build(deps): bump github.com/fxamacker/cbor/v2 from 2.4.0 to 2.5.0

[dependabot]

Bumps github.com/fxamacker/cbor/v2 from 2.4.0 to 2.5.0.

Release notes

Sourced from github.com/fxamacker/cbor/v2's releases.

v2.5.0

This release adds important new features, optimizations, bug fixes, and 8 new contributors. Fuzz tests passed 5+ billion execs for CBOR encoding and decoding functions.

Notable changes are split into 3 categories.

⭐ Notable Changes to Review Before Upgrading

These new features and bug fixes were cherry-picked to highlight for review (for projects using older version).

• PR 370: Add SimpleValue type to more fully support CBOR Simple Values, including values not assigned by IANA and...
• PR 376: Add ByteString type to support CBOR maps with byte string keys because Go doesn't allow []byte as map keys and...
• PR 379: Make Decoder.Decode() return io.ErrUnexpectedEOF instead of io.EOF on EOF if current CBOR data item is incomplete.
• PR 380: Make Unmarshal() and Valid() return cbor.ExtraneousDataError (instead of ignoring extraneous data if any remain).
• PR 387: Retry in Decoder if io.Reader's Read() returns 0 bytes read with nil error. Add tests to get 100% code coverage for stream.go.

⭐ More Notable Changes

• PR 342: Add DecOptions.UTF8 to decode invalid UTF-8. Default is unchanged (reject invalid UTF-8 and return error).
• PR 355 Allow MaxNestedLevels setting to be configured up to 65535.
• PR 352, 377: Add EncOptions.NilContainersMode to encode nil Go maps and slices as either CBOR nil (default) or empty container.
• PR 381: Add Decoder.Skip() to skip CBOR data item in CBOR Sequences (RFC 8742).
• PR 386 Add functions for Extended Diagnostic Notation (RFC 8610 Appendix G).
• PR 398 Add UnmarshalFirst() to decode CBOR data item and also return remaining bytes.
• PR 400 Deprecate Valid and add Wellformed to replace it.
• PR 402 Add UnmarshalFirst() to DecMode interface.
• PR 412 Add Decoder.Buffered to return remaining data in buffer.

🚀 Notable Changes Affecting Speed or Memory Use

• PR 335: Reuse underlying array if RawMessage has sufficient capacity.
• PR 382: Return buffer to pool in Encode(). It adds a bit of overhead to Encode() but NewEncoder().Encode() is faster and uses less memory.

Benchmark comparison for PR 382 shows significant improvement in speed and memory use.

Benchmarks provided by @​x448 for NewEncoder().Encode() optimized in PR 382.

$ benchstat bench-v2.4.0.log bench-f9e6291.log 
goos: linux
goarch: amd64
pkg: github.com/fxamacker/cbor/v2
cpu: 12th Gen Intel(R) Core(TM) i7-12700H
                                                     │ bench-v2.4.0.log │  bench-f9e6291.log                  │
                                                     │      sec/op      │   sec/op     vs base                │
NewEncoderEncode/Go_bool_to_CBOR_bool-20                   236.70n ± 2%   58.04n ± 1%  -75.48% (p=0.000 n=10)
NewEncoderEncode/Go_uint64_to_CBOR_positive_int-20         238.00n ± 2%   63.93n ± 1%  -73.14% (p=0.000 n=10)
NewEncoderEncode/Go_int64_to_CBOR_negative_int-20          238.65n ± 2%   64.88n ± 1%  -72.81% (p=0.000 n=10)
NewEncoderEncode/Go_float64_to_CBOR_float-20               242.00n ± 2%   63.00n ± 1%  -73.97% (p=0.000 n=10)
</tr></table> 

... (truncated)

Commits

• 3b32167 Update README.md for v2.5.0 (#424)
• 9cab20e Update CONTRIBUTING.md (#423)
• 5792a94 Update README.md for v2.5.0 (#422)
• 837230c Update intro and cbor quick start in README (#421)
• 6697177 Merge pull request #419 from fxamacker/fxamacker/fix-first-sentence-in-readme
• 1c816ea Update README.md
• 7f7139c Merge pull request #418 from fxamacker/fxamacker/update-readme-for-v2.5.0-rc1
• 1a5815e Update README for cbor v2.5.0-rc1
• 969aa36 Merge pull request #417 from fxamacker/remove-ignored-UTF8-setting-in-diagMode
• 09ebf1b Remove ignored UTF8 setting in diagMode()
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[shizhMSFT]

LGTM

[priteshbandi]

LGTM

[shizhMSFT]

We can wait for veraison/go-cose#166 to be merged first then this one.

[ghost]

LGTM

[priteshbandi]

@dependabot merge