Skip to content

chore(deps): bump github.com/nats-io/nats-server/v2 from 2.14.2 to 2.14.3#2125

Merged
alexeykiselev merged 2 commits into
masterfrom
dependabot/go_modules/github.com/nats-io/nats-server/v2-2.14.3
Jun 30, 2026
Merged

chore(deps): bump github.com/nats-io/nats-server/v2 from 2.14.2 to 2.14.3#2125
alexeykiselev merged 2 commits into
masterfrom
dependabot/go_modules/github.com/nats-io/nats-server/v2-2.14.3

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 30, 2026

Copy link
Copy Markdown
Contributor

Bumps github.com/nats-io/nats-server/v2 from 2.14.2 to 2.14.3.

Release notes

Sourced from github.com/nats-io/nats-server/v2's releases.

Release v2.14.3

Changelog

Refer to the 2.14 Upgrade Guide for backwards compatibility notes with 2.12.x. Please note that the 2.13.x version was skipped.

Go Version

Dependencies

  • golang.org/x/crypto v0.53.0 (#8297)
  • golang.org/x/sys v0.46.0 (#8297)
  • github.com/nats-io/jwt/v2 v2.8.2
  • github.com/nats-io/nkeys v0.4.16

Improved

General

  • Per-connection log lines that could be noisy in normal operation have been demoted to debug level (#8289)
  • Writer options are now applied consistently when using the s2_fast compression mode (#8047)

JetStream

  • Stream and consumer assignment handling has been refactored for more consistent migration and info behavior (#8262)
  • Meta, stream and consumer write errors are now registered more consistently for health and recovery handling (#8293)

Removed

Monitoring

  • JSONP callback support has been removed from monitoring endpoints

Fixed

General

  • Long-running reconnect and OCSP loops no longer retain unused timers, reducing memory pressure over time (#8204)
  • Inherited JWT default permissions are now refreshed when account claims are updated (#8276)
  • External auth configuration is now cleared correctly when account claims are updated (#8275)
  • PROXY protocol detection, TLS sniffing with allow_non_tls and PROXY v1 address-family parsing have been fixed (#8302)
  • A race in gateway CONNECT handling has been fixed (#8306)
  • Trusted proxy tracking no longer leaks closed clients during concurrent updates (#8307)
  • Service import replies can now be delivered across cluster routes (#8317)
  • Message tracing now works correctly with service imports and exports
  • Several panic, fatal and data race conditions in authentication, routing, monitoring and clustered request handling have been fixed
  • NoAuthUser now checks connection restrictions
  • Leaf connections no longer bypass Nats-Trace-Dest publish permission checks
  • CONNZ and SUBSZ pagination now guard against Offset and Limit integer overflow panics

... (truncated)

Commits
  • 9b17a58 Release v2.14.3
  • 2be2525 Release v2.14.3-RC.2
  • 563d55f Cherry-picks for v2.14.3-RC.2 (#126)
  • e242ca0 NRG: Don't campaign with an uncommitted membership change about ourselves
  • 0e4d935 NRG: Exclude uncommitted membership change from snapshot
  • 0ab7302 NRG: Remove redundant known peer tracking
  • 6eb7d76 NRG: Truncated uncommitted membership change leaves stale state
  • 8157b56 [TEST] Campaign early on NRG tests
  • 712b3d2 [FIXED] Nil pointer panic when resolver dir parent is not traversable
  • f11c26b [FIXED] Skipped messages set last time to now
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github.com/nats-io/nats-server/v2](https://github.com/nats-io/nats-server) from 2.14.2 to 2.14.3.
- [Release notes](https://github.com/nats-io/nats-server/releases)
- [Changelog](https://github.com/nats-io/nats-server/blob/main/RELEASES.md)
- [Commits](nats-io/nats-server@v2.14.2...v2.14.3)

---
updated-dependencies:
- dependency-name: github.com/nats-io/nats-server/v2
  dependency-version: 2.14.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jun 30, 2026
@alexeykiselev alexeykiselev merged commit f402aea into master Jun 30, 2026
20 checks passed
@alexeykiselev alexeykiselev deleted the dependabot/go_modules/github.com/nats-io/nats-server/v2-2.14.3 branch June 30, 2026 18:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants