Bump the all-deps group across 1 directory with 3 updates

[dependabot]

Bumps the all-deps group with 3 updates in the / directory: github.com/nats-io/nats-server/v2, github.com/nats-io/nats.go and golang.org/x/crypto.

Updates github.com/nats-io/nats-server/v2 from 2.12.6 to 2.12.7

Release notes

Sourced from github.com/nats-io/nats-server/v2's releases.

Release v2.12.7

Changelog

Refer to the 2.12 Upgrade Guide for backwards compatibility notes with 2.11.x.

Go Version

• 1.25.9 (#8017)

Dependencies

• github.com/nats-io/nats.go v1.50.0 (#8000)

CVEs

• TBD

Improved

JetStream

• Purging subjects from a stream now only loads filestore blocks within the range of where those subjects appear (#8004)
• Multi-filtered load next or previous message code paths now correctly identify single subject filters or full wildcards and switch to optimized paths (#8012, 8013)
• The max_mem_store and max_file_store configuration options can now be increased (but not decreased) via config reload (#8014)

Fixed

General

• no_auth_user is now restricted to client connections only
• Overlapping wildcard patterns in ACL deny patterns are now enforced correctly
• Queue subscriptions can no longer incorrectly bypass non-queue ACL deny patterns

Leafnodes

• Pre-CONNECT guard improvements for leafnode connections, fixing a potential panic
• ACL permissions are now correctly enforced for inbound leaf messages in all cases
• Duplicate INFO permissions updates are now only accepted for solicited leaf connections
• The max_payload limit is now correctly enforced for leafnode connections
• A panic on leafnode connect when failing to resolve an account has been fixed (#7991)

JetStream

• Consumer max_ack_pending should no longer become stuck due to deleted messages being left in the consumer pending state (#7984)
• When scaling up a stream and adding subjects at the same time, the new subject filters are now correctly subscribed (#8003)
• Filestore caches are no longer expired and evicted from memory too eagerly after a recent write (#8009)
• Stream leaders can catch up from a snapshot if required (#8021)

MQTT

... (truncated)

Commits

• b4ce0f9 Release v2.12.7
• 195b07a Fix fast-path no_auth_user for WebSockets where WS-specific account configured
• 213391e [FIXED] Stream leader can catchup from snapshot if required
• e0b0bda Release v2.12.7-RC.3
• d2c6139 Cherry-picks for 2.12.7-RC.3 (#79)
• 97a3f84 Update to Go 1.25.9
• a824f30 [IMPROVED] Allow reloading increased max memory and store
• 56548be LoadNextMsgMulti and LoadPrevMsgMulti use fast path for single filter
• b1776c6 Add MatchesSingleFilter to generic sublist
• 807d653 Complete filtered LoadPrevMsg implementation
• Additional commits viewable in compare view

Updates github.com/nats-io/nats.go from 1.50.0 to 1.51.0

Release notes

Sourced from github.com/nats-io/nats.go's releases.

Release v1.51.0

Changelog

ADDED

• Core NATS:
  • Option to customize write buffer size (#2057)
  • Option to automatically reconnect on write error (#2055)
  • Accessors for JetStream API level and IsSysAccount from ServerInfo (#2060)

FIXED

• Core NATS:
  • Make websocket frame validation more robust (#2050)
• JetStream:
  • Fix deadlock in Consume() when calling Stop/Drain from ConsumeErrHandler (#2059)

IMPROVED

• Fix typos in tests. Thanks @​deining for the contribution (#2049)
• Fix deprecation warnings by bumping GH actions to their latest versions. Thanks @​deining for the contibution (#2048)
• Code linting: remove functions min and max. Thanks @​deining for the contribution (#2047)

Complete Changes

nats-io/nats.go@v1.50.0...v1.51.0

Commits

• 17b6fd1 Release v1.51.0 (#2061)
• b6d0226 [ADDED] Accessors for JS API level and IsSysAccount (#2060)
• 7a2bb4a [IMPROVED] Code linting: remove functions min and max (#2047)
• 0099a32 [IMPROVED] Fix deprecation warnings by bumping GH actions to their latest ver...
• e23b40d [FIXED] Deadlock in Consume() whe calling Stop/Drain from ConsumeErrHandler (...
• 1250dd6 [ADDED] Automatic reconnect on write error option (#2055)
• e4a8c79 [ADDED] Option to customize write buffer size (#2057)
• 9a88c4c Update Claude workflow permissions to contents:read and actions:read (#2056)
• f945cd9 [IMPROVED] Fix typos (#2049)
• 4bba571 [FIXED] Make websocket frame validation more robust (#2050)
• See full diff in compare view

Updates golang.org/x/crypto from 0.49.0 to 0.50.0

Commits

• 03ca0dc go.mod: update golang.org/x dependencies
• 8400f4a ssh: respect signer's algorithm preference in pickSignatureAlgorithm
• 81c6cb3 ssh: swap cbcMinPaddingSize to cbcMinPacketSize to get encLength
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions