deps: bump cborg from 4.5.8 to 5.0.0

[dependabot]

Bumps cborg from 4.5.8 to 5.0.0.

Release notes

Sourced from cborg's releases.

v5.0.0

5.0.0 (2026-03-31)

⚠ BREAKING CHANGES

• extended: Tag decoder signature changed from receiving the decoded value to receiving a decode control object. See migration guide below.

Add new cborg/extended entry point providing encode/decode with built-in support for Date, RegExp, Set, Map, BigInt, Error, and all TypedArrays using standard CBOR tags. Type support is similar to the browser's structured clone algorithm.

Key features:

• Date (Tag 1), RegExp (Tag 21066), Set (Tag 258), Map (Tag 259)
• BigInt always tagged (Tags 2/3) for round-trip fidelity
• All TypedArrays via RFC 8746 tags (64-87)
• Error types via Tag 27 (Error, TypeError, RangeError, etc.)
• Negative zero (-0) round-trips correctly
• Objects round-trip as objects, Maps round-trip as Maps
• Map and object key insertion order preserved (not sorted)
• Mixed structures like { myMap: new Map([[1, 'a']]) } work correctly

The Map/object fidelity is achieved through a new tag decoder API that gives decoders control over how their content is decoded. Tag 259 (Map) uses decode.entries() to preserve key types regardless of the useMaps setting, while plain CBOR maps decode as objects.

Extends cborg/taglib with encoders and decoders for all supported types (previously only BigInt). Moves taglib.js to lib/taglib.js for consistency (external API unchanged via package.json exports).

Also fixes a bug in lib/7float.js where -0 lost its sign bit during half-precision float encoding (bitwise ops on floats convert to int32).

Features

• extended: add cborg/extended module with full JavaScript type fidelity (#168) (652730e)

Trivial Changes

• deps-dev: bump typescript from 5.9.3 to 6.0.2 (5382bfa)
• deps: bump actions/setup-node from 6.2.0 to 6.3.0 (#171) (a2525b9)
• update deps and upgrade to typescript 6 (463bdfd)

Changelog

Sourced from cborg's changelog.

5.0.0 (2026-03-31)

⚠ BREAKING CHANGES

• extended: Tag decoder signature changed from receiving the decoded value to receiving a decode control object. See migration guide below.

Add new cborg/extended entry point providing encode/decode with built-in support for Date, RegExp, Set, Map, BigInt, Error, and all TypedArrays using standard CBOR tags. Type support is similar to the browser's structured clone algorithm.

Key features:

• Date (Tag 1), RegExp (Tag 21066), Set (Tag 258), Map (Tag 259)
• BigInt always tagged (Tags 2/3) for round-trip fidelity
• All TypedArrays via RFC 8746 tags (64-87)
• Error types via Tag 27 (Error, TypeError, RangeError, etc.)
• Negative zero (-0) round-trips correctly
• Objects round-trip as objects, Maps round-trip as Maps
• Map and object key insertion order preserved (not sorted)
• Mixed structures like { myMap: new Map([[1, 'a']]) } work correctly

The Map/object fidelity is achieved through a new tag decoder API that gives decoders control over how their content is decoded. Tag 259 (Map) uses decode.entries() to preserve key types regardless of the useMaps setting, while plain CBOR maps decode as objects.

Extends cborg/taglib with encoders and decoders for all supported types (previously only BigInt). Moves taglib.js to lib/taglib.js for consistency (external API unchanged via package.json exports).

Also fixes a bug in lib/7float.js where -0 lost its sign bit during half-precision float encoding (bitwise ops on floats convert to int32).

Features

• extended: add cborg/extended module with full JavaScript type fidelity (#168) (652730e)

Trivial Changes

• deps-dev: bump typescript from 5.9.3 to 6.0.2 (5382bfa)
• deps: bump actions/setup-node from 6.2.0 to 6.3.0 (#171) (a2525b9)
• update deps and upgrade to typescript 6 (463bdfd)

Commits

• 32b3afd chore(release): 5.0.0 [skip ci]
• 463bdfd chore: update deps and upgrade to typescript 6
• 5382bfa chore(deps-dev): bump typescript from 5.9.3 to 6.0.2
• 652730e feat(extended)!: add cborg/extended module with full JavaScript type fidelity...
• a2525b9 chore(deps): bump actions/setup-node from 6.2.0 to 6.3.0 (#171)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)