chore(deps): bump github.com/nats-io/nats-server/v2 from 2.12.7 to 2.14.0

[dependabot]

Bumps github.com/nats-io/nats-server/v2 from 2.12.7 to 2.14.0.

Release notes

Sourced from github.com/nats-io/nats-server/v2's releases.

Release v2.14.0

Changelog

Refer to the 2.14 Upgrade Guide for backwards compatibility notes with 2.12.x. Please note that the 2.13.x version was skipped.

Go Version

• 1.26.2

Added

General

• Feature flags in the server configuration (#7866)
  • ADR: https://github.com/nats-io/nats-architecture-and-design/blob/main/adr/ADR-53.md

JetStream

• Fast-ingest batch publishing (#7778, #7892, #7894, #7945)
  • Allows high-speed publishing of message batches into the server when using a supported client
  • ADR: https://github.com/nats-io/nats-architecture-and-design/blob/main/adr/ADR-50.md#fast-ingest-batch-publishing
• Repeating & cron-based message schedules (#7504, #7687, #7688)
  • The Nats-Schedule header can now be configured on a repeating basis, i.e. @every 5m, @hourly or using crontab-like syntax
  • ADR: https://github.com/nats-io/nats-architecture-and-design/blob/main/adr/ADR-51.md
• Scheduled subject sampling (#7506)
  • The Nats-Schedule-Source header allows sampling the contents of the last message in the stream for a given subject, allowing sampling of values at a different rate to the original publisher
  • ADR: https://github.com/nats-io/nats-architecture-and-design/blob/main/adr/ADR-51.md#subject-sampling
• Scheduled subject rollups (#7559)
  • The Nats-Schedule-Rollup header allows initiating a rollup of the Nats-Schedule-Target subject on a scheduled basis
  • ADR: https://github.com/nats-io/nats-architecture-and-design/blob/main/adr/ADR-51.md
• Consumer reset API (#7489)
  • It is now possible to reset a consumer back to an earlier sequence number using the $JS.API.CONSUMER.RESET.stream.consumer API without deleting and recreating it
  • ADR: https://github.com/nats-io/nats-architecture-and-design/blob/main/adr/ADR-60.md#consumer-delivery-state-reset-api
• Domain-aware ack and flow control subjects (#7860)
  • This is disabled by default and can be enabled with the js_ack_fc_v2 feature flag, this will be enabled by default in v2.15
  • In an environment where ACLs are used to control ack or flow control subjects, updates will be required to match the new $JS.ACK.domain.acchash.stream.consumer.> and $JS.FC.domain.acchash.stream.consumer.> subject formats
• Asynchronous stream state snapshots for replicated streams (#7876)
  • Allows stream state snapshots to be taken and written without pausing stream processing, improving tail latencies
  • This is particularly impactful in cases where the stream has a large number of interior deletes
• Ability to disable message deduplication when sourcing (#7651)

Leafnodes

• Leafnode remote configurations can now be added and removed at runtime by reloading the configuration (#7937)
• New ignore_discovered_servers option for leafnode remotes to allow ignoring any leafnode URLs sent by the hub (#8067)

Changed

General

... (truncated)

Changelog

Sourced from github.com/nats-io/nats-server/v2's changelog.

Release Workflow

• As of NATS 2.11, the server follows a 6-month release cycle. 2.11 was released in March 2025.
• Version tagging follows semantic versioning with security fixes clearly marked.
• The main branch is for active development of features and bug fixes. Release branches are created for preparing patch releases. Releases are tagged with semantic versions
• The current and previous minor series are supported in terms of bug fixes and security patches.
• Binaries are released via GitHub Releases and Docker images are available as an official image.
• Preview releases for the next minor version, e.g. 2.14.0, become available once feature development is complete.
• Tagged releases as well as nightly Docker images of main (for testing) are available in the synadia/nats-server Docker repository.

Commits

• 0cbd01c Release v2.14.0
• 5a8c9cd NRG: tighten append entry length decoding bounds (#8092)
• 0f259ff Add tzdata to nightly Docker image (#8091)
• aed7baa Add extra test for payload corruption via headers (#8088)
• efa4688 [FIXED] Double-encoded reply subject in $JS.ACK routing (#8089)
• e78bbf1 Fix sign-offs check
• 295d052 Add tzdata to nightly Docker image
• b8af430 NRG: tighten append entry length decoding bounds
• efbc1d7 Add extra test for payload corruption via headers
• 9b2eb66 [FIXED] Double-encoded reply subject in $JS.ACK routing
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[qltysh]

Coverage Impact

⬆️ Merging this pull request will increase total coverage on master by 0.02%.

🚦 See full report on Qlty Cloud »

🛟 Help

• Diff Coverage: Coverage for added or modified lines of code (excludes deleted files). Learn more.

• Total Coverage: Coverage for the whole repository, calculated as the sum of all File Coverage. Learn more.

• File Coverage: Covered Lines divided by Covered Lines plus Missed Lines. (Excludes non-executable lines including blank lines and comments.)

  • Indirect Changes: Changes to File Coverage for files that were not modified in this PR. Learn more.