fix(deps): update module github.com/libp2p/go-libp2p to v0.46.0

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
github.com/libp2p/go-libp2p	v0.41.1 -> v0.46.0

---

Release Notes

libp2p/go-libp2p (github.com/libp2p/go-libp2p)

v0.46.0

Compare Source

What's Changed

• fix(webrtc): use debug level for pion errors by @​lidel in #​3426
• chore: update quic-go to v0.56.0 by @​sukunrt in #​3425
• fix(mdns): filter addresses to reduce packet size by @​lidel in #​3434
• chore: update quic-go to v0.57.1 by @​sukunrt in #​3439

Full Changelog: libp2p/go-libp2p@v0.45.0...v0.46.0

v0.45.0

Compare Source

A small release that adjust some noisy logging levels and adds a method for dynamically change the slog Handler for better integration with applications that use go-log.

What's Changed

• fix(websocket): use debug level for operational noise errors by @​lidel in #​3413
• chore: Update Drips ownedBy address in FUNDING.json by @​p-shahi in #​3422
• feat(gologshim): Add SetDefaultHandler by @​lidel in #​3418

Full Changelog: libp2p/go-libp2p@v0.44.0...v0.45.0

v0.44.0

Compare Source

Highlights

Address Pipeline:

• Observed Address Manager has been moved out of identify to its own package, github.com/libp2p/go-libp2p/p2p/host/obsaddrs
• ⚠️ Identify Service doesn't support the DisableObservedAddrManager Option. The top level libp2p option DisableIdentifyAddressDiscovery works as it used to.

What's Changed

• fix: clean up associations for closed listeners. by @​Prabhat1308 in #​3306
• swarm: move AddCertHashes to swarm by @​sukunrt in #​3330
• refactor(quicreuse): use errors.Join in Close method by @​crStiv in #​3363
• network: rename NAT Types by @​sukunrt in #​3331
• feat(metrics): add Reset and TrimIdle methods to reporter interface by @​cpeliciari in #​3343
• feat(simlibp2p): Simulated libp2p Networks by @​MarcoPolo in #​3262
• Support Go 1.24 & 1.25 by @​MarcoPolo in #​3366
• basichost: move observed address manager to basichost by @​sukunrt in #​3332
• ci: uci/update-go by @​web3-bot in #​3371
• feat: Migrate to log/slog by @​MarcoPolo in #​3364
• AI tooling must be disclosed for contributions by @​MarcoPolo in #​3372
• docs: remove broken link by @​MarcoPolo in #​3375
• enhancement: include non public relay addresses to be advertised too #​3361 #​3365 by @​shoriwe in #​3379
• fix: self-healing NAT mappings with request deduplication by @​lidel in #​3367
• feat(network): Add ConnAs by @​MarcoPolo in #​3338
• refactor: replace context.WithCancel with t.Context by @​cargoedit in #​3383
• chore: add help comment by @​MarcoPolo in #​3385
• README: remove Drand from notable users section by @​marten-seemann in #​3388
• docs: Update contribute section by @​MarcoPolo in #​3387
• fix: assignment to entry in nil map by @​dennis-tra in #​3395
• Refactor pre core module by @​MarcoPolo in #​3396
• basichost: move EvtLocalAddrsChanged to addrs_manager by @​sukunrt in #​3355
• ci: move to github actions runner by @​MarcoPolo in #​3398
• basichost: fix lint error by @​sukunrt in #​3400

New Contributors

• @​crStiv made their first contribution in #​3363
• @​shoriwe made their first contribution in #​3379
• @​cargoedit made their first contribution in #​3383

Full Changelog: libp2p/go-libp2p@v0.43.0...v0.44.0

v0.43.0

Compare Source

Highlights

This is a small release to allow users to upgrade to the latest quic-go version as the quic-go API was changed heavily in quic-go v0.53

What's Changed

• quic: upgrade quic-go to v0.53 by @​sukunrt in #​3323
• basichost: fix Addrs docstring by @​sukunrt in #​3341
• basichost: fix deadlock with addrs_manager by @​sukunrt in #​3348
• chore: upgrade quic-go to v0.54.0 by @​sukunrt in #​3351

Full Changelog: libp2p/go-libp2p@v0.42.0...v0.43.0

v0.42.1

Compare Source

What's Changed

• addrsmanager: extract out addressing logic from basichost by @​sukunrt in #​3075
• fix: fix incorrect nil return value by @​huochexizhan in #​3219
• fix(libp2phttp): bound NewStream timeout by @​algorandskiy in #​3225
• webrtc: fix memory leak with udpmux.muxedConnection context by @​sukunrt in #​3243
• connmgr: fix transport association bug by @​sukunrt in #​3221
• connmgr: remove WithEmergencyTrim by @​sukunrt in #​3217
• fix: Add wrapped error type in stream.go by @​Prabhat1308 in #​3237
• autonatv2: fix server dial data request policy by @​sukunrt in #​3247
• autonatv2: explicitly handle dns addrs by @​sukunrt in #​3249
• transport: add GatedMaListener type by @​sukunrt in #​3186
• chore(examples): p2p-forge/client v0.4.0 by @​lidel in #​3211
• optimize: using t.TempDir() replace os.MkdirTemp in testfile by @​argentpapa in #​3222
• peerstore: remove unused badger tests by @​sukunrt in #​3252
• chore: p2p-forge v0.5.0 by @​lidel in #​3257
• ci: uci/copy-templates by @​web3-bot in #​3254
• fix(relay): fix data-race in relayFinder by @​b00f in #​3258
• identify: reduce timeout to 5 seconds by @​sukunrt in #​3259
• peerstore: remove leveldb tests by @​sukunrt in #​3260
• webrtc: support receiving 256kB messages by @​sukunrt in #​3255
• rcmgr: use netip.Prefix as map key instead of string by @​sukunrt in #​3264
• chore(certificate): update test vectors by @​vladopajic in #​3242
• build(test_analysis): use modernc.org/sqlite directly by @​levisyin in #​3227
• ci: add golangci-lint for linting by @​sukunrt in #​3269
• fix: Improve NAT port mapping failure logging by @​VolodymyrBg in #​3261
• Add missing log for failed GC record unmarshalling in purgeStore() by @​vipocenka in #​3273
• identify: rate limit id push protocol by @​sukunrt in #​3266
• quicreuse: add some documentation for the package by @​sukunrt in #​3279
• eventbus: change slow consumer event from error to warn by @​guillaumemichel in #​3286
• chore: use tcort/github-action-markdown-link-check by @​sukunrt in #​3291
• swarm_test: support more transports for GenSwarm by @​sukunrt in #​3130
• go-clock migration by @​guillaumemichel in #​3293
• fix: Ensure tcpGatedMaListener wrapping on both metrics and non-metri… by @​GarmashAlex in #​3275
• ci: uci/copy-templates by @​web3-bot in #​3282
• Revert "go-clock migration" by @​guillaumemichel in #​3303
• basichost: use autonatv2 to verify reachability by @​sukunrt in #​3231
• quic: gate connections before handshake by @​sukunrt in #​3283
• autonatv2: add Unknown addrs to event by @​sukunrt in #​3305
• chore: fix errors reported by golangci-lint by @​galargh in #​3295
• autonatv2: add metrics by @​sukunrt in #​3308
• mocknet: notify listeners on listen by @​sukunrt in #​3310
• ci: go-check now support golangci-lint by @​galargh in #​3309
• chore: update deps by @​sukunrt in #​3312
• Release v0.42.0 by @​sukunrt in #​3318

New Contributors

• @​huochexizhan made their first contribution in #​3219
• @​algorandskiy made their first contribution in #​3225
• @​Prabhat1308 made their first contribution in #​3237
• @​argentpapa made their first contribution in #​3222
• @​b00f made their first contribution in #​3258
• @​vladopajic made their first contribution in #​3242
• @​levisyin made their first contribution in #​3227
• @​VolodymyrBg made their first contribution in #​3261
• @​vipocenka made their first contribution in #​3273
• @​GarmashAlex made their first contribution in #​3275

Full Changelog: libp2p/go-libp2p@v0.41.0...v0.42.1

v0.42.0

Compare Source

⚠ Breaking Changes

Added a new method, VerifySourceAddress(net.Addr) bool, to the Resource Manager interface.
For more details see the Source Address Verification section.

For custom implementation which want to opt out of Source Address Verification and keep the existing behavior, return false from the method.

🔦 Highlights

Per Address Reachability via AutoNAT v2

libp2p hosts can now determine reachability for individual addresses using AutoNATV2. To opt in to reachability checking use the EnableAutoNATV2 libp2p option. Using this nodes can now determine their IPv4, IPv6, and browser address reachability separately. In a future release, AutoRelay will use this information and make appropriate relay reservations accordingly. https://pkg.go.dev/github.com/libp2p/go-libp2p#EnableAutoNATv2

To query addresses by their reachability, ConfirmedAddrs() (reachable, unreachable, unknown []ma.Multiaddr) that provides Reachability information per host address. https://pkg.go.dev/github.com/libp2p/go-libp2p/p2p/host/basic#BasicHost.ConfirmedAddrs
For notifications, Subscribe to the event event.EvtHostReachableAddrsChanged https://pkg.go.dev/github.com/libp2p/go-libp2p/core/event#EvtHostReachableAddrsChanged

Rate Limiting

We've introduced the package github.com/libp2p/go-libp2p/x/rate for rate limiting. The struct rate.Limiter provides Global, Network Specific, and Subnet Specific rate limiting. The Subnet specific rate limits allows for better DoS Protection by rate limiting malicious IPs. https://pkg.go.dev/github.com/libp2p/go-libp2p/x/rate

Use Limit(f func(s network.Stream)) func(s network.Stream) on Limiter to limit specific stream handlers. For example, within libp2p, the Identify Service uses this as
ids.Host.SetStreamHandler(IDPush, ids.rateLimiter.Limit(ids.handlePush)) to rate limit the number of times peers can perform identify push.

For non Stream use cases use the Allow(ip) method on the limiter.

Connection Rate Limiting

New connection requests are now rate limited per IP. By default we allow 1 connection every 5 seconds from an IP address with a burst of 16 connections per IP. The burst is high enough that this should only block malicious peers.

To configure the connection rate limits, use the WithConnRateLimiters option on the Resource Manager. https://pkg.go.dev/github.com/libp2p/go-libp2p/p2p/host/resource-manager#WithConnRateLimiters

Source Address Verification for QUIC

This release introduces Source Address Verification for QUIC, preventing DoS attacks by spoofing IP addresses. See: https://www.rfc-editor.org/rfc/rfc9000.html#section-8 for details.

We are now gating incoming QUIC connections before the handshake is started. This further improves DoS protection by not wasting CPU on handshaking QUIC connections which would have been dropped by the Resource Manager.

Other changes

• WebRTC Direct peers can now send messages of up to 256 kB (see spec: libp2p/specs#628)
• Refactored the addressing code within BasicHost and moved it into Address Manager. In a future release, this will be exposed to users with an improved Address API for the libp2p Host.

What's Changed

• addrsmanager: extract out addressing logic from basichost by @​sukunrt in #​3075
• fix: fix incorrect nil return value by @​huochexizhan in #​3219
• fix(libp2phttp): bound NewStream timeout by @​algorandskiy in #​3225
• webrtc: fix memory leak with udpmux.muxedConnection context by @​sukunrt in #​3243
• connmgr: fix transport association bug by @​sukunrt in #​3221
• connmgr: remove WithEmergencyTrim by @​sukunrt in #​3217
• fix: Add wrapped error type in stream.go by @​Prabhat1308 in #​3237
• autonatv2: fix server dial data request policy by @​sukunrt in #​3247
• autonatv2: explicitly handle dns addrs by @​sukunrt in #​3249
• transport: add GatedMaListener type by @​sukunrt in #​3186
• chore(examples): p2p-forge/client v0.4.0 by @​lidel in #​3211
• optimize: using t.TempDir() replace os.MkdirTemp in testfile by @​argentpapa in #​3222
• peerstore: remove unused badger tests by @​sukunrt in #​3252
• chore: p2p-forge v0.5.0 by @​lidel in #​3257
• ci: uci/copy-templates by @​web3-bot in #​3254
• fix(relay): fix data-race in relayFinder by @​b00f in #​3258
• identify: reduce timeout to 5 seconds by @​sukunrt in #​3259
• peerstore: remove leveldb tests by @​sukunrt in #​3260
• webrtc: support receiving 256kB messages by @​sukunrt in #​3255
• rcmgr: use netip.Prefix as map key instead of string by @​sukunrt in #​3264
• chore(certificate): update test vectors by @​vladopajic in #​3242
• build(test_analysis): use modernc.org/sqlite directly by @​levisyin in #​3227
• ci: add golangci-lint for linting by @​sukunrt in #​3269
• fix: Improve NAT port mapping failure logging by @​VolodymyrBg in #​3261
• Add missing log for failed GC record unmarshalling in purgeStore() by @​vipocenka in #​3273
• identify: rate limit id push protocol by @​sukunrt in #​3266
• quicreuse: add some documentation for the package by @​sukunrt in #​3279
• eventbus: change slow consumer event from error to warn by @​guillaumemichel in #​3286
• chore: use tcort/github-action-markdown-link-check by @​sukunrt in #​3291
• swarm_test: support more transports for GenSwarm by @​sukunrt in #​3130
• go-clock migration by @​guillaumemichel in #​3293
• fix: Ensure tcpGatedMaListener wrapping on both metrics and non-metri… by @​GarmashAlex in #​3275
• ci: uci/copy-templates by @​web3-bot in #​3282
• Revert "go-clock migration" by @​guillaumemichel in #​3303
• basichost: use autonatv2 to verify reachability by @​sukunrt in #​3231
• quic: gate connections before handshake by @​sukunrt in #​3283
• autonatv2: add Unknown addrs to event by @​sukunrt in #​3305
• chore: fix errors reported by golangci-lint by @​galargh in #​3295
• autonatv2: add metrics by @​sukunrt in #​3308
• mocknet: notify listeners on listen by @​sukunrt in #​3310
• ci: go-check now support golangci-lint by @​galargh in #​3309
• chore: update deps by @​sukunrt in #​3312

New Contributors

• @​huochexizhan made their first contribution in #​3219
• @​algorandskiy made their first contribution in #​3225
• @​Prabhat1308 made their first contribution in #​3237
• @​argentpapa made their first contribution in #​3222
• @​b00f made their first contribution in #​3258
• @​vladopajic made their first contribution in #​3242
• @​levisyin made their first contribution in #​3227
• @​VolodymyrBg made their first contribution in #​3261
• @​vipocenka made their first contribution in #​3273
• @​GarmashAlex made their first contribution in #​3275

Full Changelog: libp2p/go-libp2p@v0.41.0...v0.42.0

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 15 additional dependencies were updated

Details:

Package	Change
golang.org/x/time	v0.11.0 -> v0.12.0
github.com/libp2p/go-netroute	v0.2.2 -> v0.3.0
github.com/libp2p/go-yamux/v5	v5.0.0 -> v5.0.1
github.com/multiformats/go-multiaddr	v0.15.0 -> v0.16.0
github.com/pion/ice/v4	v4.0.8 -> v4.0.10
github.com/pion/interceptor	v0.1.37 -> v0.1.40
github.com/pion/turn/v4	v4.0.0 -> v4.0.2
github.com/pion/webrtc/v4	v4.0.10 -> v4.1.2
github.com/prometheus/client_golang	v1.21.1 -> v1.22.0
github.com/prometheus/common	v0.62.0 -> v0.64.0
github.com/prometheus/procfs	v0.15.1 -> v0.16.1
github.com/quic-go/quic-go	v0.50.1 -> v0.55.0
github.com/quic-go/webtransport-go	v0.8.1-0.20241018022711-4ac2c9250e66 -> v0.9.0
go.uber.org/dig	v1.18.2 -> v1.19.0
go.uber.org/fx	v1.23.0 -> v1.24.0

[renovate]

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 16 additional dependencies were updated

Details:

Package	Change
golang.org/x/time	v0.11.0 -> v0.12.0
github.com/libp2p/go-netroute	v0.2.2 -> v0.3.0
github.com/libp2p/go-yamux/v5	v5.0.0 -> v5.0.1
github.com/multiformats/go-multiaddr	v0.15.0 -> v0.16.0
github.com/pion/ice/v4	v4.0.8 -> v4.0.10
github.com/pion/interceptor	v0.1.37 -> v0.1.40
github.com/pion/turn/v4	v4.0.0 -> v4.0.2
github.com/pion/webrtc/v4	v4.0.10 -> v4.1.2
github.com/prometheus/client_golang	v1.21.1 -> v1.22.0
github.com/prometheus/common	v0.62.0 -> v0.64.0
github.com/prometheus/procfs	v0.15.1 -> v0.16.1
github.com/quic-go/qpack	v0.5.1 -> v0.6.0
github.com/quic-go/quic-go	v0.50.1 -> v0.57.1
github.com/quic-go/webtransport-go	v0.8.1-0.20241018022711-4ac2c9250e66 -> v0.9.0
go.uber.org/dig	v1.18.2 -> v1.19.0
go.uber.org/fx	v1.23.0 -> v1.24.0