chore(deps): bump github.com/nats-io/nats-server/v2 from 2.10.27 to 2.11.12

[dependabot]

Bumps github.com/nats-io/nats-server/v2 from 2.10.27 to 2.11.12.

Release notes

Sourced from github.com/nats-io/nats-server/v2's releases.

Release v2.11.12

Changelog

Refer to the 2.11 Upgrade Guide for backwards compatibility notes with 2.10.x.

Go Version

• 1.25.6 (#7736)

Dependencies

• github.com/nats-io/nkeys v0.4.12 (#7578)
• github.com/antithesishq/antithesis-sdk-go v0.5.0-default-no-op (#7604)
• github.com/klauspost/compress v1.18.3 (#7736)
• golang.org/x/crypto v0.47.0 (#7736)
• golang.org/x/sys v0.40.0 (#7736)
• github.com/google/go-tpm v0.9.8 (#7696)
• github.com/nats-io/nats.go v1.48.0 (#7696)

Added

General

• Added WebSocket-specific ping interval configuration with ping_internal in the websocket block (#7614)

Monitoring

• Added tls_cert_not_after to the varz monitoring endpoint for showing when TLS certificates are due to expire (#7709)

Improved

JetStream

• The scan for the last sourced message sequence when setting up a subject-filtered source is now considerably faster (#7553)
• Consumer interest checks on interest-based streams are now significantly faster when there are large gaps in interest (#7656)
• Creating consumer file stores no longer contends on the stream lock, improving consumer create performance on heavily loaded streams (#7700)
• Recalculating num pending with updated filter subjects no longer gathers and sorts the subject filter list twice (#7772)
• Switching to interest-based retention will now remove no-interest messages from the head of the stream (#7766)

MQTT

• Retained messages will now work correctly even when sourced from a different account and has a subject transform (#7636)

Fixed

General

• WebSocket connections will now correctly limit the buffer size during decompression (#7625, thanks to Pavel Kokout at Aisle Research)
• The config parser now correctly detects and errors on self-referencing environment variables (#7737)
• Internal functions for handling headers should no longer corrupt message bodies if appended (#7752)

... (truncated)

Commits

• 2d97cb7 Release v2.11.12
• ea9680a Cherry-picks for 2.11.12 (#7776)
• eb53e0d [IMPROVED] Remove no interest messages from head of stream
• dc0d365 [FIXED] Many concurrent checkInterestState goroutines
• 360db02 [FIXED] Interest stream desync after consumer filter update
• 74802ff [IMPROVED] Simplify recalculate pending with updated filter subject(s)
• 6f77800 Release v2.11.12-RC.7
• 134ebc2 Revert "Perform _writeFullState under read lock only"
• ddd1442 Release v2.11.12-RC.6
• 59b2eb8 Cherry-picks for 2.11.12-RC.6 (#7768)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[Copilot]

Pull request overview

This PR updates the github.com/nats-io/nats-server/v2 dependency from version 2.10.27 to 2.11.12, along with its transitive dependencies. This is a minor version bump that includes bug fixes, performance improvements, and security enhancements while maintaining backwards compatibility with the 2.10.x series according to the release notes.

Changes:

• Updated nats-server from v2.10.27 to v2.11.12
• Updated related NATS dependencies (jwt, nkeys, nats.go)
• Updated various golang.org/x packages and other transitive dependencies
• Added new indirect dependencies (antithesis-sdk-go, go-tpm)

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated no comments.

File	Description
go.mod	Updated direct and indirect dependency versions for nats-server and related packages
go.sum	Updated checksums for all new dependency versions

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.