Bump the all-deps group across 1 directory with 4 updates

[dependabot]

Bumps the all-deps group with 4 updates in the / directory: github.com/caddyserver/certmagic, github.com/nats-io/nats-server/v2, github.com/nats-io/nats.go and golang.org/x/crypto.

Updates github.com/caddyserver/certmagic from 0.25.2 to 0.25.3

Release notes

Sourced from github.com/caddyserver/certmagic's releases.

v0.25.3

What's Changed

• logging: Disable stack traces, fix logger name by @​francislavoie in caddyserver/certmagic#372
• Unblock ManageAsync() by putting manageOne() in a goroutine by @​mholt in caddyserver/certmagic#374
• Fix HTTP-01 challenge for IPv6 literal addresses by @​nekohasekai in caddyserver/certmagic#377
• readme: add dark-mode banner for GitHub UI by @​mpge in caddyserver/certmagic#379
• fix: Normalization IPv6 addresses for ACME challenge by @​u5surf in caddyserver/certmagic#376
• More validation of delegated OCSP responders by @​mholt in caddyserver/certmagic#378

New Contributors

• @​nekohasekai made their first contribution in caddyserver/certmagic#377
• @​mpge made their first contribution in caddyserver/certmagic#379
• @​u5surf made their first contribution in caddyserver/certmagic#376

Full Changelog: caddyserver/certmagic@v0.25.2...v0.25.3

Commits

• c7496f1 More validation of delegated OCSP responders (#378)
• cdc4eb2 fix: Normalization IPv6 addresses for ACME challenge (#376)
• 2cf7e08 Revert "Fix HTTP-01 challenge for IPv6 literal addresses (#377)"
• 3e3363f readme: add dark-mode banner for GitHub UI (#379)
• 3229642 go.mod: Upgrade indirect dependencies
• 60d9d8b Fix HTTP-01 challenge for IPv6 literal addresses (#377)
• e03792e Modernize TLSConfig() (close #375)
• fa1257f Unblock ManageAsync() by putting manageOne() in a goroutine (#374)
• b9e85a9 Don't log nil errors when stapling OCSP (fix #362)
• a7a8ce3 logging: Disable stack traces, fix logger name (#372)
• See full diff in compare view

Updates github.com/nats-io/nats-server/v2 from 2.12.7 to 2.14.0

Release notes

Sourced from github.com/nats-io/nats-server/v2's releases.

Release v2.14.0

Changelog

Refer to the 2.14 Upgrade Guide for backwards compatibility notes with 2.12.x. Please note that the 2.13.x version was skipped.

Go Version

• 1.26.2

Added

General

• Feature flags in the server configuration (#7866)
  • ADR: https://github.com/nats-io/nats-architecture-and-design/blob/main/adr/ADR-53.md

JetStream

• Fast-ingest batch publishing (#7778, #7892, #7894, #7945)
  • Allows high-speed publishing of message batches into the server when using a supported client
  • ADR: https://github.com/nats-io/nats-architecture-and-design/blob/main/adr/ADR-50.md#fast-ingest-batch-publishing
• Repeating & cron-based message schedules (#7504, #7687, #7688)
  • The Nats-Schedule header can now be configured on a repeating basis, i.e. @every 5m, @hourly or using crontab-like syntax
  • ADR: https://github.com/nats-io/nats-architecture-and-design/blob/main/adr/ADR-51.md
• Scheduled subject sampling (#7506)
  • The Nats-Schedule-Source header allows sampling the contents of the last message in the stream for a given subject, allowing sampling of values at a different rate to the original publisher
  • ADR: https://github.com/nats-io/nats-architecture-and-design/blob/main/adr/ADR-51.md#subject-sampling
• Scheduled subject rollups (#7559)
  • The Nats-Schedule-Rollup header allows initiating a rollup of the Nats-Schedule-Target subject on a scheduled basis
  • ADR: https://github.com/nats-io/nats-architecture-and-design/blob/main/adr/ADR-51.md
• Consumer reset API (#7489)
  • It is now possible to reset a consumer back to an earlier sequence number using the $JS.API.CONSUMER.RESET.stream.consumer API without deleting and recreating it
  • ADR: https://github.com/nats-io/nats-architecture-and-design/blob/main/adr/ADR-60.md#consumer-delivery-state-reset-api
• Domain-aware ack and flow control subjects (#7860)
  • This is disabled by default and can be enabled with the js_ack_fc_v2 feature flag, this will be enabled by default in v2.15
  • In an environment where ACLs are used to control ack or flow control subjects, updates will be required to match the new $JS.ACK.domain.acchash.stream.consumer.> and $JS.FC.domain.acchash.stream.consumer.> subject formats
• Asynchronous stream state snapshots for replicated streams (#7876)
  • Allows stream state snapshots to be taken and written without pausing stream processing, improving tail latencies
  • This is particularly impactful in cases where the stream has a large number of interior deletes
• Ability to disable message deduplication when sourcing (#7651)

Leafnodes

• Leafnode remote configurations can now be added and removed at runtime by reloading the configuration (#7937)
• New ignore_discovered_servers option for leafnode remotes to allow ignoring any leafnode URLs sent by the hub (#8067)

Changed

General

... (truncated)

Changelog

Sourced from github.com/nats-io/nats-server/v2's changelog.

Release Workflow

• As of NATS 2.11, the server follows a 6-month release cycle. 2.11 was released in March 2025.
• Version tagging follows semantic versioning with security fixes clearly marked.
• The main branch is for active development of features and bug fixes. Release branches are created for preparing patch releases. Releases are tagged with semantic versions
• The current and previous minor series are supported in terms of bug fixes and security patches.
• Binaries are released via GitHub Releases and Docker images are available as an official image.
• Preview releases for the next minor version, e.g. 2.14.0, become available once feature development is complete.
• Tagged releases as well as nightly Docker images of main (for testing) are available in the synadia/nats-server Docker repository.

Commits

• 0cbd01c Release v2.14.0
• 5a8c9cd NRG: tighten append entry length decoding bounds (#8092)
• 0f259ff Add tzdata to nightly Docker image (#8091)
• aed7baa Add extra test for payload corruption via headers (#8088)
• efa4688 [FIXED] Double-encoded reply subject in $JS.ACK routing (#8089)
• e78bbf1 Fix sign-offs check
• 295d052 Add tzdata to nightly Docker image
• b8af430 NRG: tighten append entry length decoding bounds
• efbc1d7 Add extra test for payload corruption via headers
• 9b2eb66 [FIXED] Double-encoded reply subject in $JS.ACK routing
• Additional commits viewable in compare view

Updates github.com/nats-io/nats.go from 1.51.0 to 1.52.0

Release notes

Sourced from github.com/nats-io/nats.go's releases.

Release v1.52.0

Changelog

This release focuses on 2.14 nats-server features support.

ADDED

• JetStream:
  • Added fast batch stream config field (#2052)
  • Added message scheduling headers and publish opts (#2051)
  • Updated StreamConfig with Consumer field and added AckFlowControlPolicy (#2070)
  • Added reset consumer API (#2069)

FIXED

• Core NATS:
  • Fix Subscription.StatusChanged channel closure on Closed Subscription. Thanks @​nithimani38-prog for the contribution (#2034)

IMPROVED

• Fixed Flaky JS cluster tests (#2062)

Complete Changes

nats-io/nats.go@v1.51.0...v1.52.0

Commits

• e9f2a36 Release v1.52.0 (#2074)
• 609274f [FIXED] Subscription.StatusChanged channel closure on Closed Subscription (#2...
• f7cde74 [IMPROVED] Use latest release build for badge in README (#2064)
• c7476ea [IMPROVED] Reject empty consumer info in CONSUMER.RESET response (#2072)
• 8fde36f [ADDED] ResetConsumer JetStream API (#2069)
• dcfd0fc [ADDED] StreamSource.Consumer config field and AckFlowControlPolicy (#2070)
• 7a28503 [ADDED] Publish options and consts for message scheduling (#2051)
• 6c91a51 [ADDED] AllowBatchPublish stream config field (#2052)
• a614d0b [FIXED] Flaky JS cluster tests due to race in setupJSClusterWithSize (#2062)
• See full diff in compare view

Updates golang.org/x/crypto from 0.50.0 to 0.51.0

Commits

• b8a14a8 go.mod: update golang.org/x dependencies
• 9d9d507 x509roots/fallback/bundle: fix bundle test with Go 1.27+
• fd0b90d acme: include Problem in OrderError.Error
• b9e5359 pbkdf2: turn into a wrapper for crypto/pbkdf2
• cc0e4fc hkdf: forward Extract to the standard library
• a8e9237 x509roots/fallback: update bundle
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions