chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update
aws-cdk (source)	2.149.0 -> 2.160.0					devDependencies	minor
eclipse-temurin	21.0.3_9-jdk-jammy -> 21.0.4_7-jdk-jammy					image	patch
gradle (source)	8.9 -> 8.10.2						minor
localstack/localstack	3.5.0 -> 3.7.2						minor
postgres	16.3 -> 16.4						minor
quay.io/keycloak/keycloak	25.0.2 -> 25.0.6						patch
org.openrewrite:plugin	6.16.4 -> 6.24.0					dependencies	minor
org.cyclonedx:cyclonedx-gradle-plugin	1.8.2 -> 1.10.0					dependencies	minor
org.springframework.boot:spring-boot-gradle-plugin (source)	3.3.1 -> 3.3.4					dependencies	patch
org.openrewrite.recipe:rewrite-recipe-bom	2.15.0 -> 2.20.0					dependencies	minor
com.palantir.javaformat:palantir-java-format	2.47.0 -> 2.50.0					dependencies	minor
software.amazon.awscdk:aws-cdk-lib	2.149.0 -> 2.160.0					dependencies	minor
io.awspring.cloud:spring-cloud-aws-dependencies (source)	3.1.1 -> 3.2.0					dependencies	minor
org.awaitility:awaitility (source)	4.2.1 -> 4.2.2					dependencies	patch
org.testcontainers:testcontainers-bom (source)	1.20.0 -> 1.20.2					dependencies	patch

---

Release Notes

aws/aws-cdk (aws-cdk)

v2.160.0

Compare Source

Features

• allow all sts options for roles assumed by the cli (#​31089) (5e95ba2), closes #​26157 #​22535
• update L1 CloudFormation resource definitions (#​31534) (cd17fed)
• core: configure Stack SNS notification ARNs on the Stack construct (#​31107) (1593500), closes #​8581
• stepfunctions: add support for EncryptionConfiguration (#​30959) (b49032b)

---

Alpha modules (2.160.0-alpha.0)

Features

• kinesisanalytics-flink: support Apache Flink 1.20 (#​31349) (b3b9aa8)

Bug Fixes

• cognito-identitypool-alpha: cannot configure roleMappings with imported userPool and client (#​30421) (0fdd6a9), closes #​30304 /github.com/aws/aws-cdk/blob/c3003ab41f0efc763f39eb2cab490c8a005e146b/packages/aws-cdk-lib/aws-cognito/lib/user-pool.ts#L902
• ec2: instance resourceSignalTimeout overwrites initOptions.timeout (#​31446) (a29bf19), closes #​30052

v2.159.1

Compare Source

Reverts

• fix(ec2): fixing vpc endpoint pattern for ecr and ecr docker (#​31496) (f7e8452)

---

Alpha modules (2.159.1-alpha.0)

v2.159.0

Compare Source

Features

• update L1 CloudFormation resource definitions (#​31484) (60ce351), closes /docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html#cfn-ec2 /docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html#cfn-ec2 /docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html#cfn-ec2 /docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html#cfn-ec2
• opensearch: support OpenSearch version 2.15 (#​31398) (33eea3f)
• update L1 CloudFormation resource definitions (#​31460) (e220e90)
• apigatewayv2: support for setting routeSelectionExpression for an HTTP API (#​31373) (36baf51), closes #​31104
• elasticloadbalancingv2: alb dualstack without public ipv4 (#​30248) (4068af3), closes #​30256
• events-target: support Dead Letter Queue for Kinesis Stream Event Target (#​31435) (358f231), closes #​31428 #​13600
• stepfunctions-tasks: support idle timeout for EmrCreateCluster (#​31142) (432ffaf), closes #​29926
• vpcv2: implementation of add gateway method (#​31224) (4b90bfc)

Bug Fixes

• cli: bootstrap respects qualifier from cdk.json (#​31410) (44134ad), closes #​28249
• cli: hotswapping appsync functions fails when API does not return function on the first page (#​31406) (0da4f43), closes /github.com/aws/aws-cdk/blob/1e203753519e10e19ef0db87e1382377b609bcaa/packages/aws-cdk/lib/api/evaluate-cloudformation-template.ts#L23-L36
• cli: release outdir lock when synth fails (#​30874) (b6ad97f), closes #​27864
• cognito: deprecate privateKey and add privateKeyValue as typed SecureValue (#​31409) (7ee183d), closes /github.com/aws/aws-cdk/blob/1e203753519e10e19ef0db87e1382377b609bcaa/packages/aws-cdk-lib/aws-cognito/lib/user-pool-idps/google.ts#L28
• ecs: reduce ecs service task role cloudwatch permissions when no log configured (under feature flag) (#​31475) (de7ab7c)
• eks: fargateCluster compatibility with AuthenticationMode.API (#​31267) (4d12833)
• eks: update private ecr repo url regex (#​31394) (386fca3)
• lambda: invalid Version object created from Version.fromVersionArn (#​31433) (1726abd)
• ssm: update ssm-context to prevent raising an error on missing parameter (#​31415) (ff02cca), closes #​7051 #​22064 #​7259
• pipelines ties cli version with cdk-assets version (#​31261) (4392ab4), closes #​31253

---

Alpha modules (2.159.0-alpha.0)

⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

• kinesisfirehose-alpha: encryptionKey property is removed and encryption property type has changed from the StreamEncryption enum to the StreamEncryption class.

To pass in a KMS key for the customer managed key case, use StreamEncryption.customerManagedKey(key)

Details

Replaced encryption and encryptionKey properties with a single property encryption of type StreamEncryption and is used by calling one of the 3 methods:

SreamEncryption.unencrypted()
StreamEncryption.awsOwnedKey()
StreamEncryption.customerManagedKey(key?: IKey)

This makes it so it's not longer possible to pass in a key when the encryption type is AWS owned or unencrypted. The key is an optional parameter in StreamEncryption.customerManagedKey(key?: IKey) so following the previous behaviour, if a key is provided it will be used, otherwise a key will be created for the user.

Description of how you validated changes

Generated templates do not change so behaviour remains the same.

Updated integ/unit tests.

Checklist

• My code adheres to the CONTRIBUTING GUIDE and DESIGN GUIDELINES

Features

• ivs: support RTMP ingest for IVS channel (#​31380) (a907a7e)

Bug Fixes

• ec2: fixing vpc endpoint pattern for ecr and ecr docker (#​31434) (95c49ab)

Miscellaneous Chores

• kinesisfirehose-alpha: refactor encryption property to combine encryptionKey (#​31430) (8e92185)

v2.158.0

Compare Source

Bug Fixes

• cloudformation-include: can't use CFN intrinsics in Tags (#​30515) (af9e6ba), closes #​27594

---

Alpha modules (2.158.0-alpha.0)

Features

• amplify: support cache configuration for app (#​31381) (b7bd041)
• iot: configure IoT Logging (#​31352) (6348717), closes #​31357

v2.157.0

Compare Source

Features

• update L1 CloudFormation resource definitions (#​31361) (bc4dbfd)
• appsync: support DEBUG and INFO logging levels for AppSync GraphQL APIs (#​31326) (4b9643f)
• lambda: added new property allowAllIpv6Outbound to FunctionOptions (#​31013) (fa55194), closes #​30994

Bug Fixes

• rds: proxy target group does not depend on database instances when using writer property for database cluster (#​31354) (6542207), closes #​31304 /github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/aws-rds/lib/proxy.ts#L535-L539

---

Alpha modules (2.157.0-alpha.0)

v2.156.0

Compare Source

Features

• bedrock: add Stable Image Ultra, Stable Diffusion 3 Large, and Stable Image Core model identifiers (#​31327) (586cb04)
• cloudfront: s3 origin access control L2 construct (#​31254) (30675f0), closes #​21771
• codebuild: support three arm-based compute types, Medium, X-Large and 2X-Large (#​31214) (39492e9), closes #​30869
• docdb: i/o optimized storage type (#​30163) (7ed221c), closes #​30165
• ecs-patterns: dualstack ALB (#​30089) (98ea3db), closes #​29039
• eks: support alb controller versions 2.7.0-2.8.2 (#​31264) (a3863a6)
• events-targets: support for RedshiftDataParameters (#​29462) (84c6442), closes #​15712 #​31017
• synthetics: syn-nodejs-puppeteer-9.0 as supported runtime (#​31272) (c1d7782), closes #​31271

Bug Fixes

• custom-resources: remove presigned url from cloudwatch logs (#​31322) (b5e4496)
• eks: albController incompatibility with AuthenticationMode.API mode (#​31258) (427cd61)
• prlint: a review label doesn't appear when a PR is approved if there are too many comments (#​31290) (1c63070), closes #​31294 /github.com/aws/aws-cdk/pull/30920#issuecomment-2324932936 aws-cdk/prlint/lint.ts#L377 40aws-cdk/prlint/lint.ts#L376
• stepfunctions-tasks: add back BedrockInvokeModel to use JsonPath (#​31325) (5b059b9), closes aws/aws-cdk#31308
• stepfunctions-tasks: fix bedrock input/output path in step-funct… (#​31305) (a190935), closes #​31302 PR#30298 #​29229
• stepfunctions-tasks: sageMakerCreateTrainingJob does not correctly support empty inputDataConfig (#​31210) (6d43146), closes #​31132

---

Alpha modules (2.156.0-alpha.0)

Features

• location: support RouteCalculator (#​30682) (574d383), closes #​30681
• neptune-alpha: specify port for the cluster (#​31137) (130b62b), closes #​31074
• scheduler: validate schedule name length (#​31200) (d0f9688)

Bug Fixes

• scheduler: the value of the description property is not reflected to the resource. (#​31276) (a3332b6), closes #​31269

v2.155.0

Compare Source

Features

• codebuild: macOS codebuild support (#​31203) (823ff6e), closes #​31170
• eks: preserveOnDelete for EKS addon (#​30776) (23fba1c)
• kms: add multiRegion property to a Key (#​31125) (3dc4c50)
• stepfunctions-tasks: add cpu and memory parameters to EcsRunTask (#​30140) (986e378), closes #​30027
• synthetics: add syn-python-selenium-4.0 runtime (#​31101) (cc75ded), closes #​30137 /docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch_Synthetics_Library_python_selenium.html#CloudWatch_Synthetics_runtimeversion-syn-python-selenium-4
• update L1 CloudFormation resource definitions (#​31193) (e942b67)
• update L1 CloudFormation resource definitions (#​31194) (5468983)
• update L1 CloudFormation resource definitions (#​31221) (b754353)

Bug Fixes

• cloudfront: requirement of domainNames prevents moving a domain name between distributions (#​31001) (acdf7d3), closes #​29960 #​29329
• eks: can't update authMode with the same mode (#​31043) (64df08b)
• lambda-event-source: allow dynamodb filtering on boolean value (#​31011) (9946ab0), closes #​30734
• s3: bucket notifications in owning stack deletes bucket notifications from other stacks (#​31091) (0b09e52)

---

Alpha modules (2.155.0-alpha.0)

Features

• ec2: ipv6AddressCount property for an instance (#​31076) (e3e5e1c), closes #​31075
• ec2: support throughput on LaunchTemplate EBS volumes (#​30716) (6ed0bed), closes #​24341 #​22441
• location: support GeofenceCollection (#​30711) (04d73ac), closes #​30710

v2.154.1

Compare Source

Features

• update L1 CloudFormation resource definitions (#​31193) (aa97525)
• update L1 CloudFormation resource definitions (#​31194) (2191264)

Bug Fixes

• cloudfront: requirement of domainNames prevents moving a domain name between distributions (#​31001) (1255ce3), closes #​29960 #​29329

---

Alpha modules (2.154.1-alpha.0)

v2.154.0

Compare Source

v2.153.0

Compare Source

Features

• lambda: support Recursive Loop Protection property (572fe0a)

---

Alpha modules (2.153.0-alpha.0)

v2.152.0

Compare Source

Features

• lambda: support filter criteria encryption (6aa72a2)

---

Alpha modules (2.152.0-alpha.0)

v2.151.1

Compare Source

Reverts

• feat(ecs): add validation checks to memory cpu combinations of FARGATE compatible task definitions (#​31110) (8fdf015)

---

Alpha modules (2.151.1-alpha.0)

v2.151.0

Compare Source

Features

• apigatewayv2: add description property for stage (#​30820) (8651bbe)
• ec2: add versionDescription property for LaunchTemplate (#​30837) (597228c)
• ecs: add validation checks to memory cpu combinations of FARGATE compatible task definitions (#​30166) (8b4685e), closes #​22216
• elasticloadbalancingv2: support Weighted Random algorithm and Automatic Target Weights for alb (#​30542) (d0a609d), closes #​29969
• events: add description property for eventBus (#​30935) (28fbc82)
• events: support customer managed key for event bus (#​30493) (8c44aa7)
• synthetics: add activeTracing, memory and timeout property to Canary class (#​30556) (9295a85), closes #​9300 #​14086 #​28152 #​9300
• update L1 CloudFormation resource definitions (#​30973) (63c45e4)
• sns: add validation of displayName for topic (#​30770) (da2ec75)
• stepfunctions-tasks: allow BedrockInvokeModel to use JsonPath (#​30298) (f5dd73b), closes #​29229

Bug Fixes

• appconfig: sourcedConfiguration doesn't use retrievalRole (#​30733) (9d79c51), closes #​30609
• ec2: export NatGatewayProvider for consistency with NatInstanceProvider (#​28810) (fbc28bc), closes #​28372
• ecs: fromServiceArnWithCluster not accepting value from SSM Parameter string (#​30902) (0baa573), closes #​30798
• stepfunctions: allow disable x-ray (#​30808) (d56d05c), closes #​30796
• stepfunctions-tasks: fix the generated IAM policy for EFS operations (#​30896) (31808b4), closes #​30862
• stepfunctions-tasks: run task perm no longer valid (#​30788) (82b163d), closes #​30751

---

Alpha modules (2.151.0-alpha.0)

Features

• kinesisanalytics-flink: add support for Flink 1.19 (#​30723) (c185194), closes /docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kinesisanalyticsv2-application.html#aws-resource-kinesisanalyticsv2

v2.150.0

Compare Source

Features

• update L1 CloudFormation resource definitions (#​30921) (153a698)
• ec2: add g6 instance (#​30693) (90a41d5), closes #​30683
• lambda: add SnapStart support for arm64 functions (#​30898) (b4377a5), closes #​30899
• logs: enabling IA log group creation in CN and GovCloud regions (#​30904) (230b56b)
• update L1 CloudFormation resource definitions (#​30860) (ce7a8d5)

Bug Fixes

• custom-resources: provider framework will always log all data including confidential data (#​30689) (9bd92da), closes #​30275
• stepfunctions-tasks: allow camelCase for parameters of CallAwsServiceCrossRegion (#​30795) (5d6ace8), closes #​30799

---

Alpha modules (2.150.0-alpha.0)

gradle/gradle (gradle)

v8.10.2

Compare Source

v8.10.1

Compare Source

v8.10

Compare Source

spring-projects/spring-boot (org.springframework.boot:spring-boot-gradle-plugin)

v3.3.4

🐞 Bug Fixes

• management.health.db.ignore-routing-datasources=true has no effect when an AbstractRoutingDataSource has been wrapped #​42322
• Missing details in OAuth2ClientProperties validation error message #​42279
• FileNotFoundException from unused mis-configured SSL bundles #​42169
• ZipkinHttpClientSender fails with "Failed to introspect Class" when spring-web is not on the classpath #​42161
• @RestartScope can cause 'Recursive update' exceptions when used with container beans #​42107
• JarLauncher fails to load large jar files #​42079
• PropertiesMigrationListener wrongly reports property as deprecated when has group #​42071
• Using an empty string MongoDB 'replica-set-name' property will result in ClusterType=REPLICA_SET #​42059
• Default Logback config uses deprecated "converterClass" attribute #​42006

📔 Documentation

• Document that spring.jmx.enabled is not intended for third-party libraries #​42285
• Update link to Log4j2 system properties #​42263
• Links to GraphQL in the reference guide redirect to the root instead of specific sections #​42208
• Syntax error in "Receive a message reactively section" of the reference guide #​42200
• Deprecation reason for the autotime enabled, percentiles, and percentiles-historgram properties is confusing #​42193
• Replace RFC 7807 by RFC 9457 in property documentation #​42190
• Document that configuration property binding to a Kotlin value class with a default is not supported #​42176
• Update documentation to reflect new no handler found exception behavior #​42167
• Polish configuration property reference #​42165
• Remove link to “Converting a Spring Boot JAR Application to a WAR” as the guide is no longer available #​42111
• Fix StatsD link typo on Metrics documentation page #​42109
• Improve docker without buildpacks documentation #​42106
• Improve documentation in "Command-line Completion" #​42103
• Kotlin code examples are missing from the Testing section #​42094
• Fix incorrect command in Docker configuration for Colima #​42078
• Gradle Plugin AOT documentation has sample error #​42046

🔨 Dependency Upgrades

• Upgrade to Groovy 4.0.23 #​42292
• Upgrade to Hibernate 6.5.3.Final #​42365
• Upgrade to Infinispan 15.0.8.Final #​42253
• Upgrade to Jakarta Servlet JSP JSTL 3.0.2 #​42254
• Upgrade to Jetty 12.0.13 #​42256
• Upgrade to Jetty Reactive HTTPClient 4.0.7 #​42255
• Upgrade to Logback 1.5.8 #​42257
• Upgrade to Micrometer 1.13.4 #​42129
• Upgrade to Micrometer Tracing 1.3.4 #​42130
• Upgrade to MSSQL JDBC 12.6.4.jre11 #​42258
• Upgrade to Native Build Tools Plugin 0.10.3 #​42205
• Upgrade to Netty 4.1.113.Final #​42259
• Upgrade to Postgresql 42.7.4 #​42260
• Upgrade to R2DBC MariaDB 1.2.2 #​42326
• Upgrade to Reactor Bom 2023.0.10 #​42131
• Upgrade to SendGrid 4.10.3 #​42366
• Upgrade to Spring Data Bom 2024.0.4 #​42132
• Upgrade to Spring Framework 6.1.13 #​42133
• Upgrade to Spring HATEOAS 2.3.3 #​42282
• Upgrade to Spring Integration 6.3.4 #​42134
• Upgrade to Spring Kafka 3.2.4 #​42135
• Upgrade to Spring Pulsar 1.1.4 #​42136
• Upgrade to Spring Retry 2.0.9 #​42327
• Upgrade to Tomcat 10.1.30 #​42346
• Upgrade to Undertow 2.3.17.Final #​42303
• Upgrade to Zipkin Reporter 3.4.2 #​42364

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Alchemik, @​arefbehboudi, @​einarpehrson, @​izeye, @​martinfrancois, @​mushroom528, @​nosan, and @​quaff

v3.3.3

⭐ New Features

• Add TWENTY_THREE to JavaVersion enum #​41716

🐞 Bug Fixes

• Extending DefaultErrorAttributes and overriding getErrorAttributes() gets called twice #​41995
• When using WebFlux, server.error.include-binding-errors=ALWAYS no longer has an effect when the BindingResult exception is the cause of a ResponseStatusException #​41987
• PropertiesLauncher does not respect classpath.idx when adding jars in BOOT-INF/lib to the classpath #​41970
• Web extension for SBOM endpoint isn't available under /cloudfoundryapplication [#​41890](https://redirect.github.co

---

Configuration

📅 Schedule: Branch creation - "after 10pm every weekday,before 5am every weekday,every weekend" in timezone Europe/Bratislava, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud