From 3e7a36bd484fbc13c5f4819ac9e43a82e5613162 Mon Sep 17 00:00:00 2001
From: Jess Sullivan <jess@sulliwood.org>
Date: Fri, 3 Apr 2026 08:11:14 -0400
Subject: [PATCH] fix(security): update zig-ctap2 with hidraw hardening

Points to Jesssullivan/zig-ctap2#25:
- Scan /sys/class/hidraw/ instead of hardcoded 0-15 range
- FFI buffer bounds checks before all memcpy to caller buffers
- Credential ID size bound (1024 bytes max)
- HID descriptor parser bounds hardening
- New CTAP2_ERR_NOT_ACCESSIBLE error for permission issues
---
 vendor/ctap2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/vendor/ctap2 b/vendor/ctap2
index 388750fbb3..5f5319dc2f 160000
--- a/vendor/ctap2
+++ b/vendor/ctap2
@@ -1 +1 @@
-Subproject commit 388750fbb35227da409b48ed405093e8df0a60ce
+Subproject commit 5f5319dc2f3b58303456fb69d224d1bd7433ff2f