Skip to content

fix(deps): update module github.com/go-webauthn/webauthn to v0.17.4#2737

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/github.com-go-webauthn-webauthn-0.x
Open

fix(deps): update module github.com/go-webauthn/webauthn to v0.17.4#2737
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/github.com-go-webauthn-webauthn-0.x

Conversation

@renovate

@renovate renovate Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
github.com/go-webauthn/webauthn v0.13.4v0.17.4 age confidence

Release Notes

go-webauthn/webauthn (github.com/go-webauthn/webauthn)

v0.17.4

Compare Source

Dependency Updates

This release just contains updates to dependencies.

v0.17.3

Compare Source

Dependency Updates

This release just contains updates to dependencies.

v0.17.2

Compare Source

Bug Fixes
  • webauthn: include verify attestation func for credential (#​679) (1f354c8)

v0.17.1

Compare Source

Bug Fixes

v0.17.0

Compare Source

Bug Fixes
  • protocol: short-circuit apple attestation extension lookup (#​664) (5296bc7)
Features
BREAKING CHANGES
  • A bug with the Credential Record which was
    introduced early in the libraries lifecycle has resulted in a
    breaking change to the Credential struct. If you are manually
    serializing this struct instead of using encoding/json you
    will be required to make manual changes; though Integrators
    should consider these notes regardless.

    • protocol.CredentialTypeFIDOU2F has been removed;
      replace uses with protocol.AttestationFormatFIDOUniversalSecondFactor
      (cast to string where the destination field is a plain string).

    • The semantics of the AttestationType field on webauthn.Credential
      and protocol.CredentialDescriptor have changed. Integrators that
      inspect this field to detect a format (typically checking for
      "fido-u2f") must switch to the new AttestationFormat field; the
      FIDO-U2F AppID and AppIDExclude extension helpers now key on
      AttestationFormat, so a descriptor literal constructed with
      AttestationType: "fido-u2f" will no longer trigger them.

    • Stored Credential JSON records are migrated transparently by the
      new UnmarshalJSON, but re-marshaled records will carry
      attestationFormat rather than a format string in attestationType;
      downstream consumers that parsed the legacy shape directly should
      be updated.

    • The Credential.Verify method has been updated and may fail in
      previous scenarios where it passed previously. It will also update
      the AttestationType value as a side-effect when used.

  • The Cross-Origin verification semantics have changed
    significantly due to the stabilization of the WebAuthn Level 3
    specification. It is no longer possible to disable verification, and
    Cross-Origin ceremonies must explicitly be allowed in this release.

    • protocol.TopOriginIgnoreVerificationMode has been removed. Code that
      referenced it must switch to one of the other constants as there is
      no longer a mode which disables the Top Origin verification such as:

      • TopOriginExplicitVerificationMode; match against RPTopOrigins only
        (recommended, and the new coerced default)
      • TopOriginAutoVerificationMode; match against the union of
        RPTopOrigins and RPOrigins
      • TopOriginImplicitVerificationMode; match against RPOrigins only
    • webauthn.Config.validate now rewrites a zero-valued
      RPTopOriginVerificationMode to TopOriginExplicitVerificationMode.
      Integrators that left the field unset previously got ignore-mode
      semantics (any Top Origin accepted); they now get strict matching
      against RPTopOrigins and must populate that list, or explicitly
      select a different mode; for Cross-Origin flows to succeed.

    • Cross-Origin ceremonies (those where the authenticator reports
      crossOrigin = true in the ClientData) are rejected by default.
      Integrators that rely on iframe-embedded or other Cross-Origin WebAuthn
      flows must set webauthn.Config.RPAllowCrossOrigin = true. The library
      continues to enforce Top Origin verification on accepted Cross-Origin
      ceremonies per the configured mode.

    • protocol.CollectedClientData.Verify no longer accepts
      TopOriginIgnoreVerificationMode; callers that pass an unknown mode
      receive ErrNotImplemented with detail "unknown Top Origin
      verification mode".

v0.16.5

Compare Source

Bug Fixes
  • protocol: short-circuit apple attestation extension lookup (#​664) (5296bc7)
Features
BREAKING CHANGES
  • A bug with the Credential Record which was
    introduced early in the libraries lifecycle has resulted in a
    breaking change to the Credential struct. If you are manually
    serializing this struct instead of using encoding/json you
    will be required to make manual changes; though Integrators
    should consider these notes regardless.

    • protocol.CredentialTypeFIDOU2F has been removed;
      replace uses with protocol.AttestationFormatFIDOUniversalSecondFactor
      (cast to string where the destination field is a plain string).

    • The semantics of the AttestationType field on webauthn.Credential
      and protocol.CredentialDescriptor have changed. Integrators that
      inspect this field to detect a format (typically checking for
      "fido-u2f") must switch to the new AttestationFormat field; the
      FIDO-U2F AppID and AppIDExclude extension helpers now key on
      AttestationFormat, so a descriptor literal constructed with
      AttestationType: "fido-u2f" will no longer trigger them.

    • Stored Credential JSON records are migrated transparently by the
      new UnmarshalJSON, but re-marshaled records will carry
      attestationFormat rather than a format string in attestationType;
      downstream consumers that parsed the legacy shape directly should
      be updated.

    • The Credential.Verify method has been updated and may fail in
      previous scenarios where it passed previously. It will also update
      the AttestationType value as a side-effect when used.

  • The Cross-Origin verification semantics have changed
    significantly due to the stabilization of the WebAuthn Level 3
    specification. It is no longer possible to disable verification, and
    Cross-Origin ceremonies must explicitly be allowed in this release.

    • protocol.TopOriginIgnoreVerificationMode has been removed. Code that
      referenced it must switch to one of the other constants as there is
      no longer a mode which disables the Top Origin verification such as:

      • TopOriginExplicitVerificationMode; match against RPTopOrigins only
        (recommended, and the new coerced default)
      • TopOriginAutoVerificationMode; match against the union of
        RPTopOrigins and RPOrigins
      • TopOriginImplicitVerificationMode; match against RPOrigins only
    • webauthn.Config.validate now rewrites a zero-valued
      RPTopOriginVerificationMode to TopOriginExplicitVerificationMode.
      Integrators that left the field unset previously got ignore-mode
      semantics (any Top Origin accepted); they now get strict matching
      against RPTopOrigins and must populate that list, or explicitly
      select a different mode; for Cross-Origin flows to succeed.

    • Cross-Origin ceremonies (those where the authenticator reports
      crossOrigin = true in the ClientData) are rejected by default.
      Integrators that rely on iframe-embedded or other Cross-Origin WebAuthn
      flows must set webauthn.Config.RPAllowCrossOrigin = true. The library
      continues to enforce Top Origin verification on accepted Cross-Origin
      ceremonies per the configured mode.

    • protocol.CollectedClientData.Verify no longer accepts
      TopOriginIgnoreVerificationMode; callers that pass an unknown mode
      receive ErrNotImplemented with detail "unknown Top Origin
      verification mode".

0.16.5 (2026-04-19)

Bug Fixes

0.16.4 (2026-04-09)

0.16.3 (2026-04-05)

Bug Fixes
Features

0.16.2 (2026-03-30)

Bug Fixes
Features

0.16.1 (2026-03-12)

Bug Fixes

v0.16.4

Compare Source

Bug Fixes
  • protocol: short-circuit apple attestation extension lookup (#​664) (5296bc7)
Features
BREAKING CHANGES
  • A bug with the Credential Record which was
    introduced early in the libraries lifecycle has resulted in a
    breaking change to the Credential struct. If you are manually
    serializing this struct instead of using encoding/json you
    will be required to make manual changes; though Integrators
    should consider these notes regardless.

    • protocol.CredentialTypeFIDOU2F has been removed;
      replace uses with protocol.AttestationFormatFIDOUniversalSecondFactor
      (cast to string where the destination field is a plain string).

    • The semantics of the AttestationType field on webauthn.Credential
      and protocol.CredentialDescriptor have changed. Integrators that
      inspect this field to detect a format (typically checking for
      "fido-u2f") must switch to the new AttestationFormat field; the
      FIDO-U2F AppID and AppIDExclude extension helpers now key on
      AttestationFormat, so a descriptor literal constructed with
      AttestationType: "fido-u2f" will no longer trigger them.

    • Stored Credential JSON records are migrated transparently by the
      new UnmarshalJSON, but re-marshaled records will carry
      attestationFormat rather than a format string in attestationType;
      downstream consumers that parsed the legacy shape directly should
      be updated.

    • The Credential.Verify method has been updated and may fail in
      previous scenarios where it passed previously. It will also update
      the AttestationType value as a side-effect when used.

  • The Cross-Origin verification semantics have changed
    significantly due to the stabilization of the WebAuthn Level 3
    specification. It is no longer possible to disable verification, and
    Cross-Origin ceremonies must explicitly be allowed in this release.

    • protocol.TopOriginIgnoreVerificationMode has been removed. Code that
      referenced it must switch to one of the other constants as there is
      no longer a mode which disables the Top Origin verification such as:

      • TopOriginExplicitVerificationMode; match against RPTopOrigins only
        (recommended, and the new coerced default)
      • TopOriginAutoVerificationMode; match against the union of
        RPTopOrigins and RPOrigins
      • TopOriginImplicitVerificationMode; match against RPOrigins only
    • webauthn.Config.validate now rewrites a zero-valued
      RPTopOriginVerificationMode to TopOriginExplicitVerificationMode.
      Integrators that left the field unset previously got ignore-mode
      semantics (any Top Origin accepted); they now get strict matching
      against RPTopOrigins and must populate that list, or explicitly
      select a different mode; for Cross-Origin flows to succeed.

    • Cross-Origin ceremonies (those where the authenticator reports
      crossOrigin = true in the ClientData) are rejected by default.
      Integrators that rely on iframe-embedded or other Cross-Origin WebAuthn
      flows must set webauthn.Config.RPAllowCrossOrigin = true. The library
      continues to enforce Top Origin verification on accepted Cross-Origin
      ceremonies per the configured mode.

    • protocol.CollectedClientData.Verify no longer accepts
      TopOriginIgnoreVerificationMode; callers that pass an unknown mode
      receive ErrNotImplemented with detail "unknown Top Origin
      verification mode".

0.16.5 (2026-04-19)

Bug Fixes

0.16.4 (2026-04-09)

0.16.3 (2026-04-05)

Bug Fixes
Features

0.16.2 (2026-03-30)

Bug Fixes
Features

0.16.1 (2026-03-12)

Bug Fixes

v0.16.3

Compare Source

Bug Fixes
  • protocol: short-circuit apple attestation extension lookup (#​664) (5296bc7)
Features
BREAKING CHANGES
  • A bug with the Credential Record which was
    introduced early in the libraries lifecycle has resulted in a
    breaking change to the Credential struct. If you are manually
    serializing this struct instead of using encoding/json you
    will be required to make manual changes; though Integrators
    should consider these notes regardless.

    • protocol.CredentialTypeFIDOU2F has been removed;
      replace uses with protocol.AttestationFormatFIDOUniversalSecondFactor
      (cast to string where the destination field is a plain string).

    • The semantics of the AttestationType field on webauthn.Credential
      and protocol.CredentialDescriptor have changed. Integrators that
      inspect this field to detect a format (typically checking for
      "fido-u2f") must switch to the new AttestationFormat field; the
      FIDO-U2F AppID and AppIDExclude extension helpers now key on
      AttestationFormat, so a descriptor literal constructed with
      AttestationType: "fido-u2f" will no longer trigger them.

    • Stored Credential JSON records are migrated transparently by the
      new UnmarshalJSON, but re-marshaled records will carry
      attestationFormat rather than a format string in attestationType;
      downstream consumers that parsed the legacy shape directly should
      be updated.

    • The Credential.Verify method has been updated and may fail in
      previous scenarios where it passed previously. It will also update
      the AttestationType value as a side-effect when used.

  • The Cross-Origin verification semantics have changed
    significantly due to the stabilization of the WebAuthn Level 3
    specification. It is no longer possible to disable verification, and
    Cross-Origin ceremonies must explicitly be allowed in this release.

    • protocol.TopOriginIgnoreVerificationMode has been removed. Code that
      referenced it must switch to one of the other constants as there is
      no longer a mode which disables the Top Origin verification such as:

      • TopOriginExplicitVerificationMode; match against RPTopOrigins only
        (recommended, and the new coerced default)
      • TopOriginAutoVerificationMode; match against the union of
        RPTopOrigins and RPOrigins
      • TopOriginImplicitVerificationMode; match against RPOrigins only
    • webauthn.Config.validate now rewrites a zero-valued
      RPTopOriginVerificationMode to TopOriginExplicitVerificationMode.
      Integrators that left the field unset previously got ignore-mode
      semantics (any Top Origin accepted); they now get strict matching
      against RPTopOrigins and must populate that list, or explicitly
      select a different mode; for Cross-Origin flows to succeed.

    • Cross-Origin ceremonies (those where the authenticator reports
      crossOrigin = true in the ClientData) are rejected by default.
      Integrators that rely on iframe-embedded or other Cross-Origin WebAuthn
      flows must set webauthn.Config.RPAllowCrossOrigin = true. The library
      continues to enforce Top Origin verification on accepted Cross-Origin
      ceremonies per the configured mode.

    • protocol.CollectedClientData.Verify no longer accepts
      TopOriginIgnoreVerificationMode; callers that pass an unknown mode
      receive ErrNotImplemented with detail "unknown Top Origin
      verification mode".

0.16.5 (2026-04-19)

Bug Fixes

0.16.4 (2026-04-09)

0.16.3 (2026-04-05)

Bug Fixes
Features

0.16.2 (2026-03-30)

Bug Fixes
Features

0.16.1 (2026-03-12)

Bug Fixes

v0.16.2

Compare Source

Bug Fixes
  • protocol: short-circuit apple attestation extension lookup (#​664) (5296bc7)
Features
BREAKING CHANGES
  • A bug with the Credential Record which was
    introduced early in the libraries lifecycle has resulted in a
    breaking change to the Credential struct. If you are manually
    serializing this struct instead of using encoding/json you
    will be required to make manual changes; though Integrators
    should consider these notes regardless.

    • protocol.CredentialTypeFIDOU2F has been removed;
      replace uses with protocol.AttestationFormatFIDOUniversalSecondFactor
      (cast to string where the destination field is a plain string).

    • The semantics of the AttestationType field on webauthn.Credential
      and protocol.CredentialDescriptor have changed. Integrators that
      inspect this field to detect a format (typically checking for
      "fido-u2f") must switch to the new AttestationFormat field; the
      FIDO-U2F AppID and AppIDExclude extension helpers now key on
      AttestationFormat, so a descriptor literal constructed with
      AttestationType: "fido-u2f" will no longer trigger them.

    • Stored Credential JSON records are migrated transparently by the
      new UnmarshalJSON, but re-marshaled records will carry
      attestationFormat rather than a format string in attestationType;
      downstream consumers that parsed the legacy shape directly should
      be updated.

    • The Credential.Verify method has been updated and may fail in
      previous scenarios where it passed previously. It will also update
      the AttestationType value as a side-effect when used.

  • The Cross-Origin verification semantics have changed
    significantly due to the stabilization of the WebAuthn Level 3
    specification. It is no longer possible to disable verification, and
    Cross-Origin ceremonies must explicitly be allowed in this release.

    • protocol.TopOriginIgnoreVerificationMode has been removed. Code that
      referenced it must switch to one of the other constants as there is
      no longer a mode which disables the Top Origin verification such as:

      • TopOriginExplicitVerificationMode; match against RPTopOrigins only
        (recommended, and the new coerced default)
      • TopOriginAutoVerificationMode; match against the union of
        RPTopOrigins and RPOrigins
      • TopOriginImplicitVerificationMode; match against RPOrigins only
    • webauthn.Config.validate now rewrites a zero-valued
      RPTopOriginVerificationMode to TopOriginExplicitVerificationMode.
      Integrators that left the field unset previously got ignore-mode
      semantics (any Top Origin accepted); they now get strict matching
      against RPTopOrigins and must populate that list, or explicitly
      select a different mode; for Cross-Origin flows to succeed.

    • Cross-Origin ceremonies (those where the authenticator reports
      crossOrigin = true in the ClientData) are rejected by default.
      Integrators that rely on iframe-embedded or other Cross-Origin WebAuthn
      flows must set webauthn.Config.RPAllowCrossOrigin = true. The library
      continues to enforce Top Origin verification on accepted Cross-Origin
      ceremonies per the configured mode.

    • protocol.CollectedClientData.Verify no longer accepts
      TopOriginIgnoreVerificationMode; callers that pass an unknown mode
      receive ErrNotImplemented with detail "unknown Top Origin
      verification mode".

0.16.5 (2026-04-19)

Bug Fixes

0.16.4 (2026-04-09)

0.16.3 (2026-04-05)

Bug Fixes
Features

0.16.2 (2026-03-30)

Bug Fixes
Features

0.16.1 (2026-03-12)

Bug Fixes

v0.16.1

Compare Source

Bug Fixes
  • protocol: short-circuit apple attestation extension lookup (#​664) (5296bc7)
Features
BREAKING CHANGES
  • A bug with the Credential Record which was
    introduced early in the libraries lifecycle has resulted in a
    breaking change to the Credential struct. If you are manually
    serializing this struct instead of using encoding/json you
    will be required to make manual changes; though Integrators
    should consider these notes regardless.

    • protocol.CredentialTypeFIDOU2F has been removed;
      replace uses with protocol.AttestationFormatFIDOUniversalSecondFactor
      (cast to string where the destination field is a plain string).

    • The semantics of the AttestationType field on webauthn.Credential
      and protocol.CredentialDescriptor have changed. Integrators that
      inspect this field to detect a format (typically checking for
      "fido-u2f") must switch to the new AttestationFormat field; the
      FIDO-U2F AppID and AppIDExclude extension helpers now key on
      AttestationFormat, so a descriptor literal constructed with
      AttestationType: "fido-u2f" will no longer trigger them.

    • Stored Credential JSON records are migrated transparently by the
      new UnmarshalJSON, but re-marshaled records will carry
      attestationFormat rather than a format string in attestationType;
      downstream consumers that parsed the legacy shape directly should
      be updated.

    • The Credential.Verify method has been updated and may fail in
      previous scenarios where it passed previously. It will also update
      the AttestationType value as a side-effect when used.

  • The Cross-Origin verification semantics have changed
    significantly due to the stabilization of the WebAuthn Level 3
    specification. It is no longer possible to disable verification, and
    Cross-Origin ceremonies must explicitly be allowed in this release.

    • protocol.TopOriginIgnoreVerificationMode has been removed. Code that
      referenced it must switch to one of the other constants as there is
      no longer a mode which disables the Top Origin verification such as:

      • TopOriginExplicitVerificationMode; match against RPTopOrigins only
        (recommended, and the new coerced default)
      • TopOriginAutoVerificationMode; match against the union of
        RPTopOrigins and RPOrigins
      • TopOriginImplicitVerificationMode; match against RPOrigins only
    • webauthn.Config.validate now rewrites a zero-valued
      RPTopOriginVerificationMode to TopOriginExplicitVerificationMode.
      Integrators that left the field unset previously got ignore-mode
      semantics (any Top Origin accepted); they now get strict matching
      against RPTopOrigins and must populate that list, or explicitly
      select a different mode; for Cross-Origin flows to succeed.

    • Cross-Origin ceremonies (those where the authenticator reports
      crossOrigin = true in the ClientData) are rejected by default.
      Integrators that rely on iframe-embedded or other Cross-Origin WebAuthn
      flows must set webauthn.Config.RPAllowCrossOrigin = true. The library
      continues to enforce Top Origin verification on accepted Cross-Origin
      ceremonies per the configured mode.

    • protocol.CollectedClientData.Verify no longer accepts
      TopOriginIgnoreVerificationMode; callers that pass an unknown mode
      receive ErrNotImplemented with detail "unknown Top Origin
      verification mode".

0.16.5 (2026-04-19)

Bug Fixes

0.16.4 (2026-04-09)

0.16.3 (2026-04-05)

Bug Fixes
Features

0.16.2 (2026-03-30)

Bug Fixes
Features

0.16.1 (2026-03-12)

Bug Fixes

v0.16.0

Compare Source

Bug Fixes
  • protocol: short-circuit apple attestation extension lookup (#​664) (5296bc7)
Features
BREAKING CHANGES
  • A bug with the Credential Record which was
    introduced early in the libraries lifecycle has resulted in a
    breaking change to the Credential struct. If you are manually
    serializing this struct instead of using encoding/json you
    will be required to make manual changes; though Integrators
    should consider these notes regardless.

    • protocol.CredentialTypeFIDOU2F has been removed;
      replace uses with protocol.AttestationFormatFIDOUniversalSecondFactor
      (cast to string where the destination field is a plain string).

    • The semantics of the AttestationType field on webauthn.Credential
      and protocol.CredentialDescriptor have changed. Integrators that
      inspect this field to detect a format (typically checking for
      "fido-u2f") must switch to the new AttestationFormat field; the
      FIDO-U2F AppID and AppIDExclude extension helpers now key on
      AttestationFormat, so a descriptor literal constructed with
      AttestationType: "fido-u2f" will no longer trigger them.

    • Stored Credential JSON records are migrated transparently by the
      new UnmarshalJSON, but re-marshaled records will carry
      attestationFormat rather than a format string in attestationType;
      downstream consumers that parsed the legacy shape directly should
      be updated.

    • The Credential.Verify method has been updated and may fail in
      previous scenarios where it passed previously. It will also update
      the AttestationType value as a side-effect when used.

  • The Cross-Origin verification semantics have changed
    significantly due to the stabilization of the WebAuthn Level 3
    specification. It is no longer possible to disable verification, and
    Cross-Origin ceremonies must explicitly be allowed in this release.

    • protocol.TopOriginIgnoreVerificationMode has been removed. Code that
      referenced it must switch to one of the other constants as there is
      no longer a mode which disables the Top Origin verification such as:

      • TopOriginExplicitVerificationMode; match against RPTopOrigins only
        (recommended, and the new coerced default)
      • TopOriginAutoVerificationMode; match against the union of
        RPTopOrigins and RPOrigins
      • TopOriginImplicitVerificationMode; match against RPOrigins only
    • webauthn.Config.validate now rewrites a zero-valued
      RPTopOriginVerificationMode to TopOriginExplicitVerificationMode.
      Integrators that left the field unset previously got ignore-mode
      semantics (any Top Origin accepted); they now get strict matching
      against RPTopOrigins and must populate that list, or explicitly
      select a different mode; for Cross-Origin flows to succeed.

    • Cross-Origin ceremonies (those where the authenticator reports
      crossOrigin = true in the ClientData) are rejected by default.
      Integrators that rely on iframe-embedded or other Cross-Origin WebAuthn
      flows must set webauthn.Config.RPAllowCrossOrigin = true. The library
      continues to enforce Top Origin verification on accepted Cross-Origin
      ceremonies per the configured mode.

    • protocol.CollectedClientData.Verify no longer accepts
      TopOriginIgnoreVerificationMode; callers that pass an unknown mode
      receive ErrNotImplemented with detail "unknown Top Origin
      verification mode".

0.16.5 (2026-04-19)

Bug Fixes

0.16.4 (2026-04-09)

0.16.3 (2026-04-05)

Bug Fixes
Features

0.16.2 (2026-03-30)

Bug Fixes
Features

0.16.1 (2026-03-12)

Bug Fixes

v0.15.0

Compare Source

BREAKING CHANGES

This release has a very small chance to have a breaking change that was not detected in the automatic or manual tests due to the module replacement of github.com/mitchellh/mapstructure with github.com/go-viper/mapstructure/v2. This is exclusively used by the metadata implementation and the Android SafetyNet Attestation implementation.

It's unlikely anyone will encounter any issues but if they do please report them via normal means and the issue can either be fixed or an addendum to the release notes can be made; whichever is most appropriate.

v0.14.0

Compare Source

Bug Fixes
Features

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate

renovate Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor Author

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 5 additional dependencies were updated

Details:

Package Change
golang.org/x/crypto v0.51.0 -> v0.52.0
github.com/fxamacker/cbor/v2 v2.9.0 -> v2.9.2
github.com/go-webauthn/x v0.1.23 -> v0.2.6
github.com/golang-jwt/jwt/v5 v5.2.3 -> v5.3.1
github.com/google/go-tpm v0.9.5 -> v0.9.8

@elysia-best elysia-best added AUTO Automatically created by robots/AIs dependencies labels Jul 8, 2026
@renovate renovate Bot force-pushed the renovate/github.com-go-webauthn-webauthn-0.x branch 2 times, most recently from ff9fbeb to 1b9f559 Compare July 9, 2026 09:55
@renovate renovate Bot force-pushed the renovate/github.com-go-webauthn-webauthn-0.x branch from 1b9f559 to 61421c1 Compare July 10, 2026 04:28
@renovate renovate Bot force-pushed the renovate/github.com-go-webauthn-webauthn-0.x branch from 61421c1 to a9fb81f Compare July 12, 2026 09:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

AUTO Automatically created by robots/AIs dependencies

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant