From a272874129c22c4f50494ff2c1835f5259b7acb7 Mon Sep 17 00:00:00 2001
From: Mario Lubenka <mario.lubenka@googlemail.com>
Date: Fri, 8 Jan 2021 19:30:28 +0100
Subject: [PATCH] chore(vendor): Update h5bp/server-configs-nginx to v3.3.0

---
 vendor/server-configs-nginx/VERSION                        | 1 +
 vendor/server-configs-nginx/h5bp/.gitkeep                  | 0
 .../web_performance_filename-based_cache_busting.conf      | 2 +-
 .../h5bp/security/content-security-policy.conf             | 2 +-
 .../h5bp/security/x-xss-protection.conf                    | 6 +++---
 .../server-configs-nginx/h5bp/ssl/certificate_files.conf   | 4 ++--
 .../server-configs-nginx/h5bp/ssl/policy_intermediate.conf | 6 +++---
 vendor/server-configs-nginx/h5bp/ssl/policy_modern.conf    | 7 ++++---
 .../web_performance/pre-compressed_content_brotli.conf     | 2 +-
 9 files changed, 16 insertions(+), 14 deletions(-)
 create mode 100644 vendor/server-configs-nginx/VERSION
 delete mode 100644 vendor/server-configs-nginx/h5bp/.gitkeep

diff --git a/vendor/server-configs-nginx/VERSION b/vendor/server-configs-nginx/VERSION
new file mode 100644
index 0000000..b299be9
--- /dev/null
+++ b/vendor/server-configs-nginx/VERSION
@@ -0,0 +1 @@
+v3.3.0
diff --git a/vendor/server-configs-nginx/h5bp/.gitkeep b/vendor/server-configs-nginx/h5bp/.gitkeep
deleted file mode 100644
index e69de29..0000000
diff --git a/vendor/server-configs-nginx/h5bp/location/web_performance_filename-based_cache_busting.conf b/vendor/server-configs-nginx/h5bp/location/web_performance_filename-based_cache_busting.conf
index 9a27684..b788e8f 100644
--- a/vendor/server-configs-nginx/h5bp/location/web_performance_filename-based_cache_busting.conf
+++ b/vendor/server-configs-nginx/h5bp/location/web_performance_filename-based_cache_busting.conf
@@ -9,6 +9,6 @@
 # something like `*.css?v231`, please see:
 # https://www.stevesouders.com/blog/2008/08/23/revving-filenames-dont-use-querystring/
 
-location ~* (.+)\.(?:\w+)\.(bmp|css|cur|gif|ico|jpe?g|m?js|png|svgz?|webp|webmanifest)$ {
+location ~* (.+)\.(?:\w+)\.(avifs?|bmp|css|cur|gif|ico|jpe?g|m?js|a?png|svgz?|webp|webmanifest)$ {
   try_files $uri $1.$2;
 }
diff --git a/vendor/server-configs-nginx/h5bp/security/content-security-policy.conf b/vendor/server-configs-nginx/h5bp/security/content-security-policy.conf
index 6284d23..f77fb4c 100644
--- a/vendor/server-configs-nginx/h5bp/security/content-security-policy.conf
+++ b/vendor/server-configs-nginx/h5bp/security/content-security-policy.conf
@@ -5,7 +5,7 @@
 # Mitigate the risk of cross-site scripting and other content-injection
 # attacks.
 #
-# This can be done by setting a `Content Security Policy` which whitelists
+# This can be done by setting a Content Security Policy which permits
 # trusted sources of content for your website.
 #
 # There is no policy that fits all websites, you will have to modify the
diff --git a/vendor/server-configs-nginx/h5bp/security/x-xss-protection.conf b/vendor/server-configs-nginx/h5bp/security/x-xss-protection.conf
index d3ae23e..df81f49 100644
--- a/vendor/server-configs-nginx/h5bp/security/x-xss-protection.conf
+++ b/vendor/server-configs-nginx/h5bp/security/x-xss-protection.conf
@@ -8,9 +8,9 @@
 #     web browsers.
 #
 #     The filter is usually enabled by default, but in some cases, it may be
-#     disabled by the user. However, in Internet Explorer, for example, it can be
-#     re-enabled just by sending the  `X-XSS-Protection` header with the value
-#     of `1`.
+#     disabled by the user. However, in Internet Explorer, for example, it can
+#     be re-enabled just by sending the `X-XSS-Protection` header with the
+#     value of `1`.
 #
 # (2) Prevent web browsers from rendering the web page if a potential reflected
 #     (a.k.a non-persistent) XSS attack is detected by the filter.
diff --git a/vendor/server-configs-nginx/h5bp/ssl/certificate_files.conf b/vendor/server-configs-nginx/h5bp/ssl/certificate_files.conf
index 27a1042..332f885 100644
--- a/vendor/server-configs-nginx/h5bp/ssl/certificate_files.conf
+++ b/vendor/server-configs-nginx/h5bp/ssl/certificate_files.conf
@@ -8,7 +8,7 @@
 # users of IE 8 and below on WinXP can see your main site without SSL errors.
 #
 # (1) Certificate and key files location
-#     The certificate file can contain intermediate certificate.
+#     The certificate file can contain an intermediate certificate.
 #
 #     https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_certificate
 #
@@ -17,7 +17,7 @@
 #
 #     https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_trusted_certificate
 #
-# (3) CA certificate file location for client certificate authentication
+# (3) CA certificate file location for client certificate authentication.
 #
 #     https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_client_certificate
 
diff --git a/vendor/server-configs-nginx/h5bp/ssl/policy_intermediate.conf b/vendor/server-configs-nginx/h5bp/ssl/policy_intermediate.conf
index 7e2faca..af3ca46 100644
--- a/vendor/server-configs-nginx/h5bp/ssl/policy_intermediate.conf
+++ b/vendor/server-configs-nginx/h5bp/ssl/policy_intermediate.conf
@@ -5,9 +5,9 @@
 # For services that don't need backward compatibility, the parameters below
 # provide a higher level of security.
 #
-# (!) This policy enforces a strong SSL configuration, which may raise errors
-#     with old clients.
-#     If a more compatible profile is required, use the intermediate policy.
+# (!) This policy enforces a mildly strong SSL configuration, which may raise
+#     errors with old clients.
+#     If a more compatible profile is required, use the "deprecated" policy.
 #
 # (1) The NIST curves (prime256v1, secp384r1, secp521r1) are known to be weak
 #     and potentially vulnerable but are required to support Microsoft Edge
diff --git a/vendor/server-configs-nginx/h5bp/ssl/policy_modern.conf b/vendor/server-configs-nginx/h5bp/ssl/policy_modern.conf
index e89cbd4..399fa83 100644
--- a/vendor/server-configs-nginx/h5bp/ssl/policy_modern.conf
+++ b/vendor/server-configs-nginx/h5bp/ssl/policy_modern.conf
@@ -5,7 +5,7 @@
 # For services that want to be on the bleeding edge, the parameters below
 # sacrifice compatibility for the highest level of security and performance.
 #
-# (!) TLSv1.3 and it's 0-RTT feature require NGINX >=1.15.4 and OpenSSL >=1.1.1
+# (!) TLSv1.3 and its 0-RTT feature require NGINX >=1.15.4 and OpenSSL >=1.1.1
 #     to be installed.
 #
 # (!) Don't enable `ssl_early_data` blindly! Requests sent within early data are
@@ -23,8 +23,9 @@
 #
 # (!) Requests sent within early data are subject to replay attacks.
 #     To protect against such attacks at the application layer, the
-#     $ssl_early_data variable should be used:
-#       proxy_set_header Early-Data $ssl_early_data;
+#     `$ssl_early_data` variable should be used:
+#
+#         proxy_set_header Early-Data $ssl_early_data;
 #
 #     The application should return response code 425 "Too Early" for anything
 #     that could contain user supplied data.
diff --git a/vendor/server-configs-nginx/h5bp/web_performance/pre-compressed_content_brotli.conf b/vendor/server-configs-nginx/h5bp/web_performance/pre-compressed_content_brotli.conf
index b857f6e..fc8ad5e 100644
--- a/vendor/server-configs-nginx/h5bp/web_performance/pre-compressed_content_brotli.conf
+++ b/vendor/server-configs-nginx/h5bp/web_performance/pre-compressed_content_brotli.conf
@@ -8,7 +8,7 @@
 # (!) To make this part relevant, you need to generate encoded files by your
 #     own. Enabling this part will not auto-generate brotlied files.
 #
-# Note that some clients (eg. browsers) require a secure connection to request
+# Note that some clients (e.g. browsers) require a secure connection to request
 # brotli-compressed resources.
 # https://www.chromestatus.com/feature/5420797577396224
 #