Bump github.com/fxamacker/cbor/v2 from 2.4.1-0.20230228173756-c0c9f774e40c to 2.7.0

[dependabot[bot]]

Bumps github.com/fxamacker/cbor/v2 from 2.4.1-0.20230228173756-c0c9f774e40c to 2.7.0.

Release notes

Sourced from github.com/fxamacker/cbor/v2's releases.

v2.7.0 (June 23, 2024)

v2.7.0 adds features and improvements that help large projects (e.g. Kubernetes) use CBOR as an alternative to JSON and Protocol Buffers. Other improvements include speedups, improved memory use, bug fixes, decoding/encoding options, etc. Passed 5+ billion execs fuzzing.

Special thanks to @​benluddy for contributing features, optimizations, improvements, bug fixes, and discussions! :+1:

⭐ Features and Optimizations

• Add decoding option TimeTagToAny to produce RFC3339 when decoding time into interface{} by @​ssuriyan7 in fxamacker/cbor#506
• Bypass sorting overhead for single-entry maps. by @​benluddy in fxamacker/cbor#516
• Add decode option to allow rejecting inputs that contain certain simple values. by @​benluddy in fxamacker/cbor#481
• Allow rejection of NaN and Inf float values on encode and decode. by @​benluddy in fxamacker/cbor#513
• Add SortMode to encode struct fields in a less predictable order. by @​benluddy in fxamacker/cbor#515
• Add a decoding option to allow decoding byte string into time.Time. by @​benluddy in fxamacker/cbor#524
• Encode structs directly to output buffer. by @​benluddy in fxamacker/cbor#519
• Support automatic conversion between text and binary string representations by @​benluddy in fxamacker/cbor#476
• Add a method for marshaling directly into a user-provided buffer. by @​benluddy in fxamacker/cbor#521
• Add options to disable BinaryMarshaler/BinaryUnmarshaler support. by @​benluddy in fxamacker/cbor#526
• Add option to reject decoding bignum tags and encoding big.Int. by @​benluddy in fxamacker/cbor#527
• Improve speed & memory use for Diagnose() and DiagnoseFirst() by @​benluddy in fxamacker/cbor#533
• Refactor sorted map encode to use fewer buffers for nested maps. by @​benluddy in fxamacker/cbor#537
• Allow user to specify buffer by adding cbor.MarshalToBuffer(), UserBufferEncMode interface, etc. by @​fxamacker in fxamacker/cbor#553

🛠 Improvements

Most improvements focused on fixing or updating new features. See :lady_beetle: Bug Fixes section for fixes to features already released.

• Refactor to reuse functions and improve code coverage by @​fxamacker in fxamacker/cbor#531
• Fix invalid RFC 3339 in TimeTagToAny (unreleased new feature) by @​benluddy in fxamacker/cbor#540
• Refactor and improve code by @​fxamacker in fxamacker/cbor#542
• Use "cbor:" prefixed error msg when decoding with non-default TimeTagToAnyMode setting by @​fxamacker in fxamacker/cbor#544
• Disable conflicting encode options when marshaling cbor.Tag. by @​benluddy in fxamacker/cbor#546
• Improve byte string format decoding options by @​fxamacker in fxamacker/cbor#550
• Replace *errors.errorString with InadmissibleTagContentTypeError by @​fxamacker in fxamacker/cbor#552
• Rename ByteSliceMode to ByteSliceLaterFormatMode, etc by @​fxamacker in fxamacker/cbor#554
• Fix panic using SortFastShuffle (unreleased new feaure) to encode a struct with no fields. by @​benluddy in fxamacker/cbor#556

🐞 Bug Fixes

• Check well-formedness of data from MarshalCBOR by @​fxamacker in fxamacker/cbor#485
• Treat map keys matching the same struct field as duplicates. by @​benluddy in fxamacker/cbor#492
• Decouple time.Time parsing from empty interface behavior. by @​benluddy in fxamacker/cbor#503

Other changes

• Bump govulncheck from v1.0.1 to v1.0.4 by @​fxamacker in fxamacker/cbor#493
• Remove OpenSSF Scorecard until scorecard bug is fixed by @​x448 in fxamacker/cbor#495
• Bump github/codeql-action from 3.24.0 to 3.24.5 by @​dependabot in fxamacker/cbor#498

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot[bot]]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.