Skip to content

build(deps): bump github.com/go-webauthn/webauthn from 0.16.4 to 0.17.3 in /core#9

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/core/github.com/go-webauthn/webauthn-0.17.3
Open

build(deps): bump github.com/go-webauthn/webauthn from 0.16.4 to 0.17.3 in /core#9
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/core/github.com/go-webauthn/webauthn-0.17.3

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 22, 2026

Copy link
Copy Markdown

Bumps github.com/go-webauthn/webauthn from 0.16.4 to 0.17.3.

Release notes

Sourced from github.com/go-webauthn/webauthn's releases.

v0.17.3

v0.17.3 (2026-05-09)

Dependency Updates

This release just contains updates to dependencies.

v0.17.2

v0.17.2 (2026-05-03)

Bug Fixes

  • webauthn: include verify attestation func for credential (#679) (1f354c8)

v0.17.1

0.17.1 (2026-05-03)

Bug Fixes

v0.17.0

0.17.0 (2026-04-21)

Bug Fixes

  • protocol: short-circuit apple attestation extension lookup (#664) (5296bc7)

Features

  • webauthn: add authenticator registration filtering (#668) (0be632e)
  • webauthn: credential message pack (#660) (c7d933c)

BREAKING CHANGES

  • A bug with the Credential Record which was introduced early in the libraries lifecycle has resulted in a breaking change to the Credential struct. If you are manually serializing this struct instead of using encoding/json you will be required to make manual changes; though Integrators

... (truncated)

Changelog

Sourced from github.com/go-webauthn/webauthn's changelog.

v0.17.3 (2026-05-09)

Dependency Updates

This release just contains updates to dependencies.

v0.17.2 (2026-05-03)

Bug Fixes

  • webauthn: include verify attestation func for credential (#679) (1f354c8)

0.17.1 (2026-05-03)

Bug Fixes

0.17.0 (2026-04-21)

Bug Fixes

  • protocol: short-circuit apple attestation extension lookup (#664) (5296bc7)

Features

  • webauthn: add authenticator registration filtering (#668) (0be632e)
  • webauthn: credential message pack (#660) (c7d933c)

BREAKING CHANGES

  • A bug with the Credential Record which was introduced early in the libraries lifecycle has resulted in a breaking change to the Credential struct. If you are manually serializing this struct instead of using encoding/json you will be required to make manual changes; though Integrators should consider these notes regardless.

    • protocol.CredentialTypeFIDOU2F has been removed; replace uses with protocol.AttestationFormatFIDOUniversalSecondFactor

... (truncated)

Commits
  • ff07f7c release: v0.17.3 (#687)
  • 85b47be build(deps): update module github.com/go-webauthn/x to v0.2.5 (#685)
  • be289c2 build(deps): update actions/dependency-review-action action to v5 (#684)
  • c8c55a7 build(deps): update go toolchain directive to v1.26.3 (#683)
  • 52dd499 build(deps): update github/codeql-action action to v4.35.4 (#682)
  • ddd7829 build(deps): update module github.com/fxamacker/cbor/v2 to v2.9.2 (#681)
  • 1cdfb45 release: v0.17.2 (#680)
  • 1f354c8 fix(webauthn): include verify attestation func for credential (#679)
  • de0a809 docs: fix changelog (#678)
  • ec12181 release: v0.17.1 (#677)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
build(deps): bump github.com/go-webauthn/webauthn in /core
4ee0a55 
Bumps [github.com/go-webauthn/webauthn](https://github.com/go-webauthn/webauthn) from 0.16.4 to 0.17.3.
- [Release notes](https://github.com/go-webauthn/webauthn/releases)
- [Changelog](https://github.com/go-webauthn/webauthn/blob/master/CHANGELOG.md)
- [Commits](go-webauthn/webauthn@v0.16.4...v0.17.3)

---
updated-dependencies:
- dependency-name: github.com/go-webauthn/webauthn
  dependency-version: 0.17.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels May 22, 2026
@lwnmengjing

lwnmengjing commented Jun 6, 2026

Copy link
Copy Markdown
Member

Thanks Dependabot. This PR is currently blocked by the repository-level Typos CI baseline rather than by the dependency change itself. I opened #11 to track restoring the PR gate. Once that baseline is green, this update can be re-evaluated with the appropriate frontend or Go checks.

@lwnmengjing lwnmengjing added the blocked Blocked by another issue or failing prerequisite label Jun 6, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

blocked Blocked by another issue or failing prerequisite dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@lwnmengjing