chore: bump go-f3 to apply perf improvements

[hanabi1224]

Summary of changes

Changes introduced in this pull request:

• bump go-f3 to apply performance improvement made by fix: improve performance of ApplyPowerTableDiffs in ImportSnapshotToDatastore filecoin-project/go-f3#1047
• bump all Go deps (go get -u && go mod tidy)
• address feat: integrate with go-f3 and implement F3 data export and import #5886 (comment)

Reference issue to close (if applicable)

Closes

Other information and links

Change checklist

• I have performed a self-review of my own code,
• I have made corresponding changes to the documentation. All new code adheres to the team's documentation standards,
• I have added tests that prove my fix is effective or that my feature works (if possible),
• I have made sure the CHANGELOG is up-to-date. All user-facing changes should be reflected in this document.

Summary by CodeRabbit

• Chores
  • Updated dependencies across networking, cryptography, QUIC/WebTransport, and protobuf stacks; removed several deprecated indirect packages. No user-facing behavior changes.
• Refactor
  • Adjusted temporary resource handling in archive operations to release memory earlier. Behavior remains unchanged.

[coderabbitai]

Walkthrough

Broad dependency updates in two Go modules (f3-sidecar and interop test app), including libp2p, quic-go, golang.org/x, and protobuf. Some indirect dependencies removed. One Rust change refactors merge_f3_snapshot to inline store creation and explicitly drop it earlier; no public API changes.

Changes

Cohort / File(s)	Summary of Changes
Go deps: f3-sidecar f3-sidecar/go.mod	Updated module dependencies (e.g., go-f3, libp2p, quic-go, golang.org/x, protobuf, boxo); removed some indirect deps (e.g., slim-sprig, automaxprocs). No code changes.
Go deps: interop test app interop-tests/src/tests/go_app/go.mod	Bumped direct deps (boxo, libp2p, libp2p-kad-dht, multiaddr); updated numerous indirect deps (dns, quic-go, webtransport-go, golang.org/x, protobuf); removed several older indirect deps. No code changes.
Rust refactor: archive command src/tool/subcommands/archive_cmd.rs	Inlined per-scope store creation/metadata check in merge_f3_snapshot and added explicit early drop of temporary store; functional behavior unchanged.

Sequence Diagram(s)

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Possibly related PRs

• chore: upgrade go-f3 to v0.8.8 #5825 — Also updates f3-sidecar go.mod to bump github.com/filecoin-project/go-f3 (earlier version).
• chore: bump go deps #5849 — Similar go.mod/toolchain bump across f3-sidecar and interop tests modules.
• chore(deps): bump go-f3 and Go deps #5881 — Parallel dependency upgrades for go-f3 and libp2p-related stacks in the same modules.

Suggested labels

dependencies, rust

Suggested reviewers

• elmattic
• sudo-shashank
• akaladarshi

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch hm/bump-go-f3

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[hanabi1224]

This is to address #5886 (comment)

[hanabi1224]

AI pefers scoping here lol : )
642-647: Early resource release is good; prefer scoping over explicit drop and enrich the error message

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (3)

src/tool/subcommands/archive_cmd.rs (1)

642-647: Early resource release is good; prefer scoping over explicit drop and enrich the error message

Explicitly dropping the store achieves the desired earlier release of mmap/FDs before re-opening the file via CarStream. Two minor improvements:

• Scope the store to a block instead of calling drop for clearer RAII and to avoid accidental future uses.
• Include the detected variant in the error message to aid debugging when a v2 snapshot is passed by mistake.

Apply this diff:

-    let store = AnyCar::try_from(filecoin.as_path())?;
-    anyhow::ensure!(
-        store.metadata().is_none(),
-        "The filecoin snapshot is not in v1 format"
-    );
-    drop(store);
+    {
+        let store = AnyCar::try_from(filecoin.as_path())?;
+        anyhow::ensure!(
+            store.metadata().is_none(),
+            "Input snapshot must be v1 (.car) without metadata; got variant {}",
+            store.variant()
+        );
+    } // drop store early

Additionally (outside this hunk), consider being explicit when creating the tokio file for the NamedTempFile to avoid any trait inference ambiguity:

// current:
let writer = tokio::io::BufWriter::new(tokio::fs::File::create(&temp_output).await?);

// suggested:
let writer = tokio::io::BufWriter::new(tokio::fs::File::create(temp_output.path()).await?);

interop-tests/src/tests/go_app/go.mod (1)

7-7: Dependency bumps LGTM; verify toolchain and transitive compatibility (libp2p/quic-go changes can be subtle)

The direct/indirect updates (boxo, libp2p stack, quic-go/webtransport, x/*, protobuf) look aligned. Action items to de-risk:

• Ensure CI images use Go ≥ 1.24.5 to match the module directive.
• libp2p v0.43.0 + DHT v0.34.0 and quic-go v0.54.0 sometimes tweak defaults (ALPN/token handling, congestion control). Please run interop tests against both IPv4/IPv6, NAT traversal, and QUIC transports.
• Run go mod tidy locally and commit go.sum changes to avoid CI drift.
• Keep an eye on webtransport-go v0.9.0 behavior if enabled in tests, as version skew with browsers/clients can surface flaky tests.

If you’d like, I can draft a checklist for targeted interop scenarios (QUIC, DHT bootstrapping, relay/NAT traversal) to run before merging.

Also applies to: 11-13, 53-53, 62-62, 90-90, 95-95, 103-105, 117-121, 123-127

f3-sidecar/go.mod (1)

6-6: go-f3 pseudo-version bump and networking stack upgrades: confirm runtime compatibility and plan to migrate to a tag

• Pinning to go-f3 pseudo-version (v0.8.10-0.20250813...) is fine to pull perf improvements now; consider switching to the next official tag once cut to improve reproducibility.
• The libp2p/quic-go/pion updates mirror the interop test app. Validate end-to-end flows (pubsub, DHT, QUIC) and confirm no regressions in connection manager or resource manager tuning.
• Ensure the CI builder uses Go ≥ 1.24.5. Commit updated go.sum after a tidy.

When a stable go-f3 tag containing the perf PR lands, I can prep a follow-up PR to pin to it and remove the pseudo-version.

Also applies to: 14-15, 18-18, 24-24, 45-45, 56-56, 65-65, 72-72, 82-83, 96-96, 101-101, 110-111, 128-136, 138-138

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 091b114 and 175d276.

⛔ Files ignored due to path filters (2)

• f3-sidecar/go.sum is excluded by !**/*.sum
• interop-tests/src/tests/go_app/go.sum is excluded by !**/*.sum

📒 Files selected for processing (3)

• f3-sidecar/go.mod (8 hunks)
• interop-tests/src/tests/go_app/go.mod (4 hunks)
• src/tool/subcommands/archive_cmd.rs (1 hunks)

🧰 Additional context used

🧠 Learnings (2)

📓 Common learnings

Learnt from: hanabi1224
PR: ChainSafe/forest#5930
File: build.rs:64-77
Timestamp: 2025-08-13T09:43:20.301Z
Learning: hanabi1224 prefers hard compile-time errors in build scripts rather than runtime safeguards or collision detection, believing it's better to fail fast and fix root causes of issues like malformed snapshot names.

📚 Learning: 2025-08-11T14:00:47.060Z

Learnt from: hanabi1224
PR: ChainSafe/forest#5886
File: src/daemon/db_util.rs:236-259
Timestamp: 2025-08-11T14:00:47.060Z
Learning: In Forest's snapshot import (`src/daemon/db_util.rs`), when F3 CID is present in snapshot metadata but the actual F3 data is missing, this should cause a hard error as it indicates snapshot corruption. Only errors during the F3 import process itself (after data is successfully retrieved) should be non-fatal and logged.

Applied to files:

• src/tool/subcommands/archive_cmd.rs

🧬 Code Graph Analysis (1)

src/tool/subcommands/archive_cmd.rs (3)

src/db/car/any.rs (3)

• try_from (129-131)
• try_from (136-138)
• metadata (55-61)

src/db/car/forest.rs (2)

• try_from (242-244)
• metadata (127-139)

src/db/car/plain.rs (2)

• try_from (241-243)
• metadata (175-187)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (9)

• GitHub Check: Build forest binaries on Linux AMD64
• GitHub Check: tests-release
• GitHub Check: tests
• GitHub Check: Build Ubuntu
• GitHub Check: cargo-publish-dry-run
• GitHub Check: Build MacOS
• GitHub Check: All lint checks
• GitHub Check: Analyze (go)
• GitHub Check: Analyze (rust)