chore(deps): bump github.com/ipfs/kubo from 0.16.0 to 0.18.0

[dependabot]

Bumps github.com/ipfs/kubo from 0.16.0 to 0.18.0.

Release notes

Sourced from github.com/ipfs/kubo's releases.

v0.18.0

• 🎤 Discuss
• 🔦 Highlights
  • Content routing
    • Default InterPlanetary Network Indexer
    • Increase provider record republish interval and expiration
  • Gateways
    • DAG-JSON and DAG-CBOR response formats
    • 🐎 Fast directory listings with DAG sizes
  • QUIC and WebTransport
    • WebTransport enabled by default
    • QUIC and WebTransport share a single port
    • Differentiating QUIC versions
    • QUICv1 and WebTransport config migration
  • Improving libp2p resource management integration
• 📝 Changelog
• 👨‍👩‍👧‍👦 Contributors

🔦 Highlights

Content routing

Default InterPlanetary Network Indexer

Content routing is the process of discovering which peers provide a piece of content. Kubo has traditionally only supported libp2p's implementation of Kademlia DHT for content routing.

Kubo can now bridge networks by including support for the delegated routing HTTP API. Users can compose content routers using the Routing.Routers config to pick content routers with different tradeoffs than a Kademlia DHT (e.g., high-performance and high-capacity centralized endpoints, dedicated Kademlia DHT nodes, routers with unique provider records, privacy-focused content routers).

One example is InterPlanetary Network Indexers, which are HTTP endpoints that cache records from both the IPFS network and other sources such as web3.storage and Filecoin. This improves not only content availability by enabling Kubo to transparently fetch content directly from Filecoin storage providers, but also improves IPFS content routing latency by an order of magnitude and decreases resource consumption.

Note: it's possible to retrieve content stored by Filecoin Storage Providers (SPs) from Kubo if the SPs service Bitswap requests. As of this release, some SPs are advertising Bitswap. You can follow the roadmap progress for IPNIs and Bitswap in SPs here.

In this release, the default content router is changed from dht to auto. The auto router includes the IPFS DHT in addition to the cid.contact IPNI instance. In future releases, we plan to expand the functionality of auto to encompass automatic discovery of content routers, which will improve performance and content availability (for example, see IPIP-342).

Previous behavior can be restored by setting Routing.Type to dht.

Alternative routing rules, including alternative IPNI endpoints, can be configured in Routing.Routers after setting Routing.Type to custom.

Learn more in the Routing docs.

Increase provider record republish interval and expiration

Default Reprovider.Interval changed from 12h to 22h to match new defaults for the Provider Record Expiration (48h) in go-libp2p-kad-dht v0.20.0.

The rationale for increasing this can be found in RFM 17: Provider Record Livenes Report, kubo#9326, and the upstream DHT specifications at libp2p/specs#451.

... (truncated)

Commits

• 6750377 Merge pull request #9498 from ipfs/release-v0.18
• 7edf86c docs: update changelog
• 8169043 chore: update version.go
• 0aa23b3 fix: clarity: no user supplied rcmgr limits of 0 (#9563)
• 14703e1 fix(gateway): undesired conversions to dag-json and friends (#9566)
• a9fdf26 fix(ci): work around bifrost-infra/issues/2300
• 486c4b5 fix: ensure connmgr is smaller then autoscalled ressource limits
• 5bbc521 fix: typo in ensureConnMgrMakeSenseVsResourcesMgr
• 0ae3285 docs: clarify browser descriptions for webtransport
• 37059b8 fix: update saxon download path
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[guardrails]

⚠️ We detected 1 security issue in this pull request:

Vulnerable Libraries (1)

Severity	Details
N/A	pkg:golang/golang.org/x/[email protected] @v0.3.0 upgrade to: 1.18.9,1.19.4,0.4.0

More info on how to fix Vulnerable Libraries in Go.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.

[dependabot]

Superseded by #54.