Skip to content

Bump the all-deps group across 1 directory with 4 updates#175

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/go_modules/all-deps-aac5774be5
Open

Bump the all-deps group across 1 directory with 4 updates#175
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/go_modules/all-deps-aac5774be5

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Jun 2, 2026

Bumps the all-deps group with 2 updates in the / directory: github.com/nats-io/nats-server/v2 and github.com/pion/stun/v3.

Updates github.com/nats-io/nats-server/v2 from 2.14.0 to 2.14.2

Release notes

Sourced from github.com/nats-io/nats-server/v2's releases.

Release v2.14.2

Changelog

Refer to the 2.14 Upgrade Guide for backwards compatibility notes with 2.12.x. Please note that the 2.13.x version was skipped.

Go Version

  • 1.26.3

Dependencies

  • golang.org/x/crypto v0.52.0
  • golang.org/x/sys v0.45.0
  • github.com/nats-io/jwt/v2 v2.8.2
  • github.com/nats-io/nkeys v0.4.16

Improved

General

  • The client ID is now available through the embedded ClientAuthentication API (#8217)

Fixed

General

  • A race condition when handling subscription interest over routes has been fixed (#8235)
  • Potential protocol-level corruption from rewriting $JS.ACK subjects has been fixed (#8242)
  • Potential protocol-level corruption from buffer misuse in compressed WebSocket clients has been fixed (#8244)
  • The /accstatz monitoring endpoint no longer omits accounts with only leaf connections (#8252)

JetStream

  • Fixed a case where Raft peers were not correctly tracked after an inactivity stall during catchup (#8226)
  • Quorum needed is now calculated correctly when bootstrapping the metalayer when gateway URLs resolve to multiple IP addresses (#8238)
  • The filestore no longer performs a block skip check on streams with extremely high subject counts, as it could result in runaway CPU usage (#8227)
  • Fixed a case where the filestore would not release a lock after handling a write error (#8232)
  • Purge operations on both file and memory stores are now more consistent with each other (#8241)
  • Fixed a case where the consumer lock would not release a lock after handling a start sequence error (#8230)
  • Counter streams and message schedules now have configuration constraints applied to prevent incorrect usage patterns (#8240)
  • Improved stream and consumer scale down behaviour consistency (#8253)
  • Fixed an issue where the per-subject state last block was not stored correctly with a max messages per subject limit of 1 (#8254)
  • Fixed a drift that could occur in the peer sets after a peer remove of an online node (#8258)

Complete Changes

nats-io/nats-server@v2.14.1...v2.14.2

Release v2.14.2-RC.1

Changelog

... (truncated)

Commits
  • 1d06592 Release v2.14.2
  • 4e1aefa Cherry-picks for v2.14.2 (#8256)
  • ac092ff Update dependencies
  • 01e589d [FIXED] Peer set desync/re-add after stream peer-remove
  • 3d122e8 De-flake TestJetStreamConsumerPrioritized
  • 3836d96 [FIXED] Initial MaxMsgsPerSubject update not enforced
  • 92cf2e3 [FIXED] Filestore only stores last block when MaxMsgsPerSubject 1
  • 3288b4f (2.14) [IMPROVED] Remove redundant error check in filestore
  • 6ea46d5 [FIXED] Stream and consumer scale down consistency
  • 5edd91c [FIXED] AccountStatz omits accounts with only leaf connections
  • Additional commits viewable in compare view

Updates github.com/nats-io/nkeys from 0.4.15 to 0.4.16

Release notes

Sourced from github.com/nats-io/nkeys's releases.

v0.4.16

What's Changed

Full Changelog: nats-io/nkeys@v0.4.15...v0.4.16

Commits
  • c1eebf3 Merge pull request #87 from nats-io/bump
  • 9e2706c bumped version
  • d071bc9 Merge pull request #86 from nats-io/daniele/check-public-key-len
  • b2262fd chore: bump go to 1.25 for staticcheck latest
  • 77a71f8 Validate decoded seed length in DecodeSeed
  • 57bc753 Validate public key length before ed25519 verify
  • See full diff in compare view

Updates github.com/pion/stun/v3 from 3.1.2 to 3.1.4

Release notes

Sourced from github.com/pion/stun/v3's releases.

v3.1.4

Changelog

  • 6a869cb3ce12869699dbf007fa48e1ce6760eca5 Update module github.com/pion/dtls/v3 to v3.1.3
  • 8f24ef3b428599b877f0c013fe2cc93670e5bc04 Update module github.com/pion/transport/v4 to v4.0.2

v3.1.3

Changelog

  • fa9f074a33a8059c76c960b1fbee39f308002423 Fix panic on short XOR-MAPPED-ADDRESS value
  • 01aa5b8eefd0c0934c6aebd2bd6b6fa7d3c7d715 Throw an error when parsing message type 0x000
  • c41a7f3240229f74db15968e1657c05b1ecb1037 Add opt-in strict mode and custom logger
  • bc40ca270a5fe67eabce506c1f4e154f804dbc36 Ignore attributes after message-integrity
  • 293095f9198ea72918620fb1e0177a9aaeb211db Update CI configs to v0.12.2
Commits
  • 6a869cb Update module github.com/pion/dtls/v3 to v3.1.3
  • 8f24ef3 Update module github.com/pion/transport/v4 to v4.0.2
  • fa9f074 Fix panic on short XOR-MAPPED-ADDRESS value
  • 01aa5b8 Throw an error when parsing message type 0x000
  • c41a7f3 Add opt-in strict mode and custom logger
  • bc40ca2 Ignore attributes after message-integrity
  • 293095f Update CI configs to v0.12.2
  • See full diff in compare view

Updates golang.org/x/crypto from 0.51.0 to 0.52.0

Commits
  • a1c0d99 go.mod: update golang.org/x dependencies
  • 3c7c869 ssh: fix deadlock on unexpected channel responses
  • 533fb3f ssh: fix source-address critical option bypass
  • abbc44d ssh: fix incorrect operator order
  • e052873 ssh: fix infinite loop on large channel writes due to integer overflow
  • b61cf85 ssh: enforce user presence verification for security keys
  • 9c2cd33 ssh: enforce strict limits on DSA key parameters
  • 8907318 ssh: reject RSA keys with excessively large moduli
  • ffd87b4 ssh: fix panic when authority callbacks are nil
  • 4e7a738 ssh: fix deadlock on unexpected global responses
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the all-deps group across 1 directory with 4 updates
89cb67e 
Bumps the all-deps group with 2 updates in the / directory: [github.com/nats-io/nats-server/v2](https://github.com/nats-io/nats-server) and [github.com/pion/stun/v3](https://github.com/pion/stun).


Updates `github.com/nats-io/nats-server/v2` from 2.14.0 to 2.14.2
- [Release notes](https://github.com/nats-io/nats-server/releases)
- [Changelog](https://github.com/nats-io/nats-server/blob/main/RELEASES.md)
- [Commits](nats-io/nats-server@v2.14.0...v2.14.2)

Updates `github.com/nats-io/nkeys` from 0.4.15 to 0.4.16
- [Release notes](https://github.com/nats-io/nkeys/releases)
- [Commits](nats-io/nkeys@v0.4.15...v0.4.16)

Updates `github.com/pion/stun/v3` from 3.1.2 to 3.1.4
- [Release notes](https://github.com/pion/stun/releases)
- [Commits](pion/stun@v3.1.2...v3.1.4)

Updates `golang.org/x/crypto` from 0.51.0 to 0.52.0
- [Commits](golang/crypto@v0.51.0...v0.52.0)

---
updated-dependencies:
- dependency-name: github.com/nats-io/nats-server/v2
  dependency-version: 2.14.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-deps
- dependency-name: github.com/nats-io/nkeys
  dependency-version: 0.4.16
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-deps
- dependency-name: github.com/pion/stun/v3
  dependency-version: 3.1.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-deps
- dependency-name: golang.org/x/crypto
  dependency-version: 0.52.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-deps
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jun 2, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants