chore(deps): bump libp2p packages to latest patch versions

[branarakic]

Summary

• Bumps every direct libp2p / @libp2p/* dependency in packages/core and packages/agent to the latest semver-compatible patch — pure pnpm update -r libp2p '@libp2p/*'. No range broadening, no major-version jumps.
• Motivated by a fatal RangeError: Maximum call stack size exceeded observed in the running daemon's @libp2p/[email protected] job-queue progress propagation (full trace below).

Notable upgrades

package	from	to
libp2p	3.1.3	3.2.3
@libp2p/circuit-relay-v2	4.1.3	4.2.3
@libp2p/identify	4.0.10	4.1.3
@libp2p/gossipsub	15.0.12	15.0.20
@libp2p/kad-dht	16.1.3	16.2.4
@libp2p/tcp	11.0.10	11.0.18
@libp2p/websockets	10.1.3	10.1.11
@libp2p/peer-id	6.0.4	6.0.8
@libp2p/crypto	5.1.13	5.1.17
@libp2p/interface	3.1.0	3.2.2
@libp2p/autonat, @libp2p/dcutr	3.0.10	3.0.18
@libp2p/bootstrap, @libp2p/mdns	12.0.11	12.0.19
@libp2p/ping	3.0.10	3.1.3
@libp2p/utils (transitive)	7.0.10	7.1.0
@libp2p/peer-store (transitive)	12.0.10	12.0.18

Crash trace that motivated this

2026-04-28 16:08:04 connect [DKGAgent] Reconnect-on-gossip:
  peerStore dial to DDt9kA6e failed (Maximum call stack size exceeded);
  trying relay fallbacks
[fatal] Uncaught exception: RangeError: Maximum call stack size exceeded
    at JobRecipient.onProgress
       (.../@libp2p/utils/dist/src/queue/job.js:59:29)
    at .../job.js:61:47
    at Array.forEach (<anonymous>)
    at JobRecipient.onProgress (.../job.js:60:37)
    at .../job.js:61:47
    at Array.forEach (<anonymous>)
    [recursive — frames repeat until stack exhaustion]

This is recursive progress propagation in @libp2p/utils's job queue, triggered after a relayed peer-store dial fails and falls back. Reproducible by running dkg start against the testnet relay set; crashes after a few minutes of normal P2P sync (we saw it at ~8 min uptime on slot a / V10-RC build).

The published 7.0.10 → 7.1.0 changelog doesn't explicitly name this fix, but the patch bump is cheap and brings several weeks of upstream patches across the whole libp2p surface. If 7.1.0 doesn't fix the recursion empirically, the next step is filing an upstream issue on libp2p/js-libp2p with a minimal repro.

Verification

• pnpm install resolves cleanly (no peer-dep new warnings beyond the pre-existing hardhat-deploy → zksync-ethers one)
• pnpm build green locally — 19/19 packages, no TS errors introduced
• Tests deferred to CI (the workspace pnpm test spins up real P2P networks — 5-10 min — CI is the right gate)
• Lockfile diff is clean: 297 insertions, 249 deletions, all confined to libp2p resolution

Test plan for the reviewer

• Confirm CI green (lint, typecheck, unit tests, integration tests if enabled)
• Optional: run dkg start from this branch against the testnet relay set and let it sit for >15 min — should NOT exit with the JobRecipient.onProgress stack overflow
• If 7.1.0 does NOT fix the crash empirically, this PR is still worth landing for the rest of the patch coverage; we then file upstream

Rollback

git revert on the merge commit, then pnpm install --frozen-lockfile against the previous lockfile.

Made with Cursor

[github-actions]

Codex review completed — no issues found.

[lupuszr]

lgtm but can't approve for some reason?