build(deps): bump the all-dependencies group with 5 updates

[dependabot]

Bumps the all-dependencies group with 5 updates:

Package	From	To
github.com/ipfs/boxo	0.23.0	0.24.0
github.com/libp2p/go-libp2p	0.36.3	0.36.4
github.com/libp2p/go-libp2p-kad-dht	0.26.1	0.27.0
github.com/mattn/go-sqlite3	1.14.23	1.14.24
lukechampine.com/frand	1.4.2	1.5.1

Updates github.com/ipfs/boxo from 0.23.0 to 0.24.0

Release notes

Sourced from github.com/ipfs/boxo's releases.

v0.24.0

Added

• boxo/bitswap/server:
  • A new WithWantHaveReplaceSize(n) option can be used with bitswap.New to fine-tune cost-vs-performance. It sets the maximum size of a block in bytes up to which the bitswap server will replace a WantHave with a WantBlock response. Setting this to 0 disables this WantHave replacement and means that block sizes are not read when processing WantHave requests. #672
• routing/http:
  • added support for address and protocol filtering to the delegated routing server (IPIP-484) #671 #678
  • added support for address and protocol filtering to the delegated routing client (IPIP-484) #678. To add filtering to the client, use the WithFilterAddrs and WithFilterProtocols options when creating the client.Client-side filtering for servers that don't support filtering is enabled by default. To disable it, use the disableLocalFiltering option when creating the client.

Fixed

• unixfs/hamt Log error instead of panic if both link and shard are nil #393

Full Changelog: ipfs/boxo@v0.23.0...v0.24.0

Changelog

Sourced from github.com/ipfs/boxo's changelog.

[v0.24.0]

Added

• boxo/bitswap/server:
  • A new WithWantHaveReplaceSize(n) option can be used with bitswap.New to fine-tune cost-vs-performance. It sets the maximum size of a block in bytes up to which the bitswap server will replace a WantHave with a WantBlock response. Setting this to 0 disables this WantHave replacement and means that block sizes are not read when processing WantHave requests. #672
• routing/http:
  • added support for address and protocol filtering to the delegated routing server (IPIP-484) #671 #678
  • added support for address and protocol filtering to the delegated routing client (IPIP-484) #678. To add filtering to the client, use the WithFilterAddrs and WithFilterProtocols options when creating the client.Client-side filtering for servers that don't support filtering is enabled by default. To disable it, use the disableLocalFiltering option when creating the client.

Changed

Removed

Fixed

• unixfs/hamt Log error instead of panic if both link and shard are nil #393

Security

Commits

• 2fdde02 Merge pull request #683 from ipfs/release-v0.24.0
• eac6c25 chore: update go-multiaddr-dns (#684)
• 8464618 docs(changelog): v0.24.0
• f61a371 update version
• d62e031 Update to latest go-libp2p (#681)
• 4d0ae45 feat: add protocol and address filtering to delegated routing api (#678)
• 19a402b feat: option to not read size of blocks for want-have requests (#672)
• 4af06fd Merge pull request #671 from ipfs/add-protocol-filtering
• 137d34f Apply suggestions from code review
• f13c862 test: add real world test case
• Additional commits viewable in compare view

Updates github.com/libp2p/go-libp2p from 0.36.3 to 0.36.4

Release notes

Sourced from github.com/libp2p/go-libp2p's releases.

v0.36.4

Note

[!CAUTION] Due to a golang/go#69312 in unbuffered timers introduced in go1.23, libp2p deadlocks if the go version in your go.mod file is go1.23. To fix this, either use the environment variable GODEBUG="asynctimerchan=1", or downgrade the go version in your go.mod file.

What's Changed

• Release v0.36.4 by @​sukunrt in libp2p/go-libp2p#2978

Full Changelog: libp2p/go-libp2p@v0.36.3...v0.36.4

Commits

• a074da0 Release v0.36.4
• a5b050b peerstore: better GC in membacked peerstore (#2960)
• c7fc3c0 chore: parameterise s3 build cache setup (#2948)
• 2d8f05f fix: use quic.Version instead of the deprecated quic.VersionNumber (#2955)
• 11f1ffc tcp: fix metrics for multiple calls to Close (#2953)
• See full diff in compare view

Updates github.com/libp2p/go-libp2p-kad-dht from 0.26.1 to 0.27.0

Release notes

Sourced from github.com/libp2p/go-libp2p-kad-dht's releases.

v0.27.0

What's Changed

• fix(query): reverting changes on TestRTEvictionOnFailedQuery by @​guillaumemichel in libp2p/go-libp2p-kad-dht#984
• ci: uci/update-go by @​web3-bot in libp2p/go-libp2p-kad-dht#985
• chore: update version by @​elecbug in libp2p/go-libp2p-kad-dht#986
• fix: replace deprecated Boxo function by @​guillaumemichel in libp2p/go-libp2p-kad-dht#987
• Add new DHT option to provide custom pb.MessageSender by @​cortze in libp2p/go-libp2p-kad-dht#991

New Contributors

• @​elecbug made their first contribution in libp2p/go-libp2p-kad-dht#986

Full Changelog: libp2p/go-libp2p-kad-dht@v0.26.1...v0.27.0

Commits

• 8170ac4 Merge pull request #992 from libp2p/release-v0.27.0
• 12c8339 release v0.27.0
• 0d075d2 Merge pull request #991 from cortze/feat/add-message-sender-opt
• 794bfc7 remove comment
• 0b803b9 change default msgSenderBuilder for config one
• 53ef5be add new option to set custom
• 3989875 Merge pull request #987 from libp2p/fix/boxo-v0.22.0
• 07fd38c addressing boxo deprecated func
• 541a8d0 Merge pull request #986 from elecbug/master
• 6a444ac chore: update version
• Additional commits viewable in compare view

Updates github.com/mattn/go-sqlite3 from 1.14.23 to 1.14.24

Commits

• See full diff in compare view

Updates lukechampine.com/frand from 1.4.2 to 1.5.1

Commits

• 4768a22 update README
• 3f951cc switch to stdlib ChaCha8 generator
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions