Bump github.com/fxamacker/cbor/v2 from 2.9.2-0.20260331174317-a78e92ec038e to 2.9.2

[dependabot]

Bumps github.com/fxamacker/cbor/v2 from 2.9.2-0.20260331174317-a78e92ec038e to 2.9.2.

Release notes

Sourced from github.com/fxamacker/cbor/v2's releases.

v2.9.2

This release refactors and hardens the streaming encoder by adding stricter checks for encoding CBOR indefinite-length data. Other changes include minor bugfixes, defensive checks, and more tests.

Projects that don't use CBOR indefinite-length data may also want to upgrade (summary of prior releases).

The stricter checks in the encoder prevent improper use of the library and bad inputs from producing malformed CBOR indefinite-length data that would be rejected by the decoder.

This release passed fuzz tests (billions of execs) and it is production quality.

What's Changed

• Reject encoding indefinite-length map with odd item count by @​fxamacker in fxamacker/cbor#764
• Reject encoding indefinite-length data item as a chunk inside indefinite-length byte string or text string by @​fxamacker in fxamacker/cbor#765
• Make TagSet.Remove a no-op when contentType is nil by @​fxamacker in fxamacker/cbor#766
• Refactor indefinite-length encoding and improve chunk validation during encoding by @​fxamacker in fxamacker/cbor#767
• Add more tests, fix a nit in unreachable panic message, update docs & ci by @​fxamacker in fxamacker/cbor#768

CI / GitHub Actions and Docs

• Bump actions/setup-go from 6.3.0 to 6.4.0 by @​dependabot[bot] in fxamacker/cbor#760
• Bump github/codeql-action from 4.34.1 to 4.35.1 by @​dependabot[bot] in fxamacker/cbor#761
• Bump github/codeql-action from 4.35.1 to 4.35.2 by @​dependabot[bot] in fxamacker/cbor#763
• Update README for v2.9.2 release by @​fxamacker in fxamacker/cbor#769

Full Changelog: fxamacker/cbor@v2.9.1...v2.9.2

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 1 package(s) with unknown licenses.

See the Details below.

License Issues

go.mod

Package	Version	License	Issue Type
github.com/fxamacker/cbor/v2	2.9.2	Null	Unknown License

OpenSSF Scorecard

Package	Version	Score	Details
gomod/github.com/fxamacker/cbor/v2	2.9.2	Unknown	Unknown

Scanned Files

• go.mod