build(deps): bump github.com/nats-io/nats-server/v2 from 2.10.9 to 2.10.14

[dependabot]

Bumps github.com/nats-io/nats-server/v2 from 2.10.9 to 2.10.14.

Release notes

Sourced from github.com/nats-io/nats-server/v2's releases.

Release v2.10.14

Changelog

(Note there was no 2.10.13 version 🙂)

Refer to the 2.10 Upgrade Guide for backwards compatibility notes with 2.9.x.

Go Version

• 1.21.9 (#5300)

Dependencies

• github.com/nats-io/nats.go v1.34.1 (#5271)
• golang.org/x/crypto v0.22.0 (#5283)

Improved

Auth

• Improve clone behavior to prevent unintended references (#5246) Thanks to Trail Of Bits for the report!
• Apply constant-time evaluation of non-bcrypt passwords (#5247) Thanks to Trail Of Bits for the report!

JetStream

• Reduce lock contention when looking up stream metadata (#5223)
• Optimize matching a subject when applying per subject message limits (#5228)
• Optimize waiting queue for pull consumers to reduce excessive memory and GC pressure (#5233)
• Improve error handling in filestore to prevent duplicate nonces being used and ignored errors (#5248) Thanks to Trail Of Bits for the report!
• Improve interest and workqueue state tracking to prevent stranded messages during concurrent consumer acks and stream deletes (#5270)
• Introduce store method to push down and optimize multi-filter subject matching used by consumers (#5274) Thanks to @​svenfoo for the report!
• Various improvements and fixes for clustered interest-based streams and associated consumers (#5287)
• Return errors and/or adding logging for rare filestore conditions (#5298)
• When explicitly syncing to the filesystem, hold the message block lock to prevent possible downstream corruption (#5301, #5303)

Fixed

OS

• Fix for race checkptr panic on macOS/Darwin on Go 1.22 (#5265)

Connections

• Address possible memory leak due to connections not be released (#5244) Thanks to @​davidzhao for the report!

JetStream

• Fix incorrect subject overlapping checks that could lead to multiple consumers or streams bound to the same subjects (#5224)
• Improve situations that could result in orphan messages in streams (#5227)
• Protect against corrupt message block when doing indexing (#5238) Thanks to @​kylemcc for the report!
• Fix consumer config check of max deliver when backoff is set (#5242)
• Ignore Nats-Expected-* headers from source stream (#5256) Thanks to @​ramonberrutti for the report and contribution!
• Add missing check that could result an extended purge or compact to fail in memory-based streams (#5264)
• Fix issue that could result in skipping valid messages when loading them from the filestore (#5266)
• Use cluster-scoped lock when processing a leader change (#5267)
• Fix missing unlocks in filestore and streams in certain error conditions (#5276) Thanks to Trail Of Bits for the report!
• Ensure lock is held for the duration of a filestore truncate (#5279)

... (truncated)

Commits

• 31af767 Release v2.10.14 (#5307)
• fb960ff Build v2.10.14 release with Go 1.21 (#5306)
• 8e5b7f9 Build release with Go 1.21
• fdbc9c3 Cherry-pick PRs for v2.10.14-RC.7 (#5304)
• 729706a [FIXED] Multiple deliveries of messages with delivery count going backwards. ...
• ee6ec93 Also hold fs lock while sync call to index.db
• c9ba679 Bump to 2.10.14-RC.6
• 69b8c81 Cherry-pick PRs for v2.10.14-RC.6 (#5302)
• c0068cc Hold the lock for a msg block while calling sync.
• 63d2d71 Bump Go 1.22.2 and Go 1.21.9
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)