Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): bump github.com/ipfs/kubo from 0.16.0 to 0.18.1 #54

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

chore(deps): bump github.com/ipfs/kubo from 0.16.0 to 0.18.1 #54

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 31, 2023

Bumps github.com/ipfs/kubo from 0.16.0 to 0.18.1.

Release notes

Sourced from github.com/ipfs/kubo's releases.

v0.18.1

πŸ”¦ Highlights

New default Pubsub.SeenMessagesStrategy

A new optional Pubsub.SeenMessagesStrategy configuration option has been added.

This option allows you to choose between two different strategies for deduplicating messages: first-seen and last-seen.

When unset, the default strategy is last-seen, which calculates the time-to-live (TTL) countdown based on the last time a message is seen. This means that if a message is received and then seen again within the specified TTL window based on the last time it was seen, it won't be emitted.

If you prefer the old behavior, which calculates the TTL countdown based on the first time a message is seen, you can set Pubsub.SeenMessagesStrategy to first-seen.

Improving libp2p resource management integration

This builds on the default protection nodes get against DoS (resource exhaustion) and eclipse attacks with the go-libp2p Network Resource Manager/Accountant that was fine-tuned in Kubo 0.18.

Adding default hard-limits from the Resource Manager/Accountant after the fact is tricky, and some additional improvements have been made to improve the computed defaults. As much as possible, the aim is for a user to only think about how much memory they want to bound libp2p to, and not need to think about translating that to hard numbers for connections, streams, etc. More updates are likely in future Kubo releases, but with this release:

  1. System.StreamsInbound is no longer bounded directly
  2. System.ConnsInbound, Transient.Memory, Transiet.ConnsInbound have higher default computed values.

Changelog

  • github.com/ipfs/kubo:
    • Add overview section
    • Adjust inbound connection limits depending on memory.
    • feat: Pubsub.SeenMessagesStrategy (#9543) (ipfs/kubo#9543)

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): bump github.com/ipfs/kubo from 0.16.0 to 0.18.1
084b76c 
Bumps [github.com/ipfs/kubo](https://github.com/ipfs/kubo) from 0.16.0 to 0.18.1.
- [Release notes](https://github.com/ipfs/kubo/releases)
- [Changelog](https://github.com/ipfs/kubo/blob/master/CHANGELOG.md)
- [Commits](ipfs/kubo@v0.16.0...v0.18.1)

---
updated-dependencies:
- dependency-name: github.com/ipfs/kubo
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Jan 31, 2023
@dependabot dependabot bot mentioned this pull request Jan 31, 2023
Closed
@trafico-bot trafico-bot bot added the πŸ” Ready for Review Pull Request is not reviewed yet label Jan 31, 2023
@guardrails
Copy link

guardrails bot commented Jan 31, 2023

⚠️ We detected 1 security issue in this pull request:

Vulnerable Libraries (1)
Severity Details
N/A pkg:golang/golang.org/x/net@v0.3.0 @v0.3.0 upgrade to: 1.18.9,1.19.4,0.4.0

More info on how to fix Vulnerable Libraries in Go.

πŸ‘‰ Go to the dashboard for detailed results.

πŸ“₯ Happy? Share your feedback with us.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file πŸ” Ready for Review Pull Request is not reviewed yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
0 participants