chore(deps): bump github.com/ipfs/boxo from 0.34.0 to 0.35.1

[dependabot]

Bumps github.com/ipfs/boxo from 0.34.0 to 0.35.1.

Release notes

Sourced from github.com/ipfs/boxo's releases.

v0.35.1

[!NOTE] This release was brought to you by the Shipyard team.

What's Changed

Added

• new span for the handleIncoming bitswap client getter plus events when blocks are received.
• mark opentelemetry spans, span attributes, and span events as being used by ProbeLab's analysis scripts

Changed

• upgrade to go-dsqueue v0.1.0 - Fixes batch reuse that could cause panic.

Fixed

• gateway: Fixed duplicate peer IDs appearing in retrieval timeout error messages
• bitswap/client: fix tracing by using context to pass trace and retrieval state to session #1059
  • bitswap/client: propagate trace state when calling GetBlocks #1060
• bitswap/network/httpnet: improved error detection on HTTP and block fetches:
  • Do not attempt to GET a test CID if the endpoint returns 429 to the test HEAD request.
  • Unify error parsing and handling of http statues and content.

Full Changelog: ipfs/boxo@v0.35.0...v0.35.1

v0.35.0

[!NOTE] This release was brought to you by the Shipyard team.

What's Changed

Added

• pinning/pinner: Added CheckIfPinnedWithType method to Pinner interface for efficient type-specific pin checks with optional name loading (#1035)
  • Enables checking specific pin types (recursive, direct, indirect) without loading all pins
  • Optional includeNames parameter controls whether pin names are loaded from datastore
  • CheckIfPinned now delegates to CheckIfPinnedWithType for consistency
• gateway: Enhanced error handling and UX for timeouts:
  • Added retrieval state tracking for timeout diagnostics. When retrieval timeouts occur, the error messages now include detailed information about which phase failed (path resolution, provider discovery, connecting, or data retrieval) and provider statistics including failed peer IDs #1015 #1023
  • Added Config.DiagnosticServiceURL to configure a CID retrievability diagnostic service. When set, 504 Gateway Timeout errors show a "Check CID retrievability" button linking to the service with ?cid=<failed-cid> #1023
  • Improved 504 error pages with "Retry" button, diagnostic service integration, and clear indication when timeout occurs on sub-resource vs root CID #1023
• gateway: Added Config.MaxRangeRequestFileSize to protect against CDN issues with large file range requests. When set to a non-zero value, range requests for files larger than this limit return HTTP 501 Not Implemented with a suggestion to use verifiable block requests (application/vnd.ipld.raw) instead. This provides protection against Cloudflare's issue where range requests for files over 5GiB are silently ignored, causing excess bandwidth consumption and billing

Changed

• routing/http: ✨ Delegated Routing V1 HTTP endpoints now return 200 with empty results instead of 404 when no records are found, per IPIP-513 (#1024)

... (truncated)

Changelog

Sourced from github.com/ipfs/boxo's changelog.

[v0.35.1]

Added

• new span for the handleIncoming bitswap client getter plus events when blocks are received.
• mark opentelemetry spans, span attributes, and span events as being used by ProbeLab's analysis scripts

Changed

• upgrade to go-dsqueue v0.1.0 - Fixes batch reuse that could cause panic.

Fixed

• gateway: Fixed duplicate peer IDs appearing in retrieval timeout error messages
• bitswap/client: fix tracing by using context to pass trace and retrieval state to session #1059
  • bitswap/client: propagate trace state when calling GetBlocks #1060
• bitswap/network/httpnet: improved error detection on HTTP and block fetches:
  • Do not attempt to GET a test CID if the endpoint returns 429 to the test HEAD request.
  • Unify error parsing and handling of http statues and content.

[v0.35.0]

Added

• pinning/pinner: Added CheckIfPinnedWithType method to Pinner interface for efficient type-specific pin checks with optional name loading (#1035)
  • Enables checking specific pin types (recursive, direct, indirect) without loading all pins
  • Optional includeNames parameter controls whether pin names are loaded from datastore
  • CheckIfPinned now delegates to CheckIfPinnedWithType for consistency
• gateway: Enhanced error handling and UX for timeouts:
  • Added retrieval state tracking for timeout diagnostics. When retrieval timeouts occur, the error messages now include detailed information about which phase failed (path resolution, provider discovery, connecting, or data retrieval) and provider statistics including failed peer IDs #1015 #1023
  • Added Config.DiagnosticServiceURL to configure a CID retrievability diagnostic service. When set, 504 Gateway Timeout errors show a "Check CID retrievability" button linking to the service with ?cid=<failed-cid> #1023
  • Improved 504 error pages with "Retry" button, diagnostic service integration, and clear indication when timeout occurs on sub-resource vs root CID #1023
• gateway: Added Config.MaxRangeRequestFileSize to protect against CDN issues with large file range requests. When set to a non-zero value, range requests for files larger than this limit return HTTP 501 Not Implemented with a suggestion to use verifiable block requests (application/vnd.ipld.raw) instead. This provides protection against Cloudflare's issue where range requests for files over 5GiB are silently ignored, causing excess bandwidth consumption and billing

Changed

• routing/http: ✨ Delegated Routing V1 HTTP endpoints now return 200 with empty results instead of 404 when no records are found, per IPIP-513 (#1024)
  • Server endpoints (/routing/v1/providers/{cid}, /routing/v1/peers/{peer-id}, /routing/v1/ipns/{name}) return HTTP 200 with empty JSON arrays or appropriate content types for empty results
  • Client maintains backward compatibility by treating both 200 with empty results and 404 as "no records found"
  • IPNS endpoint distinguishes between valid records (Content-Type: application/vnd.ipfs.ipns-record) and no record found (any other content type)
• verifcid: 🛠 Enhanced Allowlist interface with per-hash size limits (#1018)
  • Expanded Allowlist interface with MinDigestSize(code uint64) and MaxDigestSize(code uint64) methods for per-hash function size validation
  • Added public constants: DefaultMinDigestSize (20 bytes), DefaultMaxDigestSize (128 bytes for cryptographic hashes), and DefaultMaxIdentityDigestSize (128 bytes for identity CIDs)
  • DefaultAllowlist implementation now uses these constants and supports different size limits per hash type
  • Renamed errors for clarity: Added ErrDigestTooSmall and ErrDigestTooLarge as the new primary errors
  • ErrBelowMinimumHashLength and ErrAboveMaximumHashLength remain as deprecated aliases pointing to the new errors
• bitswap: Updated to use verifcid.DefaultMaxDigestSize for MaximumHashLength constant
  • The default MaximumAllowedCid limit for incoming CIDs can be adjusted using bitswap.MaxCidSize or server.MaxCidSize options
• 🛠 bitswap/client: The RebroadcastDelay option now takes a time.Duration value. This is a potentially BREAKING CHANGE. The time-varying functionality of delay.Delay was never used, so it was replaced with a fixed duration value. This also removes the github.com/ipfs/go-ipfs-delay dependency.

... (truncated)

Commits

• d16a4d5 Merge pull request #1063 from ipfs/release-v0.35.1
• b88fd9f bump version
• 0d66b66 Release v0.35.1
• d749619 bitswap/httpnet: improve "Connect"/testCid check (#1057)
• 5d30479 fix: revert go-libp2p to v0.43.0 (#1061)
• fc53cf8 Merge pull request #1060 from ipfs/fix-trace-for-getblocks
• a7d795a update changelog
• ee638fe Propagate trace state when calling GetBlocks
• 8c17f11 Merge pull request #1059 from ipfs/fix-tracing
• 829895c Merge branch 'main' into fix-tracing
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #309.