chore(deps): bump go-f3 and Go deps

[hanabi1224]

Summary of changes

Changes introduced in this pull request:

• bump go-f3
• bump other Go deps

Reference issue to close (if applicable)

Closes

Other information and links

Change checklist

• I have performed a self-review of my own code,
• I have made corresponding changes to the documentation. All new code adheres to the team's documentation standards,
• I have added tests that prove my fix is effective or that my feature works (if possible),
• I have made sure the CHANGELOG is up-to-date. All user-facing changes should be reflected in this document.

Summary by CodeRabbit

• Chores
  • Updated various dependencies to newer versions for improved stability and compatibility. No user-facing features or functionality were changed.

[coderabbitai]

Walkthrough

Dependency versions were updated in the go.mod files for both the f3-sidecar module and the Go application in the interop tests. The updates include patch and minor version bumps for direct and indirect dependencies, with no changes to code, module paths, or exported entities.

Changes

Cohort / File(s)	Change Summary
f3-sidecar Dependency Updates f3-sidecar/go.mod	Bumped versions of direct and indirect dependencies, including go-f3, rust2go, go-log/v2, go-libp2p, and various others. No code or API changes.
Interop Go App Dependency Updates interop-tests/src/tests/go_app/go.mod	Updated dependency versions for rust2go, go-log/v2, go-libp2p, and many indirect packages. No code or API changes.

Sequence Diagram(s)

No sequence diagram generated as the changes are limited to dependency version updates.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

• chore: bump go deps #5849: Updates Go module dependencies and bumps versions in go.mod for both f3-sidecar and interop test Go app modules.
• chore: upgrade go-f3 to v0.8.8 #5825: Updates dependency versions in f3-sidecar/go.mod, including upgrades to github.com/filecoin-project/go-f3.

Suggested reviewers

• elmattic
• sudo-shashank
• akaladarshi

Note

⚡️ Unit Test Generation is now available in beta!

Learn more here, or try it out under "Finishing Touches" below.

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch hm/bump-go-deps

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai generate unit tests to generate unit tests for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

f3-sidecar/go.mod (1)

23-40: Run go mod tidy after the mass indirect-version bump
Several dozen transitive versions were lifted. A tidy will trim any now-orphaned constraints and refresh go.sum, preventing future CI drift.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 166cf80 and 0203c96.

⛔ Files ignored due to path filters (2)

• f3-sidecar/go.sum is excluded by !**/*.sum
• interop-tests/src/tests/go_app/go.sum is excluded by !**/*.sum

📒 Files selected for processing (2)

• f3-sidecar/go.mod (5 hunks)
• interop-tests/src/tests/go_app/go.mod (4 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (9)

• GitHub Check: Build forest binaries on Linux AMD64
• GitHub Check: tests
• GitHub Check: tests-release
• GitHub Check: All lint checks
• GitHub Check: cargo-publish-dry-run
• GitHub Check: Build MacOS
• GitHub Check: Build Ubuntu
• GitHub Check: Analyze (rust)
• GitHub Check: Analyze (go)

🔇 Additional comments (3)

f3-sidecar/go.mod (1)

6-14: Confirm downstream code compiles against the bumped direct deps
go-f3 v0.8.9, rust2go tip, go-log/v2 v2.8.0, and libp2p v0.42.x all shipped minor API tweaks (e.g. new functional options in libp2p, renamed log levels in go-log). Please run a full build / test sweep and vendor update to catch latent breakages before merge.

interop-tests/src/tests/go_app/go.mod (2)

6-14: Ensure interop module stays lock-step with sidecar for core deps
The test harness now pulls the same rust2go, go-log/v2, and libp2p versions as the sidecar. Good ✅ — just make sure no other module in the repo still references older tags, otherwise go mod graph will drag them back in.

---

26-33: Chanqueue & deque upgrades can alter blocking semantics
gammazero/chanqueue 1.1.x fixed a starvation edge-case by changing default buffer sizing. If the interop tests rely on specific channel depths, double-check for timing regressions.

[coderabbitai]

⚠️ Potential issue

Go tool-chain on CI must be ≥ 1.24.5
Both modules declare go 1.24.5. Verify your builders and Docker images have been bumped; otherwise the updated std-lib constraints will fail in CI.

🤖 Prompt for AI Agents

In interop-tests/src/tests/go_app/go.mod around lines 121 to 129, ensure that
the Go toolchain version used in your CI environment, builders, and Docker
images is updated to at least 1.24.5 to match the module's declared Go version.
Verify and update the Go version in all relevant CI configurations and
Dockerfiles to prevent standard library compatibility issues during builds.

[LesnyRumcajs]

@hanabi1224 is it a valid concern?

[coderabbitai]

Seems like the humans are having a chat. I'll hop back into my burrow for now. If you need me again, just tag @coderabbitai in a new comment, and I'll come hopping out!

[hanabi1224]

@LesnyRumcajs CI uses Go version defined in go.work so it's fine. cc @coderabbitai

go 1.24.5

use (
	./f3-sidecar
	./interop-tests/src/tests/go_app
)

      - uses: actions/setup-go@v5
        with:
          go-version-file: "go.work"

[LesnyRumcajs]

@hanabi1224 are you sure? there were failures around it over the weekend #5866

[hanabi1224]

@LesnyRumcajs The Dockerfile needs to be updated manually indeed, but this PR does not bump the Go toolchain.