chore(deps): bump github.com/ipfs/boxo from 0.34.0 to 0.35.2

[dependabot]

Bumps github.com/ipfs/boxo from 0.34.0 to 0.35.2.

Release notes

Sourced from github.com/ipfs/boxo's releases.

v0.35.2

What's Changed

• upgrade to go-libp2p v0.45.0
• upgrade to go-log/v2 v2.9.0
  • Applications using go-log (>=2.9)+go-libp2p(>=0.45) may need to initialize their application to bridge slog-based libraries to into go-log. See documentation for go-log release and slog integration.

Full Changelog: ipfs/boxo@v0.35.1...v0.35.2

v0.35.1

[!NOTE] This release was brought to you by the Shipyard team.

What's Changed

Added

• new span for the handleIncoming bitswap client getter plus events when blocks are received.
• mark opentelemetry spans, span attributes, and span events as being used by ProbeLab's analysis scripts

Changed

• upgrade to go-dsqueue v0.1.0 - Fixes batch reuse that could cause panic.

Fixed

• gateway: Fixed duplicate peer IDs appearing in retrieval timeout error messages
• bitswap/client: fix tracing by using context to pass trace and retrieval state to session #1059
  • bitswap/client: propagate trace state when calling GetBlocks #1060
• bitswap/network/httpnet: improved error detection on HTTP and block fetches:
  • Do not attempt to GET a test CID if the endpoint returns 429 to the test HEAD request.
  • Unify error parsing and handling of http statues and content.

Full Changelog: ipfs/boxo@v0.35.0...v0.35.1

v0.35.0

[!NOTE] This release was brought to you by the Shipyard team.

What's Changed

Added

• pinning/pinner: Added CheckIfPinnedWithType method to Pinner interface for efficient type-specific pin checks with optional name loading (#1035)
  • Enables checking specific pin types (recursive, direct, indirect) without loading all pins
  • Optional includeNames parameter controls whether pin names are loaded from datastore

... (truncated)

Changelog

Sourced from github.com/ipfs/boxo's changelog.

[v0.35.2]

Changed

• upgrade to go-libp2p v0.45.0
• upgrade to go-log/v2 v2.9.0
  • Applications using go-log (>=2.9)+go-libp2p(>=0.45) may need to initialize their application to bridge slog-based libraries to into go-log. See documentation for go-log release and slog integration.

[v0.35.1]

Added

• new span for the handleIncoming bitswap client getter plus events when blocks are received.
• mark opentelemetry spans, span attributes, and span events as being used by ProbeLab's analysis scripts

Changed

• upgrade to go-dsqueue v0.1.0 - Fixes batch reuse that could cause panic.

Fixed

• gateway: Fixed duplicate peer IDs appearing in retrieval timeout error messages
• bitswap/client: fix tracing by using context to pass trace and retrieval state to session #1059
  • bitswap/client: propagate trace state when calling GetBlocks #1060
• bitswap/network/httpnet: improved error detection on HTTP and block fetches:
  • Do not attempt to GET a test CID if the endpoint returns 429 to the test HEAD request.
  • Unify error parsing and handling of http statues and content.

[v0.35.0]

Added

• pinning/pinner: Added CheckIfPinnedWithType method to Pinner interface for efficient type-specific pin checks with optional name loading (#1035)
  • Enables checking specific pin types (recursive, direct, indirect) without loading all pins
  • Optional includeNames parameter controls whether pin names are loaded from datastore
  • CheckIfPinned now delegates to CheckIfPinnedWithType for consistency
• gateway: Enhanced error handling and UX for timeouts:
  • Added retrieval state tracking for timeout diagnostics. When retrieval timeouts occur, the error messages now include detailed information about which phase failed (path resolution, provider discovery, connecting, or data retrieval) and provider statistics including failed peer IDs #1015 #1023
  • Added Config.DiagnosticServiceURL to configure a CID retrievability diagnostic service. When set, 504 Gateway Timeout errors show a "Check CID retrievability" button linking to the service with ?cid=<failed-cid> #1023
  • Improved 504 error pages with "Retry" button, diagnostic service integration, and clear indication when timeout occurs on sub-resource vs root CID #1023
• gateway: Added Config.MaxRangeRequestFileSize to protect against CDN issues with large file range requests. When set to a non-zero value, range requests for files larger than this limit return HTTP 501 Not Implemented with a suggestion to use verifiable block requests (application/vnd.ipld.raw) instead. This provides protection against Cloudflare's issue where range requests for files over 5GiB are silently ignored, causing excess bandwidth consumption and billing

Changed

• routing/http: ✨ Delegated Routing V1 HTTP endpoints now return 200 with empty results instead of 404 when no records are found, per IPIP-513 (#1024)
  • Server endpoints (/routing/v1/providers/{cid}, /routing/v1/peers/{peer-id}, /routing/v1/ipns/{name}) return HTTP 200 with empty JSON arrays or appropriate content types for empty results
  • Client maintains backward compatibility by treating both 200 with empty results and 404 as "no records found"
  • IPNS endpoint distinguishes between valid records (Content-Type: application/vnd.ipfs.ipns-record) and no record found (any other content type)

... (truncated)

Commits

• fc4c0e6 Merge pull request #1068 from ipfs/release-v0.35.2
• 6e621f6 bump version
• 81fed96 Release v0.35.2
• 6a68a11 Merge pull request #1066 from ipfs/go-libp2p-v0.45.0
• 81b6db8 update changelog
• e5da1aa upgrade go-libp2p to v0.45.0
• 8546439 Merge pull request #1065 from ipfs/update-dsqueue
• 052ca47 mod tidy examples
• 4dea0d9 update go-dsqueue to v0.1.1
• d16a4d5 Merge pull request #1063 from ipfs/release-v0.35.1
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)