Skip to content

Bump github.com/nats-io/nats-server/v2 from 2.12.2 to 2.12.3#477

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/github.com/nats-io/nats-server/v2-2.12.3
Open

Bump github.com/nats-io/nats-server/v2 from 2.12.2 to 2.12.3#477
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/github.com/nats-io/nats-server/v2-2.12.3

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Feb 24, 2026
edited by cursor bot
Loading

Bumps github.com/nats-io/nats-server/v2 from 2.12.2 to 2.12.3.

Release notes

Sourced from github.com/nats-io/nats-server/v2's releases.

Release v2.12.3

Changelog

Refer to the 2.12 Upgrade Guide for backwards compatibility notes with 2.11.x.

Go Version

Dependencies

  • github.com/google/go-tpm v0.9.7 (#7578)
  • github.com/nats-io/nkeys v0.4.12 (#7578)
  • golang.org/x/crypto v0.45.0 (#7578)
  • github.com/klauspost/compress v1.18.2 (#7604)
  • github.com/antithesishq/antithesis-sdk-go v0.5.0-default-no-op (#7604)
  • golang.org/x/crypto v0.46.0 (#7648)
  • golang.org/x/sys v0.39.0 (#7648)

Added

General

  • Added WebSocket-specific ping interval configuration with ping_internal in the websocket block (#7614)

Improved

JetStream

  • The scan for the last sourced message sequence when setting up a subject-filtered source is now considerably faster (#7553)
  • The metalayer will now stage and deduplicate recovery operations at startup, instead of rapidly applying and then undoing conflicting assignments (#7540)
  • Consumer interest checks on interest-based streams are now significantly faster when there are large gaps in interest (#7656)

MQTT

  • Retained messages will now work correctly even when sourced from a different account and has a subject transform (#7636)

Fixed

General

  • WebSocket connections will now correctly limit the buffer size during decompression (#7625, thanks to Pavel Kokout at Aisle Research)

JetStream

  • A protocol error caused by an invalid transform of acknowledgement reply subjects when originating from a gateway connection has been fixed (#7579)
  • The meta layer will now only respond to peer remove requests after quorum has been reached (#7581)
  • Invalid subject filters containing non-terminating full wildcard no longer produce unexpected matches (#7585)
  • A data race when creating a stream in clustered mode has been fixed (#7586)
  • Raft will no longer allow multiple membership changes to take place concurrently (#7565, #7609)

... (truncated)

Commits
  • 450a519 Release v2.12.3
  • 8670ba0 Release v2.12.3-RC.5
  • 08bb9ee Cherry-picks for 2.12.3-RC.5 (#7657)
  • 7bd48a2 [IMPROVED] Consumer interest check with large gap
  • 9be1774 [FIXED] Filestore desync during stream snapshot
  • 97f0c1a Release v2.12.3-RC.4
  • 036a3fd Cherry-picks for 2.12.3-RC.4 (#7652)
  • 6d739fa NRG: Removed leader may reappear in membership
  • d2e57bf [FIXED] mb.compact updates last seq/ts
  • 8e732b2 [FIXED] Filestore idx mismatch & 'no idx present' errors
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Note

Low Risk
Dependency-only bumps (NATS server and transitive Go libs) with no application logic changes; risk is limited to any upstream behavioral/regression changes in the updated packages.

Overview
Updates github.com/nats-io/nats-server/v2 from v2.12.2 to v2.12.3.

Refreshes related transitive module versions in go.mod/go.sum, including github.com/klauspost/compress, github.com/nats-io/nkeys, and several golang.org/x/* libraries (crypto, mod, sync, sys, text, tools).

Written by Cursor Bugbot for commit fc7edcb. This will update automatically on new commits. Configure here.

@dependabot
Bump github.com/nats-io/nats-server/v2 from 2.12.2 to 2.12.3
fc7edcb 
Bumps [github.com/nats-io/nats-server/v2](https://github.com/nats-io/nats-server) from 2.12.2 to 2.12.3.
- [Release notes](https://github.com/nats-io/nats-server/releases)
- [Changelog](https://github.com/nats-io/nats-server/blob/main/RELEASES.md)
- [Commits](nats-io/nats-server@v2.12.2...v2.12.3)

---
updated-dependencies:
- dependency-name: github.com/nats-io/nats-server/v2
  dependency-version: 2.12.3
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Feb 24, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants