fix(deps): update module github.com/nats-io/nats-server/v2 to v2.10.4…

… [security] (#173)

[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
|
[github.com/nats-io/nats-server/v2](https://togithub.com/nats-io/nats-server)
| `v2.10.1` -> `v2.10.4` |
[![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fnats-io%2fnats-server%2fv2/v2.10.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/github.com%2fnats-io%2fnats-server%2fv2/v2.10.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/github.com%2fnats-io%2fnats-server%2fv2/v2.10.1/v2.10.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fnats-io%2fnats-server%2fv2/v2.10.1/v2.10.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

### GitHub Vulnerability Alerts

####
[CVE-2023-47090](https://togithub.com/nats-io/nats-server/security/advisories/GHSA-fr2g-9hjm-wr23)

## Background

NATS.io is a high performance open source pub-sub distributed
communication technology, built for the cloud, on-premise, IoT, and edge
computing.

NATS users exist within accounts, and once using accounts, the old
authorization block is not applicable.

## Problem Description

Without any authorization rules in the nats-server, users can connect
without authentication.

Before nats-server 2.2.0, all authentication and authorization rules for
a nats-server lived in an "authorization" block, defining users. With
nats-server 2.2.0 all users live inside accounts. When using the
authorization block, whose syntax predates this, those users will be
placed into the implicit global account, "$G". Users inside accounts go
into the newer "accounts" block.

If an "accounts" block is defined, in simple deployment scenarios this
is often used only to enable client access to the system account. When
the only account added is the system account "$SYS", the nats-server
would create an implicit user in "$G" and set it as the `no_auth_user`
account, enabling the same "without authentication" logic as without any
rules.

This preserved the ability to connect simply, and then add one
authenticated login for system access.

But with an "authorization" block, this is wrong. Users exist in the
global account, with login rules. And in simple testing, they might
still connect fine without administrators seeing that authentication has
been disabled.

The blind-spot on our part came from encouraging and documenting a
switch to using only "accounts", instead of "authorization".

In the fixed versions, using an "authorization" block will inhibit the
implicit creation of a "$G" user and setting it as the `no_auth_user`
target. In unfixed versions, just creating a second account, with no
users, will also inhibit this behavior.

## Affected versions

NATS Server:
 * 2.2.0 up to and including 2.9.22 and 2.10.1
 * Fixed with nats-io/nats-server: 2.10.2 and backported to 2.9.23

## Workarounds

In the "accounts" block, define a second non-system account, leave it
empty.

    accounts {
        SYS: {
            users: [
                { user: sysuser, password: makemeasandwich }
            ]
        }
        DUMMY: {}  # for security, before 2.10.2
    }
    system_account: SYS

## Solution

Any one of these:

 1. Upgrade the NATS server to at least 2.10.2 (or 2.9.23)
 2. Or define a dummy account
3. Or complete the migration of authorization entries to be inside a
named account in the "accounts" block

## Credits

Problem reported by Alex Herrington.  
Addressed publicly in a GitHub Discussion prior to this advisory.

####
[CVE-2023-46129](https://togithub.com/nats-io/nkeys/security/advisories/GHSA-mr45-rx8q-wcm9)

## Background

NATS.io is a high performance open source pub-sub distributed
communication technology, built for the cloud, on-premise, IoT, and edge
computing.

The cryptographic key handling library, nkeys, recently gained support
for encryption, not just for signing/authentication. This is used in
nats-server 2.10 (Sep 2023) and newer for authentication callouts.

## Problem Description

The nkeys library's "xkeys" encryption handling logic mistakenly passed
an array by value into an internal function, where the function mutated
that buffer to populate the encryption key to use. As a result, all
encryption was actually to an all-zeros key.

This affects encryption only, not signing.  
FIXME: FILL IN IMPACT ON NATS-SERVER AUTH CALLOUT SECURITY.

## Affected versions

nkeys Go library:
 * 0.4.0 up to and including 0.4.5
 * Fixed with nats-io/nkeys: 0.4.6

NATS Server:
 * 2.10.0 up to and including 2.10.3
 * Fixed with nats-io/nats-server: 2.10.4

## Solution

Upgrade the nats-server.  
For any application handling auth callouts in Go, if using the nkeys
library, update the dependency, recompile and deploy that in lockstep.

## Credits

Problem reported by Quentin Matillat (GitHub @​tinou98).

---

### Release Notes

<details>
<summary>nats-io/nats-server
(github.com/nats-io/nats-server/v2)</summary>

###
[`v2.10.4`](https://togithub.com/nats-io/nats-server/releases/tag/v2.10.4)

[Compare
Source](https://togithub.com/nats-io/nats-server/compare/v2.10.3...v2.10.4)

#### Changelog

Refer to the [2.10 Upgrade
Guide](https://docs.nats.io/release-notes/whats_new/whats_new\_210) for
backwards compatibility notes with 2.9.x.

##### CVEs

- [CVE-2023-46129](https://advisories.nats.io/CVE/secnote-2023-02.txt) -
nkeys: xkeys seal encryption used fixed key for all encryption

##### Go Version

-   1.21.3

##### Dependencies

-   github.com/nats-io/nats.go v1.31.0
-   github.com/nats-io/nkeys v0.4.6
-   github.com/klauspost/compress v1.17.2
-   golang.org/x/crypto v0.14.0
-   golang.org/x/sys v0.13.0

##### Added

JetStream

- Report Raft group name in stream and consumer info responses
([#&#8203;4661](https://togithub.com/nats-io/nats-server/issues/4661))

MQTT

- Add config options to disable QoS 2 support
([#&#8203;4705](https://togithub.com/nats-io/nats-server/issues/4705))

TLS

- Add opt-in TLS handshake first for client connections
([#&#8203;4642](https://togithub.com/nats-io/nats-server/issues/4642))

##### Improved

Dependencies

- Remove unnecessary constraints dependency for `ordered` constraint
([#&#8203;4709](https://togithub.com/nats-io/nats-server/issues/4709))
Thanks to
[@&#8203;misterpickypants](https://togithub.com/misterpickypants) for
the contribution!

JetStream

- Add internal pprof labels as metadata to the stream config for
improved debuggability
([#&#8203;4662](https://togithub.com/nats-io/nats-server/issues/4662))
- Stricter management of Raft state, which should improve recovery from
a leaderless state
([#&#8203;4684](https://togithub.com/nats-io/nats-server/issues/4684))
- Avoid unnecessary reallocations when writing the full filestore state
to disk
([#&#8203;4687](https://togithub.com/nats-io/nats-server/issues/4687))
- Improve recovery of blocks that are being updated midway
([#&#8203;4692](https://togithub.com/nats-io/nats-server/issues/4692))
- Recycle filestore buffers on rebuild and write out full state prior to
snapshotting
([#&#8203;4699](https://togithub.com/nats-io/nats-server/issues/4699))
- Extend AckTerm advisory event to support a *reason*
([#&#8203;4697](https://togithub.com/nats-io/nats-server/issues/4697))
- Improve time to select skip list and starting sequence number for
deliver last by subject
([#&#8203;4712](https://togithub.com/nats-io/nats-server/issues/4712),
[#&#8203;4713](https://togithub.com/nats-io/nats-server/issues/4713))
Thanks to [@&#8203;StanEgo](https://togithub.com/StanEgo) for the
report!
- Optimize loading messages on last by subject if max messages per
subject is one
([#&#8203;4714](https://togithub.com/nats-io/nats-server/issues/4714))

MQTT

- No longer require a server name to be set for a standalone server
([#&#8203;4679](https://togithub.com/nats-io/nats-server/issues/4679))

Routes

- Remove unnecessary account lookups for pinned accounts
([#&#8203;4686](https://togithub.com/nats-io/nats-server/issues/4686))
- Upgrade non-solicited routes if present in config
([#&#8203;4701](https://togithub.com/nats-io/nats-server/issues/4701),
[#&#8203;4708](https://togithub.com/nats-io/nats-server/issues/4708))

Systemd

- Use correct network target to prevent host-dependent race conditions
when establishing external connections
([#&#8203;4676](https://togithub.com/nats-io/nats-server/issues/4676))

##### Fixed

Configuration

- Fix possible panic during configuration reload during a server
shutdown
([#&#8203;4666](https://togithub.com/nats-io/nats-server/issues/4666))

Exports/imports

- Prevent service import from duplicating MSG as HMSG with a remapped
subject
([#&#8203;4678](https://togithub.com/nats-io/nats-server/issues/4678))
Thanks to [@&#8203;izwerg](https://togithub.com/izwerg) for the report!

JetStream

- Fix panic if store error occurs when requesting consumer info
([#&#8203;4669](https://togithub.com/nats-io/nats-server/issues/4669))
- Fix incorrect calculation of num pending with a filtered subject
([#&#8203;4693](https://togithub.com/nats-io/nats-server/issues/4693))
Thanks to [@&#8203;a-h](https://togithub.com/a-h) for the report!
- Prevent purge of entire stream when targeting a sequence of `1`
([#&#8203;4698](https://togithub.com/nats-io/nats-server/issues/4698))
Thanks to [@&#8203;john-bagatta](https://togithub.com/john-bagatta) for
the report!
- Ensure there is a valid messages queue prior to processing within a
mirror
([#&#8203;4700](https://togithub.com/nats-io/nats-server/issues/4700))
- Avoid concurrent consumer setLeader calls resulting in chance of
multiple leaders
([#&#8203;4703](https://togithub.com/nats-io/nats-server/issues/4703))

MQTT

- Fix memory leak for retained messages
([#&#8203;4665](https://togithub.com/nats-io/nats-server/issues/4665))
Thanks to
[@&#8203;pricelessrabbit](https://togithub.com/pricelessrabbit) for the
contribution!

Windows

- Ensure signal handler is stopped when shutting down on Windows to
prevent goroutine leak
([#&#8203;4690](https://togithub.com/nats-io/nats-server/issues/4690))

##### Complete Changes

###
[`v2.10.3`](https://togithub.com/nats-io/nats-server/releases/tag/v2.10.3)

[Compare
Source](https://togithub.com/nats-io/nats-server/compare/v2.10.2...v2.10.3)

#### Changelog

Refer to the [2.10 Upgrade
Guide](https://docs.nats.io/release-notes/whats_new/whats_new\_210) for
backwards compatibility notes with 2.9.x.

##### Go Version

-   1.21.3

##### Fixed

JetStream

- Reclaim more space with streams having many interior deletes during
compaction with compression enabled
([#&#8203;4645](https://togithub.com/nats-io/nats-server/issues/4645))
- Fixed updating a non unique consumer on workqueue stream not returning
an error. Thanks to [@&#8203;mdawar](https://togithub.com/mdawar) for
the contribution
([#&#8203;4654](https://togithub.com/nats-io/nats-server/issues/4654))
- Stream / KV lookups fail after decreasing history size
([#&#8203;4656](https://togithub.com/nats-io/nats-server/issues/4656))
- Only mark fs as dirty vs full write on mb compaction
([#&#8203;4657](https://togithub.com/nats-io/nats-server/issues/4657))

MQTT

- Fix crash in MQTT layer with outgoing PUBREL header
([#&#8203;4646](https://togithub.com/nats-io/nats-server/issues/4646))

##### Complete Changes

###
[`v2.10.2`](https://togithub.com/nats-io/nats-server/releases/tag/v2.10.2)

[Compare
Source](https://togithub.com/nats-io/nats-server/compare/v2.10.1...v2.10.2)

#### Changelog

##### Downgrade compatibility note

2.10.x brings on-disk storage changes which bring significant
performance improvements. Upgrade existing server versions will handle
the new storage format transparently. However, if a downgrade from
2.10.x occurs, the old version will not understand the format on disk
with the exception 2.9.22 and any subsequent patch releases for 2.9. So
if you upgrade from 2.9.x to 2.10.0 and then need to downgrade for some
reason, it must be back to 2.9.22+ to ensure the stream data can be read
correctly.

##### Go Version

-   1.21.2

##### Dependencies

-   github.com/nats-io/nats.go v1.30.2

##### Added

Profiling

- Add `prof_block_rate` config option for configuring the block profile
([#&#8203;4587](https://togithub.com/nats-io/nats-server/issues/4587))
- Add more pprof labels to consumers, sources, and mirrors
([#&#8203;4609](https://togithub.com/nats-io/nats-server/issues/4609))

##### Improved

Core

- Reduce contention when pattern matching subjects when the sublist
cache is disabled
([#&#8203;4586](https://togithub.com/nats-io/nats-server/issues/4586))
- Various service import reply optimizations
([#&#8203;4591](https://togithub.com/nats-io/nats-server/issues/4591))
- Remove unnecessary lock on subscription list if cache is disabled
([#&#8203;4594](https://togithub.com/nats-io/nats-server/issues/4594))

Docs

- Fix links in various repo markdown files
([#&#8203;4590](https://togithub.com/nats-io/nats-server/issues/4590))
Thanks to [@&#8203;jdhenke](https://togithub.com/jdhenke) for the
contribution!

Leafnodes

- Set S2 writer concurrency to 1 rather than the default of GOMAXPROCS
to improve performance
([#&#8203;4570](https://togithub.com/nats-io/nats-server/issues/4570))

JetStream

- Make install snapshot errors rate limited when catching up
([#&#8203;4574](https://togithub.com/nats-io/nats-server/issues/4574))
- Log a warning on reset if bad stream state is detected
([#&#8203;4583](https://togithub.com/nats-io/nats-server/issues/4583))
- Change some contended locks to atomic swap operations
([#&#8203;4585](https://togithub.com/nats-io/nats-server/issues/4585))
- Log a warning if filestore recovery fails on the happy path
([#&#8203;4599](https://togithub.com/nats-io/nats-server/issues/4599))
- Ensure concurrent stream of the same stream does not return not found
([#&#8203;4600](https://togithub.com/nats-io/nats-server/issues/4600))
- Add additional markers for indicating unflushed state
([#&#8203;4601](https://togithub.com/nats-io/nats-server/issues/4601))
- Log a warning when subject skew is detected in the filestore
([#&#8203;4606](https://togithub.com/nats-io/nats-server/issues/4606))
- Reduce contention for a high number of connections in JetStream
enabled account
([#&#8203;4613](https://togithub.com/nats-io/nats-server/issues/4613))
- Reduce contention in the consumer info API
([#&#8203;4615](https://togithub.com/nats-io/nats-server/issues/4615))
- Reduce contention and increase throughput of replica synchronization
([#&#8203;4621](https://togithub.com/nats-io/nats-server/issues/4621))

Systemd

- Update systemd scripts to use SIGUSR2 (lame duck model) for shutdown
([#&#8203;4603](https://togithub.com/nats-io/nats-server/issues/4603))

WebSocket

- Minimize memory growth for compressed WebSocket connections
([#&#8203;4620](https://togithub.com/nats-io/nats-server/issues/4620))
- Significantly reduce allocations in WebSocket interface
([#&#8203;4623](https://togithub.com/nats-io/nats-server/issues/4623))

##### Fixed

Accounts

- Fix inversion of lock on startup when setting up the account resolver
([#&#8203;4588](https://togithub.com/nats-io/nats-server/issues/4588))
- Prevent bypassing authorization block when enabling system account
access in accounts block
([#&#8203;4605](https://togithub.com/nats-io/nats-server/issues/4605))
Thanks to [@&#8203;alexherington](https://togithub.com/alexherington)
for the report!

Leafnodes

- Prevent a leafnode cluster from receiving a message multiple times in
a queue subscription
([#&#8203;4578](https://togithub.com/nats-io/nats-server/issues/4578))
Thanks to [@&#8203;pcsegal](https://togithub.com/pcsegal) for the
report!

JetStream

- Fix possible panic due to message block unlock occurring prematurely
([#&#8203;4571](https://togithub.com/nats-io/nats-server/issues/4571))
- Guard against an accounting error resulting in a negative message
count
([#&#8203;4575](https://togithub.com/nats-io/nats-server/issues/4575))
- Skip enabling direct gets if no commits
([#&#8203;4576](https://togithub.com/nats-io/nats-server/issues/4576))
- In lame duck mode, shutdown JetStream at the start to signal transfer
of leadership if the leader
([#&#8203;4579](https://togithub.com/nats-io/nats-server/issues/4579))
- Fix possible stream assignment race condition
([#&#8203;4589](https://togithub.com/nats-io/nats-server/issues/4589))
- Fix race condition during leader failover scenarios resulting in
potential duplicate messages being sourced
([#&#8203;4592](https://togithub.com/nats-io/nats-server/issues/4592))
- Respond with “not found” for consumer info if consumer is closed
([#&#8203;4610](https://togithub.com/nats-io/nats-server/issues/4610))
- Prevent processing of consumer assignments after JetStream shutdown
occurs
([#&#8203;4625](https://togithub.com/nats-io/nats-server/issues/4625))
- Fix possibly lookup misses when MaxMsgsPerSubject=1 leading to excess
messages in stream
([#&#8203;4631](https://togithub.com/nats-io/nats-server/issues/4631))

MQTT

- Fix PUBREL header incompatibility
([#&#8203;4616](https://togithub.com/nats-io/nats-server/issues/4616))

Routes

- Fix potential of pinned accounts not establishing a route on connect
([#&#8203;4602](https://togithub.com/nats-io/nats-server/issues/4602))

##### Complete Changes

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no
schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/infratographer/x).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xOS4yIiwidXBkYXRlZEluVmVyIjoiMzcuMjAwLjAiLCJ0YXJnZXRCcmFuY2giOiJtYWluIn0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

go.mod

@@ -22,8 +22,8 @@ require (
 	github.com/labstack/echo/v4 v4.11.2
 	github.com/labstack/gommon v0.4.0
 	github.com/lib/pq v1.10.9
-	github.com/nats-io/nats-server/v2 v2.10.1
-	github.com/nats-io/nats.go v1.30.2
+	github.com/nats-io/nats-server/v2 v2.10.4
+	github.com/nats-io/nats.go v1.31.0
 	github.com/pressly/goose/v3 v3.15.0
 	github.com/spf13/cobra v1.7.0
 	github.com/spf13/pflag v1.0.5
@@ -74,7 +74,7 @@ require (
 	github.com/golang-jwt/jwt v3.2.2+incompatible // indirect
 	github.com/google/go-cmp v0.5.9 // indirect
 	github.com/hashicorp/hcl/v2 v2.13.0 // indirect
-	github.com/klauspost/compress v1.17.0 // indirect
+	github.com/klauspost/compress v1.17.2 // indirect
 	github.com/klauspost/cpuid/v2 v2.2.5 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/minio/highwayhash v1.0.2 // indirect
@@ -84,7 +84,7 @@ require (
 	github.com/moby/term v0.5.0 // indirect
 	github.com/morikuni/aec v1.0.0 // indirect
 	github.com/nats-io/jwt/v2 v2.5.2 // indirect
-	github.com/nats-io/nkeys v0.4.5 // indirect
+	github.com/nats-io/nkeys v0.4.6 // indirect
 	github.com/nats-io/nuid v1.0.1 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.1.0-rc4 // indirect

go.sum

@@ -331,8 +331,8 @@ github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/X
 github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 h1:Z9n2FFNUXsshfwJMBgNA0RU6/i7WVaAegv3PtuIHPMs=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/klauspost/compress v1.17.0 h1:Rnbp4K9EjcDuVuHtd0dgA4qNuv9yKDYKK1ulpJwgrqM=
-github.com/klauspost/compress v1.17.0/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
+github.com/klauspost/compress v1.17.2 h1:RlWWUY/Dr4fL8qk9YG7DTZ7PDgME2V4csBXA8L/ixi4=
+github.com/klauspost/compress v1.17.2/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
 github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
 github.com/klauspost/cpuid/v2 v2.2.5 h1:0E5MSMDEoAulmXNFquVs//DdoomxaoTY1kUhbc/qbZg=
 github.com/klauspost/cpuid/v2 v2.2.5/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws=
@@ -408,12 +408,12 @@ github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
 github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
 github.com/nats-io/jwt/v2 v2.5.2 h1:DhGH+nKt+wIkDxM6qnVSKjokq5t59AZV5HRcFW0zJwU=
 github.com/nats-io/jwt/v2 v2.5.2/go.mod h1:24BeQtRwxRV8ruvC4CojXlx/WQ/VjuwlYiH+vu/+ibI=
-github.com/nats-io/nats-server/v2 v2.10.1 h1:MIJ614dhOIdo71iSzY8ln78miXwrYvlvXHUyS+XdKZQ=
-github.com/nats-io/nats-server/v2 v2.10.1/go.mod h1:3PMvMSu2cuK0J9YInRLWdFpFsswKKGUS77zVSAudRto=
-github.com/nats-io/nats.go v1.30.2 h1:aloM0TGpPorZKQhbAkdCzYDj+ZmsJDyeo3Gkbr72NuY=
-github.com/nats-io/nats.go v1.30.2/go.mod h1:dcfhUgmQNN4GJEfIb2f9R7Fow+gzBF4emzDHrVBd5qM=
-github.com/nats-io/nkeys v0.4.5 h1:Zdz2BUlFm4fJlierwvGK+yl20IAKUm7eV6AAZXEhkPk=
-github.com/nats-io/nkeys v0.4.5/go.mod h1:XUkxdLPTufzlihbamfzQ7mw/VGx6ObUs+0bN5sNvt64=
+github.com/nats-io/nats-server/v2 v2.10.4 h1:uB9xcwon3tPXWAdmTJqqqC6cie3yuPWHJjjTBgaPNus=
+github.com/nats-io/nats-server/v2 v2.10.4/go.mod h1:eWm2JmHP9Lqm2oemB6/XGi0/GwsZwtWf8HIPUsh+9ns=
+github.com/nats-io/nats.go v1.31.0 h1:/WFBHEc/dOKBF6qf1TZhrdEfTmOZ5JzdJ+Y3m6Y/p7E=
+github.com/nats-io/nats.go v1.31.0/go.mod h1:di3Bm5MLsoB4Bx61CBTsxuarI36WbhAwOm8QrW39+i8=
+github.com/nats-io/nkeys v0.4.6 h1:IzVe95ru2CT6ta874rt9saQRkWfe2nFj1NtvYSLqMzY=
+github.com/nats-io/nkeys v0.4.6/go.mod h1:4DxZNzenSVd1cYQoAa8948QY3QDjrHfcfVADymtkpts=
 github.com/nats-io/nuid v1.0.1 h1:5iA8DT8V7q8WK2EScv2padNa/rTESc1KdnPw4TC2paw=
 github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=