chore(deps): bump requests from 2.31.0 to 2.32.2 in /packages/@aws-cdk/aws-lambda-python-alpha/test/lambda-handler #2
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
dependabot
bot
added
dependencies
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
|
Comments on closed issues and PRs are hard for our team to see. |
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
…ws#30186) ### Issue # (if applicable) Closes aws#27128 ### Reason for this change The `--quiet` flag on the `cdk diff` command prevents the stack name and default message from being printed when no diff exists. If diffs exist, the stack name and diffs are expected to be printed, but currently, the stack name is not printed, and it is difficult to determine which stack the diff is for. for example: ```bash $ cdk diff --quiet Resources [~] AWS::S3::Bucket MyFirstBucket MyFirstBucketB8884501 ├─ [~] DeletionPolicy │ ├─ [-] Delete │ └─ [+] Retain └─ [~] UpdateReplacePolicy ├─ [-] Delete └─ [+] Retain ✨ Number of stacks with differences: 1 ``` This PR will fix to print the stack name when the `--quiet` flag is specified and diffs exist. ### Description of changes Changed the position of the `fullDiff` function call. It is possible to output the stack name in the `printSecurityDiff` or `printStackDiff` functions, but since the message has already been output before these functions are called, the stack name must be output first. I think it would be more user-friendly to have all messages after the output of the stack name, but if this is not the case, please point this out. ### Description of how you validated changes I added a unit test to confirm to print the stack name when diff exists. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
The CLI prints deployment errors 3 times. This is caused by an catching an error, printing it, and then throwing it again; to another `catch` statement that catches the error, prints it, and then throws it again. In this PR, get rid of one catch and change the error that gets rethrown in a different case. Also in this PR: fix the inconsistency of printing the progress of asset publishing. Compared to the progress of stack deployments, the stack name isn't bold and there is a single space offset. (A little work to change the printing, a LOT of work to get the integration+regression tests to pass, that all assert way too many specifics about the error messages that get printed to the screen) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) Closes #<issue number here>. ### Reason for this change Added Meta Llama 3.2 models. - meta.llama3-2-1b-instruct-v1:0 - meta.llama3-2-3b-instruct-v1:0 - meta.llama3-2-11b-instruct-v1:0 - meta.llama3-2-90b-instruct-v1:0 ref - https://aws.amazon.com/about-aws/whats-new/2024/09/llama-3-2-generative-ai-models-amazon-bedrock/ - https://docs.aws.amazon.com/bedrock/latest/userguide/model-ids.html ### Description of changes Added the models. ### Description of how you validated changes ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…n provider (aws#31482) ### Issue # (if applicable) N/A ### Reason for this change The authentication providers and their logic in this module have bad code smells, and thus, we have refactored them to bring the module more in line with CDK standards and best practices. In addition, the Digits authentication provider has been deprecated since September 2017, so it has been removed. ### Description of changes * Any modules relating to the Digits auth have been removed, as the service itself is deprecated. * The `IdentityPoolProviders` and `IdentityPoolAuthenticationProviders` interfaces have been merged, as there did not seem to be a reason to keep them separate, aside from differentiating third-party and internal providers. * Some grammar, punctuation, formatting, and capitalization changes ### Description of how you validated changes Unit tests and integration tests have been tweaked only as necessary to confirm these changes. Since they all still pass or show no need to be updated, we can confirm that this refactor does not affect them. The integration test has also been updated to reflect that the previous Google prop for `clientSecret` is deprecated, and use `clientSecretValue` instead. **BREAKING CHANGE**: The `IdentityPoolProviderType.DIGITS` and `IdentityPoolProviderUrl.DIGITS` enum values, and `IdentityPoolDigitsLoginProvider` interface have been removed, as well as the `digits` attribute of the `IdentityPoolAuthenticationProviders` interface. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…ter (aws#31524) ### Issue # (if applicable) Closes aws#31523 . ### Reason for this change Cloudformation supports [enabling local write forwarding](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbcluster.html#cfn-rds-dbcluster-enablelocalwriteforwarding) feature but AWS CDK does not support it. ### Description of changes - Add `enableLocalWriteForwarding` to `DatabaseClusterBaseProps` - Add validation that `engineType` is either `aurora` or `aurora-mysql` - Having `engineType` set to `aurora` means launching a MySQL-compatible Aurora cluster. ### Description of how you validated changes Add both unit and integ tests. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
aws#30563) ### Issue # (if applicable) Closes aws#26847. ### Reason for this change In the case of passwords generated by [DatabaseSecret](https://docs.aws.amazon.com/cdk/api/v2/docs/@aws-cdk_aws-redshift-alpha.DatabaseSecret.html), there may be a need to exclude certain characters. The original issue was to exclude the backtick character from passwords. However, the current default value of `excludeCharacters`, `'"@/\ ''`, matches the characters that are not supported in Redshift ([docs](https://docs.aws.amazon.com/redshift/latest/dg/r_CREATE_USER.html#r_CREATE_USER-parameters)). > It can use any ASCII characters with ASCII codes 33–126, except ' (single quotation mark), " (double quotation mark), \, /, or @. Instead of including the backtick in the default value of `excludeCharacters`, it was considered appropriate to make it configurable. ### Description of changes Add `excludeCharacters` property to specify characters to not include in generated passwords. ### Description of how you validated changes Add unit tests and integ tests. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Add new foundation model. Ref: * https://aws.amazon.com/about-aws/whats-new/2024/09/jamba-1-5-family-models-amazon-bedrock/ * https://docs.aws.amazon.com/bedrock/latest/userguide/model-ids.html Provider | Model name | Version | Model ID -- | -- | -- | -- AI21 Labs | Jamba 1.5 Large | 1.x | ai21.jamba-1-5-large-v1:0 AI21 Labs | Jamba 1.5 Mini | 1.x | ai21.jamba-1-5-mini-v1:0 ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…baseInstanceReadReplica (aws#31579) ### Issue # (if applicable) Closes aws#31061. ### Reason for this change Calling `grantConnect()` on an instance of `DatabaseInstanceReadReplica` generates an incorrect policy that uses the full ARN of the instance instead of the instanceResourceId value. It should have created policy with correct resource format `arn:aws:rds-db:region:account-id:dbuser:DbiResourceId/db-user-name` per [Creating and using an IAM policy for IAM database access](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.IAMPolicy.html). ### Description of changes Fixed the IAM policy that `grantConnect()` generates for `DatabaseInstanceReadReplica`. The change correctly sets the value of `instanceResourceId` to replica instance `attrDbiResourceId`. The value of `instanceResourceId` is used to generate IAM policy. ### Description of how you validated changes - Added new unit test. - Updated existing integration test. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…pi arn (aws#31567) ### Issue # (if applicable) Closes aws#31550. ### Reason for this change When using a lambda authorizer with a GraphqlAPI, the cdk automatically creates the AWS::Lambda::Permission required for the AppSync API to invoke the lambda authorizer. It does not however add a SourceArn. This conflicts with the control tower policy [[CT.LAMBDA.PR.2]](https://docs.aws.amazon.com/controltower/latest/controlreference/lambda-rules.html#ct-lambda-pr-2-description), and it is in general good practice to scope permissions. ### Description of changes Added new feature flag `APPSYNC_GRAPHQLAPI_SCOPE_LAMBDA_FUNCTION_PERMISSION`. Currently, when using a Lambda authorizer with an AppSync GraphQL API, the AWS CDK automatically generates the necessary AWS::Lambda::Permission to allow the AppSync API to invoke the Lambda authorizer. This permission is overly permissive because it lacks a SourceArn, meaning it allows invocations from any source. When this feature flag is enabled, the AWS::Lambda::Permission will be properly scoped with the SourceArn corresponding to the specific AppSync GraphQL API. ```ts ... config?.handler.addPermission(`${id}-appsync`, { principal: new ServicePrincipal('appsync.amazonaws.com'), action: 'lambda:InvokeFunction', sourceArn: this.arn, // <-- added when feature flag is enabled }); ... ``` ### Description of how you validated changes Unit + integ tests with feature flag enabled. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) None ### Reason for this change Adding an integ test of using ECS with Windows AMIs. This is currently missing, hence, is a test gap. ### Description of changes The integ test creates an ECS cluster and a Ec2Service that lives in EC2 instances. ### Description of how you validated changes N/A ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…ment (aws#31452) ### Issue # (if applicable) Closes aws#28579 ### Reason for this change The [CR lambda](https://github.com/aws/aws-cdk/blob/597228c1552a21f8dc7250a0be62160f838bb776/packages/%40aws-cdk/custom-resource-handlers/lib/aws-s3-deployment/bucket-deployment-handler/index.py#L138C14-L138C30) is essentially sending back the same data in the response which is hitting the limit for close to 50 object uploads. Particularly this is being a limitation when using servicecatalog.ProductStack, if there are local assets beyond a particular number, the Custom::CDKBucketDeployment would fail with the error Response object is too long which is a hard limit of 4096 bytes. ### Description of changes 1. Added a new property to control the custom resource sending large data and hitting the 4096 bytes limit even though the deployment operation is successful. 2. The property `outputObjectKeys` has been set to false by default for the service catalog product so that the error does not occur. ### Description of how you validated changes Validated using a sample stack with the property set and confirmed the behavior. Also, the existing deployments would be unaffected. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…s#31587) ### Issue # (if applicable) N/A ### Reason for this change - New warning following aws#31535 regarding the docstring ### Description of changes - update params in the docstring to match the function declaration ### Description of how you validated changes ### Checklist - [ ] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Add EventBridge API destination as a Pipes target. CloudFormation groups EventBridge API destination with API Gateway REST API as [PipeTargetHttpParameters](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-pipes-pipe-pipetargethttpparameters.html#cfn-pipes-pipe-pipetargethttpparameters-pathparametervalues), but I think separating them here similar to [aws-event-targets](https://github.com/aws/aws-cdk/tree/main/packages/aws-cdk-lib/aws-events-targets/lib) makes more sense, as API Gateway requires `stage`, `path`, and `method` (see [here](https://github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/aws-events-targets/lib/api-gateway.ts#L11-L32)).
### Reason for this change We would like to be able to send customers a notice when issues with bootstrap templates are discovered. ### Description of changes Currently, our notices mechanism can only match against CLI/Framework versions. In order to match against a bootstrap stack version, we need to hook into the deploy process, where we already perform bootstrap version checks. There were two options to implement the change: 1. Bubble up the bootstrap stack version all the up to the CLI entry-point, where notices are initialized. 2. Allow access to notices from anywhere in our CLI code base. I opted for number 2 because it is less disruptive (in terms of files changed) and more flexible for future code that might want to take advantage of the notices mechanism. The tricky thing is, notices are dependent on user configuration (i.e `Configuration`), which we don't have access to in this part of the code. To make it work, I created a new `Notices` singleton class. It is instantiated in the CLI entry-point (via `Notices.create` with user configuration), and can then be accessed from anywhere in the code (via `Notices.get()`). This change resulted in a pretty big refactor to the notices code, but keeps everything else untouched. ### Docs Documentation of enhanced notice authoring capabilities: cdklabs/aws-cdk-notices#631 ### Description of how you validated changes Added unit tests. ### Checklist - [X] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…ation-order-dependent (aws#31470) ### Issue # (if applicable) Closes aws#31345. ### Reason for this change Any stringified value containing an intrinsic will use a custom resource to resolve this value at deploy time. Today, this custom resource's logical ID will take the form `'CDKJsonStringify<number>'`, where <number> is a counter incremented for each stringified value. This results in resource replacement updates for the custom resource when the order of construct instantiation is changed, like changing this: ``` const app = new App(); new SomeStack(app, 'Stack1'); new SomeStack(app, 'Stack2'); ``` to: ``` const app = new App(); new SomeStack(app, 'Stack2'); new SomeStack(app, 'Stack1'); ``` This only happens if `SomeStack` stringifies a token, which some CDK constructs will do automatically. These resource replacements won't affect customer infrastructure, but customers using a common setup as in aws#31345 will see diffs on the same application in different environments, which violates the repeatability promise of CDK. ### Description of changes Generate a unique identifier from the token's value instead of a counter. This makes this logical ID no longer instantiation-order dependent. **This will cause diffs when upgrading**. ### Description of how you validated changes Unit, integration, and manual tests. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Automated changes by [create-pull-request](https://github.com/peter-evans/create-pull-request) GitHub action
Our current test only captures bootstrap notices, lets capture all. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Add SageMaker pipeline as a Pipes target.
…ws#31951) because somehow I wrote `continue` instead of `break` in that instance... added a test to make sure. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…eveloper preview (aws#31952) ### Description of changes Set maturity for `aws-kinesisfirehose-alpha` and `aws-kinesisfirehose-destinations-alpha` module to `developer-preview`. Note: These two modules will be combined when officially stabilized into the `aws-cdk-lib/aws-kinesisfirehose` module which will be RENAMED to `aws-firehose`. ### Checklist - [s] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…ipt init templates (aws#31953) This reverts aws#31927 There are some TypeScript init tests failed. Revert the change for now so that it doesn't block the release. Will investigate why those test failed. ### Issue # (if applicable) Closes #<issue number here>. ### Reason for this change ### Description of changes ### Description of how you validated changes ### Checklist - [ ] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…s#31960) In our integ tests, we were testing TypeScript versions from 3.9 up to the latest version, which recently broke because of a change to modernize the init templates. We should up this range to a recent version; the common support lifetime of a TypeScript version is the one on `DefinitelyTyped`, the types registry for TypeScript packages. They only target TS versions less than 2 years old, which at the time of this PR is 4.9 and higher. Encode that policy into code automatically, so that we don't have to manually keep this minimum version up-to-date. This currently ages out the following versions: ``` ✕ typescript 3.9 init app ✕ typescript 4.0 init app ✕ typescript 4.1 init app ✕ typescript 4.2 init app ✕ typescript 4.3 init app ✕ typescript 4.4 init app ✕ typescript 4.5 init app ✕ typescript 4.6 init app ✕ typescript 4.7 init app ✕ typescript 4.8 init app ------------------------------8< cut line ----- ✕ typescript 4.9 init app ✓ typescript 5.0 init app ✓ typescript 5.1 init app ✓ typescript 5.2 init app ✓ typescript 5.3 init app ✓ typescript 5.4 init app ✓ typescript 5.5 init app ✓ typescript 5.6 init app ``` Unfortunately not enough to save the TypeScript template modernization change entirely... but at least it's an improvement. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…7 days (aws#31956) Closes aws#29045 ### Reason for this change AWS Trusted Advisor rolled out the S3 Incomplete Multipart Upload Abort Configuration check to help users manage costs associated with Amazon S3 storage ### Description of changes Added a new lifecycle rule to the bucket and incremented the bootstrap version to 24. ### Description of how you validated changes N/a ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) Closes aws#21026. ### Reason for this change To support UserPool Group L2 Construct. ### Description of changes Add `UserPoolGroup` class. ### Description of how you validated changes Add unit tests and integ tests. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) Closes aws#29384 ### Reason for this change To support Amazon API Gateway enrichment for EventBridge pipes. ### Description of changes Add `ApiGatewayEnrichment` construct. ### Description of how you validated changes Add unit tests and integ test. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…Set weight (aws#31823) ### Issue # (if applicable) Closes aws#31810. ### Reason for this change Could not use CfnParameter.valueAsNumber for L2 RecordSet weight. ### Description of changes Adding validation of weight property as a potential Token in RecordSet constructor. ### Description of how you validated changes Added unit and integration test. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…1945) ### Reason for this change Update the Mergify queue rules, so if the [mergify queue command](https://docs.mergify.com/commands/queue/) used it will use the correct queue based on the conditions added to each queue, and to avoid human mistakes if this command used and the PR does not fulfill the minimum requirements to be merged. ### Description of changes Updated the default-merge, and default-squash queues to add the minimum requirements before to be checked before adding a PR to that queue. ### Checklist - [X] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…veloper preview (aws#31969) Update the Change log file to announce kinesisfirehose as developer preview ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) Closes aws#28814 . ### Reason for this change To support resource policy for a Kinesis Data stream. ### Description of changes * Add `ResourcePolicy` Construct. * Add `addToResourcePolicy` method to `Stream` Construct. ### Description of how you validated changes Add unit tests and integ test. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Automated changes by [create-pull-request](https://github.com/peter-evans/create-pull-request) GitHub action
…aws#31962) ### Issue # (if applicable) None ### Reason for this change We can configure `autoMinorVersionUpgrade' for a database cluster, but AWS CDK cannot do this. ### Description of changes Add `autoMinorVersionUpgrade` to `DatabaseClusterBaseProps`. ### Description of how you validated changes Add both unit and integ tests. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Previously there were methods on the `Deployments` class that made it possible to directly get an SDK from the `SdkProvider` for a particular environment. Calling these methods made it possible to get an SDK without thinking of assuming roles to go into a different account. This PR introduces a new class, `EnvironmentAccess`, with a couple of public methods that are the only ones allowed to obtain SDKs with credentials. It has the methods: - accessStackForStackOperations(stack) - accessStackForLookup(stack) - accessStackForReading(stack) These will always respect the role information on the stack. Ideally there would have been similar methods for assets as well, but the `cdk-assets` library is entirely handling asset roles itself, and it's not in the scope of this PR to change that. That keeps on using a plain `SdkProvider`. Hotswap deployments will also just use CLI credentials and not assume role, so that also keeps on using an `SdkProvider`. All other uses have moved to `EnvironmentAccess`. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…et (aws#31937) Object Lock requires passing an object checksum. By default, SDKv2 only calculates MD5 checksums. We used to turn off checksums altogether and rely on SigV4 checksums to produce a workable setup for both FIPS and non-FIPS users, but in case of Object Lock this doesn't work: we must definitely have an S3 content checksum, and the the SigV4 checksum alone is not good enough. Since SDKv2 only supports MD5 checksums, we now only disable checksums for FIPS environments. The unfortunate result is that Object Lock will not work in a FIPS environment, but there's no way around that for now. When we migrate to SDKv3, which can be configured to checksum using SHA256, Object Lock + FIPS will work again. Relates to aws#31926 (This PR also adds tests for the PluginHost because otherwise the build fails due to coverage requirements) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…rd (aws#31955) ### Issue # (if applicable) N/A ### Reason for this change Route53 supports additional record types. Ref: https://aws.amazon.com/about-aws/whats-new/2024/10/amazon-route-53-https-sshfp-svcb-tlsa-dns-support/ These are already supported in CFn. https://docs.aws.amazon.com/ja_jp/AWSCloudFormation/latest/UserGuide/aws-resource-route53-recordset.html#cfn-route53-recordset-type ### Description of changes Add Enum. ### Description of how you validated changes Nothing because only enum added. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…S volumes (aws#31948) ### Issue # (if applicable) Closes aws#31764 ### Reason for this change CDK is failing to deploy OpenSearch with I4G nodes with error message indicating that EBS configuration is required. However, OpenSearch clusters with I4G nodes use instance store and cannot be configured with EBS storage. ### Description of changes This change adds I4G node type to the list of OpenSearch nodes that does not support EBS volumes in the cluster configuration. ### Description of how you validated changes Added unit tests and run them successfully Ran integration test on private account ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…gleton schedule target role (aws#31895) ### Issue # (if applicable) Tracking aws#31785. ### Reason for this change The current logic for creating a schedule target execution role uses a hash on the `targetArn` to determine if there is an existing role in the stack. Currently if the `targetArn` contains token values (e.g. intrinsic functions), `stack.resolve(targetArn).toString()` is used to convert the tokenized ARN into a string. However this always results in `[object Object]` which then gets hashed, meaning the same role is used for any target where the ARN passed in is not a pure string. This does not follow principle of least privilege, and a singleton role used across multiple different targets/target types can be confusing for the customer to manage. ### Description of changes - Use `JSON.stringify()` instead of `.toString()` to produce unique hash (and thus create new role) per target. ### Description of how you validated changes Updated unit tests and integration tests ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) BREAKING CHANGE: Schedule Target will reuse role if target is re-used across schedules. This change triggered replacement of existing roles for Schedule as logical ID of the roles are changed. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
### Issue # (if applicable) None ### Reason for this change We can configure amplify domain name but there is no validation for that. ### Description of changes Add validation for an amplify domain name - length must be lower than 255 characters - match with [the regular expression](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-amplify-domain.html#cfn-amplify-domain-domainname) - /^(((?!-)[A-Za-z0-9-]{0,62}[A-Za-z0-9])\.)+((?!-)[A-Za-z0-9-]{1,62}[A-Za-z0-9])(\.)?$/ ### Description of how you validated changes Add unit test ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Update the integration test cases for both pipes-sources and pipes-targets modules to add comments explained why we use TestTarget, and TestSource instead of using real classes, and this to avoid the circular dependencies, as we need to depend on each module on the other so we can implement these test cases. These Test classes should be replaced before graduating the pipes alpha modules.
…ython-alpha/test/lambda-handler/requests-2.32.2
moelasmar
had a problem deploying
to
test-pipeline
GitHub Actions
Failure
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bumps requests from 2.31.0 to 2.32.2.
Release notes
Sourced from requests's releases.
... (truncated)
Changelog
Sourced from requests's changelog.
... (truncated)
Commits
88dce9dv2.32.2c98e4d1Merge pull request #6710 from nateprewitt/api_rename92075b3Add deprecation warningaa1461bMove _get_connection to get_connection_with_tls_context970e8cev2.32.1d6ebc4av2.32.09a40d12Avoid reloading root certificates to improve concurrent performance (#6667)0c030f7Merge pull request #6702 from nateprewitt/no_char_detection555b870Allow character detection dependencies to be optional in post-packaging stepsd6dded3Merge pull request #6700 from franekmagiera/update-redirect-to-invalid-uri-testDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.