From 4643eb89e16d75e8174e8f57788ac4c97a8200bb Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 12 Aug 2025 12:01:54 +0100
Subject: [PATCH 1/3] Bump github.com/nats-io/nats.go from 1.42.0 to 1.44.0
 (#3621)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps [github.com/nats-io/nats.go](https://github.com/nats-io/nats.go)
from 1.42.0 to 1.44.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/nats-io/nats.go/releases">github.com/nats-io/nats.go's
releases</a>.</em></p>
<blockquote>
<h2>Release v1.44.0</h2>
<h2>Changelog</h2>
<h2>Overview</h2>
<p>This PR adds a <code>PushConsumer</code> implementation to
<code>jetstream</code>, allowing easier migration to new API while
maintaining usage of push consumers. For now it only supports the
callback-based <code>Consume()</code>, more consuming options will be
added in future releases.</p>
<h3>ADDED</h3>
<ul>
<li>Core NATS:
<ul>
<li><code>UserCredentialBytes()</code> <code>Conn</code> option (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1877">#1877</a>)</li>
</ul>
</li>
<li>JetStream:
<ul>
<li><code>PushConsumer</code> implementation in <code>jetstream</code>
package</li>
<li>Expose <code>ClientTrace</code> in <code>JetStreamOptions</code> (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1886">#1886</a>)</li>
</ul>
</li>
<li>Service API:
<ul>
<li>Expose <code>WithEndpointPendingLimits</code> option (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1899">#1899</a>)</li>
</ul>
</li>
<li>Legacy KeyValue:
<ul>
<li><code>Error()</code> method to <code>KeyLister</code> and
<code>KeyWatcher</code> interfaces (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1889">#1889</a>)</li>
</ul>
</li>
</ul>
<h3>FIXED</h3>
<ul>
<li>Core NATS:
<ul>
<li>Fix timeoutWriter not recovering after first error (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1896">#1896</a>)</li>
</ul>
</li>
<li>JetStream:
<ul>
<li><code>Consumer.Next()</code> hangs after connection is closed (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1883">#1883</a>)</li>
<li>Fixed stream info request for strict mode (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1887">#1887</a>)</li>
<li>Ordered consumer not closing on connection close (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1885">#1885</a>)</li>
<li>Return a more appropriate error when Subject Transform is not
supported (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1416">#1416</a>)</li>
<li>Fix subject transform comparison. Thanks <a
href="https://github.com/erikmansson"><code>@​erikmansson</code></a> for
the contribution (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1907">#1907</a>)</li>
</ul>
</li>
<li>Legacy JetStream:
<ul>
<li>Use timeout from <code>JetStreamContext</code> if no deadline is set
on ctx (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1909">#1909</a>)</li>
</ul>
</li>
<li>KeyValue:
<ul>
<li><code>Keys()</code> and <code>ListKeys()</code> returning duplicates
(<a
href="https://redirect.github.com/nats-io/nats.go/issues/1884">#1884</a>)</li>
<li>Fix subject prefix for the Create/Update operation in KV store.
Thanks <a
href="https://github.com/SalvaChiLlo"><code>@​SalvaChiLlo</code></a> for
the contribution (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1903">#1903</a>)</li>
</ul>
</li>
</ul>
<h3>CHANGED</h3>
<ul>
<li>Change <code>DefaultSubPendingMsgsLimit</code> (<a
href="https://redirect.github.com/nats-io/nats.go/issues/998">#998</a>)</li>
</ul>
<h3>Complete Changes</h3>
<p><a
href="https://github.com/nats-io/nats.go/compare/v1.43.0...v1.44.0">https://github.com/nats-io/nats.go/compare/v1.43.0...v1.44.0</a></p>
<h2>Release v1.43.0</h2>
<h2>Changelog</h2>
<h3>ADDED</h3>
<ul>
<li>Core NATS:
<ul>
<li>Add <code>nc.LocalAddr</code>, similar to
<code>nc.ConnectedAddr</code> (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1877">#1877</a>)</li>
</ul>
</li>
</ul>
<h3>FIXED</h3>
<ul>
<li>Service API:
<ul>
<li>Fix stopping service not unsubscribing from all endpoints. Thanks <a
href="https://github.com/arunsworld"><code>@​arunsworld</code></a> for
the contribution (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1872">#1872</a>)</li>
</ul>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/nats-io/nats.go/commit/7a260b8b93562630ec8c6f8f31ae3704c4f61ad1"><code>7a260b8</code></a>
Release v1.44.0 (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1910">#1910</a>)</li>
<li><a
href="https://github.com/nats-io/nats.go/commit/dfcb02dcdcaef196deb28daae1d17235dbe165d2"><code>dfcb02d</code></a>
[FIXED] Use mirror-aware prefix when updating KV key (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1903">#1903</a>)</li>
<li><a
href="https://github.com/nats-io/nats.go/commit/0bba2a9842214a01b06bdccd0d4bbba268647c67"><code>0bba2a9</code></a>
[ADDED] PushConsumer implementation in jetstream package (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1785">#1785</a>)</li>
<li><a
href="https://github.com/nats-io/nats.go/commit/627a9f63c2e6dc30a30fe7172978db2b58494cc2"><code>627a9f6</code></a>
[FIXED] KeyValue Keys() and ListKeys() returning duplicates (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1884">#1884</a>)</li>
<li><a
href="https://github.com/nats-io/nats.go/commit/9743171c2a45bb35dbb740afa8ea89789041407d"><code>9743171</code></a>
Merge pull request <a
href="https://redirect.github.com/nats-io/nats.go/issues/1909">#1909</a>
from nats-io/fix-watcher-timeout</li>
<li><a
href="https://github.com/nats-io/nats.go/commit/3bd15a802691536af68ef5f1e44826bb423a1138"><code>3bd15a8</code></a>
[FIXED] Use timeout from JetStreamContext if no deadline is set on
ctx</li>
<li><a
href="https://github.com/nats-io/nats.go/commit/0fc96b1daa6d47da063f3c584ca9bd11d75e30b3"><code>0fc96b1</code></a>
[FIXED] Fix subject transform comparison (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1907">#1907</a>)</li>
<li><a
href="https://github.com/nats-io/nats.go/commit/ea3ef928233d820bcc1aa2d95a3055d4c79758a3"><code>ea3ef92</code></a>
[IMPROVED] Change DefaultSubPendingMsgsLimit comment to reflect actual
value ...</li>
<li><a
href="https://github.com/nats-io/nats.go/commit/f038fb4bee8ae07006504c92671990337d559beb"><code>f038fb4</code></a>
[FIXED] Return a more appropriate error when subject transforms are not
suppo...</li>
<li><a
href="https://github.com/nats-io/nats.go/commit/ad6e34e1ae777b6ce8d382b102ed4b4059b305f8"><code>ad6e34e</code></a>
[FIXED] Ordered consumer not closing on connection close (<a
href="https://redirect.github.com/nats-io/nats.go/issues/1885">#1885</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/nats-io/nats.go/compare/v1.42.0...v1.44.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/nats-io/nats.go&package-manager=go_modules&previous-version=1.42.0&new-version=1.44.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 6 ++----
 2 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/go.mod b/go.mod
index eea09a6d..b63bd390 100644
--- a/go.mod
+++ b/go.mod
@@ -30,7 +30,7 @@ require (
 	github.com/matrix-org/util v0.0.0-20221111132719-399730281e66
 	github.com/mattn/go-sqlite3 v1.14.28
 	github.com/nats-io/nats-server/v2 v2.11.3
-	github.com/nats-io/nats.go v1.42.0
+	github.com/nats-io/nats.go v1.44.0
 	github.com/nfnt/resize v0.0.0-20180221191011-83c6a9932646
 	github.com/opentracing/opentracing-go v1.2.0
 	github.com/patrickmn/go-cache v2.1.0+incompatible
diff --git a/go.sum b/go.sum
index 9be17422..995e21b0 100644
--- a/go.sum
+++ b/go.sum
@@ -237,8 +237,6 @@ github.com/matrix-org/go-sqlite3-js v0.0.0-20220419092513-28aa791a1c91 h1:s7fexw
 github.com/matrix-org/go-sqlite3-js v0.0.0-20220419092513-28aa791a1c91/go.mod h1:e+cg2q7C7yE5QnAXgzo512tgFh1RbQLC0+jozuegKgo=
 github.com/matrix-org/gomatrix v0.0.0-20220926102614-ceba4d9f7530 h1:kHKxCOLcHH8r4Fzarl4+Y3K5hjothkVW5z7T1dUM11U=
 github.com/matrix-org/gomatrix v0.0.0-20220926102614-ceba4d9f7530/go.mod h1:/gBX06Kw0exX1HrwmoBibFA98yBk/jxKpGVeyQbff+s=
-github.com/matrix-org/gomatrixserverlib v0.0.0-20250811171307-390dbaa8de98 h1:AH19nhwaPYCRddS/s7LgKS+fhntFXg2qG47uFAjwFJ4=
-github.com/matrix-org/gomatrixserverlib v0.0.0-20250811171307-390dbaa8de98/go.mod h1:b6KVfDjXjA5Q7vhpOaMqIhFYvu5BuFVZixlNeTV/CLc=
 github.com/matrix-org/gomatrixserverlib v0.0.0-20250811193806-b7e0e0824751 h1:x1pC7Nt1Qb24q9WtPybMHWo2uVFTzCKtlUAzarju8bk=
 github.com/matrix-org/gomatrixserverlib v0.0.0-20250811193806-b7e0e0824751/go.mod h1:b6KVfDjXjA5Q7vhpOaMqIhFYvu5BuFVZixlNeTV/CLc=
 github.com/matrix-org/pinecone v0.11.1-0.20230810010612-ea4c33717fd7 h1:6t8kJr8i1/1I5nNttw6nn1ryQJgzVlBmSGgPiiaTdw4=
@@ -279,8 +277,8 @@ github.com/nats-io/jwt/v2 v2.7.4 h1:jXFuDDxs/GQjGDZGhNgH4tXzSUK6WQi2rsj4xmsNOtI=
 github.com/nats-io/jwt/v2 v2.7.4/go.mod h1:me11pOkwObtcBNR8AiMrUbtVOUGkqYjMQZ6jnSdVUIA=
 github.com/nats-io/nats-server/v2 v2.11.3 h1:AbGtXxuwjo0gBroLGGr/dE0vf24kTKdRnBq/3z/Fdoc=
 github.com/nats-io/nats-server/v2 v2.11.3/go.mod h1:6Z6Fd+JgckqzKig7DYwhgrE7bJ6fypPHnGPND+DqgMY=
-github.com/nats-io/nats.go v1.42.0 h1:ynIMupIOvf/ZWH/b2qda6WGKGNSjwOUutTpWRvAmhaM=
-github.com/nats-io/nats.go v1.42.0/go.mod h1:iRWIPokVIFbVijxuMQq4y9ttaBTMe0SFdlZfMDd+33g=
+github.com/nats-io/nats.go v1.44.0 h1:ECKVrDLdh/kDPV1g0gAQ+2+m2KprqZK5O/eJAyAnH2M=
+github.com/nats-io/nats.go v1.44.0/go.mod h1:iRWIPokVIFbVijxuMQq4y9ttaBTMe0SFdlZfMDd+33g=
 github.com/nats-io/nkeys v0.4.11 h1:q44qGV008kYd9W1b1nEBkNzvnWxtRSQ7A8BoqRrcfa0=
 github.com/nats-io/nkeys v0.4.11/go.mod h1:szDimtgmfOi9n25JpfIdGw12tZFYXqhGxjhVxsatHVE=
 github.com/nats-io/nuid v1.0.1 h1:5iA8DT8V7q8WK2EScv2padNa/rTESc1KdnPw4TC2paw=

From df748c5eae282cf1b143e21be15cf1d013c039e4 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 12 Aug 2025 13:08:29 +0100
Subject: [PATCH 2/3] Bump github.com/nats-io/nats-server/v2 from 2.11.3 to
 2.11.7 (#3620)

Bumps
[github.com/nats-io/nats-server/v2](https://github.com/nats-io/nats-server)
from 2.11.3 to 2.11.7.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/nats-io/nats-server/releases">github.com/nats-io/nats-server/v2's
releases</a>.</em></p>
<blockquote>
<h2>Release v2.11.7</h2>
<h2>Changelog</h2>
<p>Refer to the <a
href="https://docs.nats.io/release-notes/whats_new/whats_new_211">2.11
Upgrade Guide</a> for backwards compatibility notes with 2.10.x.</p>
<h3>Go Version</h3>
<ul>
<li>1.24.5 (<a
href="https://redirect.github.com/nats-io/nats-server/issues/7047">#7047</a>)</li>
</ul>
<h3>Dependencies</h3>
<ul>
<li>golang.org/x/crypto v0.40.0 (<a
href="https://redirect.github.com/nats-io/nats-server/issues/7061">#7061</a>)</li>
<li>golang.org/x/sys v0.34.0 (<a
href="https://redirect.github.com/nats-io/nats-server/issues/7061">#7061</a>)</li>
</ul>
<h3>Added</h3>
<p>General</p>
<ul>
<li>The <code>SubjectMatchesFilter</code> function is now available as
an exported function for embedded use (<a
href="https://redirect.github.com/nats-io/nats-server/issues/7051">#7051</a>)</li>
<li>The <code>leafz</code> monitoring endpoint now includes the
connection ID (<a
href="https://redirect.github.com/nats-io/nats-server/issues/7063">#7063</a>)</li>
<li>The monitoring endpoint index page now includes the endpoint names
on hover (<a
href="https://redirect.github.com/nats-io/nats-server/issues/7066">#7066</a>,
<a
href="https://redirect.github.com/nats-io/nats-server/issues/7087">#7087</a>)</li>
</ul>
<h3>Improved</h3>
<p>JetStream</p>
<ul>
<li>Consumers with inactivity thresholds should no longer age out before
processing acks (<a
href="https://redirect.github.com/nats-io/nats-server/issues/7107">#7107</a>)</li>
<li>The Raft layer will no longer request store state on each apply (<a
href="https://redirect.github.com/nats-io/nats-server/issues/7109">#7109</a>)</li>
<li>Tombstones in Raft log compactions will now be written
asynchronously, similar to purges (<a
href="https://redirect.github.com/nats-io/nats-server/issues/7109">#7109</a>)</li>
<li>When enabling per-message TTLs on a stream, existing messages with
the <code>Nats-TTL</code> header are now scanned and processed (<a
href="https://redirect.github.com/nats-io/nats-server/issues/7117">#7117</a>)</li>
</ul>
<h3>Fixed</h3>
<p>General</p>
<ul>
<li>Message header lookups with common prefixes will now return
correctly in all cases, fixing a problem where the headers could be
sensitive to ordering (<a
href="https://redirect.github.com/nats-io/nats-server/issues/7065">#7065</a>)</li>
<li>Validate that the <code>default_sentinel</code> JWT is a bearer
token for auth callout (7074)</li>
<li>The <code>$SYS.REQ.USER.INFO</code> endpoint should now only be
answered by the local server, fixing cases where the endpoint may
sometimes return without full connection details (<a
href="https://redirect.github.com/nats-io/nats-server/issues/7089">#7089</a>)</li>
</ul>
<p>JetStream</p>
<ul>
<li>The Raft layer will require recovery and snapshot handling at
startup before campaigning for a leadership election, fixing a situation
where a node could continue with an outdated stream (<a
href="https://redirect.github.com/nats-io/nats-server/issues/7040">#7040</a>)</li>
<li>The Raft log will no longer be compacted until after a snapshot is
written, improving crash resilience (<a
href="https://redirect.github.com/nats-io/nats-server/issues/7043">#7043</a>)</li>
<li>A race condition when shutting down Raft nodes which could result in
no snapshot being written has been fixed (<a
href="https://redirect.github.com/nats-io/nats-server/issues/7045">#7045</a>)</li>
<li>Consumer pull requests that use <code>no_wait</code> or
<code>expires</code> behaviour has been fixed with replicated consumers
(<a
href="https://redirect.github.com/nats-io/nats-server/issues/7046">#7046</a>)</li>
<li>Pull consumers with an inactive threshold will now consider pending
acks when determining inactivity, preventing the consumer from being
deleted while messages are being processed (<a
href="https://redirect.github.com/nats-io/nats-server/issues/7052">#7052</a>)</li>
<li>Push consumers will now correctly error when trying to configure
priority groups (<a
href="https://redirect.github.com/nats-io/nats-server/issues/7053">#7053</a>)</li>
<li>Committed entry objects will now be correctly returned to the pool
on error, reducing allocations (<a
href="https://redirect.github.com/nats-io/nats-server/issues/7064">#7064</a>)</li>
<li>The time hash wheel used for per-message TTLs now correctly detects
and expires messages with TTLs over an hour, previously it could take
double the expected time (<a
href="https://redirect.github.com/nats-io/nats-server/issues/7070">#7070</a>)</li>
<li>A potential panic when selecting message blocks during TTL recovery
has been fixed (<a
href="https://redirect.github.com/nats-io/nats-server/issues/7072">#7072</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/nats-io/nats-server/commit/df44964eb94e1d7eb16d5928197f7a7f7699861c"><code>df44964</code></a>
Release v2.11.7</li>
<li><a
href="https://github.com/nats-io/nats-server/commit/b76090aa47ee54e79a40c1cb8b2b883cb8ec7b5e"><code>b76090a</code></a>
Cherry-picks for 2.11.7 (<a
href="https://redirect.github.com/nats-io/nats-server/issues/7132">#7132</a>)</li>
<li><a
href="https://github.com/nats-io/nats-server/commit/2e4c373b4a4af675cd97e88841cc45e433aeb0e8"><code>2e4c373</code></a>
[FIXED] MaxBytes reservations underflow</li>
<li><a
href="https://github.com/nats-io/nats-server/commit/42af9b5ae85258addab926ba61a0653a842b3bba"><code>42af9b5</code></a>
Release v2.11.7-RC.3</li>
<li><a
href="https://github.com/nats-io/nats-server/commit/da4971cc4c09bfa7dbfceed3b659414cd6010479"><code>da4971c</code></a>
Cherry-picks for 2.11.7-RC.3 (<a
href="https://redirect.github.com/nats-io/nats-server/issues/7127">#7127</a>)</li>
<li><a
href="https://github.com/nats-io/nats-server/commit/abac833e87f0c45ad20818c163c95909151f895c"><code>abac833</code></a>
[FIXED] Detect removed blocks with stale index.db</li>
<li><a
href="https://github.com/nats-io/nats-server/commit/29e0ee677fe20a2affc848c33e257dbdd33aeba1"><code>29e0ee6</code></a>
[IMPROVED] Recover TTL when enabled</li>
<li><a
href="https://github.com/nats-io/nats-server/commit/6bebdc061609319950fd5a50d4a38fcc346555a7"><code>6bebdc0</code></a>
Release v2.11.7-RC.2</li>
<li><a
href="https://github.com/nats-io/nats-server/commit/b3220a6ca03f6e696c5d2d0915c63773febaf648"><code>b3220a6</code></a>
Cherry-picks for 2.11.7-RC.2 (<a
href="https://redirect.github.com/nats-io/nats-server/issues/7115">#7115</a>)</li>
<li><a
href="https://github.com/nats-io/nats-server/commit/6014f4165987874f8940390cc16bfa6d1d7e38c1"><code>6014f41</code></a>
Fix typos in doc comments</li>
<li>Additional commits viewable in <a
href="https://github.com/nats-io/nats-server/compare/v2.11.3...v2.11.7">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/nats-io/nats-server/v2&package-manager=go_modules&previous-version=2.11.3&new-version=2.11.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 20 ++++++++++----------
 go.sum | 40 ++++++++++++++++++++--------------------
 2 files changed, 30 insertions(+), 30 deletions(-)

diff --git a/go.mod b/go.mod
index b63bd390..6e6e5a4b 100644
--- a/go.mod
+++ b/go.mod
@@ -29,7 +29,7 @@ require (
 	github.com/matrix-org/pinecone v0.11.1-0.20230810010612-ea4c33717fd7
 	github.com/matrix-org/util v0.0.0-20221111132719-399730281e66
 	github.com/mattn/go-sqlite3 v1.14.28
-	github.com/nats-io/nats-server/v2 v2.11.3
+	github.com/nats-io/nats-server/v2 v2.11.7
 	github.com/nats-io/nats.go v1.44.0
 	github.com/nfnt/resize v0.0.0-20180221191011-83c6a9932646
 	github.com/opentracing/opentracing-go v1.2.0
@@ -45,12 +45,12 @@ require (
 	github.com/yggdrasil-network/yggdrasil-go v0.5.12
 	github.com/yggdrasil-network/yggquic v0.0.0-20241212194307-0d495106021f
 	go.uber.org/atomic v1.11.0
-	golang.org/x/crypto v0.39.0
+	golang.org/x/crypto v0.40.0
 	golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56
 	golang.org/x/image v0.27.0
 	golang.org/x/mobile v0.0.0-20240520174638-fa72addaaa1b
-	golang.org/x/sync v0.15.0
-	golang.org/x/term v0.32.0
+	golang.org/x/sync v0.16.0
+	golang.org/x/term v0.33.0
 	gopkg.in/yaml.v2 v2.4.0
 	gotest.tools/v3 v3.5.2
 	maunium.net/go/mautrix v0.15.1
@@ -97,7 +97,7 @@ require (
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/golang/snappy v0.0.4 // indirect
-	github.com/google/go-tpm v0.9.3 // indirect
+	github.com/google/go-tpm v0.9.5 // indirect
 	github.com/google/pprof v0.0.0-20240409012703-83162a5b38cd // indirect
 	github.com/h2non/filetype v1.1.3 // indirect
 	github.com/hashicorp/go-set/v3 v3.0.0 // indirect
@@ -143,11 +143,11 @@ require (
 	go.opentelemetry.io/otel/trace v1.32.0 // indirect
 	go.uber.org/mock v0.4.0 // indirect
 	golang.org/x/mod v0.25.0 // indirect
-	golang.org/x/net v0.40.0 // indirect
-	golang.org/x/sys v0.33.0 // indirect
-	golang.org/x/text v0.26.0 // indirect
-	golang.org/x/time v0.11.0 // indirect
-	golang.org/x/tools v0.33.0 // indirect
+	golang.org/x/net v0.41.0 // indirect
+	golang.org/x/sys v0.34.0 // indirect
+	golang.org/x/text v0.27.0 // indirect
+	golang.org/x/time v0.12.0 // indirect
+	golang.org/x/tools v0.34.0 // indirect
 	google.golang.org/protobuf v1.36.5 // indirect
 	gopkg.in/macaroon.v2 v2.1.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
diff --git a/go.sum b/go.sum
index 995e21b0..662ae0d6 100644
--- a/go.sum
+++ b/go.sum
@@ -181,8 +181,8 @@ github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
 github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
-github.com/google/go-tpm v0.9.3 h1:+yx0/anQuGzi+ssRqeD6WpXjW2L/V0dItUayO0i9sRc=
-github.com/google/go-tpm v0.9.3/go.mod h1:h9jEsEECg7gtLis0upRBQU+GhYVH6jMjrFxI8u6bVUY=
+github.com/google/go-tpm v0.9.5 h1:ocUmnDebX54dnW+MQWGQRbdaAcJELsa6PqZhJ48KwVU=
+github.com/google/go-tpm v0.9.5/go.mod h1:h9jEsEECg7gtLis0upRBQU+GhYVH6jMjrFxI8u6bVUY=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/pprof v0.0.0-20240409012703-83162a5b38cd h1:gbpYu9NMq8jhDVbvlGkMFWCjLFlqqEZjEmObmhUy6Vo=
 github.com/google/pprof v0.0.0-20240409012703-83162a5b38cd/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw=
@@ -275,8 +275,8 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/nats-io/jwt/v2 v2.7.4 h1:jXFuDDxs/GQjGDZGhNgH4tXzSUK6WQi2rsj4xmsNOtI=
 github.com/nats-io/jwt/v2 v2.7.4/go.mod h1:me11pOkwObtcBNR8AiMrUbtVOUGkqYjMQZ6jnSdVUIA=
-github.com/nats-io/nats-server/v2 v2.11.3 h1:AbGtXxuwjo0gBroLGGr/dE0vf24kTKdRnBq/3z/Fdoc=
-github.com/nats-io/nats-server/v2 v2.11.3/go.mod h1:6Z6Fd+JgckqzKig7DYwhgrE7bJ6fypPHnGPND+DqgMY=
+github.com/nats-io/nats-server/v2 v2.11.7 h1:lINWQ/Hb3cnaoHmWTjj/7WppZnaSh9C/1cD//nHCbms=
+github.com/nats-io/nats-server/v2 v2.11.7/go.mod h1:DchDPVzAsAPqhqm7VLedX0L7hjnV/SYtlmsl9F8U53s=
 github.com/nats-io/nats.go v1.44.0 h1:ECKVrDLdh/kDPV1g0gAQ+2+m2KprqZK5O/eJAyAnH2M=
 github.com/nats-io/nats.go v1.44.0/go.mod h1:iRWIPokVIFbVijxuMQq4y9ttaBTMe0SFdlZfMDd+33g=
 github.com/nats-io/nkeys v0.4.11 h1:q44qGV008kYd9W1b1nEBkNzvnWxtRSQ7A8BoqRrcfa0=
@@ -401,8 +401,8 @@ golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8=
-golang.org/x/crypto v0.39.0 h1:SHs+kF4LP+f+p14esP5jAoDpHU8Gu/v9lFRK6IT5imM=
-golang.org/x/crypto v0.39.0/go.mod h1:L+Xg3Wf6HoL4Bn4238Z6ft6KfEpN0tJGo53AAPC632U=
+golang.org/x/crypto v0.40.0 h1:r4x+VvoG5Fm+eJcxMaY8CQM7Lb0l1lsmjGBQ6s8BfKM=
+golang.org/x/crypto v0.40.0/go.mod h1:Qr1vMER5WyS2dfPHAlsOj01wgLbsyWtFn/aY+5+ZdxY=
 golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190125153040-c74c464bbbf2/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -429,13 +429,13 @@ golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLL
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.40.0 h1:79Xs7wF06Gbdcg4kdCCIQArK11Z1hr5POQ6+fIYHNuY=
-golang.org/x/net v0.40.0/go.mod h1:y0hY0exeL2Pku80/zKK7tpntoX23cqL3Oa6njdgRtds=
+golang.org/x/net v0.41.0 h1:vBTly1HeNPEn3wtREYfy4GZ/NECgw2Cnl+nK6Nz3uvw=
+golang.org/x/net v0.41.0/go.mod h1:B/K4NNqkfmg07DQYrbwvSluqCJOOXwUjeb/5lOisjbA=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.15.0 h1:KWH3jNZsfyT6xfAfKiz6MRNmd46ByHDYaZ7KSkCtdW8=
-golang.org/x/sync v0.15.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
+golang.org/x/sync v0.16.0 h1:ycBJEhp9p4vXvUZNszeOq0kGTPghopOL8q0fq3vstxw=
+golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -452,20 +452,20 @@ golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw=
-golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/sys v0.34.0 h1:H5Y5sJ2L2JRdyv7ROF1he/lPdvFsd0mJHFw2ThKHxLA=
+golang.org/x/sys v0.34.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/term v0.32.0 h1:DR4lr0TjUs3epypdhTOkMmuF5CDFJ/8pOnbzMZPQ7bg=
-golang.org/x/term v0.32.0/go.mod h1:uZG1FhGx848Sqfsq4/DlJr3xGGsYMu/L5GW4abiaEPQ=
+golang.org/x/term v0.33.0 h1:NuFncQrRcaRvVmgRkvM3j/F00gWIAlcmlB8ACEKmGIg=
+golang.org/x/term v0.33.0/go.mod h1:s18+ql9tYWp1IfpV9DmCtQDDSRBUjKaw9M1eAv5UeF0=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.26.0 h1:P42AVeLghgTYr4+xUnTRKDMqpar+PtX7KWuNQL21L8M=
-golang.org/x/text v0.26.0/go.mod h1:QK15LZJUUQVJxhz7wXgxSy/CJaTFjd0G+YLonydOVQA=
+golang.org/x/text v0.27.0 h1:4fGWRpyh641NLlecmyl4LOe6yDdfaYNrGb2zdfo4JV4=
+golang.org/x/text v0.27.0/go.mod h1:1D28KMCvyooCX9hBiosv5Tz/+YLxj0j7XhWjpSUF7CU=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.11.0 h1:/bpjEDfN9tkoN/ryeYHnv5hcMlc8ncjMcM4XBk5NWV0=
-golang.org/x/time v0.11.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg=
+golang.org/x/time v0.12.0 h1:ScB/8o8olJvc+CQPWrK3fPZNfh7qgwCrY0zJmoEQLSE=
+golang.org/x/time v0.12.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg=
 golang.org/x/tools v0.0.0-20180525024113-a5b4c53f6e8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190206041539-40960b6deb8e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -473,8 +473,8 @@ golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtn
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.33.0 h1:4qz2S3zmRxbGIhDIAgjxvFutSvH5EfnsYrRBj0UI0bc=
-golang.org/x/tools v0.33.0/go.mod h1:CIJMaWEY88juyUfo7UbgPqbC8rU2OqfAV1h2Qp0oMYI=
+golang.org/x/tools v0.34.0 h1:qIpSLOxeCYGg9TrcJokLBG4KFA6d795g0xkBkiESGlo=
+golang.org/x/tools v0.34.0/go.mod h1:pAP9OwEaY1CAW3HOmg3hLZC5Z0CCmzjAF2UQMSqNARg=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=

From f24688af118a76d988984059cd64bcc0d2f856c1 Mon Sep 17 00:00:00 2001
From: Vivianne <puttabutta@gmail.com>
Date: Tue, 12 Aug 2025 09:06:42 -0400
Subject: [PATCH 3/3] Adjust roomserver locks, don't unsubscribe if new event
 is inflight (#3588)

This should fix #3484 -- at the very least, it has resolved the issues
we've had on our instance. I've extended the lock so it surrounds the
unsubscribe as well as a new check if the latest sequential ID seen by
the ephemeral thread is newer than the sequential ID seen by the durable
thread. This solves a race where the unsubscribe happened while a new
message was inflight, and so the message was not handled.

This is a fix for a race condition that has been pretty unreliable to
reproduce manually, so I don't know if there's a good way to add a
reliable automated test for it. If you have any ideas I'm open to it.

### Pull Request Checklist

<!-- Please read
https://matrix-org.github.io/dendrite/development/contributing before
submitting your pull request -->

* [x] I have added Go unit tests or [Complement integration
tests](https://github.com/matrix-org/complement) for this PR _or_ I have
justified why this PR doesn't need tests
* [x] Pull request includes a [sign off
below](https://element-hq.github.io/dendrite/development/contributing#sign-off)
_or_ I have already signed off privately

Signed-off-by: `Vivianne Langdon <puttabutta@gmail.com>`

---------

Signed-off-by: Vivianne Langdon <puttabutta@gmail.com>
Co-authored-by: Kegan Dougal <7190048+kegsay@users.noreply.github.com>
---
 roomserver/internal/input/input.go | 34 ++++++++++++++++++++++++------
 1 file changed, 28 insertions(+), 6 deletions(-)

diff --git a/roomserver/internal/input/input.go b/roomserver/internal/input/input.go
index 475a38de..0e2d71c4 100644
--- a/roomserver/internal/input/input.go
+++ b/roomserver/internal/input/input.go
@@ -101,9 +101,12 @@ type worker struct {
 	roomID       string
 	subscription *nats.Subscription
 	sentryHub    *sentry.Hub
+	ephemeralSeq uint64
+	// last seq we fully processed
+	durableSeq uint64
 }
 
-func (r *Inputer) startWorkerForRoom(roomID string) {
+func (r *Inputer) startWorkerForRoom(roomID string, seq uint64) {
 	v, loaded := r.workers.LoadOrStore(roomID, &worker{
 		r:         r,
 		roomID:    roomID,
@@ -112,6 +115,9 @@ func (r *Inputer) startWorkerForRoom(roomID string) {
 	w := v.(*worker)
 	w.Lock()
 	defer w.Unlock()
+
+	w.ephemeralSeq = seq
+
 	if !loaded || w.subscription == nil {
 		streamName := r.Cfg.Matrix.JetStream.Prefixed(jetstream.InputRoomEvent)
 		consumer := r.Cfg.Matrix.JetStream.Prefixed("RoomInput" + jetstream.Tokenise(w.roomID))
@@ -226,7 +232,8 @@ func (r *Inputer) Start() error {
 		"", // This is blank because we specified it in BindStream.
 		func(m *nats.Msg) {
 			roomID := m.Header.Get(jetstream.RoomID)
-			r.startWorkerForRoom(roomID)
+			meta, _ := m.Metadata()
+			r.startWorkerForRoom(roomID, meta.Sequence.Stream)
 			_ = m.Ack()
 		},
 		nats.HeadersOnly(),
@@ -278,7 +285,19 @@ func (w *worker) _next() {
 		if len(msgs) != 1 {
 			return
 		}
-
+	case context.DeadlineExceeded, context.Canceled:
+		// The context exceeded, so we've been waiting for more than a
+		// minute for activity in this room. At this point we will shut
+		// down the subscriber to free up resources. It'll get started
+		// again if new activity happens.
+		w.Lock()
+		defer w.Unlock()
+		// inside the lock, let's check if the ephemeral consumer saw something new!
+		// If so, we do have new messages after all, they just came at a bad time.
+		if w.ephemeralSeq > w.durableSeq {
+			w.Act(nil, w._next)
+			return
+		}
 	case nats.ErrConsumerDeleted, nats.ErrConsumerNotFound:
 		// The consumer is gone, therefore it's reached the inactivity
 		// threshold. Clean up and stop processing at this point, if a
@@ -287,9 +306,7 @@ func (w *worker) _next() {
 		if err = w.subscription.Unsubscribe(); err != nil {
 			logrus.WithError(err).Errorf("Failed to unsubscribe to stream for room %q", w.roomID)
 		}
-		w.Lock()
 		w.subscription = nil
-		w.Unlock()
 		return
 
 	default:
@@ -297,11 +314,13 @@ func (w *worker) _next() {
 		// from the queue. In which case, we'll shut down the subscriber
 		// and wait to be notified about new room activity again. Maybe
 		// the problem will be corrected by then.
+		// atomically clear the subscription and unsubscribe
+		w.Lock()
+
 		logrus.WithError(err).Errorf("Failed to get next stream message for room %q", w.roomID)
 		if err = w.subscription.Unsubscribe(); err != nil {
 			logrus.WithError(err).Errorf("Failed to unsubscribe to stream for room %q", w.roomID)
 		}
-		w.Lock()
 		w.subscription = nil
 		w.Unlock()
 		return
@@ -314,6 +333,9 @@ func (w *worker) _next() {
 	// fails then we'll terminate the message — this notifies NATS that
 	// we are done with the message and never want to see it again.
 	msg := msgs[0]
+	meta, _ := msg.Metadata()
+	w.durableSeq = meta.Sequence.Stream
+
 	var inputRoomEvent api.InputRoomEvent
 	if err = json.Unmarshal(msg.Data, &inputRoomEvent); err != nil {
 		// using AckWait here makes the call synchronous; 5 seconds is the default value used by NATS