build(deps): Bump github.com/veraison/go-cose from 1.2.1 to 1.3.0

[dependabot[bot]]

Bumps github.com/veraison/go-cose from 1.2.1 to 1.3.0.

Release notes

Sourced from github.com/veraison/go-cose's releases.

v1.3.0

What's Changed

• Add COSE_Key support by @​setrofim in veraison/go-cose#146
• Retract v1.2.0 release by @​setrofim in veraison/go-cose#153
• fix: typo UnataggedSign1Message -> UntaggedSign1Message by @​spennymac in veraison/go-cose#148
• Key fixes by @​setrofim in veraison/go-cose#154
• Remove unnecessary cbor marshal methods by @​qmuntal in veraison/go-cose#155
• Centralize key validations and check more invalid cases by @​qmuntal in veraison/go-cose#156
• Convert key tests to tabular tests by @​qmuntal in veraison/go-cose#157
• Refactor Key to support custom parameters by @​qmuntal in veraison/go-cose#158
• Validate key sizes and allow signing with empty public keys by @​qmuntal in veraison/go-cose#159
• Deprecate AlgorithmEd25519 and provide AlgorithmEdDSA instead by @​qmuntal in veraison/go-cose#160
• Make built-in types implement the new DigestSigner and DigestVerify interface by @​qmuntal in veraison/go-cose#144
• Consolidate API names related to Key by @​qmuntal in veraison/go-cose#161
• Rewrite interface{} to any by @​qmuntal in veraison/go-cose#162
• Add support for RS256, RS384, RS512 constants by @​hslatman in veraison/go-cose#163
• Improve Algorithm.String() message for unknown values by @​qmuntal in veraison/go-cose#167
• Upgrade fxamacker/cbor to v2.5.0 by @​qmuntal in veraison/go-cose#166
• Add support to COSE_Countersignature (RFC 9338) by @​balena in veraison/go-cose#172
• Validate content type header parameter by @​qmuntal in veraison/go-cose#176
• chore: fix duplicated import in the example by @​shizhMSFT in veraison/go-cose#179
• docs: fix the syntax of CODEOWNERS by @​shizhMSFT in veraison/go-cose#180
• Update Readme for the latest release by @​SteveLasker in veraison/go-cose#182
• refactor!: deprecate crypto elliptic by @​shizhMSFT in veraison/go-cose#187
• Document the Release Process by @​SteveLasker in veraison/go-cose#188
• Add support for CWT Claims & Type in Protected Headers by @​SteveLasker in veraison/go-cose#189
• docs: update docs for release process by @​shizhMSFT in veraison/go-cose#193

New Contributors

• @​spennymac made their first contribution in veraison/go-cose#148
• @​hslatman made their first contribution in veraison/go-cose#163
• @​balena made their first contribution in veraison/go-cose#172

Full Changelog: https://github.com/veraison/go-cose/compare/v1.1.0...v1.3.0

v1.3.0-rc.1

Cutting rc.1 based on no changes to alpha.1 https://github.com/veraison/go-cose/blob/main/release-management.md#pre-release

Full Changelog: https://github.com/veraison/go-cose/compare/v1.3.0-alpha.1...v1.3.0-rc.1

v1.3.0-alpha.1

What's Changed

• Add COSE_Key support by @​setrofim in veraison/go-cose#146
• Retract v1.2.0 release by @​setrofim in veraison/go-cose#153
• fix: typo UnataggedSign1Message -> UntaggedSign1Message by @​spennymac in veraison/go-cose#148
• Key fixes by @​setrofim in veraison/go-cose#154
• Remove unnecessary cbor marshal methods by @​qmuntal in veraison/go-cose#155
• Centralize key validations and check more invalid cases by @​qmuntal in veraison/go-cose#156
• Convert key tests to tabular tests by @​qmuntal in veraison/go-cose#157

... (truncated)

Changelog

Sourced from github.com/veraison/go-cose's changelog.

go-cose Release Management

Overview

This document describes [go-cose][go-cose] project release management, which includes release criteria, versioning, supported releases, and supported upgrades.

The go-cose project maintainers strive to provide a stable go-lang implementation for interacting with [COSE][ietf-cose] constructs. Stable implies appropriate and measured changes to the library assuring consumers have the necessary functionality to interact with COSE objects. If you or your project require added functionality, or bug fixes, please open an issue or create a pull request. The project welcomes all contributions from adding functionality, implementing testing, security reviews to the release management.

To cut a release, see Release Checklist.

[!NOTE] The maintainers may periodically update this policy based on feedback.

Release Versioning

Consumers of the go-cose module may reference main directly, or reference released tags.

All go-cose [releases][releases] follow a go-lang flavored derivation (v*) of the [semver][sem-ver] format, with optional pre-release labels.

Logical Progression of a release: v1.0.0-alpha.1 --> v1.0.0-alpha.2 --> v1.0.0-rc.1 --> v1.0.0

A new major or minor release will not have an automated release posted until the branch reaches alpha quality.

• All versions use a preface of v
• Given a version vX.Y.Z,
  • X is the Major version
  • Y is the Minor version
  • Z is the Patch version
• Optional -alpha.n | -rc.n pre-release version
  • Each incremental alpha or rc build will bump the suffix (n) number.
  • It's not expected to have more than 9 alphas or rcs. The suffix will be a single digit.
  • If > 9 builds do occur, the format will simply use two digit indicators (v1.0.0-alpha.10)

Branch Management

To meet the projects stability goals, go-cose does not typically operate with multiple feature branches. All active development happens in main, with releases made on a specific commit.

Major Releases

As a best practice, consumers should opt-into new capabilities through major releases. The go-cose project will not add new functionality to patches or minor releases as this could create a new surface area that may be exploited. Consumers should make explicit opt-in decisions to upgrade, or possibly downgrade if necessary due to unexpected breaking changes.

The go-cose project will issue major releases when:

... (truncated)

Commits

• e5c68f9 docs: update docs for release process (#193)
• 8c458e2 Add support for CWT Claims & Type in Protected Headers (#189)
• 96ea810 Document the Release Process (#188)
• 09d6cfa refactor!: deprecate crypto elliptic (#187)
• 2300d5c Update Readme for latest release (#182)
• 2b6f94f docs: fix the syntax of CODEOWNERS (#180)
• 6d7578a chore: fix duplicated import in the example (#179)
• 2c01a2e Validate content type header parameter (#176)
• e7ac36d Add support to COSE_Countersignature (RFC 9338) (#172)
• 6e436d2 Upgrade fxamacker/cbor to v2.5.0 (#166)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)