Merged
Conversation
Bumps [org.apache.httpcomponents.client5:httpclient5](https://github.com/apache/httpcomponents-client) from 5.4.1 to 5.4.3. - [Changelog](https://github.com/apache/httpcomponents-client/blob/rel/v5.4.3/RELEASE_NOTES.txt) - [Commits](apache/httpcomponents-client@rel/v5.4.1...rel/v5.4.3) --- updated-dependencies: - dependency-name: org.apache.httpcomponents.client5:httpclient5 dependency-version: 5.4.3 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
…y-core/org.apache.httpcomponents.client5-httpclient5-5.4.3 bump apache httpclient5 from 5.4.1 to 5.4.3
* Update rules * Support example with POST
* apache commons codec to 1.19.0 * more dep updates
* add logic to keep lambdas warm * fix style * init public keys in mem for webhook collectors on start-up
* aws replace tool * add documentation
* improve webhook collector mode configuration * support webhook output prefix * fix style * fix path stuff * fix missed rename * fix various test issues
* deal with empty header case more correctly; that's quite clearly a bug * add test of empty CC case
* improve GCP vpc docs + conditions * fix style, unrelated * improve error feedback on network connectivity issues * doc that GCP VPC needs external connectivity via router/nat for non-google sources * move validation up to dop * try to skip compile in tests * Apply suggestion from @Copilot Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Apply suggestion from @Copilot Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* interface to secret store to get multiple versions of things * refactor how token refreshin works, so potentially more proactive / better re-use * pick most recent token based on expirationDate * cr feedback * fix refactor * remove stray bracket * Update java/core/src/main/java/co/worklytics/psoxy/gateway/impl/oauth/OAuthRefreshTokenSourceAuthStrategy.java Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Update java/core/src/main/java/co/worklytics/psoxy/gateway/impl/CompositeConfigService.java Co-authored-by: aperez-worklytics <75276364+aperez-worklytics@users.noreply.github.com> * drop sort on lastAccessDate; only date-level granularity, so why bother --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: aperez-worklytics <75276364+aperez-worklytics@users.noreply.github.com>
* expose more outputs relevant to gcp-hosted deployments * gcp min perms to host * expose gcp network roles, for completenes * doc gcp vpc roles * doc that Project IAM Admin is required * fix docs * Update infra/modules/psoxy-constants/main.tf Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Update infra/modules/psoxy-constants/outputs.tf Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Update docs/gcp/vpc.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
This is the final PR Bugbot will review for you during this billing cycle
Your free Bugbot reviews will reset on December 10
Details
You are on the Bugbot Free tier. On this plan, Bugbot will review limited PRs each billing cycle.
To receive Bugbot reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial.
java/impl/gcp/src/main/java/co/worklytics/psoxy/SecretManagerConfigService.java
Show resolved
Hide resolved
| if (accessToken == null) { | ||
| return true; | ||
| } | ||
| Instant expiresAt = accessToken.getExpirationTime().toInstant(); |
There was a problem hiding this comment.
Bug: Tokens Crash with Null Expiration.
Calling accessToken.getExpirationTime().toInstant() will throw NullPointerException when the token has no expiration time. Since AccessTokenDto.asAccessToken() can produce tokens with null expiration dates, and getSharedAccessTokenIfSupported() returns such tokens, this causes a crash when checking if proactive refresh is needed.
* fix bad comment * try to make sbom stuff more robust * drop mvn plugins that are problematic, see to cause build errors * use reactor build * sboms * fix sbom generation * update package-lock in psoxy-test * fix gcp release artifact script * prompt user if gcp artifact has already been published * prompt user if aws artifact has already been published * warn if we're NOT running in the expected place
| function_name = module.gate_instance.function_name | ||
| qualifier = aws_lambda_alias.provisioned[0].name | ||
| provisioned_concurrent_executions = var.keep_warm_instances | ||
| } |
There was a problem hiding this comment.
Bug: Provisioned Concurrency: Lambda Versioning Required
The provisioned concurrency configuration creates an alias pointing to $LATEST and then attempts to configure provisioned concurrency on that alias. AWS Lambda doesn't support provisioned concurrency on $LATEST - it requires a published version number. This will cause Terraform to fail when applying the configuration with keep_warm_instances set. The alias needs to point to a published version rather than $LATEST.
aperez-worklytics
approved these changes
Nov 12, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
v0.5.12 back to main
Test Plan
AWS
cd infra/examples-dev/aws ./apply ./test-all.shConfirm everything worked:
GCP
cd infra/examples-dev/gcp ./apply ./test-all.shConfirm everything worked:
Next steps, after that's merged to
main:./tools/release/publish.sh v0.5.12Note
Release v0.5.12 with webhook collector enhancements (path prefix, AWS provisioned concurrency), robust network-timeout handling, OAuth token version-aware retrieval, updated docs/tooling, and dependency bumps.
ErrorCauses.NETWORK_EGRESS_BLOCKEDand map socket timeouts to 502 with guidance; surface in test tool.WebhookCollectorModeConfigPropertywithWebhookCollectorModeConfig; wire through runtime and tests; pre-warm JWKS key cache on AWS/GCP startup.SecretStorewithgetAvailableVersions; implement for AWS SSM/Secrets Manager and GCP Secret Manager; add caching/composite passthroughs.AccessTokenDto.expirationDatenullable Long.output_path_prefixfor batched outputs; include inWEBHOOK_BATCH_OUTPUT.keep_warm_instances+ Lambda provisioned concurrency; exposeprovisioned_concurrencyoutput.output_path_prefix,keep_warm_instances), update variables and modules (aws-host,aws-webhook-collector,gcp-host,gcp-webhook-collector).v0.5.12.replay-gcs-writes.sh).Cc; sanitizer returns empty string for empty email headers. Salesforce: allowPOSTon.../composite.0.5.12and update dependencies (e.g.,commons-codec,httpclient5, Google Cloud BOM).Written by Cursor Bugbot for commit 1a56a8b. This will update automatically on new commits. Configure here.