Bump libp2p and ipfs in /packages/publisher

[dependabot]

Bumps libp2p to 0.40.0 and updates ancestor dependency ipfs. These dependencies need to be updated together.

Updates libp2p from 0.29.0 to 0.40.0

Release notes

Sourced from libp2p's releases.

libp2p v0.40.0

Upgrading

Please see the migration guide for upgrading to this release: doc/migrations/v0.37-v0.40.md

⚠ BREAKING CHANGES

• libp2p no longer automatically dials every discovered peer
  • to replicate the old behaviour, listen for 'peer:discovery' events and dial peers manually
• modules no longer implement Initializable instead switching to constructor injection
  • details in: remove @​libp2p/components (#1427) (a3847f2)

Features

• allow skipping encryption and custom muxer factory in upgrader (#1411) (6615efa)
• deny incoming connections and add allow/deny lists (#1398) (c185ef5)

Bug Fixes

• add after upgrade inbound method (#1422) (487b942)
• add pending connection limit (#1423) (b717beb)
• close stream after sending identify (#1424) (a74d22a)
• do not auto-dial peers (#1397) (ca30192)
• enable identify service all the time (#1440) (931e042)
• regenerate protobuf defs (#1439) (e10eea2)
• remove @​libp2p/components (#1427) (a3847f2)

libp2p v0.39.5

Bug Fixes

• stub new connection manager accept incoming connection method (#1404) (5ad175c)

libp2p v0.39.4

Bug Fixes

• update insecure connection encrypter (#1400) (12a2c75)

libp2p v0.39.3

Bug Fixes

• when creating dial targets, encapsulate PeerIds last (#1389) (ec02351)
• yield only final peers from dht getClosestPeers (#1380) (3f57eda)

... (truncated)

Changelog

Sourced from libp2p's changelog.

0.40.0 (2022-10-17)

⚠ BREAKING CHANGES

• modules no longer implement Initializable instead switching to constructor injection
• the old behaviour was to dial any peer we discover, now we just add them to the peer store instead

Features

• allow skipping encryption and custom muxer factory in upgrader (#1411) (6615efa)
• deny incoming connections and add allow/deny lists (#1398) (c185ef5)

Bug Fixes

• add after upgrade inbound method (#1422) (487b942)
• add pending connection limit (#1423) (b717beb)
• close stream after sending identify (#1424) (a74d22a)
• do not auto-dial peers (#1397) (ca30192)
• enable identify service all the time (#1440) (931e042)
• regenerate protobuf defs (#1439) (e10eea2)
• remove @​libp2p/components (#1427) (a3847f2)

0.39.5 (2022-10-05)

Bug Fixes

• stub new connection manager accept incoming connection method (#1404) (5ad175c)

0.39.4 (2022-10-04)

Bug Fixes

• update insecure connection encrypter (#1400) (12a2c75)

0.39.3 (2022-09-28)

Bug Fixes

• when creating dial targets, encapsulate PeerIds last (#1389) (ec02351)
• yield only final peers from dht getClosestPeers (#1380) (3f57eda)

0.39.2 (2022-09-21)

Bug Fixes

... (truncated)

Commits

• 9fcaff8 chore: release 0.40.0 (#1410)
• c69e452 deps: update it-* deps to ESM versions (#1444)
• 931e042 fix: enable identify service all the time (#1440)
• f4b1f54 docs: update metrics docs (#1441)
• a74d22a fix: close stream after sending identify (#1424)
• e10eea2 fix: regenerate protobuf defs (#1439)
• a3847f2 fix!: remove @​libp2p/components (#1427)
• b717beb fix: add pending connection limit (#1423)
• 487b942 fix: add after upgrade inbound method (#1422)
• 14acff5 docs: fix whitespace
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by npm-service-account-libp2p, a new releaser for libp2p since your current version.

Updates ipfs from 0.50.2 to 0.65.0

Release notes

Sourced from ipfs's releases.

ipfs ipfs-v0.65.0

See the upgrade guide.

⚠ BREAKING CHANGES

• ipfs is now bundled with libp2p@0.40.x which has different config. See the migration guide here: https://github.com/libp2p/js-libp2p/blob/master/doc/migrations/v0.39-v0.40.md

Features

• upgrade libp2p to 0.40.x (#4237) (0cee4a4)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • ipfs-cli bumped from ^0.14.2 to ^0.15.0
    • ipfs-core bumped from ^0.16.1 to ^0.17.0
  • devDependencies
    • interface-ipfs-core bumped from ^0.156.1 to ^0.157.0
    • ipfs-client bumped from ^0.9.1 to ^0.9.2
    • ipfs-core-types bumped from ^0.12.1 to ^0.13.0
    • ipfs-http-client bumped from ^58.0.1 to ^59.0.0

ipfs ipfs-v0.64.2

Bug Fixes

• update @​multiformats/multiadd to 11.0.0 (2a830bf)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • ipfs-cli bumped from ^0.14.1 to ^0.14.2
    • ipfs-core bumped from ^0.16.0 to ^0.16.1
  • devDependencies
    • interface-ipfs-core bumped from ^0.156.0 to ^0.156.1
    • ipfs-client bumped from ^0.9.0 to ^0.9.1
    • ipfs-core-types bumped from ^0.12.0 to ^0.12.1
    • ipfs-http-client bumped from ^58.0.0 to ^58.0.1

ipfs ipfs-v0.64.1

Dependencies

• The following workspace dependencies were updated

... (truncated)

Commits

• e8b7b66 chore: release master (#4221)
• 0cee4a4 feat!: upgrade libp2p to 0.40.x (#4237)
• dfc43d4 fix: replace slice with subarray for increased performance (#4210)
• acbc1c6 chore: update changelog types to add docs and deps (#4220)
• d1b0a8a fix!: require IPNS V2 signatures (#4207)
• d75e0a3 deps(dev): update interop suite version (#4219)
• d1f1e75 chore: release master (#4218)
• 7304a0f chore: remove whitespace
• 2a830bf fix: update @​multiformats/multiadd to 11.0.0
• b208733 chore: release master (#4211)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by npm-service-account-ipfs, a new releaser for ipfs since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.