Bump the all-deps group across 1 directory with 3 updates

[dependabot]

Bumps the all-deps group with 3 updates in the / directory: github.com/nats-io/nats-server/v2, github.com/nats-io/nkeys and github.com/spf13/cobra.

Updates github.com/nats-io/nats-server/v2 from 2.12.1 to 2.12.2

Release notes

Sourced from github.com/nats-io/nats-server/v2's releases.

Release v2.12.2

Changelog

Refer to the 2.12 Upgrade Guide for backwards compatibility notes with 2.11.x.

Go Version

• 1.25.4 (#7520)

Dependencies

• github.com/klauspost/compress v1.18.1 (#7474)
• github.com/nats-io/nats.go v1.47.0 (#7474)
• golang.org/x/sys v0.38.0 (#7538)
• github.com/minio/highwayhash 070ab1a (#7539)

Added

General

• Support for the PROXY protocol (v1 and v2) for client connections, when proxy_protocol: true is set in the config (#7456)

JetStream

• Added meta_compact and meta_compact_size, advanced JetStream config options to control how many log entries must be present in the metalayer log before snapshotting and compaction takes place (#7484, #7521)
• Added write_timeout option for clients, routes, gateways and leafnodes which controls the behaviour on reaching the write_deadline, values can be default, retry or close (#7513)

Monitoring

• Added expvar /debug/vars endpoint to the monitoring port (#7469)
• Meta cluster snapshot statistics have been added to the /jsz endpoint (#7524)
• The /jsz endpoint can now show direct consumers with the direct-consumers?true flag (#7543)

Improved

General

• Binary stream snapshots are now preferred by default for nodes on new route connections (#7479)
• Reduced allocations in the sublist and subject transforms (#7519)

JetStream

• Improved the logging for observer mode (#7433)
• Improve interest detection when consumers are created or deleted across different servers (#7440)
• Improved the performance of enforcing max_bytes and max_msgs limits (#7455)
• Streams and consumers will no longer unnecessarily snapshot when being removed or scaling down (#7495)
• Streams are now loaded in parallel when enabling JetStream, often reducing the time it takes to start up the server (#7482, #7526)
• Log lines and errors related to offline/unsupported assets are now clearer (#7416, #7425)
• Stream catchups will now use delete ranges more aggressively, speeding up catchups of large streams with many interior deletes (#7512)
• Streams with subject transforms can now implicitly republish based on those transforms by configuring > for both republish source and destination (#7515)

... (truncated)

Commits

• 9831cbc Release v2.12.2
• e3586a0 Cherry-picks for v2.12.2 (#7547)
• 58f1e66 Fix deadlock on stream purge when consumer store returns error
• 9dd65fb Release v2.12.2-RC.4
• d7a1919 Cherry-picks for v2.12.2-RC.4 (#7542)
• dec1ef4 Accept both proxied and non-proxied client connections when enabled
• 03058c7 Add opt-in support for the PROXY protocol
• 79d3474 De-flake TestMonitorJsz
• 57199cc Add direct-consumers flag to jsz monitoring endpoint
• f28c366 Use concrete highwayhash Digest64 instead of hash interface
• Additional commits viewable in compare view

Updates github.com/nats-io/nkeys from 0.4.11 to 0.4.12

Release notes

Sourced from github.com/nats-io/nkeys's releases.

v0.4.12

What's Changed

• Add 'go mod tidy' to release workflow integrity checks by @​aricart in nats-io/nkeys#75
• fix(deps): update golang.org/x/crypto to v0.45.0 by @​ktarplee in nats-io/nkeys#79

New Contributors

• @​ktarplee made their first contribution in nats-io/nkeys#79

Full Changelog: nats-io/nkeys@v0.4.11...v0.4.12

Commits

• 604f47c Merge pull request #79 from ktarplee/update-crypto
• 927ba12 fix: go mod tidy
• e021ce1 fix(deps): update golang.org/x/crypto to v0.45.0
• 559710b Merge pull request #75 from nats-io/fix-releaser
• f145a56 Update .github/workflows/release.yaml
• 2e4c02c Add 'go mod tidy' to release workflow integrity checks
• See full diff in compare view

Updates github.com/spf13/cobra from 1.10.1 to 1.10.2

Release notes

Sourced from github.com/spf13/cobra's releases.

v1.10.2

🔧 Dependencies

• chore: Migrate from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 by @​dims in spf13/cobra#2336 - the gopkg.in/yaml.v3 package has been deprecated for some time: this should significantly cleanup dependency/supply-chains for consumers of spf13/cobra

📈 CI/CD

• Fix linter and allow CI to pass by @​marckhouzam in spf13/cobra#2327
• fix: actions/setup-go v6 by @​jpmcb in spf13/cobra#2337

🔥✍🏼 Docs

• Add documentation for repeated flags functionality by @​rvergis in spf13/cobra#2316

🍂 Refactors

• refactor: replace several vars with consts by @​htoyoda18 in spf13/cobra#2328
• refactor: change minUsagePadding from var to const by @​ssam18 in spf13/cobra#2325

🤗 New Contributors

• @​rvergis made their first contribution in spf13/cobra#2316
• @​htoyoda18 made their first contribution in spf13/cobra#2328
• @​ssam18 made their first contribution in spf13/cobra#2325
• @​dims made their first contribution in spf13/cobra#2336

Full Changelog: spf13/cobra@v1.10.1...v1.10.2

Thank you to our amazing contributors!!!!! 🐍 🚀

Commits

• 88b30ab chore: Migrate from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 (#2336)
• 346d408 fix: actions/setup-go v6 (#2337)
• fc81d20 refactor: change minUsagePadding from var to const (#2325)
• 117698a refactor: replace several vars with consts (#2328)
• e2dd29d Add documentation for repeated flags functionality (#2316)
• 0629892 Fix linter (#2327)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions