bump dependencies

[aricart]

No description provided.

[synadia-claude-reviewer]

Claude finished @aricart's task in 1m 0s —— View job

---

PR Review: bump dependencies

• Gather PR diff and context
• Review dependency changes
• Post final review

---

Summary: This PR bumps Go module dependencies and upgrades the minimum Go version from 1.24.0 to 1.25.0.

Go version bump: go 1.24.0 → go 1.25.0 — Go 1.25 is not yet released (as of this writing). This may be intentional if the project tracks release candidates, but could cause issues for users on stable Go toolchains. Worth confirming this is intentional.

Dependency updates:

Package	Old	New
nats-io/jwt/v2	v2.8.0	v2.8.1
nats-io/nats-server/v2	v2.12.4	v2.12.5
nats-io/nats.go	v1.48.0	v1.49.0
nats-io/nkeys	v0.4.14	v0.4.15
antithesishq/antithesis-sdk-go	v0.5.0	v0.6.0
klauspost/compress	v1.18.3	v1.18.4
golang.org/x/crypto	v0.47.0	v0.49.0
golang.org/x/sys	v0.40.0	v0.42.0
golang.org/x/time	v0.14.0	v0.15.0

All changes are minor/patch version bumps with consistent go.sum hash updates. The golang.org/x/crypto bump (v0.47 → v0.49, skipping v0.48) is fine — this is normal for x/ packages.

No concerns with correctness, security, or compatibility. The go.sum hashes look consistent with the version changes.