[Snyk] Upgrade @cumulus/aws-client from 18.3.0 to 18.3.1 #3755
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade @cumulus/aws-client from 18.3.0 to 18.3.1.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 1 version ahead of your current version.
The recommended version was released on 21 days ago.
Release notes
Package name: @cumulus/aws-client
Migration Notes
CUMULUS-3433 Update to node.js v20
The following applies only to users with a custom value configured for
async_operation_image
:As part of the node v20 update process, a new version (52) of the Core
async-operation container was published - cumuluss/async
operation The
default value for
async_operation_image
has been updated in thecumulus
module, however if you are using an internal image repository such as ECR,
please make sure to update your deployment configuration with the newly
provided image.
Users making use of a custom image configuration should note the base image
for Core async operations must support node v20.x.
CUMULUS-3617 Migration of DLA messages should be performed after Cumulus is upgraded
Instructions for migrating old DLA (Dead Letter Archive) messages to new format:
YYYY-MM-DD
subfolders to organize by dateTo invoke the Lambda and start the DLA migration, you can use the AWS Console or CLI:
PREFIX
is your Cumulus deployment prefix.OUTFILE
(optional) is the filepath where the Lambda output will be saved.The Lambda will trigger an Async Operation and return an
id
such as:which you can then query the Async Operations API
Endpoint for the
output or status of your request. If you want to directly observe the progress
of the migration as it runs, you can view the CloudWatch logs for your async
operations (e.g.
PREFIX-AsyncOperationEcsLogs
).CUMULUS-3779 async_operations Docker image version upgrade
The
async-operation
Docker image has been updated to support Node v20 andaws-sdk
v3. Users of the image will needto update to at least async-operations:52.
CUMULUS-3776 cumulus-ecs-task Docker image version upgrade
The
cumulus-ecs-task
Docker image has been updated to support Node v20 andaws-sdk
v3. Users of the image will needto update to at least cumulus-ecs-task:2.1.0.
Breaking Changes
CUMULUS-3618
es
in favor of new class for managingelasticsearch clients
EsClient
which allows for credentialrefresh/reset. Updated api/es-client code to
utilize new pattern. Users making use of @ cumulus/es-client should
update their code to make use of the new EsClient create/initialize pattern.
a new EsClient.
CUMULUS-2889
client from the
@ cumulus/aws-client
package.CUMULUS-2890
from the
@ cumulus/aws-client
package.CUMULUS-3323
@ cumulus/db
to by default set thessl
option for knex, andreject non-SSL connections via use of the
rejectUnauthorized
configurationflag. This causes all Cumulus database connections to require SSL (CA or
self-signed) and reject connectivity if the database does not provide SSL.
Users using serverless v1/
cumulus-rds-tf
should not be impacted by thischange as certs are provided by default. Users using databases that do not
provide SSL should update their database secret with the optional value
disableSSL
set totrue
cumulus-rds-tf
to setrds.force_ssl
to1
, forcing SSL enabledconnections in the
db_parameters
configuration. Users of this moduledefining their own
db_parameters
should make this configuration change to allow only SSLconnections to the RDS datastore.
CUMULUS-2897
from the
@ cumulus/aws-client
package.CUMULUS-3779
support
aws-sdk
v3 changes.Added
tf-modules/monitoring
module now deploys Glue table for querying dead-letter-archive messages.importGot
helper method to importgot
as an ESM module inCommmonJS typescript/webpack clients.
using a PKCS11 provider
Changed
@ cumulus/api/lib
@ cumulus/ingest/HttpProviderClient
to use direct injection test mocks, and remove rewire from unit tests@ cumulus/ingest
unit test HTTPs server to accept localhost POSTrequests, and removed nock dependency from tests involving
fs.Readstream
and
got
due to a likely incompatibility with changes in node v18,got
,fs.Readstream and nock when used in combination in units
(sindresorhus/got#2341)
got
dependency in@ cumulus/ingest
to use@ cumulus/common
dynamic import helper /
got
> v10 in CommonJS.YYYY-MM-DD
subfolder of S3 dead letter archive.@ cumulus/aws-client
lambda service to use AWS SDK v3send
syntaxaws-client
's EC2 client to use AWS SDK v3.aws-sdk
fromes-client
package by replacing credential fetching withthe
@ aws-sdk/credential-providers
AWS SDK v3 package.aws-sdk
from all cumulus packages and replaces usages with AWS SDK v3 clients.disableSSL
as a valid database secret key - setting this in your database credentials willdisable SSL for all Core database connection attempts.
rejectUnauthorized
as a valid database secret key - settingthis to
false
in your database credentials will allow self-signed certs/certs with an unrecognized authority.cumulus-rds-tf
to setforce_ssl
to 1. This setting for the Aurora Serverless v1 database disallows non-SSL
connections to the database, and is intended to help enforce security
compliance rules. This update can be opted-out by supplying a non-default
db_parameters
set in the terraform configuration.@ cumulus/lzards-backup
task to either respect thelzards_provider
terraform configuration value or utilize
lzardsProvider
as part of the taskworkflow configuration
@ cumulus/lzards-api-client
to:@ cumulus/launchpad-auth
example/cumulus-tf/orca.tf
to use v9.0.4aws-client
's ES client to use AWS SDK v3.YYYY-MM-DD
subfolder@ cumulus/aws-client/S3/recursivelyDeleteS3Bucket
to handle bucket with more than 1000 objects.Fixed
ProvisionUserDatabase
lambda to correctly pass in knex/node debugflags to knex custom code
@ cumulus/api
to no longer improperly pass PATCH/PUT null values to Eventbridge rules@ cumulus/es-client
credentialing issue in instance wherelambda/Fargate task runtime would exceed the timeout for the es-client. Added retry/credential
refresh behavior to
@ cumulus/es-client/indexer.genericRecordUpdate
to ensure record indexingdoes not fail in those instances.
index-from-database
lambda to utilize updated es-client to preventcredentialing timeout in long-running ECS jobs.
packaging the aws-sdk v3 with our code is no longer necessary and prevented some packages from being
published to npm.
Release 18.3.0
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information: