[SECURITY] Renovate Update Security Alerts [SECURITY] #123
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
renovate
bot
added
dependencies
renovate
bot
force-pushed
the
renovate-all-minor-patch-updates
branch
11 times, most recently
from
d9f0e8e to
b258922
Compare
renovate
bot
force-pushed
the
renovate-all-minor-patch-updates
branch
3 times, most recently
from
0b19203 to
0d16023
Compare
github-actions
bot
added
documentation
renovate
bot
force-pushed
the
renovate-all-minor-patch-updates
branch
8 times, most recently
from
a56fcbf to
aeda4f0
Compare
renovate
bot
force-pushed
the
renovate-all-minor-patch-updates
branch
2 times, most recently
from
fe3b153 to
9e176f1
Compare
github-actions
bot
removed
documentation
renovate
bot
force-pushed
the
renovate-all-minor-patch-updates
branch
from
9e176f1 to
cedc8a2
Compare
github-actions
bot
added
documentation
renovate
bot
force-pushed
the
renovate-all-minor-patch-updates
branch
3 times, most recently
from
68077f7 to
0d78181
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate-all-minor-patch-updates
branch
from
986e707 to
5100bb5
Compare
Edited/Blocked NotificationRenovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR. You can manually request rebase by checking the rebase/retry box above. ⚠ Warning: custom changes will be lost. |
nickdavis2001
approved these changes
May 7, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
==3.0.2->==3.0.35.45.0->5.48.0==1.34.87->==1.34.981.34.99==2.7.0->==2.14.2==7.4.4->==7.5.07.5.1==2.21.3->==2.22.0v1.44.284->v1.52.2v1.52.3v1.44.281->v1.52.2v1.52.3v7.2.6->v7.4.0v3.25.1->v3.25.31.8.0->1.8.2==4.21.1->==4.22.0==2.1.1->==2.1.5==8.1.1->==8.2.0==3.5.0->==3.6.13.8-slim->3.12-slim3.8-slim-buster->3.11-slim-buster==1.0.1->==1.2.3GitHub Vulnerability Alerts
CVE-2024-34069
The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, and enter the debugger PIN, but if they are successful it allows access to the debugger even if it is only running on localhost. This also requires the attacker to guess a URL in the developer's application that will trigger the debugger.
Release Notes
hashicorp/terraform-provider-aws (aws)
v5.48.0Compare Source
FEATURES:
aws_bedrockagent_agent_knowledge_base_association(#37185)ENHANCEMENTS:
force_destroyargument (#37130)SINGLE_AZ_1andMULTI_AZ_1deployment types (#36511)storage_capacitymaximum to 1PiB (#36511)ha_pairs(#36511)throughput_capacity_per_ha_pairto support all values fromthroughput_capacity(#36511)aggregate_configurationconfiguration block (#36511)size_in_bytesandvolume_stylearguments (#36511)BUG FIXES:
table_configurationsexpand/flatten (#37205)auth_parameters.oauth.oauth_http_parametersorauth_parameters.invocation_http_parametersbody,headerandquery_stringconfiguration blocks (#26755)unexpected state 'snapshotting'errors when increasing or decreasing replica count (#30493)v5.47.0Compare Source
NOTES:
FEATURES:
aws_identitystore_groups(#36993)aws_bcmdataexports_export(#36847)aws_bedrockagent_agent(#36851)aws_bedrockagent_agent_action_group(#36935)aws_bedrockagent_agent_alias(#36905)aws_bedrockagent_knowledge_base(#36783)aws_globalaccelerator_cross_account_attachment(#35991)aws_verifiedpermissions_policy(#35413)ENHANCEMENTS:
arnattribute (#35991)root_resource_idon resource Read (#37040)spec.service_discoveryargument (#37042)dedicated_log_volumeargument (#36503)arnattribute (#35991)transit_encryption_modeargument (#30403)transit_encryption_enabledargument can now be done in-place for engine versions >7.0.5(#30403)snowflake_configurationargument (#36646)code_editor_app_image_configandjupyter_lab_image_config.jupyter_lab_image_configarguments (#37059)kernel_gateway_image_config.kernel_specMaxItems to 5 (#37059)sftp_authentication_methodsargument (#37015)BUG FIXES:
revisiondo not trigger changes in dependent resources and/or cause an error, "Provider produced inconsistent final plan" (#37111)and,notandoroperand nesting for theruleargument (#30862)v5.46.0Compare Source
NOTES:
template_bodyofaws_cloudformation_stack, CRLF was previously treated as different from LF but these are now treated as equivalent in many situations (#14270)FEATURES:
aws_eip_domain_name(#36963)ENHANCEMENTS:
client_keep_aliveargument (#36969)ptr_recordattribute (#36963)attachment_countattribute (#36759)client_keep_aliveargument (#36969)master_account_nameattribute (#36797)ipv6_address_preferred_lease_timeattribute (#36934)client_keep_aliveargument (#36969)alarm_specificationto theinstance_refresh.preferencesconfiguration block (#36954)lambdaandmediapackagev2as valid values fororigin_access_control_origin_type(#34362)force_destroyattribute (#34905)report_build_statusandbuild_status_configarguments (#36942)ipv6_address_preferred_lease_timeas Computed attribute (#36934)resource_identifierargument (#36901)ptr_recordattribute (#36963)minimumattribute incache_usage_limits.data_storageandcache_usage_limits.ecpu_per_second(#36766)endpoint_ip_addressattribute (#36767)attachment_countattribute (#36759)execution_roleandworkflowarguments (#36953)client_keep_aliveargument (#36969)database_vpc_endpoint_serviceandwebserver_vpc_endpoint_serviceattributes (#36903)master_account_nameattribute (#36797)security_policy_nameargument (#36893)ipv6_address_preferred_lease_timeattribute (#36934)cascadeargument (#36898)BUG FIXES:
ConflictExceptionerrors on resource Create (#36980)monitor_dimensionto ForceNew (#36773)account_idto ForceNew (#36773)template_bodyno longer cause erroneous diffs (#14270)interface conversion: interface {} is nil, not map[string]interface {}panic whenauthis empty ({}) (#36967)replication_settingsto disallowLogging.CloudWatchLogGroupandLogging.CloudWatchLogStream. (#36936)replication_settingsJSON documents. (#36936)replication_task_settingsto disallowLogging.CloudWatchLogGroupandLogging.CloudWatchLogStream. (#36936)replication_task_settingsunset to use default settings. (#36936)replication_task_settingsJSON documents. (#36936)BadRequest: AuditLogDestination must not be provided when auditing is disabledwhen updatingaudit_log_configuration.0.file_access_audit_log_levelandaudit_log_configuration.0.file_share_access_audit_log_levelto"DISABLED"(#36928)number_of_workersandworker_typeas optional/computed, preventing persistent differences whenmax_capacityis set. (#36770)password_reset_requiredistrueand initial password reset is completed (#36926)certificate_nameon create and update (#36888)NotFounderror handling on delete (#36933)boto/boto3 (boto3)
v1.34.98Compare Source
=======
bedrock-agent: [botocore] This release adds support for using Provisioned Throughput with Bedrock Agents.connect: [botocore] This release adds 5 new APIs for managing attachments: StartAttachedFileUpload, CompleteAttachedFileUpload, GetAttachedFile, BatchGetAttachedFileMetadata, DeleteAttachedFile. These APIs can be used to programmatically upload and download attachments to Connect resources, like cases.connectcases: [botocore] This feature supports the release of Files related itemsdatasync: [botocore] Updated guidance on using private or self-signed certificate authorities (CAs) with AWS DataSync object storage locations.inspector2: [botocore] This release adds CSV format to GetCisScanReport for Inspector v2sagemaker: [botocore] Amazon SageMaker Inference now supports m6i, c6i, r6i, m7i, c7i, r7i and g5 instance types for Batch Transform Jobssesv2: [botocore] Adds support for specifying replacement headers per BulkEmailEntry in SendBulkEmail in SESv2.v1.34.97Compare Source
=======
dynamodb: [botocore] This release adds support to specify an optional, maximum OnDemandThroughput for DynamoDB tables and global secondary indexes in the CreateTable or UpdateTable APIs. You can also override the OnDemandThroughput settings by calling the ImportTable, RestoreFromPointInTime, or RestoreFromBackup APIs.ec2: [botocore] This release includes a new API for retrieving the public endorsement key of the EC2 instance's Nitro Trusted Platform Module (NitroTPM).personalize: [botocore] This releases ability to delete users and their data, including their metadata and interactions data, from a dataset group.redshift-serverless: [botocore] Update Redshift Serverless List Scheduled Actions Output Response to include Namespace Name.v1.34.96Compare Source
=======
bedrock-agent: [botocore] This release adds support for using MongoDB Atlas as a vector store when creating a knowledge base.ec2: [botocore] Documentation updates for Amazon EC2.personalize-runtime: [botocore] This release adds support for a Reason attribute for predicted items generated by User-Personalization-v2.securityhub: [botocore] Updated CreateMembers API request with limits.sesv2: [botocore] Fixes ListContacts and ListImportJobs APIs to use POST instead of GET.v1.34.95Compare Source
=======
chime-sdk-voice: [botocore] Due to changes made by the Amazon Alexa service, GetSipMediaApplicationAlexaSkillConfiguration and PutSipMediaApplicationAlexaSkillConfiguration APIs are no longer available for use. For more information, refer to the Alexa Smart Properties page.codeartifact: [botocore] Add support for the Ruby package format.fms: [botocore] AWS Firewall Manager now supports the network firewall service stream exception policy feature for accounts within your organization.omics: [botocore] Add support for workflow sharing and dynamic run storageopensearch: [botocore] This release enables customers to create Route53 A and AAAA alias record types to point custom endpoint domain to OpenSearch domain's dualstack search endpoint.pinpoint-sms-voice-v2: [botocore] Amazon Pinpoint has added two new features Multimedia services (MMS) and protect configurations. Use the three new MMS APIs to send media messages to a mobile phone which includes image, audio, text, or video files. Use the ten new protect configurations APIs to block messages to specific countries.qbusiness: [botocore] This is a general availability (GA) release of Amazon Q Business. Q Business enables employees in an enterprise to get comprehensive answers to complex questions and take actions through a unified, intuitive web-based chat experience - using an enterprise's existing content, data, and systems.quicksight: [botocore] New Q embedding supporting Generative Q&Aroute53resolver: [botocore] Release of FirewallDomainRedirectionAction parameter on the Route 53 DNS Firewall Rule. This allows customers to configure a DNS Firewall rule to inspect all the domains in the DNS redirection chain (default) , such as CNAME, ALIAS, DNAME, etc., or just the first domain and trust the rest.sagemaker: [botocore] Amazon SageMaker Training now supports the use of attribute-based access control (ABAC) roles for training job execution roles. Amazon SageMaker Inference now supports G6 instance types.signer: [botocore] Documentation updates for AWS Signer. Adds cross-account signing constraint and definitions for cross-account actions.v1.34.94Compare Source
=======
amplify: [botocore] Updating max results limit for listing any resources (Job, Artifacts, Branch, BackendResources, DomainAssociation) to 50 with the exception of list apps that where max results can be up to 100.connectcases: [botocore] This feature releases DeleteField, DeletedLayout, and DeleteTemplate API'sinspector2: [botocore] Update Inspector2 to include new Agentless API parameters.timestream-query: [botocore] This change allows users to update and describe account settings associated with their accounts.transcribe: [botocore] This update provides error messaging for generative call summarization in Transcribe Call Analyticstrustedadvisor: [botocore] This release adds the BatchUpdateRecommendationResourceExclusion API to support batch updates of Recommendation Resource exclusion statuses and introduces a new exclusion status filter to the ListRecommendationResources and ListOrganizationRecommendationResources APIs.v1.34.93Compare Source
=======
codepipeline: [botocore] Add ability to manually and automatically roll back a pipeline stage to a previously successful execution.cognito-idp: [botocore] Add LimitExceededException to SignUp errorsconnectcampaigns: [botocore] This release adds support for specifying if Answering Machine should wait for prompt sound.marketplace-entitlement: [botocore] Releasing minor endpoint updates.oam: [botocore] This release introduces support for Source Accounts to define which Metrics and Logs to share with the Monitoring Accountrds: [botocore] SupportsLimitlessDatabase field added to describe-db-engine-versions to indicate whether the DB engine version supports Aurora Limitless Database.support: [botocore] Releasing minor endpoint updates.v1.34.92Compare Source
=======
appsync: [botocore] UpdateGraphQLAPI documentation update and datasource introspection secret arn updatefms: [botocore] AWS Firewall Manager adds support for network ACL policies to manage Amazon Virtual Private Cloud (VPC) network access control lists (ACLs) for accounts in your organization.ivs: [botocore] Bug Fix: IVS does not support arns with thesvsprefixivs-realtime: [botocore] Bug Fix: IVS Real Time does not support ARNs using thesvsprefix.rds: [botocore] Updates Amazon RDS documentation for setting local time zones for RDS for Db2 DB instances.stepfunctions: [botocore] Add new ValidateStateMachineDefinition operation, which performs syntax checking on the definition of a Amazon States Language (ASL) state machine.v1.34.91Compare Source
=======
datasync: [botocore] This change allows users to disable and enable the schedules associated with their tasks.ec2: [botocore] Launching capability for customers to enable or disable automatic assignment of public IPv4 addresses to their network interfaceemr-containers: [botocore] EMRonEKS Service support for SecurityConfiguration enforcement for Spark Jobs.entityresolution: [botocore] Support Batch Unique IDs Deletion.gamelift: [botocore] Amazon GameLift releases container fleets support for public preview. Deploy Linux-based containerized game server software for hosting on Amazon GameLift.ssm: [botocore] Add SSM DescribeInstanceProperties API to public AWS SDK.v1.34.90Compare Source
=======
bedrock: [botocore] This release introduces Model Evaluation and Guardrails for Amazon Bedrock.bedrock-agent: [botocore] Introducing the ability to create multiple data sources per knowledge base, specify S3 buckets as data sources from external accounts, and exposing levers to define the deletion behavior of the underlying vector store data.bedrock-agent-runtime: [botocore] This release introduces zero-setup file upload support for the RetrieveAndGenerate API. This allows you to chat with your data without setting up a Knowledge Base.bedrock-runtime: [botocore] This release introduces Guardrails for Amazon Bedrock.ce: [botocore] Added additional metadata that might be applicable to your reservation recommendations.ec2: [botocore] This release introduces EC2 AMI Deregistration Protection, a new AMI property that can be enabled by customers to protect an AMI against an unintended deregistration. This release also enables the AMI owners to view the AMI 'LastLaunchedTime' in DescribeImages API.pi: [botocore] Clarifies how aggregation works for GetResourceMetrics in the Performance Insights API.rds: [botocore] Fix the example ARN for ModifyActivityStreamRequestworkspaces-web: [botocore] Added InstanceType and MaxConcurrentSessions parameters on CreatePortal and UpdatePortal Operations as well as the ability to read Customer Managed Key & Additional Encryption Context parameters on supported resources (Portal, BrowserSettings, UserSettings, IPAccessSettings)v1.34.89Compare Source
=======
bedrock-agent: [botocore] Releasing the support for simplified configuration and return of controlbedrock-agent-runtime: [botocore] Releasing the support for simplified configuration and return of controlpayment-cryptography: [botocore] Adding support to TR-31/TR-34 exports for optional headers, allowing customers to add additional metadata (such as key version and KSN) when exporting keys from the service.redshift-serverless: [botocore] Updates description of schedule field for scheduled actions.route53profiles: [botocore] Route 53 Profiles allows you to apply a central DNS configuration across many VPCs regardless of account.sagemaker: [botocore] This release adds support for Real-Time Collaboration and Shared Space for JupyterLab App on SageMaker Studio.servicediscovery: [botocore] This release adds examples to several Cloud Map actions.transfer: [botocore] Adding new API to support remote directory listing using SFTP connectorv1.34.88Compare Source
=======
glue: [botocore] Adding RowFilter in the response for GetUnfilteredTableMetadata APIinternetmonitor: [botocore] This update introduces the GetInternetEvent and ListInternetEvents APIs, which provide access to internet events displayed on the Amazon CloudWatch Internet Weather Map.personalize: [botocore] This releases auto training capability while creating a solution and automatically syncing latest solution versions when creating/updating a campaignspec-first/connexion (connexion)
v2.14.2Compare Source
What's Changed
Full Changelog: spec-first/connexion@2.14.1...2.14.2
v2.14.1Compare Source
What's Changed
New Contributors
Full Changelog: spec-first/connexion@2.14.0...2.14.1
v2.14.0Compare Source
What's Changed
New Contributors
Full Changelog: spec-first/connexion@2.13.1...2.14.0
v2.13.1Compare Source
What's Changed
Full Changelog: spec-first/connexion@2.13.0...2.13.1
v2.13.0Compare Source
What's Changed
New Contributors
Full Changelog: spec-first/connexion@2.12.0...2.13.0
v2.12.0Compare Source
What's Changed
New Contributors
Full Changelog: spec-first/connexion@2.11.2...2.12.0
v2.11.2Compare Source
What's Changed
New Contributors
Full Changelog: spec-first/connexion@2.11.1...2.11.2
v2.11.1Compare Source
What's Changed
Full Changelog: spec-first/connexion@2.11.0...2.11.1
v2.11.0Compare Source
What's Changed
New Contributors
Full Changelog: spec-first/connexion@2.10.0...2.11.0
v2.10.0Compare Source
Note
~Due to unavailability of maintainers with access to the
connexionPyPi project, this version has been released under a new PyPi projectconnexion2for now:https://pypi.org/project/connexion2/~
EDIT 15/01/2022: This version is now available under the main PyPi repository:
https://pypi.org/project/connexion/2.10.0/
Changelog
Full Changelog: spec-first/connexion@2.9.0...2.10.0
v2.9.0Compare Source
Release with new (backwards-compatible) features: https://pypi.org/project/connexion/2.9.0/
Notable changes:
required: falsefor headers [#1293](https://github.com/spec-first/cConfiguration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by Mend Renovate. View repository job log here.