Skip to content

chore: bump Go deps#6938

Merged
LesnyRumcajs merged 1 commit intomainfrom
hm/bump-go-deps
Apr 20, 2026
Merged

chore: bump Go deps#6938
LesnyRumcajs merged 1 commit intomainfrom
hm/bump-go-deps

Conversation

@hanabi1224
Copy link
Copy Markdown
Contributor

@hanabi1224 hanabi1224 commented Apr 20, 2026
edited by coderabbitai bot
Loading

Summary of changes

To fix:
https://github.com/ChainSafe/forest/security/dependabot/211

Changes introduced in this pull request:

Reference issue to close (if applicable)

Closes

Other information and links

Change checklist

  • I have performed a self-review of my own code,
  • I have made corresponding changes to the documentation. All new code adheres to the team's documentation standards,
  • I have added tests that prove my fix is effective or that my feature works (if possible),
  • I have made sure the CHANGELOG is up-to-date. All user-facing changes should be reflected in this document.

Outside contributions

  • I have read and agree to the CONTRIBUTING document.
  • I have read and agree to the AI Policy document. I understand that failure to comply with the guidelines will lead to rejection of the pull request.

Summary by CodeRabbit

  • Chores
    • Updated Go module dependencies across multiple components to maintain compatibility with upstream libraries. Updates include IPFS networking libraries, cryptographic packages, compression utilities, and observability frameworks.

@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai bot commented Apr 20, 2026
edited
Loading

Walkthrough

Updated Go module dependencies across three files by incrementing versions for libraries including IPFS-related modules (go-cid, boxo, libp2p-kad-dht), Pion packages (WebRTC, ICE, SCTP, STUN), OpenTelemetry modules, and standard Go tooling packages (golang.org/x/crypto, golang.org/x/net, golang.org/x/sys, etc.).

Changes

Cohort / File(s) Summary
IPFS and Networking Dependencies
f3-sidecar/go.mod, interop-tests/src/tests/go_app/go.mod		 Bumped github.com/ipfs/go-cid (0.6.0→0.6.1), github.com/ipfs/boxo (0.37.0→0.38.0), github.com/libp2p/go-libp2p-kad-dht (0.38.0→0.39.0), Pion packages (webrtc 4.2.9→4.2.11, ice 4.2.1→4.2.4, sctp 1.9.3→1.9.4, stun 3.1.1→3.1.2), and base58/multibase utilities.
OpenTelemetry and Go Runtime
f3-sidecar/go.mod, interop-tests/src/tests/go_app/go.mod		 Advanced go.opentelemetry.io/otel (1.42.0→1.43.0) and metric/trace submodules, plus golang.org/x packages (crypto 0.49.0→0.50.0, net 0.52.0→0.53.0, sys 0.42.0→0.43.0, text 0.35.0→0.36.0, mod/exp/tools/telemetry to newer versions).
Prometheus Validator Tool
tools/prometheus_metrics_validator/go.mod		 Updated github.com/prometheus/prometheus (0.310.0→0.311.2) and github.com/urfave/cli/v3 (3.7.0→3.8.0), with indirect golang.org/x/text bump (0.35.0→0.36.0).

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

Suggested reviewers

  • sudo-shashank
  • LesnyRumcajs
🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title 'chore: bump Go deps' directly and accurately describes the main change: updating Go module dependencies across three go.mod files.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch hm/bump-go-deps
✨ Simplify code
  • Create PR with simplified code
  • Commit simplified code in branch hm/bump-go-deps

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 golangci-lint (2.11.4)

level=error msg="[linters_context] typechecking error: pattern ./...: directory prefix . does not contain modules listed in go.work or their selected dependencies"

Comment @coderabbitai help to get the list of available commands and usage tips.

@hanabi1224 hanabi1224 marked this pull request as ready for review April 20, 2026 06:55
@hanabi1224 hanabi1224 requested a review from a team as a code owner April 20, 2026 06:55
@hanabi1224 hanabi1224 requested review from LesnyRumcajs and akaladarshi and removed request for a team April 20, 2026 06:55
coderabbitai[bot]
coderabbitai bot reviewed Apr 20, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@f3-sidecar/go.mod`:
- Around line 10-18: tools/prometheus_metrics_validator still pins older
pre-bump deps (golang.org/x/crypto v0.49.0, golang.org/x/sys v0.42.0,
go.opentelemetry.io/otel v1.42.0); update
tools/prometheus_metrics_validator/go.mod to match the bumped versions used in
the workspace (e.g., golang.org/x/crypto -> v0.50.0 and the corresponding bumped
versions of golang.org/x/sys and go.opentelemetry.io/otel), then regenerate
tools/prometheus_metrics_validator/go.sum so it no longer contains the old
versions; check the dependency entries by name (golang.org/x/crypto,
golang.org/x/sys, go.opentelemetry.io/otel) to locate and replace them.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 8a43dfa0-4c6d-415d-8b01-712b3dbe3bc7

📥 Commits

Reviewing files that changed from the base of the PR and between 61502d6 and 1f8f9ae.

⛔ Files ignored due to path filters (3)
  • f3-sidecar/go.sum is excluded by !**/*.sum
  • interop-tests/src/tests/go_app/go.sum is excluded by !**/*.sum
  • tools/prometheus_metrics_validator/go.sum is excluded by !**/*.sum
📒 Files selected for processing (3)
  • f3-sidecar/go.mod
  • interop-tests/src/tests/go_app/go.mod
  • tools/prometheus_metrics_validator/go.mod

Comment thread f3-sidecar/go.mod
@LesnyRumcajs LesnyRumcajs added this pull request to the merge queue Apr 20, 2026
Merged via the queue into main with commit 919b53e Apr 20, 2026
43 of 44 checks passed
@LesnyRumcajs LesnyRumcajs deleted the hm/bump-go-deps branch April 20, 2026 08:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@LesnyRumcajs LesnyRumcajs LesnyRumcajs approved these changes

@akaladarshi akaladarshi Awaiting requested review from akaladarshi akaladarshi is a code owner automatically assigned from ChainSafe/forest

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@hanabi1224 @LesnyRumcajs