chore(deps): update go dependencies

[red-hat-konflux]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change
cel.dev/expr	indirect	patch	v0.25.1 → v0.25.2
cloud.google.com/go/auth	indirect	minor	v0.19.0 → v0.20.0
cloud.google.com/go/iam	require	minor	v1.6.0 → v1.11.0
cloud.google.com/go/kms	indirect	minor	v1.26.0 → v1.31.0
cloud.google.com/go/longrunning	indirect	major	v0.8.0 → v1.0.0
cloud.google.com/go/monitoring	indirect	minor	v1.24.3 → v1.29.0
cloud.google.com/go/profiler	require	minor	v0.4.3 → v0.6.0
cloud.google.com/go/pubsub	require	major	v1.50.1 → v2.6.0
cloud.google.com/go/pubsub/v2	require	minor	v2.3.0 → v2.6.0
cloud.google.com/go/storage	indirect	minor	v1.57.2 → v1.62.1
github.com/Azure/azure-sdk-for-go/sdk/azcore	indirect	patch	v1.21.0 → v1.21.1
github.com/Azure/azure-sdk-for-go/sdk/internal	indirect	minor	v1.11.2 → v1.12.0
github.com/AzureAD/microsoft-authentication-library-for-go	indirect	patch	v1.7.0 → v1.7.2
github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp	indirect	minor	v1.30.0 → v1.32.0
github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric	indirect	minor	v0.55.0 → v0.56.0
github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping	indirect	minor	v0.55.0 → v0.56.0
github.com/aws/aws-sdk-go-v2	indirect	patch	v1.41.5 → v1.41.7
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream	indirect	patch	v1.7.8 → v1.7.10
github.com/aws/aws-sdk-go-v2/config	indirect	patch	v1.32.13 → v1.32.17
github.com/aws/aws-sdk-go-v2/credentials	indirect	patch	v1.19.13 → v1.19.16
github.com/aws/aws-sdk-go-v2/feature/ec2/imds	indirect	patch	v1.18.21 → v1.18.23
github.com/aws/aws-sdk-go-v2/feature/s3/manager	indirect	patch	v1.22.10 → v1.22.18
github.com/aws/aws-sdk-go-v2/internal/configsources	indirect	patch	v1.4.21 → v1.4.23
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2	indirect	patch	v2.7.21 → v2.7.23
github.com/aws/aws-sdk-go-v2/internal/v4a	indirect	patch	v1.4.22 → v1.4.24
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding	indirect	patch	v1.13.7 → v1.13.9
github.com/aws/aws-sdk-go-v2/service/internal/checksum	indirect	patch	v1.9.13 → v1.9.15
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url	indirect	patch	v1.13.21 → v1.13.23
github.com/aws/aws-sdk-go-v2/service/internal/s3shared	indirect	patch	v1.19.21 → v1.19.23
github.com/aws/aws-sdk-go-v2/service/kms	indirect	minor	v1.50.3 → v1.51.1
github.com/aws/aws-sdk-go-v2/service/s3	indirect	minor	v1.97.3 → v1.101.0
github.com/aws/aws-sdk-go-v2/service/signin	indirect	patch	v1.0.9 → v1.0.11
github.com/aws/aws-sdk-go-v2/service/sso	indirect	patch	v1.30.14 → v1.30.17
github.com/aws/aws-sdk-go-v2/service/ssooidc	indirect	patch	v1.35.18 → v1.35.21
github.com/aws/aws-sdk-go-v2/service/sts	indirect	minor	v1.41.10 → v1.42.1
github.com/aws/smithy-go	indirect	minor	v1.24.2 → v1.25.1
github.com/cavaliercoder/go-rpm	require	major	v0.0.0-20200122174316-8cb9fd9c31a8 → v1.3.0
github.com/cenkalti/backoff/v4	indirect	major	v4.3.0 → v5.0.3
github.com/envoyproxy/go-control-plane/envoy	indirect	minor	v1.36.0 → v1.37.0
github.com/fsnotify/fsnotify	indirect	minor	v1.9.0 → v1.10.1
github.com/fxamacker/cbor/v2	indirect	minor	v2.7.0 → v2.9.2
github.com/go-chi/chi/v5	require	patch	v5.2.3 → v5.2.5
github.com/go-jose/go-jose/v4	indirect	patch	v4.1.3 → v4.1.4
github.com/go-openapi/jsonpointer	indirect	minor	v0.22.5 → v0.23.1
github.com/go-openapi/runtime	indirect	patch	v0.29.3 → v0.29.5
github.com/go-openapi/runtime	require	patch	v0.29.3 → v0.29.5
github.com/go-openapi/strfmt	indirect	patch	v0.26.1 → v0.26.2
github.com/go-openapi/strfmt	require	patch	v0.26.1 → v0.26.2
github.com/go-openapi/swag	indirect	minor	v0.25.5 → v0.26.0
github.com/go-openapi/swag	require	minor	v0.25.5 → v0.26.0
github.com/go-openapi/swag/cmdutils	indirect	minor	v0.25.5 → v0.26.0
github.com/go-openapi/swag/conv	indirect	minor	v0.25.5 → v0.26.0
github.com/go-openapi/swag/conv	require	minor	v0.25.5 → v0.26.0
github.com/go-openapi/swag/fileutils	indirect	minor	v0.25.5 → v0.26.0
github.com/go-openapi/swag/jsonname	indirect	minor	v0.25.5 → v0.26.0
github.com/go-openapi/swag/jsonutils	indirect	minor	v0.25.5 → v0.26.0
github.com/go-openapi/swag/loading	indirect	minor	v0.25.5 → v0.26.0
github.com/go-openapi/swag/mangling	indirect	minor	v0.25.5 → v0.26.0
github.com/go-openapi/swag/netutils	indirect	minor	v0.25.5 → v0.26.0
github.com/go-openapi/swag/stringutils	indirect	minor	v0.25.5 → v0.26.0
github.com/go-openapi/swag/typeutils	indirect	minor	v0.25.5 → v0.26.0
github.com/go-openapi/swag/yamlutils	indirect	minor	v0.25.5 → v0.26.0
github.com/golang-jwt/jwt/v5	indirect	patch	v5.3.0 → v5.3.1
github.com/google/go-containerregistry	indirect	patch	v0.21.3 → v0.21.5
github.com/google/pprof	indirect	digest	a15ffb7 → 92041b7
github.com/google/trillian	require	patch	v1.7.2 → v1.7.3
github.com/googleapis/enterprise-certificate-proxy	indirect	patch	v0.3.14 → v0.3.15
github.com/googleapis/gax-go/v2	indirect	minor	v2.19.0 → v2.22.0
github.com/grpc-ecosystem/go-grpc-middleware	require	major	v1.4.0 → v2.3.3
github.com/hashicorp/hcl	indirect	major	v1.0.1-vault-7 → v2.24.0
github.com/in-toto/in-toto-golang	require	minor	v0.9.0 → v0.11.0
github.com/klauspost/compress	indirect	patch	v1.18.5 → v1.18.6
github.com/mattn/go-sqlite3	indirect	patch	v1.14.38 → v1.14.44
github.com/pelletier/go-toml/v2	indirect	minor	v2.2.4 → v2.3.1
github.com/redis/go-redis/v9	require	minor	v9.14.1 → v9.19.0
github.com/sassoftware/relic/v7	require	major	v7.6.2 → v8.2.0
github.com/secure-systems-lab/go-securesystemslib	require	minor	v0.10.0 → v0.11.0
github.com/sigstore/protobuf-specs	require	patch	v0.5.0 → v0.5.1
github.com/theupdateframework/go-tuf	require	major	v0.7.0 → v2.4.1
github.com/tink-crypto/tink-go-awskms/v2	require	major	v2.1.0 → v3.0.0
go.opentelemetry.io/contrib/detectors/gcp	indirect	minor	v1.39.0 → v1.43.0
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc	indirect	minor	v0.67.0 → v0.68.0
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp	indirect	minor	v0.67.0 → v0.68.0
go.opentelemetry.io/otel	indirect	minor	v1.42.0 → v1.43.0
go.opentelemetry.io/otel/metric	indirect	minor	v1.42.0 → v1.43.0
go.opentelemetry.io/otel/sdk	indirect	minor	v1.42.0 → v1.43.0
go.opentelemetry.io/otel/sdk/metric	indirect	minor	v1.42.0 → v1.43.0
go.opentelemetry.io/otel/trace	indirect	minor	v1.42.0 → v1.43.0
go.step.sm/crypto	require	minor	v0.77.1 → v0.79.0
go.uber.org/zap	require	minor	v1.27.1 → v1.28.0
go.yaml.in/yaml/v2	indirect	major	v2.4.3 → v3.0.4
golang.org/x/crypto	indirect	minor	v0.49.0 → v0.51.0
golang.org/x/crypto	require	minor	v0.49.0 → v0.51.0
golang.org/x/mod	indirect	minor	v0.34.0 → v0.36.0
golang.org/x/mod	require	minor	v0.34.0 → v0.36.0
golang.org/x/net	indirect	minor	v0.52.0 → v0.54.0
golang.org/x/net	require	minor	v0.52.0 → v0.54.0
golang.org/x/sys	indirect	minor	v0.42.0 → v0.44.0
golang.org/x/term	indirect	minor	v0.41.0 → v0.43.0
golang.org/x/text	indirect	minor	v0.35.0 → v0.37.0
golang.org/x/tools	indirect	minor	v0.43.0 → v0.45.0
google.golang.org/api	require	minor	v0.273.0 → v0.279.0
google.golang.org/genproto	indirect	digest	d00831a → 3700d41
google.golang.org/genproto/googleapis/api	indirect	digest	d00831a → 3700d41
google.golang.org/genproto/googleapis/rpc	require	digest	d00831a → 3700d41
google.golang.org/grpc	require	minor	v1.79.3 → v1.81.0
gopkg.in/ini.v1	require	patch	v1.67.0 → v1.67.2
gopkg.in/yaml.v2	indirect	major	v2.4.0 → v3.0.1
gopkg.in/yaml.v2	require	major	v2.4.0 → v3.0.1
k8s.io/klog/v2	indirect	minor	v2.130.1 → v2.140.0
sigs.k8s.io/release-utils	require	patch	v0.12.3 → v0.12.4
software.sslmate.com/src/go-pkcs12	indirect	patch	v0.7.0 → v0.7.1

---

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

---

Release Notes

google/cel-spec (cel.dev/expr)

v0.25.2

Compare Source

What's Changed

• Add conformance tests for (string).reverse() by @​jnthntatum in #​491
• Updates to the conformance tests for integer values in %e and %f format directives by @​TristonianJones in #​495
• Add automated BCR publishing on release tags by @​mmorel-35 in #​498
• Add clarification on scoping rules. by @​jnthntatum in #​506
• Networking extension conformance tests by @​TristonianJones in #​507
• Add conformance test cases for null assignability around repeated fields and maps by @​l46kok in #​510

New Contributors

• @​mmorel-35 made their first contribution in #​498

Full Changelog: google/cel-spec@v0.25.1...v0.25.2

googleapis/google-cloud-go (cloud.google.com/go/auth)

v0.20.0

Compare Source

• bigquery: Support SchemaUpdateOptions for load jobs.

• bigtable:

  • Add SampleRowKeys.
  • cbt: Support union, intersection GCPolicy.
  • Retry admin RPCS.
  • Add trace spans to retries.

• datastore: Add OpenCensus tracing.

• firestore:

  • Fix queries involving Null and NaN.
  • Allow Timestamp protobuffers for time values.

• logging: Add a WriteTimeout option.

• spanner: Support Batch API.

• storage: Add OpenCensus tracing.

AzureAD/microsoft-authentication-library-for-go (github.com/AzureAD/microsoft-authentication-library-for-go)

v1.7.2

Compare Source

What's Changed

• Adjust constants used in FMI tests by @​Avery-Dunn in #​608
• Update version to 1.7.1 by @​Avery-Dunn in #​607
• Add MSAL client metadata headers to IMDS managed identity requests by @​Copilot in #​611
• Disable gzip compression #​613 by @​4gust in #​616
• Update version.go by @​4gust in #​617

New Contributors

• @​Copilot made their first contribution in #​611

Full Changelog: AzureAD/microsoft-authentication-library-for-go@v1.7.1...v1.7.2

v1.7.1: 1.7.1

Compare Source

What's Changed

• Add FMI (Federated Managed Identity) Design Specification for MSAL Go by @​4gust in #​583
• Fix bug in refresh token partition check by @​Avery-Dunn in #​606
• Improve instance discovery resiliency and sovereign cloud support by @​Avery-Dunn in #​604

Full Changelog: AzureAD/microsoft-authentication-library-for-go@v1.7.0...v1.7.1

GoogleCloudPlatform/opentelemetry-operations-go (github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric)

v0.56.0: v1.32.0/v0.56.0

What's Changed

• Support universe domains in collector exporter client configuration by @​dashpole in #​1097
• Don't pass credentials fetched using FindDefaultCredentials by @​dashpole in #​1098
• googleclientauthextension: support Proxy-Authorization header by @​lindeskar in #​1105
• Improve unit tests for gcp auth extension by @​dashpole in #​1103
• Allow providing a context to create the monitoring client by @​dashpole in #​1096
• Add support for go 1.26 by @​dashpole in #​1107
• chore(deps): update module golang.org/x/crypto to v0.45.0 [security] by @​renovate-bot in #​1102
• Don't allow modifying the default scopes by @​dashpole in #​1109
• Ignore versions in the user agent header when comparing fixtures by @​dashpole in #​1115
• Bump go version to resolve govulncheck failures by @​dashpole in #​1114
• Separate out govulncheck into its own CI job by @​dashpole in #​1113
• Normalize user agents in span attributes as well by @​dashpole in #​1117
• fix(deps): update module google.golang.org/grpc to v1.79.3 [security] by @​jefferbrecht in #​1131
• Prepare for v1.32.0/v0.56.0 by @​dashpole in #​1132

New Contributors

• @​lindeskar made their first contribution in #​1105
• @​jefferbrecht made their first contribution in #​1131

Full Changelog: GoogleCloudPlatform/opentelemetry-operations-go@v0.55.0...v0.56.0

aws/aws-sdk-go-v2 (github.com/aws/aws-sdk-go-v2)

v1.41.7

Compare Source

Module Highlights

• github.com/aws/aws-sdk-go-v2/service/ecs: v1.41.7
  • Documentation: Documentation only update for Amazon ECS.
• github.com/aws/aws-sdk-go-v2/service/glue: v1.78.0
  • Feature: Adding View related fields to responses of read-only Table APIs.
• github.com/aws/aws-sdk-go-v2/service/ivschat: v1.12.5
  • Documentation: Doc-only update. Changed "Resources" to "Key Concepts" in docs and updated text.
• github.com/aws/aws-sdk-go-v2/service/rolesanywhere: v1.10.0
  • Feature: This release increases the limit on the roleArns request parameter for the *Profile APIs that support it. This parameter can now take up to 250 role ARNs.
• github.com/aws/aws-sdk-go-v2/service/securityhub: v1.47.2
  • Documentation: Documentation updates for AWS Security Hub

v1.41.6

Compare Source

aws/smithy-go (github.com/aws/smithy-go)

v1.25.1

Compare Source

General Highlights

• Dependency Update: Updated to the latest SDK module versions

Module Highlights

• github.com/aws/smithy-go: v1.25.1
  • Bug Fix: Fixed a memory leak in the LRU cache implementation used by some AWS services.

v1.25.0

Compare Source

General Highlights

• Dependency Update: Updated to the latest SDK module versions

Module Highlights

• github.com/aws/smithy-go: v1.25.0
  • Feature: Add support for endpointBdd trait

v1.24.3

Compare Source

General Highlights

• Dependency Update: Updated to the latest SDK module versions

Module Highlights

• github.com/aws/smithy-go: v1.24.3
  • Bug Fix: Add additional sigv4 configuration.
• github.com/aws/smithy-go/aws-http-auth: v1.1.3
  • Bug Fix: Add additional sigv4 configuration.

cavaliercoder/go-rpm (github.com/cavaliercoder/go-rpm)

v1.3.0

Compare Source

What's Changed

• feat: header range by @​abemedia in cavaliergopher/rpm#31
• fix: support sizes > 4GB by @​abemedia in cavaliergopher/rpm#29
• feat: parse dependency versions by @​abemedia in cavaliergopher/rpm#30
• bump golang.org/x/crypto dependency by @​Shubachi in cavaliergopher/rpm#27
• Fix md5 checksum for big RPMs by @​cclerget in cavaliergopher/rpm#34

New Contributors

• @​abemedia made their first contribution in cavaliergopher/rpm#31
• @​Shubachi made their first contribution in cavaliergopher/rpm#27
• @​cclerget made their first contribution in cavaliergopher/rpm#34

Full Changelog: cavaliergopher/rpm@v1.2.0...v1.3.0

v1.2.0

Compare Source

v1.1.1

Compare Source

v1.1.0

Compare Source

v1.0.1

Compare Source

cenkalti/backoff (github.com/cenkalti/backoff/v4)

v5.0.3

Compare Source

v5.0.2

Compare Source

v5.0.1

Compare Source

v5.0.0

Compare Source

fsnotify/fsnotify (github.com/fsnotify/fsnotify)

v1.10.1

Compare Source

Changes and fixes

• inotify: don't remove sibling watches sharing a path prefix (#​754)

• inotify, windows: don't rename sibling watches sharing a path prefix
  (#​755)

v1.10.0

Compare Source

This version of fsnotify needs Go 1.23.

Changes and fixes

• inotify: improve initialization error message (#​731)

• inotify: send Rename event if recursive watch is renamed (#​696)

• inotify: avoid copying event buffers when reading names (#​741)

• kqueue: skip dangling symlinks (ENOENT) in watchDirectoryFiles, so a bad entry no longer aborts Watcher.Add for the whole directory (#​748)

• kqueue: drop watches directly in Close() to fix a file descriptor leak when recycling watchers (#​740)

• windows: fix nil pointer dereference in remWatch (#​736)

• windows: lock watch field updates against concurrent WatchList to fix a race introduced in v1.9.0 (#​709, #​749)

fxamacker/cbor (github.com/fxamacker/cbor/v2)

v2.9.2

Compare Source

This release refactors and hardens the streaming encoder by adding stricter checks for encoding CBOR indefinite-length data. Other changes include minor bugfixes, defensive checks, and more tests.

Projects that don't use CBOR indefinite-length data may also want to upgrade (summary of prior releases).

The stricter checks in the encoder prevent improper use of the library and bad inputs from producing malformed CBOR indefinite-length data that would be rejected by the decoder.

This release passed fuzz tests (billions of execs) and it is production quality.

What's Changed

• Reject encoding indefinite-length map with odd item count by @​fxamacker in #​764
• Reject encoding indefinite-length data item as a chunk inside indefinite-length byte string or text string by @​fxamacker in #​765
• Make TagSet.Remove a no-op when contentType is nil by @​fxamacker in #​766
• Refactor indefinite-length encoding and improve chunk validation during encoding by @​fxamacker in #​767
• Add more tests, fix a nit in unreachable panic message, update docs & ci by @​fxamacker in #​768

CI / GitHub Actions and Docs

🔎 Details...

• Bump actions/setup-go from 6.3.0 to 6.4.0 by @​dependabot[bot] in #​760
• Bump github/codeql-action from 4.34.1 to 4.35.1 by @​dependabot[bot] in #​761
• Bump github/codeql-action from 4.35.1 to 4.35.2 by @​dependabot[bot] in #​763
• Update README for v2.9.2 release by @​fxamacker in #​769

Full Changelog: fxamacker/cbor@v2.9.1...v2.9.2

v2.9.1

Compare Source

This release includes important bugfixes, defensive checks, improved code quality, and more tests. Although not public, the fuzzer was also improved by adding more fuzz tests.

🐞 Bug fixes related to the keyasint feature

These changes only affect Go struct fields tagged with keyasint:

• [Decoding] Reject integer keys that exceed math.MaxInt64 when decoding CBOR map to a struct with keyasint field (PR #​757)
• [Decoding] Prevent string representation of an integer key from matching the struct field tagged by keyasint (PR #​757)
• [Encoding & Decoding] Deduplicate struct fields with the same normalized keyasint tag values (PR #​757)

🐞 Other bug fixes and defensive checks

Some of the bugs fixed are related to decoding extreme values that cannot be encoded with this library. For example, the decoder checks if epoch time encoded as CBOR float value representing hundreds of billions of years overflows int64(seconds).

NOTE: It is generally good practice to avoid using floating point to store epoch time (even when not using CBOR).

• [Decoding] Reject decoding epoch time encoded as floats that overflow int64 (PR #​753)
• [Encoding] Return a cloned slice for an empty RawMessage from RawMessage.MarshalCBOR (PR #​753)
• [Encoding] Reject encoding nil inside indefinite-length strings (PR #​750)
• [Diagnostic] Accept valid U+FFFD replacement character (PR #​753)

What's Changed

• 🆕 Add TimeMode encoding option TimeRFC3339NanoUTC by @​fxamacker in #​688
• Use actual negative zero in tests by @​makew0rld in #​708
• Reject encoding nil inside CBOR indefinite-length string by @​fxamacker in #​750
• Refactor and add tests by @​fxamacker in #​752
• Small bugfixes, defensive checks, and improvements by @​fxamacker in #​753
• Refactor parseMapToStruct(), getDecodingStructType(), getEncodingStructType(), and field struct by @​fxamacker in #​754
• Fix several issues related to keyasint tag option by @​fxamacker in #​757

CI / GitHub Actions and Docs

🔎 Details...

• Bump github/codeql-action from 3.29.2 to 3.29.4 by @​dependabot[bot] in #​690
• Bump github/codeql-action from 3.29.4 to 3.29.5 by @​dependabot[bot] in #​691
• Bump actions/checkout from 4.2.2 to 5.0.0 by @​dependabot[bot] in #​696
• Bump github/codeql-action from 3.29.7 to 3.29.9 by @​dependabot[bot] in #​697
• Bump github/codeql-action from 3.29.9 to 3.29.11 by @​dependabot[bot] in #​700
• Bump github/codeql-action from 3.29.11 to 3.30.0 by @​dependabot[bot] in #​702
• Bump actions/setup-go from 5.5.0 to 6.0.0 by @​dependabot[bot] in #​703
• Bump github/codeql-action from 3.30.0 to 3.30.3 by @​dependabot[bot] in #​706
• Bump github/codeql-action from 3.30.3 to 3.30.4 by @​dependabot[bot] in #​710
• Bump github/codeql-action from 3.30.4 to 3.30.6 by @​dependabot[bot] in #​712
• Bump github/codeql-action from 3.30.6 to 4.30.7 by @​dependabot[bot] in #​713
• Bump github/codeql-action from 4.30.7 to 4.30.8 by @​dependabot[bot] in #​716
• Bump github/codeql-action from 4.30.8 to 4.30.9 by @​dependabot[bot] in #​718
• Bump github/codeql-action from 4.30.9 to 4.31.2 by @​dependabot[bot] in #​720
• Bump github/codeql-action from 4.31.2 to 4.31.3 by @​dependabot[bot] in #​721
• Bump github/codeql-action from 4.31.3 to 4.31.4 by @​dependabot[bot] in #​724
• Bump actions/setup-go from 6.0.0 to 6.1.0 by @​dependabot[bot] in #​725
• Bump actions/checkout from 5.0.0 to 6.0.0 by @​dependabot[bot] in #​726
• Bump github/codeql-action from 4.31.4 to 4.31.5 by @​dependabot[bot] in #​727
• Bump github/codeql-action from 4.31.5 to 4.31.6 by @​dependabot[bot] in #​728
• Bump actions/checkout from 6.0.0 to 6.0.1 by @​dependabot[bot] in #​729
• Bump github/codeql-action from 4.31.6 to 4.31.8 by @​dependabot[bot] in #​732
• Bump github/codeql-action from 4.31.8 to 4.31.9 by @​dependabot[bot] in #​733
• Bump github/codeql-action from 4.31.9 to 4.31.10 by @​dependabot[bot] in #​738
• Bump actions/setup-go from 6.1.0 to 6.2.0 by @​dependabot[bot] in #​739
• Bump actions/checkout from 6.0.1 to 6.0.2 by @​dependabot[bot] in #​740
• Bump github/codeql-action from 4.31.10 to 4.32.0 by @​dependabot[bot] in #​742
• Bump github/codeql-action from 4.32.0 to 4.32.3 by @​dependabot[bot] in #​745
• Bump actions/setup-go from 6.2.0 to 6.3.0 by @​dependabot[bot] in #​746
• Bump github/codeql-action from 4.32.3 to 4.32.4 by @​dependabot[bot] in #​747
• Bump github/codeql-action from 4.32.4 to 4.32.6 by @​dependabot[bot] in #​748
• Bump github/codeql-action from 4.32.6 to 4.34.0 by @​dependabot[bot] in #​749
• Bump github/codeql-action from 4.34.0 to 4.34.1 by @​dependabot[bot] in #​751
• Update README status section by @​fxamacker in #​758

New Contributors

• @​makew0rld made their first contributihttps://github.com/fxamacker/cbor/pull/708ll/708

Full Changelog: fxamacker/cbor@v2.9.0...v2.9.1

v2.9.0

Compare Source

v2.9.0 adds new features, refactors tests, and improves docs. New features improve interoperability/transcoding between CBOR & JSON.

v2.9.0 passed fuzz tests and is production quality. However, the new TextUnmarshaler feature will continue being fuzz tested a bit longer due to recent changes. The recent changes are limited and don't affect other parts of the codec that passed ~2 billion execs fuzzing.

What's Changed

• Refactor to use Go standard library functions by @​fxamacker in #​663
• Improve DupMapKeyError message by @​fxamacker in #​670
• Add options to support TextMarshaler and TextUnmarshaler by @​benluddy in #​672
• Add optional support for json.Marshaler and json.Unmarshaler via transcoding by @​benluddy in #​673
• Refactor tests and update comments by @​fxamacker in #​678
• Use TextUnmarshaler on byte strings with ByteStringToStringAllowed. by @​benluddy in #​682

Docs

• README: Document struct field tag "-" by @​fxamacker in #​653
• Fix IntDecConvertSignedOrBigInt doc comment by @​theory in #​655
• Update docs for TimeMode, Tag, RawTag, and add example for Embedded JSON Tag for CBOR by @​fxamacker in #​659
• Update README for Embedded JSON Tag for CBOR (tag 262) by @​fxamacker in #​662
• Fix typos in some comments by @​adeinega in #​671
• Update README for v2.9.0 and add Red Hat as a user by @​fxamacker in #​684

CI

🔎 Details

• Bump github/codeql-action from 3.28.13 to 3.28.15 by @​dependabot[bot] in #​651
• Bump github/codeql-action from 3.28.15 to 3.28.16 by @​dependabot[bot] in #​658
• Bump github/codeql-action from 3.28.16 to 3.28.17 by @​dependabot[bot] in #​660
• Bump actions/setup-go from 5.4.0 to 5.5.0 by @​dependabot[bot] in #​661
• Bump github/codeql-action from 3.28.17 to 3.28.18 by @​dependabot[bot] in #​664
• Bump github/codeql-action from 3.28.18 to 3.28.19 by @​dependabot[bot] in #​667
• Bump github/codeql-action from 3.28.19 to 3.29.0 by @​dependabot[bot] in #​674
• Bump github/codeql-action from 3.29.0 to 3.29.2 by @​dependabot[bot] in #​680

Special Thanks

Many thanks to @​benluddy for adding these new features! 🎉

• Add opt-in support for encoding.TextMarshaler and encoding.TextUnmarshaler to encode and decode from CBOR text string.
• Add opt-in support for json.Marshaler and json.Unmarshaler via user-provided transcoding function.

New Contributors

• @​theory made their first contribution in #​655
• @​adeinega made their first contribution in #​671

Full Changelog: fxamacker/cbor@v2.8.0...v2.9.0

v2.8.0

Compare Source

v2.8.0 adds omitzero struct tag option, fixes and deprecates 3 functions, and bumps requirements to go 1.20+.

Many thanks to @​liggitt for contributing the omitzero support!

The "omitzero" option omits zero values from encoding, matching stdlib encoding/json behavior.
When specified in the cbor tag, the option is always honored.
When specified in the json tag, the option is honored when building with Go 1.24+.

This release fixes 3 functions (when called directly by user apps) to use same error handling on bad input as cbor.Unmarshal():

• RawTag.UnmarshalCBOR() (thanks @​thomas-fossati for reporting this!)
• ByteString.UnmarshalCBOR()
• SimpleValue.UnmarshalCBOR()

This release also deprecates those 3 functions because they were initially created for internal use. Please use Unmarshal() or UnmarshalFirst() instead.

To preserve backward compatibility, the deprecated functions were added to fuzz tests and will not be removed in v2.x.

What's Changed

• go: update go.mod and ci.yml to require go1.20 or newer (was go1.17) by @​fxamacker in #​626
• Replace interface{} with any by @​fxamacker in #​627
• Replace reflect.Ptr with reflect.Pointer by @​fxamacker in #​628
• Replace reflect.PtrTo with reflect.PointerTo by @​fxamacker in #​629
• Add omitzero support by @​liggitt in #​644
• Update error handling in RawTag.UnmarshalCBOR(), etc. to match cbor.Unmarshal() by @​fxamacker in #​645
• Optimize internal calls to UnmarshalCBOR() for ByteString, RawTag, SimpleValue by @​fxamacker in #​647

Other Changes

🔍 Details

• Bump github/codeql-action from 3.25.10 to 3.25.11 by @​dependabot in #​562
• Bump actions/setup-go from 5.0.1 to 5.0.2 by @​dependabot in #​564
• Bump github/codeql-action from 3.25.11 to 3.25.12 by @​dependabot in #​565
• Bump github/codeql-action from 3.25.12 to 3.25.14 by @​dependabot in #​567
• Bump github/codeql-action from 3.25.14 to 3.25.15 by @​dependabot in #​569
• Bump github/codeql-action from 3.25.15 to 3.26.0 by @​dependabot in #​571
• Bump govulncheck from 1.0.4 to 1.1.3 by @​fxamacker in #​572
• Bump github/codeql-action from 3.26.0 to 3.26.2 by @​dependabot in #​575
• Add go1.23 to ci.yml by @​fxamacker in #​573
• Bump github/codeql-action from 3.26.2 to 3.26.6 by @​dependabot in #​580
• Mention new TinyGo feature branch in README by @​fxamacker in #​582
• Bump github/codeql-action from 3.26.6 to 3.26.8 by @​dependabot in #​585
• Bump github/codeql-action from 3.26.8 to 3.26.9 by @​dependabot in #​586
• Bump actions/checkout from 4.1.7 to 4.2.0 by @​dependabot in #​587
• README: update benchmark comparisons, etc. by @​fxamacker in #​588
• Bump github/codeql-action from 3.26.9 to 3.26.11 by @​dependabot in #​590
• README: update to clarify CBOR benchmark comparison and resolve nits by @​fxamacker in #​591
• README: fix broken link to svg file by @​fxamacker in #​592
• Bump github/codeql-action from 3.26.11 to 3.26.12 by @​dependabot in #​594
• Bump actions/checkout from 4.2.0 to 4.2.1 by @​dependabot in [#​

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

---

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

[red-hat-konflux]

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 7 additional dependencies were updated

Details:

Package	Change
cloud.google.com/go/pubsub	v1.50.1 -> v1.50.2
cloud.google.com/go/pubsub/v2	v2.3.0 -> v2.5.1
github.com/aws/aws-sdk-go-v2/service/s3	v1.97.3 -> v1.98.0
k8s.io/klog/v2	v2.130.1 -> v2.140.0
cloud.google.com/go/storage	v1.57.2 -> v1.61.3
github.com/fxamacker/cbor/v2	v2.7.0 -> v2.9.0
github.com/googleapis/gax-go/v2	v2.19.0 -> v2.20.0

[red-hat-konflux]

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 28 additional dependencies were updated

Details:

Package	Change
google.golang.org/grpc	v1.79.3 -> v1.81.0
cloud.google.com/go/pubsub	v1.50.1 -> v1.50.2
cloud.google.com/go/pubsub/v2	v2.3.0 -> v2.5.1
cloud.google.com/go/monitoring	v1.24.3 -> v1.29.0
github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp	v1.30.0 -> v1.31.0
github.com/aws/aws-sdk-go-v2	v1.41.5 -> v1.41.7
github.com/aws/aws-sdk-go-v2/config	v1.32.13 -> v1.32.17
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2	v2.7.21 -> v2.7.23
github.com/aws/aws-sdk-go-v2/service/internal/s3shared	v1.19.21 -> v1.19.23
github.com/aws/aws-sdk-go-v2/service/kms	v1.50.3 -> v1.51.1
github.com/aws/aws-sdk-go-v2/service/s3	v1.97.3 -> v1.101.0
github.com/aws/aws-sdk-go-v2/service/sso	v1.30.14 -> v1.30.17
github.com/aws/aws-sdk-go-v2/service/ssooidc	v1.35.18 -> v1.35.21
github.com/aws/aws-sdk-go-v2/service/sts	v1.41.10 -> v1.42.1
github.com/aws/smithy-go	v1.24.2 -> v1.25.1
github.com/envoyproxy/go-control-plane/envoy	v1.36.0 -> v1.37.0
github.com/go-jose/go-jose/v4	v4.1.3 -> v4.1.4
go.opentelemetry.io/contrib/detectors/gcp	v1.39.0 -> v1.42.0
go.opentelemetry.io/otel	v1.42.0 -> v1.43.0
go.opentelemetry.io/otel/metric	v1.42.0 -> v1.43.0
go.opentelemetry.io/otel/sdk	v1.42.0 -> v1.43.0
go.opentelemetry.io/otel/sdk/metric	v1.42.0 -> v1.43.0
go.opentelemetry.io/otel/trace	v1.42.0 -> v1.43.0
k8s.io/klog/v2	v2.130.1 -> v2.140.0
cloud.google.com/go/kms	v1.26.0 -> v1.31.0
cloud.google.com/go/storage	v1.57.2 -> v1.62.0
github.com/fxamacker/cbor/v2	v2.7.0 -> v2.9.0
github.com/googleapis/gax-go/v2	v2.19.0 -> v2.22.0

[red-hat-konflux]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: go.sum

Command failed: go get -t ./...
go: github.com/cavaliercoder/go-rpm@v1.3.0: parsing go.mod:
	module declares its path as: github.com/cavaliergopher/rpm
	        but was required as: github.com/cavaliercoder/go-rpm