Skip to content

Bump github.com/fxamacker/cbor/v2 from 2.9.2-0.20260331174317-a78e92ec038e to 2.9.2#1001

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/go_modules/github.com/fxamacker/cbor/v2-2.9.2
Open

Bump github.com/fxamacker/cbor/v2 from 2.9.2-0.20260331174317-a78e92ec038e to 2.9.2#1001
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/go_modules/github.com/fxamacker/cbor/v2-2.9.2

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 25, 2026
edited
Loading

Bumps github.com/fxamacker/cbor/v2 from 2.9.2-0.20260331174317-a78e92ec038e to 2.9.2.

Release notes

Sourced from github.com/fxamacker/cbor/v2's releases.

v2.9.2

This release refactors and hardens the streaming encoder by adding stricter checks for encoding CBOR indefinite-length data. Other changes include minor bugfixes, defensive checks, and more tests.

Projects that don't use CBOR indefinite-length data may also want to upgrade (summary of prior releases).

The stricter checks in the encoder prevent improper use of the library and bad inputs from producing malformed CBOR indefinite-length data that would be rejected by the decoder.

This release passed fuzz tests (billions of execs) and it is production quality.

What's Changed

CI / GitHub Actions and Docs

Full Changelog: fxamacker/cbor@v2.9.1...v2.9.2

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels May 25, 2026
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 25, 2026
edited
Loading

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 1 package(s) with unknown licenses.
See the Details below.

License Issues

go.mod

PackageVersionLicenseIssue Type
github.com/fxamacker/cbor/v22.9.2NullUnknown License

OpenSSF Scorecard

PackageVersionScoreDetails
gomod/github.com/fxamacker/cbor/v2 2.9.2 UnknownUnknown

Scanned Files

  • go.mod

@dependabot
Bump github.com/fxamacker/cbor/v2
6ccf2f6 
Bumps [github.com/fxamacker/cbor/v2](https://github.com/fxamacker/cbor) from 2.9.2-0.20260331174317-a78e92ec038e to 2.9.2.
- [Release notes](https://github.com/fxamacker/cbor/releases)
- [Commits](https://github.com/fxamacker/cbor/commits/v2.9.2)

---
updated-dependencies:
- dependency-name: github.com/fxamacker/cbor/v2
  dependency-version: 2.9.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/go_modules/github.com/fxamacker/cbor/v2-2.9.2 branch from 09235c8 to 6ccf2f6 Compare June 3, 2026 00:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@janezpodhostnik janezpodhostnik Awaiting requested review from janezpodhostnik janezpodhostnik is a code owner

@chasefleming chasefleming Awaiting requested review from chasefleming chasefleming is a code owner

@jribbink jribbink Awaiting requested review from jribbink jribbink is a code owner

@peterargue peterargue Awaiting requested review from peterargue peterargue is a code owner

@mfbz mfbz Awaiting requested review from mfbz mfbz is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants