From d13bc818b8741f7352962a5e3af2f3c293ae8367 Mon Sep 17 00:00:00 2001
From: Vincent <evict@users.noreply.github.com>
Date: Wed, 16 Aug 2023 10:48:26 +0100
Subject: [PATCH] dep: bump up caddy version to 2.7.3 (#55606)

* dep: bump up caddy version

* update changelog

* dep: use caddy 2.7.3

Co-authored-by: William Bezuidenhout <william.bezuidenhout@sourcegraph.com>

* dep: use caddy 2.7.3

Co-authored-by: William Bezuidenhout <william.bezuidenhout@sourcegraph.com>

---------

Co-authored-by: William Bezuidenhout <william.bezuidenhout@sourcegraph.com>
Co-authored-by: Will Dollman <will.dollman@sourcegraph.com>
---
 CHANGELOG.md   | 1 +
 dev/caddy.sh   | 2 +-
 sg.config.yaml | 2 +-
 3 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index c166e3ea139..e3ed2e77c71 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -22,6 +22,7 @@ All notable changes to Sourcegraph are documented in this file.
 - OpenTelemetry Collector has been upgraded to v0.81, and OpenTelemetry packages have been upgraded to v1.16. [#54969](https://github.com/sourcegraph/sourcegraph/pull/54969), [#54999](https://github.com/sourcegraph/sourcegraph/pull/54999)
 - Bitbucket Cloud code host connections no longer automatically syncs the repository of the username used. The appropriate workspace name will have to be added to the `teams` list if repositories for that account need to be synced. [#55095](https://github.com/sourcegraph/sourcegraph/pull/55095)
 - Pressing `Mod-f` will always select the input value in the file view search [#55546](https://github.com/sourcegraph/sourcegraph/pull/55546)
+- Caddy has been updated to version 2.7.3 resolving a number of vulnerabilities. [#55606](https://github.com/sourcegraph/sourcegraph/pull/55606)
 - The commit message defined in a batch spec will now be passed to `git commit` on stdin using `--file=-` instead of being included inline with `git commit -m` to improve how the message is interpreted by `git` in certain edge cases, such as when the commit message begins with a dash, and to prevent extra quotes being added to the message. This may mean that previous escaping strategies will behave differently.
 
 ### Fixed
diff --git a/dev/caddy.sh b/dev/caddy.sh
index 597ad750002..7274bd376d2 100755
--- a/dev/caddy.sh
+++ b/dev/caddy.sh
@@ -6,7 +6,7 @@ pushd "$(dirname "${BASH_SOURCE[0]}")/.." >/dev/null
 
 mkdir -p .bin
 
-version="2.4.5"
+version="2.7.3"
 case "$(go env GOOS)" in
   linux)
     os="linux"
diff --git a/sg.config.yaml b/sg.config.yaml
index a5fbc04310b..de1e297eb90 100644
--- a/sg.config.yaml
+++ b/sg.config.yaml
@@ -352,7 +352,7 @@ commands:
     cmd: .bin/caddy_${CADDY_VERSION} run --watch --config=dev/Caddyfile
     install_func: installCaddy
     env:
-      CADDY_VERSION: 2.4.5
+      CADDY_VERSION: 2.7.3
 
   web:
     description: Enterprise version of the web app