Skip to content

build(deps): bump the go_modules group across 1 directory with 5 updates#10

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/go_modules/go_modules-c76a4053c0
Open

build(deps): bump the go_modules group across 1 directory with 5 updates#10
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/go_modules/go_modules-c76a4053c0

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Apr 25, 2026

Bumps the go_modules group with 2 updates in the / directory: github.com/nats-io/nats-server/v2 and github.com/vektah/gqlparser/v2.

Updates github.com/nats-io/nats-server/v2 from 2.6.1 to 2.11.15

Release notes

Sourced from github.com/nats-io/nats-server/v2's releases.

Release v2.11.15

Changelog

Refer to the 2.11 Upgrade Guide for backwards compatibility notes with 2.10.x.

Go Version

  • 1.25.8

Dependencies

  • golang.org/x/crypto v0.49.0 (#7953)
  • github.com/nats-io/jwt/v2 v2.8.1 (#7960)
  • github.com/antithesishq/antithesis-sdk-go v0.6.0-default-no-op
  • github.com/klauspost/compress v1.18.4
  • github.com/nats-io/nats.go v1.49.0
  • github.com/nats-io/nkeys v0.4.15

CVEs

Changed

General

  • There is now a 1MB size limit on JWTs (#7960)

Improved

JetStream

  • The stream peer-remove command now accepts a peer ID as well as a server name (#7952)

MQTT

  • Protocol compliance has been improved, including more error handling on invalid or malformed MQTT packets (#7933)

Fixed

General

  • Improved handling of duplicate headers

... (truncated)

Commits
  • bef17e1 Release v2.11.15
  • e349b31 Cherry-picks for 2.11.15 (#62)
  • 782a6df [FIXED] Avoid stalling read loop on leafnode ErrMinimumVersionRequired
  • 74a5f6f Remove FIXME about auth callout nonce
  • ea8ae87 Message tracing requires client publish permission for Nats-Trace-Dest
  • 3fd43a0 Rebuild request info headers on leaf service imports
  • 8dbf004 [FIXED] MQTT flappers use monotonic time
  • 265a99b Update JWT and other dependencies
  • d6d1dd9 Streaming parsing of WebSocket frames with limited memory allocations
  • e6057af [FIXED] Avoid parsing trace headers from HPUB payload
  • Additional commits viewable in compare view

Updates github.com/vektah/gqlparser/v2 from 2.2.0 to 2.5.15

Release notes

Sourced from github.com/vektah/gqlparser/v2's releases.

v2.5.15

What's Changed

Full Changelog: vektah/gqlparser@v2.5.14...v2.5.15

v2.5.14

What's Changed

Full Changelog: vektah/gqlparser@v2.5.13...v2.5.14

v2.5.13

What's Changed

New Contributors

Full Changelog: vektah/gqlparser@v2.5.12...v2.5.13

v2.5.12

What's Changed

New Contributors

Full Changelog: vektah/gqlparser@v2.5.11...v2.5.12

v2.5.11

What's Changed

New Contributors

... (truncated)

Commits
  • 55a3c47 Revert ParseSchema default token limit of 1500, add ParseSchemaWithLimit, Par...
  • 36a3658 Add ParseQueryWithLimit (#304)
  • d457fc0 Token limit fix CVE-2023-49559 (#291)
  • 6db1bd3 Bump braces from 3.0.2 to 3.0.3 in /validator/imported (#302)
  • 3900414 Bump the actions-deps group in /validator/imported with 7 updates (#301)
  • 7c770f6 Bump prettier in /validator/imported in the actions-deps group (#299)
  • 0ed4973 Bump the actions-deps group in /validator/imported with 6 updates (#298)
  • 00fd36f Bump the actions-deps group in /validator/imported with 8 updates (#297)
  • 9638a21 Bump github.com/stretchr/testify in the actions-deps group (#296)
  • 55ebe37 Add Dependabot.yml
  • Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.0.0-20210921155107-089bfa567519 to 0.49.0

Commits

Updates golang.org/x/sys from 0.0.0-20220114195835-da31bd327af9 to 0.42.0

Commits

Updates gopkg.in/yaml.v3 from 3.0.0-20200313102051-9f266ea9e77c to 3.0.1

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
build(deps): bump the go_modules group across 1 directory with 5 updates
e704d9b 
Bumps the go_modules group with 2 updates in the / directory: [github.com/nats-io/nats-server/v2](https://github.com/nats-io/nats-server) and [github.com/vektah/gqlparser/v2](https://github.com/vektah/gqlparser).


Updates `github.com/nats-io/nats-server/v2` from 2.6.1 to 2.11.15
- [Release notes](https://github.com/nats-io/nats-server/releases)
- [Changelog](https://github.com/nats-io/nats-server/blob/main/RELEASES.md)
- [Commits](nats-io/nats-server@v2.6.1...v2.11.15)

Updates `github.com/vektah/gqlparser/v2` from 2.2.0 to 2.5.15
- [Release notes](https://github.com/vektah/gqlparser/releases)
- [Commits](vektah/gqlparser@v2.2.0...v2.5.15)

Updates `golang.org/x/crypto` from 0.0.0-20210921155107-089bfa567519 to 0.49.0
- [Commits](https://github.com/golang/crypto/commits/v0.49.0)

Updates `golang.org/x/sys` from 0.0.0-20220114195835-da31bd327af9 to 0.42.0
- [Commits](https://github.com/golang/sys/commits/v0.42.0)

Updates `gopkg.in/yaml.v3` from 3.0.0-20200313102051-9f266ea9e77c to 3.0.1

---
updated-dependencies:
- dependency-name: github.com/nats-io/nats-server/v2
  dependency-version: 2.11.15
  dependency-type: direct:production
  dependency-group: go_modules
- dependency-name: github.com/vektah/gqlparser/v2
  dependency-version: 2.5.15
  dependency-type: direct:production
  dependency-group: go_modules
- dependency-name: golang.org/x/crypto
  dependency-version: 0.49.0
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: golang.org/x/sys
  dependency-version: 0.42.0
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: gopkg.in/yaml.v3
  dependency-version: 3.0.1
  dependency-type: indirect
  dependency-group: go_modules
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Apr 25, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants