build(deps): bump the all-dependencies group with 3 updates

[dependabot]

Bumps the all-dependencies group with 3 updates: github.com/ipfs/boxo, github.com/libp2p/go-libp2p and github.com/libp2p/go-libp2p-kad-dht.

Updates github.com/ipfs/boxo from 0.35.2 to 0.36.0

Release notes

Sourced from github.com/ipfs/boxo's releases.

v0.36.0

What's Changed

Added

• routing/http: GET /routing/v1/dht/closest/peers/{key} per IPIP-476
• ipld/merkledag: Added fetched node size reporting to the progress tracker. See kubo#8915
• gateway: Added a configurable fallback timeout for the gateway handler, defaulting to 1 hour. Configurable via MaxRequestDuration in the gateway config.

Changed

• keystore: improve error messages and include key file name #1080
• upgrade to go-libp2p-kad-dht v0.37.1
• upgrade to go-libp2p v0.47.0

Fixed

• bitswap/network: Fixed goroutine leak that could cause bitswap to stop serving blocks after extended uptime. The root cause is stream.Close() blocking indefinitely when remote peers are unresponsive during multistream handshake (go-libp2p#3448). This PR (#1083) adds a localized fix specific to bitswap's SendMessage by setting a read deadline before closing streams.

Full Changelog: ipfs/boxo@v0.35.2...v0.36.0

Changelog

Sourced from github.com/ipfs/boxo's changelog.

[v0.36.0]

Added

• routing/http: GET /routing/v1/dht/closest/peers/{key} per IPIP-476
• ipld/merkledag: Added fetched node size reporting to the progress tracker. See kubo#8915
• gateway: Added a configurable fallback timeout for the gateway handler, defaulting to 1 hour. Configurable via MaxRequestDuration in the gateway config.

Changed

• keystore: improve error messages and include key file name #1080
• upgrade to go-libp2p-kad-dht v0.37.1
• upgrade to go-libp2p v0.47.0

Fixed

• bitswap/network: Fixed goroutine leak that could cause bitswap to stop serving blocks after extended uptime. The root cause is stream.Close() blocking indefinitely when remote peers are unresponsive during multistream handshake (go-libp2p#3448). This PR (#1083) adds a localized fix specific to bitswap's SendMessage by setting a read deadline before closing streams.

Commits

• 63b6a19 Merge pull request #1099 from ipfs/release-v0.36.0
• cec62e1 update version
• 649ad2c Release v0.36.0
• d7f9498 upgrade go-libp2p-kad-dht to v0.37.1 (#1097)
• fb879c5 fix(routing): defensive nil checks for multiaddr handling (#1081)
• f42859f update dependencies (#1096)
• a34304f fix: flaky TestSessionBetweenPeers with shuffle enabled (#1022)
• 3a7437a upgrade to go-libp2p v0.47.0 (#1095)
• 1edccd3 update go-log (#1094)
• 8ea17e3 upgrade go-dsqueue to v0.1.2 (#1093)
• Additional commits viewable in compare view

Updates github.com/libp2p/go-libp2p from 0.46.0 to 0.47.0

Release notes

Sourced from github.com/libp2p/go-libp2p's releases.

v0.47.0

A relatively small release. The main changes are dependency updates and a couple of bug fixes. #3435 changes autonatv2 reachability logic, which should be a net win for most users.

What's Changed

• fix(autonatv2): secondary addrs inherit reachability from primary by @​lidel in libp2p/go-libp2p#3435
• Update simnet by @​MarcoPolo in libp2p/go-libp2p#3449
• mod tidy test-plans package by @​MarcoPolo in libp2p/go-libp2p#3450
• fix(basic_host): stream.Close() blocks indefinitely on unresponsive peers by @​lidel in libp2p/go-libp2p#3448
• fix: handle error from mh.Sum in IDFromPublicKey by @​MozirDmitriy in libp2p/go-libp2p#3437
• update webtransport-go to v0.10.0 and quic-go to v0.59.0 by @​marten-seemann in libp2p/go-libp2p#3452
• rcmgr: expose resource limits to Prometheus by @​sneaxhuh in libp2p/go-libp2p#3433

New Contributors

• @​MozirDmitriy made their first contribution in libp2p/go-libp2p#3437
• @​sneaxhuh made their first contribution in libp2p/go-libp2p#3433

Full Changelog: libp2p/go-libp2p@v0.46.0...v0.47.0

Commits

• b93eda0 Release v0.47.0 (#3454)
• 1239354 rcmgr: expose resource limits to Prometheus (#3433)
• dd26469 update webtransport-go to v0.10.0 and quic-go to v0.59.0 (#3452)f
• 636d44e fix: handle error from mh.Sum in IDFromPublicKey
• 2bed145 update quic-go to v0.58.0
• bcc2bf1 fix(basic_host): set read deadline before multistream Close to prevent blocking
• 479b24b mod tidy test-plans package (#3450)
• 6c4273f update simnet dependency
• 61bc00c rename simconlibp2p package to simlibp2p
• f4e714c simlibp2p: add GetBasicHostPair helper
• Additional commits viewable in compare view

Updates github.com/libp2p/go-libp2p-kad-dht from 0.37.0 to 0.37.1

Release notes

Sourced from github.com/libp2p/go-libp2p-kad-dht's releases.

v0.37.1

What's Changed

• fix(routing): add per-peer timeouts for PutValue and Provide by @​lidel in libp2p/go-libp2p-kad-dht#1222
• Update dependencies by @​gammazero in libp2p/go-libp2p-kad-dht#1223
• replace multierr with errors.Join by @​gammazero in libp2p/go-libp2p-kad-dht#1224

Full Changelog: libp2p/go-libp2p-kad-dht@v0.37.0...v0.37.1

Commits

• b73c2d0 new version (#1225)
• 1a1e249 replace multierr with errors.Join (#1224)
• bb7f4ce Update dependencies (#1223)
• 77a76e9 fix(routing): add per-peer timeouts for PutValue and Provide (#1222)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	github.com/​ipfs/​boxo@​v0.35.2 ⏵ v0.36.0	+1
	github.com/​libp2p/​go-libp2p@​v0.46.0 ⏵ v0.47.0	+1
	github.com/​libp2p/​go-libp2p-kad-dht@​v0.37.0 ⏵ v0.37.1	+1

View full report

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.