chore(deps): bump go-f3

[hanabi1224]

Summary of changes

Changes introduced in this pull request:

• bump go-f3 to match chore: bump deps for release prep filecoin-project/lotus#13597
• bump all Go deps

Reference issue to close (if applicable)

Closes

Other information and links

Change checklist

• I have performed a self-review of my own code,
• I have made corresponding changes to the documentation. All new code adheres to the team's documentation standards,
• I have added tests that prove my fix is effective or that my feature works (if possible),
• I have made sure the CHANGELOG is up-to-date. All user-facing changes should be reflected in this document.

Outside contributions

• I have read and agree to the CONTRIBUTING document.
• I have read and agree to the AI Policy document. I understand that failure to comply with the guidelines will lead to rejection of the pull request.

Summary by CodeRabbit

• Chores
  • Updated project dependencies to their latest versions to maintain system stability, improve compatibility, and incorporate the latest improvements from underlying libraries and frameworks.

[coderabbitai]

Walkthrough

Go module dependencies across three projects are bumped to newer versions: f3-sidecar updates direct dependencies on Filecoin and libp2p libraries, both f3-sidecar and interop-tests sync common indirect dependencies (IPFS, libp2p, Pion libraries, Uber Zap), and the Prometheus metrics validator tool updates its single direct dependency.

Changes

Go Dependency Updates

Layer / File(s)	Summary
Direct Dependencies f3-sidecar/go.mod	github.com/filecoin-project/go-f3 (0.8.12→0.8.13), github.com/filecoin-project/go-state-types (0.17.0→0.18.0), github.com/libp2p/go-libp2p-kad-dht (0.39.0→0.39.1), github.com/libp2p/go-libp2p-pubsub (0.15.0→0.16.0).
Indirect Dependencies f3-sidecar/go.mod	github.com/ipfs/boxo (0.38.0→0.39.0), github.com/ipld/go-ipld-prime (0.22.0→0.23.0), github.com/klauspost/compress (1.18.5→1.18.6), github.com/mattn/go-isatty (0.0.21→0.0.22), multiple github.com/pion/* packages, github.com/pion/turn upgraded from v4 to v5 (v4.1.4→v5.0.3), go.uber.org/zap (1.27.1→1.28.0), golang.org/x/telemetry version updated.
Shared Common Dependencies interop-tests/src/tests/go_app/go.mod	Synchronized versions for github.com/ipfs/boxo, github.com/libp2p/go-libp2p-kad-dht, github.com/ipld/go-ipld-prime, github.com/mattn/go-isatty, multiple github.com/pion/* packages, go.uber.org/zap, and golang.org/x/telemetry to match f3-sidecar updates.
Tool Dependencies tools/prometheus_metrics_validator/go.mod	github.com/prometheus/prometheus (v0.311.2→v0.311.3).

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

• ChainSafe/forest#6938: Updates the same f3-sidecar and interop-tests go.mod files with dependency version bumps.
• ChainSafe/forest#6238: Modifies f3-sidecar/go.mod with overlapping package version updates (ipfs/boxo, go-ipld-prime, libp2p, pion/webrtc).
• ChainSafe/forest#5881: Updates the same files (f3-sidecar/go.mod and interop-tests go.mod) to bump go-f3 and multiple Go dependencies.

Suggested reviewers

• sudo-shashank
• LesnyRumcajs
• akaladarshi

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title 'chore(deps): bump go-f3' is partially related to the changeset. While go-f3 is bumped, the PR actually updates multiple Go dependencies across three different modules, not just go-f3.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch hm/bump-go-deps

✨ Simplify code

• Create PR with simplified code
• Commit simplified code in branch hm/bump-go-deps

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 golangci-lint (2.12.1)

level=error msg="[linters_context] typechecking error: pattern ./...: directory prefix . does not contain modules listed in go.work or their selected dependencies"

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 64.13%. Comparing base (420a5ab) to head (d242935).
✅ All tests successful. No failed tests found.

Additional details and impacted files

see 7 files with indirect coverage changes

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 420a5ab...d242935. Read the comment docs.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@f3-sidecar/go.mod`:
- Line 16: The go.mod entry for module github.com/libp2p/go-libp2p-pubsub
references a non-existent release v0.16.0; replace that version with the latest
published release v0.15.0 or, if you intentionally need unreleased commits,
replace v0.16.0 with a concrete pseudo-version that pins the exact commit (not a
floating "v0.16.0") so dependency resolution is deterministic; update the line
containing "github.com/libp2p/go-libp2p-pubsub" accordingly and run `go mod
tidy` to ensure the module graph is consistent.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 750c36ac-358b-4d83-9f0b-ae2e7ee365a3

📥 Commits

Reviewing files that changed from the base of the PR and between e1d8bbe and b4d1d1f.

⛔ Files ignored due to path filters (3)

• f3-sidecar/go.sum is excluded by !**/*.sum
• interop-tests/src/tests/go_app/go.sum is excluded by !**/*.sum
• tools/prometheus_metrics_validator/go.sum is excluded by !**/*.sum

📒 Files selected for processing (3)

• f3-sidecar/go.mod
• interop-tests/src/tests/go_app/go.mod
• tools/prometheus_metrics_validator/go.mod