Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump boto3 from 1.28.85 to 1.29.4 in /src #89

Merged
merged 2 commits into from
Nov 21, 2023

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 20, 2023

Bumps boto3 from 1.28.85 to 1.29.4.

Changelog

Sourced from boto3's changelog.

1.29.4

  • enhancement:IMDS: [botocore] Adds a config option to opt out of IMDSv1 fallback
  • api-change:codestar-connections: [botocore] This release updates a few CodeStar Connections related APIs.
  • api-change:docdb: [botocore] Amazon DocumentDB updates for new cluster storage configuration: Amazon DocumentDB I/O-Optimized.
  • api-change:ec2: [botocore] This release adds support for Security group referencing over Transit gateways, enabling you to simplify Security group management and control of instance-to-instance traffic across VPCs that are connected by Transit gateway.

1.29.3

  • api-change:macie: [botocore] The macie client has been removed following the deprecation of the service.
  • api-change:appmesh: [botocore] Change the default value of these fields from 0 to null: MaxConnections, MaxPendingRequests, MaxRequests, HealthCheckThreshold, PortNumber, and HealthCheckPolicy -> port. Users are not expected to perceive the change, except that badRequestException is thrown when required fields missing configured.
  • api-change:athena: [botocore] Adding SerivicePreProcessing time metric
  • api-change:cloud9: [botocore] A minor doc only update related to changing the date of an API change.
  • api-change:cloudformation: [botocore] This release adds a new flag ImportExistingResources to CreateChangeSet. Specify this parameter on a CREATE- or UPDATE-type change set to import existing resources with custom names instead of recreating them.
  • api-change:codepipeline: [botocore] CodePipeline now supports overriding source revisions to achieve manual re-deploy of a past revision
  • api-change:codestar-connections: [botocore] This release adds support for the CloudFormation Git sync feature. Git sync enables updating a CloudFormation stack from a template stored in a Git repository.
  • api-change:connect: [botocore] This release adds WISDOM_QUICK_RESPONSES as new IntegrationType of Connect IntegrationAssociation resource and bug fixes.
  • api-change:dlm: [botocore] Added support for SAP HANA in Amazon Data Lifecycle Manager EBS snapshot lifecycle policies with pre and post scripts.
  • api-change:ec2: [botocore] This release adds new features for Amazon VPC IP Address Manager (IPAM) Allowing a choice between Free and Advanced Tiers, viewing public IP address insights across regions and in Amazon Cloudwatch, use IPAM to plan your subnet IPs within a VPC and bring your own autonomous system number to IPAM.
  • api-change:ecr: [botocore] Documentation and operational updates for Amazon ECR, adding support for pull through cache rules for upstream registries that require authentication.
  • api-change:emr: [botocore] Update emr client to latest version
  • api-change:events: [botocore] Update events client to latest version
  • api-change:internetmonitor: [botocore] Adds new querying capabilities for running data queries on a monitor
  • api-change:ivs: [botocore] type & defaulting refinement to various range properties
  • api-change:ivschat: [botocore] type & defaulting refinement to various range properties
  • api-change:kinesisvideo: [botocore] Docs only build to bring up-to-date with public docs.
  • api-change:location: [botocore] Remove default value and allow nullable for request parameters having minimum value larger than zero.
  • api-change:medialive: [botocore] MediaLive has now added support for per-output static image overlay.
  • api-change:mgn: [botocore] Removed invalid and unnecessary default values.
  • api-change:osis: [botocore] Add support for enabling a persistent buffer when creating or updating an OpenSearch Ingestion pipeline. Add tags to Pipeline and PipelineSummary response models.
  • api-change:pipes: [botocore] TargetParameters now properly supports BatchJobParameters.ArrayProperties.Size and BatchJobParameters.RetryStrategy.Attempts being optional, and EcsTaskParameters.Overrides.EphemeralStorage.SizeInGiB now properly required when setting EphemeralStorage
  • api-change:rds: [botocore] This release adds support for option groups and replica enhancements to Amazon RDS Custom.
  • api-change:redshift-serverless: [botocore] Updated SDK for Amazon Redshift Serverless, which provides the ability to configure a connection with IAM Identity Center to manage user and group access to databases.
  • api-change:redshift: [botocore] Updated SDK for Amazon Redshift, which you can use to configure a connection with IAM Identity Center to manage access to databases. With these, you can create a connection through a managed application. You can also change a managed application, delete it, or get information about an existing one.
  • api-change:s3: [botocore] Removes all default 0 values for numbers and false values for booleans
  • api-change:sso-admin: [botocore] Improves support for configuring RefreshToken and TokenExchange grants on applications.
  • api-change:sso-oidc: [botocore] Adding support for sso-oauth:CreateTokenWithIAM.
  • api-change:sts: [botocore] API updates for the AWS Security Token Service
  • api-change:trustedadvisor: [botocore] AWS Trusted Advisor introduces new APIs to enable you to programmatically access Trusted Advisor best practice checks, recommendations, and prioritized recommendations. Trusted Advisor APIs enable you to integrate Trusted Advisor with your operational tools to automate your workloads.
  • api-change:verifiedpermissions: [botocore] Adding BatchIsAuthorized API which supports multiple authorization requests against a PolicyStore
  • api-change:wisdom: [botocore] This release adds QuickResponse as a new Wisdom resource and Wisdom APIs for import, create, read, search, update and delete QuickResponse resources.
  • api-change:endpoint-rules: [botocore] Update endpoint-rules client to latest version

1.29.2

... (truncated)

Commits
  • 8a08ce8 Merge branch 'release-1.29.4'
  • e796389 Bumping version to 1.29.4
  • 64c8404 Add changelog entries from botocore
  • 0996499 Merge branch 'release-1.29.3'
  • 910c005 Merge branch 'release-1.29.3' into develop
  • 4a66dc1 Bumping version to 1.29.3
  • d8a36e3 Add changelog entries from botocore
  • daac03c Merge branch 'release-1.29.2'
  • 8e700ef Merge branch 'release-1.29.2' into develop
  • b229d95 Bumping version to 1.29.2
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [boto3](https://github.com/boto/boto3) from 1.28.85 to 1.29.4.
- [Release notes](https://github.com/boto/boto3/releases)
- [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst)
- [Commits](boto/boto3@1.28.85...1.29.4)

---
updated-dependencies:
- dependency-name: boto3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Nov 20, 2023
@jsf9k jsf9k enabled auto-merge November 21, 2023 14:05
@jsf9k jsf9k requested a review from a team November 21, 2023 14:05
@jsf9k jsf9k self-assigned this Nov 21, 2023
@dv4harr10
Copy link
Contributor

Hi Team, I noticed the same issue 'Possible run shell injection' at .GitHub/workflows/build.yml line 187 reported cisagov/skeleton-docker#180.

@jsf9k
Copy link
Member

jsf9k commented Nov 21, 2023

Hi Team, I noticed the same issue 'Possible run shell injection' at .GitHub/workflows/build.yml line 187 reported cisagov/skeleton-docker#180.

This same potential flaw will be present in all repositories that descend from cisagov/skeleton-docker. If cisagov/skeleton-docker#180 is resolved then the fix will trickle down to the child repos via cisagov/action-lineage.

@jsf9k jsf9k merged commit d1a2bdc into develop Nov 21, 2023
13 checks passed
@jsf9k jsf9k deleted the dependabot/pip/src/boto3-1.29.4 branch November 21, 2023 15:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file python Pull requests that update Python code
Projects
Status: Done
Development

Successfully merging this pull request may close these issues.

2 participants