build(deps): bump the go-dependencies group across 1 directory with 32 updates

[dependabot]

Bumps the go-dependencies group with 18 updates in the /tools directory:

Package	From	To
github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys	1.4.0	1.5.0
github.com/aws/aws-sdk-go-v2/config	1.32.17	1.32.18
github.com/aws/aws-sdk-go-v2/feature/s3/manager	1.22.18	1.22.20
github.com/aws/aws-sdk-go-v2/service/ecrpublic	1.38.15	1.39.0
github.com/aws/smithy-go	1.25.1	1.26.0
github.com/go-openapi/analysis	0.25.0	0.25.1
github.com/go-openapi/runtime	0.31.0	0.32.2
github.com/go-openapi/runtime/server-middleware	0.30.0	0.32.2
github.com/goreleaser/goreleaser/v2	2.15.4	2.16.0
github.com/ipfs/boxo	0.39.0	0.40.0
github.com/sigstore/rekor	1.5.1	1.5.2
github.com/sigstore/timestamp-authority/v2	2.0.6	2.1.0
github.com/slack-go/slack	0.23.1	0.24.0
go.opentelemetry.io/contrib/detectors/gcp	1.43.0	1.44.0
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc	0.68.0	0.69.0
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp	0.68.0	0.69.0
golang.org/x/image	0.40.0	0.41.0
google.golang.org/api	0.280.0	0.282.0

Updates github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys from 1.4.0 to 1.5.0

Release notes

Sourced from github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys's releases.

sdk/storage/azdatalake/v1.5.0

1.5.0 (2026-05-15)

Features Added

• Includes all features from 1.5.0-beta.1

sdk/security/keyvault/azadmin/v1.5.0

1.5.0 (2026-05-25)

Other Changes

• Upgraded to API service version 2025-07-01

sdk/security/keyvault/azkeys/v1.5.0

1.5.0 (2026-05-25)

Other Changes

• Upgraded to API service version 2025-07-01

sdk/security/keyvault/azcertificates/v1.5.0

1.5.0 (2026-05-26)

Features Added

• Includes all changes from 1.5.0-beta.1.

sdk/security/keyvault/azsecrets/v1.5.0

1.5.0 (2026-05-26)

Features Added

• Includes all changes from 1.5.0-beta.1.

sdk/data/azcosmos/v1.5.0-beta.6

1.5.0-beta.6 (2026-05-15)

Features Added

• Adds PriorityLevel and ThroughputBucket options at the client and per-request level for item, query, change-feed, batch, and read-many operations. See PR 26750
• Added client-level partition key range cache and container properties cache, reducing redundant metadata round-trips for ReadMany and query operations. See PR 26723
• Added operation diagnostics on responses and DiagnosticsFromError for retrieving diagnostics from failed operations. See PR 26548

Breaking Changes

• Removed ChangeFeedResponse.PopulateCompositeContinuationToken(). The method is no longer needed: GetChangeFeed now populates ChangeFeedResponse.ContinuationToken directly with the multi-range composite token. Callers who built single-range tokens manually can use GetCompositeContinuationToken() instead. See PR 26792.

Bugs Fixed

• Fixed GetChangeFeed to survive partition splits: customer-supplied FeedRanges are now overlap-matched against the routing map, 410/Gone triggers a cache refresh and bounded retry, split parents expand into per-child queue entries (inheriting the parent's ETag), and the continuation token persists multi-range state across calls. Continuation tokens are guarded against cross-container reuse. See PR 26768.
• Fixed V2 partition key routing: the top 2 bits of the first EPK byte are now masked to stay within the partition key range space [0x00, 0x3F]. Previously, items whose V2 hash started with a byte >= 0x40 could fail routing in ReadMany because the EPK lexicographically exceeded the "FF" range sentinel. See PR 26723
• Fixed error handling for partition key range calls which would previously cause panics on any error. See PR 26723
• Fixed partition key range cache to use change-feed pagination when fetching ranges, preventing incomplete range sets on containers with many partitions. The incremental refresh path now accumulates all pages before merging, correctly handling cascading splits across multiple change-feed pages. See PR 26777

Commits

• f4ab3aa Remove arm/ClientOptions.AuxiliaryTenants (#20573)
• a554ef0 Remove azcore multitenant auth API (#20572)
• 0a42300 PutBlobFromURL/UploadBlobFromURL API (#20558)
• be3f449 Fix azcore changelog entry (#20569)
• 380d05a Fix regression - base name overrides in CI (#20563)
• 4bdfb89 Modified challenge policy test (#20554)
• 5ab558f Added support for copy source authorization to append block from url (#20557)
• d2534f7 [Azquery][Readme] Edit pass (#20382)
• e9c77a5 Bump credscan to 2.3.12.23 (#20562)
• dd74ea3 Transaction Validation - Blob Client (#20550)
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/config from 1.32.17 to 1.32.18

Commits

• db9f4e5 Release 2026-05-22
• 34e7ddc Regenerated Clients
• f9db036 Update endpoints model
• ae5eae1 Update API model
• 429dbdd Feat discover endpoint partition validation (#3410)
• ab4f5b6 Release 2026-05-21
• 757a099 Regenerated Clients
• 02c8323 Update API model
• f4ac954 Bump smithy-go version and update imports for evenstream protocoltests (#3420)
• 6d93700 Add replace for credentials dependency added on go.mod (#3419)
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/credentials from 1.19.16 to 1.19.17

Commits

• db9f4e5 Release 2026-05-22
• 34e7ddc Regenerated Clients
• f9db036 Update endpoints model
• ae5eae1 Update API model
• 429dbdd Feat discover endpoint partition validation (#3410)
• ab4f5b6 Release 2026-05-21
• 757a099 Regenerated Clients
• 02c8323 Update API model
• f4ac954 Bump smithy-go version and update imports for evenstream protocoltests (#3420)
• 6d93700 Add replace for credentials dependency added on go.mod (#3419)
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/feature/s3/manager from 1.22.18 to 1.22.20

Commits

• 38fe976 Release 2026-05-27
• a7d5164 Regenerated Clients
• 5b79052 Update API model
• 5acd7b4 Add SHA-512 auto checksum calculation for S3 (#3422)
• cc6a3d9 Release 2026-05-26
• 54c313d Regenerated Clients
• fbf1b56 Update API model
• db9f4e5 Release 2026-05-22
• 34e7ddc Regenerated Clients
• f9db036 Update endpoints model
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/ecrpublic from 1.38.15 to 1.39.0

Commits

• 648027e Release 2025-09-08
• a3b9b7b Regenerated Clients
• 67dad83 Update endpoints model
• 2bfe86a Update API model
• 59e7410 add businessmetrics feature ID for env-based bearer token (#3182)
• 1cdc158 Patching override s3expire shape (#3180)
• 1745ede Release 2025-09-05
• f84de53 Regenerated Clients
• 7cdaa31 Update API model
• 498b5c4 remove service/sms (#3177)
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/internal/checksum from 1.9.15 to 1.9.16

Commits

• 289bbd8 Release 2022-09-02
• 4169b1a Regenerated Clients
• e02802d Update SDK's smithy-go dependency to v1.13.2
• 9f98fe2 Update endpoints model
• 824a8eb Update API model
• 05a6aab Release 2022-09-01
• 5a4fbfe Regenerated Clients
• b9fde2d Update endpoints model
• 1808140 Update API model
• d47c319 Release 2022-08-31
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/s3 from 1.101.0 to 1.102.0

Commits

• 38fe976 Release 2026-05-27
• a7d5164 Regenerated Clients
• 5b79052 Update API model
• 5acd7b4 Add SHA-512 auto checksum calculation for S3 (#3422)
• cc6a3d9 Release 2026-05-26
• 54c313d Regenerated Clients
• fbf1b56 Update API model
• db9f4e5 Release 2026-05-22
• 34e7ddc Regenerated Clients
• f9db036 Update endpoints model
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/ssooidc from 1.35.21 to 1.36.0

Commits

• e2e9697 Release 2025-01-31
• 6576a09 Regenerated Clients
• f762573 Update API model
• c94df29 add transfer manager doc header (#2990)
• 880543c revert the revert on the transfer manager beta (#2993)
• 8da49e5 switch to code-generated waiters for remaining services (#2994)
• c7c6865 Release 2025-01-30
• 70f736c Regenerated Clients
• 28731c2 Update endpoints model
• 3505e4b Update API model
• Additional commits viewable in compare view

Updates github.com/aws/smithy-go from 1.25.1 to 1.26.0

Changelog

Sourced from github.com/aws/smithy-go's changelog.

Release (2026-05-27)

General Highlights

• Dependency Update: Updated to the latest SDK module versions

Module Highlights

• github.com/aws/smithy-go: v1.26.0
  • Feature: Add StringSlice to endpoint rulesfn.

Release (2026-04-23)

General Highlights

• Dependency Update: Updated to the latest SDK module versions

Module Highlights

• github.com/aws/smithy-go: v1.25.1
  • Bug Fix: Fixed a memory leak in the LRU cache implementation used by some AWS services.

Release (2026-04-15)

General Highlights

• Dependency Update: Updated to the latest SDK module versions

Module Highlights

• github.com/aws/smithy-go: v1.25.0
  • Feature: Add support for endpointBdd trait

Release (2026-04-02)

General Highlights

• Dependency Update: Updated to the latest SDK module versions

Module Highlights

• github.com/aws/smithy-go: v1.24.3
  • Bug Fix: Add additional sigv4 configuration.
• github.com/aws/smithy-go/aws-http-auth: v1.1.3
  • Bug Fix: Add additional sigv4 configuration.

Release (2026-02-27)

General Highlights

• Dependency Update: Bump minimum go version to 1.24.

Release (2026-02-20)

General Highlights

• Dependency Update: Updated to the latest SDK module versions

Module Highlights

• github.com/aws/smithy-go: v1.24.1

... (truncated)

Commits

• 45ed831 Release 2026-05-27
• 36699a9 handle vars in auth scheme id tmpl (#667)
• b81ddf7 Use GoDependency to add SDK dependencies on codegen instead of relying on go ...
• 999a54b add event stream test generator (#661)
• 22e6cf7 Expand JMESPath truthy check by allowing bare collections to be evaluated (#654)
• See full diff in compare view

Updates github.com/go-openapi/analysis from 0.25.0 to 0.25.1

Release notes

Sourced from github.com/go-openapi/analysis's releases.

v0.25.1

0.25.1 - 2026-05-25

Full Changelog: go-openapi/analysis@v0.25.0...v0.25.1

16 commits in this release.

---

Implemented enhancements

• feat: added name mangler options to Spec analyzer and FlattenOpts by @​fredbi in #183 ...

Documentation

• doc(mixin): clarify precedence rules and document limitations by @​fredbi in #196 ...
• doc: updated contributors file by @​bot-go-openapi[bot] in #186 ...
• doc: updated contributors file by @​bot-go-openapi[bot] in #184 ...
• doc: updated contributors file by @​bot-go-openapi[bot] in #182 ...
• docs: update documentation to reflect the new diff package by @​fredbi in #180 ...

Updates

• chore(deps): Bump github.com/go-openapi/testify/v2 from 2.5.0 to 2.5.1 in the go-openapi-dependencies group by @​dependabot[bot] in #194 ...
• chore(deps): Bump golang.org/x/text from 0.36.0 to 0.37.0 in the golang-org-dependencies group by @​dependabot[bot] in #193 ...
• chore(deps): Bump the go-openapi-dependencies group with 3 updates by @​dependabot[bot] in #192 ...
• chore(deps): Bump the go-openapi-dependencies group with 2 updates by @​dependabot[bot] in #191 ...
• chore(deps): Bump github.com/go-openapi/jsonpointer from 0.23.0 to 0.23.1 in the go-openapi-dependencies group by @​dependabot[bot] in #190 ...
• chore(deps): Bump the go-openapi-dependencies group with 4 updates by @​dependabot[bot] in #189 ...
• chore(deps): Bump the development-dependencies group with 9 updates by @​dependabot[bot] in #188 ...
• chore(deps): Bump golang.org/x/text from 0.35.0 to 0.36.0 in the golang-org-dependencies group by @​dependabot[bot] in #187 ...
• chore(deps): Bump actions/setup-go from 6.3.0 to 6.4.0 in the development-dependencies group by @​dependabot[bot] in #185 ...
• chore(deps): Bump github.com/go-openapi/testify/v2 from 2.4.1 to 2.4.2 in the go-openapi-dependencies group by @​dependabot[bot] in #181 ...

---

People who contributed to this release

• @​fredbi

---

analysis license terms

[![License][license-badge]][license-url]

... (truncated)

Commits

• 323d24f doc(mixin): clarify precedence rules and document limitations (#196)
• cff0ae2 chore(deps): Bump github.com/go-openapi/testify/v2
• c942c44 chore(deps): Bump golang.org/x/text in the golang-org-dependencies group
• a62a097 chore(deps): Bump the go-openapi-dependencies group with 3 updates
• a541256 chore(deps): Bump the go-openapi-dependencies group with 2 updates
• 0130179 chore(deps): Bump github.com/go-openapi/jsonpointer
• d3a49ef chore(deps): Bump the go-openapi-dependencies group with 4 updates
• 7579aba chore(deps): Bump the development-dependencies group with 9 updates
• a73ddcd chore(deps): Bump golang.org/x/text in the golang-org-dependencies group
• 539fa2e doc: updated contributors file
• Additional commits viewable in compare view

Updates github.com/go-openapi/runtime from 0.31.0 to 0.32.2

Release notes

Sourced from github.com/go-openapi/runtime's releases.

v0.32.2

0.32.2 - 2026-05-27

Full Changelog: go-openapi/runtime@v0.32.1...v0.32.2

2 commits in this release.

---

Fixed bugs

• fix(client): added a guard to avoid the client to panic by @​fredbi in #474 ...

Miscellaneous tasks

• chore: prepare release v0.32.2 by @​bot-go-openapi[bot] in #475 ...

---

People who contributed to this release

• @​fredbi

---

runtime license terms

Per-module changes

---

client-middleware/opentracing (0.32.2)

Miscellaneous tasks

• chore: prepare release v0.32.2 by @​bot-go-openapi[bot] in #475 ...

v0.32.1

... (truncated)

Commits

• a357ecf chore: prepare release v0.32.2
• 10b4d12 fix(client): added a guard to avoid the client to panic (#474)
• ea80e5a chore: prepare release v0.32.1
• 01f5c55 doc: documented SkipAuth feature with build tag (#472)
• af192a9 refactor(client): promote ContextualTransport to runtime package (#471)
• 1002219 chore: prepare release v0.32.0
• c1e2e2c Merge pull request #469 from fredbi/fix/3113-file-urlencoded
• 584ff89 ci: add unsafe-skipauth tagged-build workflow with coverage
• 4042690 feat(middleware): build-tag-gated SetSkipAuth for dev-mode auth bypass
• cd748fa refactor(client/otel): pivot OpenTelemetry transport to SubmitContext
• Additional commits viewable in compare view

Updates github.com/go-openapi/runtime/server-middleware from 0.30.0 to 0.32.2

Release notes

Sourced from github.com/go-openapi/runtime/server-middleware's releases.

v0.32.2

0.32.2 - 2026-05-27

Full Changelog: go-openapi/runtime@v0.32.1...v0.32.2

2 commits in this release.

---

Fixed bugs

• fix(client): added a guard to avoid the client to panic by @​fredbi in #474 ...

Miscellaneous tasks

• chore: prepare release v0.32.2 by @​bot-go-openapi[bot] in #475 ...

---

People who contributed to this release

• @​fredbi

---

runtime license terms

Per-module changes

---

client-middleware/opentracing (0.32.2)

Miscellaneous tasks

• chore: prepare release v0.32.2 by @​bot-go-openapi[bot] in #475 ...

v0.32.1

... (truncated)

Commits

• a357ecf chore: prepare release v0.32.2
• 10b4d12 fix(client): added a guard to avoid the client to panic (#474)
• ea80e5a chore: prepare release v0.32.1
• 01f5c55 doc: documented SkipAuth feature with build tag (#472)
• af192a9 refactor(client): promote ContextualTransport to runtime package (#471)
• 1002219 chore: prepare release v0.32.0
• c1e2e2c Merge pull request #469 from fredbi/fix/3113-file-urlencoded
• 584ff89 ci: add unsafe-skipauth tagged-build workflow with coverage
• 4042690 feat(middleware): build-tag-gated SetSkipAuth for dev-mode auth bypass
• cd748fa refactor(client/otel): pivot OpenTelemetry transport to SubmitContext
• Additional commits viewable in compare view

Updates github.com/goreleaser/goreleaser/v2 from 2.15.4 to 2.16.0

Release notes

Sourced from github.com/goreleaser/goreleaser/v2's releases.

v2.16.0

Announcement

Read the official announcement: Announcing GoReleaser v2.16.

Changelog

New Features

• bb532b61116c548da4a995f681b9cdfc47ec4a71: feat(archive): xz format (#6520) (@​jaredallard and @​caarlos0)
• 9500ead0fcf8286e1df124ab71ccd2fe379306fe: feat(builders): add node sea support (#6579) (@​caarlos0 and @​vedantmgoyal9)
• 851f8f9ad22909d47b884cf00b2365e545eed245: feat(deps): update docker in docker image (@​caarlos0)
• 8da70bc471acc0904f0b1429df1a74369890e613: feat(dockers_v2): baseimage and baseimagedigest template variables (#6625) (@​caarlos0)
• 9e629ad10562773a0dc91186b8fd92feed23d7c3: feat(dockers_v2): pre/post hooks (#6634) (@​caarlos0)
• e8d568690722707bcb840b20e0c972b8f00e3025: feat(dockers_v2): remove experimental warn (@​caarlos0)
• d5c8e4facf3e5950d8248faca446c13a31d85315: feat(dockers_v2): set extra.platforms in the artifact (#6628) (@​caarlos0)
• 868767bd2e957242a2dd388a07f85d1f2aaafcaa: feat(nix): support meta.mainProgram (#6627) (@​caarlos0)
• f72cf9d487f74587fb403bb48064c34b129585fe: feat: go1.26.3 (@​caarlos0)
• a4be92b9be10ab19b26934b3de1fb1e0128d4908: feat: proper deprecate brews (@​caarlos0)

Bug fixes

• bb9062f564e30a94b005009ae0b37c3a40bc9b96: fix(cask): emit generate_completions_from_executable after postflight (#6594) (@​caarlos0)
• 6ecba31405e8ade89b335bf05e19734d0fd8d2d8: fix(github): preserve prerelease on publish (#6591) (@​caarlos0)
• 2e17678c4be30b1c53b5931919b57e71532b6d16: fix(github): preserve prerelease publish fields (@​caarlos0)
• 17315a556ef69444cf54ad27f623abf728472bc6: fix(github): remove author lookup by email (#6601) (@​caarlos0)
• e696cf8a8b95ea8de5152a71183833e5ba11e099: fix(srpm): set format and extension in extra (#6623) (@​caarlos0)
• 9fd33f58cdbe39ccf11a8ff41a859a5735f2a628: fix(xz): rm unused field (@​caarlos0)
• 306e37db68be39da785ac15f14cf05a1f4954eff: fix: change keyword color (@​caarlos0)
• dd02be11c5280d9d985c7437eb794905073d16e4: fix: handle secondary rate limits on github (#6630) (@​caarlos0)
• 49025ca384af2286db640fef2328c02d07c84ea8: fix: run script resolves nightly tags (@​caarlos0)
• bba909e24364cc2579c7ec9d3ab12c02ca8621ff: fix: webhook error handling improvements (@​caarlos0)
• 9f2811bc1085e3ce2b9004d0e59aa65f827e690b: fix: wrong goreleaser URL (#6584) (@​ldez)
• 0944b0e216d6e23d5155aa8a9b4e66e68e51838c: fix:linkedin error handling improvements (@​caarlos0)

Documentation updates

• 9081224ee51dc19cf8023b7df4b7788416005631: docs(actions): note immutable nightly resolution (#6590) (@​caarlos0)
• 6c2d9e07cd1d242387b67262c954ed994c20801b: docs: add RWX CI guide (#6597) (@​robinaugh)
• 3514d8d7762a1977261368b63536eff9bddfedaf: docs: add slack to users list (#6605) (@​zimeg)
• 7b6496fdc4f869b09d4bca331f938bf67a06ffcd: docs: better install page (#6631) (@​caarlos0)
• 33dfa252e3a085bee0ab330f3ac02505d340409f: docs: cleanup install (@​caarlos0)
• be689affd0b732caff0984ce9fa20f6dc58ab3e1: docs: dont include nightlies in releases.json (@​caarlos0)
• 6bc06bf044ecbdd4d178b097f4a58b7b820eb635: docs: fix invalid 'neq' template function in pkg example (#6604) (@​SAY-5)
• f7b59d4a6e9d9af2e3d6d994d6f0c68d80963e7d: docs: fix logos (@​caarlos0)
• ebc848413c6fb64c2981770858d662029a84eff5: docs: fix rendering issue inside tabs (@​caarlos0)
• c6c834c35f247dd7ce08127a1387e8f3cc994a68: docs: improve install page (@​caarlos0)
• d05aaa0843dc34b2b35d5740a07b3d62c6654423: docs: missing required version (@​caarlos0)
• b1e5b9aa87247f551dd06fa7a61289e7802894bc: docs: parallax effect on homepage (#6596) (@​caarlos0)
• 6e7c9176d7341affcff160d731409ae1e5d6e0b0: docs: rm old docs instructions (@​caarlos0)
• dd373023f2d8c7f3338b4dee1a8686a460df9a92: docs: updat (@​caarlos0)
• 8b21145b052ca3ccf1737555373071095773523f: docs: update link (@​caarlos0)
• 8976559342deffb0644ca49ddf15695fa82a2bbd: docs: update users.md (@​caarlos0)
• bd4e1a5f74a23f66844921f7b9ca0d74db3c0b4f: docs: updates (@​caarlos0)

... (truncated)

Commits

• d76fb40 chore: skip one more docker test on windows
• a6af69c chore: auto-update generated files
• bd4e1a5 docs: updates
• b259380 docs: updates
• ef41ecf chore: update schema
• 9e629ad feat(dockers_v2): pre/post hooks (#6634)
• 4cc0859 chore(deps): bump the gomod group with 2 updates (#6635)
• 5b09df1 ci(deps): bump the actions group with 5 updates (#6636)
• d69bd6f chore(deps): bump the docker group across 1 directory with 2 updates (#6637)
• ca98cdf chore: auto-update generated files
• Additional commits viewable in compare view

Updates github.com/goreleaser/quill from 0.0.0-20260418030907-a259ef5caf05 to 0.0.0-20260503024558-dbc159c51d43

Commits

• See full diff in compare view

Updates github.com/ipfs/boxo from 0.39.0 to 0.40.0

Release notes

Sourced from github.com/ipfs/boxo's releases.

v0.40.0

What's Changed

Added

• retrieval: added State.Snapshot, State.Apply, and State.Notify so consumers can stream State across a process boundary, e.g. to drive a live progress bar in Kubo's cat, get, or dag export. #1153
• 🛠 pinning/pinner: added Pinner.Close() error. Close cancels every in-flight operation's context, including streaming goroutines from RecursiveKeys, DirectKeys, and InternalPins, and waits for them to return. A scalar method that observes the cancellation may return context.Canceled; a stream interrupted by Close may surface ErrClosed on the channel before it closes. After Close returns, every other method returns the new ErrClosed sentinel; streaming methods deliver it as StreamedPin.Err on a single entry, then close the channel. Close is idempotent and goroutine-safe. Action required: downstream Pinner implementations must add Close. #1150
• pinning/pinner/dspinner: implements Close. Close cancels the contexts of in-flight operations, so snapshot iteration in RecursiveKeys/DirectKeys and DAG fetches in Pin bail out promptly instead of draining to completion. Close returns as soon as those operations honor their ctx. Hosts owning the datastore should call Close on the pinner before closing the datastore to avoid the use-after-close panic path in stores such as pebble. #1150
• routing/http/types/iter: added Limit, an iterator that caps another iterator at a fixed number of values. #1157
• routing/providerquerymanager: new WithFindPeerFallback option. When set, a one-shot FindPeer fallback runs if the first dial to a provider fails; the manager retries the dial with the fresh AddrInfo, but only if FindPeer surfaced at least one address that wasn't already in the routing-record set just tried. Rescues providers whose routing-record snapshot is thin or stale but whose actual addresses are still reachable, without wasting a retry on a duplicate address set. Disabled by default; pass WithFindPeerFallback(myDHT) to enable.

Changed

• upgrade to go-libp2p-kad-dht v0.40.0

• 🛠 files: the File interface no longer embeds io.Seeker. Seekability is now explicit in the type system instead of implied by an always-present Seek method that returned ErrNotSupported at runtime for non-seekable inputs. Callers that need to seek type-assert to io.Seeker; the assertion is an honest capability check rather than a guess. Seekable implementations (ReaderFile wrapping a seekable reader, Symlink, UnixFS files returned from the gateway and importer) still satisfy the assertion. Non-seekable implementations (HTTP multipart streams, WebFile) now fail the assertion at compile-aware sites instead of producing runtime errors deep in third-party code. The previous behavior forced downstream workarounds: e.g. ipfs/kubo#11253 had to wrap files.File in a plain io.Reader/io.Closer to strip Seek and force go-car's forward-only fallback, because go-car's NewBlockReader trusted the interface and called Seek, which failed with "operation not supported" on CARv2 imports over the HTTP API. With this change the trap stops existing.

  Action required. Replace direct Seek calls on files.File with a type assertion:

  // before
  n, err := f.Seek(offset, io.SeekStart)
  // after
  seeker, ok := f.(io.Seeker)
  if !ok {
  return fmt.Errorf("file does not support seeking")
  }
  n, err := seeker.Seek(offset, io.SeekStart)

  See ipfs/kubo#11254 for a worked example of the call-site update. #1128

• ✨ routing/http/server: the Delegated Routing server now passes limit=0 (unbounded) to DelegatedRouter.FindProviders/FindPeers and applies the configured records limit itself, after filtering. Filtered requests now return a full page of results instead of fewer than requested. The server reads the delegate's iterator lazily and closes it once it has enough records. Action required: delegate implementations should return results lazily and stop work on Close. A delegate that previously used the limit argument to end its walk early should now end the walk on Close instead. #1157

• path/resolver: ResolveToLastNode, ResolvePath, and ResolvePathComponents now populate retrieval.State on the request context when one is attached. They advance the state to PhasePathResolution, record the root CID from the input path, and record the terminal CID once resolution completes. Until now only the gateway backends populated these fields, leaving non-gateway callers (CLIs, custom tools) without phase or CID diagnostics on retrieval errors. The new calls are idempotent with the existing gateway-side ones, so behavior on the gateway path is unchanged.

Fixed

• files: now builds under GOOS=js GOARCH=wasm and GOOS=wasip1 GOARCH=wasm. #935
• routing/http/server: filtered /routing/v1/providers and /routing/v1/peers requests now return up to the configured records limit. Previously the limit was applied before filter-addrs/filter-protocols ran, so records dropped by the filters shrank the response below the limit. The limit now applies after filtering. #1157
• routing/http/types/iter: Filter.Next now iterates instead of recursing on rejected values, so the goroutine stack stays flat even when a long run of records is filtered out. This matters now that the server pulls unbounded results from the delegate. #1157

Full Changelog: ipfs/boxo@v0.39.0...v0.40.0

[!NOTE] This release was brought to you by the Shipyard team.

Changelog

Sourced from github.com/ipfs/boxo's changelog.

[v0.40.0]

Added

• retrieval: added State.Snapshot, State.Apply, and State.Notify so consumers can stream State across a process boundary, e.g. to drive a live progress bar in Kubo's cat, get, or dag export. #1153
• 🛠 pinning/pinner: added Pinner.Close() error. Close cancels every in-flight operation's context, including streaming goroutines from RecursiveKeys, DirectKeys, and InternalPins, and waits for them to return. A scalar method that observes the cancellation may return context.Canceled; a stream interrupted by Close may surface ErrClosed on the channel before it closes. After Close returns, every other method returns the new ErrClosed sentinel; streaming methods deliver it as StreamedPin.Err on a single entry, then close the channel. Close is idempotent and goroutine-safe. Action required: downstream Pinner implementations must add Close. #1150
• pinning/pinner/dspinner: implements Close. Close cancels the contexts of in-flight operations, so snapshot iteration in RecursiveKeys/DirectKeys and DAG fetches in Pin bail out promptly instead of draining to completion. Close returns as soon as those operations honor their ctx. Hosts owning the datastore should call Close ...

  Description has been truncated