chore(release): 1.96.0 #13934
Merged
chore(release): 1.96.0 #13934
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
There is a typo in the UserData script that install the CodeDeploy Agent on EC2 instances for the server DeploymentGroup. Fixes #13755 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…ic API (#13814) A previous commit - ad01099 - deprecated BundlingDockerImage in favour of DockerImage. However, there are still uses of BundlingDockerImage that remain. Since bundling is still experimental, swap all uses of BundlingDockerImage and replace with DockerImage. Motivation No non-deprecated public API can reference a deprecated type as part of CDKv2. BREAKING CHANGE: The type of the `image` property in `BundlingOptions` is changed from `BundlingDockerImage` to `DockerImage`. * **core:** The return type of the `DockerImage.fromBuild()` API is changed from `BundlingDockerImage` to `DockerImage`. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
) The jsii build the 'aws-cdk-lib' module will now run with the 'strip deprecated' flag enabled. This ensures that the public API of this module will contain no deprecated symbols. This is enabled by a new option configured in the module's `package.json` and recognized by `cdk-build`. Previous commits - ca391b5 and a872e67 - have removed the majority of deprecated symbols from public APIs. A few remain that are removed as part of this change. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
fixes #13411 *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…riables (#13706) In the SecretsManager-typed environment variables in CodeBuild, the code in the Project class assumed those would be passed as names. As it turns out, CodeBuild also allows passing there entire ARNs of secrets (both partial, and full), and also optional qualifiers, separated by colons, that specify SecretsManager attributes like the JSON key, or the secret version. Add handling of all of these cases. Fixes #12703 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…13715) Importing a `UserPool` using `fromUserPoolArn()` method would not retain the account/region from the ARN and would instead use the environment from the scope it is imported to. Closes #13691 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Introduce an initial `cdk init` project template for Go. The template includes a single stack with an SNS topic, `cdk.json` and a simple unit test. Output example: https://github.com/eladb/hello-go-cdk/tree/go-init-template Resolves aws/jsii#2678 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…s-region (#13737) This commit changes the auto-generated name of the `CachePolicy` to include stack name and region, thus providing unique name for the `CachePolicy` account-wide. Closes #13629. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
We are excited to graduate the @aws-cdk/lambda-nodejs module to STABLE. Many thanks to @jogold and the CDK community for leading the work on this useful feature. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This is a re-submit of the PR #13356, which had to be reverted because of JSII issue aws/jsii#2653. Since that issue has been fixed in JSII version `1.26.0`, which is what we currently use, re-introduce the changes from that PR. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…DockerImage (#13846) A previous change missed to fix the 'return' statement on this method. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Currently, we are using the `yaml-1.1` schema when de-serializing YAML documents, Unfortunately, this has the side effect of treating unquoted parts of the template like '2010-09-09' as Date objects, instead of just simple strings. This has been noted by a customer using the cloudformation-include module, but I assume a very similar problem exists for other places we parse YAML, like cloudformation-diff. Switch to the `core` schema from `yaml-1.1`, where those are treated as strings, instead of dates. Fixes #13709 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Adds a resource property and a context key for disabling security group inline rules
---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…ARN (#13821) If you forget the region part of the ARN for an IAM resource like a Role (and considering the region is never provided for IAM resources, it's easy to forget, as you have to provide it as `::`), the IAM library doesn't catch this error, and you only find out about it at deployment time, with a very confusing `Fn::Select cannot select nonexistent value at index 5` message from CloudFormation. Re-factor the ARN parsing code in core a little bit to allow us to catch this common error. Fixes #13812 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
netmask@1 is affected by CVE-2021-28918 GHSA-pch5-whg9-qr2r netmask is a depdendency to the CDK via aws-cdk → proxy-agent@4.0.1 → pac-proxy-agent@4.1.0 → pac-resolver@4.1.0 → netmask@1.0.6 None of these dependencies have upgraded to netmask@2 as yet. Use yarn's [selective dependency resolution], to explicitly pick netmask@2. This upgrades yarn.lock and the CLI's npm-shrinkwrap.json. With this fix, npm customers will no longer depend on netmask@2 transitively via the CDK. For yarn customers, there is no clean resolution since yarn does not respective the the 'resolutions' key in dependencies' package.json and does not respect the shrinkwrap. The init templates now ship the 'resolutions' key so that new customers using yarn will be unaffected. A different solution has to be devised for existing customers on yarn. [selective dependency resolution]: https://classic.yarnpkg.com/en/docs/selective-version-resolutions/ ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This PR also includes some last minute ergonomic changes. BREAKING CHANGE: `DatabaseClusterProps.instanceProps` was hoisted and all its properties are now available one level up directly in `DatabaseClusterProps`. - **docdb**: `DatabaseInstanceProps.instanceClass` renamed to `DatabaseInstanceProps.instanceType`. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
) There are a number of changes to this module, made in order to stabilize it. The changes are as follows: * Endpoints as constructs would only work in TypeScript; they have been moved out as integration classes into `aws-globalaccelerator-endpoints` in order to support languages like Java and C#. * The automatic naming algorithm has been changed to reduce chances of conflict. * There are now convenience methods, `addListener()` and `addEndpointGroup()` that will create the appropriate objects, as alternatives to `new Listener()` and `new EndpointGroup()`. * EndpointGroups can take a list of `endpoints` in the constructor. * A Listener's `toPort` is optional (and defaults to `fromPort` if not supplied). * Support all the EndpointGroup properties. * An EndpointGroup's `region` is automatically determined from its configured endpoints, if possible. * The looked-up SecurityGroup is no longer accessible as a full Security Group, it can just be reference as a Peer (modifying the rules is not recommended by AGA and should not be allowed from the CDK). Changes to other libraries made to support this: * core, elbv2: imported Load Balancers now are aware of the region and account they were actually imported from, in order to be able to make `region` implicit in the AGA API. BREAKING CHANGE: automatic naming algorithm has been changed: if you have existing Accelerators you will need to pass an explicit name to prevent them from being replaced. All endpoints are now added by calling `addEndpoint()` with a target-specific class that can be found in `@aws-cdk/aws-globalaccelerator-endpoints`. The generated Security Group is now looked up by calling `endpointGroup.connectionsPeer()`. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…version 1.4 (#13882) Set `splunk-tag` when `tag` is set. This will keep the API constant, however it will add an additional `splunk-tag` in the key-value `Options` property in `AWS::ECS::TaskDefinition`s - `LogConfiguration`. This is a very pragmatic approach. Feel free to suggest something else. closes #13881 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
see [CHANGELOG](https://github.com/aws/aws-cdk/blob/ebb5c7af622ab36f46e58103608dfc025a21691a/CHANGELOG.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…esource dependencies" error (#13889) When creating the Custom Resources that implement the global tables functionality, we add dependencies between them, as you can't create replicas of the same Table concurrently. However, if the Stack the Table is part of is env-agnostic, we also add a CFN Condition to the Custom Resource that checks whether the given region is the deployed-to region, and skip creating the replica in that case (as the Table itself acts as the replica in this case). But that Condition is not compatible with the dependency clause, as the resource will not exist if the Condition is false. Use a trick, and instead of using a DependsOn, add a CFN metadata that refers to the other Custom Resource through a Ref expression, which adds an implicit dependency, and wrap the entire Metadata in a Fn::If, guarded by the same Condition the other Custom Resource uses. Noticed by a customer in #13671 (comment). ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Ran npm-check-updates and yarn upgrade to keep the `yarn.lock` file up-to-date.
…10 (#13907) Validation was added in #13410 to enforce a limit of the number of headers allowed in the allow list for a Origin Request Policy; that limit is a soft limit and should not be hard-enforced in code. Relates to #13903 This commit partially reverts changes introduced in 42f3740. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
If the **resolved** version of a package (the one we force using Yarn) does not match the **required** version of a package (the one in `package.json`), then NPM ignores the resolved version and installs the package from the `requires` list anyway, *even* if it's processing a shrinkwrap file. Unfortunately, sometimes we have to force this situation, such as with the `netmask` issue, where the required version is declared at `^1.0.6` but we need to force it to be resolved to `2.0.1`. Detect this situation early and bail out, so that we don't try to ship something that doesn't have the version resolution we expected to ship. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This in turn bumps `netmask`. See TooTallNate/node-pac-resolver#25 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Since the downstream dependency was patched we don't require the resolution clause. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Fix typo ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
aws-cdk-automation
added
the
pr/no-squash
nija-at
reviewed
Apr 1, 2021
|
|
iliapolo
requested changes
Apr 1, 2021
iliapolo
reviewed
Apr 1, 2021
iliapolo
approved these changes
Apr 1, 2021
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
|
Thank you for contributing! Your pull request will be automatically updated and merged without squashing (do not update manually, and be sure to allow changes to be pushed to your fork). |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See CHANGELOG