-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Renovate Update Patch & Minor Updates #282
base: main
Are you sure you want to change the base?
Conversation
3ab10cb
to
1e0ab25
Compare
1e0ab25
to
afe31b2
Compare
afe31b2
to
55577d7
Compare
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
e80fe69
to
197d2a4
Compare
197d2a4
to
7804646
Compare
7804646
to
1aec22b
Compare
1aec22b
to
4a28b6e
Compare
4a28b6e
to
9f07960
Compare
9f07960
to
d1c4ec4
Compare
d1c4ec4
to
67af4a2
Compare
67af4a2
to
a2255d2
Compare
a2255d2
to
de1af90
Compare
4521fed
to
456e460
Compare
456e460
to
418e802
Compare
418e802
to
9ecb925
Compare
9ecb925
to
d6cfc6f
Compare
d6cfc6f
to
287f534
Compare
287f534
to
956e162
Compare
956e162
to
06e8a14
Compare
06e8a14
to
0768320
Compare
0768320
to
ff8664f
Compare
ff8664f
to
28f15cd
Compare
ℹ Artifact update noticeFile name: go.modIn order to perform the update(s) described in the table above, Renovate ran the
Details:
|
28f15cd
to
d56943b
Compare
d56943b
to
485c276
Compare
485c276
to
de20571
Compare
Quality Gate passedIssues Measures |
This PR contains the following updates:
==3.0.3
->==3.1.0
==3.1.4
->==3.1.5
0.28.0
->0.29.0
5.73.0
->5.82.2
==0.23.0
->==0.23.6
==1.35.50
->==1.35.86
1.35.87
==1.35.50
->==1.35.86
1.35.87
v1.32.3
->v1.32.7
v1.28.1
->v1.28.7
v1.15.13
->v1.15.22
v1.36.3
->v1.38.1
v1.35.3
->v1.36.1
v1.66.2
->v1.71.1
v1.34.3
->v1.34.8
v1.31.0
->v1.62.0
v1.9.0
->v1.10.0
v2.46.3
->v2.50.0
v2.50.1
1.23.2
->1.23.4
1.23.2
->1.23.3
1.23.4
v1.61.0
->v1.62.2
==2.9.0
->==2.10.1
Warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
GitHub Vulnerability Alerts
CVE-2024-56326
An oversight in how the Jinja sandboxed environment detects calls to
str.format
allows an attacker that controls the content of a template to execute arbitrary Python code.To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates.
Jinja's sandbox does catch calls to
str.format
and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string'sformat
method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox.CVE-2024-56201
A bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used.
To exploit the vulnerability, an attacker needs to control both the filename and the contents of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates where the template author can also choose the template filename.
Release Notes
pallets/flask (Flask)
v3.1.0
Compare Source
Released 2024-11-13
5623
Werkzeug >= 3.1, ItsDangerous >= 2.2, Blinker >= 1.9. :pr:
5624,5633
responses. :pr:
5496
Flask.open_resource
/open_instance_resource
andBlueprint.open_resource
take anencoding
parameter to use whenopening in text mode. It defaults to
utf-8
. :issue:5504
Request.max_content_length
can be customized per-request instead of onlythrough the
MAX_CONTENT_LENGTH
config. AddedMAX_FORM_MEMORY_SIZE
andMAX_FORM_PARTS
config. Added documentationabout resource limits to the security page. :issue:
5625
Partitioned
cookie attribute (CHIPS), with theSESSION_COOKIE_PARTITIONED
config. :issue:5472
-e path
takes precedence over default.env
and.flaskenv
files.load_dotenv
loads default files in addition to a path unlessload_defaults=False
is passed. :issue:5628
SECRET_KEY_FALLBACKS
config, a list of oldsecret keys that can still be used for unsigning. Extensions will need to
add support. :issue:
5621
host_matching=True
orsubdomain_matching=False
interacts with
SERVER_NAME
. SettingSERVER_NAME
no longer restrictsrequests to only that domain. :issue:
5553
Request.trusted_hosts
is checked during routing, and can be set throughthe
TRUSTED_HOSTS
config. :issue:5636
pallets/jinja (Jinja2)
v3.1.5
Compare Source
Unreleased
render
for an async template usesasyncio.run
.:pr:
1952
auto_aiter
warnings. :pr:1960
aclose
-ableAsyncGenerator
fromTemplate.generate_async
. :pr:1960
root_render_func()
unclosed inTemplate.generate_async
. :pr:1960
:pr:
1960
aquasecurity/trivy-action (aquasecurity/trivy-action)
v0.29.0
Compare Source
What's Changed
setup-trivy
by @DmitriyLewen in https://github.com/aquasecurity/trivy-action/pull/421setup-trivy
and add newcontrib
directory path info by @DmitriyLewen in https://github.com/aquasecurity/trivy-action/pull/424New Contributors
Full Changelog: aquasecurity/trivy-action@0.28.0...0.29.0
hashicorp/terraform-provider-aws (aws)
v5.82.2
Compare Source
BUG FIXES:
mutual_authentication.advertise_trust_store_ca_names
attribute. This fixes a regression introduced in v5.82.0 causingsetting mutual_authentication: Invalid address to set: []string{"mutual_authentication", "0", "advertise_trust_store_ca_names"}
errors (#40658)v5.82.1
Compare Source
ENHANCEMENTS:
availability_zone_distribution
argument (#40634)BUG FIXES:
statement
sid
(#40639)v5.82.0
Compare Source
NOTES:
id
attribute has changed to prevent inconsistent parsing which resulted in provider crashes under certain conditions. The new format is a comma-delimited string combininggroup_arn
andresource_arn
in their entirety. Configuarations relying on the previous format may need to be updated to continue functioning correctly. (#40579)FEATURES:
aws_servicecatalogappregistry_attribute_group_associations
(#38306)aws_api_gateway_domain_name_access_association
(#40566)aws_cloudfront_vpc_origin
(#40239)aws_memorydb_multi_region_cluster
(#40376)aws_networkmanager_dx_gateway_attachment
(#40546)aws_rds_cluster_snapshot_copy
(#40398)ENHANCEMENTS:
arn
attribute (#40546)statement
sid
is valid, including on alphanumeric characters (#40562)service_region
attribute (#40583)agent_collaboration
attribute to configure agent collaboration role (#40543)origin.vpc_origin_config
argument (#40239)name_prefix
argument (#40622)arn
attribute (#40546)efa_enabled
argument (#40381)advertise_trust_store_ca_names
attribute to themutual_authentication
configuration block (#40550)multi_region_cluster_name
argument (#40376)edge_locations
attribute (#40546)service_region
argument (#40583)BUG FIXES:
AccessDeniedException: ... is not authorized to perform: acm-pca:GetCertificateAuthorityCsr on resource: ...
errors for RAM-shared CAs (#39952)setting entitlements: Invalid address to set: []string{"entitlements", "0", "overage"}
errors (#40621)certificate_settings
when updating. (#40589)certificate_settings.type
toCUSTOM
. (#40589)ValidationException
when settingcertificate_settings.type
toAMPLIFY_MANAGED
. (#40589)certificate_settings
not set. (#40589)certificate_settings
is not set during update. (#40589)arn
for private custom domain names (#40566)vpc_configuration.tls_certificate
as Optional (#40574)at_rest_encryption_enabled
whenengine
isvalkey
. (#40514)IAMPrincipals
principal group (#38600)permissions
andpermissions_with_grant_option
attributes (#38047)result
attribute when changinginput
attribute, for lifecycle scope "CRUD" (#34263)teletext_destination_settings
. (#33797)allocated_storage
(#40601)force_destroy = true
can now delete objects with non-XML-safe keys (#40537)force_destroy = true
can now delete objects with non-XML-safe keys (#40537)automatically_after_days
was not being set properly whenschedule_expression
had been set previously (#34295)InvalidRequestException: A previous rotation isn't complete. That rotation will be reattempted.
(#34295)redrive_allow_policy
diffs (#40604)v5.81.0
Compare Source
FEATURES:
aws_servicecatalogappregistry_attribute_group
(#38188)aws_ssm_parameter
(#40313)aws_bedrock_inference_profile
(#40294)aws_cloudwatch_log_anomaly_detector
(#40437)aws_ecr_account_setting
(#40219)aws_msk_single_scram_secret_association
(#37056)aws_servicecatalogappregistry_attribute_group
(#38183)aws_servicecatalogappregistry_attribute_group_association
(#38290)ENHANCEMENTS:
policy
anddomain_name_id
attributes (#40364)tags
attribute (#38243)delivery_options.max_delivery_seconds
andtracking_options.https_policy
attributes (#40194)domain_name_id
argument (#40447)policy
argument anddomain_name_id
attribute (#40364)PRIVATE
as a valid value forendpoint_configuration.types
argument, enabling custom domain name support for private REST API endpoints (#40364)completion_duration_minutes
argument (#40336)configuration.retention_configuration
andconfiguration.orphan_file_deletion_configuration
attributes. (#40199)enable_primary_ipv6
argument to add support for enabling primary IPv6 addresses on EC2 instances (#36425)shard_count
would not exceed the AWS account's shard quota when the data stream capacity mode isPROVISIONED
, preventing the provider from retrying for 1 hour in the case that the quota is exceeded. This functionality requires thekinesis:DescribeLimits
IAM permission (#40499)kinesis:DescribeLimits
IAM permission (#40499)topic_replication.topic_name_configuration
argument (#40101)enable_primary_ipv6
argument to add support for enabling primary IPv6 addresses for network interfaces (#36425)stateful_engine_options.flow_timeouts
argument (#39996)serverlessv2_scaling_configuration.seconds_until_auto_pause
argument (#40441)tags
argument andtags_all
attribute (#40470)notebook-al2-v3
value forplatform_identifier
(#40484)tags
argument andtags_all
attribute (#38243)delivery_options.max_delivery_seconds
andtracking_options.https_policy
arguments (#40194)BUG FIXES:
InvalidArgumentException: NextToken and StreamName cannot be provided together
errors when the data stream has more than 1000 shards (#40499)rule
fromTypeSet
toTypeList
as order is significant (#40521)throughput_capacity
validation to allow values up to12228
(#40468)logging_configuration.log_destination_config
s (#40092)InvalidDBClusterStateFault
errors when deleting clusters that are members of a global cluster (#40333)InvalidParameterValue: Serverless v2 maximum capacity 0.0 isn't valid. The maximum capacity must be at least 1.0.
errors when removingserverlessv2_scaling_configuration
in an update (#40511)storage_type
when restoring from S3 (#40471)storage_type
when restoring from snapshot (#40471)storage_type
when restoring to a point in time (#40471)database_name
as Computed. This prevents resource recreation when the source cluster specifies adatabase_name
(#40469)v5.80.0
Compare Source
FEATURES:
aws_codeconnections_connection
(#40300)aws_codeconnections_host
(#40300)aws_s3tables_namespace
(#40420)aws_s3tables_table
(#40420)aws_s3tables_table_bucket
(#40420)aws_s3tables_table_bucket_policy
(#40420)aws_s3tables_table_policy
(#40420)ENHANCEMENTS:
instruction
max length for validation to 8000 (#40279)deletion_protection_enabled
argument (#35359)serverlessv2_scaling_configuration.max_capacity
andserverlessv2_scaling_configuration.min_capacity
minimum values to0
to support Amazon Aurora Serverless v2 scaling to 0 ACUs (#40230)LocalZone
as a valid value forlocation.type
, enabling support for Amazon S3 Express One Zone in AWS Dedicated Local Zones (#40339)BUG FIXES:
tags_all
when planning. (#40305)deserialization failed, failed to decode response body with invalid JSON
errors on Read (#40419)v5.79.0
Compare Source
FEATURES:
aws_vpc_block_public_access_exclusion
(#40235)aws_vpc_block_public_access_options
(#40233)ENHANCEMENTS:
compute_config
,storage_config
, andkubernetes_network_config.elastic_load_balancing
arguments for EKS Auto Mode (#40370)remote_network_config
argument for EKS Auto Mode (#40371)metrics_config
argument (#40322)provisioned_poller_config
argument (#40303)supported_regions
argument (#40346)BUG FIXES:
disk_iops_configuration.iops
from350000
to400000
fordeployment_type = "SINGLE_AZ_2"
(#40359)v5.78.0
Compare Source
NOTES:
FEATURES:
aws_iam_organizations_features
(#40164)ENHANCEMENTS:
engine
attribute (#40224)cluster_configuration.engine
attribute (#40224)engine
argument (#40224)cluster_configuration.engine
attribute (#40224)BUG FIXES:
product_description
(e.g., "postgresql") is a substring of multiple products, fixError: multiple RDS Reserved Instance Offerings matched; use additional constraints to reduce matches to a single RDS Reserved Instance Offering
(#40281)Warning: AWS account ID not found for provider
whenskip_requesting_account_id
istrue
(#40264)eksProperties
orecsProperties
block (#40172)content_policy_config.filters_config
s are specified. (#40304)sns_topic_arns
changes (#40253)sns_topic_arns
changes (#40291)storage_type
fromio1
orio2
togp3
, fix bug causing errorInvalidParameterCombination: You must specify both the storage size and iops when modifying the storage size or iops on a DB instance that has iops
(#37257)gp3
volume'sallocated_storage
to a value larger than the threshold value forengine
, fix bug causing errorInvalidParameterCombination: You must specify both the storage size and iops when modifying the storage size or iops on a DB instance that has iops
(#28847)v5.77.0
Compare Source
NOTES:
aws_kms_secrets
,aws_lambda_invocation
, andaws_secretsmanager_secret_version
now support ephemeral values. (#40009)FEATURES:
aws_kms_secrets
(#40009)aws_lambda_invocation
(#39988)aws_secretsmanager_secret_version
(#40009)aws_rds_instance_state
(#40180)ENHANCEMENTS:
most_recent
is true and certain filter criteria are missing (#40211)availability_zone_rebalancing
attribute (#40225)availability_zone_rebalancing
attribute (#40225)versionConsistency
argument tocontainer_definitions
(#40216)nodejs22.x
runtime
value (#40277)nodejs22.x
compatible_runtimes
value (#40277)endpoint
argument to point to the writer DB instance in the current primary cluster (#39960)BUG FIXES:
tags
from theDescribeSubnets
response, removing the need for theec2:DescribeTags
IAM permission (#40144)schema
element (#40195)pod_identity_association
is modified (#40168)pod_identity_association
is changed (#40168)v5.76.0
Compare Source
FEATURES:
aws_vpc_security_group_vpc_association
(#40069)ENHANCEMENTS:
python3.13
runtime
value (#40277)python3.13
compatible_runtimes
value (#40277)BUG FIXES:
BadRequestException: Invalid mapping expression specified
andNotFoundException: Invalid parameter name specified
errors when making updates torequest_parameters
and/orcache_key_parameters
(#40124)BadRequestException: Invalid mapping expression specified
andNotFoundException: Invalid parameter name specified
errors when making updates torequest_parameters
(#40124)launch_template
that is updated causingValidationError: You must use a valid fully-formed launch template.
(#40088)ipam_pool_id
is set (#40082)Provider returned invalid result object after apply
errors (#40090)policy_names
(#40076)policy_arns
(#40076)policy_names
(#40076)policy_arns
(#40076)policy_names
(#40076)policy_arns
(#40076)v5.75.1
Compare Source
ENHANCEMENTS:
description
attribute (#39980)reset_on_delete
to properly reset CloudWatch Role ARN on deletion. (#40004)description
argument (#39980)BUG FIXES:
canary_settings
andstage_description
when `stage_naConfiguration
📅 Schedule: Branch creation - "* 0-6 1 * *" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.