chore(deps): update module github.com/fxamacker/cbor/v2 to v2.9.0

[red-hat-konflux]

This PR contains the following updates:

Package	Change	Age	Confidence
github.com/fxamacker/cbor/v2	v2.7.0 -> v2.9.0

---

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

---

Release Notes

fxamacker/cbor (github.com/fxamacker/cbor/v2)

v2.9.0

Compare Source

v2.9.0 adds new features, refactors tests, and improves docs. New features improve interoperability/transcoding between CBOR & JSON.

v2.9.0 passed fuzz tests and is production quality. However, the new TextUnmarshaler feature will continue being fuzz tested a bit longer due to recent changes. The recent changes are limited and don't affect other parts of the codec that passed ~2 billion execs fuzzing.

What's Changed

• Refactor to use Go standard library functions by @​fxamacker in #​663
• Improve DupMapKeyError message by @​fxamacker in #​670
• Add options to support TextMarshaler and TextUnmarshaler by @​benluddy in #​672
• Add optional support for json.Marshaler and json.Unmarshaler via transcoding by @​benluddy in #​673
• Refactor tests and update comments by @​fxamacker in #​678
• Use TextUnmarshaler on byte strings with ByteStringToStringAllowed. by @​benluddy in #​682

Docs

• README: Document struct field tag "-" by @​fxamacker in #​653
• Fix IntDecConvertSignedOrBigInt doc comment by @​theory in #​655
• Update docs for TimeMode, Tag, RawTag, and add example for Embedded JSON Tag for CBOR by @​fxamacker in #​659
• Update README for Embedded JSON Tag for CBOR (tag 262) by @​fxamacker in #​662
• Fix typos in some comments by @​adeinega in #​671
• Update README for v2.9.0 and add Red Hat as a user by @​fxamacker in #​684

CI

🔎 Details

• Bump github/codeql-action from 3.28.13 to 3.28.15 by @​dependabot[bot] in #​651
• Bump github/codeql-action from 3.28.15 to 3.28.16 by @​dependabot[bot] in #​658
• Bump github/codeql-action from 3.28.16 to 3.28.17 by @​dependabot[bot] in #​660
• Bump actions/setup-go from 5.4.0 to 5.5.0 by @​dependabot[bot] in #​661
• Bump github/codeql-action from 3.28.17 to 3.28.18 by @​dependabot[bot] in #​664
• Bump github/codeql-action from 3.28.18 to 3.28.19 by @​dependabot[bot] in #​667
• Bump github/codeql-action from 3.28.19 to 3.29.0 by @​dependabot[bot] in #​674
• Bump github/codeql-action from 3.29.0 to 3.29.2 by @​dependabot[bot] in #​680

Special Thanks

Many thanks to @​benluddy for adding these new features! 🎉

• Add opt-in support for encoding.TextMarshaler and encoding.TextUnmarshaler to encode and decode from CBOR text string.
• Add opt-in support for json.Marshaler and json.Unmarshaler via user-provided transcoding function.

New Contributors

• @​theory made their first contribution in #​655
• @​adeinega made their first contribution in #​671

Full Changelog: fxamacker/cbor@v2.8.0...v2.9.0

v2.8.0

Compare Source

v2.8.0 adds omitzero struct tag option, fixes and deprecates 3 functions, and bumps requirements to go 1.20+.

Many thanks to @​liggitt for contributing the omitzero support!

The "omitzero" option omits zero values from encoding, matching stdlib encoding/json behavior.
When specified in the cbor tag, the option is always honored.
When specified in the json tag, the option is honored when building with Go 1.24+.

This release fixes 3 functions (when called directly by user apps) to use same error handling on bad input as cbor.Unmarshal():

• RawTag.UnmarshalCBOR() (thanks @​thomas-fossati for reporting this!)
• ByteString.UnmarshalCBOR()
• SimpleValue.UnmarshalCBOR()

This release also deprecates those 3 functions because they were initially created for internal use. Please use Unmarshal() or UnmarshalFirst() instead.

To preserve backward compatibility, the deprecated functions were added to fuzz tests and will not be removed in v2.x.

What's Changed

• go: update go.mod and ci.yml to require go1.20 or newer (was go1.17) by @​fxamacker in #​626
• Replace interface{} with any by @​fxamacker in #​627
• Replace reflect.Ptr with reflect.Pointer by @​fxamacker in #​628
• Replace reflect.PtrTo with reflect.PointerTo by @​fxamacker in #​629
• Add omitzero support by @​liggitt in #​644
• Update error handling in RawTag.UnmarshalCBOR(), etc. to match cbor.Unmarshal() by @​fxamacker in #​645
• Optimize internal calls to UnmarshalCBOR() for ByteString, RawTag, SimpleValue by @​fxamacker in #​647

Other Changes

🔍 Details

• Bump github/codeql-action from 3.25.10 to 3.25.11 by @​dependabot in #​562
• Bump actions/setup-go from 5.0.1 to 5.0.2 by @​dependabot in #​564
• Bump github/codeql-action from 3.25.11 to 3.25.12 by @​dependabot in #​565
• Bump github/codeql-action from 3.25.12 to 3.25.14 by @​dependabot in #​567
• Bump github/codeql-action from 3.25.14 to 3.25.15 by @​dependabot in #​569
• Bump github/codeql-action from 3.25.15 to 3.26.0 by @​dependabot in #​571
• Bump govulncheck from 1.0.4 to 1.1.3 by @​fxamacker in #​572
• Bump github/codeql-action from 3.26.0 to 3.26.2 by @​dependabot in #​575
• Add go1.23 to ci.yml by @​fxamacker in #​573
• Bump github/codeql-action from 3.26.2 to 3.26.6 by @​dependabot in #​580
• Mention new TinyGo feature branch in README by @​fxamacker in #​582
• Bump github/codeql-action from 3.26.6 to 3.26.8 by @​dependabot in #​585
• Bump github/codeql-action from 3.26.8 to 3.26.9 by @​dependabot in #​586
• Bump actions/checkout from 4.1.7 to 4.2.0 by @​dependabot in #​587
• README: update benchmark comparisons, etc. by @​fxamacker in #​588
• Bump github/codeql-action from 3.26.9 to 3.26.11 by @​dependabot in #​590
• README: update to clarify CBOR benchmark comparison and resolve nits by @​fxamacker in #​591
• README: fix broken link to svg file by @​fxamacker in #​592
• Bump github/codeql-action from 3.26.11 to 3.26.12 by @​dependabot in #​594
• Bump actions/checkout from 4.2.0 to 4.2.1 by @​dependabot in #​593
• Bump github/codeql-action from 3.26.12 to 3.26.13 by @​dependabot in #​595
• Bump github/codeql-action from 3.26.13 to 3.27.0 by @​dependabot in #​596
• Bump actions/checkout from 4.2.1 to 4.2.2 by @​dependabot in #​597
• Bump actions/setup-go from 5.0.2 to 5.1.0 by @​dependabot in #​598
• Bump github/codeql-action from 3.27.0 to 3.27.4 by @​dependabot in #​602
• Bump github/codeql-action from 3.27.4 to 3.27.6 by @​dependabot in #​604
• Bump github/codeql-action from 3.27.6 to 3.27.7 by @​dependabot in #​605
• Bump actions/setup-go from 5.1.0 to 5.2.0 by @​dependabot in #​606
• Bump github/codeql-action from 3.27.7 to 3.27.9 by @​dependabot in #​607
• Bump github/codeql-action from 3.27.9 to 3.28.0 by @​dependabot in #​608
• Bump github/codeql-action from 3.28.0 to 3.28.1 by @​dependabot in #​609
• Bump actions/setup-go from 5.2.0 to 5.3.0 by @​dependabot in #​610
• Bump github/codeql-action from 3.28.1 to 3.28.4 by @​dependabot in #​614
• Bump github/codeql-action from 3.28.4 to 3.28.8 by @​dependabot in #​618
• Bump github/codeql-action from 3.28.8 to 3.28.9 by @​dependabot in #​619
• .github: Bump govulncheck from 1.1.3 to 1.1.4 by @​fxamacker in #​620
• .github: Require 97% or more code coverage by @​fxamacker in #​621
• Add missing copyright notice to a few files by @​fxamacker in #​630
• Bump github/codeql-action from 3.28.9 to 3.28.10 by @​dependabot in #​631
• Bump github/codeql-action from 3.28.10 to 3.28.11 by @​dependabot in #​633
• Bump actions/setup-go from 5.3.0 to 5.4.0 by @​dependabot in #​639
• Bump github/codeql-action from 3.28.11 to 3.28.12 by @​dependabot in #​641
• Bump github/codeql-action from 3.28.12 to 3.28.13 by @​dependabot in #​642
• README: fix typo in code example in Struct Tags section by @​sschulz-t in #​637
• Update docs for cbor v2.8.0 by @​fxamacker in #​649

New Contributors

• @​sschulz-t made their first contributihttps://github.com/fxamacker/cbor/pull/637ll/637
• @​liggitt made their first contributihttps://github.com/fxamacker/cbor/pull/644ll/644

Full Changelog: fxamacker/cbor@v2.7.0...v2.8.0

v2.7.1

Compare Source

v2.7.1 fixes 3 functions (when called directly by user apps) to use same error handling on bad inputs as cbor.Unmarshal():

• ByteString.UnmarshalCBOR()
• RawTag.UnmarshalCBOR()
• SimpleValue.UnmarshalCBOR()

The above 3 fixed functions are deprecated because they were initially created for internal use. Please use Unmarshal() or UnmarshalFirst() instead.

To preserve backward compatibility, the deprecated functions were added to fuzz tests and will not be removed in v2.x.

Before Upgrading to v2.7.1

v2.8.0 is being fuzz tested and will be released later today. It adds support for omitzero struct tag option.

v2.7.1 is the last version to support go 1.17-1.19. v2.8.0 and newer releases will require go 1.20+.

What's Changed

• Update error handling in RawTag.UnmarshalCBOR(), etc. to match cbor.Unmarshal() by @​fxamacker in #​636
• Optimize internal calls to UnmarshalCBOR() by @​fxamacker in #​648

Special Thanks

Thanks @​thomas-fossati for reporting the bug in RawTag.UnmarshalCBOR() when it is called directly by user apps providing bad input data!

Full Changelog: fxamacker/cbor@v2.7.0...v2.7.1

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

---

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch konflux/mintmaker/oadp-1.4/github.com-fxamacker-cbor-v2-2.x

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: red-hat-konflux[bot]
Once this PR has been reviewed and has the lgtm label, please assign muraee for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

Hi @red-hat-konflux[bot]. Thanks for your PR.

I'm waiting for a github.com member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[red-hat-konflux]

Autoclosing Skipped

This PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error.