build(deps): bump github.com/nats-io/nats-server/v2 from 2.1.0 to 2.7.4

[dependabot]

Bumps github.com/nats-io/nats-server/v2 from 2.1.0 to 2.7.4.

Release notes

Sourced from github.com/nats-io/nats-server/v2's releases.

Release v2.7.4

Changelog

Note about .deb/.rpm packages

We use Goreleaser to build our assets, and it seems that it changed the default install from /usr/local/bin to /usr/bin. See Goreleaser's change here. We are sorry for the inconvenience this may cause.

Go Version

• 1.17.8: Both release executables and Docker images are built with this Go release.

Improved

• JetStream:
  • Better startup logging to help debug RAFT log directories to streams/consumers (#2897)

Fixed

• JetStream:
  • The consumers count when getting stream information could be wrong in clustered mode (#2896)
  • Never used clustered and filtered consumers consume storage under $SYS. Thanks to @​nayanparegi and @​aksdb for the reports (#2899, #2914)
  • Stream not recovered on restart with "deleted message", "checksum" or "no message cache" errors (#2900)
  • Schema violations in the NATS CLI tool caused by large number overflow when "active" field for Sources and Mirrors was computed and there had been no contact yet (#2903)
  • Some Stream advisories were missing (#2887)
  • Inconsistent durable consumer state after stream peer removal (#2904)
  • Scaling up and down for streams and consumers (#2905)
  • Validate files' path when restoring stream from a snapshot/backup (CVE-2022-26652). Thanks to Yiming Xiang for the report (#2917)
• Monitoring:
  • Panic on non 64-bit platforms due to an unaligned 64-bit atomic operation. Thanks to @​mlorenz-tug for the report (#2915)
• LeafNode:
  • Queue subscription interest could be suppressed in complex situations causing messages to not flow from a LeafNode server to the rest of the (super)cluster (#2901)
• Fixed some lock inversions (#2911)

Complete Changes

nats-io/nats-server@v2.7.3...v2.7.4

Release v2.7.3

Changelog

Go Version

• 1.17.7: Both release executables and Docker images are built with this Go release.

Added

• JetStream:
  • Allow replica updates during stream update (#2867)
  • Allow stream placement by tags (#2871)

Updated

• Dependencies:

... (truncated)

Commits

• a86b84a Merge pull request #2918 from nats-io/release_2_7_4
• 773636c Release v2.7.4
• 818c2c7 Merge pull request #2917 from nats-io/file_path
• b412869 Ensure file path is correct during stream restore
• 0cb0f6d Merge pull request #2914 from nats-io/fix_2913
• 9a2da9e Adding denies $KV.>/$OBJ.> along leaf connections on differing domain (#2916)
• 5a97ee6 Merge pull request #2911 from nats-io/fix_lock_inversions
• 3538aea Merge pull request #2915 from nats-io/fix_atomic_unaligned
• 0fae806 [FIXED] Some lock inversions
• dde235a [FIXED] Panic when monitoring enabled on non 64bit architectures
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

> **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[gen2thomas]

@dependabot rebase

[codecov-commenter]

Codecov Report

Patch and project coverage have no change.

Comparison is base (0d53d37) 75.48% compared to head (0e6cba2) 75.48%.

❗ Your organization is not using the GitHub App Integration. As a result you may experience degraded service beginning May 15th. Please install the Github App Integration for your organization. Read more.

Additional details and impacted files

@@           Coverage Diff           @@
##              dev     #906   +/-   ##
=======================================
  Coverage   75.48%   75.48%           
=======================================
  Files          89       89           
  Lines        7197     7197           
=======================================
  Hits         5433     5433           
  Misses       1290     1290           
  Partials      474      474           

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.