Skip to content

chore(deps): bump the go_modules group across 2 directories with 1 update#2053

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/go_modules-da60418101
Closed

chore(deps): bump the go_modules group across 2 directories with 1 update#2053
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/go_modules-da60418101

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Mar 27, 2026
edited
Loading

Bumps the go_modules group with 1 update in the / directory: github.com/nats-io/nats-server/v2.
Bumps the go_modules group with 1 update in the /operator directory: github.com/nats-io/nats-server/v2.

Updates github.com/nats-io/nats-server/v2 from 2.10.14 to 2.11.15

Release notes

Sourced from github.com/nats-io/nats-server/v2's releases.

Release v2.11.15

Changelog

Refer to the 2.11 Upgrade Guide for backwards compatibility notes with 2.10.x.

Go Version

  • 1.25.8

Dependencies

  • golang.org/x/crypto v0.49.0 (#7953)
  • github.com/nats-io/jwt/v2 v2.8.1 (#7960)
  • github.com/antithesishq/antithesis-sdk-go v0.6.0-default-no-op
  • github.com/klauspost/compress v1.18.4
  • github.com/nats-io/nats.go v1.49.0
  • github.com/nats-io/nkeys v0.4.15

CVEs

Improved

JetStream

  • The stream peer-remove command now accepts a peer ID as well as a server name (#7952)

MQTT

  • Protocol compliance has been improved, including more error handling on invalid or malformed MQTT packets (#7933)

Fixed

General

  • Improved handling of duplicate headers
  • A correctness bug when validating relative distinguished names has been fixed
  • Secrets are now redacted correctly in trace logging (#7942)
  • The expvar endpoint on the monitoring port now correctly redacts secrets from the command line arguments
  • Trace headers are no longer incorrectly parsed when hitting max payload (#7954)
  • The Nats-Trace-Dest message header for message tracing now requires that the client have publish permissions to the specified subject, an error is returned otherwise

... (truncated)

Commits
  • bef17e1 Release v2.11.15
  • e349b31 Cherry-picks for 2.11.15 (#62)
  • 782a6df [FIXED] Avoid stalling read loop on leafnode ErrMinimumVersionRequired
  • 74a5f6f Remove FIXME about auth callout nonce
  • ea8ae87 Message tracing requires client publish permission for Nats-Trace-Dest
  • 3fd43a0 Rebuild request info headers on leaf service imports
  • 8dbf004 [FIXED] MQTT flappers use monotonic time
  • 265a99b Update JWT and other dependencies
  • d6d1dd9 Streaming parsing of WebSocket frames with limited memory allocations
  • e6057af [FIXED] Avoid parsing trace headers from HPUB payload
  • Additional commits viewable in compare view

Updates github.com/nats-io/nats-server/v2 from 2.10.14 to 2.11.15

Release notes

Sourced from github.com/nats-io/nats-server/v2's releases.

Release v2.11.15

Changelog

Refer to the 2.11 Upgrade Guide for backwards compatibility notes with 2.10.x.

Go Version

  • 1.25.8

Dependencies

  • golang.org/x/crypto v0.49.0 (#7953)
  • github.com/nats-io/jwt/v2 v2.8.1 (#7960)
  • github.com/antithesishq/antithesis-sdk-go v0.6.0-default-no-op
  • github.com/klauspost/compress v1.18.4
  • github.com/nats-io/nats.go v1.49.0
  • github.com/nats-io/nkeys v0.4.15

CVEs

Improved

JetStream

  • The stream peer-remove command now accepts a peer ID as well as a server name (#7952)

MQTT

  • Protocol compliance has been improved, including more error handling on invalid or malformed MQTT packets (#7933)

Fixed

General

  • Improved handling of duplicate headers
  • A correctness bug when validating relative distinguished names has been fixed
  • Secrets are now redacted correctly in trace logging (#7942)
  • The expvar endpoint on the monitoring port now correctly redacts secrets from the command line arguments
  • Trace headers are no longer incorrectly parsed when hitting max payload (#7954)
  • The Nats-Trace-Dest message header for message tracing now requires that the client have publish permissions to the specified subject, an error is returned otherwise

... (truncated)

Commits
  • bef17e1 Release v2.11.15
  • e349b31 Cherry-picks for 2.11.15 (#62)
  • 782a6df [FIXED] Avoid stalling read loop on leafnode ErrMinimumVersionRequired
  • 74a5f6f Remove FIXME about auth callout nonce
  • ea8ae87 Message tracing requires client publish permission for Nats-Trace-Dest
  • 3fd43a0 Rebuild request info headers on leaf service imports
  • 8dbf004 [FIXED] MQTT flappers use monotonic time
  • 265a99b Update JWT and other dependencies
  • d6d1dd9 Streaming parsing of WebSocket frames with limited memory allocations
  • e6057af [FIXED] Avoid parsing trace headers from HPUB payload
  • Additional commits viewable in compare view

Updates github.com/nats-io/nats-server/v2 from 2.10.14 to 2.11.15

Release notes

Sourced from github.com/nats-io/nats-server/v2's releases.

Release v2.11.15

Changelog

Refer to the 2.11 Upgrade Guide for backwards compatibility notes with 2.10.x.

Go Version

  • 1.25.8

Dependencies

  • golang.org/x/crypto v0.49.0 (#7953)
  • github.com/nats-io/jwt/v2 v2.8.1 (#7960)
  • github.com/antithesishq/antithesis-sdk-go v0.6.0-default-no-op
  • github.com/klauspost/compress v1.18.4
  • github.com/nats-io/nats.go v1.49.0
  • github.com/nats-io/nkeys v0.4.15

CVEs

Improved

JetStream

  • The stream peer-remove command now accepts a peer ID as well as a server name (#7952)

MQTT

  • Protocol compliance has been improved, including more error handling on invalid or malformed MQTT packets (#7933)

Fixed

General

  • Improved handling of duplicate headers
  • A correctness bug when validating relative distinguished names has been fixed
  • Secrets are now redacted correctly in trace logging (#7942)
  • The expvar endpoint on the monitoring port now correctly redacts secrets from the command line arguments
  • Trace headers are no longer incorrectly parsed when hitting max payload (#7954)
  • The Nats-Trace-Dest message header for message tracing now requires that the client have publish permissions to the specified subject, an error is returned otherwise

... (truncated)

Commits
  • bef17e1 Release v2.11.15
  • e349b31 Cherry-picks for 2.11.15 (#62)
  • 782a6df [FIXED] Avoid stalling read loop on leafnode ErrMinimumVersionRequired
  • 74a5f6f Remove FIXME about auth callout nonce
  • ea8ae87 Message tracing requires client publish permission for Nats-Trace-Dest
  • 3fd43a0 Rebuild request info headers on leaf service imports
  • 8dbf004 [FIXED] MQTT flappers use monotonic time
  • 265a99b Update JWT and other dependencies
  • d6d1dd9 Streaming parsing of WebSocket frames with limited memory allocations
  • e6057af [FIXED] Avoid parsing trace headers from HPUB payload
  • Additional commits viewable in compare view

Updates github.com/nats-io/nats-server/v2 from 2.10.14 to 2.11.15

Release notes

Sourced from github.com/nats-io/nats-server/v2's releases.

Release v2.11.15

Changelog

Refer to the 2.11 Upgrade Guide for backwards compatibility notes with 2.10.x.

Go Version

  • 1.25.8

Dependencies

  • golang.org/x/crypto v0.49.0 (#7953)
  • github.com/nats-io/jwt/v2 v2.8.1 (#7960)
  • github.com/antithesishq/antithesis-sdk-go v0.6.0-default-no-op
  • github.com/klauspost/compress v1.18.4
  • github.com/nats-io/nats.go v1.49.0
  • github.com/nats-io/nkeys v0.4.15

CVEs

Improved

JetStream

  • The stream peer-remove command now accepts a peer ID as well as a server name (#7952)

MQTT

  • Protocol compliance has been improved, including more error handling on invalid or malformed MQTT packets (#7933)

Fixed

General

  • Improved handling of duplicate headers
  • A correctness bug when validating relative distinguished names has been fixed
  • Secrets are now redacted correctly in trace logging (#7942)
  • The expvar endpoint on the monitoring port now correctly redacts secrets from the command line arguments
  • Trace headers are no longer incorrectly parsed when hitting max payload (#7954)
  • The Nats-Trace-Dest message header for message tracing now requires that the client have publish permissions to the specified subject, an error is returned otherwise

... (truncated)

Commits
  • bef17e1 Release v2.11.15
  • e349b31 Cherry-picks for 2.11.15 (#62)
  • 782a6df [FIXED] Avoid stalling read loop on leafnode ErrMinimumVersionRequired
  • 74a5f6f Remove FIXME about auth callout nonce
  • ea8ae87 Message tracing requires client publish permission for Nats-Trace-Dest
  • 3fd43a0 Rebuild request info headers on leaf service imports
  • 8dbf004 [FIXED] MQTT flappers use monotonic time
  • 265a99b Update JWT and other dependencies
  • d6d1dd9 Streaming parsing of WebSocket frames with limited memory allocations
  • e6057af [FIXED] Avoid parsing trace headers from HPUB payload
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Mar 27, 2026
@dependabot
chore(deps): bump the go_modules group across 2 directories with 1 up…
a148c67 
…date

Bumps the go_modules group with 1 update in the / directory: [github.com/nats-io/nats-server/v2](https://github.com/nats-io/nats-server).
Bumps the go_modules group with 1 update in the /operator directory: [github.com/nats-io/nats-server/v2](https://github.com/nats-io/nats-server).


Updates `github.com/nats-io/nats-server/v2` from 2.10.14 to 2.11.15
- [Release notes](https://github.com/nats-io/nats-server/releases)
- [Changelog](https://github.com/nats-io/nats-server/blob/main/RELEASES.md)
- [Commits](nats-io/nats-server@v2.10.14...v2.11.15)

Updates `github.com/nats-io/nats-server/v2` from 2.10.14 to 2.11.15
- [Release notes](https://github.com/nats-io/nats-server/releases)
- [Changelog](https://github.com/nats-io/nats-server/blob/main/RELEASES.md)
- [Commits](nats-io/nats-server@v2.10.14...v2.11.15)

---
updated-dependencies:
- dependency-name: github.com/nats-io/nats-server/v2
  dependency-version: 2.11.15
  dependency-type: direct:production
  dependency-group: go_modules
- dependency-name: github.com/nats-io/nats-server/v2
  dependency-version: 2.11.15
  dependency-type: indirect
  dependency-group: go_modules
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/go_modules/go_modules-da60418101 branch from 91104a5 to a148c67 Compare March 31, 2026 08:53
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Mar 31, 2026

Superseded by #2071.

@dependabot dependabot Bot closed this Mar 31, 2026
@dependabot dependabot Bot deleted the dependabot/go_modules/go_modules-da60418101 branch March 31, 2026 08:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants