Skip to content

Bump apache-server-configs from 3.2.1 to 6.0.0 #186

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 47 commits into from
Closed

Bump apache-server-configs from 3.2.1 to 6.0.0 #186

wants to merge 47 commits into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 6, 2022

Bumps apache-server-configs from 3.2.1 to 6.0.0.

Release notes

Sourced from apache-server-configs's releases.

v6.0.0

Full Changelog: h5bp/server-configs-apache@5.1.0...6.0.0

v5.1.0

  • Extend default, media and font cache TTL to 1 year [5df69464885605ded1f4b0ef04cb84f1b8bd8010]
  • Support ETags at server level [7956cbcecd33c20f13357284f3f355c658755115]
  • Add image/x-icon compression support [69ddeda3781762eb2aba8b5152f2e9d2fa56c90a]
  • Improve httpd-modules availability checks [cb8ef1be06a93d43db6dc525005e2638b8ef687b]
  • Improve inline comments

Thanks to @​jamieburchell @​tomkyle @​LeoColomb

v5.0.0

  • ⚠️ Breaking: End of support for Internet Explorer (X-UA-Compatible and X-XSS-Protection headers) [d1fb502] [22014cb]
  • 🎉 Security first! Modernize TLS configuration [55c364d]
  • 🎉 Security first! Refresh policies-related headers usage
    • Add Cross Origin Policies headers (COOP/COEP/CORP) [9d2cb74]
    • Add Permissions-Policy header [86494cc]
    • Make Content-Security-Policy disallow 'object-src' by default [f993710]
  • Add mime-type image/jxl [da3ce54]
  • Fix SSLSessionCache directive usage [64e33e8]
  • Improve inline comments.

v4.1.0

  • Add mime-type image/avif and image/avifs [4ca46af]
  • Fix unexpected Content-Language in pre-compressed Brotli [1f5641d]
  • Added systemd module to support CentOS [5d060b0]
  • Improve inline comments.

v4.0.0

  • 🎉 Server-level config! Support httpd configuration at main server level. Add httpd.conf file, vhost management, secure HTTP tweaking, etc. See the README. [b50205a...c302596]
  • ⚠️ Breaking: End of support for Apache httpd version 2.4.9 and below [baa9cdd5567b25d9434b06937a436ceccadb6b4c]
  • ⚠️ Breaking: File paths changes for the .htaccess build system [478ceab3a28786856a1ffcdf6a943ee43907caf0][9cb2763d7f5e3fce984bfdea903e9df61cdf4bcd]
  • Rewrite, improve and update a large part of the documentation [5dc823c18e4a0ee163c2ee3b772060bce7d782e6][5748d26258394005b4d6dbb2f8474b58ed276e95][d8553ee58f307419d9ec39ab8c60fc6a6e1135cb][6862ac17ed60042c4eb47b56c8da055e99ad4dac][ade3659f49b5e23c93695b6888f92bfda3b3f2ed]
  • Default to HSTS only over secure connections [5bbc0a1ded8b306ca900338136a50d17eb304b94]
  • Stricter default for Referrer Policy strict-origin-when-cross-origin [43bcb833eb0539800e0d3e8a19ad3ef1d6944592]
  • Add APNG (.apng) MIME type [ad25d3185fb28971a83e8c721567d7ce08b76f38]
  • Ensure the presence of security headings where expected [d65642225cf080c15ace94816bed9f15080471b1][43bcb833eb0539800e0d3e8a19ad3ef1d6944592][d84d94c7e1e3e647a6ff3b0d29a780481a0638d8]
  • Make disabling TRACE method usable in a .htaccess file [9ae931cfe5bc4fe8af0fca21094ad93d4437cfaa]

... (truncated)

Changelog

Sourced from apache-server-configs's changelog.

6.0.0 (December 5, 2022)

5.1.0 (May 9, 2022)

  • Extend default, media and font cache TTL to 1 year [5df6946]
  • Support ETags at server level [7956cbc]
  • Add image/x-icon compression support [69ddeda]
  • Improve module checks validations [cb8ef1b]
  • Improve inline comments.

5.0.0 (July 31, 2021)

  • ⚠️ Breaking: End of support for Internet Explorer (X-UA-Compatible and X-XSS-Protection headers) [d1fb502]
    [22014cb]
  • 🎉 Security first! Modernize TLS configuration [55c364d]
  • 🎉 Security first! Refresh policies-related headers usage
    • Add Cross Origin Policies headers (COOP/COEP/CORP) [9d2cb74]
    • Add Permissions-Policy header [86494cc]
    • Make Content-Security-Policy disallow 'object-src' by default [f993710]
  • Add mime-type image/jxl [da3ce54]
  • Fix SSLSessionCache directive usage [64e33e8]
  • Improve inline comments.

4.1.0 (January 5, 2021)

  • Add mime-type image/avif and image/avifs [4ca46af]
  • Fix unexpected Content-Language in pre-compressed Brotli

... (truncated)

Commits
  • 14d8af4 Release v6.0.0
  • f650cb5 Cache-Control boilerplate with extensive control (#325)
  • dbc38dd Reorder and improve ExpiresByType map
  • cbd95a3 Improve Content transformation docs
  • 5612612 Fix documentation ref spacing
  • e0850a9 Bump dependabot/fetch-metadata from 1.3.4 to 1.3.5
  • f78102d Bump h5bp/server-configs-test from 6.1.0 to 6.2.0
  • 397e9a1 Bump dependabot/fetch-metadata from 1.3.3 to 1.3.4
  • 06df209 Drop image/avif-sequence MIME type
  • 6d1a70b Bump dependabot/fetch-metadata from 1.3.2 to 1.3.3
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

AlbanAndrieu and others added 30 commits May 22, 2022 18:11
@AlbanAndrieu
Initial commit
c4e1672
@AlbanAndrieu
Fix latest chrome
f94eee7
@AlbanAndrieu
Fix package-lock.json
94286ee
@AlbanAndrieu
Fix package.json for npm 8.10.0
1c95d05
@AlbanAndrieu
pre-commit update
05dab14
@AlbanAndrieu
npm upgrade to 8.11.0
2fd76eb
@AlbanAndrieu
Add ruby
6742a5a
@AlbanAndrieu
Tag 1.0.4
9d911d1
@AlbanAndrieu
Add Checkmarx/kics
3b997aa
@AlbanAndrieu
homebrew update
98707e4
@AlbanAndrieu
Add python venv in direnv
e8328c0
@AlbanAndrieu
Add go language to direnv
807b098
@AlbanAndrieu
Add semgrep
19612ca
@AlbanAndrieu
Improve direnv
3aa0e73
@AlbanAndrieu
Update vault
a73f436
@AlbanAndrieu
Add nvm to .envrc
423f10f
@AlbanAndrieu
Refactoring
b00a400
@AlbanAndrieu
Ubuntu 20.04
38c6d9c
@AlbanAndrieu
Update direnv
bbf9125
@AlbanAndrieu
Add nvm
d10f428
@dependabot
Bump azure/setup-helm from 2.0 to 3.1 (#145)
4ce91f7 
Bumps [azure/setup-helm](https://github.com/azure/setup-helm) from 2.0 to 3.1.
- [Release notes](https://github.com/azure/setup-helm/releases)
- [Commits](Azure/setup-helm@v2.0...v3.1)

---
updated-dependencies:
- dependency-name: azure/setup-helm
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump actions/setup-java from 2 to 3.4.1 (#144)
e9c4801 
Bumps [actions/setup-java](https://github.com/actions/setup-java) from 2 to 3.4.1.
- [Release notes](https://github.com/actions/setup-java/releases)
- [Commits](actions/setup-java@v2...v3.4.1)

---
updated-dependencies:
- dependency-name: actions/setup-java
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump docker/setup-buildx-action from 1 to 2 (#146)
fd883ef 
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 1 to 2.
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](docker/setup-buildx-action@v1...v2)

---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump docker/login-action from 1 to 2 (#148)
7ef0bea 
Bumps [docker/login-action](https://github.com/docker/login-action) from 1 to 2.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](docker/login-action@v1...v2)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump megalinter/megalinter from 5 to 6.0.5 (#154)
bc03a10 
Bumps [megalinter/megalinter](https://github.com/megalinter/megalinter) from 5 to 6.0.5.
- [Release notes](https://github.com/megalinter/megalinter/releases)
- [Changelog](https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md)
- [Commits](oxsecurity/megalinter@v5...v6.0.5)

---
updated-dependencies:
- dependency-name: megalinter/megalinter
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@AlbanAndrieu
npx eslint
d3a827e
@AlbanAndrieu
nosemgrep
358201d
@AlbanAndrieu
Fix syntax
4564382
@AlbanAndrieu
ansible-lint
7c2554c
@AlbanAndrieu
Fix linter
c8469ab
AlbanAndrieu and others added 17 commits July 20, 2022 23:19
@AlbanAndrieu
terraform 1.2.5
4083e87
@AlbanAndrieu
Add Makefile
4829077
@AlbanAndrieu
Improve ansible-lint --write .
ef59062
@AlbanAndrieu
cspell
f19107a
@AlbanAndrieu
webdriver update
84ee44e
@AlbanAndrieu
Fix package-lock.json
0ba4655
@AlbanAndrieu
Update package-lock.json
28dca90
@AlbanAndrieu
mega-linter
83003fa
@AlbanAndrieu
mega-linter
998d9fa
@dependabot
Bump hashicorp/vault-action from 2.4.0 to 2.4.2 (#160)
38330c0 
Bumps [hashicorp/vault-action](https://github.com/hashicorp/vault-action) from 2.4.0 to 2.4.2.
- [Release notes](https://github.com/hashicorp/vault-action/releases)
- [Changelog](https://github.com/hashicorp/vault-action/blob/main/CHANGELOG.md)
- [Commits](hashicorp/vault-action@v2.4.0...v2.4.2)

---
updated-dependencies:
- dependency-name: hashicorp/vault-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump megalinter/megalinter from 6.0.5 to 6.5.0 (#161)
36268ff 
Bumps [megalinter/megalinter](https://github.com/megalinter/megalinter) from 6.0.5 to 6.5.0.
- [Release notes](https://github.com/megalinter/megalinter/releases)
- [Changelog](https://github.com/oxsecurity/megalinter/blob/main/CHANGELOG.md)
- [Commits](oxsecurity/megalinter@v6.0.5...v6.5.0)

---
updated-dependencies:
- dependency-name: megalinter/megalinter
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump actions/setup-node from 3.0.0 to 3.4.1 (#162)
a197391 
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.0.0 to 3.4.1.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](actions/setup-node@v3.0.0...v3.4.1)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump snyk-go-plugin and snyk (#173)
315f6d9 
Removes [snyk-go-plugin](https://github.com/snyk/snyk-go-plugin). It's no longer used after updating ancestor dependency [snyk](https://github.com/snyk/snyk). These dependencies need to be updated together.


Removes `snyk-go-plugin`

Updates `snyk` from 1.305.0 to 1.1024.0
- [Release notes](https://github.com/snyk/snyk/releases)
- [Commits](snyk/cli@v1.305.0...v1.1024.0)

---
updated-dependencies:
- dependency-name: snyk-go-plugin
  dependency-type: indirect
- dependency-name: snyk
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump engine.io from 3.6.0 to 6.2.1 (#181)
2122ea1 
Bumps [engine.io](https://github.com/socketio/engine.io) from 3.6.0 to 6.2.1.
- [Release notes](https://github.com/socketio/engine.io/releases)
- [Changelog](https://github.com/socketio/engine.io/blob/main/CHANGELOG.md)
- [Commits](socketio/engine.io@3.6.0...6.2.1)

---
updated-dependencies:
- dependency-name: engine.io
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump cssnano from 4.1.10 to 5.1.14 (#179)
c333bdf 
Bumps [cssnano](https://github.com/cssnano/cssnano) from 4.1.10 to 5.1.14.
- [Release notes](https://github.com/cssnano/cssnano/releases)
- [Commits](https://github.com/cssnano/cssnano/compare/[email protected])

---
updated-dependencies:
- dependency-name: cssnano
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump autoprefixer from 9.6.5 to 10.4.13 (#177)
a97a235 
Bumps [autoprefixer](https://github.com/postcss/autoprefixer) from 9.6.5 to 10.4.13.
- [Release notes](https://github.com/postcss/autoprefixer/releases)
- [Changelog](https://github.com/postcss/autoprefixer/blob/main/CHANGELOG.md)
- [Commits](postcss/autoprefixer@9.6.5...10.4.13)

---
updated-dependencies:
- dependency-name: autoprefixer
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump apache-server-configs from 3.2.1 to 6.0.0
01f7af7 
Bumps [apache-server-configs](https://github.com/h5bp/server-configs-apache) from 3.2.1 to 6.0.0.
- [Release notes](https://github.com/h5bp/server-configs-apache/releases)
- [Changelog](https://github.com/h5bp/server-configs-apache/blob/main/CHANGELOG.md)
- [Commits](h5bp/server-configs-apache@3.2.1...6.0.0)

---
updated-dependencies:
- dependency-name: apache-server-configs
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Dec 6, 2022
@dependabot dependabot bot mentioned this pull request Dec 6, 2022
Closed
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Dec 8, 2022

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot bot deleted the dependabot/npm_and_yarn/apache-server-configs-6.0.0 branch December 8, 2022 17:06
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Dec 9, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@AlbanAndrieu