plane-watch / bordercontrol

BEAST/MLAT proxy server with some additional smarts for user authentication. Endpoint for feed.push.plane.watch.
https://plane.watch/
GNU General Public License v3.0
2 stars 0 forks source link

Bump github.com/nats-io/nats-server/v2 from 2.10.12 to 2.10.14 in /bordercontrol #101

Closed dependabot[bot] closed 7 months ago

dependabot[bot] commented 7 months ago

Bumps github.com/nats-io/nats-server/v2 from 2.10.12 to 2.10.14.

Release notes

Sourced from github.com/nats-io/nats-server/v2's releases.

Release v2.10.14

Changelog

(Note there was no 2.10.13 version 🙂)

Refer to the 2.10 Upgrade Guide for backwards compatibility notes with 2.9.x.

Go Version

Dependencies

  • github.com/nats-io/nats.go v1.34.1 (#5271)
  • golang.org/x/crypto v0.22.0 (#5283)

Improved

Auth

  • Improve clone behavior to prevent unintended references (#5246) Thanks to Trail Of Bits for the report!
  • Apply constant-time evaluation of non-bcrypt passwords (#5247) Thanks to Trail Of Bits for the report!

JetStream

  • Reduce lock contention when looking up stream metadata (#5223)
  • Optimize matching a subject when applying per subject message limits (#5228)
  • Optimize waiting queue for pull consumers to reduce excessive memory and GC pressure (#5233)
  • Improve error handling in filestore to prevent duplicate nonces being used and ignored errors (#5248) Thanks to Trail Of Bits for the report!
  • Improve interest and workqueue state tracking to prevent stranded messages during concurrent consumer acks and stream deletes (#5270)
  • Introduce store method to push down and optimize multi-filter subject matching used by consumers (#5274) Thanks to @​svenfoo for the report!
  • Various improvements and fixes for clustered interest-based streams and associated consumers (#5287)
  • Return errors and/or adding logging for rare filestore conditions (#5298)
  • When explicitly syncing to the filesystem, hold the message block lock to prevent possible downstream corruption (#5301, #5303)

Fixed

OS

  • Fix for race checkptr panic on macOS/Darwin on Go 1.22 (#5265)

Connections

  • Address possible memory leak due to connections not be released (#5244) Thanks to @​davidzhao for the report!

JetStream

  • Fix incorrect subject overlapping checks that could lead to multiple consumers or streams bound to the same subjects (#5224)
  • Improve situations that could result in orphan messages in streams (#5227)
  • Protect against corrupt message block when doing indexing (#5238) Thanks to @​kylemcc for the report!
  • Fix consumer config check of max deliver when backoff is set (#5242)
  • Ignore Nats-Expected-* headers from source stream (#5256) Thanks to @​ramonberrutti for the report and contribution!
  • Add missing check that could result an extended purge or compact to fail in memory-based streams (#5264)
  • Fix issue that could result in skipping valid messages when loading them from the filestore (#5266)
  • Use cluster-scoped lock when processing a leader change (#5267)
  • Fix missing unlocks in filestore and streams in certain error conditions (#5276) Thanks to Trail Of Bits for the report!
  • Ensure lock is held for the duration of a filestore truncate (#5279)

... (truncated)

Commits
  • 31af767 Release v2.10.14 (#5307)
  • fb960ff Build v2.10.14 release with Go 1.21 (#5306)
  • 8e5b7f9 Build release with Go 1.21
  • fdbc9c3 Cherry-pick PRs for v2.10.14-RC.7 (#5304)
  • 729706a [FIXED] Multiple deliveries of messages with delivery count going backwards. ...
  • ee6ec93 Also hold fs lock while sync call to index.db
  • c9ba679 Bump to 2.10.14-RC.6
  • 69b8c81 Cherry-pick PRs for v2.10.14-RC.6 (#5302)
  • c0068cc Hold the lock for a msg block while calling sync.
  • 63d2d71 Bump Go 1.22.2 and Go 1.21.9
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)