Update module github.com/fxamacker/cbor/v2 to v2.4.0

This MR contains the following updates:

Package	Type	Update	Change
github.com/fxamacker/cbor/v2	require	minor	v2.2.0 -> v2.4.0

---

Release Notes

fxamacker/cbor

v2.4.0

Compare Source

This release adds two user-requested features to the decoder. It passed 3+ billion execs fuzzing before being tagged.

What's Changed

• Add option to specify default Go map type when decoding CBOR map into interface{} by @​fxamacker in https://github.com/fxamacker/cbor/pull/316
• Add support for decoding registered CBOR tag to interface type by @​fxamacker in https://github.com/fxamacker/cbor/pull/308
• Update CBOR docs for v2.4.0 by @​x448 in https://github.com/fxamacker/cbor/pull/318

Special Thanks

• @​lukseven for opening issue #​303 and proposing a solution
• @​Gui-Yom for issue #​301

Full Changelog: https://github.com/fxamacker/cbor/compare/v2.3.1...v2.4.0

v2.3.1

Compare Source

IMPORTANT:

• This release fixes an important typo in README and omission in CONTRIBUTING.
• No changes to code outside _test.go files.
• Changes to non-test files are limited to comments.
• Next release (v2.4.0) started fuzz testing and is expected to be tagged within 1-2 weeks.

Changes to v2.3.1 include:

• Fix typo in docs (example code snippet) that can cause bugs. Thanks @​herrjemand!
• Update CONTRIBUTING to mention signing requirements. Thanks @​lukseven and @​x448!
• Update README. Thanks @​x448 and @​rumpelsepp!
• Update ci.yml to use Go 1.17.x. Thanks @​x448!
• Add Revive as a lint checker.
• Cleanup lint messages in _test.go files
• Cleanup lint messages in non-test files if the changes are limited to comments (no actual coding changes).

Full Changelog: https://github.com/fxamacker/cbor/compare/v2.3.0...v2.3.1

v2.3.0

Compare Source

Upgrading is recommended: v2.3.0 has bug fixes, is faster, and passed 1+ billion execs fuzzing.

Features and Improvements

• Add built-in support for big.Int (#​209)
• Add support for tag 55799 self-describing CBOR (#​227)
• Export valid function (#​248)
• Increase user-configurable CBOR limit for MaxArrayElements and MaxMapPairs (#​207)
• Add decoding option to be more strict than encoding/json: fail on CBOR map if destination struct field is not found (#​178)
• Add option for decoding CBOR pos and neg integer to interface{} to not distinguish between uint and int (#​216)

Performance

fxamacker/cbor 2.3.0 is faster than 2.2.0 by up to 14% (using CWT and COSE example data from RFCs).

name                                 old time/op    new time/op    delta
DecodeCWTClaims-4                      1.34µs ± 0%    1.25µs ± 0%   -6.90%  (p=0.000 n=10+9)
DecodeCOSE/128-Bit_Symmetric_Key-4     1.01µs ± 0%    0.86µs ± 0%  -14.02%  (p=0.000 n=9+9)
DecodeCOSE/256-Bit_Symmetric_Key-4     1.02µs ± 0%    0.88µs ± 0%  -13.60%  (p=0.000 n=9+10)
DecodeCOSE/ECDSA_P256_256-Bit_Key-4    1.69µs ± 0%    1.45µs ± 0%  -14.14%  (p=0.000 n=10+10)
DecodeWebAuthn-4                       1.46µs ± 0%    1.32µs ± 0%   -9.65%  (p=0.000 n=10+10)
EncodeCWTClaims-4                       766ns ± 0%     780ns ± 0%   +1.87%  (p=0.000 n=10+10)
EncodeCOSE/128-Bit_Symmetric_Key-4      910ns ± 0%     908ns ± 0%     ~     (p=0.059 n=9+10)
EncodeCOSE/256-Bit_Symmetric_Key-4      912ns ± 0%     912ns ± 0%     ~     (p=0.909 n=10+10)
EncodeCOSE/ECDSA_P256_256-Bit_Key-4    1.13µs ± 1%    1.14µs ± 0%   +0.61%  (p=0.001 n=9+10)
EncodeWebAuthn-4                        794ns ± 2%     823ns ± 1%   +3.69%  (p=0.000 n=9+10)

fxamacker/cbor 2.3.0 vs ugorji/go 1.2.6

fxamacker/cbor 2.3.0 (not using unsafe) is faster than ugorji/go 1.2.6 (using unsafe).

name                                 old time/op    new time/op    delta
DecodeCWTClaims-4                      2.06µs ± 1%    1.25µs ± 0%  -39.57%  (p=0.000 n=10+9)
DecodeCOSE/128-Bit_Symmetric_Key-4     1.47µs ± 1%    0.86µs ± 0%  -41.25%  (p=0.000 n=9+9)
DecodeCOSE/256-Bit_Symmetric_Key-4     1.50µs ± 2%    0.88µs ± 0%  -41.63%  (p=0.000 n=10+10)
DecodeCOSE/ECDSA_P256_256-Bit_Key-4    2.22µs ± 2%    1.45µs ± 0%  -34.65%  (p=0.000 n=10+10)
DecodeWebAuthn-4                       1.55µs ± 0%    1.32µs ± 0%  -14.97%  (p=0.000 n=9+10)
EncodeCWTClaims-4                      1.46µs ± 0%    0.78µs ± 0%  -46.52%  (p=0.000 n=10+10)
EncodeCOSE/128-Bit_Symmetric_Key-4     1.79µs ± 1%    0.91µs ± 0%  -49.38%  (p=0.000 n=9+10)
EncodeCOSE/256-Bit_Symmetric_Key-4     1.79µs ± 1%    0.91µs ± 0%  -49.15%  (p=0.000 n=10+10)
EncodeCOSE/ECDSA_P256_256-Bit_Key-4    2.09µs ± 1%    1.14µs ± 0%  -45.41%  (p=0.000 n=10+10)
EncodeWebAuthn-4                        981ns ± 0%     823ns ± 1%  -16.05%  (p=0.000 n=10+10)

name                                 old alloc/op   new alloc/op   delta
DecodeCWTClaims-4                        760B ± 0%      176B ± 0%  -76.84%  (p=0.000 n=10+10)
DecodeCOSE/128-Bit_Symmetric_Key-4       800B ± 0%      240B ± 0%  -70.00%  (p=0.000 n=10+10)
DecodeCOSE/256-Bit_Symmetric_Key-4       816B ± 0%      256B ± 0%  -68.63%  (p=0.000 n=10+10)
DecodeCOSE/ECDSA_P256_256-Bit_Key-4      913B ± 0%      352B ± 0%  -61.45%  (p=0.000 n=10+10)
DecodeWebAuthn-4                       1.56kB ± 0%    0.99kB ± 0%  -36.41%  (p=0.000 n=10+10)
EncodeCWTClaims-4                      1.36kB ± 0%    0.18kB ± 0%  -87.06%  (p=0.000 n=10+10)
EncodeCOSE/128-Bit_Symmetric_Key-4     1.97kB ± 0%    0.22kB ± 0%  -88.62%  (p=0.000 n=10+10)
EncodeCOSE/256-Bit_Symmetric_Key-4     1.97kB ± 0%    0.24kB ± 0%  -87.80%  (p=0.000 n=10+10)
EncodeCOSE/ECDSA_P256_256-Bit_Key-4    1.97kB ± 0%    0.32kB ± 0%  -83.74%  (p=0.000 n=10+10)
EncodeWebAuthn-4                       1.31kB ± 0%    1.09kB ± 0%  -17.07%  (p=0.000 n=10+10)

name                                 old allocs/op  new allocs/op  delta
DecodeCWTClaims-4                        6.00 ± 0%      6.00 ± 0%     ~     (all equal)
DecodeCOSE/128-Bit_Symmetric_Key-4       4.00 ± 0%      4.00 ± 0%     ~     (all equal)
DecodeCOSE/256-Bit_Symmetric_Key-4       4.00 ± 0%      4.00 ± 0%     ~     (all equal)
DecodeCOSE/ECDSA_P256_256-Bit_Key-4      7.00 ± 0%      7.00 ± 0%     ~     (all equal)
DecodeWebAuthn-4                         5.00 ± 0%      5.00 ± 0%     ~     (all equal)
EncodeCWTClaims-4                        4.00 ± 0%      2.00 ± 0%  -50.00%  (p=0.000 n=10+10)
EncodeCOSE/128-Bit_Symmetric_Key-4       6.00 ± 0%      2.00 ± 0%  -66.67%  (p=0.000 n=10+10)
EncodeCOSE/256-Bit_Symmetric_Key-4       6.00 ± 0%      2.00 ± 0%  -66.67%  (p=0.000 n=10+10)
EncodeCOSE/ECDSA_P256_256-Bit_Key-4      6.00 ± 0%      2.00 ± 0%  -66.67%  (p=0.000 n=10+10)
EncodeWebAuthn-4                         4.00 ± 0%      2.00 ± 0%  -50.00%  (p=0.000 n=10+10)

Benchmarks used Go 1.15.12 on linux_amd64. Benchmark results are data dependent so run them using your own data.

Bug Fixes

• Allow decoding to struct field of interface type (#​260, #​275)
• Decoding registered tag to empty interface should return object of registered type (#​223)
• Fix: encoding cbor.RawTag with empty content returns malformed CBOR data (#​258)
• Fix: encoding uninitialized cbor.(Raw)Tag returns malformed CBOR data (#​256)
• Decoding CBOR null to time.Time should have no effect (#​254)
• Fix: decoding CBOR null to cbor.Tag shouldn't return any error (#​252)
• Properly handle empty values for custom types (#​232)
• Decoding should ignore CBOR tag number 55799 when it is a prefix (#​228)
• Validate CBOR tag content type if tag number is 0 or 1, even when TimeTag = DecTagIgnored (#​221)
• Registering tag (TagSet.Add) with already registered tag number should be rejected (#​218)
• DecOptions.ExtraReturnErrors field should be typed #​240

Docs

• Make README more friendly to dark themes (#​269)
• Private member struct tag (json:"-" and cbor:"-") are supported but not documented (#​201)
• TagOptions struct is missing from README.md (#​199)
• Fix go.dev and README compatibility (#​173)
• Replace CBOR "draft RFC" with CBOR "RFC 8949" because it was approved by IETF (#​265)

️ Chores

• Audit library for any missing attribution for code snippets from sources other than Go's stdlib (#​237)
• Audit library for any missing attribution for code snippets from Go's stdlib (encoding/json) (#​233)
• Create pull request template for code contributions (#​197)
• CI: Use safer-golangci-lint.yml GitHub Action Workflow contributed by @​x448
• CI: Bump golangci-lint to 1.40.1
• CI: Use CodeQL analysis

🧪 Tests and Fuzzing

• Code coverage remains above 98%.
• Coverage-guided fuzzing reached 1+ billion execs ~2 days after v2.3.0 release.

Special Thanks

• Special thanks to @​kostko, @​turbolent, @​x448, @​yawning and others for reporting bugs, providing feedback, and more.

️ Winter Storm Uri Displaced Me (still at a hotel 3+ months later)

• As of May 30, I'm still displaced due to Winter Storm Uri started causing damage on February 16. Fire sprinklers started leaking, pipes shattered in the ceilings, and water outage lasted 2+ weeks.

---

Configuration

Schedule: At any time (no schedule defined).

Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

Ignore: Close this MR and you won't be reminded about this update again.

---

• If you want to rebase/retry this MR, check this box.

---

This MR has been generated by Renovate Bot.