Update module github.com/fxamacker/cbor/v2 to v2.4.0
This MR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| github.com/fxamacker/cbor/v2 | require | minor |
v2.2.0 -> v2.4.0
|
Release Notes
fxamacker/cbor
v2.4.0
This release adds two user-requested features to the decoder. It passed 3+ billion execs fuzzing before being tagged.
What's Changed
- Add option to specify default Go map type when decoding CBOR map into interface{} by @fxamacker in https://github.com/fxamacker/cbor/pull/316
- Add support for decoding registered CBOR tag to interface type by @fxamacker in https://github.com/fxamacker/cbor/pull/308
- Update CBOR docs for v2.4.0 by @x448 in https://github.com/fxamacker/cbor/pull/318
Special Thanks
- @lukseven for opening issue #303 and proposing a solution
- @Gui-Yom for issue #301
Full Changelog: https://github.com/fxamacker/cbor/compare/v2.3.1...v2.4.0
v2.3.1
IMPORTANT:
- This release fixes an important typo in README and omission in CONTRIBUTING.
- No changes to code outside _test.go files.
- Changes to non-test files are limited to comments.
- Next release (v2.4.0) started fuzz testing and is expected to be tagged within 1-2 weeks.
Changes to v2.3.1 include:
- Fix typo in docs (example code snippet) that can cause bugs. Thanks @herrjemand!
- Update CONTRIBUTING to mention signing requirements. Thanks @lukseven and @x448!
- Update README. Thanks @x448 and @rumpelsepp!
- Update ci.yml to use Go 1.17.x. Thanks @x448!
- Add Revive as a lint checker.
- Cleanup lint messages in _test.go files
- Cleanup lint messages in non-test files if the changes are limited to comments (no actual coding changes).
Full Changelog: https://github.com/fxamacker/cbor/compare/v2.3.0...v2.3.1
v2.3.0
Upgrading is recommended: v2.3.0 has bug fixes, is faster, and passed 1+ billion execs fuzzing.
⭐ Features and Improvements
- Add built-in support for big.Int (#209)
- Add support for tag 55799 self-describing CBOR (#227)
- Export
validfunction (#248) - Increase user-configurable CBOR limit for MaxArrayElements and MaxMapPairs (#207)
- Add decoding option to be more strict than encoding/json: fail on CBOR map if destination struct field is not found (#178)
- Add option for decoding CBOR pos and neg integer to interface{} to not distinguish between uint and int (#216)
🚀 Performance
fxamacker/cbor 2.3.0 is faster than 2.2.0 by up to 14% (using CWT and COSE example data from RFCs).
name old time/op new time/op delta
DecodeCWTClaims-4 1.34µs ± 0% 1.25µs ± 0% -6.90% (p=0.000 n=10+9)
DecodeCOSE/128-Bit_Symmetric_Key-4 1.01µs ± 0% 0.86µs ± 0% -14.02% (p=0.000 n=9+9)
DecodeCOSE/256-Bit_Symmetric_Key-4 1.02µs ± 0% 0.88µs ± 0% -13.60% (p=0.000 n=9+10)
DecodeCOSE/ECDSA_P256_256-Bit_Key-4 1.69µs ± 0% 1.45µs ± 0% -14.14% (p=0.000 n=10+10)
DecodeWebAuthn-4 1.46µs ± 0% 1.32µs ± 0% -9.65% (p=0.000 n=10+10)
EncodeCWTClaims-4 766ns ± 0% 780ns ± 0% +1.87% (p=0.000 n=10+10)
EncodeCOSE/128-Bit_Symmetric_Key-4 910ns ± 0% 908ns ± 0% ~ (p=0.059 n=9+10)
EncodeCOSE/256-Bit_Symmetric_Key-4 912ns ± 0% 912ns ± 0% ~ (p=0.909 n=10+10)
EncodeCOSE/ECDSA_P256_256-Bit_Key-4 1.13µs ± 1% 1.14µs ± 0% +0.61% (p=0.001 n=9+10)
EncodeWebAuthn-4 794ns ± 2% 823ns ± 1% +3.69% (p=0.000 n=9+10)fxamacker/cbor 2.3.0 vs ugorji/go 1.2.6
fxamacker/cbor 2.3.0 (not using unsafe) is faster than ugorji/go 1.2.6 (using unsafe).
name old time/op new time/op delta
DecodeCWTClaims-4 2.06µs ± 1% 1.25µs ± 0% -39.57% (p=0.000 n=10+9)
DecodeCOSE/128-Bit_Symmetric_Key-4 1.47µs ± 1% 0.86µs ± 0% -41.25% (p=0.000 n=9+9)
DecodeCOSE/256-Bit_Symmetric_Key-4 1.50µs ± 2% 0.88µs ± 0% -41.63% (p=0.000 n=10+10)
DecodeCOSE/ECDSA_P256_256-Bit_Key-4 2.22µs ± 2% 1.45µs ± 0% -34.65% (p=0.000 n=10+10)
DecodeWebAuthn-4 1.55µs ± 0% 1.32µs ± 0% -14.97% (p=0.000 n=9+10)
EncodeCWTClaims-4 1.46µs ± 0% 0.78µs ± 0% -46.52% (p=0.000 n=10+10)
EncodeCOSE/128-Bit_Symmetric_Key-4 1.79µs ± 1% 0.91µs ± 0% -49.38% (p=0.000 n=9+10)
EncodeCOSE/256-Bit_Symmetric_Key-4 1.79µs ± 1% 0.91µs ± 0% -49.15% (p=0.000 n=10+10)
EncodeCOSE/ECDSA_P256_256-Bit_Key-4 2.09µs ± 1% 1.14µs ± 0% -45.41% (p=0.000 n=10+10)
EncodeWebAuthn-4 981ns ± 0% 823ns ± 1% -16.05% (p=0.000 n=10+10)
name old alloc/op new alloc/op delta
DecodeCWTClaims-4 760B ± 0% 176B ± 0% -76.84% (p=0.000 n=10+10)
DecodeCOSE/128-Bit_Symmetric_Key-4 800B ± 0% 240B ± 0% -70.00% (p=0.000 n=10+10)
DecodeCOSE/256-Bit_Symmetric_Key-4 816B ± 0% 256B ± 0% -68.63% (p=0.000 n=10+10)
DecodeCOSE/ECDSA_P256_256-Bit_Key-4 913B ± 0% 352B ± 0% -61.45% (p=0.000 n=10+10)
DecodeWebAuthn-4 1.56kB ± 0% 0.99kB ± 0% -36.41% (p=0.000 n=10+10)
EncodeCWTClaims-4 1.36kB ± 0% 0.18kB ± 0% -87.06% (p=0.000 n=10+10)
EncodeCOSE/128-Bit_Symmetric_Key-4 1.97kB ± 0% 0.22kB ± 0% -88.62% (p=0.000 n=10+10)
EncodeCOSE/256-Bit_Symmetric_Key-4 1.97kB ± 0% 0.24kB ± 0% -87.80% (p=0.000 n=10+10)
EncodeCOSE/ECDSA_P256_256-Bit_Key-4 1.97kB ± 0% 0.32kB ± 0% -83.74% (p=0.000 n=10+10)
EncodeWebAuthn-4 1.31kB ± 0% 1.09kB ± 0% -17.07% (p=0.000 n=10+10)
name old allocs/op new allocs/op delta
DecodeCWTClaims-4 6.00 ± 0% 6.00 ± 0% ~ (all equal)
DecodeCOSE/128-Bit_Symmetric_Key-4 4.00 ± 0% 4.00 ± 0% ~ (all equal)
DecodeCOSE/256-Bit_Symmetric_Key-4 4.00 ± 0% 4.00 ± 0% ~ (all equal)
DecodeCOSE/ECDSA_P256_256-Bit_Key-4 7.00 ± 0% 7.00 ± 0% ~ (all equal)
DecodeWebAuthn-4 5.00 ± 0% 5.00 ± 0% ~ (all equal)
EncodeCWTClaims-4 4.00 ± 0% 2.00 ± 0% -50.00% (p=0.000 n=10+10)
EncodeCOSE/128-Bit_Symmetric_Key-4 6.00 ± 0% 2.00 ± 0% -66.67% (p=0.000 n=10+10)
EncodeCOSE/256-Bit_Symmetric_Key-4 6.00 ± 0% 2.00 ± 0% -66.67% (p=0.000 n=10+10)
EncodeCOSE/ECDSA_P256_256-Bit_Key-4 6.00 ± 0% 2.00 ± 0% -66.67% (p=0.000 n=10+10)
EncodeWebAuthn-4 4.00 ± 0% 2.00 ± 0% -50.00% (p=0.000 n=10+10)Benchmarks used Go 1.15.12 on linux_amd64. Benchmark results are data dependent so run them using your own data.
🐞 Bug Fixes
- Allow decoding to struct field of interface type (#260, #275)
- Decoding registered tag to empty interface should return object of registered type (#223)
- Fix: encoding cbor.RawTag with empty content returns malformed CBOR data (#258)
- Fix: encoding uninitialized cbor.(Raw)Tag returns malformed CBOR data (#256)
- Decoding CBOR null to time.Time should have no effect (#254)
- Fix: decoding CBOR null to cbor.Tag shouldn't return any error (#252)
- Properly handle empty values for custom types (#232)
- Decoding should ignore CBOR tag number 55799 when it is a prefix (#228)
- Validate CBOR tag content type if tag number is 0 or 1, even when TimeTag = DecTagIgnored (#221)
- Registering tag (TagSet.Add) with already registered tag number should be rejected (#218)
- DecOptions.ExtraReturnErrors field should be typed #240
📖 Docs
- Make README more friendly to dark themes (#269)
- Private member struct tag (json:"-" and cbor:"-") are supported but not documented (#201)
- TagOptions struct is missing from README.md (#199)
- Fix go.dev and README compatibility (#173)
- Replace CBOR "draft RFC" with CBOR "RFC 8949" because it was approved by IETF (#265)
🏗 ️ Chores
- Audit library for any missing attribution for code snippets from sources other than Go's stdlib (#237)
- Audit library for any missing attribution for code snippets from Go's stdlib (encoding/json) (#233)
- Create pull request template for code contributions (#197)
- CI: Use safer-golangci-lint.yml GitHub Action Workflow contributed by @x448
- CI: Bump golangci-lint to 1.40.1
- CI: Use CodeQL analysis
🧪 Tests and Fuzzing
- Code coverage remains above 98%.
- Coverage-guided fuzzing reached 1+ billion execs ~2 days after v2.3.0 release.
👍 Special Thanks
- Special thanks to @kostko, @turbolent, @x448, @yawning and others for reporting bugs, providing feedback, and more.
⛈ ️ Winter Storm Uri Displaced Me (still at a hotel 3+ months later)
- As of May 30, I'm still displaced due to Winter Storm Uri started causing damage on February 16. Fire sprinklers started leaking, pipes shattered in the ceilings, and water outage lasted 2+ weeks.
Configuration
-
If you want to rebase/retry this MR, check this box.
This MR has been generated by Renovate Bot.
Edited by renovate