chore: bump Go deps

[hanabi1224]

Summary of changes

Fixes https://github.com/ChainSafe/forest/security/dependabot/234 and https://github.com/ChainSafe/forest/security/dependabot/235

Changes introduced in this pull request:

Reference issue to close (if applicable)

Closes

Other information and links

Change checklist

• I have performed a self-review of my own code,
• I have made corresponding changes to the documentation. All new code adheres to the team's documentation standards,
• I have added tests that prove my fix is effective or that my feature works (if possible),
• I have made sure the CHANGELOG is up-to-date. All user-facing changes should be reflected in this document.

Outside contributions

• I have read and agree to the CONTRIBUTING document.
• I have read and agree to the AI Policy document. I understand that failure to comply with the guidelines will lead to rejection of the pull request.

Summary by CodeRabbit

• Chores
  • Updated Go module dependencies across projects to newer versions, including improvements to core libraries for networking, logging, telemetry, cryptography, and security.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 4f9dec21-f75a-4bb4-b21e-ce210d02f9de

📥 Commits

Reviewing files that changed from the base of the PR and between 94cc463 and 2be3312.

⛔ Files ignored due to path filters (3)

• f3-sidecar/go.sum is excluded by !**/*.sum
• interop-tests/src/tests/go_app/go.sum is excluded by !**/*.sum
• tools/prometheus_metrics_validator/go.sum is excluded by !**/*.sum

📒 Files selected for processing (3)

• f3-sidecar/go.mod
• interop-tests/src/tests/go_app/go.mod
• tools/prometheus_metrics_validator/go.mod

---

Walkthrough

This PR updates Go module dependencies across three project modules: f3-sidecar/go.mod, interop-tests/src/tests/go_app/go.mod, and tools/prometheus_metrics_validator/go.mod. Direct dependencies including rust2go, IPFS/libp2p components, and standard libraries are bumped, along with indirect dependencies for WebRTC/QUIC, OpenTelemetry, and various golang.org/x modules. No code logic changes are present.

Changes

Go module dependency version updates

Layer / File(s)	Summary
f3-sidecar core and indirect dependencies f3-sidecar/go.mod	Direct dependencies (rust2go, ipfs/go-log/v2, libp2p/go-libp2p-kad-dht, golang.org/x/crypto) and a comprehensive set of indirect dependencies (ipfs/boxo, ipld/go-ipld-prime, pion/* WebRTC/ICE modules, prometheus/common, quic-go, OpenTelemetry, and multiple golang.org/x/* libraries) are updated to newer versions.
interop-tests/go_app core and indirect dependencies interop-tests/src/tests/go_app/go.mod	Direct dependencies (rust2go, ipfs/boxo, ipfs/go-log/v2, libp2p/go-libp2p-kad-dht) and indirect dependencies (ipld/go-ipld-prime, koron/go-ssdp, pion/*, OpenTelemetry, quic-go, and golang.org/x/*) are upgraded to align versions with f3-sidecar.
prometheus_metrics_validator dependencies tools/prometheus_metrics_validator/go.mod	Direct dependencies (prometheus/prometheus v0.311.3→v0.312.0, urfave/cli/v3 v3.8.0→v3.9.0) and indirect dependencies (prometheus/common v0.67.5→v0.68.1, golang.org/x/text v0.36.0→v0.37.0) are bumped to newer patch/minor versions.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• ChainSafe/forest#6757: Updates the same Go module version pins (notably f3-sidecar/go.mod, interop-tests/src/tests/go_app/go.mod, and tools/prometheus_metrics_validator/go.mod) with overlapping dependency bumps.
• ChainSafe/forest#6938: Updates Go module dependency pins in the same go.mod files with overlapping libraries like go-libp2p-kad-dht, x/crypto, go.opentelemetry.io/otel, and golang.org/x/*.
• ChainSafe/forest#6998: Updates the same Go module dependency sets in f3-sidecar/go.mod and interop-tests/src/tests/go_app/go.mod including shared bumps like libp2p/go-libp2p-kad-dht, ipfs/boxo, and golang.org/x/telemetry.

Suggested reviewers

• sudo-shashank
• akaladarshi

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'chore: bump Go deps' accurately describes the main change—updating Go module dependencies across multiple files. It is concise, clear, and directly reflects the changeset content.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch hm/bump-go-deps

✨ Simplify code

• Create PR with simplified code
• Commit simplified code in branch hm/bump-go-deps

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 golangci-lint (2.12.2)

level=error msg="[linters_context] typechecking error: pattern ./...: directory prefix . does not contain modules listed in go.work or their selected dependencies"

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}