bump deps

[jmank88]

• https://github.com/fxamacker/cbor/v2 v2.5.0

• https://github.com/go-webauthn/webauthn v0.8.6

• https://github.com/prometheus/common v0.45.0

• https://github.com/prometheus/prometheus v0.47.2

• https://github.com/tidwall/gjson v1.17.0

• https://gonum.org/v1/gonum v0.14.0

[github-actions]

I see that you haven't updated any README files. Would it make sense to do so?

[jmank88]

@nolag it looks like this cbor version bump is breaking some tests 🤦

[fxamacker]

@nolag it looks like this cbor version bump is breaking some tests 🤦

Hi, I'm the maintainer of the cbor library. I'm sorry the update to v2.5.0 broke some tests, maybe I can help.

cbor library changes are usually introduced as non-default options to prevent compatibility breaks but some exceptions were made in v2.5 and highlighted in ⭐ Notable Changes to Review Before Upgrading in v2.5.0 release notes.

For example, test breakage might be due to improved error-handling in cbor v2.5.0 (e.g. previously missed problem being detected and reported as error).

A small self-contained reproducer could help projects upgrade to v2.5.0 (e.g. https://github.com/go-webauthn/webauthn v0.8.6 listed in this pull request is also using cbor v2.4.0). I can take a look at the reproducer this weekend if one is available.

Please let me know if I can help in any other way to make the upgrade work.

[jmank88]

It looks like we just had four test cases failing due to:

Make Unmarshal() and Valid() return cbor.ExtraneousDataError (instead of ignoring extraneous data if any remain).

Two were just incidental bytes to truncate, and two others were explicit trailing bytes cases that needed to change their expectation of success.

[nolag]

Thanks, I'll verify what will need to be done in the branch I'm working on and make it work there or work with the cbor dev :).

[nolag]

I have more context now, we can't just update it. The encoding sent from EVM will have the extra trailing characters. We would need to use the length in the array returned (the first word) to trim the cbor before calling the function.

I'm going to downgrade cbor's use to 2.4 the branch that we're using for our work so we don't need to tackle it now, but we (or the functions team) should try to eventually fix this so it can be upgraded.

[fxamacker]

I have more context now, we can't just update it. The encoding sent from EVM will have the extra trailing characters. We would need to use the length in the array returned (the first word) to trim the cbor before calling the function.

I'm going to downgrade cbor's use to 2.4 the branch that we're using for our work so we don't need to tackle it now, but we (or the functions team) should try to eventually fix this so it can be upgraded.

@nolag UnmarshalFirst() function added in v2.5.0 can be used to detect and handle extraneous bytes without error.

// UnmarshalFirst decodes first CBOR data item and returns remaining bytes.
rest, err = cbor.UnmarshalFirst(b, &v)   // decode []byte b to v

[cl-sonarqube-production]

SonarQube Quality Gate

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

100.0% Coverage
0.0% Duplication