chore: upgrade go-coap

[jkralik]

Summary by CodeRabbit

• Chores

  • Updated third-party dependencies to the latest compatible versions to improve security, stability, and compatibility. No user-facing or API changes expected.

• Tests

  • Upgraded the testing framework to the latest version to ensure continued reliability and compatibility of the test suite without impacting runtime behavior.

[coderabbitai]

Walkthrough

Incremented versions of several Go module dependencies in go.mod. No source code or public API changes included.

Changes

Cohort / File(s)	Summary of Changes
Dependency updates go.mod	Bumped: github.com/pion/dtls/v3 v3.0.6 → v3.0.7; github.com/pion/logging v0.2.3 → v0.2.4; github.com/plgd-dev/go-coap/v3 v3.3.7-0.20250702164925-f431046ea1ce → v3.4.1-0.20250912074156-3562ee25ca12; github.com/stretchr/testify v1.10.0 → v1.11.1. No public/exported declarations changed.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• Upgrade dependencies #488 — Similar dependency version bumps, including github.com/plgd-dev/go-coap/v3, indicating a related upgrade track.

Pre-merge checks (3 passed)

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title "chore: upgrade go-coap" directly reflects the primary change in the changeset — updating the go-coap dependency in go.mod as shown in the raw summary. It is concise, single-line, and avoids noisy or vague wording. A reviewer scanning history will understand the main intent at a glance.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

Poem

I thump my paws at version cheer,
New tags hop in, dependencies clear.
DTLS, logging, testify, too—
CoAP grows with a fresh ado.
In tidy burrows, mods align,
Carrots crunched, the build is fine. 🥕✨

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 209ec3c and 5de92cc.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (1)

• go.mod (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (7)

• GitHub Check: build-and-publish-image (bridge-device, cmd/bridge-device/Dockerfile) / build-and-publish-with-cfg
• GitHub Check: build-and-publish-image (test-cloud-server, test/cloud-server/Dockerfile) / build-and-publish-with-cfg
• GitHub Check: tests (cloud-server-debug, true, true, ghcr.io/iotivity/iotivity-lite/cloud-server-debug:vnext, t... / test
• GitHub Check: tests (cloud-server-discovery-resource-observable-debug, true, ghcr.io/iotivity/iotivity-lite/clo... / test
• GitHub Check: tests (cloud-server-discovery-resource-observable-debug-384, CERT_TOOL_SIGN_ALG=ECDSA-SHA384 CERT... / test
• GitHub Check: tests (cloud-server-debug-sha384, CERT_TOOL_SIGN_ALG=ECDSA-SHA384 CERT_TOOL_ELLIPTIC_CURVE=P384, ... / test
• GitHub Check: Analyze (go)

🔇 Additional comments (2)

go.mod (2)

22-22: Bump to testify v1.11.1 is good; includes a mock argument-matching fix.

v1.11.1 reverts the mutating-stringer matching behavior introduced in v1.11.0; safer for existing mocks. No code changes expected in this repo. (github.com)

If you use testify/mock with Stringer expectations, run the affected tests to confirm no regressions.

---

18-20: Upgrade to go-coap pseudo-version accepted — run tidy with Go 1.23.0, commit go.sum, and sanity-check DTLS/UDP/cache

• go mod tidy in verification downloaded github.com/plgd-dev/go-coap/v3@v3.4.1-0... but tidy failed with: "github.com/grpc-ecosystem/go-grpc-middleware/v2@v2.3.2 requires go@1.23.0, but 1.23 is requested" — run locally with Go 1.23.0 (or try go mod tidy -go=1.23.0) to produce and commit go.sum updates.
• Repo uses go-coap widely; sanity-check end-to-end DTLS/UDP paths and cache/blockwise behavior. Hotspots: pkg/net/coap/client.go (DialUDPSecure), client/core/device.go (dtls.Config / PSK flows), client/deviceCache.go (pkg/cache), bridge/net/network.go (udp servers/deduplication), and the client/core/* DialDTLS/DialUDPSecure wrappers.
• If tagged release provenance is required, pin to v3.4.0 until v3.4.1 is officially tagged and add the post-3.4.0 commit/PR links in the PR for traceability.

✨ Finishing touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch jkralik/chore/update-go-coap

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 74.09%. Comparing base (209ec3c) to head (5de92cc).

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #519      +/-   ##
==========================================
+ Coverage   74.08%   74.09%   +0.01%     
==========================================
  Files         124      124              
  Lines        8763     8763              
==========================================
+ Hits         6492     6493       +1     
  Misses       1680     1680              
+ Partials      591      590       -1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.