build(deps): bump github.com/fxamacker/cbor/v2 from 2.2.0 to 2.3.1

[dependabot]

Bumps github.com/fxamacker/cbor/v2 from 2.2.0 to 2.3.1.

Release notes

Sourced from github.com/fxamacker/cbor/v2's releases.

v2.3.1 (Dec 28, 2021)

IMPORTANT:

• This release fixes an important typo in README and omission in CONTRIBUTING.
• No changes to code outside _test.go files.
• Changes to non-test files are limited to comments.
• Next release (v2.4.0) started fuzz testing and is expected to be tagged within 1-2 weeks.

Changes to v2.3.1 include:

• Fix typo in docs (example code snippet) that can cause bugs. Thanks @​herrjemand!
• Update CONTRIBUTING to mention signing requirements. Thanks @​lukseven and @​x448!
• Update README. Thanks @​x448 and @​rumpelsepp!
• Update ci.yml to use Go 1.17.x. Thanks @​x448!
• Add Revive as a lint checker.
• Cleanup lint messages in _test.go files
• Cleanup lint messages in non-test files if the changes are limited to comments (no actual coding changes).

Full Changelog: fxamacker/cbor@v2.3.0...v2.3.1

v2.3.0 (May 30, 2021)

Upgrading is recommended: v2.3.0 has bug fixes, is faster, and passed 1+ billion execs fuzzing.

⭐ Features and Improvements

• Add built-in support for big.Int (#209)
• Add support for tag 55799 self-describing CBOR (#227)
• Export valid function (#248)
• Increase user-configurable CBOR limit for MaxArrayElements and MaxMapPairs (#207)
• Add decoding option to be more strict than encoding/json: fail on CBOR map if destination struct field is not found (#178)
• Add option for decoding CBOR pos and neg integer to interface{} to not distinguish between uint and int (#216)

🚀 Performance

fxamacker/cbor 2.3.0 is faster than 2.2.0 by up to 14% (using CWT and COSE example data from RFCs).

name                                 old time/op    new time/op    delta
DecodeCWTClaims-4                      1.34µs ± 0%    1.25µs ± 0%   -6.90%  (p=0.000 n=10+9)
DecodeCOSE/128-Bit_Symmetric_Key-4     1.01µs ± 0%    0.86µs ± 0%  -14.02%  (p=0.000 n=9+9)
DecodeCOSE/256-Bit_Symmetric_Key-4     1.02µs ± 0%    0.88µs ± 0%  -13.60%  (p=0.000 n=9+10)
DecodeCOSE/ECDSA_P256_256-Bit_Key-4    1.69µs ± 0%    1.45µs ± 0%  -14.14%  (p=0.000 n=10+10)
DecodeWebAuthn-4                       1.46µs ± 0%    1.32µs ± 0%   -9.65%  (p=0.000 n=10+10)
EncodeCWTClaims-4                       766ns ± 0%     780ns ± 0%   +1.87%  (p=0.000 n=10+10)
EncodeCOSE/128-Bit_Symmetric_Key-4      910ns ± 0%     908ns ± 0%     ~     (p=0.059 n=9+10)
EncodeCOSE/256-Bit_Symmetric_Key-4      912ns ± 0%     912ns ± 0%     ~     (p=0.909 n=10+10)
EncodeCOSE/ECDSA_P256_256-Bit_Key-4    1.13µs ± 1%    1.14µs ± 0%   +0.61%  (p=0.001 n=9+10)
EncodeWebAuthn-4                        794ns ± 2%     823ns ± 1%   +3.69%  (p=0.000 n=9+10)

... (truncated)

Commits

• bd3cab7 Update CBOR docs
• 033552c Update CBOR docs
• c89cf33 Merge pull request #315 from x448/patch-22
• 3cafefc Update README.md
• c9b463f Update README.md
• 6844380 Merge pull request #314 from x448/patch-21
• 12eb3c7 Update CONTRIBUTING.md
• 7c0cd90 Bump safer-golangci-lint.yml to 1.43.0
• 1ca0c31 Merge pull request #307 from fxamacker/fxamcker/fix-lint-error
• e0963b1 Add revive as a default lint checker
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #512.