chore(deps): bump github.com/go-webauthn/webauthn from 0.10.2 to 0.16.2 in /backend

[dependabot]

Bumps github.com/go-webauthn/webauthn from 0.10.2 to 0.16.2.

Release notes

Sourced from github.com/go-webauthn/webauthn's releases.

v0.16.2

v0.16.2 (2026-04-02)

Bug Fixes

• top origins always fails (#626) (514306b)
• webauthn: credential flags not fully updated (#629) (a4b68c8)
• webauthn: nil panic on discovery (#631) (3545ead)

Features

• webauthn: messagepack encoding (#621) (bf8fe28)

v0.16.1

v0.16.1 (2026-03-12)

Bug Fixes

• webauthncose: validate keys earlier (#615) (18ca901)

v0.16.0

0.16.0 (2026-03-01)

Bug Fixes

• webauthn: empty top origins not allowed (#562) (fe3b74c), closes #537
• webauthn: session expiration not enforced (#561) (f5adbbf), closes #552

Features

• protocol: compound attestation statements (#571) (cc4e649)
• protocol: enhance rpid validation (#564) (7610304), closes #553
• protocol: signals structs (#574) (f75a34a)
• webauthncose: allow ber integers in ecdsa sigs (#593) (68db4d4), closes #408
• webauthn: return explicit error on unknown credential (#560) (1defb4a), closes #550

v0.15.0

v0.15.0 (2025-11-09)

BREAKING CHANGES

This release has a very small chance to have a breaking change that was not detected in the automatic or manual tests due to the module replacement of github.com/mitchellh/mapstructure with github.com/go-viper/mapstructure/v2. This is exclusively used by the metadata implementation and the Android SafetyNet Attestation implementation.

It's unlikely anyone will encounter any issues but if they do please report them via normal means and the issue can either be fixed or an addendum to the release notes can be made; whichever is most appropriate.

... (truncated)

Commits

• 6047bfd build(deps): update module github.com/fxamacker/cbor/v2 to v2.9.1 (#633)
• 67608cc build(deps): update actions/setup-go action to v6.4.0 (#632)
• 3545ead fix(webauthn): nil panic on discovery (#631)
• d4a54d4 docs: add more docs (#627)
• a4b68c8 fix(webauthn): credential flags not fully updated (#629)
• 514306b fix: top origins always fails (#626)
• 734e462 build(deps): update github/codeql-action action to v4.35.1 (#623)
• 463ec85 build(deps): update codecov/codecov-action action to v6 (#625)
• 0878dd6 build(deps): update codecov/codecov-action action to v5.5.3 (#622)
• bf8fe28 feat(webauthn): messagepack encoding (#621)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #2583.