSON logs by @​steadytao in caddyserver/caddy#7644
• fileserver: show symlink targets verbatim (#7476) by @​maxtruxa in caddyserver/caddy#7579
• fix(caddyfile): {block} in snippet by @​prettysunflower in caddyserver/caddy#7558
• caddyhttp: Document missing placeholders for escaped URI and prefixed query by @​steffenbusch in caddyserver/caddy#7659
• chore: add AGENTS.md by @​mohammed90 in caddyserver/caddy#7652
• build(deps): bump github.com/jackc/pgx/v5 from 5.8.0 to 5.9.0 by @​dependabot[bot] in caddyserver/caddy#7655
• admin: Redact sensitive request headers in API logs by @​steadytao in caddyserver/caddy#7578
• reverseproxy: add lb_retry_match condition on response status by @​seroperson in caddyserver/caddy#7569
• caddyhttp: prefer port 443 in auto-HTTPS and add tests by @​mholt in caddyserver/caddy#7666
• fix: Propagate ECH keys to the QUIC listener by @​steadytao in caddyserver/caddy#7670
• chore: Use atomics where appropriate by @​francislavoie in caddyserver/caddy#7648
• metrics: Implement pushing via OLTP by @​dunglas in caddyserver/caddy#7664
• logging: Add regression coverage for rotated file mode by @​steadytao in caddyserver/caddy#7620
• httpcaddyfile: Inherit global ACME issuer settings in tls shortcuts by @​steadytao in caddyserver/caddy#7617
• build(deps): bump github.com/jackc/pgx/v5 from 5.9.0 to 5.9.2 by @​dependabot[bot] in caddyserver/caddy#7668
• admin: require path segment boundary in remote access control by @​Amemoyoi in caddyserver/caddy#7673

... (truncated)

Commits

• cc58caa go.mod: Upgrade quic-go to v0.59.1
• d80774c metrics: Add nil check for metricsHandler in AdminMetrics.serveHTTP (#7553)
• a4a38c3 rewrite: escape file matcher paths before rewriting (#7683)
• 761347a templates: Explicitly warn about misconfigurations
• 4ba16fe docs: add documentation for fileExists and fileStat template functions (#7700)
• 0fab9f0 caddytls: avoid duplicate automation for wildcard-covered hosts (#7697)
• 5e76b5e tls: add alpn to managed HTTPS records (#7653)
• 9c78b97 fastcgi: Fix lint
• fb32433 Merge commit from fork
• 0780d44 httpcaddyfile: accept duration strings for log sampling interval (#7694)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.