build(deps): update module github.com/nats-io/nats-server/v2 to v2.9.23 [skip ci]

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
github.com/nats-io/nats-server/v2	require	patch	v2.9.20 -> v2.9.23

---

Release Notes

nats-io/nats-server (github.com/nats-io/nats-server/v2)

v2.9.23

Compare Source

Changelog

Go Version

• 1.20.10

Fixed

Accounts

• Prevent bypassing authorization block when enabling system account access in accounts block (#​4605). Backport from v2.10.2

Leafnodes

• Prevent a leafnode cluster from receiving a message multiple times in a queue subscription (#​4578). Backport from v2.10.2

JetStream

• Hold lock when calculating the first message for subject in a message block (#​4531). Backport from v2.10.0
• Add self-healing mechanism to detect and delete orphaned Raft groups (#​4647). Backport from v2.10.0
• Prevent forward proposals in consumers after scaling down a stream (#​4647). Backport from v2.10.0
• Fix race condition during leader failover scenarios resulting in potential duplicate messages being sourced (#​4592). Backport from v2.10.2

Complete Changes

v2.9.22

Compare Source

Changelog

Go Version

• 1.20.8 (updated out-of-cycle since Go 1.19 is now EOL)

Dependencies

• github.com/nats-io/jwt/v2 v2.5.0
• golang.org/x/crypto v0.12.0
• golang.org/x/sys v0.11.0

Improved

Monitoring

• CORS Allow-Origin passthrough for monitoring server (#​4423) Thanks to @​mdawar for the contribution!

JetStream

• Improve consumer scaling reliability with filters and cluster restart (#​4404)
• Send event on lame duck mode (LDM) to avoid placing assets on shutting down nodes (#​4405)
• Skip filestore tombstones if downgrade from 2.10 occurs (#​4452)
• Adjust delivered and waiting count when consumer message delivery fails (#​4472)

Fixed

Config

• Allow empty configs and fix JSON compatibility (#​4394, #​4418)
• Remove TLS OCSP debug log on reload (#​4453)

Monitoring

• Fix Content-Type header when /healthz is not 200 OK (#​4437) Thanks to @​mdawar for the contribution!
• Fix server /connz idle time sorting (#​4463) Thanks to @​mdawar for the contribution!
• Interface conversion bug which could cause a panic when calling /ipqueuesz endpoint (#​4477)

Leafnode

• Fix race condition which could affect propagating interest over leafnode connections (#​4464)

JetStream

• Fix possible deadlock in checking for drift in the usage reporting when storing a message (#​4411)
• Durable pull consumers could get cleaned up incorrectly on leader change (#​4412)
• Moving an R1 stream could sometimes lose all messages (#​4413)
• Prevent peer-remove of an R1 stream which could result in the stream becoming orphaned (#​4420)
• Ensure consumer ack pending is less than max ack pending on state restore (#​4427)
• Ensure to reset election timer when catching up (#​4428) Thanks to @​yuzhou-nj for the report!
• Auto step-down Raft leader if an entry is missing on a catchup request (#​4432)
• Fix PurgeEx with keep having deletes in blocks (#​4431)
• Update global subject index when message blocks expire (#​4439)
• Ensure max messages per subject is respected after update (#​4446) Thanks to @​anthonyjacques20 for the report!
• Ignore and remove empty message blocks on rebuild (#​4447)
• Fix possible accounting discrepancy on message write (#​4455)
• Fix potential message duplication from stream sources when downgrading from 2.10 (#​4454)
• Check for checksum violations for all records before sequence processing (#​4465)
• Fix message block accounting (#​4473)

Complete Changes

v2.9.21

Compare Source

Changelog

Go Version

• 1.19.12

Dependencies

• github.com/klauspost/compress v1.16.7
• github.com/nats-io/nats.go v1.28.0
• go.uber.org/automaxprocs v1.5.3
• golang.org/x/crypto v0.11.0
• golang.org/x/sys v0.10.0

Added

OCSP

• Add fetch, cache, and verification of client CA's OCSP Response for NATS, WebSocket, and MQTT client mTLS connections (#​4362, backported from 2.10)
• Add bi-directional fetch, cache, and verification of CA OCSP Response for LEAF connections (#​4362, backported from 2.10)

See ADR-38 OCSP Peer Verification

General

• Add UTC log timestamp option (#​4331, backported from 2.10)

Improved

JetStream

• Don't error to server logs if message was deleted for consumer (#​4328)
• Improve publish performance for zero-interest subjects (#​4359) Thanks to @​antlad for reporting the issue!
• Sync and reset message rejected count to ensure replicas don’t incorrectly discard messages (#​4365, #​4366)

Fixed

General

• Leaking memory on usage of getHash() (#​4329) Thanks to @​VuongUranus for reporting the issue!
• Server reload with highly active accounts and service imports could cause panic or dataloss (#​4327)
• Fix detection of an unusable configuration file (#​4358)
  • NOTE: as a side effect of this fix, the server will no longer startup with an empty config file
• Fix a few system service imports going missing after configuration reload (#​4360)

OCSP

• Fix local-determination of issuer CA at startup (#​4362)
• Remove constraint that all (super)cluster node peers must be issued by the same CA (#​4362)

Embedded

• Don't require TLS for in-process client connection (#​4323)

JetStream

• Fix serializability guarantee for concurrent publish when using expected-last-subject-sequence (#​4319)
• Report correct consumer count in paged list response (#​4339)
• Fix not validating single token filtered consumer (#​4338)
• Fix stream recovery of message block with sequence gaps (#​4344)
• Fix panic when re-calculating first sequence of SimpleState info (#​4346)
• Fix stream store accounting drift (#​4357)

Complete Changes

---

Configuration

📅 Schedule: Branch creation - "after 10pm every weekday,before 5am every weekday,every weekend" in timezone Europe/Vienna, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[sonarqubecloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
No Duplication information

[sonarqubecloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
No Duplication information

[sonarqubecloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
No Duplication information