Merge with master branch

Author: fxamacker

.github/workflows/safer-golangci-lint.yml

@@ -28,10 +28,12 @@
 #   1. GOLINTERS_VERSION
 #   2. GOLINTERS_TGZ_DGST
 #
-# Release v1.42.1 (September 29, 2021)
-#   - Bump golangci-lint to 1.42.1.
-#   - sha256(linux-amd64.tar.gz) is 214b093c15863430c4b66dd39df677dab6e38fc873ded147e331740d50eea51f
-#   - sha384(linux-amd64.tar.gz) is 80e7e4afb5a58985fdd2ee7c099086541bc41a46b59dac1ae04f73c25abeafe30e5cd91dd1a57dc754efaad779c849cb
+# Release v1.43.0 (Dec 5, 2021)
+#   - Bump Go to 1.17.x.
+#   - Bump golangci-lint to 1.43.0.
+#   - Checksum for golangci-lint-1.43.0-linux-amd64.tar.gz
+#     - SHA-256 is f3515cebec926257da703ba0a2b169e4a322c11dc31a8b4656b50a43e48877f4
+#     - SHA-384 is 0a5e9adc3cc93fbc2e3c8f4daee061e77407fe3e702001021ef03c8bdf39a81c36c42d35e8ba970f4f09db2279c881bf
 #
 name: linters
 
@@ -42,9 +44,9 @@ on:
     branches: [main, master]
 
 env:
-  GOLINTERS_VERSION: 1.42.1
+  GOLINTERS_VERSION: 1.43.0
   GOLINTERS_ARCH: linux-amd64
-  GOLINTERS_TGZ_DGST: 80e7e4afb5a58985fdd2ee7c099086541bc41a46b59dac1ae04f73c25abeafe30e5cd91dd1a57dc754efaad779c849cb
+  GOLINTERS_TGZ_DGST: 0a5e9adc3cc93fbc2e3c8f4daee061e77407fe3e702001021ef03c8bdf39a81c36c42d35e8ba970f4f09db2279c881bf
   GOLINTERS_TIMEOUT: 5m
   OPENSSL_DGST_CMD: openssl dgst -sha384 -r
   CURL_CMD: curl --proto =https --tlsv1.2 --location --silent --show-error --fail
@@ -62,7 +64,7 @@ jobs:
       - name: Setup Go
         uses: actions/setup-go@v2
         with:
-          go-version: 1.16.x
+          go-version: 1.17.x
 
       - name: Install golangci-lint
         run: |

CONTRIBUTING.md

@@ -1,47 +1,58 @@
 # How to contribute
 
-This project started because I needed an easy, small, and crash-proof CBOR library for my [WebAuthn (FIDO2) server library](https://github.com/fxamacker/webauthn). I believe this was the first and still only standalone CBOR library (in Go) that is fuzz tested as of November 10, 2019.
+Here are some ways you can contribute:
 
-To my surprise, Stefan Tatschner (rumpelsepp) submitted the first 2 issues when I didn't expect this project to be noticed.  So I decided to make it more full-featured for others by announcing releases and asking for feedback. Even this document exists because Montgomery Edwards⁴⁴⁸ (x448) opened [issue #22](https://github.com/fxamacker/cbor/issues/22).  In other words, you can contribute by opening an issue that helps the project improve. Especially in the early stages.
-
-When I announced v1.2 on Go Forum, Jakob Borg (calmh) responded with a thumbs up and encouragement.  Another project of equal priority needed my time and Jakob's kind words tipped the scale for me to work on this one (speedups for [milestone v1.3](https://github.com/fxamacker/cbor/issues?q=is%3Aopen+is%3Aissue+milestone%3Av1.3.0).) So words of appreciation or encouragement is nice way to contribute to open source projects.
-
-Another way is by using this library in your project. It can lead to features that benefit both projects, which is what happened when oasislabs/oasis-core switched to this CBOR libary -- thanks Yawning Angel (yawning) for requesting BinaryMarshaler/BinaryUnmarshaler and Jernej Kos (kostco) for requesting RawMessage!
+- Give this library a star on GitHub.  It doesn't cost anything and it lets maintainers know you appreciate their work.
+- Use this library in your project.  By using this library, you're more likely to open an issue with feature request, etc.
+- Report security vulnerabilities privately by email after reading this contributing guide and [Security Policy](https://github.com/fxamacker/cbor#security-policy).
+- Open an issue with a feature request.  It can help prioritize issues if you provide a link to your project and mention if a missing feature prevents your project from using this library.
+- Open an issue with a bug report.  It's helpful if the bug report includes a link to a reproducer at [Go Playground](https://go.dev/play/).
+- Open a PR that would close a specific issue.  Ask if it's a good time to open a PR in the issue because a solution might already be in progress.  Please also read about the signing requirements before spending time on a PR.
 
 If you'd like to contribute code or send CBOR data, please read on (it can save you time!)
 
 ## Private reports
+
 Usually, all issues are tracked publicly on [GitHub](https://github.com/fxamacker/cbor/issues). 
 
 To report security vulnerabilities, please email [email protected] and allow time for the problem to be resolved before disclosing it to the public.  For more info, see [Security Policy](https://github.com/fxamacker/cbor#security-policy).
 
 Please do not send data that might contain personally identifiable information, even if you think you have permission.  That type of support requires payment and a contract where I'm indemnified, held harmless, and defended for any data you send to me.
 
-## Prerequisites to pull requests
+## Pull requests
+
+Pull requests have signing requirements and must not be anonymous.  Exceptions can be made for docs and CI scripts.
+
+See our [Pull Request Template](https://github.com/fxamacker/cbor/blob/master/.github/pull_request_template.md) for details.
+
 Please [create an issue](https://github.com/fxamacker/cbor/issues/new/choose), if one doesn't already exist, and describe your concern. You'll need a [GitHub account](https://github.com/signup/free) to do this.
 
 If you submit a pull request without creating an issue and getting a response, you risk having your work unused because the bugfix or feature was already done by others and being reviewed before reaching Github.
 
 ## Describe your issue
+
 Clearly describe the issue:
 * If it's a bug, please provide: **version of this library** and **Go** (`go version`), **unmodified error message**, and describe **how to reproduce it**.  Also state **what you expected to happen** instead of the error.
 * If you propose a change or addition, try to give an example how the improved code could look like or how to use it.
 * If you found a compilation error, please confirm you're using a supported version of Go. If you are, then provide the output of `go version` first, followed by the complete error message.
 
 ## Please don't
+
 Please don't send data containing personally identifiable information, even if you think you have permission.  That type of support requires payment and a contract where I'm indemnified, held harmless, and defended for any data you send to me.
 
 Please don't send CBOR data larger than 512 bytes. If you want to send crash-producing CBOR data > 512 bytes, please get my permission before sending it to me.
 
 ## Wanted
+
 * Opening issues that are helpful to the project
 * Using this library in your project and letting me know
 * Sending well-formed CBOR data (<= 512 bytes) that causes crashes (none found yet).
 * Sending malformed CBOR data (<= 512 bytes) that causes crashes (none found yet, but bad actors are better than me at breaking things).
-* Sending tests or data for unit tests that increase code coverage (currently at 97.8% for v1.2.)
+* Sending tests or data for unit tests that increase code coverage (currently around 98%)
 * Pull requests with small changes that are well-documented and easily understandable.
-* Sponsors, donations, bounties, subscriptions: I'd like to run uninterrupted fuzzing between releases on a server with dedicated CPUs (after v1.3 or v1.4.)
+* Sponsors, donations, bounties, or subscriptions.
 
 ## Credits
-This guide used nlohmann/json contribution guidelines for inspiration as suggested in issue #22.
 
+- This guide used nlohmann/json contribution guidelines for inspiration as suggested in issue #22.
+- Special thanks to @lukseven for pointing out the contribution guidelines didn't mention signing requirements.