Skip to content

Update module github.com/fxamacker/cbor/v2 to v2.4.0

renovate requested to merge renovate/github.com-fxamacker-cbor-v2-2.x into master

This MR contains the following updates:

Package Type Update Change
github.com/fxamacker/cbor/v2 require minor v2.2.0 -> v2.4.0

Release Notes

fxamacker/cbor

v2.4.0

Compare Source

This release adds two user-requested features to the decoder. It passed 3+ billion execs fuzzing before being tagged.

What's Changed

Special Thanks

Full Changelog: https://github.com/fxamacker/cbor/compare/v2.3.1...v2.4.0

v2.3.1

Compare Source

IMPORTANT:

  • This release fixes an important typo in README and omission in CONTRIBUTING.
  • No changes to code outside _test.go files.
  • Changes to non-test files are limited to comments.
  • Next release (v2.4.0) started fuzz testing and is expected to be tagged within 1-2 weeks.

Changes to v2.3.1 include:

  • Fix typo in docs (example code snippet) that can cause bugs. Thanks @​herrjemand!
  • Update CONTRIBUTING to mention signing requirements. Thanks @​lukseven and @​x448!
  • Update README. Thanks @​x448 and @​rumpelsepp!
  • Update ci.yml to use Go 1.17.x. Thanks @​x448!
  • Add Revive as a lint checker.
  • Cleanup lint messages in _test.go files
  • Cleanup lint messages in non-test files if the changes are limited to comments (no actual coding changes).

Full Changelog: https://github.com/fxamacker/cbor/compare/v2.3.0...v2.3.1

v2.3.0

Compare Source

Upgrading is recommended: v2.3.0 has bug fixes, is faster, and passed 1+ billion execs fuzzing.

Features and Improvements

  • Add built-in support for big.Int (#​209)
  • Add support for tag 55799 self-describing CBOR (#​227)
  • Export valid function (#​248)
  • Increase user-configurable CBOR limit for MaxArrayElements and MaxMapPairs (#​207)
  • Add decoding option to be more strict than encoding/json: fail on CBOR map if destination struct field is not found (#​178)
  • Add option for decoding CBOR pos and neg integer to interface{} to not distinguish between uint and int (#​216)

🚀 Performance

fxamacker/cbor 2.3.0 is faster than 2.2.0 by up to 14% (using CWT and COSE example data from RFCs).

name                                 old time/op    new time/op    delta
DecodeCWTClaims-4                      1.34µs ± 0%    1.25µs ± 0%   -6.90%  (p=0.000 n=10+9)
DecodeCOSE/128-Bit_Symmetric_Key-4     1.01µs ± 0%    0.86µs ± 0%  -14.02%  (p=0.000 n=9+9)
DecodeCOSE/256-Bit_Symmetric_Key-4     1.02µs ± 0%    0.88µs ± 0%  -13.60%  (p=0.000 n=9+10)
DecodeCOSE/ECDSA_P256_256-Bit_Key-4    1.69µs ± 0%    1.45µs ± 0%  -14.14%  (p=0.000 n=10+10)
DecodeWebAuthn-4                       1.46µs ± 0%    1.32µs ± 0%   -9.65%  (p=0.000 n=10+10)
EncodeCWTClaims-4                       766ns ± 0%     780ns ± 0%   +1.87%  (p=0.000 n=10+10)
EncodeCOSE/128-Bit_Symmetric_Key-4      910ns ± 0%     908ns ± 0%     ~     (p=0.059 n=9+10)
EncodeCOSE/256-Bit_Symmetric_Key-4      912ns ± 0%     912ns ± 0%     ~     (p=0.909 n=10+10)
EncodeCOSE/ECDSA_P256_256-Bit_Key-4    1.13µs ± 1%    1.14µs ± 0%   +0.61%  (p=0.001 n=9+10)
EncodeWebAuthn-4                        794ns ± 2%     823ns ± 1%   +3.69%  (p=0.000 n=9+10)
fxamacker/cbor 2.3.0 vs ugorji/go 1.2.6

fxamacker/cbor 2.3.0 (not using unsafe) is faster than ugorji/go 1.2.6 (using unsafe).

name                                 old time/op    new time/op    delta
DecodeCWTClaims-4                      2.06µs ± 1%    1.25µs ± 0%  -39.57%  (p=0.000 n=10+9)
DecodeCOSE/128-Bit_Symmetric_Key-4     1.47µs ± 1%    0.86µs ± 0%  -41.25%  (p=0.000 n=9+9)
DecodeCOSE/256-Bit_Symmetric_Key-4     1.50µs ± 2%    0.88µs ± 0%  -41.63%  (p=0.000 n=10+10)
DecodeCOSE/ECDSA_P256_256-Bit_Key-4    2.22µs ± 2%    1.45µs ± 0%  -34.65%  (p=0.000 n=10+10)
DecodeWebAuthn-4                       1.55µs ± 0%    1.32µs ± 0%  -14.97%  (p=0.000 n=9+10)
EncodeCWTClaims-4                      1.46µs ± 0%    0.78µs ± 0%  -46.52%  (p=0.000 n=10+10)
EncodeCOSE/128-Bit_Symmetric_Key-4     1.79µs ± 1%    0.91µs ± 0%  -49.38%  (p=0.000 n=9+10)
EncodeCOSE/256-Bit_Symmetric_Key-4     1.79µs ± 1%    0.91µs ± 0%  -49.15%  (p=0.000 n=10+10)
EncodeCOSE/ECDSA_P256_256-Bit_Key-4    2.09µs ± 1%    1.14µs ± 0%  -45.41%  (p=0.000 n=10+10)
EncodeWebAuthn-4                        981ns ± 0%     823ns ± 1%  -16.05%  (p=0.000 n=10+10)

name                                 old alloc/op   new alloc/op   delta
DecodeCWTClaims-4                        760B ± 0%      176B ± 0%  -76.84%  (p=0.000 n=10+10)
DecodeCOSE/128-Bit_Symmetric_Key-4       800B ± 0%      240B ± 0%  -70.00%  (p=0.000 n=10+10)
DecodeCOSE/256-Bit_Symmetric_Key-4       816B ± 0%      256B ± 0%  -68.63%  (p=0.000 n=10+10)
DecodeCOSE/ECDSA_P256_256-Bit_Key-4      913B ± 0%      352B ± 0%  -61.45%  (p=0.000 n=10+10)
DecodeWebAuthn-4                       1.56kB ± 0%    0.99kB ± 0%  -36.41%  (p=0.000 n=10+10)
EncodeCWTClaims-4                      1.36kB ± 0%    0.18kB ± 0%  -87.06%  (p=0.000 n=10+10)
EncodeCOSE/128-Bit_Symmetric_Key-4     1.97kB ± 0%    0.22kB ± 0%  -88.62%  (p=0.000 n=10+10)
EncodeCOSE/256-Bit_Symmetric_Key-4     1.97kB ± 0%    0.24kB ± 0%  -87.80%  (p=0.000 n=10+10)
EncodeCOSE/ECDSA_P256_256-Bit_Key-4    1.97kB ± 0%    0.32kB ± 0%  -83.74%  (p=0.000 n=10+10)
EncodeWebAuthn-4                       1.31kB ± 0%    1.09kB ± 0%  -17.07%  (p=0.000 n=10+10)

name                                 old allocs/op  new allocs/op  delta
DecodeCWTClaims-4                        6.00 ± 0%      6.00 ± 0%     ~     (all equal)
DecodeCOSE/128-Bit_Symmetric_Key-4       4.00 ± 0%      4.00 ± 0%     ~     (all equal)
DecodeCOSE/256-Bit_Symmetric_Key-4       4.00 ± 0%      4.00 ± 0%     ~     (all equal)
DecodeCOSE/ECDSA_P256_256-Bit_Key-4      7.00 ± 0%      7.00 ± 0%     ~     (all equal)
DecodeWebAuthn-4                         5.00 ± 0%      5.00 ± 0%     ~     (all equal)
EncodeCWTClaims-4                        4.00 ± 0%      2.00 ± 0%  -50.00%  (p=0.000 n=10+10)
EncodeCOSE/128-Bit_Symmetric_Key-4       6.00 ± 0%      2.00 ± 0%  -66.67%  (p=0.000 n=10+10)
EncodeCOSE/256-Bit_Symmetric_Key-4       6.00 ± 0%      2.00 ± 0%  -66.67%  (p=0.000 n=10+10)
EncodeCOSE/ECDSA_P256_256-Bit_Key-4      6.00 ± 0%      2.00 ± 0%  -66.67%  (p=0.000 n=10+10)
EncodeWebAuthn-4                         4.00 ± 0%      2.00 ± 0%  -50.00%  (p=0.000 n=10+10)

Benchmarks used Go 1.15.12 on linux_amd64. Benchmark results are data dependent so run them using your own data.

🐞 Bug Fixes

  • Allow decoding to struct field of interface type (#​260, #​275)
  • Decoding registered tag to empty interface should return object of registered type (#​223)
  • Fix: encoding cbor.RawTag with empty content returns malformed CBOR data (#​258)
  • Fix: encoding uninitialized cbor.(Raw)Tag returns malformed CBOR data (#​256)
  • Decoding CBOR null to time.Time should have no effect (#​254)
  • Fix: decoding CBOR null to cbor.Tag shouldn't return any error (#​252)
  • Properly handle empty values for custom types (#​232)
  • Decoding should ignore CBOR tag number 55799 when it is a prefix (#​228)
  • Validate CBOR tag content type if tag number is 0 or 1, even when TimeTag = DecTagIgnored (#​221)
  • Registering tag (TagSet.Add) with already registered tag number should be rejected (#​218)
  • DecOptions.ExtraReturnErrors field should be typed #​240

📖 Docs

  • Make README more friendly to dark themes (#​269)
  • Private member struct tag (json:"-" and cbor:"-") are supported but not documented (#​201)
  • TagOptions struct is missing from README.md (#​199)
  • Fix go.dev and README compatibility (#​173)
  • Replace CBOR "draft RFC" with CBOR "RFC 8949" because it was approved by IETF (#​265)

🏗️ Chores

  • Audit library for any missing attribution for code snippets from sources other than Go's stdlib (#​237)
  • Audit library for any missing attribution for code snippets from Go's stdlib (encoding/json) (#​233)
  • Create pull request template for code contributions (#​197)
  • CI: Use safer-golangci-lint.yml GitHub Action Workflow contributed by @​x448
  • CI: Bump golangci-lint to 1.40.1
  • CI: Use CodeQL analysis

🧪 Tests and Fuzzing

  • Code coverage remains above 98%.
  • Coverage-guided fuzzing reached 1+ billion execs ~2 days after v2.3.0 release.

👍 Special Thanks

️ Winter Storm Uri Displaced Me (still at a hotel 3+ months later)

  • As of May 30, I'm still displaced due to Winter Storm Uri started causing damage on February 16. Fire sprinklers started leaking, pipes shattered in the ceilings, and water outage lasted 2+ weeks.

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.


  • If you want to rebase/retry this MR, check this box.

This MR has been generated by Renovate Bot.

Edited by renovate

Merge request reports