[Snyk] Upgrade @aws-sdk/credential-providers from 3.778.0 to 3.908.0

[sestinj]

Snyk has created this PR to upgrade @aws-sdk/credential-providers from 3.778.0 to 3.908.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 58 versions ahead of your current version.

• The recommended version was released 24 days ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BABELHELPERS-9397697	452	Proof of Concept
	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	452	Proof of Concept

Release notes

Package name: @aws-sdk/credential-providers

• 3.908.0 - 2025-10-10
  

  3.908.0(2025-10-10)

  Chores

  • codegen: sync for bowser removal, lstat fixes (#7418) (511167d5)

  Documentation Changes

  • client-rds: Updated the text in the Important section of the ModifyDBClusterParameterGroup page. (23a42361)

  New Features

  • clients: update client endpoints as of 2025-10-10 (b5e87b16)
  • client-lambda: Add InvokedViaFunctionUrl context key to limit invocations to only FURL invokes. (cf1e3beb)
  • client-bedrock-agentcore-control: Bedrock AgentCore release for Gateway, and Memory including Self-Managed Strategies support for Memory. (dd8408b9)
  • client-odb: This release adds APIs that allow you to specify CIDR ranges in your ODB peering connection. (72de496b)
  • client-cloudfront: Added new viewer security policy, TLSv1.2_2025, for CloudFront. (bbe5fc55)
  • client-bedrock-agentcore: Bedrock AgentCore release for Runtime, and Memory. (9ad809ec)
  • client-glue: Addition of AuditContext in GetTable/GetTables Request (cf3d8e19)

  Bug Fixes

  • codegen: apply reserved word escaping to union shape in Json serializer (#7419) (9ee6cdcd)

  ---

  For list of updated packages, view updated-packages.md in assets-3.908.0.zip

• 3.907.0 - 2025-10-09
  

  3.907.0(2025-10-09)

  Chores

  • util-user-agent-browser: remove bowser from default UA provider (#7413) (a94d95f7)
  • ci: run publish for codegen (#7415) (b2f1ac0c)

  New Features

  • clients: update client endpoints as of 2025-10-09 (98148915)
  • client-wafv2: This release adds the ability to throw WafLimitsExceededException when the maximum number of Application Load Balancer (ALB) associations per AWS WAF v2 WebACL is exceeded. (33438d9d)
  • client-quicksight: This release adds support for ActionConnector and Flow, which are new resources associated with Amazon Quick Suite. Additional updates include expanded Data Source options, further branding customization, and new capabilities that can be restricted by Admins. (72c12a09)

  Tests

  • core: modify request compression threshold values (#7414) (6b45d720)

  ---

  For list of updated packages, view updated-packages.md in assets-3.907.0.zip

• 3.906.0 - 2025-10-08
  

  3.906.0(2025-10-08)

  Chores

  • core/protocols: inline schema number values (#7412) (99121e88)
  • clients: use rollup for dist-cjs (#7406) (76423599)

  New Features

  • clients: update client endpoints as of 2025-10-08 (9f44c29c)
  • client-license-manager-user-subscriptions: Released support for IPv6 and dual-stack active directories (288c63a8)
  • client-outposts: This release adds the new StartOutpostDecommission API, which starts the decommission process to return Outposts racks or servers. (2bfac290)
  • client-bedrock-agentcore-control: Adding support for authorizer type AWS_IAM to AgentCore Control Gateway. (c3b83d46)
  • client-service-quotas: introduces Service Quotas Automatic Management. Users can opt-in to monitoring and managing service quotas, receive notifications when quota usage reaches thresholds, configure notification channels, subscribe to EventBridge events for automation, and view notifications in the AWS Health dashboard. (136894bf)

  ---

  For list of updated packages, view updated-packages.md in assets-3.906.0.zip

• 3.901.0 - 2025-10-01
  

  3.901.0(2025-10-01)

  Chores

  • codegen:
    • bump Gradle to 9.0.0 (#7390) (1e004195)
    • bump codegen version to 0.36.0 (#7393) (d0a9cd8b)
  • add more bundle types to the benchmark (#7392) (97078ce6)
  • bump '@ smithy/*' versions (#7391) (0a418cc2)

  Documentation Changes

  • client-ecs: This is a documentation only Amazon ECS release that adds additional information for health checks. (a5652334)
  • client-database-migration-service: This is a doc-only update, revising text for kms-key-arns. (629c6306)

  New Features

  • client-chime-sdk-meetings: Add support to receive dual stack MediaPlacement URLs in Chime Meetings SDK (c32ced42)
  • client-cleanroomsml: This release introduces data access budgets to view how many times an input channel can be used for ML jobs in a collaboration. (a6cc054b)
  • client-cleanrooms: This release introduces data access budgets to control how many times a table can be used for queries and jobs in a collaboration. (783dbc10)
  • client-pcs: Added the UpdateCluster API action to modify cluster configurations, and Slurm custom settings for queues. (3b9d480e)
  • client-ivs-realtime: Remove incorrect ReadOnly trait on IVS RealTime ImportPublicKey API (8b79cdc1)

  ---

  For list of updated packages, view updated-packages.md in assets-3.901.0.zip

• 3.899.0 - 2025-09-29
• 3.896.0 - 2025-09-24
• 3.895.0 - 2025-09-23
• 3.894.0 - 2025-09-22
• 3.893.0 - 2025-09-19
• 3.892.0 - 2025-09-18
• 3.891.0 - 2025-09-17
• 3.890.0 - 2025-09-16
• 3.888.0 - 2025-09-12
• 3.887.0 - 2025-09-11
• 3.886.0 - 2025-09-10
• 3.883.0 - 2025-09-05
• 3.882.0 - 2025-09-04
• 3.880.0 - 2025-09-02
• 3.879.0 - 2025-08-29
• 3.876.0 - 2025-08-26
• 3.873.0 - 2025-08-21
• 3.872.0 - 2025-08-20
• 3.864.0 - 2025-08-08
• 3.863.0 - 2025-08-07
• 3.862.0 - 2025-08-06
• 3.859.0 - 2025-08-01
• 3.858.0 - 2025-07-31
• 3.857.0 - 2025-07-30
• 3.856.0 - 2025-07-29
• 3.855.0 - 2025-07-28
• 3.848.0 - 2025-07-17
• 3.846.0 - 2025-07-16
• 3.845.0 - 2025-07-15
• 3.844.0 - 2025-07-09
• 3.840.0 - 2025-06-30
• 3.839.0 - 2025-06-27
• 3.835.0 - 2025-06-23
• 3.834.0 - 2025-06-20
• 3.830.0 - 2025-06-16
• 3.828.0 - 2025-06-11
• 3.826.0 - 2025-06-06
• 3.825.0 - 2025-06-05
• 3.823.0 - 2025-06-03
• 3.821.0 - 2025-05-30
• 3.817.0 - 2025-05-23
• 3.816.0 - 2025-05-22
• 3.812.0 - 2025-05-16
• 3.810.0 - 2025-05-14
• 3.808.0 - 2025-05-12
• 3.806.0 - 2025-05-08
• 3.804.0 - 2025-05-06
• 3.803.0 - 2025-05-05
• 3.799.0 - 2025-04-29
• 3.798.0 - 2025-04-28
• 3.797.0 - 2025-04-25
• 3.796.0 - 2025-04-24
• 3.787.0 - 2025-04-10
• 3.782.0 - 2025-04-03
• 3.778.0 - 2025-03-28

from @aws-sdk/credential-providers GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

---

Summary by cubic

Upgrade @aws-sdk/credential-providers from 3.778.0 to 3.908.0 to address Snyk-reported vulnerabilities and keep our AWS SDK current. Only core/package.json changed; no code changes.

• Dependencies

  • @aws-sdk/credential-providers: ^3.778.0 → ^3.908.0

• Bug Fixes

  • Resolves Snyk alerts for ReDoS and resource leak in transitive dependencies.

^{Written for commit e926773. Summary will update automatically on new commits.}

[github-actions]

⚠️ PR Title Format

Your PR title doesn't follow the conventional commit format, but this won't block your PR from being merged. We recommend using this format for better project organization.

Expected Format:

<type>[optional scope]: <description>

Examples:

• feat: add changelog generation support
• fix: resolve login redirect issue
• docs: update README with new instructions
• chore: update dependencies

Valid Types:

feat, fix, docs, style, refactor, perf, test, build, ci, chore, revert

This helps with:

• 📝 Automatic changelog generation
• 🚀 Automated semantic versioning
• 📊 Better project history tracking

This is a non-blocking warning - your PR can still be merged without fixing this.

[github-actions]

✅ Review Complete

Code Review Summary

⚠️ Continue API authentication failed. Please check your CONTINUE_API_KEY.

---

[cubic-dev-ai]

No issues found across 1 file