Skip to content

Bump github.com/fxamacker/cbor/v2 from 2.9.1 to 2.9.2#1623

Merged
step-ci merged 1 commit intomasterfrom
dependabot/go_modules/github.com/fxamacker/cbor/v2-2.9.2
May 5, 2026
Merged

Bump github.com/fxamacker/cbor/v2 from 2.9.1 to 2.9.2#1623
step-ci merged 1 commit intomasterfrom
dependabot/go_modules/github.com/fxamacker/cbor/v2-2.9.2

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 4, 2026
edited
Loading

Bumps github.com/fxamacker/cbor/v2 from 2.9.1 to 2.9.2.

Release notes

Sourced from github.com/fxamacker/cbor/v2's releases.

v2.9.2

This release refactors and hardens the streaming encoder by adding stricter checks for encoding CBOR indefinite-length data. Other changes include minor bugfixes, defensive checks, and more tests.

Projects that don't use CBOR indefinite-length data may also want to upgrade (summary of prior releases).

The stricter checks in the encoder prevent improper use of the library and bad inputs from producing malformed CBOR indefinite-length data that would be rejected by the decoder.

This release passed fuzz tests (billions of execs) and it is production quality.

What's Changed

CI / GitHub Actions and Docs

Full Changelog: fxamacker/cbor@v2.9.1...v2.9.2

Commits
  • 45589ab Merge pull request #769 from fxamacker/fxamacker/update-readme-release-status
  • 8e98ea5 Update README for v2.9.2 release
  • e501aca Merge pull request #768 from fxamacker/fxamacker/update-docs
  • e6af0aa Merge pull request #767 from fxamacker/fxamacker/refactor-indefinite-length-e...
  • 57f1601 Merge pull request #766 from fxamacker/fxamacker/no-opt-to-remove-nil-type-in...
  • 0cdb674 Fix indefinite-length string chunk validation
  • c0db60f Improve GitHub Workflow code coverage regex
  • 63937fe Fix panic message to print the unrecognized tag
  • f0352a5 Add more tests
  • 0c20a0f Refactor encoding of indefinite-length data item
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels May 4, 2026
@github-actions github-actions Bot added the needs triage Waiting for discussion / prioritization by team label May 4, 2026
@step-ci step-ci enabled auto-merge May 4, 2026 21:03
@hslatman
Copy link
Copy Markdown
Member

hslatman commented May 5, 2026

@dependabot rebase

@hslatman hslatman added this to the v0.30.3 milestone May 5, 2026
@dependabot
Bump github.com/fxamacker/cbor/v2 from 2.9.1 to 2.9.2
5ac2707 
Bumps [github.com/fxamacker/cbor/v2](https://github.com/fxamacker/cbor) from 2.9.1 to 2.9.2.
- [Release notes](https://github.com/fxamacker/cbor/releases)
- [Commits](fxamacker/cbor@v2.9.1...v2.9.2)

---
updated-dependencies:
- dependency-name: github.com/fxamacker/cbor/v2
  dependency-version: 2.9.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/go_modules/github.com/fxamacker/cbor/v2-2.9.2 branch from b989cc2 to 5ac2707 Compare May 5, 2026 16:14
@step-ci step-ci merged commit eb850e5 into master May 5, 2026
33 of 36 checks passed
@step-ci step-ci deleted the dependabot/go_modules/github.com/fxamacker/cbor/v2-2.9.2 branch May 5, 2026 17:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hslatman hslatman hslatman approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code needs triage Waiting for discussion / prioritization by team

Projects

None yet

Milestone

v0.30.3

Development

Successfully merging this pull request may close these issues.

2 participants

@hslatman @step-ci