fix(deps): update module github.com/libp2p/go-libp2p to v0.35.0

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
github.com/libp2p/go-libp2p	v0.31.0 -> v0.35.0

---

Release Notes

libp2p/go-libp2p (github.com/libp2p/go-libp2p)

v0.35.0

Compare Source

⚠️ Breaking Changes ⚠️

• Resource Manager: ConnLimitPerCIDR is now called ConnLimitPerSubnet. The field previously named BitMask is now called PrefixLength. Apologies for the churn, but the old names were vague and confusing.

🔦 Highlights

• Resource Manager: Renames ConnLimitPerCIDR to ConnLimitPerSubnet
• Resource Manager: Able to provide connection limits for specific IP address blocks.
  • By default we new allow unlimited connections from localhost. Should help fix tests that broke with the previous behavior of limiting to only 8 connections per IP address.

What's Changed

• rcmgr: Support specific network prefix in conn limiter by @​MarcoPolo in https://github.com/libp2p/go-libp2p/pull/2807

Full Changelog: libp2p/go-libp2p@v0.34.1...v0.35.0

v0.34.1

Compare Source

Refer to the v0.34.0 release notes for breaking changes in v0.34

What's Changed

• rcmgr: Backwards compatibility if you wrap default impl by @​MarcoPolo in https://github.com/libp2p/go-libp2p/pull/2805
• config: fix "Insecure-security" constructor by @​sukunrt in https://github.com/libp2p/go-libp2p/pull/2810

Full Changelog: libp2p/go-libp2p@v0.34.0...v0.34.1

v0.34.0

Compare Source

⚠️ Breaking Changes ⚠️

1. Transient Connections are now called Limited Connections. The prior terminology was confusing to many, and conflicted with the transient definition in the resource manager. The term actually referred to a connection that was relayed and limited in some aspect (either data or time).
2. libp2phttp: The well-known resource for libp2p protocols has changed. See the discussion thread for context. This means that new clients will not be able to reach the well-known endpoint automatically on old servers, and new servers won't respond to the old well-known endpoint to old clients. If you do not fully control the deployment of this, you should set EnableCompatibilityWithLegacyWellKnownEndpoint in libp2phttp.Host to true to enable backwards compatibility. This is not the default behavior because libp2phttp is still experimental and things are generally permitted to break. In this case supporting backwards compatibility was simple enough and we generally don't like breaking users even on an experimental feature.
3. ResourceManager: This probably only affects 0.01% of use cases. The resource manager is now IP aware. Meaning it will set limits for how many connections it tracks per IP address or IP Address range (CIDR subnet). Look at ‎WithLimitPeersPerCIDR‎ for how to configure it. Almost all users will not need to touch this. If you're tests are suddenly breaking, this is might be why

🔦 Highlights

WebRTC Direct

• We've significantly improved support for webrtc-direct transport with multiple security and performance fixes.
• Based on the experience of webrtc-direct on v0.34 we intend to make it non experimental in v0.35

Transient Connections are now called Limited Connections

• Connections to peers over relayed or other limited connections, previously called transient are now called limited throughout the code. Limited is more descriptive of the connection's behavior and it avoids conflict with Resource Manager's Transient scope.
• For Connections, the Transient connection state has been renamed to Limited. This is a breaking change and you'll have to replace uses of conn.Stat().Transient with conn.Stat().Limited
• Network context functions like network.WithUseTransient are deprecated, use their limited alternatives like network.WithUseLimited.

Limited Connectedness state

• Peers connected to the host via relayed or any other limited connection now report their connectivity state as Limited.
• This state is also reflected in EvtPeerConnectednessChanged event. Consumers only interested in peers connected over Unlimited connections can ignore events with Limited Connectedness. NOTE: This changes the behavior of the Connected Connectedness state. Previously it included all limited connections and now it doesn't. To keep existing behavior in your code you can replace checks connectedness == network.Connected with connectedness != network.NotConnected

What's Changed

• webrtc: setup datachannel handlers before connecting to a peer by @​sukunrt in https://github.com/libp2p/go-libp2p/pull/2716
• webrtc: close mux when closing listener by @​sukunrt in https://github.com/libp2p/go-libp2p/pull/2717
• ping: use context.Afterfunc to avoid a lingering goroutine by @​Jorropo in https://github.com/libp2p/go-libp2p/pull/2723
• Small code improvements by @​AnomalRoil in https://github.com/libp2p/go-libp2p/pull/2722
• webrtc: use a common logger for all pion logging by @​sukunrt in https://github.com/libp2p/go-libp2p/pull/2718
• fix: ReserveMemory error cannot be printed by @​wlynxg in https://github.com/libp2p/go-libp2p/pull/2725
• webrtc: fix bug with logger wrapper by @​sukunrt in https://github.com/libp2p/go-libp2p/pull/2727
• chore: update examples to v0.33.0 by @​sukunrt in https://github.com/libp2p/go-libp2p/pull/2728
• webrtc: increase receive buffer size on listener by @​sukunrt in https://github.com/libp2p/go-libp2p/pull/2730
• security: remove unnecessary noise code by @​Dreamacro in https://github.com/libp2p/go-libp2p/pull/2738
• chore: bump quic-go by @​MarcoPolo in https://github.com/libp2p/go-libp2p/pull/2742
• add more info to "protocol mux failed" by @​zhiqiangxu in https://github.com/libp2p/go-libp2p/pull/2734
• webrtc: set sctp receive buffer size to 100kB by @​sukunrt in https://github.com/libp2p/go-libp2p/pull/2745
• ci: uci/copy-templates by @​web3-bot in https://github.com/libp2p/go-libp2p/pull/2747
• use Fx to start and stop the host, swarm, autorelay and quicreuse by @​marten-seemann in https://github.com/libp2p/go-libp2p/pull/2118
• quicreuse: remove workaround for quic-go listener close deadlock by @​sukunrt in https://github.com/libp2p/go-libp2p/pull/2746
• Use any port, not a specific one for HTTP examples by @​MarcoPolo in https://github.com/libp2p/go-libp2p/pull/2748
• feat: add tls WithKeyLogWriter option by @​wlynxg in https://github.com/libp2p/go-libp2p/pull/2750
• webrtc: add NullResourceManager, fixes panic by @​dozyio in https://github.com/libp2p/go-libp2p/pull/2752
• webrtc: run onDone callback immediately on close by @​sukunrt in https://github.com/libp2p/go-libp2p/pull/2729
• autonat: Clean up after close by @​MarcoPolo in https://github.com/libp2p/go-libp2p/pull/2749
• quic: make server cmd use RFC 9000 instead of draft-29 by @​MarcoPolo in https://github.com/libp2p/go-libp2p/pull/2753
• libp2phttp: Rename well-known resource by @​MarcoPolo in https://github.com/libp2p/go-libp2p/pull/2757
• fix: revert gorilla/websocket from 1.5.1 to 1.5.0 by @​wlynxg in https://github.com/libp2p/go-libp2p/pull/2763
• Update chat with rendezvous example by @​MarcoPolo in https://github.com/libp2p/go-libp2p/pull/2769
• Identify: emit useful events after identification by @​MarcoPolo in https://github.com/libp2p/go-libp2p/pull/2759
• libp2phttp: Return connection: close when doing http over streams by @​MarcoPolo in https://github.com/libp2p/go-libp2p/pull/2756
• Update: update incomplete readmes by @​apenzk in https://github.com/libp2p/go-libp2p/pull/2767
• Fix comment by @​MarcoPolo in https://github.com/libp2p/go-libp2p/pull/2775
• basichost: append certhash for webrtc addresses provided via address factory by @​sukunrt in https://github.com/libp2p/go-libp2p/pull/2774
• Add a "transient" network connectivity state by @​Stebalien in https://github.com/libp2p/go-libp2p/pull/2696
• webrtc: add webrtc addresses to host normalizer by @​sukunrt in https://github.com/libp2p/go-libp2p/pull/2784
• Update github.com/quic-go/quic-go dependency by @​fasmat in https://github.com/libp2p/go-libp2p/pull/2780
• fix: DNS protocol address is not reserved by @​wlynxg in https://github.com/libp2p/go-libp2p/pull/2792
• identify: refactor observed address manager to do address mapping at thin waist(IP+TCP/UDP) layer by @​sukunrt in https://github.com/libp2p/go-libp2p/pull/2793
• rcmgr: Add conn_limiter to limit number of conns per ip cidr by @​MarcoPolo in https://github.com/libp2p/go-libp2p/pull/2788

New Contributors

• @​AnomalRoil made their first contribution in https://github.com/libp2p/go-libp2p/pull/2722
• @​wlynxg made their first contribution in https://github.com/libp2p/go-libp2p/pull/2725
• @​Dreamacro made their first contribution in https://github.com/libp2p/go-libp2p/pull/2738
• @​zhiqiangxu made their first contribution in https://github.com/libp2p/go-libp2p/pull/2734
• @​apenzk made their first contribution in https://github.com/libp2p/go-libp2p/pull/2767
• @​fasmat made their first contribution in https://github.com/libp2p/go-libp2p/pull/2780

Full Changelog: libp2p/go-libp2p@v0.33.0...v0.34.0

v0.33.2

Compare Source

A patch update to bring in a fix from go-multiaddr

Full Changelog: libp2p/go-libp2p@v0.33.1...v0.33.2

v0.33.1

Compare Source

The release updates the quic-go dependency to v0.42.0. This update includes a mitigation for a memory exhaustion attack against QUIC's connection ID mechanism.

Full Changelog: libp2p/go-libp2p@v0.33.0...v0.33.1

v0.33.0

Compare Source

What's Changed

🔦 Highlights

TLS encryption for TCP by default

For TCP Connections, the default encryption scheme has been changed from noise to TLS for better performance. See PR for details.

Note: When making TCP connections to nodes that only support noise this will add 1 extra round trip for connection establishment. If you wish to avoid this and keep noise the default, configure your node to prefer noise over TLS like

	node, err := libp2p.New(
        ... other options
		libp2p.Security("/noise", noise.New),
		libp2p.Security("/tls/1.0.0", libp2ptls.New),
	)

Misc

• WebRTC streams now wait for a FIN_ACK before closing data channels. For more details see the specs PR: https://github.com/libp2p/specs/pull/582
• Removed unused public function crypto.GenerateEKeyPair. This was used in SECIO which has been long deprecated.
• This release drops support for go1.20.

Changelog

• Update docs from RSA to Ed25519 by @​librick in https://github.com/libp2p/go-libp2p/pull/2606
• examples: remove unused 'SetStreamHandler' by @​joohhnnn in https://github.com/libp2p/go-libp2p/pull/2598
• chore: update examples to v0.32 by @​sukunrt in https://github.com/libp2p/go-libp2p/pull/2626
• ci: ignore protoc version comment on go generate by @​galargh in https://github.com/libp2p/go-libp2p/pull/2631
• pstoremanager: fix race condition when removing peers from peer store by @​marten-seemann in https://github.com/libp2p/go-libp2p/pull/2644
• chore: add resource manager dashboard to docker-compose by @​burdiyan in https://github.com/libp2p/go-libp2p/pull/2641
• chore: fix typos by @​shuoer86 in https://github.com/libp2p/go-libp2p/pull/2608
• Fix Swarm Grafana Dashboard by @​burdiyan in https://github.com/libp2p/go-libp2p/pull/2640
• tcp: fix build on loong64 by @​wojiushixiaobai in https://github.com/libp2p/go-libp2p/pull/2655
• rcmgr: fix connmgr connection limit conflict warning by @​sukunrt in https://github.com/libp2p/go-libp2p/pull/2648
• webrtc: clarify that there is no reuseport functionality by @​sukunrt in https://github.com/libp2p/go-libp2p/pull/2652
• security: remove separate licenses for Noise and TLS by @​marten-seemann in https://github.com/libp2p/go-libp2p/pull/2663
• chore: update go security policy url by @​sukunrt in https://github.com/libp2p/go-libp2p/pull/2665
• chore: update go-libp2p-asn-util by @​Jorropo in https://github.com/libp2p/go-libp2p/pull/2673
• chore: fix typos in comment by @​bodhi-crypo in https://github.com/libp2p/go-libp2p/pull/2674
• examples: call NewStream from only one side by @​Halimao in https://github.com/libp2p/go-libp2p/pull/2677
• chore: update chat-with-mdns example readme by @​Halimao in https://github.com/libp2p/go-libp2p/pull/2678
• chore: remove unnecessary conversions by @​estensen in https://github.com/libp2p/go-libp2p/pull/2680
• webrtc: fix flaky TestMaxInFlightRequests by @​sukunrt in https://github.com/libp2p/go-libp2p/pull/2682
• defaults: do TLS by default for encryption by @​Jorropo in https://github.com/libp2p/go-libp2p/pull/2650
• chore: Fixed spelling errors in some files. by @​keienWang in https://github.com/libp2p/go-libp2p/pull/2689
• chore(p2p/host): typo fix by @​fakefraud in https://github.com/libp2p/go-libp2p/pull/2683
• chore: update go-multiaddr 0.12.2 by @​Jorropo in https://github.com/libp2p/go-libp2p/pull/2691
• libp2phttp: fix flaky ExampleHost_listenOnHTTPTransportAndStreams by @​sukunrt in https://github.com/libp2p/go-libp2p/pull/2697
• chore: fix typos by @​GoodDaisy in https://github.com/libp2p/go-libp2p/pull/2694
• fix:Add HTTPS to documentation link by @​keienWang in https://github.com/libp2p/go-libp2p/pull/2695
• chore(cfg): Add config.yml for new issues by @​dhuseby in https://github.com/libp2p/go-libp2p/pull/2688
• chore: testify fixes by @​dozyio in https://github.com/libp2p/go-libp2p/pull/2666
• chore: drop support for go1.20 by @​sukunrt in https://github.com/libp2p/go-libp2p/pull/2708
• chore: remove unused GenerateEKeyPair function by @​sukunrt in https://github.com/libp2p/go-libp2p/pull/2711
• quic: upgrade quic-go to v0.41.0 by @​sukunrt in https://github.com/libp2p/go-libp2p/pull/2710
• webrtc: wait for FIN_ACK before closing data channels by @​sukunrt in https://github.com/libp2p/go-libp2p/pull/2615
• chore: update dependencies for v0.33 by @​sukunrt in https://github.com/libp2p/go-libp2p/pull/2713

New Contributors

• @​joohhnnn made their first contribution in https://github.com/libp2p/go-libp2p/pull/2598
• @​galargh made their first contribution in https://github.com/libp2p/go-libp2p/pull/2631
• @​burdiyan made their first contribution in https://github.com/libp2p/go-libp2p/pull/2641
• @​shuoer86 made their first contribution in https://github.com/libp2p/go-libp2p/pull/2608
• @​wojiushixiaobai made their first contribution in https://github.com/libp2p/go-libp2p/pull/2655
• @​bodhi-crypo made their first contribution in https://github.com/libp2p/go-libp2p/pull/2674
• @​Halimao made their first contribution in https://github.com/libp2p/go-libp2p/pull/2677
• @​keienWang made their first contribution in https://github.com/libp2p/go-libp2p/pull/2689
• @​fakefraud made their first contribution in https://github.com/libp2p/go-libp2p/pull/2683
• @​GoodDaisy made their first contribution in https://github.com/libp2p/go-libp2p/pull/2694
• @​dhuseby made their first contribution in https://github.com/libp2p/go-libp2p/pull/2688
• @​dozyio made their first contribution in https://github.com/libp2p/go-libp2p/pull/2666

Full Changelog: libp2p/go-libp2p@v0.32.1...v0.33.0

v0.32.2

Compare Source

This release contains the quic-go fix for the Honeybadger vulnerability: https://github.com/quic-go/quic-go/releases/tag/v0.39.4

Full Changelog: libp2p/go-libp2p@v0.32.1...v0.32.2

v0.32.1

Compare Source

What's Changed

• swarm: fix timer Leak in the dial loop by @​Jorropo in https://github.com/libp2p/go-libp2p/pull/2636

Full Changelog: libp2p/go-libp2p@v0.32.0...v0.32.1

v0.32.0

Compare Source

🔦 Highlights

WebRTC Direct

This release adds support for WebRTC Direct. WebRTC Direct allows browser nodes to connect to go-libp2p directly, without any configuration (e.g. TLS certificates) needed on the go-libp2p side. This is useful for browser nodes that aren’t able to use Webtransport. Note that WebRTC Direct cannot be used to connect a browser node to a go-libp2p node behind a NAT / firewall. This requires using WebRTC, which is currently being worked on https://github.com/libp2p/go-libp2p/issues/2009.

Happy Eyeballs for TCP

In the last couple of releases we’ve shipped Smart Dialing and Black hole Detection. This release continues our effort to improve the dial prioritisation logic to avoid spurious dials with the introduction of Happy Eyeballs for TCP addresses. As recommended by RFC 8305, when dialing a peer’s TCP addresses, we now dial the IPv6 address first and only dial the peer’s IPv4 address if we have not established the IPv6 TCP connection within 250ms.

Misc

• host.NewStream now waits for a hole punched connection to be available rather than returning network.ErrTransientConn immediately.
• go-libp2p now works on riscv64 architectures.

Changelog

• chore: update examples to v0.31 by @​p-shahi in https://github.com/libp2p/go-libp2p/pull/2544
• libp2phttp: don't initialise ServeMux if not nil by @​sukunrt in https://github.com/libp2p/go-libp2p/pull/2548
• basichost: handle the SetProtocol error in NewStream by @​marten-seemann in https://github.com/libp2p/go-libp2p/pull/2555
• swarm: don't dial unspecified addresses by @​sukunrt in https://github.com/libp2p/go-libp2p/pull/2560
• examples: stop using deprecated peer.ID.Pretty by @​Icarus9913 in https://github.com/libp2p/go-libp2p/pull/2563
• upgrader: drop support for multistream simultaneous open by @​marten-seemann in https://github.com/libp2p/go-libp2p/pull/2557
• WebRTC Direct transport implementation by @​marten-seemann in https://github.com/libp2p/go-libp2p/pull/2337
• mock: use go.uber.org/mock by @​sukunrt in https://github.com/libp2p/go-libp2p/pull/2540
• core/peer: remove deprecated Encode function by @​marten-seemann in https://github.com/libp2p/go-libp2p/pull/2566
• core/peer: remove deprecated ID.Pretty method by @​marten-seemann in https://github.com/libp2p/go-libp2p/pull/2565
• websocket: don't resolve /dnsaddr addresses by @​marten-seemann in https://github.com/libp2p/go-libp2p/pull/2571
• swarm: fix DialPeer behaviour for transient connections by @​sukunrt in https://github.com/libp2p/go-libp2p/pull/2547
• webrtc: fail Write early if deadline has exceeded before the call by @​sukunrt in https://github.com/libp2p/go-libp2p/pull/2578
• webrtc: put buffer back to pool by @​sukunrt in https://github.com/libp2p/go-libp2p/pull/2574
• webrtc: fix deadlock on connection close by @​sukunrt in https://github.com/libp2p/go-libp2p/pull/2580
• update gomock to v0.3.0 by @​marten-seemann in https://github.com/libp2p/go-libp2p/pull/2581
• config: warn if connmgr limits conflict with rcmgr by @​piersy in https://github.com/libp2p/go-libp2p/pull/2527
• quicreuse: remove QUIC metrics tracer by @​marten-seemann in https://github.com/libp2p/go-libp2p/pull/2582
• interop: fix redis env var by @​sukunrt in https://github.com/libp2p/go-libp2p/pull/2585
• libp2phttp: don't strip / suffix when mounting handler by @​sukunrt in https://github.com/libp2p/go-libp2p/pull/2552
• Fix typos by @​vuittont60 in https://github.com/libp2p/go-libp2p/pull/2600
• swarm: add loopback to low timeout filter by @​dennis-tra in https://github.com/libp2p/go-libp2p/pull/2595
• webrtc: correctly report incoming packet address on muxed connection by @​sukunrt in https://github.com/libp2p/go-libp2p/pull/2586
• Spell Check: Fix typos by @​tkzktk in https://github.com/libp2p/go-libp2p/pull/2604
• swarm: wait for transient connections to upgrade for NewStream by @​sukunrt in https://github.com/libp2p/go-libp2p/pull/2542
• Fix missing deprecation tag by @​librick in https://github.com/libp2p/go-libp2p/pull/2605
• tcp: fix build on riscv64 by @​marten-seemann in https://github.com/libp2p/go-libp2p/pull/2590
• webrtc: fix race in TestMuxedConnection by @​sukunrt in https://github.com/libp2p/go-libp2p/pull/2607
• swarm: use happy eyeballs ranking for TCP dials by @​sukunrt in https://github.com/libp2p/go-libp2p/pull/2573
• circuitv2: don't check ASN for private addrs by @​sukunrt in https://github.com/libp2p/go-libp2p/pull/2611
• swarm: cleanup stream handler goroutine by @​sukunrt in https://github.com/libp2p/go-libp2p/pull/2610
• swarm: use typed atomics by @​marten-seemann in https://github.com/libp2p/go-libp2p/pull/2612
• test/basichost: fix flaky test due to rcmgr by @​marten-seemann in https://github.com/libp2p/go-libp2p/pull/2613
• update quic-go to v0.39.1, set a static resumption token generator key by @​marten-seemann in https://github.com/libp2p/go-libp2p/pull/2572
• ci: migrate to renamed interop test action by @​thomaseizinger in https://github.com/libp2p/go-libp2p/pull/2617
• swarm: fix recursive resolving of DNS multiaddrs by @​marten-seemann in https://github.com/libp2p/go-libp2p/pull/2564
• webrtc: fix race in TestRemoveConnByUfrag by @​sukunrt in https://github.com/libp2p/go-libp2p/pull/2620
• identify: don't filter dns addresses based on remote addr type by @​sukunrt in https://github.com/libp2p/go-libp2p/pull/2553
• chore: update dependencies for v0.32 release by @​sukunrt in https://github.com/libp2p/go-libp2p/pull/2621
• chore: update js-libp2p examples repo by @​sukunrt in https://github.com/libp2p/go-libp2p/pull/2624

New Contributors

• @​Icarus9913 made their first contribution in https://github.com/libp2p/go-libp2p/pull/2563
• @​piersy made their first contribution in https://github.com/libp2p/go-libp2p/pull/2527
• @​vuittont60 made their first contribution in https://github.com/libp2p/go-libp2p/pull/2600
• @​tkzktk made their first contribution in https://github.com/libp2p/go-libp2p/pull/2604
• @​librick made their first contribution in https://github.com/libp2p/go-libp2p/pull/2605

Full Changelog: libp2p/go-libp2p@v0.31.0...v0.32.0

v0.31.1

Compare Source

This release contains the quic-go fix for the Honeybadger vulnerability: https://github.com/quic-go/quic-go/releases/tag/v0.38.2

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.