chore(deps): update dependency hashicorp/nomad to v1.11.3

[renovate]

This PR contains the following updates:

Package	Update	Change
hashicorp/nomad	patch	1.11.2 → 1.11.3

---

Release Notes

hashicorp/nomad (hashicorp/nomad)

v1.11.3

Compare Source

SECURITY:

• security: Upgrade tooling to Go 1.25.8 [GH-27653]

IMPROVEMENTS:

• acl (Enterprise): Added sentinel policy block to allow managing Sentinel policies without a management token [GH-27556]
• acl: Added fine-grained ACL capabilities for saving snapshots and reading the Enterprise license [GH-27525]
• acl: Added fine-grained ACL capability for rotating the keyring [GH-27526]
• agent: Added agent.tls.cert.expiration_seconds and agent.tls.ca.expiration_seconds telemetry data points to track TLS certificate expiration. [GH-27538]
• cli: Added autocompletions for ACL auth method, binding rule, policy, and token subcommands [GH-27505]
• cli: Improved options autocompletions for various commands [GH-27506]
• cli: Reduced server overhead when dispatching jobs or forcing periodic jobs from the CLI [GH-27631]
• cli: Truncate results when job commands return a large set of jobs that match the provided ID prefix [GH-27631]
• consul (enterprise): adds ability to specify cluster specific consul tokens with environment variables [GH-27574]
• events: Added a Deleted flag to JobDeregistered event type to differentiate between stopped and deleted jobs [GH-27614]

BUG FIXES:

• acl: Fixed a bug where a bearer-token authenticated request could panic the handler for checking claims [GH-27550]
• artifact: Fix artifact inspection when using file mode [GH-27552]
• config: Fixed a bug where the keyring block could only be specified a maximum of two times [GH-27579]
• config: Fixed parsing of Vault and Consul blocks as JSON that included objects such as task_identity [GH-27595]
• consul: fixes bug where clients were passing node token to connect envoy container, causing acl not found errors [GH-27574]
• core: Fixed system jobs being rescheduled after a node is drained and marked eligible again [GH-27499]
• deployments: Fixed a bug where a task group dropped from a system job could cause deployment state to be overwritten incorrectly [GH-27604]
• deployments: Fixed a bug where system job canary state could be incorrectly changed after a promotion [GH-27497]
• deployments: Fixed a bug where system job deployments would not be marked healthy even though all allocations were healthy [GH-27497]
• drivers: Pass error when included in fingerprint response [GH-27537]
• dynamic host volumes: Fixed a bug with sticky volumes where replacement allocations would not use the previous volume claim [GH-27613]
• http: Ensure the correct HTTP protocol version is set on event stream responses [GH-27586]
• job status: Fixes regression setting job status when jobs have matching prefix [GH-27516]
• keyring (Enterprise): Fixed a bug where in mixed-version clusters with pre-1.9 servers, a keyring rotation that returns an error for an unavailable KMS could prevent future server restarts [GH-27581]
• scheduler: Fix a potential panic in the system scheduler when deploying jobs with multiple task groups and infeasible nodes that become feasible [GH-27571]
• scheduler: Fixed a bug where system deployments would not complete on clusters with pre-1.11.0 nodes [GH-27605]
• state: Fixed a potential state store corruption bug in the service/batch scheduler and deployment watcher [GH-27548]

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.