Update module github.com/fxamacker/cbor/v2 to v2.9.2 by red-hat-konflux-kflux-prd-rh02[bot] · Pull Request #128 · openshift-hyperfleet/hyperfleet-adapter

red-hat-konflux-kflux-prd-rh02 · 2026-05-13T12:10:10Z

This PR contains the following updates:

Package	Change	Age	Confidence
github.com/fxamacker/cbor/v2	`v2.9.0` → `v2.9.2`

Release Notes

fxamacker/cbor (github.com/fxamacker/cbor/v2)

`v2.9.2`

Compare Source

This release refactors and hardens the streaming encoder by adding stricter checks for encoding CBOR indefinite-length data. Other changes include minor bugfixes, defensive checks, and more tests.

Projects that don't use CBOR indefinite-length data may also want to upgrade (summary of prior releases).

The stricter checks in the encoder prevent improper use of the library and bad inputs from producing malformed CBOR indefinite-length data that would be rejected by the decoder.

This release passed fuzz tests (billions of execs) and it is production quality.

What's Changed

Reject encoding indefinite-length map with odd item count by @fxamacker in #764
Reject encoding indefinite-length data item as a chunk inside indefinite-length byte string or text string by @fxamacker in #765
Make TagSet.Remove a no-op when contentType is nil by @fxamacker in #766
Refactor indefinite-length encoding and improve chunk validation during encoding by @fxamacker in #767
Add more tests, fix a nit in unreachable panic message, update docs & ci by @fxamacker in #768

CI / GitHub Actions and Docs

🔎 Details...

Bump actions/setup-go from 6.3.0 to 6.4.0 by @dependabot[bot] in #760
Bump github/codeql-action from 4.34.1 to 4.35.1 by @dependabot[bot] in #761
Bump github/codeql-action from 4.35.1 to 4.35.2 by @dependabot[bot] in #763
Update README for v2.9.2 release by @fxamacker in #769

Full Changelog: fxamacker/cbor@v2.9.1...v2.9.2

`v2.9.1`

Compare Source

This release includes important bugfixes, defensive checks, improved code quality, and more tests. Although not public, the fuzzer was also improved by adding more fuzz tests.

🐞 Bug fixes related to the `keyasint` feature

These changes only affect Go struct fields tagged with keyasint:

[Decoding] Reject integer keys that exceed math.MaxInt64 when decoding CBOR map to a struct with keyasint field (PR #757)
[Decoding] Prevent string representation of an integer key from matching the struct field tagged by keyasint (PR #757)
[Encoding & Decoding] Deduplicate struct fields with the same normalized keyasint tag values (PR #757)

🐞 Other bug fixes and defensive checks

Some of the bugs fixed are related to decoding extreme values that cannot be encoded with this library. For example, the decoder checks if epoch time encoded as CBOR float value representing hundreds of billions of years overflows int64(seconds).

NOTE: It is generally good practice to avoid using floating point to store epoch time (even when not using CBOR).

[Decoding] Reject decoding epoch time encoded as floats that overflow int64 (PR #753)
[Encoding] Return a cloned slice for an empty RawMessage from RawMessage.MarshalCBOR (PR #753)
[Encoding] Reject encoding nil inside indefinite-length strings (PR #750)
[Diagnostic] Accept valid U+FFFD replacement character (PR #753)

What's Changed

🆕 Add TimeMode encoding option TimeRFC3339NanoUTC by @fxamacker in #688
Use actual negative zero in tests by @makew0rld in #708
Reject encoding nil inside CBOR indefinite-length string by @fxamacker in #750
Refactor and add tests by @fxamacker in #752
Small bugfixes, defensive checks, and improvements by @fxamacker in #753
Refactor parseMapToStruct(), getDecodingStructType(), getEncodingStructType(), and field struct by @fxamacker in #754
Fix several issues related to keyasint tag option by @fxamacker in #757

CI / GitHub Actions and Docs

🔎 Details...

Bump github/codeql-action from 3.29.2 to 3.29.4 by @dependabot[bot] in #690
Bump github/codeql-action from 3.29.4 to 3.29.5 by @dependabot[bot] in #691
Bump actions/checkout from 4.2.2 to 5.0.0 by @dependabot[bot] in #696
Bump github/codeql-action from 3.29.7 to 3.29.9 by @dependabot[bot] in #697
Bump github/codeql-action from 3.29.9 to 3.29.11 by @dependabot[bot] in #700
Bump github/codeql-action from 3.29.11 to 3.30.0 by @dependabot[bot] in #702
Bump actions/setup-go from 5.5.0 to 6.0.0 by @dependabot[bot] in #703
Bump github/codeql-action from 3.30.0 to 3.30.3 by @dependabot[bot] in #706
Bump github/codeql-action from 3.30.3 to 3.30.4 by @dependabot[bot] in #710
Bump github/codeql-action from 3.30.4 to 3.30.6 by @dependabot[bot] in #712
Bump github/codeql-action from 3.30.6 to 4.30.7 by @dependabot[bot] in #713
Bump github/codeql-action from 4.30.7 to 4.30.8 by @dependabot[bot] in #716
Bump github/codeql-action from 4.30.8 to 4.30.9 by @dependabot[bot] in #718
Bump github/codeql-action from 4.30.9 to 4.31.2 by @dependabot[bot] in #720
Bump github/codeql-action from 4.31.2 to 4.31.3 by @dependabot[bot] in #721
Bump github/codeql-action from 4.31.3 to 4.31.4 by @dependabot[bot] in #724
Bump actions/setup-go from 6.0.0 to 6.1.0 by @dependabot[bot] in #725
Bump actions/checkout from 5.0.0 to 6.0.0 by @dependabot[bot] in #726
Bump github/codeql-action from 4.31.4 to 4.31.5 by @dependabot[bot] in #727
Bump github/codeql-action from 4.31.5 to 4.31.6 by @dependabot[bot] in #728
Bump actions/checkout from 6.0.0 to 6.0.1 by @dependabot[bot] in #729
Bump github/codeql-action from 4.31.6 to 4.31.8 by @dependabot[bot] in #732
Bump github/codeql-action from 4.31.8 to 4.31.9 by @dependabot[bot] in #733
Bump github/codeql-action from 4.31.9 to 4.31.10 by @dependabot[bot] in #738
Bump actions/setup-go from 6.1.0 to 6.2.0 by @dependabot[bot] in #739
Bump actions/checkout from 6.0.1 to 6.0.2 by @dependabot[bot] in #740
Bump github/codeql-action from 4.31.10 to 4.32.0 by @dependabot[bot] in #742
Bump github/codeql-action from 4.32.0 to 4.32.3 by @dependabot[bot] in #745
Bump actions/setup-go from 6.2.0 to 6.3.0 by @dependabot[bot] in #746
Bump github/codeql-action from 4.32.3 to 4.32.4 by @dependabot[bot] in #747
Bump github/codeql-action from 4.32.4 to 4.32.6 by @dependabot[bot] in #748
Bump github/codeql-action from 4.32.6 to 4.34.0 by @dependabot[bot] in #749
Bump github/codeql-action from 4.34.0 to 4.34.1 by @dependabot[bot] in #751
Update README status section by @fxamacker in #758

New Contributors

@makew0rld made their first contributihttps://github.com/fxamacker/cbor/pull/708ll/708

Full Changelog: fxamacker/cbor@v2.9.0...v2.9.1

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

To execute skipped test pipelines write comment /ok-to-test.

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

Signed-off-by: red-hat-konflux-kflux-prd-rh02 <190377777+red-hat-konflux-kflux-prd-rh02[bot]@users.noreply.github.com>

openshift-ci · 2026-05-13T12:10:16Z

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign vkareh for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

openshift-ci · 2026-05-13T12:10:22Z

Hi @red-hat-konflux-kflux-prd-rh02[bot]. Thanks for your PR.

I'm waiting for a openshift-hyperfleet member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

coderabbitai · 2026-05-13T12:10:23Z

📝 Walkthrough

Walkthrough

A minor version update to the indirect Go module dependency github.com/fxamacker/cbor/v2, bumping it from v2.9.0 to v2.9.2 in the go.mod file. This is a patch-level dependency update with no changes to application code or functionality.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description check	✅ Passed	The PR description clearly documents the dependency update from v2.9.0 to v2.9.2 with detailed release notes explaining the changes and their purpose.
Title check	✅ Passed	The title accurately and specifically describes the main change—updating the cbor/v2 dependency to v2.9.2, which is the primary purpose of this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

Create stacked PR
Commit on current branch

🧪 Generate unit tests (beta)

Create PR with unit tests
Commit unit tests in branch konflux/mintmaker/main/github.com-fxamacker-cbor-v2-2.x

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

ciaranRoche · 2026-05-15T11:20:12Z

Closing: superseded by renovate.json config in #140 (HYPERFLEET-1095). MintMaker will re-create grouped updates on the next Monday cycle.

red-hat-konflux-kflux-prd-rh02 · 2026-05-15T12:05:37Z

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update (v2.9.2). You will get a PR once a newer version is released. To ignore this dependency forever, add it to the ignoreDeps array of your Renovate config.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.

chore(deps): update module github.com/fxamacker/cbor/v2 to v2.9.2

794b6a9

Signed-off-by: red-hat-konflux-kflux-prd-rh02 <190377777+red-hat-konflux-kflux-prd-rh02[bot]@users.noreply.github.com>

openshift-ci Bot requested review from crizzo71 and pnguyen44 May 13, 2026 12:10

openshift-ci Bot added the needs-ok-to-test label May 13, 2026

red-hat-konflux-kflux-prd-rh02 Bot changed the title ~~chore(deps): update module github.com/fxamacker/cbor/v2 to v2.9.2~~ Update module github.com/fxamacker/cbor/v2 to v2.9.2 May 14, 2026

ciaranRoche closed this May 15, 2026

red-hat-konflux-kflux-prd-rh02 Bot deleted the konflux/mintmaker/main/github.com-fxamacker-cbor-v2-2.x branch May 15, 2026 12:05

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update module github.com/fxamacker/cbor/v2 to v2.9.2#128

Update module github.com/fxamacker/cbor/v2 to v2.9.2#128
red-hat-konflux-kflux-prd-rh02[bot] wants to merge 1 commit into
mainfrom
konflux/mintmaker/main/github.com-fxamacker-cbor-v2-2.x

red-hat-konflux-kflux-prd-rh02 Bot commented May 13, 2026 •

edited

Loading

Uh oh!

openshift-ci Bot commented May 13, 2026

Uh oh!

openshift-ci Bot commented May 13, 2026

Uh oh!

coderabbitai Bot commented May 13, 2026 •

edited

Loading

Walkthrough

Estimated code review effort

Uh oh!

ciaranRoche commented May 15, 2026

Uh oh!

red-hat-konflux-kflux-prd-rh02 Bot commented May 15, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

red-hat-konflux-kflux-prd-rh02 Bot commented May 13, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release Notes

v2.9.2

What's Changed

CI / GitHub Actions and Docs

v2.9.1

🐞 Bug fixes related to the keyasint feature

🐞 Other bug fixes and defensive checks

What's Changed

CI / GitHub Actions and Docs

New Contributors

Configuration

Documentation

Uh oh!

openshift-ci Bot commented May 13, 2026

Uh oh!

openshift-ci Bot commented May 13, 2026

Uh oh!

coderabbitai Bot commented May 13, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Walkthrough

Estimated code review effort

Uh oh!

ciaranRoche commented May 15, 2026

Uh oh!

red-hat-konflux-kflux-prd-rh02 Bot commented May 15, 2026

Renovate Ignore Notification

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

red-hat-konflux-kflux-prd-rh02 Bot commented May 13, 2026 •

edited

Loading

`v2.9.2`

`v2.9.1`

🐞 Bug fixes related to the `keyasint` feature

coderabbitai Bot commented May 13, 2026 •

edited

Loading