GitLab

fixes a small bug in query notifications that was causing a test to fail

1. Increase broadcast timeout.
2. Fix use of sessions when pinning.

This also includes some bitswap changes to reduce some memory allocations and
optimize some hot spots.

More performance improvements.

Specifically:

1. Don't add peers with IPv6 addresses outside the 2000::/3 range to the WAN
DHT. These peers are not on the public internet.
2. Do add these peers to the LAN DHT. Really, that's the "catch all other" DHT.

Another attempt to fix #7115.

Reduces allocations

1. Enable AutoNATService on _all_ nodes by default. If it's an issue, we can
disable it in RC3 but this will give us the best testing results.
2. Expose options to configure AutoNAT rate limiting.

Remove some allocation hotspots

Hopefully fixes the message queue bloat issue.

And remove retry logic. This was flatfs specific and we've moved the logic down
into flatfs itself.

This update:

* Retries in more cases when we run out of file descriptors.
* Ensures we don't leak temporary files on batch put.

fixes #7115

And only join the WAN DHT if we're publicly reachable.

* QUIC: update to a new protocol version
* DHT: add some extra checks

This still works over "loosely defined" .car files
Please refer to the sharness tests for extra info

We can tighten this up if the sentiment is "Postel was wrong"

fixes https://github.com/ipfs/go-ipfs/issues/6986

This upgrades to the next DHT version, but in backwards compatibility mode.

This commit upgrades go-ipfs-cmds and configures the commands HTTP API Handler
to only allow POST/OPTIONS, disallowing GET and others in the handling of
command requests in the IPFS HTTP API (where before every type of request
method was handled, with GET/POST/PUT/PATCH being equivalent).

The Read-Only commands that the HTTP API attaches to the gateway endpoint will
additional handled GET as they did before (but stop handling PUT,DELETEs).

By limiting the request types we address the possibility that a website
accessed by a browser abuses the IPFS API by issuing GET requests to it which
have no Origin or Referrer set, and are thus bypass CORS and CSRF protections.

This is a breaking change for clients that relay on GET requests against the
HTTP endpoint (usually :5001). Applications integrating on top of the
gateway-read-only API should still work (including cross-domain access).
Co-Authored-By: Steven Allen <steven@stebalien.com>
Co-Authored-By: Marcin Rataj <lidel@lidel.org>

Prepare for an RC. This also re-re-disables stream write coalescing till we get
a chance to thoroughly profile it.

Bumps [github.com/ipfs/go-ds-flatfs](https://github.com/ipfs/go-ds-flatfs) from 0.4.0 to 0.4.1.
- [Release notes](https://github.com/ipfs/go-ds-flatfs/releases)
- [Commits](https://github.com/ipfs/go-ds-flatfs/compare/v0.4.0...v0.4.1)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bumps [github.com/ipfs/go-ds-badger](https://github.com/ipfs/go-ds-badger) from 0.2.2 to 0.2.3.
- [Release notes](https://github.com/ipfs/go-ds-badger/releases)
- [Commits](https://github.com/ipfs/go-ds-badger/compare/v0.2.2...v0.2.3)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bumps [go.uber.org/fx](https://github.com/uber-go/fx) from 1.10.0 to 1.11.0.
- [Release notes](https://github.com/uber-go/fx/releases)
- [Changelog](https://github.com/uber-go/fx/blob/master/CHANGELOG.md)
- [Commits](https://github.com/uber-go/fx/compare/v1.10.0...v1.11.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bumps [github.com/hashicorp/go-multierror](https://github.com/hashicorp/go-multierror) from 1.0.0 to 1.1.0.
- [Release notes](https://github.com/hashicorp/go-multierror/releases)
- [Commits](https://github.com/hashicorp/go-multierror/compare/v1.0.0...v1.1.0)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bumps [github.com/libp2p/go-libp2p-peerstore](https://github.com/libp2p/go-libp2p-peerstore) from 0.2.1 to 0.2.2.
- [Release notes](https://github.com/libp2p/go-libp2p-peerstore/releases)
- [Commits](https://github.com/libp2p/go-libp2p-peerstore/compare/v0.2.1...v0.2.2)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bumps [github.com/ipfs/go-ipfs-files](https://github.com/ipfs/go-ipfs-files) from 0.0.7 to 0.0.8.
- [Release notes](https://github.com/ipfs/go-ipfs-files/releases)
- [Commits](https://github.com/ipfs/go-ipfs-files/compare/v0.0.7...v0.0.8)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Switches to TLS as the default security transports.

Go 1.14 has a timer reset deadlock (https://github.com/golang/go/issues/38070).

This also downgrades quic-go until either a go patch release fixes this issue or
a version of quic-go is released that works with go 1.13.

Bumps [github.com/ipfs/go-ds-badger](https://github.com/ipfs/go-ds-badger) from 0.2.1 to 0.2.2.
- [Release notes](https://github.com/ipfs/go-ds-badger/releases)
- [Commits](https://github.com/ipfs/go-ds-badger/compare/v0.2.1...v0.2.2)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bumps [github.com/libp2p/go-libp2p](https://github.com/libp2p/go-libp2p) from 0.7.1 to 0.7.2.
- [Release notes](https://github.com/libp2p/go-libp2p/releases)
- [Changelog](https://github.com/libp2p/go-libp2p/blob/master/NEWS.md)
- [Commits](https://github.com/libp2p/go-libp2p/compare/v0.7.1...v0.7.2)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bumps [github.com/libp2p/go-libp2p-yamux](https://github.com/libp2p/go-libp2p-yamux) from 0.2.5 to 0.2.6.
- [Release notes](https://github.com/libp2p/go-libp2p-yamux/releases)
- [Commits](https://github.com/libp2p/go-libp2p-yamux/compare/v0.2.5...v0.2.6)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Closes #6953

Bumps [github.com/ipfs/go-bitswap](https://github.com/ipfs/go-bitswap) from 0.2.6 to 0.2.7.
- [Release notes](https://github.com/ipfs/go-bitswap/releases)
- [Commits](https://github.com/ipfs/go-bitswap/compare/v0.2.6...v0.2.7)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>