Update module github.com/fxamacker/cbor/v2 to v2.9.1

[red-hat-konflux]

This PR contains the following updates:

Package	Change	Age	Confidence
github.com/fxamacker/cbor/v2	v2.9.0 → v2.9.1

---

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

---

Release Notes

fxamacker/cbor (github.com/fxamacker/cbor/v2)

v2.9.1

Compare Source

This release includes important bugfixes, defensive checks, improved code quality, and more tests. Although not public, the fuzzer was also improved by adding more fuzz tests.

🐞 Bug fixes related to the keyasint feature

These changes only affect Go struct fields tagged with keyasint:

• [Decoding] Reject integer keys that exceed math.MaxInt64 when decoding CBOR map to a struct with keyasint field (PR #​757)
• [Decoding] Prevent string representation of an integer key from matching the struct field tagged by keyasint (PR #​757)
• [Encoding & Decoding] Deduplicate struct fields with the same normalized keyasint tag values (PR #​757)

🐞 Other bug fixes and defensive checks

Some of the bugs fixed are related to decoding extreme values that cannot be encoded with this library. For example, the decoder checks if epoch time encoded as CBOR float value representing hundreds of billions of years overflows int64(seconds).

NOTE: It is generally good practice to avoid using floating point to store epoch time (even when not using CBOR).

• [Decoding] Reject decoding epoch time encoded as floats that overflow int64 (PR #​753)
• [Encoding] Return a cloned slice for an empty RawMessage from RawMessage.MarshalCBOR (PR #​753)
• [Encoding] Reject encoding nil inside indefinite-length strings (PR #​750)
• [Diagnostic] Accept valid U+FFFD replacement character (PR #​753)

What's Changed

• 🆕 Add TimeMode encoding option TimeRFC3339NanoUTC by @​fxamacker in #​688
• Use actual negative zero in tests by @​makew0rld in #​708
• Reject encoding nil inside CBOR indefinite-length string by @​fxamacker in #​750
• Refactor and add tests by @​fxamacker in #​752
• Small bugfixes, defensive checks, and improvements by @​fxamacker in #​753
• Refactor parseMapToStruct(), getDecodingStructType(), getEncodingStructType(), and field struct by @​fxamacker in #​754
• Fix several issues related to keyasint tag option by @​fxamacker in #​757

CI / GitHub Actions and Docs

🔎 Details...

• Bump github/codeql-action from 3.29.2 to 3.29.4 by @​dependabot[bot] in #​690
• Bump github/codeql-action from 3.29.4 to 3.29.5 by @​dependabot[bot] in #​691
• Bump actions/checkout from 4.2.2 to 5.0.0 by @​dependabot[bot] in #​696
• Bump github/codeql-action from 3.29.7 to 3.29.9 by @​dependabot[bot] in #​697
• Bump github/codeql-action from 3.29.9 to 3.29.11 by @​dependabot[bot] in #​700
• Bump github/codeql-action from 3.29.11 to 3.30.0 by @​dependabot[bot] in #​702
• Bump actions/setup-go from 5.5.0 to 6.0.0 by @​dependabot[bot] in #​703
• Bump github/codeql-action from 3.30.0 to 3.30.3 by @​dependabot[bot] in #​706
• Bump github/codeql-action from 3.30.3 to 3.30.4 by @​dependabot[bot] in #​710
• Bump github/codeql-action from 3.30.4 to 3.30.6 by @​dependabot[bot] in #​712
• Bump github/codeql-action from 3.30.6 to 4.30.7 by @​dependabot[bot] in #​713
• Bump github/codeql-action from 4.30.7 to 4.30.8 by @​dependabot[bot] in #​716
• Bump github/codeql-action from 4.30.8 to 4.30.9 by @​dependabot[bot] in #​718
• Bump github/codeql-action from 4.30.9 to 4.31.2 by @​dependabot[bot] in #​720
• Bump github/codeql-action from 4.31.2 to 4.31.3 by @​dependabot[bot] in #​721
• Bump github/codeql-action from 4.31.3 to 4.31.4 by @​dependabot[bot] in #​724
• Bump actions/setup-go from 6.0.0 to 6.1.0 by @​dependabot[bot] in #​725
• Bump actions/checkout from 5.0.0 to 6.0.0 by @​dependabot[bot] in #​726
• Bump github/codeql-action from 4.31.4 to 4.31.5 by @​dependabot[bot] in #​727
• Bump github/codeql-action from 4.31.5 to 4.31.6 by @​dependabot[bot] in #​728
• Bump actions/checkout from 6.0.0 to 6.0.1 by @​dependabot[bot] in #​729
• Bump github/codeql-action from 4.31.6 to 4.31.8 by @​dependabot[bot] in #​732
• Bump github/codeql-action from 4.31.8 to 4.31.9 by @​dependabot[bot] in #​733
• Bump github/codeql-action from 4.31.9 to 4.31.10 by @​dependabot[bot] in #​738
• Bump actions/setup-go from 6.1.0 to 6.2.0 by @​dependabot[bot] in #​739
• Bump actions/checkout from 6.0.1 to 6.0.2 by @​dependabot[bot] in #​740
• Bump github/codeql-action from 4.31.10 to 4.32.0 by @​dependabot[bot] in #​742
• Bump github/codeql-action from 4.32.0 to 4.32.3 by @​dependabot[bot] in #​745
• Bump actions/setup-go from 6.2.0 to 6.3.0 by @​dependabot[bot] in #​746
• Bump github/codeql-action from 4.32.3 to 4.32.4 by @​dependabot[bot] in #​747
• Bump github/codeql-action from 4.32.4 to 4.32.6 by @​dependabot[bot] in #​748
• Bump github/codeql-action from 4.32.6 to 4.34.0 by @​dependabot[bot] in #​749
• Bump github/codeql-action from 4.34.0 to 4.34.1 by @​dependabot[bot] in #​751
• Update README status section by @​fxamacker in #​758

New Contributors

• @​makew0rld made their first contributihttps://github.com/fxamacker/cbor/pull/708ll/708

Full Changelog: fxamacker/cbor@v2.9.0...v2.9.1

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

---

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.