Bump github.com/privacybydesign/irmago from 0.18.1 to 0.19.2

[dependabot]

Bumps github.com/privacybydesign/irmago from 0.18.1 to 0.19.2.

Release notes

Sourced from github.com/privacybydesign/irmago's releases.

v0.19.2

Changed

• Add wildcard support for authorized credentials and attributes in relying party and attestation provider certificates

Fix

• Bug that caused HTTP request body to not be sent upon retransmission

v0.19.1

Fix

• Bug in irmaclient that caused attributes to be stored in the wrong order in credential removal logs

v0.19.0

Changed

• Remove legacy storage from irmaclient
• Add support for issuing SD-JWT VC together with Idemix over the IRMA protocol to irmaclient and irmaserver
  • Irma servers can opt-in to SD-JWT VC issuance by configuring issuer certificates and private keys for SD-JWT VC
  • SD-JWT VCs are issued in batches of which the size is specified in the issuance request
  • SD-JWT VCs contain key binding public keys for which the private key is stored securely on the client
    • These holder/key binding public keys are provided to the issuer's irma server by the client during the commitments POST request
  • SD-JWT VC issuers are verified via certificates on the new Yivi trust lists, permissions are checked on the client via a custom json field in the certificates
  • Old Client was renamed to IrmaClient and was wrapped in new Client struct together with new OpenID4VPClient
• Add support for disclosing SD-JWT VC credentials over the OpenID4VP 1.0 protocol to irmaclient
  • Supports both direct_post and direct_post.jwt response modes
  • Supports DCQL queries for credentials that can be found in the schemes, specified by vct_values
  • Supports x509_san_dns client identifier prefix
  • Verifiers are trusted via x509 certificates on the new Yivi trust lists, attribute permissions are checked on the client via a custom json field in these certificates

Fix

• Solve issue that made log logo paths invalid on iOS after each update/recompilation

Security

• Fix for CVE GHSA-pv8v-c99h-c5q4 (Next session functionality can be used to do sessions on irma server without proper permissions)

Changelog

Sourced from github.com/privacybydesign/irmago's changelog.

[0.19.2] - 2026-02-26

Fix

• Bug that caused HTTP request body to not be sent upon retransmission

Changed

• Add wildcard support for authorized credentials and attributes in relying party and attestation provider certificates

[0.19.1] - 2025-10-13

Fix

• Bug in irmaclient that caused attributes to be stored in the wrong order in credential removal logs

[0.19.0] - 2025-09-30

Changed

• Remove legacy storage from irmaclient
• Add support for issuing SD-JWT VC together with Idemix over the IRMA protocol to irmaclient and irmaserver
  • Irma servers can opt-in to SD-JWT VC issuance by configuring issuer certificates and private keys for SD-JWT VC
  • SD-JWT VCs are issued in batches of which the size is specified in the issuance request
  • SD-JWT VCs contain key binding public keys for which the private key is stored securely on the client
    • These holder/key binding public keys are provided to the issuer's irma server by the client during the commitments POST request
  • SD-JWT VC issuers are verified via certificates on the new Yivi trust lists, permissions are checked on the client via a custom json field in the certificates
  • Old Client was renamed to IrmaClient and was wrapped in new Client struct together with new OpenID4VPClient
• Add support for disclosing SD-JWT VC credentials over the OpenID4VP 1.0 protocol to irmaclient
  • Supports both direct_post and direct_post.jwt response modes
  • Supports DCQL queries for credentials that can be found in the schemes, specified by vct_values
  • Supports x509_san_dns client identifier prefix
  • Verifiers are trusted via x509 certificates on the new Yivi trust lists, attribute permissions are checked on the client via a custom json field in these certificates

Fix

• Solve issue that made log logo paths invalid on iOS after each update/recompilation

Security

• Fix for CVE GHSA-pv8v-c99h-c5q4 (Next session functionality can be used to do sessions on irma server without proper permissions)

Commits

• b5eddd2 Merge pull request #521 from privacybydesign/release-0.19.2
• 9462836 add to changelog
• b5042f8 prepare release of 0.19.2
• b093c60 Merge pull request #520 from awesterb/master
• c6b830d go fmt
• 7af7f55 fixes transport.go omitting bodies in retries
• ef27924 adds test showing bug in transport.go: body is omitted from retries
• cc64c38 Add wildcard support for authorized credentials for RP + AP (#517)
• 2265f47 Extend SD-JWT validation (#508)
• b8557d8 Merge pull request #504 from privacybydesign/fix-credential-removal-logs
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)