chore(f3): bump go-f3

[hanabi1224]

Summary of changes

Changes introduced in this pull request:

• bump go-f3
• bump some other go deps

Reference issue to close (if applicable)

Closes

Other information and links

Change checklist

• I have performed a self-review of my own code,
• I have made corresponding changes to the documentation. All new code adheres to the team's documentation standards,
• I have added tests that prove my fix is effective or that my feature works (if possible),
• I have made sure the CHANGELOG is up-to-date. All user-facing changes should be reflected in this document.

Summary by CodeRabbit

• Chores
  • Updated Go module dependencies to the latest versions for improved stability and security.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Updates Go module dependencies across f3-sidecar and interop-tests modules to newer patch/minor versions. Modifies the ImportSnapshotToDatastore function call in import.go to accept an additional manifest parameter.

Changes

Cohort / File(s)	Summary
Dependency Version Bumps f3-sidecar/go.mod, interop-tests/src/tests/go_app/go.mod	Updated dependencies including go-f3 (v0.8.10→v0.8.11), go-libp2p-kad-dht (v0.36.0→v0.37.0), and crypto/sys/text modules to newer patch versions. Changes applied consistently across both go.mod files and indirect dependencies.
Import Function Call Update f3-sidecar/import.go	Modified ImportSnapshotToDatastore function call to pass additional manifest parameter (m) as fourth argument. Function signature now includes manifest.Manifest pointer parameter.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• chore(deps): bump go-f3 and Go deps #5881: Updates identical go.mod dependency versions (go-f3, golang.org/x/crypto) across same modules
• chore(deps): bump go deps #6135: Bumps matching go-libp2p-kad-dht and cryptographic dependency versions in f3-sidecar/go.mod
• chore(deps): bump Go deps #6342: Updates overlapping set of Go dependencies (go-libp2p-kad-dht, golang.org/x/crypto, golang.org/x/text/sys) in same files

Suggested labels

dependencies, go

Suggested reviewers

• sudo-shashank
• LesnyRumcajs
• akaladarshi

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'chore(f3): bump go-f3' accurately reflects the primary change of bumping the go-f3 dependency, though it understates the scope of multiple dependency updates.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

---

📜 Recent review details

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b7f3ec6 and 92406dd.

⛔ Files ignored due to path filters (2)

• f3-sidecar/go.sum is excluded by !**/*.sum
• interop-tests/src/tests/go_app/go.sum is excluded by !**/*.sum

📒 Files selected for processing (3)

• f3-sidecar/go.mod
• f3-sidecar/import.go
• interop-tests/src/tests/go_app/go.mod

🧰 Additional context used

📓 Path-based instructions (1)

**/*.go

📄 CodeRabbit inference engine (AGENTS.md)

Lint Go code (for F3 sidecar) using mise lint:golang

Files:

• f3-sidecar/import.go

🧠 Learnings (3)

📓 Common learnings

Learnt from: hanabi1224
Repo: ChainSafe/forest PR: 5930
File: build.rs:64-77
Timestamp: 2025-08-13T09:43:20.301Z
Learning: hanabi1224 prefers hard compile-time errors in build scripts rather than runtime safeguards or collision detection, believing it's better to fail fast and fix root causes of issues like malformed snapshot names.

Learnt from: hanabi1224
Repo: ChainSafe/forest PR: 6057
File: src/cli/subcommands/f3_cmd.rs:0-0
Timestamp: 2025-09-09T10:37:17.947Z
Learning: hanabi1224 prefers having default timeouts (like 10m for --no-progress-timeout) to prevent commands from hanging indefinitely, even when the timeout flag isn't explicitly provided by users. This fail-fast approach is preferred over requiring explicit flag usage.

📚 Learning: 2025-08-07T13:12:23.359Z

Learnt from: hanabi1224
Repo: ChainSafe/forest PR: 5886
File: Makefile:1-1
Timestamp: 2025-08-07T13:12:23.359Z
Learning: golangci-lint version v2.3.1 exists and is a valid release that can be used in Makefiles and CI configurations. It was released after v2.3.0.

Applied to files:

• f3-sidecar/go.mod

📚 Learning: 2025-08-07T13:12:23.359Z

Learnt from: hanabi1224
Repo: ChainSafe/forest PR: 5886
File: Makefile:1-1
Timestamp: 2025-08-07T13:12:23.359Z
Learning: golangci-lint version v2.3.1 exists and was released on August 2, 2025. It is currently the latest stable version and can be used in Makefiles and CI configurations. The version follows the v2.x.x numbering scheme, not v1.x.x as I previously incorrectly stated.

Applied to files:

• f3-sidecar/go.mod

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (8)

• GitHub Check: tests-release
• GitHub Check: Coverage
• GitHub Check: Build forest binaries on Linux AMD64
• GitHub Check: Build MacOS
• GitHub Check: cargo-publish-dry-run
• GitHub Check: All lint checks
• GitHub Check: Build Ubuntu
• GitHub Check: rubocop

🔇 Additional comments (5)

f3-sidecar/import.go (1)

54-54: LGTM!

The updated call to certstore.ImportSnapshotToDatastore correctly passes the manifest m, which is guaranteed to be non-nil due to the fallback to LocalDevnetManifest() at lines 28-32. This aligns with the go-f3 v0.8.11 API change.

f3-sidecar/go.mod (3)

15-18: Dependency version bumps look consistent.

Minor/patch version bumps for go-libp2p-kad-dht (v0.37.0) and golang.org/x/crypto (v0.47.0) align with the interop-tests module. These are reasonable transitive updates.

---

132-134: Indirect dependency updates are aligned.

The golang.org/x/sys and golang.org/x/text indirect dependency bumps are consistent with the versions in interop-tests/src/tests/go_app/go.mod.

---

6-6: Dependency error: go-f3 v0.8.11 does not exist as a public release.

The go.mod file references github.com/filecoin-project/go-f3 v0.8.11, but this version has no public release. Official release records show only v0.8.10 (and earlier). This will cause the module to fail resolution. Verify the intended version number and update go.mod accordingly.

Note: The import.go file correctly uses the manifest parameter in the ImportSnapshotToDatastore call, but this cannot be verified against a non-existent version's actual API.

⛔ Skipped due to learnings

Learnt from: hanabi1224
Repo: ChainSafe/forest PR: 5886
File: src/daemon/db_util.rs:236-259
Timestamp: 2025-08-11T14:00:47.060Z
Learning: In Forest's snapshot import (`src/daemon/db_util.rs`), when F3 CID is present in snapshot metadata but the actual F3 data is missing, this should cause a hard error as it indicates snapshot corruption. Only errors during the F3 import process itself (after data is successfully retrieved) should be non-fatal and logged.

interop-tests/src/tests/go_app/go.mod (1)

12-12: LGTM! Dependency versions are consistent across modules.

The version bumps for go-libp2p-kad-dht, golang.org/x/crypto, golang.org/x/sys, and golang.org/x/text are aligned with f3-sidecar/go.mod, maintaining consistency across the codebase.

Also applies to: 117-117, 122-124

_{✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.}

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 golangci-lint (2.5.0)

level=error msg="[linters_context] typechecking error: pattern ./...: directory prefix . does not contain modules listed in go.work or their selected dependencies"

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}