Skip to content

build(deps): bump the ipfs-ecosystem group across 1 directory with 3 updates #13422

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

build(deps): bump the ipfs-ecosystem group across 1 directory with 3 updates #13422

wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 7, 2025
edited
Loading

Bumps the ipfs-ecosystem group with 2 updates in the / directory: github.com/ipfs/boxo and github.com/ipfs/go-cid.

Updates github.com/ipfs/boxo from 0.35.0 to 0.35.2

Release notes

Sourced from github.com/ipfs/boxo's releases.

v0.35.2

What's Changed

  • upgrade to go-libp2p v0.45.0
  • upgrade to go-log/v2 v2.9.0
    • Applications using go-log (>=2.9)+go-libp2p(>=0.45) may need to initialize their application to bridge slog-based libraries to into go-log. See documentation for go-log release and slog integration.

Full Changelog: ipfs/boxo@v0.35.1...v0.35.2

v0.35.1

[!NOTE] This release was brought to you by the Shipyard team.

What's Changed

Added

  • new span for the handleIncoming bitswap client getter plus events when blocks are received.
  • mark opentelemetry spans, span attributes, and span events as being used by ProbeLab's analysis scripts

Changed

  • upgrade to go-dsqueue v0.1.0 - Fixes batch reuse that could cause panic.

Fixed

  • gateway: Fixed duplicate peer IDs appearing in retrieval timeout error messages
  • bitswap/client: fix tracing by using context to pass trace and retrieval state to session #1059
    • bitswap/client: propagate trace state when calling GetBlocks #1060
  • bitswap/network/httpnet: improved error detection on HTTP and block fetches:
    • Do not attempt to GET a test CID if the endpoint returns 429 to the test HEAD request.
    • Unify error parsing and handling of http statues and content.

Full Changelog: ipfs/boxo@v0.35.0...v0.35.1

Changelog

Sourced from github.com/ipfs/boxo's changelog.

[v0.35.2]

Changed

  • upgrade to go-libp2p v0.45.0
  • upgrade to go-log/v2 v2.9.0
    • Applications using go-log (>=2.9)+go-libp2p(>=0.45) may need to initialize their application to bridge slog-based libraries to into go-log. See documentation for go-log release and slog integration.

[v0.35.1]

Added

  • new span for the handleIncoming bitswap client getter plus events when blocks are received.
  • mark opentelemetry spans, span attributes, and span events as being used by ProbeLab's analysis scripts

Changed

  • upgrade to go-dsqueue v0.1.0 - Fixes batch reuse that could cause panic.

Fixed

  • gateway: Fixed duplicate peer IDs appearing in retrieval timeout error messages
  • bitswap/client: fix tracing by using context to pass trace and retrieval state to session #1059
    • bitswap/client: propagate trace state when calling GetBlocks #1060
  • bitswap/network/httpnet: improved error detection on HTTP and block fetches:
    • Do not attempt to GET a test CID if the endpoint returns 429 to the test HEAD request.
    • Unify error parsing and handling of http statues and content.
Commits

Updates github.com/ipfs/go-cid from 0.5.0 to 0.6.0

Release notes

Sourced from github.com/ipfs/go-cid's releases.

v0.6.0

What's Changed

Full Changelog: ipfs/go-cid@v0.5.0...v0.6.0

Commits
  • 594b41a v0.6.0 bump (#178)
  • 7942a87 chore(deps): bump github.com/multiformats/go-varint from 0.0.7 to 0.1.0 (#177)
  • 6365bff Merge pull request #176 from ipfs/uci/update-go
  • 1022508 chore!: bump go.mod to Go 1.24 and run go fix
  • 1afa3fe chore(deps): bump golang.org/x/crypto from 0.31.0 to 0.35.0 (#175)
  • 3b830eb ci: uci/copy-templates (#174)
  • 4d43496 chore!: bump go.mod to Go 1.23 and run go fix (#173)
  • See full diff in compare view

Updates github.com/ipfs/go-log/v2 from 2.8.2 to 2.9.0

Release notes

Sourced from github.com/ipfs/go-log/v2's releases.

v2.9.0

The Problem

go-libp2p 0.44 switched from go-log to slog, which broke visibility of go-libp2p logs for applications using go-log. Applications could no longer see go-libp2p logs or adjust their levels at runtime (see kubo#11035).

go-libp2p maintainers evaluated two options presented by Kubo maintainers for addressing this (details): fix the breaking change in go-libp2p, or require each application to add integration code. The manual integration approach was selected.

The Fix

This release adds SlogHandler() to bridge slog-based libraries back into go-log. Applications using go-log (>=2.9)+go-libp2p(>=0.45) need to add this to their init():

import (
    "log/slog"
    golog "github.com/ipfs/go-log/v2"
    "github.com/libp2p/go-libp2p/gologshim"
)
func init() {
// Route all slog logs through go-log
slog.SetDefault(slog.New(golog.SlogHandler()))
// Connect go-libp2p to go-log
gologshim.SetDefaultHandler(golog.SlogHandler())

}

After adding this:

  • go-libp2p logs appear in application output again
  • SetLogLevel("libp2p-swarm", "debug") works again
  • logs can be piped to dynamically created sinks, like ipfs log tail
  • All logs use go-log's formatting (JSON/color/nocolor)

More Info

See the README: Slog integration for details.

Full Changelog: ipfs/go-log@v2.8.2...v2.9.0

[!NOTE] This release was brought to you by the Shipyard team.

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Nov 7, 2025
@github-project-automation github-project-automation bot moved this to 📌 Triage in FilOz Nov 7, 2025
@dependabot
build(deps): bump the ipfs-ecosystem group across 1 directory with 3 …
ac451db 
…updates

Bumps the ipfs-ecosystem group with 2 updates in the / directory: [github.com/ipfs/boxo](https://github.com/ipfs/boxo) and [github.com/ipfs/go-cid](https://github.com/ipfs/go-cid).


Updates `github.com/ipfs/boxo` from 0.35.0 to 0.35.2
- [Release notes](https://github.com/ipfs/boxo/releases)
- [Changelog](https://github.com/ipfs/boxo/blob/main/CHANGELOG.md)
- [Commits](ipfs/boxo@v0.35.0...v0.35.2)

Updates `github.com/ipfs/go-cid` from 0.5.0 to 0.6.0
- [Release notes](https://github.com/ipfs/go-cid/releases)
- [Commits](ipfs/go-cid@v0.5.0...v0.6.0)

Updates `github.com/ipfs/go-log/v2` from 2.8.2 to 2.9.0
- [Release notes](https://github.com/ipfs/go-log/releases)
- [Commits](ipfs/go-log@v2.8.2...v2.9.0)

---
updated-dependencies:
- dependency-name: github.com/ipfs/boxo
  dependency-version: 0.35.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: ipfs-ecosystem
- dependency-name: github.com/ipfs/go-cid
  dependency-version: 0.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: ipfs-ecosystem
- dependency-name: github.com/ipfs/go-log/v2
  dependency-version: 2.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: ipfs-ecosystem
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/go_modules/ipfs-ecosystem-e7cf8ff4cc branch from 2796221 to ac451db Compare November 7, 2025 11:47
rvagg
rvagg requested changes Nov 7, 2025
View reviewed changes
Copy link
Member

@rvagg rvagg left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

needs investigation, fails gen check; this is sus but I think it's equivalent (subtle changes in use of i vs the new idx):

-	i -= 1
-	if i < 0 || i >= CheckStatusCode(len(_CheckStatusCode_index)-1) {
-		return "CheckStatusCode(" + strconv.FormatInt(int64(i+1), 10) + ")"
+	idx := int(i) - 1
+	if i < 1 || idx >= len(_CheckStatusCode_index)-1 {
+		return "CheckStatusCode(" + strconv.FormatInt(int64(i), 10) + ")"

@github-project-automation github-project-automation bot moved this from 📌 Triage to ⌨️ In Progress in FilOz Nov 7, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rvagg rvagg rvagg requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

FilOz
Status: ⌨️ In Progress

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rvagg