Update all dependencies
This MR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| boto3 |
==1.26.135 -> ==1.26.140
|
 |
|
|
|
| requests (source, changelog) |
==2.30.0 -> ==2.31.0
|
|
|
|
|
⚠ Dependency Lookup Warnings ⚠
Warnings were logged while processing this repo. Please check the logs for more information.
Release Notes
boto/boto3
v1.26.140
========
- api-change:
appsync: [botocore] This release introduces AppSync Merged APIs, which provide the ability to compose multiple source APIs into a single federated/merged API. - api-change:
connect: [botocore] Amazon Connect Evaluation Capabilities: validation improvements - api-change:
cur: [botocore] Add support for split cost allocation data on a report. - api-change:
sagemaker: [botocore] SageMaker now provides an instantaneous deployment recommendation through the DescribeModel API
v1.26.139
========
- api-change:
fms: [botocore] Fixes issue that could cause calls to GetAdminScope and ListAdminAccountsForOrganization to return a 500 Internal Server error. - api-change:
sagemaker: [botocore] Added ModelNameEquals, ModelPackageVersionArnEquals in request and ModelName, SamplePayloadUrl, ModelPackageVersionArn in response of ListInferenceRecommendationsJobs API. Added Invocation timestamps in response of DescribeInferenceRecommendationsJob API & ListInferenceRecommendationsJobSteps API. - api-change:
translate: [botocore] Added support for calling TranslateDocument API.
v1.26.138
========
- api-change:
backup: [botocore] Added support for tags on restore. - api-change:
pinpoint: [botocore] Amazon Pinpoint is deprecating the tags parameter in the UpdateSegment, UpdateCampaign, UpdateEmailTemplate, UpdateSmsTemplate, UpdatePushTemplate, UpdateInAppTemplate and UpdateVoiceTemplate. Amazon Pinpoint will end support tags parameter by May 22, 2023. - api-change:
quicksight: [botocore] Add support for Asset Bundle, Geospatial Heatmaps.
v1.26.137
========
- api-change:
backup: [botocore] Add ResourceArn, ResourceType, and BackupVaultName to ListRecoveryPointsByLegalHold API response. - api-change:
connectcases: [botocore] This release adds the ability to create fields with type Url through the CreateField API. For more information see https://docs.aws.amazon.com/cases/latest/APIReference/Welcome.html - api-change:
mediapackagev2: [botocore] Adds support for the MediaPackage Live v2 API - api-change:
sesv2: [botocore] This release allows customers to update scaling mode property of dedicated IP pools with PutDedicatedIpPoolScalingAttributes call.
v1.26.136
========
- api-change:
athena: [botocore] Removing SparkProperties from EngineConfiguration object for StartSession API call - api-change:
cloudtrail: [botocore] Add ConflictException to PutEventSelectors, add (Channel/EDS)ARNInvalidException to Tag APIs. These exceptions provide customers with more specific error messages instead of internal errors. - api-change:
compute-optimizer: [botocore] In this launch, we add support for showing integration status with external metric providers such as Instana, Datadog ...etc in GetEC2InstanceRecommendations and ExportEC2InstanceRecommendations apis - api-change:
connect: [botocore] You can programmatically create and manage prompts using APIs, for example, to extract prompts stored within Amazon Connect and add them to your Amazon S3 bucket. AWS CloudTrail, AWS CloudFormation and tagging are supported. - api-change:
ec2: [botocore] Add support for i4g.large, i4g.xlarge, i4g.2xlarge, i4g.4xlarge, i4g.8xlarge and i4g.16xlarge instances powered by AWS Graviton2 processors that deliver up to 15% better compute performance than our other storage-optimized instances. - api-change:
ecs: [botocore] Documentation only release to address various tickets. - api-change:
mediaconvert: [botocore] This release introduces a new MXF Profile for XDCAM which is strictly compliant with the SMPTE RDD 9 standard and improved handling of output name modifiers. - api-change:
rds: [botocore] RDS documentation update for the EngineVersion parameter of ModifyDBSnapshot - api-change:
sagemaker-geospatial: [botocore] This release makes ExecutionRoleArn a required field in the StartEarthObservationJob API. - api-change:
sts: [botocore] API updates for the AWS Security Token Service
psf/requests
v2.31.0
Security
-
Versions of Requests between v2.3.0 and v2.30.0 are vulnerable to potential forwarding of
Proxy-Authorizationheaders to destination servers when following HTTPS redirects.When proxies are defined with user info (https://user:pass@proxy:8080), Requests will construct a
Proxy-Authorizationheader that is attached to the request to authenticate with the proxy.In cases where Requests receives a redirect response, it previously reattached the
Proxy-Authorizationheader incorrectly, resulting in the value being sent through the tunneled connection to the destination server. Users who rely on defining their proxy credentials in the URL are strongly encouraged to upgrade to Requests 2.31.0+ to prevent unintentional leakage and rotate their proxy credentials once the change has been fully deployed.Users who do not use a proxy or do not supply their proxy credentials through the user information portion of their proxy URL are not subject to this vulnerability.
Full details can be read in our Github Security Advisory and CVE-2023-32681.
Configuration
-
If you want to rebase/retry this MR, check this box
This MR has been generated by Renovate Bot.