Renovate Update Patch & Minor Updates #149
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
renovate
bot
added
dependencies
github-actions
bot
added
documentation
renovate
bot
force-pushed
the
renovate-all-minor-patch-updates
branch
17 times, most recently
from
044a9ea
to
09ced1e
Compare
github-actions
bot
removed
documentation
renovate
bot
force-pushed
the
renovate-all-minor-patch-updates
branch
from
09ced1e
to
333d893
Compare
github-actions
bot
added
the
documentation
renovate
bot
force-pushed
the
renovate-all-minor-patch-updates
branch
from
5b129e3
to
9c954cf
Compare
github-actions
bot
removed
documentation
renovate
bot
force-pushed
the
renovate-all-minor-patch-updates
branch
from
9c954cf
to
b9a96b3
Compare
github-actions
bot
added
documentation
renovate
bot
force-pushed
the
renovate-all-minor-patch-updates
branch
8 times, most recently
from
6c20344
to
34f299a
Compare
renovate
bot
force-pushed
the
renovate-all-minor-patch-updates
branch
from
34f299a
to
a63c3b9
Compare
Edited/Blocked NotificationRenovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR. You can manually request rebase by checking the rebase/retry box above. |
|
Note that the CVE mentioned in this PR has been addressed already by bumping requests to 2.32 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
0.19.0->0.24.05.55.0->5.58.05.59.0==1.34.98->==1.34.145==3.0.6->==3.1.0==7.5.0->==7.6.0==2.22.0->==2.23.3==7.0.0->==7.1.0v1.52.2->v1.54.20v7.4.0->v7.7.0v3.25.3->v3.25.12v3.25.131.8.5->1.9.2==6.100.2->==6.108.2==4.22.0->==4.23.0==5.0.6->==5.0.11==8.2.0->==8.2.28.3.1(+1)==5.0.4->==5.0.7==2.31.0->==2.32.2==1.0.1->==1.2.31.3.1(+1)==8.2.3->==8.5.0==4.11.0->==4.12.2==0.28.1->==0.33.0GitHub Vulnerability Alerts
CVE-2024-35195
When making requests through a Requests
Session, if the first request is made withverify=Falseto disable cert verification, all subsequent requests to the same origin will continue to ignore cert verification regardless of changes to the value ofverify. This behavior will continue for the lifecycle of the connection in the connection pool.Remediation
Any of these options can be used to remediate the current issue, we highly recommend upgrading as the preferred mitigation.
requests>=2.32.0.requests<2.32.0, avoid settingverify=Falsefor the first request to a host while using a Requests Session.requests<2.32.0, callclose()onSessionobjects to clear existing connections ifverify=Falseis used.Related Links
Release Notes
aquasecurity/trivy-action (aquasecurity/trivy-action)
v0.24.0Compare Source
What's Changed
Full Changelog: aquasecurity/trivy-action@0.23.0...0.24.0
v0.23.0Compare Source
What's Changed
Full Changelog: aquasecurity/trivy-action@0.22.0...0.23.0
v0.22.0Compare Source
What's Changed
New Contributors
Full Changelog: aquasecurity/trivy-action@0.21.0...0.22.0
v0.21.0Compare Source
What's Changed
New Contributors
Full Changelog: aquasecurity/trivy-action@0.20.0...0.21.0
v0.20.0Compare Source
What's Changed
--docker-hostoption for GH Action users by @calinmarina in https://github.com/aquasecurity/trivy-action/pull/267New Contributors
Full Changelog: aquasecurity/trivy-action@0.19.0...0.20.0
hashicorp/terraform-provider-aws (aws)
v5.58.0Compare Source
FEATURES:
aws_cloudwatch_log_account_policy(#38328)aws_verifiedpermissions_identity_source(#38181)ENHANCEMENTS:
network_interfaces.primary_ipv6attribute (#37142)tagsattribute (#38270)tagsattribute (#38270)tagsattribute (#38270)link_configurationattribute (#38277)deployment_targetsargument. (#37898)billing_modeargument (#38273)InvalidParameterCombination: A parameter group can't be specified during Read Replica creation for the following DB engine: postgreserrors (#38227)InsufficientInstanceCapacityerrors (#36754)bootstrap_self_managed_addonsargument (#38162)resource_set_idsattribute (#38161)384,768,1536,3072, and6144as valid values forthroughput_capacity(#38308)384,768, and1536as valid values forthroughput_capacity_per_ha_pair(#38308)MULTI_AZ_2as a valid value fordeployment_type(#38308)cidr_blockargument toresourceconfiguration block (#38196)deletetimeout (#38212)network_interfaces.primary_ipv6argument (#37142)tagsargument andtags_allattribute (#38270)tagsargument andtags_allattribute (#38270)tagsargument andtags_allattribute (#38270)link_configurationargument (#38277)ca_certificate_identifierargument andca_certificate_valid_tillattribute (#37108)tagsargument andtags_allattribute (#38271)BUG FIXES:
tagsattribute is not set (#38272)access_config.bootstrap_cluster_creator_admin_permissionsattribute (#38295)0as a valid value foridle_disconnect_timeout_in_seconds(#38274)ForceNewto deployment_targets attributes to ensure a new resource is recreated when the deployment_targets argument is changed, which was not the case previously. (#37898)access_config.bootstrap_cluster_creator_admin_permissionstotrueon Read for clusters with noaccess_configconfigured. This allows in-place updates of existing clusters whenaccess_configis configured (#38295)cache_usage_limits.data_storage.maximum,cache_usage_limits.data_storage.minimum,cache_usage_limits.ecpu_per_second.maximumandcache_usage_limits.ecpu_per_second.minimumto be updated in-place (#38269)interface conversion: interface {} is nil, not map[string]interface {}panic whenlog_delivery.worker_log_deliveryis empty ({}) (#38270)v5.57.0Compare Source
FEATURES:
aws_appstream_image(#38225)aws_cognito_user_pool(#37399)aws_ec2_transit_gateway_peering_attachments(#25743)aws_transfer_connector(#38213)ENHANCEMENTS:
ruleattribute (#37890)certificate_settingsargument (#37105)optionsargument (#36902)tagsargument (#37152)cloudwatch_logs.batch_modeanderror_action.cloudwatch_logs.batch_modearguments (#36772)InputAndOutputincapture_mode(#37726)BUG FIXES:
pre_provisioning_hookupdate operation (#37152)v5.56.1Compare Source
BUG FIXES:
InvalidParameterException: 2 validation errors detectederrors on Read (#38168)runtime error: index out of range [0] with length 0panic when addinglambda_config(#38184)v5.56.0Compare Source
FEATURES:
aws_appfabric_app_authorization_connection(#38084)aws_appfabric_ingestion(#37291)aws_appfabric_ingestion_destination(#37627)aws_networkfirewall_tls_inspection_configuration(#35168)aws_networkmonitor_monitor(#35722)aws_networkmonitor_probe(#35722)ENHANCEMENTS:
parametersargument andarnattribute (#38071)firewall_arn(#35168)iam_identity_center_instance_arnattribute (#36830)firewall_domain_redirection_actionargument (#37242)q_typeargument (#38074)default_user_settings.canvas_app_settings.generative_ai_settingsconfiguration block (#37139)default_user_settings.code_editor_app_settings.custom_imageconfiguration block (#37153)production_variants.inference_ami_versionandshadow_production_variants.inference_ami_versionarguments (#38085)user_settings.canvas_app_settings.generative_ai_settingsconfiguration block (#37139)user_settings.code_editor_app_settings.custom_imageconfiguration block (#37153)oidc_config.authentication_request_extra_paramsandoidc_config.scopearguments (#38078)worker_access_configurationattribute (#38087)sensitivity_levelargument tosqli_match_statementconfiguration block (#38077)BUG FIXES:
tags(#38067)boto/boto3 (boto3)
v1.34.145Compare Source
========
acm-pca: [botocore] Fix broken waiters for the acm-pca client. Waiters broke in version 1.13.144 of the Boto3 SDK.connect: [botocore] Amazon Connect expands search API coverage for additional resources. Search for hierarchy groups by name, ID, tag, or other criteria (new endpoint). Search for agent statuses by name, ID, tag, or other criteria (new endpoint). Search for users by their assigned proficiencies (enhanced endpoint)ec2: [botocore] Amazon VPC IP Address Manager (IPAM) now supports Bring-Your-Own-IP (BYOIP) for IP addresses registered with any Internet Registry. This feature uses DNS TXT records to validate ownership of a public IP address range.firehose: [botocore] This release 1) Add configurable buffering hints for Snowflake as destination. 2) Add ReadFromTimestamp for MSK As Source. Firehose will start reading data from MSK Cluster using offset associated with this timestamp. 3) Gated public beta release to add Apache Iceberg tables as destination.ivschat: [botocore] Documentation update for IVS Chat API Reference.medialive: [botocore] AWS Elemental MediaLive now supports the SRT protocol via the new SRT Caller input type.rds: [botocore] Updates Amazon RDS documentation to specify an eventual consistency model for DescribePendingMaintenanceActions.sagemaker: [botocore] SageMaker Training supports R5, T3 and R5D instances family. And SageMaker Processing supports G5 and R5D instances family.secretsmanager: [botocore] Doc only update for Secrets Managertaxsettings: [botocore] Set default endpoint for aws partition. Requests from all regions in aws partition will be forward to us-east-1 endpoint.timestream-query: [botocore] Doc-only update for TimestreamQuery. Added guidance about the accepted valid value for the QueryPricingModel parameter.workspaces-thin-client: [botocore] Documentation update for WorkSpaces Thin Client.botocore] Update waiters to handle expected boolean values when matching errors (boto/botocore#3220 <https://github.com/boto/botocore/issues/3220>__)v1.34.144Compare Source
========
acm-pca: [botocore] Minor refactoring of C2J model for AWS Private CAarc-zonal-shift: [botocore] Adds the option to subscribe to get notifications when a zonal autoshift occurs in a region.globalaccelerator: [botocore] This feature adds exceptions to the Customer API to avoid throwing Internal Service errorspinpoint: [botocore] Add v2 smoke tests and smithy smokeTests trait for SDK testing.quicksight: [botocore] Vega ally control options and Support for Reviewed Answers in Topicsv1.34.143Compare Source
========
batch: [botocore] This feature allows AWS Batch Jobs with EKS container orchestration type to be run as Multi-Node Parallel Jobs.bedrock: [botocore] Add support for contextual grounding check for Guardrails for Amazon Bedrock.bedrock-agent: [botocore] Introduces new data sources and chunking strategies for Knowledge bases, advanced parsing logic using FMs, session summary generation, and code interpretation (preview) for Claude V3 Sonnet and Haiku models. Also introduces Prompt Flows (preview) to link prompts, foundational models, and resources.bedrock-agent-runtime: [botocore] Introduces query decomposition, enhanced Agents integration with Knowledge bases, session summary generation, and code interpretation (preview) for Claude V3 Sonnet and Haiku models. Also introduces Prompt Flows (preview) to link prompts, foundational models, and resources for end-to-end solutions.bedrock-runtime: [botocore] Add support for contextual grounding check and ApplyGuardrail API for Guardrails for Amazon Bedrock.ec2: [botocore] Add parameters to enable provisioning IPAM BYOIPv4 space at a Local Zone Network Border Group levelglue: [botocore] Add recipe step support for recipe nodegroundstation: [botocore] Documentation update specifying OEM ephemeris units of measurementlicense-manager-linux-subscriptions: [botocore] Add support for third party subscription providers, starting with RHEL subscriptions through Red Hat Subscription Manager (RHSM). Additionally, add support for tagging subscription provider resources, and detect when an instance has more than one Linux subscription and notify the customer.mediaconnect: [botocore] AWS Elemental MediaConnect introduces the ability to disable outputs. Disabling an output allows you to keep the output attached to the flow, but stop streaming to the output destination. A disabled output does not incur data transfer costs.v1.34.142Compare Source
========
datazone: [botocore] This release deprecates dataProductItem field from SearchInventoryResultItem, along with some unused DataProduct shapesfsx: [botocore] Adds support for FSx for NetApp ONTAP 2nd Generation file systems, and FSx for OpenZFS Single AZ HA file systems.opensearch: [botocore] This release adds support for enabling or disabling Natural Language Query Processing feature for Amazon OpenSearch Service domains, and provides visibility into the current state of the setup or tear-down.sagemaker: [botocore] This release 1/ enables optimization jobs that allows customers to perform Ahead-of-time compilation and quantization. 2/ allows customers to control access to Amazon Q integration in SageMaker Studio. 3/ enables AdditionalModelDataSources for CreateModel action.v1.34.141Compare Source
========
codedeploy: [botocore] Add v2 smoke tests and smithy smokeTests trait for SDK testing.devicefarm: [botocore] Add v2 smoke tests and smithy smokeTests trait for SDK testing.dms: [botocore] Add v2 smoke tests and smithy smokeTests trait for SDK testing.elasticbeanstalk: [botocore] Add v2 smoke tests and smithy smokeTests trait for SDK testing.es: [botocore] Add v2 smoke tests and smithy smokeTests trait for SDK testing.firehose: [botocore] Add v2 smoke tests and smithy smokeTests trait for SDK testing.gamelift: [botocore] Add v2 smoke tests and smithy smokeTests trait for SDK testing.qapps: [botocore] This is a general availability (GA) release of Amazon Q Apps, a capability of Amazon Q Business. Q Apps leverages data sources your company has provided to enable users to build, share, and customize apps within your organization.route53resolver: [botocore] Add v2 smoke tests and smithy smokeTests trait for SDK testing.ses: [botocore] Add v2 smoke tests and smithy smokeTests trait for SDK testing.v1.34.140Compare Source
========
acm: [botocore] Documentation updates, including fixes for xml formatting, broken links, and ListCertificates description.ecr: [botocore] This release for Amazon ECR makes change to bring the SDK into sync with the API.payment-cryptography-data: [botocore] Added further restrictions on logging of potentially sensitive inputs and outputs.qbusiness: [botocore] Add personalization to Q Applications. Customers can enable or disable personalization when creating or updating a Q application with the personalization configuration.v1.34.139Compare Source
========
application-autoscaling: [botocore] Doc only update for Application Auto Scaling that fixes resource name.directconnect: [botocore] This update includes documentation for support of new native 400 GBps ports for Direct Connect.organizations: [botocore] Added a new reason under ConstraintViolationException in RegisterDelegatedAdministrator API to prevent registering suspended accounts as delegated administrator of a service.rekognition: [botocore] This release adds support for tagging projects and datasets with the CreateProject and CreateDataset APIs.workspaces: [botocore] Fix create workspace bundle RootStorage/UserStorage to accept non null valuesv1.34.138Compare Source
========
ec2: [botocore] Documentation updates for Elastic Compute Cloud (EC2).fms: [botocore] Increases Customer API's ManagedServiceData lengths3: [botocore] Added response overrides to Head Object requests.v1.34.137Compare Source
========
apigateway: [botocore] Add v2 smoke tests and smithy smokeTests trait for SDK testing.cognito-identity: [botocore] Add v2 smoke tests and smithy smokeTests trait for SDK testing.connect: [botocore] Authentication profiles are Amazon Connect resources (in gated preview) that allow you to configure authentication settings for users in your contact center. This release adds support for new ListAuthenticationProfiles, DescribeAuthenticationProfile and UpdateAuthenticationProfile APIs.docdb: [botocore] Add v2 smoke tests and smithy smokeTests trait for SDK testing.eks: [botocore] Updates EKS managed node groups to support EC2 Capacity Blocks for MLpayment-cryptography: [botocore] Added further restrictions on logging of potentially sensitive inputs and outputs.payment-cryptography-data: [botocore] Adding support for dynamic keys for encrypt, decrypt, re-encrypt and translate pin functions. With this change, customers can use one-time TR-31 keys directly in dataplane operations without the need to first import them into the service.stepfunctions: [botocore] Add v2 smoke tests and smithy smokeTests trait for SDK testing.swf: [botocore] Add v2 smoke tests and smithy smokeTests trait for SDK testing.wafv2: [botocore] JSON body inspection: Update documentation to clarify that JSON parsing doesn't include full validation.v1.34.136Compare Source
========
acm-pca: [botocore] Added CCPC_LEVEL_1_OR_HIGHER KeyStorageSecurityStandard and SM2 KeyAlgorithm and SM3WITHSM2 SigningAlgorithm for China regions.cloudhsmv2: [botocore] Added 3 new APIs to support backup sharing: GetResourcePolicy, PutResourcePolicy, and DeleteResourcePolicy. Added BackupArn to the output of the DescribeBackups API. Added support for BackupArn in the CreateCluster API.connect: [botocore] This release supports showing PreferredAgentRouting step via DescribeContact API.emr: [botocore] This release provides the support for new allocation strategies i.e. CAPACITY_OPTIMIZED_PRIORITIZED for Spot and PRIORITIZED for On-Demand by taking input of priority value for each instance type for instance fleet clusters.glue: [botocore] Added AttributesToGet parameter to Glue GetDatabases, allowing caller to limit output to include only the database name.kinesisanalyticsv2: [botocore] Support for Flink 1.19 in Managed Service for Apache Flinkopensearch: [botocore] This release removes support for enabling or disabling Natural Language Query Processing feature for Amazon OpenSearch Service domains.pi: [botocore] Noting that the filter db.sql.db_id isn't available for RDS for SQL Server DB instances.workspaces: [botocore] Added support for Red Hat Enterprise Linux 8 on Amazon WorkSpaces Personal.v1.34.135Compare Source
========
application-autoscaling: [botocore] Amazon WorkSpaces customers can now use Application Auto Scaling to automatically scale the number of virtual desktops in a WorkSpaces pool.chime-sdk-media-pipelines: [botocore] Added Amazon Transcribe multi language identification to Chime SDK call analytics. Enabling customers sending single stream audio to generate call recordings using Chime SDK call analyticscloudfront: [botocore] Doc only update for CloudFront that fixes customer-reported issuedatazone: [botocore] This release supports the data lineage feature of business data catalog in Amazon DataZone.elasticache: [botocore] Add v2 smoke tests and smithy smokeTests trait for SDK testing.mq: [botocore] This release makes the EngineVersion field optional for both broker and configuration and uses the latest available version by default. The AutoMinorVersionUpgrade field is also now optional for broker creation and defaults to 'true'.qconnect: [botocore] Adds CreateContentAssociation, ListContentAssociations, GetContentAssociation, and DeleteContentAssociation APIs.quicksight: [botocore] Adding support for Repeating Sections, Nested Filtersrds: [botocore] Updates Amazon RDS documentation for TAZ export to S3.sagemaker: [botocore] Add capability for Admins to customize Studio experience for the user by showing or hiding Apps and MLTools.workspaces: [botocore] Added support for WorkSpaces Pools.v1.34.134Compare Source
========
controltower: [botocore] Added ListLandingZoneOperations API.eks: [botocore] Added support for disabling unmanaged addons during cluster creation.ivs-realtime: [botocore] IVS Real-Time now offers customers the ability to upload public keys for customer vended participant tokens.kinesisanalyticsv2: [botocore] This release adds support for new ListApplicationOperations and DescribeApplicationOperation APIs. It adds a new configuration to enable system rollbacks, adds field ApplicationVersionCreateTimestamp for clarity and improves support for pagination for APIs.opensearch: [botocore] This release adds support for enabling or disabling Natural Language Query Processing feature for Amazon OpenSearch Service domains, and provides visibility into the current state of the setup or tear-down.v1.34.133Compare Source
========
autoscaling: [botocore] Doc only update for Auto Scaling's TargetTrackingMetricDataQueryec2: [botocore] This release is for the launch of the new u7ib-12tb.224xlarge, R8g, c7gn.metal and mac2-m1ultra.metal instance typesnetworkmanager: [botocore] This is model changes & documentation update for the Asynchronous Error Reporting feature for AWS Cloud WAN. This feature allows customers to view errors that occur while their resources are being provisioned, enabling customers to fix their resources without needing external support.workspaces-thin-client: [botocore] This release adds the deviceCreationTags field to CreateEnvironment API input, UpdateEnvironment API input and GetEnvironment API output.v1.34.132Compare Source
========
bedrock-runtime: [botocore] Increases Converse API's document name lengthcustomer-profiles: [botocore] This release includes changes to ProfileObjectType APIs, adds functionality top set and get capacity for profile object types.ec2: [botocore] Fix EC2 multi-protocol info in models.qbusiness: [botocore] Allow enable/disable Q Apps when creating/updating a Q application; Return the Q Apps enablement information when getting a Q application.ssm: [botocore] Add sensitive trait to SSM IPAddress property for CloudTrail redactionworkspaces-web: [botocore] Added ability to enable DeepLinking functionality on a Portal via UserSettings as well as added support for IdentityProvider resource tagging.v1.34.131Compare Source
========
bedrock-runtime: [botocore] This release adds document support to Converse and ConverseStream APIscodeartifact: [botocore] Add support for the Cargo package format.compute-optimizer: [botocore] This release enables AWS Compute Optimizer to analyze and generate optimization recommendations for Amazon RDS MySQL and RDS PostgreSQL.cost-optimization-hub: [botocore] This release enables AWS Cost Optimization Hub to show cost optimization recommendations for Amazon RDS MySQL and RDS PostgreSQL.dynamodb: [botocore] Doc-only update for DynamoDB. Fixed Important note in 6 Global table APIs - CreateGlobalTable, DescribeGlobalTable, DescribeGlobalTableSettings, ListGlobalTables, UpdateGlobalTable, and UpdateGlobalTableSettings.glue: [botocore] Fix Glue paginators for Jobs, JobRuns, Triggers, Blueprints and Workflows.ivs-realtime: [botocore] IVS Real-Time now offers customers the ability to record individual stage participants to S3.sagemaker: [botocore] Adds support for model references in Hub service, and adds support for cross-account access of Hubssecurityhub: [botocore] Documentation updates for Security Hubv1.34.130Compare Source
========
artifact: [botocore] This release adds an acceptanceType field to the ReportSummary structure (used in the ListReports API response).athena: [botocore] Add v2 smoke tests and smithy smokeTests trait for SDK testing.cur: [botocore] Add v2 smoke testConfiguration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by Mend Renovate. View repository job log here.