Bump github.com/fxamacker/cbor/v2 from 2.9.1-0.20251019205732-39888e6be013 to 2.9.1

[dependabot]

Bumps github.com/fxamacker/cbor/v2 from 2.9.1-0.20251019205732-39888e6be013 to 2.9.1.

Release notes

Sourced from github.com/fxamacker/cbor/v2's releases.

v2.9.1

This release includes important bugfixes, defensive checks, improved code quality, and more tests. Although not public, the fuzzer was also improved by adding more fuzz tests.

🐞 Bug fixes related to the keyasint feature

These changes only affect Go struct fields tagged with keyasint:

• [Decoding] Reject integer keys that exceed math.MaxInt64 when decoding CBOR map to a struct with keyasint field (PR #757)
• [Decoding] Prevent string representation of an integer key from matching the struct field tagged by keyasint (PR #757)
• [Encoding & Decoding] Deduplicate struct fields with the same normalized keyasint tag values (PR #757)

🐞 Other bug fixes and defensive checks

Some of the bugs fixed are related to decoding extreme values that cannot be encoded with this library. For example, the decoder checks if epoch time encoded as CBOR float value representing hundreds of billions of years overflows int64(seconds).

NOTE: It is generally good practice to avoid using floating point to store epoch time (even when not using CBOR).

• [Decoding] Reject decoding epoch time encoded as floats that overflow int64 (PR #753)
• [Encoding] Return a cloned slice for an empty RawMessage from RawMessage.MarshalCBOR (PR #753)
• [Encoding] Reject encoding nil inside indefinite-length strings (PR #750)
• [Diagnostic] Accept valid U+FFFD replacement character (PR #753)

What's Changed

• 🆕 Add TimeMode encoding option TimeRFC3339NanoUTC by @​fxamacker in fxamacker/cbor#688
• Use actual negative zero in tests by @​makew0rld in fxamacker/cbor#708
• Reject encoding nil inside CBOR indefinite-length string by @​fxamacker in fxamacker/cbor#750
• Refactor and add tests by @​fxamacker in fxamacker/cbor#752
• Small bugfixes, defensive checks, and improvements by @​fxamacker in fxamacker/cbor#753
• Refactor parseMapToStruct(), getDecodingStructType(), getEncodingStructType(), and field struct by @​fxamacker in fxamacker/cbor#754
• Fix several issues related to keyasint tag option by @​fxamacker in fxamacker/cbor#757

CI / GitHub Actions and Docs

• Bump github/codeql-action from 3.29.2 to 3.29.4 by @​dependabot[bot] in fxamacker/cbor#690
• Bump github/codeql-action from 3.29.4 to 3.29.5 by @​dependabot[bot] in fxamacker/cbor#691
• Bump actions/checkout from 4.2.2 to 5.0.0 by @​dependabot[bot] in fxamacker/cbor#696
• Bump github/codeql-action from 3.29.7 to 3.29.9 by @​dependabot[bot] in fxamacker/cbor#697
• Bump github/codeql-action from 3.29.9 to 3.29.11 by @​dependabot[bot] in fxamacker/cbor#700
• Bump github/codeql-action from 3.29.11 to 3.30.0 by @​dependabot[bot] in fxamacker/cbor#702
• Bump actions/setup-go from 5.5.0 to 6.0.0 by @​dependabot[bot] in fxamacker/cbor#703
• Bump github/codeql-action from 3.30.0 to 3.30.3 by @​dependabot[bot] in fxamacker/cbor#706
• Bump github/codeql-action from 3.30.3 to 3.30.4 by @​dependabot[bot] in fxamacker/cbor#710
• Bump github/codeql-action from 3.30.4 to 3.30.6 by @​dependabot[bot] in fxamacker/cbor#712
• Bump github/codeql-action from 3.30.6 to 4.30.7 by @​dependabot[bot] in fxamacker/cbor#713
• Bump github/codeql-action from 4.30.7 to 4.30.8 by @​dependabot[bot] in fxamacker/cbor#716
• Bump github/codeql-action from 4.30.8 to 4.30.9 by @​dependabot[bot] in fxamacker/cbor#718
• Bump github/codeql-action from 4.30.9 to 4.31.2 by @​dependabot[bot] in fxamacker/cbor#720

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 1 package(s) with unknown licenses.

See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA eb2de6a.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

go.mod

Package	Version	License	Issue Type
github.com/fxamacker/cbor/v2	2.9.1	Null	Unknown License

OpenSSF Scorecard

Package	Version	Score	Details
gomod/github.com/fxamacker/cbor/v2	2.9.1	Unknown	Unknown

Scanned Files

• go.mod

[dependabot]

Looks like github.com/fxamacker/cbor/v2 is up-to-date now, so this is no longer needed.