build(deps): bump github.com/fxamacker/cbor/v2 from 2.9.0 to 2.9.1

[dependabot]

Bumps github.com/fxamacker/cbor/v2 from 2.9.0 to 2.9.1.

Release notes

Sourced from github.com/fxamacker/cbor/v2's releases.

v2.9.1

This release includes important bugfixes, defensive checks, improved code quality, and more tests. Although not public, the fuzzer was also improved by adding more fuzz tests.

🐞 Bug fixes related to the keyasint feature

These changes only affect Go struct fields tagged with keyasint:

• [Decoding] Reject integer keys that exceed math.MaxInt64 when decoding CBOR map to a struct with keyasint field (PR #757)
• [Decoding] Prevent string representation of an integer key from matching the struct field tagged by keyasint (PR #757)
• [Encoding & Decoding] Deduplicate struct fields with the same normalized keyasint tag values (PR #757)

🐞 Other bug fixes and defensive checks

Some of the bugs fixed are related to decoding extreme values that cannot be encoded with this library. For example, the decoder checks if epoch time encoded as CBOR float value representing hundreds of billions of years overflows int64(seconds).

NOTE: It is generally good practice to avoid using floating point to store epoch time (even when not using CBOR).

• [Decoding] Reject decoding epoch time encoded as floats that overflow int64 (PR #753)
• [Encoding] Return a cloned slice for an empty RawMessage from RawMessage.MarshalCBOR (PR #753)
• [Encoding] Reject encoding nil inside indefinite-length strings (PR #750)
• [Diagnostic] Accept valid U+FFFD replacement character (PR #753)

What's Changed

• 🆕 Add TimeMode encoding option TimeRFC3339NanoUTC by @​fxamacker in fxamacker/cbor#688
• Use actual negative zero in tests by @​makew0rld in fxamacker/cbor#708
• Reject encoding nil inside CBOR indefinite-length string by @​fxamacker in fxamacker/cbor#750
• Refactor and add tests by @​fxamacker in fxamacker/cbor#752
• Small bugfixes, defensive checks, and improvements by @​fxamacker in fxamacker/cbor#753
• Refactor parseMapToStruct(), getDecodingStructType(), getEncodingStructType(), and field struct by @​fxamacker in fxamacker/cbor#754
• Fix several issues related to keyasint tag option by @​fxamacker in fxamacker/cbor#757

CI / GitHub Actions and Docs

• Bump github/codeql-action from 3.29.2 to 3.29.4 by @​dependabot[bot] in fxamacker/cbor#690
• Bump github/codeql-action from 3.29.4 to 3.29.5 by @​dependabot[bot] in fxamacker/cbor#691
• Bump actions/checkout from 4.2.2 to 5.0.0 by @​dependabot[bot] in fxamacker/cbor#696
• Bump github/codeql-action from 3.29.7 to 3.29.9 by @​dependabot[bot] in fxamacker/cbor#697
• Bump github/codeql-action from 3.29.9 to 3.29.11 by @​dependabot[bot] in fxamacker/cbor#700
• Bump github/codeql-action from 3.29.11 to 3.30.0 by @​dependabot[bot] in fxamacker/cbor#702
• Bump actions/setup-go from 5.5.0 to 6.0.0 by @​dependabot[bot] in fxamacker/cbor#703
• Bump github/codeql-action from 3.30.0 to 3.30.3 by @​dependabot[bot] in fxamacker/cbor#706
• Bump github/codeql-action from 3.30.3 to 3.30.4 by @​dependabot[bot] in fxamacker/cbor#710
• Bump github/codeql-action from 3.30.4 to 3.30.6 by @​dependabot[bot] in fxamacker/cbor#712
• Bump github/codeql-action from 3.30.6 to 4.30.7 by @​dependabot[bot] in fxamacker/cbor#713
• Bump github/codeql-action from 4.30.7 to 4.30.8 by @​dependabot[bot] in fxamacker/cbor#716
• Bump github/codeql-action from 4.30.8 to 4.30.9 by @​dependabot[bot] in fxamacker/cbor#718
• Bump github/codeql-action from 4.30.9 to 4.31.2 by @​dependabot[bot] in fxamacker/cbor#720

... (truncated)

Commits

• 63d1c66 Merge pull request #758 from fxamacker/fxamacker/update-readme-for-release
• e8b10c3 Merge pull request #757 from fxamacker/fxamacker/fix-keyasint
• 4dd026b Update README status
• 3076938 Update golangci-lint to v2.10.1
• 6920cbe Migrate .golangci.yml to version 2
• 05358b1 Fix several issues related to keyasint
• 3851e1b Merge pull request #754 from fxamacker/fxamacker/refactor-parseMapToStruct-etc
• 48a18bf Refactor field
• 59d62f5 Merge pull request #753 from fxamacker/fxamacker/small-bugfixes
• 46bc977 Merge pull request #752 from fxamacker/fxamacker/refactor-and-add-tests
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dependabot[bot]
Once this PR has been reviewed and has the lgtm label, please assign jmhbnz for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[hwdef]

/lgtm