UNCLASSIFIED - NO CUI

Skip to content

Update all dependencies

renovate requested to merge renovate/all into development

This MR contains the following updates:

Package Change Age Adoption Passing Confidence
boto3 ==1.26.135 -> ==1.26.140 age adoption passing confidence
requests (source, changelog) ==2.30.0 -> ==2.31.0 age adoption passing confidence

Dependency Lookup Warnings

Warnings were logged while processing this repo. Please check the logs for more information.


Release Notes

boto/boto3

v1.26.140

Compare Source

========

  • api-change:appsync: [botocore] This release introduces AppSync Merged APIs, which provide the ability to compose multiple source APIs into a single federated/merged API.
  • api-change:connect: [botocore] Amazon Connect Evaluation Capabilities: validation improvements
  • api-change:cur: [botocore] Add support for split cost allocation data on a report.
  • api-change:sagemaker: [botocore] SageMaker now provides an instantaneous deployment recommendation through the DescribeModel API

v1.26.139

Compare Source

========

  • api-change:fms: [botocore] Fixes issue that could cause calls to GetAdminScope and ListAdminAccountsForOrganization to return a 500 Internal Server error.
  • api-change:sagemaker: [botocore] Added ModelNameEquals, ModelPackageVersionArnEquals in request and ModelName, SamplePayloadUrl, ModelPackageVersionArn in response of ListInferenceRecommendationsJobs API. Added Invocation timestamps in response of DescribeInferenceRecommendationsJob API & ListInferenceRecommendationsJobSteps API.
  • api-change:translate: [botocore] Added support for calling TranslateDocument API.

v1.26.138

Compare Source

========

  • api-change:backup: [botocore] Added support for tags on restore.
  • api-change:pinpoint: [botocore] Amazon Pinpoint is deprecating the tags parameter in the UpdateSegment, UpdateCampaign, UpdateEmailTemplate, UpdateSmsTemplate, UpdatePushTemplate, UpdateInAppTemplate and UpdateVoiceTemplate. Amazon Pinpoint will end support tags parameter by May 22, 2023.
  • api-change:quicksight: [botocore] Add support for Asset Bundle, Geospatial Heatmaps.

v1.26.137

Compare Source

========

  • api-change:backup: [botocore] Add ResourceArn, ResourceType, and BackupVaultName to ListRecoveryPointsByLegalHold API response.
  • api-change:connectcases: [botocore] This release adds the ability to create fields with type Url through the CreateField API. For more information see https://docs.aws.amazon.com/cases/latest/APIReference/Welcome.html
  • api-change:mediapackagev2: [botocore] Adds support for the MediaPackage Live v2 API
  • api-change:sesv2: [botocore] This release allows customers to update scaling mode property of dedicated IP pools with PutDedicatedIpPoolScalingAttributes call.

v1.26.136

Compare Source

========

  • api-change:athena: [botocore] Removing SparkProperties from EngineConfiguration object for StartSession API call
  • api-change:cloudtrail: [botocore] Add ConflictException to PutEventSelectors, add (Channel/EDS)ARNInvalidException to Tag APIs. These exceptions provide customers with more specific error messages instead of internal errors.
  • api-change:compute-optimizer: [botocore] In this launch, we add support for showing integration status with external metric providers such as Instana, Datadog ...etc in GetEC2InstanceRecommendations and ExportEC2InstanceRecommendations apis
  • api-change:connect: [botocore] You can programmatically create and manage prompts using APIs, for example, to extract prompts stored within Amazon Connect and add them to your Amazon S3 bucket. AWS CloudTrail, AWS CloudFormation and tagging are supported.
  • api-change:ec2: [botocore] Add support for i4g.large, i4g.xlarge, i4g.2xlarge, i4g.4xlarge, i4g.8xlarge and i4g.16xlarge instances powered by AWS Graviton2 processors that deliver up to 15% better compute performance than our other storage-optimized instances.
  • api-change:ecs: [botocore] Documentation only release to address various tickets.
  • api-change:mediaconvert: [botocore] This release introduces a new MXF Profile for XDCAM which is strictly compliant with the SMPTE RDD 9 standard and improved handling of output name modifiers.
  • api-change:rds: [botocore] RDS documentation update for the EngineVersion parameter of ModifyDBSnapshot
  • api-change:sagemaker-geospatial: [botocore] This release makes ExecutionRoleArn a required field in the StartEarthObservationJob API.
  • api-change:sts: [botocore] API updates for the AWS Security Token Service
psf/requests

v2.31.0

Compare Source

Security

  • Versions of Requests between v2.3.0 and v2.30.0 are vulnerable to potential forwarding of Proxy-Authorization headers to destination servers when following HTTPS redirects.

    When proxies are defined with user info (https://user:pass@proxy:8080), Requests will construct a Proxy-Authorization header that is attached to the request to authenticate with the proxy.

    In cases where Requests receives a redirect response, it previously reattached the Proxy-Authorization header incorrectly, resulting in the value being sent through the tunneled connection to the destination server. Users who rely on defining their proxy credentials in the URL are strongly encouraged to upgrade to Requests 2.31.0+ to prevent unintentional leakage and rotate their proxy credentials once the change has been fully deployed.

    Users who do not use a proxy or do not supply their proxy credentials through the user information portion of their proxy URL are not subject to this vulnerability.

    Full details can be read in our Github Security Advisory and CVE-2023-32681.


Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This MR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this MR, check this box

This MR has been generated by Renovate Bot.

Edited by renovate

Merge request reports