chore(deps): bump github.com/go-webauthn/webauthn from 0.10.2 to 0.16.3 in /backend

[dependabot]

Bumps github.com/go-webauthn/webauthn from 0.10.2 to 0.16.3.

Release notes

Sourced from github.com/go-webauthn/webauthn's releases.

v0.16.3

v0.16.3 (2026-04-05)

Bug Fixes

• webauthncose: replace elliptic (#635) (3b8a663)

Features

• metadata: update metadata authenticator statuses (#641) (95d28bc)
• webauthncose: add dilithium cose types (#636) (4106b24)

v0.16.2

v0.16.2 (2026-04-02)

Bug Fixes

• top origins always fails (#626) (514306b)
• webauthn: credential flags not fully updated (#629) (a4b68c8)
• webauthn: nil panic on discovery (#631) (3545ead)

Features

• webauthn: messagepack encoding (#621) (bf8fe28)

v0.16.1

v0.16.1 (2026-03-12)

Bug Fixes

• webauthncose: validate keys earlier (#615) (18ca901)

v0.16.0

0.16.0 (2026-03-01)

Bug Fixes

• webauthn: empty top origins not allowed (#562) (fe3b74c), closes #537
• webauthn: session expiration not enforced (#561) (f5adbbf), closes #552

Features

• protocol: compound attestation statements (#571) (cc4e649)

... (truncated)

Changelog

Sourced from github.com/go-webauthn/webauthn's changelog.

0.16.3 (2026-04-05)

Bug Fixes

• webauthncose: replace elliptic (#635) (3b8a663)

Features

• metadata: update metadata authenticator statuses (#641) (95d28bc)
• webauthncose: add dilithium cose types (#636) (4106b24)

0.16.2 (2026-03-30)

Bug Fixes

• top origins always fails (#626) (514306b)
• webauthn: credential flags not fully updated (#629) (a4b68c8)
• webauthn: nil panic on discovery (#631) (3545ead)

Features

• webauthn: messagepack encoding (#621) (bf8fe28)

0.16.1 (2026-03-12)

Bug Fixes

• webauthncose: validate keys earlier (#615) (18ca901)

0.16.0 (2026-03-01)

Bug Fixes

• webauthn: empty top origins not allowed (#562) (fe3b74c), closes #537
• webauthn: session expiration not enforced (#561) (f5adbbf), closes #552

Features

• protocol: compound attestation statements (#571) (cc4e649)
• protocol: enhance rpid validation (#564) (7610304), closes #553
• protocol: signals structs (#574) (f75a34a)
• webauthncose: allow ber integers in ecdsa sigs (#593) (68db4d4), closes #408
• webauthn: return explicit error on unknown credential (#560) (1defb4a), closes #550

... (truncated)

Commits

• 9dbfee2 docs(webauthn): enhance credential docs (#644)
• 504410e docs(protocol): enhance parse docs (#643)
• 2118701 docs: fix examples (#642)
• 95d28bc feat(metadata): update metadata authenticator statuses (#641)
• 8fc3296 test: add and refactor tests (#640)
• f8c6e08 ci: perform race testing on all commits (#638)
• 4106b24 feat(webauthncose): add dilithium cose types (#636)
• 3b8a663 fix(webauthncose): replace elliptic (#635)
• fadbb25 build(deps): update step-security/harden-runner action to v2.16.1 (#634)
• 6047bfd build(deps): update module github.com/fxamacker/cbor/v2 to v2.9.1 (#633)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)