From 7d968ff0b082e60255a960f0330a07ceaf1ac22e Mon Sep 17 00:00:00 2001 From: Michael Lehmann Date: Thu, 28 May 2026 10:32:04 -0700 Subject: [PATCH 01/16] minor readme fixes and print tags when debugging --- README.md | 17 +++++++++++------ src/assumeRole.ts | 1 + 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 71358ed..df52e29 100644 --- a/README.md +++ b/README.md @@ -388,21 +388,21 @@ Tags whose source environment variable is unset are omitted (e.g., `BaseRef` and _Note: all tag values must conform to [the tag requirements][sts-tag-requirements]. Values longer than 256 characters will be truncated, and characters outside the -allowed set will be replaced with an underscore (`_`).\_ +allowed set will be replaced with an underscore (`_`)._ [sts-tag-requirements]: https://docs.aws.amazon.com/STS/latest/APIReference/API_Tag.html -The action will use session tagging by default unless you are using OIDC. +The action will use session tagging by default unless you are using OIDC or a +Web Identify Token File. To [forward session tags to subsequent sessions in a role -chain][session-tag-chaining], you can use +chain][session-tag-chaining], you can use the `transitive-tag-keys` input to +specify the keys of the tags to be passed. [session-tag-chaining]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining -the `transitive-tag-keys` input to specify the keys of the tags to be passed. - _Note that all subsequent roles in the chain must have `role-skip-session-tagging` set to `true`_ @@ -626,7 +626,12 @@ To run this action using self-hosted action runners on AWS Containers such as Codebuild or EKS, you may need to set `role-chaining: true`. If you are using EKS and encountering an error related to the packed size of -session tags, set `role-skip-session-tagging: true`. +session tags, set `role-skip-session-tagging: true`. Alternatively, you may +[disable EKS session tagging][eks-disable-session-tagging] in the EKS settings +if you do not need those predefined tags. + +[eks-disable-session-tagging]: + https://docs.aws.amazon.com/eks/latest/userguide/pod-id-abac.html#pod-id-abac-tags ## Compatibility with non-GitHub Actions environments diff --git a/src/assumeRole.ts b/src/assumeRole.ts index b0b222a..97a5f8f 100644 --- a/src/assumeRole.ts +++ b/src/assumeRole.ts @@ -226,6 +226,7 @@ export async function assumeRole(params: assumeRoleParams) { core.debug('Role session tagging has been skipped.'); } else { core.debug(`${tags.length} role session tags are being used:`); + core.debug(JSON.stringify(tagArray)); } //only populate transitiveTagKeys array if user is actually using session tagging From 32a5f16041472553b57c862959cc263c67dde7c5 Mon Sep 17 00:00:00 2001 From: Michael Lehmann Date: Thu, 28 May 2026 15:08:14 -0700 Subject: [PATCH 02/16] redo changes from #1780 --- README.md | 3 +++ src/assumeRole.ts | 1 + test/index.test.ts | 12 ++++++++++++ 3 files changed, 16 insertions(+) diff --git a/README.md b/README.md index f37fd43..df52e29 100644 --- a/README.md +++ b/README.md @@ -168,6 +168,7 @@ detail. | role-session-name | Defaults to "GitHubActions", but may be changed if required. | No | | role-skip-session-tagging | Skips session tagging if set. | No | | transitive-tag-keys | Define a list of transitive tag keys to pass when assuming a role. | No | +| custom-tags | Additional tags to apply to the assumed role session. Must be a JSON object provided as a string. Custom tags are not usable with OIDC or web identity token authentication. | No | | inline-session-policy | You may further restrict the assumed role policy by defining an inline policy here. | No | | managed-session-policies | You may further restrict the assumed role policy by specifying a managed policy here. | No | | output-credentials | When set, outputs fetched credentials as action step output. (Outputs aws-access-key-id, aws-secret-access-key, aws-session-token, aws-account-id, authenticated-arn, and aws-expiration). Defaults to false. | No | @@ -180,6 +181,8 @@ detail. | allowed-account-ids | A comma-delimited list of expected AWS account IDs. The action will fail if we receive credentials for the wrong account. | No | | force-skip-oidc | When set, the action will skip using GitHub OIDC provider even if the id-token permission is set. | No | | action-timeout-s | Global timeout for the action in seconds. If set to a value greater than 0, the action will fail if it takes longer than this time to complete. | No | +| no-proxy | Hosts to skip for the proxy configuration. | No | +| sts-endpoint | Custom STS endpoint URL. Use this to point to an STS-compatible API (e.g. MinIO, LocalStack) instead of the default AWS STS endpoint for the region. | No | diff --git a/src/assumeRole.ts b/src/assumeRole.ts index d476d00..97a5f8f 100644 --- a/src/assumeRole.ts +++ b/src/assumeRole.ts @@ -42,6 +42,7 @@ async function assumeRoleWithWebIdentityTokenFile( core.info('Assuming role with web identity token file'); try { delete params.Tags; + delete params.TransitiveTagKeys; const creds = await client.send( new AssumeRoleWithWebIdentityCommand({ ...params, diff --git a/test/index.test.ts b/test/index.test.ts index 3970951..93f6abe 100644 --- a/test/index.test.ts +++ b/test/index.test.ts @@ -202,6 +202,18 @@ describe('Configure AWS Credentials', {}, () => { expect(core.setOutput).toHaveBeenCalledTimes(2); expect(core.setFailed).not.toHaveBeenCalled(); }); + it('does not send Tags or TransitiveTagKeys to AssumeRoleWithWebIdentity', async () => { + // AssumeRoleWithWebIdentity reads session tags from JWT claims, not the request. + // Both fields must be stripped before the STS call. + vi.mocked(core.getMultilineInput).mockImplementation((name: string) => { + if (name === 'transitive-tag-keys') return ['Repository']; + return []; + }); + await run(); + const callInput = mockedSTSClient.commandCalls(AssumeRoleWithWebIdentityCommand)[0].args[0].input; + expect(callInput.Tags).toBeUndefined(); + expect(callInput.TransitiveTagKeys).toBeUndefined(); + }); }); describe('Assume existing role', {}, () => { From 4c9e858f15ad08087186ac81504865097a9bb04f Mon Sep 17 00:00:00 2001 From: Michael Lehmann Date: Thu, 28 May 2026 17:01:07 -0700 Subject: [PATCH 03/16] reworked new tags/priority behavior, add drop tags and retry logic --- README.md | 41 +++++++------ src/assumeRole.ts | 55 ++++++++++-------- test/index.test.ts | 124 +++++++++++++--------------------------- test/mockinputs.test.ts | 2 - 4 files changed, 93 insertions(+), 129 deletions(-) diff --git a/README.md b/README.md index df52e29..77703c1 100644 --- a/README.md +++ b/README.md @@ -353,8 +353,7 @@ documentation for `GITHUB_` environment variable definitions][gh-env-vars]) [gh-env-vars]: https://docs.github.com/en/actions/reference/workflows-and-actions/variables#default-environment-variables -**Protected tags** are always emitted when session tags are used, and cannot be -overridden via `custom-tags`: +**Default tags** are always emitted when session tags are used. | Key | Value | | ---------- | ----------------- | @@ -366,21 +365,24 @@ overridden via `custom-tags`: | Commit | GITHUB_SHA | | Branch | GITHUB_REF | -**Overrideable tags** are automatically added to the set of default session tags -but may be overridden via `custom-tags`. AWS has a maximum limit of 50 session -tags; tags from this list are dropped in reverse priority order if your -`custom-tags` set plus the protected set exceeds this limit. +**Droppable tags** are automatically added to the set of default session tags. +If the session tags exceed the [packed size limit][packed-size-limit], these +tags will be dropped, and the AssumeRole call will be retried. If it still +fails, the action will error out. (It is difficult to predict the packed size +before making the call, as session tags and session policies are compressed into +a binary format as part of the call.) -| Key | Value | Priority | -| --------------- | ----------------------- | -------- | -| EventName | GITHUB_EVENT_NAME | 1 | -| BaseRef | GITHUB_BASE_REF | 2 | -| HeadRef | GITHUB_HEAD_REF | 3 | -| RefName | GITHUB_REF_NAME | 4 | -| RunId | GITHUB_RUN_ID | 5 | -| RefType | GITHUB_REF_TYPE | 6 | -| Job | GITHUB_JOB | 7 | -| TriggeringActor | GITHUB_TRIGGERING_ACTOR | 8 | +[packed-size-limit]: + https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_know + +| Key | Value | +| --------------- | ----------------------- | +| EventName | GITHUB_EVENT_NAME | +| BaseRef | GITHUB_BASE_REF | +| HeadRef | GITHUB_HEAD_REF | +| RunId | GITHUB_RUN_ID | +| Job | GITHUB_JOB | +| TriggeringActor | GITHUB_TRIGGERING_ACTOR | Tags whose source environment variable is unset are omitted (e.g., `BaseRef` and `HeadRef` are only set on `pull_request` events). @@ -419,9 +421,10 @@ with: ### Custom session tags You can add custom session tags using the `custom-tags` input, which accepts a -JSON object. Custom tags cannot override protected tags, but they can override -overrideable tags (in which case the overrideable tag's slot is freed for the -next overrideable tag in the priority list, if any). +JSON object. Custom tags cannot override existing tags. Note that AWS allows a +maximum of 50 tags (so you can supply a maximum of 43 custom tags), although it +is likely that you will exceed the [packed size limit][packed-size-limit] +before you exceed the maximum number of tags. ```yaml uses: aws-actions/configure-aws-credentials@v6 diff --git a/src/assumeRole.ts b/src/assumeRole.ts index 97a5f8f..6c91917 100644 --- a/src/assumeRole.ts +++ b/src/assumeRole.ts @@ -2,7 +2,11 @@ import assert from 'node:assert'; import path from 'node:path'; import * as core from '@actions/core'; import type { AssumeRoleCommandInput, STSClient, Tag } from '@aws-sdk/client-sts'; -import { AssumeRoleCommand, AssumeRoleWithWebIdentityCommand } from '@aws-sdk/client-sts'; +import { + AssumeRoleCommand, + AssumeRoleWithWebIdentityCommand, + PackedPolicyTooLargeException, +} from '@aws-sdk/client-sts'; import type { CredentialsClient } from './CredentialsClient'; import { errorMessage, isDefined, readFileUtf8, sanitizeGitHubVariables } from './helpers'; @@ -61,6 +65,13 @@ async function assumeRoleWithCredentials(params: AssumeRoleCommandInput, client: const creds = await client.send(new AssumeRoleCommand({ ...params })); return creds; } catch (error) { + if (error instanceof PackedPolicyTooLargeException) { + core.info('Session tag size is too large; dropping droppable tags and retrying.'); + const droppableKeys = new Set(DROPPABLE_TAG_SOURCES.map((s) => s.key)); + params.Tags = params.Tags?.filter((tag) => !droppableKeys.has(tag.Key ?? '')); + const creds = await client.send(new AssumeRoleCommand({ ...params })); + return creds; + } throw new Error(`Could not assume role with user credentials: ${errorMessage(error)}`); } } @@ -87,8 +98,8 @@ const MAX_TAG_KEY_LENGTH = 128; const MAX_TAG_VALUE_LENGTH = 256; const MAX_SESSION_TAGS = 50; -// Identity/audit primitives. Always emitted and cannot be overridden by custom-tags. -const PROTECTED_TAG_SOURCES: ReadonlyArray<{ key: string; envVar: string }> = [ +// Identity/audit primitives. Always emitted and cannot be dropped. +const NON_DROPPABLE_TAG_SOURCES: ReadonlyArray<{ key: string; envVar: string }> = [ { key: 'Repository', envVar: 'GITHUB_REPOSITORY' }, { key: 'Workflow', envVar: 'GITHUB_WORKFLOW' }, { key: 'Action', envVar: 'GITHUB_ACTION' }, @@ -97,21 +108,23 @@ const PROTECTED_TAG_SOURCES: ReadonlyArray<{ key: string; envVar: string }> = [ { key: 'Branch', envVar: 'GITHUB_REF' }, ]; -// Convenience metadata. Custom-tags may override (suppresses the default for that key). -// Listed in priority order; lower-priority entries are dropped first if the user's custom-tags -// would push the total above MAX_SESSION_TAGS. -const OVERRIDEABLE_TAG_SOURCES_BY_PRIORITY: ReadonlyArray<{ key: string; envVar: string }> = [ +// Convenience metadata. Will be dropped if session tag size is too large. +// Logic for dropping tags by priority has been removed; it seems unlikely that +// the limit of 50 tags will be hit without first hitting the size limit. +const DROPPABLE_TAG_SOURCES: ReadonlyArray<{ key: string; envVar: string }> = [ { key: 'EventName', envVar: 'GITHUB_EVENT_NAME' }, { key: 'BaseRef', envVar: 'GITHUB_BASE_REF' }, { key: 'HeadRef', envVar: 'GITHUB_HEAD_REF' }, - { key: 'RefName', envVar: 'GITHUB_REF_NAME' }, { key: 'RunId', envVar: 'GITHUB_RUN_ID' }, - { key: 'RefType', envVar: 'GITHUB_REF_TYPE' }, { key: 'Job', envVar: 'GITHUB_JOB' }, { key: 'TriggeringActor', envVar: 'GITHUB_TRIGGERING_ACTOR' }, ]; -const PROTECTED_TAG_KEYS = new Set(['GitHub', ...PROTECTED_TAG_SOURCES.map((s) => s.key)]); +const PROTECTED_TAG_KEYS = new Set([ + 'GitHub', + ...NON_DROPPABLE_TAG_SOURCES.map((s) => s.key), + ...DROPPABLE_TAG_SOURCES.map((s) => s.key), +]); export function parseAndValidateCustomTags(customTags: string, existingTags: Tag[]): Tag[] { let parsed: unknown; @@ -198,7 +211,13 @@ export async function assumeRole(params: assumeRoleParams) { // Build session tags. Values are sanitized because the AWS tag value spec is more // restrictive than permissible characters in environment variables. const protectedTags: Tag[] = [{ Key: 'GitHub', Value: 'Actions' }]; - for (const { key, envVar } of PROTECTED_TAG_SOURCES) { + for (const { key, envVar } of NON_DROPPABLE_TAG_SOURCES) { + const value = process.env[envVar]; + if (value) { + protectedTags.push({ Key: key, Value: sanitizeGitHubVariables(value) }); + } + } + for (const { key, envVar } of DROPPABLE_TAG_SOURCES) { const value = process.env[envVar]; if (value) { protectedTags.push({ Key: key, Value: sanitizeGitHubVariables(value) }); @@ -206,20 +225,8 @@ export async function assumeRole(params: assumeRoleParams) { } const parsedCustomTags: Tag[] = customTags ? parseAndValidateCustomTags(customTags, protectedTags) : []; - const customTagKeys = new Set(parsedCustomTags.map((t) => t.Key)); - const availableOverrideableSlots = MAX_SESSION_TAGS - protectedTags.length - parsedCustomTags.length; - const overrideableTags: Tag[] = []; - for (const { key, envVar } of OVERRIDEABLE_TAG_SOURCES_BY_PRIORITY) { - if (overrideableTags.length >= availableOverrideableSlots) break; - if (customTagKeys.has(key)) continue; - const value = process.env[envVar]; - if (value) { - overrideableTags.push({ Key: key, Value: sanitizeGitHubVariables(value) }); - } - } - - const tagArray: Tag[] = [...protectedTags, ...overrideableTags, ...parsedCustomTags]; + const tagArray: Tag[] = [...protectedTags, ...parsedCustomTags]; const tags = roleSkipSessionTagging ? undefined : tagArray; if (!tags) { diff --git a/test/index.test.ts b/test/index.test.ts index 93f6abe..d03181a 100644 --- a/test/index.test.ts +++ b/test/index.test.ts @@ -3,6 +3,7 @@ import { AssumeRoleCommand, AssumeRoleWithWebIdentityCommand, GetCallerIdentityCommand, + PackedPolicyTooLargeException, STSClient, } from '@aws-sdk/client-sts'; import { mockClient } from 'aws-sdk-client-mock'; @@ -294,9 +295,9 @@ describe('Configure AWS Credentials', {}, () => { await run(); const tags = mockedSTSClient.commandCalls(AssumeRoleCommand)[0].args[0].input.Tags ?? []; // 7 protected (GitHub + Repository, Workflow, Action, Actor, Commit, Branch) - // + 8 overrideable (EventName, BaseRef, HeadRef, RefName, RunId, RefType, Job, TriggeringActor). - // No custom-tags, all env vars set in mocks.envs → all 15 should be present, nothing else. - expect(tags).toHaveLength(15); + // + 6 droppable (EventName, BaseRef, HeadRef, RunId, Job, TriggeringActor). + // No custom-tags, all env vars set in mocks.envs → all 13 should be present, nothing else. + expect(tags).toHaveLength(13); const tagsByKey = Object.fromEntries(tags.map((t) => [t.Key, t.Value])); expect(tagsByKey).toEqual({ GitHub: 'Actions', @@ -309,14 +310,12 @@ describe('Configure AWS Credentials', {}, () => { EventName: 'pull_request', BaseRef: 'main', HeadRef: 'feature-branch', - RefName: 'feature-branch', RunId: '16412345678', - RefType: 'branch', Job: 'build', TriggeringActor: 'MY-USERNAME_bot_', }); }); - it('omits overrideable tags whose env vars are unset', {}, async () => { + it('omits droppable tags whose env vars are unset', {}, async () => { vi.mocked(core.getInput).mockImplementation(mocks.getInput(mocks.IAM_ASSUMEROLE_INPUTS)); delete process.env.GITHUB_BASE_REF; delete process.env.GITHUB_HEAD_REF; @@ -330,6 +329,27 @@ describe('Configure AWS Credentials', {}, () => { expect(tagKeys).toContain('EventName'); expect(tagKeys).toContain('RunId'); }); + it('drops droppable tags and retries on PackedPolicyTooLargeException', {}, async () => { + vi.mocked(core.getInput).mockImplementation(mocks.getInput(mocks.IAM_ASSUMEROLE_INPUTS)); + mockedSTSClient + .on(AssumeRoleCommand) + .rejectsOnce(new PackedPolicyTooLargeException({ message: 'too large', $metadata: {} })) + .resolvesOnce(mocks.outputs.STS_CREDENTIALS); + await run(); + expect(core.info).toHaveBeenCalledWith('Session tag size is too large; dropping droppable tags and retrying.'); + const retryInput = mockedSTSClient.commandCalls(AssumeRoleCommand)[1].args[0].input; + const retryTagKeys = (retryInput.Tags ?? []).map((t) => t.Key); + expect(retryTagKeys).not.toContain('EventName'); + expect(retryTagKeys).not.toContain('BaseRef'); + expect(retryTagKeys).not.toContain('HeadRef'); + expect(retryTagKeys).not.toContain('RunId'); + expect(retryTagKeys).not.toContain('Job'); + expect(retryTagKeys).not.toContain('TriggeringActor'); + // Protected tags remain + expect(retryTagKeys).toContain('GitHub'); + expect(retryTagKeys).toContain('Repository'); + expect(core.setFailed).not.toHaveBeenCalled(); + }); it('sanitizes invalid characters in env-derived tag values', {}, async () => { vi.mocked(core.getInput).mockImplementation(mocks.getInput(mocks.IAM_ASSUMEROLE_INPUTS)); process.env.GITHUB_HEAD_REF = 'feature/has spaces&bad?chars'; @@ -382,8 +402,6 @@ describe('Configure AWS Credentials', {}, () => { { Key: 'EventName', Value: 'pull_request' }, { Key: 'RunId', Value: '16412345678' }, { Key: 'Job', Value: 'build' }, - { Key: 'RefName', Value: 'feature-branch' }, - { Key: 'RefType', Value: 'branch' }, { Key: 'TriggeringActor', Value: 'MY-USERNAME_bot_' }, { Key: 'Environment', Value: 'Production' }, { Key: 'Team', Value: 'DevOps' }, @@ -432,7 +450,7 @@ describe('Configure AWS Credentials', {}, () => { await run(); expect(core.warning).toHaveBeenCalledWith(expect.stringContaining("'custom-tags' is set but will be ignored")); }); - it('lets custom tags override overrideable default tag keys', {}, async () => { + it('rejects custom tags that conflict with droppable tag keys', {}, async () => { vi.mocked(core.getInput).mockImplementation( mocks.getInput({ ...mocks.IAM_ASSUMEROLE_INPUTS, @@ -440,13 +458,10 @@ describe('Configure AWS Credentials', {}, () => { }), ); await run(); - const tags = mockedSTSClient.commandCalls(AssumeRoleCommand)[0].args[0].input.Tags ?? []; - const eventNameTags = tags.filter((t) => t.Key === 'EventName'); - const baseRefTags = tags.filter((t) => t.Key === 'BaseRef'); - expect(eventNameTags).toHaveLength(1); - expect(eventNameTags[0]?.Value).toBe('workflow_dispatch'); - expect(baseRefTags).toHaveLength(1); - expect(baseRefTags[0]?.Value).toBe('release/2026'); + expect(core.setFailed).toHaveBeenCalledWith( + "custom-tags: key 'EventName' conflicts with a protected session tag set by this action and cannot be overridden", + ); + expect(mockedSTSClient.commandCalls(AssumeRoleCommand)).toHaveLength(0); }); it('rejects custom tags that conflict with the protected Branch tag', {}, async () => { // Regression guard: Branch was a default before v6.2 and must remain unoverridable. @@ -462,62 +477,10 @@ describe('Configure AWS Credentials', {}, () => { ); expect(mockedSTSClient.commandCalls(AssumeRoleCommand)).toHaveLength(0); }); - it('drops lower-priority overrideable tags when custom-tags would exceed the session-tag limit', {}, async () => { - // 7 protected (GitHub + 6 from PROTECTED_TAG_SOURCES) + 40 custom = 47 used → 3 overrideable slots. - // The first 3 overrideable tags by priority are EventName, BaseRef, HeadRef (RefName, RunId, RefType, - // Job, TriggeringActor must be dropped). + it('rejects custom-tags that would exceed the session-tag limit', {}, async () => { + // 13 existing tags (7 non-droppable + 6 droppable) + 38 custom = 51 > 50. const customTagsObj: Record = {}; - for (let i = 0; i < 40; i++) { - customTagsObj[`Custom${i}`] = `value${i}`; - } - vi.mocked(core.getInput).mockImplementation( - mocks.getInput({ - ...mocks.IAM_ASSUMEROLE_INPUTS, - 'custom-tags': JSON.stringify(customTagsObj), - }), - ); - await run(); - const tags = mockedSTSClient.commandCalls(AssumeRoleCommand)[0].args[0].input.Tags ?? []; - const tagKeys = tags.map((t) => t.Key); - expect(tags).toHaveLength(50); - expect(tagKeys).toContain('Branch'); - expect(tagKeys).toContain('EventName'); - expect(tagKeys).toContain('BaseRef'); - expect(tagKeys).toContain('HeadRef'); - expect(tagKeys).not.toContain('RefName'); - expect(tagKeys).not.toContain('RunId'); - expect(tagKeys).not.toContain('RefType'); - expect(tagKeys).not.toContain('Job'); - expect(tagKeys).not.toContain('TriggeringActor'); - }); - it('overridden overrideable tags free a slot for a lower-priority overrideable tag', {}, async () => { - // Same 40-custom-tag scenario as above, but one of the customs overrides BaseRef. - // BaseRef no longer competes for the overrideable budget, so the next-priority overrideable (RefName) gets in. - const customTagsObj: Record = { BaseRef: 'release/2026' }; - for (let i = 0; i < 39; i++) { - customTagsObj[`Custom${i}`] = `value${i}`; - } - vi.mocked(core.getInput).mockImplementation( - mocks.getInput({ - ...mocks.IAM_ASSUMEROLE_INPUTS, - 'custom-tags': JSON.stringify(customTagsObj), - }), - ); - await run(); - const tags = mockedSTSClient.commandCalls(AssumeRoleCommand)[0].args[0].input.Tags ?? []; - const tagKeys = tags.map((t) => t.Key); - expect(tags).toHaveLength(50); - expect(tagKeys).toContain('Branch'); - expect(tagKeys).toContain('EventName'); - expect(tagKeys).toContain('BaseRef'); - expect(tagKeys).toContain('HeadRef'); - expect(tagKeys).toContain('RefName'); - expect(tagKeys).not.toContain('RunId'); - }); - it('rejects custom-tags that would exceed the session-tag limit on their own', {}, async () => { - // 7 protected + 44 custom = 51, which is over 50 even with zero overrideable tags. - const customTagsObj: Record = {}; - for (let i = 0; i < 44; i++) { + for (let i = 0; i < 38; i++) { customTagsObj[`Custom${i}`] = `value${i}`; } vi.mocked(core.getInput).mockImplementation( @@ -530,12 +493,10 @@ describe('Configure AWS Credentials', {}, () => { expect(core.setFailed).toHaveBeenCalledWith(expect.stringContaining('would exceed the AWS limit of 50')); expect(mockedSTSClient.commandCalls(AssumeRoleCommand)).toHaveLength(0); }); - it('drops transitive-tag-keys entries that refer to evicted overrideable tags', {}, async () => { - // Force eviction of all overrideable tags below EventName/BaseRef/HeadRef. The user transitive-tags - // RunId (which gets evicted) and Repository (which is protected and stays). The TransitiveTagKeys - // payload must include only the keys that actually appear in Tags. + it('allows custom-tags up to the session-tag limit', {}, async () => { + // 13 existing tags + 37 custom = 50, exactly at the limit. const customTagsObj: Record = {}; - for (let i = 0; i < 40; i++) { + for (let i = 0; i < 37; i++) { customTagsObj[`Custom${i}`] = `value${i}`; } vi.mocked(core.getInput).mockImplementation( @@ -544,15 +505,10 @@ describe('Configure AWS Credentials', {}, () => { 'custom-tags': JSON.stringify(customTagsObj), }), ); - vi.mocked(core.getMultilineInput).mockImplementation((name: string) => { - if (name === 'transitive-tag-keys') return ['Repository', 'RunId']; - return []; - }); await run(); - const callInput = mockedSTSClient.commandCalls(AssumeRoleCommand)[0].args[0].input; - const tagKeys = (callInput.Tags ?? []).map((t) => t.Key); - expect(tagKeys).not.toContain('RunId'); - expect(callInput.TransitiveTagKeys).toEqual(['Repository']); + expect(core.setFailed).not.toHaveBeenCalled(); + const tags = mockedSTSClient.commandCalls(AssumeRoleCommand)[0].args[0].input.Tags ?? []; + expect(tags).toHaveLength(50); }); }); diff --git a/test/mockinputs.test.ts b/test/mockinputs.test.ts index cfc4125..68ee8a0 100644 --- a/test/mockinputs.test.ts +++ b/test/mockinputs.test.ts @@ -105,8 +105,6 @@ const envs = { GITHUB_EVENT_NAME: 'pull_request', GITHUB_RUN_ID: '16412345678', GITHUB_JOB: 'build', - GITHUB_REF_NAME: 'feature-branch', - GITHUB_REF_TYPE: 'branch', GITHUB_BASE_REF: 'main', GITHUB_HEAD_REF: 'feature-branch', GITHUB_TRIGGERING_ACTOR: 'MY-USERNAME[bot]', From ddea58d97b83bb690d312f7173b8ff9005653577 Mon Sep 17 00:00:00 2001 From: Michael Lehmann Date: Mon, 1 Jun 2026 13:21:07 -0700 Subject: [PATCH 04/16] minor edits to documentation, README update for clarity --- README.md | 28 ++++++++++++++++++++++------ action.yml | 2 +- src/assumeRole.ts | 5 ++--- 3 files changed, 25 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 5dbc3a6..4d2f969 100644 --- a/README.md +++ b/README.md @@ -623,15 +623,31 @@ For further information on OIDC and GitHub Actions, please see: - [GitHub docs: Configuring OpenID Connect in Amazon Web Services](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services) - [GitHub changelog: GitHub Actions: Secure cloud deployments with OpenID Connect](https://github.blog/changelog/2021-10-27-github-actions-secure-cloud-deployments-with-openid-connect/) -## Running in AWS Containers +## Getting Credentials in AWS Self-Hosted Runners -To run this action using self-hosted action runners on AWS Containers such as -Codebuild or EKS, you may need to set `role-chaining: true`. +If you are running GitHub Actions in a self-hosted runner using an AWS Service +(such as Codebuild or EKS) and you have properly configured the service, +credentials should be available by default; the AWS CLI will fetch credentials +using the AWS_CONTAINER_CREDENTIALS_FULL_URI or +AWS_CONTAINER_CREDENTIALS_RELATIVE_URI environment variables. However, you may +still want to use this action if you need to export those credentials for use +with other tools in your workflow. You may also want to use this action in +scenarios where you need to use that 'default' role to assume another role. -If you are using EKS and encountering an error related to the packed size of -session tags, set `role-skip-session-tagging: true`. Alternatively, you may +To export credentials, simply run the action with `role-to-assume` set to the +default role of the container. + +To assume another role from the container's default role, use the +`role-chaining: true` flag, so that the action fetches the default credentials +from the environment before assuming the other role. + +If you are using EKS Pod Identities and encountering an error related to the +packed size of session tags, you must either run the action with +`role-skip-session-tagging: true` to disable the tags set by the action, or [disable EKS session tagging][eks-disable-session-tagging] in the EKS settings -if you do not need those predefined tags. +to disable the tags that are automatically set by the EKS Pod Identity Service. +Check the values of the action's session tags and the session tags that are +added by EKS so you can keep the set of tags which is more useful to you. [eks-disable-session-tagging]: https://docs.aws.amazon.com/eks/latest/userguide/pod-id-abac.html#pod-id-abac-tags diff --git a/action.yml b/action.yml index fbe5923..318c99d 100644 --- a/action.yml +++ b/action.yml @@ -34,7 +34,7 @@ inputs: description: Use the web identity token file from the provided file system path in order to assume an IAM role using a web identity, e.g. from within an Amazon EKS worker node. required: false role-chaining: - description: Use existing credentials from the environment to assume a new role, rather than providing credentials as input. This is sometimes useful when running on a self-hosted runner with container-sourced credentials. + description: Use existing credentials from the environment to assume a new role, rather than providing credentials as input. required: false audience: description: The audience to use for the OIDC provider diff --git a/src/assumeRole.ts b/src/assumeRole.ts index 6c91917..95f6bdc 100644 --- a/src/assumeRole.ts +++ b/src/assumeRole.ts @@ -108,9 +108,8 @@ const NON_DROPPABLE_TAG_SOURCES: ReadonlyArray<{ key: string; envVar: string }> { key: 'Branch', envVar: 'GITHUB_REF' }, ]; -// Convenience metadata. Will be dropped if session tag size is too large. -// Logic for dropping tags by priority has been removed; it seems unlikely that -// the limit of 50 tags will be hit without first hitting the size limit. +// Convenience metadata. If the AssumeRole call fails due to compressed size of +// session tags being too large, we will drop these tags and retry once. const DROPPABLE_TAG_SOURCES: ReadonlyArray<{ key: string; envVar: string }> = [ { key: 'EventName', envVar: 'GITHUB_EVENT_NAME' }, { key: 'BaseRef', envVar: 'GITHUB_BASE_REF' }, From 1c7e56f636f8f10e95a2c46049e48d58daf2e110 Mon Sep 17 00:00:00 2001 From: Michael Lehmann Date: Mon, 1 Jun 2026 13:32:57 -0700 Subject: [PATCH 05/16] linting fix --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 4d2f969..09f4b69 100644 --- a/README.md +++ b/README.md @@ -637,7 +637,7 @@ scenarios where you need to use that 'default' role to assume another role. To export credentials, simply run the action with `role-to-assume` set to the default role of the container. -To assume another role from the container's default role, use the +To assume another role from the container's default role, use the `role-chaining: true` flag, so that the action fetches the default credentials from the environment before assuming the other role. From d6f5dc331b44474b19a52caaf85fa4d637b13c8e Mon Sep 17 00:00:00 2001 From: Michael Lehmann Date: Mon, 1 Jun 2026 13:55:23 -0700 Subject: [PATCH 06/16] fix: assumeRole failing from session tag size too large (#1808) * minor readme fixes and print tags when debugging * redo changes from #1780 * reworked new tags/priority behavior, add drop tags and retry logic * minor edits to documentation, README update for clarity * linting fix --- README.md | 83 +++++++++++++++++------- src/assumeRole.ts | 56 ++++++++++------- test/index.test.ts | 136 +++++++++++++++------------------------- test/mockinputs.test.ts | 2 - 4 files changed, 143 insertions(+), 134 deletions(-) diff --git a/README.md b/README.md index b67698c..09f4b69 100644 --- a/README.md +++ b/README.md @@ -168,6 +168,7 @@ detail. | role-session-name | Defaults to "GitHubActions", but may be changed if required. | No | | role-skip-session-tagging | Skips session tagging if set. | No | | transitive-tag-keys | Define a list of transitive tag keys to pass when assuming a role. | No | +| custom-tags | Additional tags to apply to the assumed role session. Must be a JSON object provided as a string. Custom tags are not usable with OIDC or web identity token authentication. | No | | inline-session-policy | You may further restrict the assumed role policy by defining an inline policy here. | No | | managed-session-policies | You may further restrict the assumed role policy by specifying a managed policy here. | No | | output-credentials | When set, outputs fetched credentials as action step output. (Outputs aws-access-key-id, aws-secret-access-key, aws-session-token, aws-account-id, authenticated-arn, and aws-expiration). Defaults to false. | No | @@ -180,6 +181,8 @@ detail. | allowed-account-ids | A comma-delimited list of expected AWS account IDs. The action will fail if we receive credentials for the wrong account. | No | | force-skip-oidc | When set, the action will skip using GitHub OIDC provider even if the id-token permission is set. | No | | action-timeout-s | Global timeout for the action in seconds. If set to a value greater than 0, the action will fail if it takes longer than this time to complete. | No | +| no-proxy | Hosts to skip for the proxy configuration. | No | +| sts-endpoint | Custom STS endpoint URL. Use this to point to an STS-compatible API (e.g. MinIO, LocalStack) instead of the default AWS STS endpoint for the region. | No | @@ -350,8 +353,7 @@ documentation for `GITHUB_` environment variable definitions][gh-env-vars]) [gh-env-vars]: https://docs.github.com/en/actions/reference/workflows-and-actions/variables#default-environment-variables -**Protected tags** are always emitted when session tags are used, and cannot be -overridden via `custom-tags`: +**Default tags** are always emitted when session tags are used. | Key | Value | | ---------- | ----------------- | @@ -363,21 +365,24 @@ overridden via `custom-tags`: | Commit | GITHUB_SHA | | Branch | GITHUB_REF | -**Overrideable tags** are automatically added to the set of default session tags -but may be overridden via `custom-tags`. AWS has a maximum limit of 50 session -tags; tags from this list are dropped in reverse priority order if your -`custom-tags` set plus the protected set exceeds this limit. +**Droppable tags** are automatically added to the set of default session tags. +If the session tags exceed the [packed size limit][packed-size-limit], these +tags will be dropped, and the AssumeRole call will be retried. If it still +fails, the action will error out. (It is difficult to predict the packed size +before making the call, as session tags and session policies are compressed into +a binary format as part of the call.) -| Key | Value | Priority | -| --------------- | ----------------------- | -------- | -| EventName | GITHUB_EVENT_NAME | 1 | -| BaseRef | GITHUB_BASE_REF | 2 | -| HeadRef | GITHUB_HEAD_REF | 3 | -| RefName | GITHUB_REF_NAME | 4 | -| RunId | GITHUB_RUN_ID | 5 | -| RefType | GITHUB_REF_TYPE | 6 | -| Job | GITHUB_JOB | 7 | -| TriggeringActor | GITHUB_TRIGGERING_ACTOR | 8 | +[packed-size-limit]: + https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_know + +| Key | Value | +| --------------- | ----------------------- | +| EventName | GITHUB_EVENT_NAME | +| BaseRef | GITHUB_BASE_REF | +| HeadRef | GITHUB_HEAD_REF | +| RunId | GITHUB_RUN_ID | +| Job | GITHUB_JOB | +| TriggeringActor | GITHUB_TRIGGERING_ACTOR | Tags whose source environment variable is unset are omitted (e.g., `BaseRef` and `HeadRef` are only set on `pull_request` events). @@ -385,21 +390,21 @@ Tags whose source environment variable is unset are omitted (e.g., `BaseRef` and _Note: all tag values must conform to [the tag requirements][sts-tag-requirements]. Values longer than 256 characters will be truncated, and characters outside the -allowed set will be replaced with an underscore (`_`).\_ +allowed set will be replaced with an underscore (`_`)._ [sts-tag-requirements]: https://docs.aws.amazon.com/STS/latest/APIReference/API_Tag.html -The action will use session tagging by default unless you are using OIDC. +The action will use session tagging by default unless you are using OIDC or a +Web Identify Token File. To [forward session tags to subsequent sessions in a role -chain][session-tag-chaining], you can use +chain][session-tag-chaining], you can use the `transitive-tag-keys` input to +specify the keys of the tags to be passed. [session-tag-chaining]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining -the `transitive-tag-keys` input to specify the keys of the tags to be passed. - _Note that all subsequent roles in the chain must have `role-skip-session-tagging` set to `true`_ @@ -416,9 +421,10 @@ with: ### Custom session tags You can add custom session tags using the `custom-tags` input, which accepts a -JSON object. Custom tags cannot override protected tags, but they can override -overrideable tags (in which case the overrideable tag's slot is freed for the -next overrideable tag in the priority list, if any). +JSON object. Custom tags cannot override existing tags. Note that AWS allows a +maximum of 50 tags (so you can supply a maximum of 43 custom tags), although it +is likely that you will exceed the [packed size limit][packed-size-limit] +before you exceed the maximum number of tags. ```yaml uses: aws-actions/configure-aws-credentials@v6 @@ -617,6 +623,35 @@ For further information on OIDC and GitHub Actions, please see: - [GitHub docs: Configuring OpenID Connect in Amazon Web Services](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services) - [GitHub changelog: GitHub Actions: Secure cloud deployments with OpenID Connect](https://github.blog/changelog/2021-10-27-github-actions-secure-cloud-deployments-with-openid-connect/) +## Getting Credentials in AWS Self-Hosted Runners + +If you are running GitHub Actions in a self-hosted runner using an AWS Service +(such as Codebuild or EKS) and you have properly configured the service, +credentials should be available by default; the AWS CLI will fetch credentials +using the AWS_CONTAINER_CREDENTIALS_FULL_URI or +AWS_CONTAINER_CREDENTIALS_RELATIVE_URI environment variables. However, you may +still want to use this action if you need to export those credentials for use +with other tools in your workflow. You may also want to use this action in +scenarios where you need to use that 'default' role to assume another role. + +To export credentials, simply run the action with `role-to-assume` set to the +default role of the container. + +To assume another role from the container's default role, use the +`role-chaining: true` flag, so that the action fetches the default credentials +from the environment before assuming the other role. + +If you are using EKS Pod Identities and encountering an error related to the +packed size of session tags, you must either run the action with +`role-skip-session-tagging: true` to disable the tags set by the action, or +[disable EKS session tagging][eks-disable-session-tagging] in the EKS settings +to disable the tags that are automatically set by the EKS Pod Identity Service. +Check the values of the action's session tags and the session tags that are +added by EKS so you can keep the set of tags which is more useful to you. + +[eks-disable-session-tagging]: + https://docs.aws.amazon.com/eks/latest/userguide/pod-id-abac.html#pod-id-abac-tags + ## Compatibility with non-GitHub Actions environments This action has been sucessfully tested with diff --git a/src/assumeRole.ts b/src/assumeRole.ts index ebf27a6..95f6bdc 100644 --- a/src/assumeRole.ts +++ b/src/assumeRole.ts @@ -2,7 +2,11 @@ import assert from 'node:assert'; import path from 'node:path'; import * as core from '@actions/core'; import type { AssumeRoleCommandInput, STSClient, Tag } from '@aws-sdk/client-sts'; -import { AssumeRoleCommand, AssumeRoleWithWebIdentityCommand } from '@aws-sdk/client-sts'; +import { + AssumeRoleCommand, + AssumeRoleWithWebIdentityCommand, + PackedPolicyTooLargeException, +} from '@aws-sdk/client-sts'; import type { CredentialsClient } from './CredentialsClient'; import { errorMessage, isDefined, readFileUtf8, sanitizeGitHubVariables } from './helpers'; @@ -42,6 +46,7 @@ async function assumeRoleWithWebIdentityTokenFile( core.info('Assuming role with web identity token file'); try { delete params.Tags; + delete params.TransitiveTagKeys; const creds = await client.send( new AssumeRoleWithWebIdentityCommand({ ...params, @@ -60,6 +65,13 @@ async function assumeRoleWithCredentials(params: AssumeRoleCommandInput, client: const creds = await client.send(new AssumeRoleCommand({ ...params })); return creds; } catch (error) { + if (error instanceof PackedPolicyTooLargeException) { + core.info('Session tag size is too large; dropping droppable tags and retrying.'); + const droppableKeys = new Set(DROPPABLE_TAG_SOURCES.map((s) => s.key)); + params.Tags = params.Tags?.filter((tag) => !droppableKeys.has(tag.Key ?? '')); + const creds = await client.send(new AssumeRoleCommand({ ...params })); + return creds; + } throw new Error(`Could not assume role with user credentials: ${errorMessage(error)}`); } } @@ -86,8 +98,8 @@ const MAX_TAG_KEY_LENGTH = 128; const MAX_TAG_VALUE_LENGTH = 256; const MAX_SESSION_TAGS = 50; -// Identity/audit primitives. Always emitted and cannot be overridden by custom-tags. -const PROTECTED_TAG_SOURCES: ReadonlyArray<{ key: string; envVar: string }> = [ +// Identity/audit primitives. Always emitted and cannot be dropped. +const NON_DROPPABLE_TAG_SOURCES: ReadonlyArray<{ key: string; envVar: string }> = [ { key: 'Repository', envVar: 'GITHUB_REPOSITORY' }, { key: 'Workflow', envVar: 'GITHUB_WORKFLOW' }, { key: 'Action', envVar: 'GITHUB_ACTION' }, @@ -96,21 +108,22 @@ const PROTECTED_TAG_SOURCES: ReadonlyArray<{ key: string; envVar: string }> = [ { key: 'Branch', envVar: 'GITHUB_REF' }, ]; -// Convenience metadata. Custom-tags may override (suppresses the default for that key). -// Listed in priority order; lower-priority entries are dropped first if the user's custom-tags -// would push the total above MAX_SESSION_TAGS. -const OVERRIDEABLE_TAG_SOURCES_BY_PRIORITY: ReadonlyArray<{ key: string; envVar: string }> = [ +// Convenience metadata. If the AssumeRole call fails due to compressed size of +// session tags being too large, we will drop these tags and retry once. +const DROPPABLE_TAG_SOURCES: ReadonlyArray<{ key: string; envVar: string }> = [ { key: 'EventName', envVar: 'GITHUB_EVENT_NAME' }, { key: 'BaseRef', envVar: 'GITHUB_BASE_REF' }, { key: 'HeadRef', envVar: 'GITHUB_HEAD_REF' }, - { key: 'RefName', envVar: 'GITHUB_REF_NAME' }, { key: 'RunId', envVar: 'GITHUB_RUN_ID' }, - { key: 'RefType', envVar: 'GITHUB_REF_TYPE' }, { key: 'Job', envVar: 'GITHUB_JOB' }, { key: 'TriggeringActor', envVar: 'GITHUB_TRIGGERING_ACTOR' }, ]; -const PROTECTED_TAG_KEYS = new Set(['GitHub', ...PROTECTED_TAG_SOURCES.map((s) => s.key)]); +const PROTECTED_TAG_KEYS = new Set([ + 'GitHub', + ...NON_DROPPABLE_TAG_SOURCES.map((s) => s.key), + ...DROPPABLE_TAG_SOURCES.map((s) => s.key), +]); export function parseAndValidateCustomTags(customTags: string, existingTags: Tag[]): Tag[] { let parsed: unknown; @@ -197,7 +210,13 @@ export async function assumeRole(params: assumeRoleParams) { // Build session tags. Values are sanitized because the AWS tag value spec is more // restrictive than permissible characters in environment variables. const protectedTags: Tag[] = [{ Key: 'GitHub', Value: 'Actions' }]; - for (const { key, envVar } of PROTECTED_TAG_SOURCES) { + for (const { key, envVar } of NON_DROPPABLE_TAG_SOURCES) { + const value = process.env[envVar]; + if (value) { + protectedTags.push({ Key: key, Value: sanitizeGitHubVariables(value) }); + } + } + for (const { key, envVar } of DROPPABLE_TAG_SOURCES) { const value = process.env[envVar]; if (value) { protectedTags.push({ Key: key, Value: sanitizeGitHubVariables(value) }); @@ -205,26 +224,15 @@ export async function assumeRole(params: assumeRoleParams) { } const parsedCustomTags: Tag[] = customTags ? parseAndValidateCustomTags(customTags, protectedTags) : []; - const customTagKeys = new Set(parsedCustomTags.map((t) => t.Key)); - const availableOverrideableSlots = MAX_SESSION_TAGS - protectedTags.length - parsedCustomTags.length; - const overrideableTags: Tag[] = []; - for (const { key, envVar } of OVERRIDEABLE_TAG_SOURCES_BY_PRIORITY) { - if (overrideableTags.length >= availableOverrideableSlots) break; - if (customTagKeys.has(key)) continue; - const value = process.env[envVar]; - if (value) { - overrideableTags.push({ Key: key, Value: sanitizeGitHubVariables(value) }); - } - } - - const tagArray: Tag[] = [...protectedTags, ...overrideableTags, ...parsedCustomTags]; + const tagArray: Tag[] = [...protectedTags, ...parsedCustomTags]; const tags = roleSkipSessionTagging ? undefined : tagArray; if (!tags) { core.debug('Role session tagging has been skipped.'); } else { core.debug(`${tags.length} role session tags are being used:`); + core.debug(JSON.stringify(tagArray)); } //only populate transitiveTagKeys array if user is actually using session tagging diff --git a/test/index.test.ts b/test/index.test.ts index 3970951..d03181a 100644 --- a/test/index.test.ts +++ b/test/index.test.ts @@ -3,6 +3,7 @@ import { AssumeRoleCommand, AssumeRoleWithWebIdentityCommand, GetCallerIdentityCommand, + PackedPolicyTooLargeException, STSClient, } from '@aws-sdk/client-sts'; import { mockClient } from 'aws-sdk-client-mock'; @@ -202,6 +203,18 @@ describe('Configure AWS Credentials', {}, () => { expect(core.setOutput).toHaveBeenCalledTimes(2); expect(core.setFailed).not.toHaveBeenCalled(); }); + it('does not send Tags or TransitiveTagKeys to AssumeRoleWithWebIdentity', async () => { + // AssumeRoleWithWebIdentity reads session tags from JWT claims, not the request. + // Both fields must be stripped before the STS call. + vi.mocked(core.getMultilineInput).mockImplementation((name: string) => { + if (name === 'transitive-tag-keys') return ['Repository']; + return []; + }); + await run(); + const callInput = mockedSTSClient.commandCalls(AssumeRoleWithWebIdentityCommand)[0].args[0].input; + expect(callInput.Tags).toBeUndefined(); + expect(callInput.TransitiveTagKeys).toBeUndefined(); + }); }); describe('Assume existing role', {}, () => { @@ -282,9 +295,9 @@ describe('Configure AWS Credentials', {}, () => { await run(); const tags = mockedSTSClient.commandCalls(AssumeRoleCommand)[0].args[0].input.Tags ?? []; // 7 protected (GitHub + Repository, Workflow, Action, Actor, Commit, Branch) - // + 8 overrideable (EventName, BaseRef, HeadRef, RefName, RunId, RefType, Job, TriggeringActor). - // No custom-tags, all env vars set in mocks.envs → all 15 should be present, nothing else. - expect(tags).toHaveLength(15); + // + 6 droppable (EventName, BaseRef, HeadRef, RunId, Job, TriggeringActor). + // No custom-tags, all env vars set in mocks.envs → all 13 should be present, nothing else. + expect(tags).toHaveLength(13); const tagsByKey = Object.fromEntries(tags.map((t) => [t.Key, t.Value])); expect(tagsByKey).toEqual({ GitHub: 'Actions', @@ -297,14 +310,12 @@ describe('Configure AWS Credentials', {}, () => { EventName: 'pull_request', BaseRef: 'main', HeadRef: 'feature-branch', - RefName: 'feature-branch', RunId: '16412345678', - RefType: 'branch', Job: 'build', TriggeringActor: 'MY-USERNAME_bot_', }); }); - it('omits overrideable tags whose env vars are unset', {}, async () => { + it('omits droppable tags whose env vars are unset', {}, async () => { vi.mocked(core.getInput).mockImplementation(mocks.getInput(mocks.IAM_ASSUMEROLE_INPUTS)); delete process.env.GITHUB_BASE_REF; delete process.env.GITHUB_HEAD_REF; @@ -318,6 +329,27 @@ describe('Configure AWS Credentials', {}, () => { expect(tagKeys).toContain('EventName'); expect(tagKeys).toContain('RunId'); }); + it('drops droppable tags and retries on PackedPolicyTooLargeException', {}, async () => { + vi.mocked(core.getInput).mockImplementation(mocks.getInput(mocks.IAM_ASSUMEROLE_INPUTS)); + mockedSTSClient + .on(AssumeRoleCommand) + .rejectsOnce(new PackedPolicyTooLargeException({ message: 'too large', $metadata: {} })) + .resolvesOnce(mocks.outputs.STS_CREDENTIALS); + await run(); + expect(core.info).toHaveBeenCalledWith('Session tag size is too large; dropping droppable tags and retrying.'); + const retryInput = mockedSTSClient.commandCalls(AssumeRoleCommand)[1].args[0].input; + const retryTagKeys = (retryInput.Tags ?? []).map((t) => t.Key); + expect(retryTagKeys).not.toContain('EventName'); + expect(retryTagKeys).not.toContain('BaseRef'); + expect(retryTagKeys).not.toContain('HeadRef'); + expect(retryTagKeys).not.toContain('RunId'); + expect(retryTagKeys).not.toContain('Job'); + expect(retryTagKeys).not.toContain('TriggeringActor'); + // Protected tags remain + expect(retryTagKeys).toContain('GitHub'); + expect(retryTagKeys).toContain('Repository'); + expect(core.setFailed).not.toHaveBeenCalled(); + }); it('sanitizes invalid characters in env-derived tag values', {}, async () => { vi.mocked(core.getInput).mockImplementation(mocks.getInput(mocks.IAM_ASSUMEROLE_INPUTS)); process.env.GITHUB_HEAD_REF = 'feature/has spaces&bad?chars'; @@ -370,8 +402,6 @@ describe('Configure AWS Credentials', {}, () => { { Key: 'EventName', Value: 'pull_request' }, { Key: 'RunId', Value: '16412345678' }, { Key: 'Job', Value: 'build' }, - { Key: 'RefName', Value: 'feature-branch' }, - { Key: 'RefType', Value: 'branch' }, { Key: 'TriggeringActor', Value: 'MY-USERNAME_bot_' }, { Key: 'Environment', Value: 'Production' }, { Key: 'Team', Value: 'DevOps' }, @@ -420,7 +450,7 @@ describe('Configure AWS Credentials', {}, () => { await run(); expect(core.warning).toHaveBeenCalledWith(expect.stringContaining("'custom-tags' is set but will be ignored")); }); - it('lets custom tags override overrideable default tag keys', {}, async () => { + it('rejects custom tags that conflict with droppable tag keys', {}, async () => { vi.mocked(core.getInput).mockImplementation( mocks.getInput({ ...mocks.IAM_ASSUMEROLE_INPUTS, @@ -428,13 +458,10 @@ describe('Configure AWS Credentials', {}, () => { }), ); await run(); - const tags = mockedSTSClient.commandCalls(AssumeRoleCommand)[0].args[0].input.Tags ?? []; - const eventNameTags = tags.filter((t) => t.Key === 'EventName'); - const baseRefTags = tags.filter((t) => t.Key === 'BaseRef'); - expect(eventNameTags).toHaveLength(1); - expect(eventNameTags[0]?.Value).toBe('workflow_dispatch'); - expect(baseRefTags).toHaveLength(1); - expect(baseRefTags[0]?.Value).toBe('release/2026'); + expect(core.setFailed).toHaveBeenCalledWith( + "custom-tags: key 'EventName' conflicts with a protected session tag set by this action and cannot be overridden", + ); + expect(mockedSTSClient.commandCalls(AssumeRoleCommand)).toHaveLength(0); }); it('rejects custom tags that conflict with the protected Branch tag', {}, async () => { // Regression guard: Branch was a default before v6.2 and must remain unoverridable. @@ -450,62 +477,10 @@ describe('Configure AWS Credentials', {}, () => { ); expect(mockedSTSClient.commandCalls(AssumeRoleCommand)).toHaveLength(0); }); - it('drops lower-priority overrideable tags when custom-tags would exceed the session-tag limit', {}, async () => { - // 7 protected (GitHub + 6 from PROTECTED_TAG_SOURCES) + 40 custom = 47 used → 3 overrideable slots. - // The first 3 overrideable tags by priority are EventName, BaseRef, HeadRef (RefName, RunId, RefType, - // Job, TriggeringActor must be dropped). + it('rejects custom-tags that would exceed the session-tag limit', {}, async () => { + // 13 existing tags (7 non-droppable + 6 droppable) + 38 custom = 51 > 50. const customTagsObj: Record = {}; - for (let i = 0; i < 40; i++) { - customTagsObj[`Custom${i}`] = `value${i}`; - } - vi.mocked(core.getInput).mockImplementation( - mocks.getInput({ - ...mocks.IAM_ASSUMEROLE_INPUTS, - 'custom-tags': JSON.stringify(customTagsObj), - }), - ); - await run(); - const tags = mockedSTSClient.commandCalls(AssumeRoleCommand)[0].args[0].input.Tags ?? []; - const tagKeys = tags.map((t) => t.Key); - expect(tags).toHaveLength(50); - expect(tagKeys).toContain('Branch'); - expect(tagKeys).toContain('EventName'); - expect(tagKeys).toContain('BaseRef'); - expect(tagKeys).toContain('HeadRef'); - expect(tagKeys).not.toContain('RefName'); - expect(tagKeys).not.toContain('RunId'); - expect(tagKeys).not.toContain('RefType'); - expect(tagKeys).not.toContain('Job'); - expect(tagKeys).not.toContain('TriggeringActor'); - }); - it('overridden overrideable tags free a slot for a lower-priority overrideable tag', {}, async () => { - // Same 40-custom-tag scenario as above, but one of the customs overrides BaseRef. - // BaseRef no longer competes for the overrideable budget, so the next-priority overrideable (RefName) gets in. - const customTagsObj: Record = { BaseRef: 'release/2026' }; - for (let i = 0; i < 39; i++) { - customTagsObj[`Custom${i}`] = `value${i}`; - } - vi.mocked(core.getInput).mockImplementation( - mocks.getInput({ - ...mocks.IAM_ASSUMEROLE_INPUTS, - 'custom-tags': JSON.stringify(customTagsObj), - }), - ); - await run(); - const tags = mockedSTSClient.commandCalls(AssumeRoleCommand)[0].args[0].input.Tags ?? []; - const tagKeys = tags.map((t) => t.Key); - expect(tags).toHaveLength(50); - expect(tagKeys).toContain('Branch'); - expect(tagKeys).toContain('EventName'); - expect(tagKeys).toContain('BaseRef'); - expect(tagKeys).toContain('HeadRef'); - expect(tagKeys).toContain('RefName'); - expect(tagKeys).not.toContain('RunId'); - }); - it('rejects custom-tags that would exceed the session-tag limit on their own', {}, async () => { - // 7 protected + 44 custom = 51, which is over 50 even with zero overrideable tags. - const customTagsObj: Record = {}; - for (let i = 0; i < 44; i++) { + for (let i = 0; i < 38; i++) { customTagsObj[`Custom${i}`] = `value${i}`; } vi.mocked(core.getInput).mockImplementation( @@ -518,12 +493,10 @@ describe('Configure AWS Credentials', {}, () => { expect(core.setFailed).toHaveBeenCalledWith(expect.stringContaining('would exceed the AWS limit of 50')); expect(mockedSTSClient.commandCalls(AssumeRoleCommand)).toHaveLength(0); }); - it('drops transitive-tag-keys entries that refer to evicted overrideable tags', {}, async () => { - // Force eviction of all overrideable tags below EventName/BaseRef/HeadRef. The user transitive-tags - // RunId (which gets evicted) and Repository (which is protected and stays). The TransitiveTagKeys - // payload must include only the keys that actually appear in Tags. + it('allows custom-tags up to the session-tag limit', {}, async () => { + // 13 existing tags + 37 custom = 50, exactly at the limit. const customTagsObj: Record = {}; - for (let i = 0; i < 40; i++) { + for (let i = 0; i < 37; i++) { customTagsObj[`Custom${i}`] = `value${i}`; } vi.mocked(core.getInput).mockImplementation( @@ -532,15 +505,10 @@ describe('Configure AWS Credentials', {}, () => { 'custom-tags': JSON.stringify(customTagsObj), }), ); - vi.mocked(core.getMultilineInput).mockImplementation((name: string) => { - if (name === 'transitive-tag-keys') return ['Repository', 'RunId']; - return []; - }); await run(); - const callInput = mockedSTSClient.commandCalls(AssumeRoleCommand)[0].args[0].input; - const tagKeys = (callInput.Tags ?? []).map((t) => t.Key); - expect(tagKeys).not.toContain('RunId'); - expect(callInput.TransitiveTagKeys).toEqual(['Repository']); + expect(core.setFailed).not.toHaveBeenCalled(); + const tags = mockedSTSClient.commandCalls(AssumeRoleCommand)[0].args[0].input.Tags ?? []; + expect(tags).toHaveLength(50); }); }); diff --git a/test/mockinputs.test.ts b/test/mockinputs.test.ts index cfc4125..68ee8a0 100644 --- a/test/mockinputs.test.ts +++ b/test/mockinputs.test.ts @@ -105,8 +105,6 @@ const envs = { GITHUB_EVENT_NAME: 'pull_request', GITHUB_RUN_ID: '16412345678', GITHUB_JOB: 'build', - GITHUB_REF_NAME: 'feature-branch', - GITHUB_REF_TYPE: 'branch', GITHUB_BASE_REF: 'main', GITHUB_HEAD_REF: 'feature-branch', GITHUB_TRIGGERING_ACTOR: 'MY-USERNAME[bot]', From bbbffeab006c826c4fef54517722e4bd6ad7e5ce Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Mon, 1 Jun 2026 21:59:55 +0000 Subject: [PATCH 07/16] chore: Update dist --- dist/index.js | 46 ++++++++++++++++++++++++++-------------------- 1 file changed, 26 insertions(+), 20 deletions(-) diff --git a/dist/index.js b/dist/index.js index 174f632..051134f 100644 --- a/dist/index.js +++ b/dist/index.js @@ -44986,7 +44986,7 @@ var require_errors2 = __commonJS({ } }; exports2.MalformedPolicyDocumentException = MalformedPolicyDocumentException2; - var PackedPolicyTooLargeException2 = class _PackedPolicyTooLargeException extends STSServiceException_1.STSServiceException { + var PackedPolicyTooLargeException3 = class _PackedPolicyTooLargeException extends STSServiceException_1.STSServiceException { name = "PackedPolicyTooLargeException"; $fault = "client"; constructor(opts) { @@ -44998,7 +44998,7 @@ var require_errors2 = __commonJS({ Object.setPrototypeOf(this, _PackedPolicyTooLargeException.prototype); } }; - exports2.PackedPolicyTooLargeException = PackedPolicyTooLargeException2; + exports2.PackedPolicyTooLargeException = PackedPolicyTooLargeException3; var RegionDisabledException2 = class _RegionDisabledException extends STSServiceException_1.STSServiceException { name = "RegionDisabledException"; $fault = "client"; @@ -74060,6 +74060,7 @@ async function assumeRoleWithWebIdentityTokenFile(params, client, webIdentityTok info("Assuming role with web identity token file"); try { delete params.Tags; + delete params.TransitiveTagKeys; const creds = await client.send( new import_client_sts2.AssumeRoleWithWebIdentityCommand({ ...params, @@ -74077,6 +74078,13 @@ async function assumeRoleWithCredentials(params, client) { const creds = await client.send(new import_client_sts2.AssumeRoleCommand({ ...params })); return creds; } catch (error3) { + if (error3 instanceof import_client_sts2.PackedPolicyTooLargeException) { + info("Session tag size is too large; dropping droppable tags and retrying."); + const droppableKeys = new Set(DROPPABLE_TAG_SOURCES.map((s) => s.key)); + params.Tags = params.Tags?.filter((tag2) => !droppableKeys.has(tag2.Key ?? "")); + const creds = await client.send(new import_client_sts2.AssumeRoleCommand({ ...params })); + return creds; + } throw new Error(`Could not assume role with user credentials: ${errorMessage(error3)}`); } } @@ -74085,7 +74093,7 @@ var TAG_VALUE_REGEX = /^[\p{L}\p{Z}\p{N}_.:/=+\-@]*$/u; var MAX_TAG_KEY_LENGTH = 128; var MAX_TAG_VALUE_LENGTH2 = 256; var MAX_SESSION_TAGS = 50; -var PROTECTED_TAG_SOURCES = [ +var NON_DROPPABLE_TAG_SOURCES = [ { key: "Repository", envVar: "GITHUB_REPOSITORY" }, { key: "Workflow", envVar: "GITHUB_WORKFLOW" }, { key: "Action", envVar: "GITHUB_ACTION" }, @@ -74093,17 +74101,19 @@ var PROTECTED_TAG_SOURCES = [ { key: "Commit", envVar: "GITHUB_SHA" }, { key: "Branch", envVar: "GITHUB_REF" } ]; -var OVERRIDEABLE_TAG_SOURCES_BY_PRIORITY = [ +var DROPPABLE_TAG_SOURCES = [ { key: "EventName", envVar: "GITHUB_EVENT_NAME" }, { key: "BaseRef", envVar: "GITHUB_BASE_REF" }, { key: "HeadRef", envVar: "GITHUB_HEAD_REF" }, - { key: "RefName", envVar: "GITHUB_REF_NAME" }, { key: "RunId", envVar: "GITHUB_RUN_ID" }, - { key: "RefType", envVar: "GITHUB_REF_TYPE" }, { key: "Job", envVar: "GITHUB_JOB" }, { key: "TriggeringActor", envVar: "GITHUB_TRIGGERING_ACTOR" } ]; -var PROTECTED_TAG_KEYS = /* @__PURE__ */ new Set(["GitHub", ...PROTECTED_TAG_SOURCES.map((s) => s.key)]); +var PROTECTED_TAG_KEYS = /* @__PURE__ */ new Set([ + "GitHub", + ...NON_DROPPABLE_TAG_SOURCES.map((s) => s.key), + ...DROPPABLE_TAG_SOURCES.map((s) => s.key) +]); function parseAndValidateCustomTags(customTags, existingTags) { let parsed; try { @@ -74175,30 +74185,26 @@ async function assumeRole(params) { throw new Error("Missing required environment variables. Are you running in GitHub Actions?"); } const protectedTags = [{ Key: "GitHub", Value: "Actions" }]; - for (const { key, envVar } of PROTECTED_TAG_SOURCES) { + for (const { key, envVar } of NON_DROPPABLE_TAG_SOURCES) { + const value = process.env[envVar]; + if (value) { + protectedTags.push({ Key: key, Value: sanitizeGitHubVariables(value) }); + } + } + for (const { key, envVar } of DROPPABLE_TAG_SOURCES) { const value = process.env[envVar]; if (value) { protectedTags.push({ Key: key, Value: sanitizeGitHubVariables(value) }); } } const parsedCustomTags = customTags ? parseAndValidateCustomTags(customTags, protectedTags) : []; - const customTagKeys = new Set(parsedCustomTags.map((t) => t.Key)); - const availableOverrideableSlots = MAX_SESSION_TAGS - protectedTags.length - parsedCustomTags.length; - const overrideableTags = []; - for (const { key, envVar } of OVERRIDEABLE_TAG_SOURCES_BY_PRIORITY) { - if (overrideableTags.length >= availableOverrideableSlots) break; - if (customTagKeys.has(key)) continue; - const value = process.env[envVar]; - if (value) { - overrideableTags.push({ Key: key, Value: sanitizeGitHubVariables(value) }); - } - } - const tagArray = [...protectedTags, ...overrideableTags, ...parsedCustomTags]; + const tagArray = [...protectedTags, ...parsedCustomTags]; const tags = roleSkipSessionTagging ? void 0 : tagArray; if (!tags) { debug("Role session tagging has been skipped."); } else { debug(`${tags.length} role session tags are being used:`); + debug(JSON.stringify(tagArray)); } const transitiveTagKeysArray = roleSkipSessionTagging ? void 0 : transitiveTagKeys?.filter((key) => tags?.some((tag2) => tag2.Key === key)); let roleArn = roleToAssume; From e7f100cf4c008499ea8adda475de1042d6975c7b Mon Sep 17 00:00:00 2001 From: AWS SDKs and Tools bot <45836109+aws-sdk-osds@users.noreply.github.com> Date: Mon, 1 Jun 2026 16:39:01 -0700 Subject: [PATCH 08/16] chore(main): release 6.2.0 (#1806) * chore(main): release 6.1.4 * chore: fix broken stuff from release-please improperly handling revert commits --------- Co-authored-by: Michael Lehmann --- .release-please-manifest.json | 2 +- CHANGELOG.md | 16 +++++++++++++--- package-lock.json | 4 ++-- package.json | 2 +- 4 files changed, 17 insertions(+), 7 deletions(-) diff --git a/.release-please-manifest.json b/.release-please-manifest.json index 5adccf1..d50077a 100644 --- a/.release-please-manifest.json +++ b/.release-please-manifest.json @@ -1,5 +1,5 @@ { ".release-please-manifest.json": "4.0.2", "package.json": "6.0.0", - ".": "6.1.2" + ".": "6.2.0" } diff --git a/CHANGELOG.md b/CHANGELOG.md index c3b6647..3a7c538 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,8 +2,7 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. -## [6.1.2](https://github.com/aws-actions/configure-aws-credentials/compare/v6.1.1...v6.1.2) (2026-05-26) - +## [6.2.0](https://github.com/aws-actions/configure-aws-credentials/compare/v6.1.3...v6.2.0) (2026-06-01) ### Features @@ -14,11 +13,22 @@ All notable changes to this project will be documented in this file. See [standa * expose run id in STS client user-agent ([#1774](https://github.com/aws-actions/configure-aws-credentials/issues/1774)) ([29d1be3](https://github.com/aws-actions/configure-aws-credentials/commit/29d1be30273e7ef371d59fccf6ec54572c64ec89)) * support custom STS endpoints ([#1762](https://github.com/aws-actions/configure-aws-credentials/issues/1762)) ([8d52d05](https://github.com/aws-actions/configure-aws-credentials/commit/8d52d05d7a4521fa52b39de50cb6114b12e5c332)) +### Bug Fixes + +* skip credential check on output-env-credentials: false ([#1778](https://github.com/aws-actions/configure-aws-credentials/issues/1778)) ([58e7c47](https://github.com/aws-actions/configure-aws-credentials/commit/58e7c47adf77846879008deadfeeef8a6969fe6c)) +* assumeRole failing from session tag size too large ([#1808](https://github.com/aws-actions/configure-aws-credentials/issues/1808)) ([d6f5dc3](https://github.com/aws-actions/configure-aws-credentials/commit/d6f5dc331b44474b19a52caaf85fa4d637b13c8e)) + +## [6.1.3](https://github.com/aws-actions/configure-aws-credentials/compare/v6.1.2...v6.1.3) (2026-05-28) + +### Bug Fixes + +* fix: allow kubelet token symlink in [#1805](https://github.com/aws-actions/configure-aws-credentials/issues/1805) + +## [6.1.2](https://github.com/aws-actions/configure-aws-credentials/compare/v6.1.1...v6.1.2) (2026-05-26) ### Bug Fixes * additional filesystem checks ([#1799](https://github.com/aws-actions/configure-aws-credentials/issues/1799)) ([c39f282](https://github.com/aws-actions/configure-aws-credentials/commit/c39f282697aca8a78c522ecf1f7da9899a31432c)) -* skip credential check on output-env-credentials: false ([#1778](https://github.com/aws-actions/configure-aws-credentials/issues/1778)) ([58e7c47](https://github.com/aws-actions/configure-aws-credentials/commit/58e7c47adf77846879008deadfeeef8a6969fe6c)) ## [6.1.1](https://github.com/aws-actions/configure-aws-credentials/compare/v6.1.0...v6.1.1) (2026-05-05) diff --git a/package-lock.json b/package-lock.json index 82069bd..521b8a1 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "configure-aws-credentials", - "version": "6.1.1", + "version": "6.2.0", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "configure-aws-credentials", - "version": "6.1.1", + "version": "6.2.0", "license": "MIT", "dependencies": { "@actions/core": "^3.0.1", diff --git a/package.json b/package.json index 78bc9ac..06eb6c6 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "configure-aws-credentials", "description": "A GitHub Action to configure AWS credentials", - "version": "6.1.1", + "version": "6.2.0", "scripts": { "build": "tsc", "lint": "biome check --error-on-warnings ./src ./test && markdownlint -i node_modules -i CHANGELOG.md '**/*.md'", From 262ce4cfb5d794be2b1603b0809734af14dd4b6d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 3 Jun 2026 21:47:33 +0000 Subject: [PATCH 09/16] chore(deps-dev): bump generate-license-file from 4.1.1 to 4.2.1 (#1812) Bumps [generate-license-file](https://github.com/TobyAndToby/generate-license-file/tree/HEAD/src/packages/generate-license-file) from 4.1.1 to 4.2.1. - [Release notes](https://github.com/TobyAndToby/generate-license-file/releases) - [Commits](https://github.com/TobyAndToby/generate-license-file/commits/v4.2.1/src/packages/generate-license-file) --- updated-dependencies: - dependency-name: generate-license-file dependency-version: 4.2.1 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package-lock.json | 244 +++------------------------------------------- package.json | 2 +- 2 files changed, 17 insertions(+), 229 deletions(-) diff --git a/package-lock.json b/package-lock.json index 521b8a1..538e4fe 100644 --- a/package-lock.json +++ b/package-lock.json @@ -22,7 +22,7 @@ "@vitest/coverage-v8": "4.1.5", "aws-sdk-client-mock": "^4.1.0", "esbuild": "^0.28.0", - "generate-license-file": "^4.1.1", + "generate-license-file": "^4.2.1", "json-schema": "^0.4.0", "markdownlint-cli": "^0.48.0", "memfs": "^4.57.2", @@ -1174,16 +1174,6 @@ "node": ">=6.9.0" } }, - "node_modules/@isaacs/cliui": { - "version": "9.0.0", - "resolved": "https://registry.npmjs.org/@isaacs/cliui/-/cliui-9.0.0.tgz", - "integrity": "sha512-AokJm4tuBHillT+FpMtxQ60n8ObyXBatq7jD2/JA9dxbDDokKQm8KMht5ibGzLVU9IJDIKK4TPKgMHEYMn3lMg==", - "dev": true, - "license": "BlueOak-1.0.0", - "engines": { - "node": ">=18" - } - }, "node_modules/@isaacs/fs-minipass": { "version": "4.0.1", "resolved": "https://registry.npmjs.org/@isaacs/fs-minipass/-/fs-minipass-4.0.1.tgz", @@ -1825,24 +1815,6 @@ "node": "^20.17.0 || >=22.9.0" } }, - "node_modules/@npmcli/map-workspaces/node_modules/glob": { - "version": "13.0.6", - "resolved": "https://registry.npmjs.org/glob/-/glob-13.0.6.tgz", - "integrity": "sha512-Wjlyrolmm8uDpm/ogGyXZXb1Z+Ca2B8NbJwqBVg0axK9GbBeoS7yGV6vjXnYdGm6X53iehEuxxbyiKp8QmN4Vw==", - "dev": true, - "license": "BlueOak-1.0.0", - "dependencies": { - "minimatch": "^10.2.2", - "minipass": "^7.1.3", - "path-scurry": "^2.0.2" - }, - "engines": { - "node": "18 || 20 || >=22" - }, - "funding": { - "url": "https://github.com/sponsors/isaacs" - } - }, "node_modules/@npmcli/metavuln-calculator": { "version": "9.0.3", "resolved": "https://registry.npmjs.org/@npmcli/metavuln-calculator/-/metavuln-calculator-9.0.3.tgz", @@ -1899,24 +1871,6 @@ "node": "^20.17.0 || >=22.9.0" } }, - "node_modules/@npmcli/package-json/node_modules/glob": { - "version": "13.0.6", - "resolved": "https://registry.npmjs.org/glob/-/glob-13.0.6.tgz", - "integrity": "sha512-Wjlyrolmm8uDpm/ogGyXZXb1Z+Ca2B8NbJwqBVg0axK9GbBeoS7yGV6vjXnYdGm6X53iehEuxxbyiKp8QmN4Vw==", - "dev": true, - "license": "BlueOak-1.0.0", - "dependencies": { - "minimatch": "^10.2.2", - "minipass": "^7.1.3", - "path-scurry": "^2.0.2" - }, - "engines": { - "node": "18 || 20 || >=22" - }, - "funding": { - "url": "https://github.com/sponsors/isaacs" - } - }, "node_modules/@npmcli/promise-spawn": { "version": "9.0.1", "resolved": "https://registry.npmjs.org/@npmcli/promise-spawn/-/promise-spawn-9.0.1.tgz", @@ -2073,9 +2027,6 @@ "arm64" ], "dev": true, - "libc": [ - "glibc" - ], "license": "MIT", "optional": true, "os": [ @@ -2093,9 +2044,6 @@ "arm64" ], "dev": true, - "libc": [ - "musl" - ], "license": "MIT", "optional": true, "os": [ @@ -2113,9 +2061,6 @@ "ppc64" ], "dev": true, - "libc": [ - "glibc" - ], "license": "MIT", "optional": true, "os": [ @@ -2133,9 +2078,6 @@ "s390x" ], "dev": true, - "libc": [ - "glibc" - ], "license": "MIT", "optional": true, "os": [ @@ -2153,9 +2095,6 @@ "x64" ], "dev": true, - "libc": [ - "glibc" - ], "license": "MIT", "optional": true, "os": [ @@ -2173,9 +2112,6 @@ "x64" ], "dev": true, - "libc": [ - "musl" - ], "license": "MIT", "optional": true, "os": [ @@ -3075,24 +3011,6 @@ "node": "^20.17.0 || >=22.9.0" } }, - "node_modules/cacache/node_modules/glob": { - "version": "13.0.6", - "resolved": "https://registry.npmjs.org/glob/-/glob-13.0.6.tgz", - "integrity": "sha512-Wjlyrolmm8uDpm/ogGyXZXb1Z+Ca2B8NbJwqBVg0axK9GbBeoS7yGV6vjXnYdGm6X53iehEuxxbyiKp8QmN4Vw==", - "dev": true, - "license": "BlueOak-1.0.0", - "dependencies": { - "minimatch": "^10.2.2", - "minipass": "^7.1.3", - "path-scurry": "^2.0.2" - }, - "engines": { - "node": "18 || 20 || >=22" - }, - "funding": { - "url": "https://github.com/sponsors/isaacs" - } - }, "node_modules/callsites": { "version": "3.1.0", "resolved": "https://registry.npmjs.org/callsites/-/callsites-3.1.0.tgz", @@ -3668,44 +3586,6 @@ } } }, - "node_modules/cross-spawn": { - "version": "7.0.6", - "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz", - "integrity": "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==", - "dev": true, - "license": "MIT", - "dependencies": { - "path-key": "^3.1.0", - "shebang-command": "^2.0.0", - "which": "^2.0.1" - }, - "engines": { - "node": ">= 8" - } - }, - "node_modules/cross-spawn/node_modules/isexe": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz", - "integrity": "sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==", - "dev": true, - "license": "ISC" - }, - "node_modules/cross-spawn/node_modules/which": { - "version": "2.0.2", - "resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz", - "integrity": "sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==", - "dev": true, - "license": "ISC", - "dependencies": { - "isexe": "^2.0.0" - }, - "bin": { - "node-which": "bin/node-which" - }, - "engines": { - "node": ">= 8" - } - }, "node_modules/cssesc": { "version": "3.0.0", "resolved": "https://registry.npmjs.org/cssesc/-/cssesc-3.0.0.tgz", @@ -4344,23 +4224,6 @@ "url": "https://github.com/sponsors/sindresorhus" } }, - "node_modules/foreground-child": { - "version": "3.3.1", - "resolved": "https://registry.npmjs.org/foreground-child/-/foreground-child-3.3.1.tgz", - "integrity": "sha512-gIXjKqtFuWEgzFRJA9WCQeSJLZDjgJUOMCMzxtvFq/37KojM1BFGufqsCy0r4qSQmYLsZYMeyRqzIWOMup03sw==", - "dev": true, - "license": "ISC", - "dependencies": { - "cross-spawn": "^7.0.6", - "signal-exit": "^4.0.1" - }, - "engines": { - "node": ">=14" - }, - "funding": { - "url": "https://github.com/sponsors/isaacs" - } - }, "node_modules/fs-minipass": { "version": "3.0.3", "resolved": "https://registry.npmjs.org/fs-minipass/-/fs-minipass-3.0.3.tgz", @@ -4400,9 +4263,9 @@ } }, "node_modules/generate-license-file": { - "version": "4.1.1", - "resolved": "https://registry.npmjs.org/generate-license-file/-/generate-license-file-4.1.1.tgz", - "integrity": "sha512-hh2UnFsUiUkw/NdO1tdwBM4xVKnFPHEnR+2yU9NxDLIupIQNRZf4i0UpzGdJu1wUTSzlMHzy4C+2xv+Tex9suA==", + "version": "4.2.1", + "resolved": "https://registry.npmjs.org/generate-license-file/-/generate-license-file-4.2.1.tgz", + "integrity": "sha512-0As00it8cbFYxp8W5vFqGgyEDgsNFoTMycoIMChmPqmw9ablhWHdO78KzjkedUnszWpLdTspby+tEV4WI0KscA==", "dev": true, "license": "ISC", "dependencies": { @@ -4412,11 +4275,11 @@ "commander": "^14.0.2", "cosmiconfig": "^9.0.0", "enquirer": "^2.3.6", - "glob": "^11.0.0", + "glob": "^13.0.0", "json5": "^2.2.3", "ora": "^5.4.1", "tslib": "^2.3.0", - "zod": "^3.21.4" + "zod": "^4.0.0" }, "bin": { "generate-license-file": "bin/generate-license-file" @@ -4636,25 +4499,18 @@ "license": "ISC" }, "node_modules/glob": { - "version": "11.1.0", - "resolved": "https://registry.npmjs.org/glob/-/glob-11.1.0.tgz", - "integrity": "sha512-vuNwKSaKiqm7g0THUBu2x7ckSs3XJLXE+2ssL7/MfTGPLLcrJQ/4Uq1CjPTtO5cCIiRxqvN6Twy1qOwhL0Xjcw==", - "deprecated": "Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me", + "version": "13.0.6", + "resolved": "https://registry.npmjs.org/glob/-/glob-13.0.6.tgz", + "integrity": "sha512-Wjlyrolmm8uDpm/ogGyXZXb1Z+Ca2B8NbJwqBVg0axK9GbBeoS7yGV6vjXnYdGm6X53iehEuxxbyiKp8QmN4Vw==", "dev": true, "license": "BlueOak-1.0.0", "dependencies": { - "foreground-child": "^3.3.1", - "jackspeak": "^4.1.1", - "minimatch": "^10.1.1", - "minipass": "^7.1.2", - "package-json-from-dist": "^1.0.0", - "path-scurry": "^2.0.0" - }, - "bin": { - "glob": "dist/esm/bin.mjs" + "minimatch": "^10.2.2", + "minipass": "^7.1.3", + "path-scurry": "^2.0.2" }, "engines": { - "node": "20 || >=22" + "node": "18 || 20 || >=22" }, "funding": { "url": "https://github.com/sponsors/isaacs" @@ -5112,22 +4968,6 @@ "node": ">=8" } }, - "node_modules/jackspeak": { - "version": "4.2.3", - "resolved": "https://registry.npmjs.org/jackspeak/-/jackspeak-4.2.3.tgz", - "integrity": "sha512-ykkVRwrYvFm1nb2AJfKKYPr0emF6IiXDYUaFx4Zn9ZuIH7MrzEZ3sD5RlqGXNRpHtvUHJyOnCEFxOlNDtGo7wg==", - "dev": true, - "license": "BlueOak-1.0.0", - "dependencies": { - "@isaacs/cliui": "^9.0.0" - }, - "engines": { - "node": "20 || >=22" - }, - "funding": { - "url": "https://github.com/sponsors/isaacs" - } - }, "node_modules/js-tokens": { "version": "10.0.0", "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-10.0.0.tgz", @@ -5447,9 +5287,6 @@ "arm64" ], "dev": true, - "libc": [ - "glibc" - ], "license": "MPL-2.0", "optional": true, "os": [ @@ -5471,9 +5308,6 @@ "arm64" ], "dev": true, - "libc": [ - "musl" - ], "license": "MPL-2.0", "optional": true, "os": [ @@ -5495,9 +5329,6 @@ "x64" ], "dev": true, - "libc": [ - "glibc" - ], "license": "MPL-2.0", "optional": true, "os": [ @@ -5519,9 +5350,6 @@ "x64" ], "dev": true, - "libc": [ - "musl" - ], "license": "MPL-2.0", "optional": true, "os": [ @@ -7234,13 +7062,6 @@ "quickjs-wasi": "^2.2.0" } }, - "node_modules/package-json-from-dist": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/package-json-from-dist/-/package-json-from-dist-1.0.1.tgz", - "integrity": "sha512-UEZIS3/by4OC8vL3P2dTXRETpebLI2NiI5vIrjaD/5UtrkFX/tNbwjTSRAGC/+7CAo2pIcBaRgWmcBBHcsaCIw==", - "dev": true, - "license": "BlueOak-1.0.0" - }, "node_modules/pacote": { "version": "21.5.0", "resolved": "https://registry.npmjs.org/pacote/-/pacote-21.5.0.tgz", @@ -7372,16 +7193,6 @@ "node": ">=14.0.0" } }, - "node_modules/path-key": { - "version": "3.1.1", - "resolved": "https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz", - "integrity": "sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==", - "dev": true, - "license": "MIT", - "engines": { - "node": ">=8" - } - }, "node_modules/path-parse": { "version": "1.0.7", "resolved": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz", @@ -8027,29 +7838,6 @@ "node": ">=10" } }, - "node_modules/shebang-command": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz", - "integrity": "sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==", - "dev": true, - "license": "MIT", - "dependencies": { - "shebang-regex": "^3.0.0" - }, - "engines": { - "node": ">=8" - } - }, - "node_modules/shebang-regex": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz", - "integrity": "sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==", - "dev": true, - "license": "MIT", - "engines": { - "node": ">=8" - } - }, "node_modules/siginfo": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/siginfo/-/siginfo-2.0.0.tgz", @@ -9193,9 +8981,9 @@ } }, "node_modules/zod": { - "version": "3.25.76", - "resolved": "https://registry.npmjs.org/zod/-/zod-3.25.76.tgz", - "integrity": "sha512-gzUt/qt81nXsFGKIFcC3YnfEAx5NkunCfnDlvuBSSFS02bcXu4Lmea0AFIUwbLWxWPx3d9p8S5QoaujKcNQxcQ==", + "version": "4.4.3", + "resolved": "https://registry.npmjs.org/zod/-/zod-4.4.3.tgz", + "integrity": "sha512-ytENFjIJFl2UwYglde2jchW2Hwm4GJFLDiSXWdTrJQBIN9Fcyp7n4DhxJEiWNAJMV1/BqWfW/kkg71UDcHJyTQ==", "dev": true, "license": "MIT", "funding": { diff --git a/package.json b/package.json index 06eb6c6..68c3895 100644 --- a/package.json +++ b/package.json @@ -24,7 +24,7 @@ "@vitest/coverage-v8": "4.1.5", "aws-sdk-client-mock": "^4.1.0", "esbuild": "^0.28.0", - "generate-license-file": "^4.1.1", + "generate-license-file": "^4.2.1", "json-schema": "^0.4.0", "markdownlint-cli": "^0.48.0", "memfs": "^4.57.2", From 26b365ff2fb1213c962b7f2f64dbd6617cdd1bf2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 3 Jun 2026 21:50:30 +0000 Subject: [PATCH 10/16] chore(deps-dev): bump @biomejs/biome from 2.4.15 to 2.4.16 (#1811) Bumps [@biomejs/biome](https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome) from 2.4.15 to 2.4.16. - [Release notes](https://github.com/biomejs/biome/releases) - [Changelog](https://github.com/biomejs/biome/blob/main/packages/@biomejs/biome/CHANGELOG.md) - [Commits](https://github.com/biomejs/biome/commits/@biomejs/biome@2.4.16/packages/@biomejs/biome) --- updated-dependencies: - dependency-name: "@biomejs/biome" dependency-version: 2.4.16 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package-lock.json | 72 +++++++++++++++++++++++------------------------ package.json | 2 +- 2 files changed, 37 insertions(+), 37 deletions(-) diff --git a/package-lock.json b/package-lock.json index 538e4fe..e814f00 100644 --- a/package-lock.json +++ b/package-lock.json @@ -16,7 +16,7 @@ }, "devDependencies": { "@aws-sdk/credential-provider-env": "^3.972.39", - "@biomejs/biome": "2.4.15", + "@biomejs/biome": "2.4.16", "@smithy/property-provider": "^4.3.4", "@types/node": "^25.9.1", "@vitest/coverage-v8": "4.1.5", @@ -506,9 +506,9 @@ } }, "node_modules/@biomejs/biome": { - "version": "2.4.15", - "resolved": "https://registry.npmjs.org/@biomejs/biome/-/biome-2.4.15.tgz", - "integrity": "sha512-j5VH3a/h/HXTKBM50MDMxRCzkeLv9S2XJcW2WgnZT1+xyisi+0bISrXR82gCX+8S9lvK0skEvHJRN+3Ktr2hlw==", + "version": "2.4.16", + "resolved": "https://registry.npmjs.org/@biomejs/biome/-/biome-2.4.16.tgz", + "integrity": "sha512-x9ajFh1zChVybCiM3TN6OD4phAqLgtPZjFrZF+aTMYCPjwBO+k529TX7PPsAqtGNLeV4UgzwQnowEgS7bGmzcA==", "dev": true, "license": "MIT OR Apache-2.0", "bin": { @@ -522,20 +522,20 @@ "url": "https://opencollective.com/biome" }, "optionalDependencies": { - "@biomejs/cli-darwin-arm64": "2.4.15", - "@biomejs/cli-darwin-x64": "2.4.15", - "@biomejs/cli-linux-arm64": "2.4.15", - "@biomejs/cli-linux-arm64-musl": "2.4.15", - "@biomejs/cli-linux-x64": "2.4.15", - "@biomejs/cli-linux-x64-musl": "2.4.15", - "@biomejs/cli-win32-arm64": "2.4.15", - "@biomejs/cli-win32-x64": "2.4.15" + "@biomejs/cli-darwin-arm64": "2.4.16", + "@biomejs/cli-darwin-x64": "2.4.16", + "@biomejs/cli-linux-arm64": "2.4.16", + "@biomejs/cli-linux-arm64-musl": "2.4.16", + "@biomejs/cli-linux-x64": "2.4.16", + "@biomejs/cli-linux-x64-musl": "2.4.16", + "@biomejs/cli-win32-arm64": "2.4.16", + "@biomejs/cli-win32-x64": "2.4.16" } }, "node_modules/@biomejs/cli-darwin-arm64": { - "version": "2.4.15", - "resolved": "https://registry.npmjs.org/@biomejs/cli-darwin-arm64/-/cli-darwin-arm64-2.4.15.tgz", - "integrity": "sha512-rF3PPqLq1yoST79zaQbDjVJwsuIeci/O+9bgNmC5QpgOqz6aqYuzA4abyAGx+mgyiDXn4A049xAN8gijbuR1Qg==", + "version": "2.4.16", + "resolved": "https://registry.npmjs.org/@biomejs/cli-darwin-arm64/-/cli-darwin-arm64-2.4.16.tgz", + "integrity": "sha512-wxPvu4XOA85YJk9ixSWUmq/QBHbid85BISbOAqqBM/5xQpPk9ayjk5375tOlSC0BeCwNSbPFafQBm+vBumXq0A==", "cpu": [ "arm64" ], @@ -550,9 +550,9 @@ } }, "node_modules/@biomejs/cli-darwin-x64": { - "version": "2.4.15", - "resolved": "https://registry.npmjs.org/@biomejs/cli-darwin-x64/-/cli-darwin-x64-2.4.15.tgz", - "integrity": "sha512-/5KHXYMfSJs1fNXiX30xFtI8JcCFV6zaVVLxOa0M2sfqBKHkpQhRTv94yxQWxeTY2lzo2OuTlNvPC+hDQt2wcQ==", + "version": "2.4.16", + "resolved": "https://registry.npmjs.org/@biomejs/cli-darwin-x64/-/cli-darwin-x64-2.4.16.tgz", + "integrity": "sha512-xFCqGPwYusQJp4N4NJLi1XJiZqjwFdjhT+KqtNy+Ug3qgfczqnTa6MSDvxJF6TkuDLoYJItMapz6tAf7kCekFw==", "cpu": [ "x64" ], @@ -567,9 +567,9 @@ } }, "node_modules/@biomejs/cli-linux-arm64": { - "version": "2.4.15", - "resolved": "https://registry.npmjs.org/@biomejs/cli-linux-arm64/-/cli-linux-arm64-2.4.15.tgz", - "integrity": "sha512-owaAMZD/T4LrD0ELNCk0Km3qrRHuM0X6EAyVE1FSqGY0rbLoiDLrO4Us2tllm6cAeB2Ioa9C2C08NZPdr8+0Ug==", + "version": "2.4.16", + "resolved": "https://registry.npmjs.org/@biomejs/cli-linux-arm64/-/cli-linux-arm64-2.4.16.tgz", + "integrity": "sha512-2kFb4//jxfZaP6D+Rj5VkHkxgyD9EoRAVBEQb8PKRv+s4NO2zYNJKXFaJmK1CmhufJOWEfpHKaRbOja7qjmdhQ==", "cpu": [ "arm64" ], @@ -584,9 +584,9 @@ } }, "node_modules/@biomejs/cli-linux-arm64-musl": { - "version": "2.4.15", - "resolved": "https://registry.npmjs.org/@biomejs/cli-linux-arm64-musl/-/cli-linux-arm64-musl-2.4.15.tgz", - "integrity": "sha512-ZPcxznxm0pogHBLZhYntyR3sR+MrZjqJIKEr7ZqVen0Rl+P/4upVmfYXjftizi9RoqZntg33fv/1fbdhbYXpEQ==", + "version": "2.4.16", + "resolved": "https://registry.npmjs.org/@biomejs/cli-linux-arm64-musl/-/cli-linux-arm64-musl-2.4.16.tgz", + "integrity": "sha512-oYxnW0ARfJkr72ezzF2OR8N/rtkgLUQeYtF8cFhVswbknHxtTcmzSsanVJP8yQKnGpGpc2ck6c5zLvHahL6Cbg==", "cpu": [ "arm64" ], @@ -601,9 +601,9 @@ } }, "node_modules/@biomejs/cli-linux-x64": { - "version": "2.4.15", - "resolved": "https://registry.npmjs.org/@biomejs/cli-linux-x64/-/cli-linux-x64-2.4.15.tgz", - "integrity": "sha512-0jj7THz12GbUOLmMibktK6DZjqz2zV64KFxyBtcFTKPiiOIY0a7vns1elpO1dERvxpsZ5ik0oFfz0oGwFde1+g==", + "version": "2.4.16", + "resolved": "https://registry.npmjs.org/@biomejs/cli-linux-x64/-/cli-linux-x64-2.4.16.tgz", + "integrity": "sha512-NbcBbi/nJqn5baae6wqRXdS7Gadf2uRpehSh6vMSYpG8OhkXl/Xg8aorWrJ+9VWqAT5ml90alLvorkpMW0nBwQ==", "cpu": [ "x64" ], @@ -618,9 +618,9 @@ } }, "node_modules/@biomejs/cli-linux-x64-musl": { - "version": "2.4.15", - "resolved": "https://registry.npmjs.org/@biomejs/cli-linux-x64-musl/-/cli-linux-x64-musl-2.4.15.tgz", - "integrity": "sha512-CNq/9W38SYSH023lfcQ4KKU8K0YX8T//FZUhcgtMMRABDojx5XsMV7jlweAvGSl389wJQB29Qo6Zb/a+jdvt+w==", + "version": "2.4.16", + "resolved": "https://registry.npmjs.org/@biomejs/cli-linux-x64-musl/-/cli-linux-x64-musl-2.4.16.tgz", + "integrity": "sha512-iHDS+MCM65DPqWGu+ECC3uoALyj2H7F4nVUPxIPjz/PIl94EUu+EDfGZDzFP+NY1EOPVt9NQvwFqq7HdMmowdg==", "cpu": [ "x64" ], @@ -635,9 +635,9 @@ } }, "node_modules/@biomejs/cli-win32-arm64": { - "version": "2.4.15", - "resolved": "https://registry.npmjs.org/@biomejs/cli-win32-arm64/-/cli-win32-arm64-2.4.15.tgz", - "integrity": "sha512-ouhkYdlhp/1GghEJPdWwD/Vi3gQ1nFxuSpMolWsbq3Lsq3QUR4jl6UdhhscdCugKU5vOEuMiJhvKj66O0OCq+w==", + "version": "2.4.16", + "resolved": "https://registry.npmjs.org/@biomejs/cli-win32-arm64/-/cli-win32-arm64-2.4.16.tgz", + "integrity": "sha512-0rgImMsNb5v/chhkIFe3wu7PEFClS6RBAYUijGL9UsYN3PanSaoK24HSSuSJb1pYbYYVjzAyZTl3gtjJ84BM8A==", "cpu": [ "arm64" ], @@ -652,9 +652,9 @@ } }, "node_modules/@biomejs/cli-win32-x64": { - "version": "2.4.15", - "resolved": "https://registry.npmjs.org/@biomejs/cli-win32-x64/-/cli-win32-x64-2.4.15.tgz", - "integrity": "sha512-zBrGq5mx5wwpnow4+2BxUvleDM+GNd4sLbPaMapsSLQLD0NGRCquqPBTgN+7XkUteHvj7M+BstuI8tmnV7+HgQ==", + "version": "2.4.16", + "resolved": "https://registry.npmjs.org/@biomejs/cli-win32-x64/-/cli-win32-x64-2.4.16.tgz", + "integrity": "sha512-Kp85jgoBHa05gix6UIRjfCDiUV3w/8VIdZ247VyyO2gEjaw12WEVhdIjlxp/AMzXxqxQwbxNTDVZ3Mwd2RG5rw==", "cpu": [ "x64" ], diff --git a/package.json b/package.json index 68c3895..15bafe5 100644 --- a/package.json +++ b/package.json @@ -18,7 +18,7 @@ }, "devDependencies": { "@aws-sdk/credential-provider-env": "^3.972.39", - "@biomejs/biome": "2.4.15", + "@biomejs/biome": "2.4.16", "@smithy/property-provider": "^4.3.4", "@types/node": "^25.9.1", "@vitest/coverage-v8": "4.1.5", From 4f3ef32554109d6d763a608340d45cd12a3ab8e0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 3 Jun 2026 21:52:58 +0000 Subject: [PATCH 11/16] chore(deps): bump @aws-sdk/client-sts from 3.1049.0 to 3.1061.0 (#1814) Bumps [@aws-sdk/client-sts](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-sts) from 3.1049.0 to 3.1061.0. - [Release notes](https://github.com/aws/aws-sdk-js-v3/releases) - [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-sts/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1061.0/clients/client-sts) --- updated-dependencies: - dependency-name: "@aws-sdk/client-sts" dependency-version: 3.1061.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package-lock.json | 311 +++++++++++++++++++++++----------------------- package.json | 2 +- 2 files changed, 156 insertions(+), 157 deletions(-) diff --git a/package-lock.json b/package-lock.json index e814f00..86d7541 100644 --- a/package-lock.json +++ b/package-lock.json @@ -10,7 +10,7 @@ "license": "MIT", "dependencies": { "@actions/core": "^3.0.1", - "@aws-sdk/client-sts": "^3.1049.0", + "@aws-sdk/client-sts": "^3.1061.0", "@smithy/node-http-handler": "^4.7.3", "proxy-agent": "^8.0.1" }, @@ -133,21 +133,21 @@ } }, "node_modules/@aws-sdk/client-sts": { - "version": "3.1049.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.1049.0.tgz", - "integrity": "sha512-Dq8WJk3oPNQvK7gOYDFnOl6jXh2TiwggATqzs3bbboOu5hleZ50Nt9Zm38jA0zWnWm2nJ5p/qdKJzXeGecHRvA==", + "version": "3.1061.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.1061.0.tgz", + "integrity": "sha512-45pn+cxziQ86ftwX4u5OreEp98oFpozu+2pu6NekwDXp36JavRGS1PsRmijdAWomaCGQ4rDFX0RxgXQq865YiA==", "license": "Apache-2.0", "dependencies": { "@aws-crypto/sha256-browser": "5.2.0", "@aws-crypto/sha256-js": "5.2.0", - "@aws-sdk/core": "^3.974.12", - "@aws-sdk/credential-provider-node": "^3.972.43", - "@aws-sdk/signature-v4-multi-region": "^3.996.27", - "@aws-sdk/types": "^3.973.8", - "@smithy/core": "^3.24.2", - "@smithy/fetch-http-handler": "^5.4.2", - "@smithy/node-http-handler": "^4.7.2", - "@smithy/types": "^4.14.1", + "@aws-sdk/core": "^3.974.17", + "@aws-sdk/credential-provider-node": "^3.972.50", + "@aws-sdk/signature-v4-multi-region": "^3.996.31", + "@aws-sdk/types": "^3.973.10", + "@smithy/core": "^3.24.6", + "@smithy/fetch-http-handler": "^5.4.6", + "@smithy/node-http-handler": "^4.7.6", + "@smithy/types": "^4.14.3", "tslib": "^2.6.2" }, "engines": { @@ -155,17 +155,17 @@ } }, "node_modules/@aws-sdk/core": { - "version": "3.974.15", - "resolved": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.974.15.tgz", - "integrity": "sha512-UpA0rTGW/tHGITcCqHisbuuEPraYg9GG+mWmXjY5+RxZBMLGe6aL9oe0ix50LztwAcPIkGZLH0yWdMIkCM10hw==", + "version": "3.974.17", + "resolved": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.974.17.tgz", + "integrity": "sha512-r8o4h2K7j6P9ngno+8ei0aK0U/4JwDb7A2fMMxGVoSqDN8AFlIzSDeZHME9LcVLR2codyhtr1WAAg+/nmkeeMA==", "license": "Apache-2.0", "dependencies": { - "@aws-sdk/types": "^3.973.9", - "@aws-sdk/xml-builder": "^3.972.26", + "@aws-sdk/types": "^3.973.10", + "@aws-sdk/xml-builder": "^3.972.27", "@aws/lambda-invoke-store": "^0.2.2", - "@smithy/core": "^3.24.5", - "@smithy/signature-v4": "^5.4.5", - "@smithy/types": "^4.14.2", + "@smithy/core": "^3.24.6", + "@smithy/signature-v4": "^5.4.6", + "@smithy/types": "^4.14.3", "bowser": "^2.11.0", "tslib": "^2.6.2" }, @@ -174,15 +174,15 @@ } }, "node_modules/@aws-sdk/credential-provider-env": { - "version": "3.972.41", - "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.972.41.tgz", - "integrity": "sha512-n1EbJ98yvPWWdHZZv8bRBMqqDQJrtgtxyJ4xLy2Uqrh25BCOZQ7nnS1CsFXvuH8r0b0KVHDZEGEH5FxmEMP8jg==", + "version": "3.972.43", + "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.972.43.tgz", + "integrity": "sha512-g0XVQKzaA/4cq1vz1IvCQwYM+1Pkv01J9yHDpCTXekVuGZRDEz0wqBQ1AuYTq7FM6uik4uBGH8Tb5d9YvgeA7g==", "license": "Apache-2.0", "dependencies": { - "@aws-sdk/core": "^3.974.15", - "@aws-sdk/types": "^3.973.9", - "@smithy/core": "^3.24.5", - "@smithy/types": "^4.14.2", + "@aws-sdk/core": "^3.974.17", + "@aws-sdk/types": "^3.973.10", + "@smithy/core": "^3.24.6", + "@smithy/types": "^4.14.3", "tslib": "^2.6.2" }, "engines": { @@ -190,17 +190,17 @@ } }, "node_modules/@aws-sdk/credential-provider-http": { - "version": "3.972.40", - "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.972.40.tgz", - "integrity": "sha512-D78L/m2Dr6cJnnSvWoAudPhQmCwmJ7j6APXsPYmFpPaKfQTfCSu0rdm8j14Np+VmXF9z8Aj8HE3xFpsrwtfgeg==", + "version": "3.972.45", + "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.972.45.tgz", + "integrity": "sha512-w9PuOoKCt6+xoESvY+zlV0u3PKQ0mVL259PcsVR6a3S/uYJJHnIi4r1NxdJHEcNldUVRIciltWnFMGBR4YEm3g==", "license": "Apache-2.0", "dependencies": { - "@aws-sdk/core": "^3.974.12", - "@aws-sdk/types": "^3.973.8", - "@smithy/core": "^3.24.2", - "@smithy/fetch-http-handler": "^5.4.2", - "@smithy/node-http-handler": "^4.7.2", - "@smithy/types": "^4.14.1", + "@aws-sdk/core": "^3.974.17", + "@aws-sdk/types": "^3.973.10", + "@smithy/core": "^3.24.6", + "@smithy/fetch-http-handler": "^5.4.6", + "@smithy/node-http-handler": "^4.7.6", + "@smithy/types": "^4.14.3", "tslib": "^2.6.2" }, "engines": { @@ -208,23 +208,23 @@ } }, "node_modules/@aws-sdk/credential-provider-ini": { - "version": "3.972.42", - "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.972.42.tgz", - "integrity": "sha512-Mu5ESvFXeinafVM8jTIvRqcvK2Ehj4kz3auT39yUcHwu1Vfxo6xRlmUafdKLW4tusjAJukQwK09sCSMgOm7OKg==", + "version": "3.972.48", + "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.972.48.tgz", + "integrity": "sha512-+6BQ6Lrnc+EyAGElLRW6j+Sa+RirPHnIJsobvYO6nnyK+oGKmz1ne/ieclbLWyjyDKEU3/JVJWcWY3VLFPvGtQ==", "license": "Apache-2.0", "dependencies": { - "@aws-sdk/core": "^3.974.12", - "@aws-sdk/credential-provider-env": "^3.972.38", - "@aws-sdk/credential-provider-http": "^3.972.40", - "@aws-sdk/credential-provider-login": "^3.972.42", - "@aws-sdk/credential-provider-process": "^3.972.38", - "@aws-sdk/credential-provider-sso": "^3.972.42", - "@aws-sdk/credential-provider-web-identity": "^3.972.42", - "@aws-sdk/nested-clients": "^3.997.10", - "@aws-sdk/types": "^3.973.8", - "@smithy/core": "^3.24.2", - "@smithy/credential-provider-imds": "^4.3.2", - "@smithy/types": "^4.14.1", + "@aws-sdk/core": "^3.974.17", + "@aws-sdk/credential-provider-env": "^3.972.43", + "@aws-sdk/credential-provider-http": "^3.972.45", + "@aws-sdk/credential-provider-login": "^3.972.47", + "@aws-sdk/credential-provider-process": "^3.972.43", + "@aws-sdk/credential-provider-sso": "^3.972.47", + "@aws-sdk/credential-provider-web-identity": "^3.972.47", + "@aws-sdk/nested-clients": "^3.997.15", + "@aws-sdk/types": "^3.973.10", + "@smithy/core": "^3.24.6", + "@smithy/credential-provider-imds": "^4.3.7", + "@smithy/types": "^4.14.3", "tslib": "^2.6.2" }, "engines": { @@ -232,16 +232,16 @@ } }, "node_modules/@aws-sdk/credential-provider-login": { - "version": "3.972.42", - "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-login/-/credential-provider-login-3.972.42.tgz", - "integrity": "sha512-O6WkZga3kf0yqyJYd1dbeJqVhEgJx/x1UaLgtbR+XuL/YP+K5y6QTxQKL7ka9z3jnQASESKGAPnRyt4D5hQrxA==", + "version": "3.972.47", + "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-login/-/credential-provider-login-3.972.47.tgz", + "integrity": "sha512-Iy2ebWVgrZBH05464uJiQYu6HSSiROnwVZptthEFXx2gWjo1ORCxEAFZB5Cr2MdfrSnZ+0QUPkZ1ZpCqpkUrLQ==", "license": "Apache-2.0", "dependencies": { - "@aws-sdk/core": "^3.974.12", - "@aws-sdk/nested-clients": "^3.997.10", - "@aws-sdk/types": "^3.973.8", - "@smithy/core": "^3.24.2", - "@smithy/types": "^4.14.1", + "@aws-sdk/core": "^3.974.17", + "@aws-sdk/nested-clients": "^3.997.15", + "@aws-sdk/types": "^3.973.10", + "@smithy/core": "^3.24.6", + "@smithy/types": "^4.14.3", "tslib": "^2.6.2" }, "engines": { @@ -249,21 +249,21 @@ } }, "node_modules/@aws-sdk/credential-provider-node": { - "version": "3.972.43", - "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.972.43.tgz", - "integrity": "sha512-D/DJmbrWRP5BXEO3FH+ar4el+2n6OlGofiud7dQun2jES+AQEJjczenp1jBb4MBN7CpGpS8nsWGQLtuzc9tQbA==", + "version": "3.972.50", + "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.972.50.tgz", + "integrity": "sha512-b05Aelq5cqAvCCDQjCYacl0XmR8QhBNSqLbsdISkQmlQBa5oPS66zYPteWcSp5LswbpoIe552EUGjluKiadBig==", "license": "Apache-2.0", "dependencies": { - "@aws-sdk/credential-provider-env": "^3.972.38", - "@aws-sdk/credential-provider-http": "^3.972.40", - "@aws-sdk/credential-provider-ini": "^3.972.42", - "@aws-sdk/credential-provider-process": "^3.972.38", - "@aws-sdk/credential-provider-sso": "^3.972.42", - "@aws-sdk/credential-provider-web-identity": "^3.972.42", - "@aws-sdk/types": "^3.973.8", - "@smithy/core": "^3.24.2", - "@smithy/credential-provider-imds": "^4.3.2", - "@smithy/types": "^4.14.1", + "@aws-sdk/credential-provider-env": "^3.972.43", + "@aws-sdk/credential-provider-http": "^3.972.45", + "@aws-sdk/credential-provider-ini": "^3.972.48", + "@aws-sdk/credential-provider-process": "^3.972.43", + "@aws-sdk/credential-provider-sso": "^3.972.47", + "@aws-sdk/credential-provider-web-identity": "^3.972.47", + "@aws-sdk/types": "^3.973.10", + "@smithy/core": "^3.24.6", + "@smithy/credential-provider-imds": "^4.3.7", + "@smithy/types": "^4.14.3", "tslib": "^2.6.2" }, "engines": { @@ -271,15 +271,15 @@ } }, "node_modules/@aws-sdk/credential-provider-process": { - "version": "3.972.38", - "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.972.38.tgz", - "integrity": "sha512-EnbYVajGgbkb24s0K1eo4VNAPV5mHIET7LSvirTaFCwkfrfaOJxtSE+wY/tJdKDS21cEYkZs2ruCaAm+W4iblg==", + "version": "3.972.43", + "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.972.43.tgz", + "integrity": "sha512-GPokLNyvTfCmuaHk+v3GKVs4ZT3cMu5kgS2a+NPkOMt96cq6fSIK0g+mZHpGS6Cd4QGrPKesANEaLUKgOskTzg==", "license": "Apache-2.0", "dependencies": { - "@aws-sdk/core": "^3.974.12", - "@aws-sdk/types": "^3.973.8", - "@smithy/core": "^3.24.2", - "@smithy/types": "^4.14.1", + "@aws-sdk/core": "^3.974.17", + "@aws-sdk/types": "^3.973.10", + "@smithy/core": "^3.24.6", + "@smithy/types": "^4.14.3", "tslib": "^2.6.2" }, "engines": { @@ -287,17 +287,17 @@ } }, "node_modules/@aws-sdk/credential-provider-sso": { - "version": "3.972.42", - "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.972.42.tgz", - "integrity": "sha512-RVV/9NbFwI8ZHEH5dn39lGyFmSbSVj1+orZdr6QsOe1mW9DCglmlen0cFaNZmCcqkqc7erNRHNBduxbeZuHAnw==", + "version": "3.972.47", + "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.972.47.tgz", + "integrity": "sha512-0AzvLrzlvJs0DzbeWGvNj+bX3Uzd7VNS6vDqCOdZzBlCGKGd78uxctJSW9iK/Rt/nxiJqpTvrYQlVJ4guVM2Dw==", "license": "Apache-2.0", "dependencies": { - "@aws-sdk/core": "^3.974.12", - "@aws-sdk/nested-clients": "^3.997.10", - "@aws-sdk/token-providers": "3.1049.0", - "@aws-sdk/types": "^3.973.8", - "@smithy/core": "^3.24.2", - "@smithy/types": "^4.14.1", + "@aws-sdk/core": "^3.974.17", + "@aws-sdk/nested-clients": "^3.997.15", + "@aws-sdk/token-providers": "3.1060.0", + "@aws-sdk/types": "^3.973.10", + "@smithy/core": "^3.24.6", + "@smithy/types": "^4.14.3", "tslib": "^2.6.2" }, "engines": { @@ -305,16 +305,16 @@ } }, "node_modules/@aws-sdk/credential-provider-web-identity": { - "version": "3.972.42", - "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.972.42.tgz", - "integrity": "sha512-/67fXX0ddllD4u2Nujc5PvT4byHgpMUfz6+RxIKi/0nFIckeorm7JvXgzBuDyVKw0s58EbofmETDWUf9vTEuHQ==", + "version": "3.972.47", + "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.972.47.tgz", + "integrity": "sha512-eksfbUErOejUAGWBAcNqaP7IX21oUOEo73d9R56k9Ua4d57qS90NEYkWJsuSGzTXMFulCu17qXJI/qGmM7hvoA==", "license": "Apache-2.0", "dependencies": { - "@aws-sdk/core": "^3.974.12", - "@aws-sdk/nested-clients": "^3.997.10", - "@aws-sdk/types": "^3.973.8", - "@smithy/core": "^3.24.2", - "@smithy/types": "^4.14.1", + "@aws-sdk/core": "^3.974.17", + "@aws-sdk/nested-clients": "^3.997.15", + "@aws-sdk/types": "^3.973.10", + "@smithy/core": "^3.24.6", + "@smithy/types": "^4.14.3", "tslib": "^2.6.2" }, "engines": { @@ -322,20 +322,20 @@ } }, "node_modules/@aws-sdk/nested-clients": { - "version": "3.997.10", - "resolved": "https://registry.npmjs.org/@aws-sdk/nested-clients/-/nested-clients-3.997.10.tgz", - "integrity": "sha512-FtQ/Bt327peZJuyo4WZSOLVUTw9ujRxntepiC7L65FxA2P82Xlq0g14T22BuqBUeMjDoxa9nvwiMHjLIfP3eUg==", + "version": "3.997.15", + "resolved": "https://registry.npmjs.org/@aws-sdk/nested-clients/-/nested-clients-3.997.15.tgz", + "integrity": "sha512-Fpri1/PXKMKveORZ7E00VLTlWS5DkfZkW70PUE+bOnpWpAeHAQLoiDHhkzN3kNWbbSsGg64+IZYiq/EZgME3Mg==", "license": "Apache-2.0", "dependencies": { "@aws-crypto/sha256-browser": "5.2.0", "@aws-crypto/sha256-js": "5.2.0", - "@aws-sdk/core": "^3.974.12", - "@aws-sdk/signature-v4-multi-region": "^3.996.27", - "@aws-sdk/types": "^3.973.8", - "@smithy/core": "^3.24.2", - "@smithy/fetch-http-handler": "^5.4.2", - "@smithy/node-http-handler": "^4.7.2", - "@smithy/types": "^4.14.1", + "@aws-sdk/core": "^3.974.17", + "@aws-sdk/signature-v4-multi-region": "^3.996.31", + "@aws-sdk/types": "^3.973.10", + "@smithy/core": "^3.24.6", + "@smithy/fetch-http-handler": "^5.4.6", + "@smithy/node-http-handler": "^4.7.6", + "@smithy/types": "^4.14.3", "tslib": "^2.6.2" }, "engines": { @@ -343,15 +343,14 @@ } }, "node_modules/@aws-sdk/signature-v4-multi-region": { - "version": "3.996.27", - "resolved": "https://registry.npmjs.org/@aws-sdk/signature-v4-multi-region/-/signature-v4-multi-region-3.996.27.tgz", - "integrity": "sha512-0Phbz4t6HI3D3skxvG2uI+VWU034/nSIw1T8d+FPzzQG9EQTrw94o9mOKO2Gv3n3Oc8P7JD7RAUxkoneLWv5Eg==", + "version": "3.996.31", + "resolved": "https://registry.npmjs.org/@aws-sdk/signature-v4-multi-region/-/signature-v4-multi-region-3.996.31.tgz", + "integrity": "sha512-Kn2up9SlG1KC6wRtwf0d7waTGF6rvp9DxYqB54x6UCKdQ6kyaXCqHL4WGb5vUJga5kS8FxnjhY0LqM28aMvnNQ==", "license": "Apache-2.0", "dependencies": { - "@aws-sdk/types": "^3.973.8", - "@smithy/core": "^3.24.2", - "@smithy/signature-v4": "^5.4.2", - "@smithy/types": "^4.14.1", + "@aws-sdk/types": "^3.973.10", + "@smithy/signature-v4": "^5.4.6", + "@smithy/types": "^4.14.3", "tslib": "^2.6.2" }, "engines": { @@ -359,16 +358,16 @@ } }, "node_modules/@aws-sdk/token-providers": { - "version": "3.1049.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.1049.0.tgz", - "integrity": "sha512-r7+d0lQMTHKypkmaF5jRTBYLYHCUHzt3gaVoN9SidLhQeWhCmHk3AKrboDTpPF5b7Pt7vKu3+oeMjznM2Eu1ow==", + "version": "3.1060.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.1060.0.tgz", + "integrity": "sha512-6NZaMKkFhpaNiwLpHi1sZaYjidL/lCJE6ME6NxwA8gv9vQna+Kr0j4OFwVoz6tANRWM3WbGz6jiPsGX/Vkjwow==", "license": "Apache-2.0", "dependencies": { - "@aws-sdk/core": "^3.974.12", - "@aws-sdk/nested-clients": "^3.997.10", - "@aws-sdk/types": "^3.973.8", - "@smithy/core": "^3.24.2", - "@smithy/types": "^4.14.1", + "@aws-sdk/core": "^3.974.17", + "@aws-sdk/nested-clients": "^3.997.15", + "@aws-sdk/types": "^3.973.10", + "@smithy/core": "^3.24.6", + "@smithy/types": "^4.14.3", "tslib": "^2.6.2" }, "engines": { @@ -376,12 +375,12 @@ } }, "node_modules/@aws-sdk/types": { - "version": "3.973.9", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.973.9.tgz", - "integrity": "sha512-kuBfgQVdcz5Bmapc4A13YbpVw/pXkesfhetcFYwbntqas8sF41OHyd4o28+/TG2ZQdHBsv90Lsu5y6oitvYCdg==", + "version": "3.973.10", + "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.973.10.tgz", + "integrity": "sha512-992QrTO7G9qCvKD0fx1rMlqcL14plUcRAbwmqqYVsuF3GrqcvlAL9qxR+baMafarEZ+l7DUQ5lCMmt5mbMhF7g==", "license": "Apache-2.0", "dependencies": { - "@smithy/types": "^4.14.2", + "@smithy/types": "^4.14.3", "tslib": "^2.6.2" }, "engines": { @@ -401,12 +400,12 @@ } }, "node_modules/@aws-sdk/xml-builder": { - "version": "3.972.26", - "resolved": "https://registry.npmjs.org/@aws-sdk/xml-builder/-/xml-builder-3.972.26.tgz", - "integrity": "sha512-cDbrqvDS73whl6YAPSPq0U6whzG6UWI9PuWh0wrUuGoZexhWEqhdunbukV7iBoaWnFV1AODutM5hOD6rtn439g==", + "version": "3.972.27", + "resolved": "https://registry.npmjs.org/@aws-sdk/xml-builder/-/xml-builder-3.972.27.tgz", + "integrity": "sha512-hpsCXCOI436kxWpjtRuIHVvuPP81MOw8f18jzfZeg+UOiiOvlqWcmWChzEhJEu16cOC6+ku4ncBN+7rdt+DZ9g==", "license": "Apache-2.0", "dependencies": { - "@smithy/types": "^4.14.2", + "@smithy/types": "^4.14.3", "fast-xml-parser": "5.7.3", "tslib": "^2.6.2" }, @@ -2320,13 +2319,13 @@ } }, "node_modules/@smithy/core": { - "version": "3.24.5", - "resolved": "https://registry.npmjs.org/@smithy/core/-/core-3.24.5.tgz", - "integrity": "sha512-Kt8phUg45M15EjhYAbZ+fFikYneijLu9Liugz8ZsYz2i8j0hzGv27LWKpEHYRfvj+LyCOSijpcR/2i8RouV+cA==", + "version": "3.24.6", + "resolved": "https://registry.npmjs.org/@smithy/core/-/core-3.24.6.tgz", + "integrity": "sha512-wBXDRup6UU97VKyaiRo8AssnfStPtG0oAAfpq/bC0a1YYau8pM86YB4kM6ccoVi1mS8l/UHbn9oDM+7uozr/ug==", "license": "Apache-2.0", "dependencies": { "@aws-crypto/crc32": "5.2.0", - "@smithy/types": "^4.14.2", + "@smithy/types": "^4.14.3", "tslib": "^2.6.2" }, "engines": { @@ -2334,13 +2333,13 @@ } }, "node_modules/@smithy/credential-provider-imds": { - "version": "4.3.3", - "resolved": "https://registry.npmjs.org/@smithy/credential-provider-imds/-/credential-provider-imds-4.3.3.tgz", - "integrity": "sha512-I2Bti0DKFo2IJyN28ijCsx51BAumEYR4/1yZ1FXyBygy9MqbnMqCev4JPth/MbpRfBSRAX35hITSnAdJRo1u5w==", + "version": "4.3.7", + "resolved": "https://registry.npmjs.org/@smithy/credential-provider-imds/-/credential-provider-imds-4.3.7.tgz", + "integrity": "sha512-xj8gq/bjFABAh6qWPSDCYcY3kzQIm4b561C+YnHH4zGq8rOgzQ3Shk+JGlpUxSd41UGiO6FkLdUCtNX1FAeHgg==", "license": "Apache-2.0", "dependencies": { - "@smithy/core": "^3.24.3", - "@smithy/types": "^4.14.2", + "@smithy/core": "^3.24.6", + "@smithy/types": "^4.14.3", "tslib": "^2.6.2" }, "engines": { @@ -2348,13 +2347,13 @@ } }, "node_modules/@smithy/fetch-http-handler": { - "version": "5.4.3", - "resolved": "https://registry.npmjs.org/@smithy/fetch-http-handler/-/fetch-http-handler-5.4.3.tgz", - "integrity": "sha512-F+DRf8IJazRJgYog2A/yJK7eYVc0rqTlRzO+5ZxjJd4WkZoKz0IJRncf7G6t1pdVT3kryJcwuTFhN1c5m6N47A==", + "version": "5.4.6", + "resolved": "https://registry.npmjs.org/@smithy/fetch-http-handler/-/fetch-http-handler-5.4.6.tgz", + "integrity": "sha512-FEwEYJ1jlBKdhe9TPzfghEi1bP55ZeEImlDkEa62bBBYzUcnB6RUCyuiS2mqKt6ZVjUbBgcNhzfIctH+Hevx9g==", "license": "Apache-2.0", "dependencies": { - "@smithy/core": "^3.24.3", - "@smithy/types": "^4.14.2", + "@smithy/core": "^3.24.6", + "@smithy/types": "^4.14.3", "tslib": "^2.6.2" }, "engines": { @@ -2374,13 +2373,13 @@ } }, "node_modules/@smithy/node-http-handler": { - "version": "4.7.3", - "resolved": "https://registry.npmjs.org/@smithy/node-http-handler/-/node-http-handler-4.7.3.tgz", - "integrity": "sha512-/jPhevcTFPMVl6KNjbaI47iOg1zxC7IsnX4PQDGVZKMFceOXtB8IEYaB7a9VvkP/3oC60WzTeKocvSI7vLT0vA==", + "version": "4.7.6", + "resolved": "https://registry.npmjs.org/@smithy/node-http-handler/-/node-http-handler-4.7.6.tgz", + "integrity": "sha512-3fya8i7GrJilQouk4cZJKdy5k8MWQBpjfXrRNaXDedH8r779tr0jcxyH3+yoTmsluc2+vF4S343yFbnvu8ExDQ==", "license": "Apache-2.0", "dependencies": { - "@smithy/core": "^3.24.3", - "@smithy/types": "^4.14.2", + "@smithy/core": "^3.24.6", + "@smithy/types": "^4.14.3", "tslib": "^2.6.2" }, "engines": { @@ -2402,13 +2401,13 @@ } }, "node_modules/@smithy/signature-v4": { - "version": "5.4.5", - "resolved": "https://registry.npmjs.org/@smithy/signature-v4/-/signature-v4-5.4.5.tgz", - "integrity": "sha512-QBJKWGqIknH0dc9LWpfH1mkdokAx6iXYN3UcQ3eY6uIEyScuoQAhfl94ge7ozUy9WgFUdE8xsvwBjaYBbWmPNA==", + "version": "5.4.6", + "resolved": "https://registry.npmjs.org/@smithy/signature-v4/-/signature-v4-5.4.6.tgz", + "integrity": "sha512-Ojg4B6oIDlIr1R86xCDJt1zJWnYa0VINmqdjfe9qxWjdRivHalZ3iSlQgVqYbW0MdpFOC5XfHEWsnbmdnpIILQ==", "license": "Apache-2.0", "dependencies": { - "@smithy/core": "^3.24.5", - "@smithy/types": "^4.14.2", + "@smithy/core": "^3.24.6", + "@smithy/types": "^4.14.3", "tslib": "^2.6.2" }, "engines": { @@ -2416,9 +2415,9 @@ } }, "node_modules/@smithy/types": { - "version": "4.14.2", - "resolved": "https://registry.npmjs.org/@smithy/types/-/types-4.14.2.tgz", - "integrity": "sha512-P+otAxbV4CqBybp7EkcJCrig63yE2E7PuNVOmilVMRcx/O+QDzGULTrKsq4DV13gSfak9ObPrWaHl/9bL5YcWw==", + "version": "4.14.3", + "resolved": "https://registry.npmjs.org/@smithy/types/-/types-4.14.3.tgz", + "integrity": "sha512-YupL0ZWmFtJexUN2cHzkvvF/b9pKrtAIfT1o7/oY/Ppu8IYeZ+lDPM5vZdQJaSeA132dJCqojjGC9NhXeF71VQ==", "license": "Apache-2.0", "dependencies": { "tslib": "^2.6.2" diff --git a/package.json b/package.json index 15bafe5..486e3cf 100644 --- a/package.json +++ b/package.json @@ -34,7 +34,7 @@ }, "dependencies": { "@actions/core": "^3.0.1", - "@aws-sdk/client-sts": "^3.1049.0", + "@aws-sdk/client-sts": "^3.1061.0", "@smithy/node-http-handler": "^4.7.3", "proxy-agent": "^8.0.1" }, From bf27562715cab5a13ce60351aaef8fae74b31789 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Wed, 3 Jun 2026 21:53:30 +0000 Subject: [PATCH 12/16] chore: Update dist --- THIRD-PARTY | 42 +++++++------- dist/index.js | 150 +++++++++++++++++++++++++++++++------------------- 2 files changed, 113 insertions(+), 79 deletions(-) diff --git a/THIRD-PARTY b/THIRD-PARTY index 22b13a3..59cc215 100644 --- a/THIRD-PARTY +++ b/THIRD-PARTY @@ -644,7 +644,7 @@ Apache License The following npm package may be included in this product: - - @aws-sdk/client-sts@3.1049.0 + - @aws-sdk/client-sts@3.1061.0 This package contains the following license: @@ -854,9 +854,9 @@ Apache License The following npm packages may be included in this product: - - @aws-sdk/signature-v4-multi-region@3.996.27 - - @smithy/core@3.24.5 - - @smithy/types@4.14.2 + - @aws-sdk/signature-v4-multi-region@3.996.31 + - @smithy/core@3.24.6 + - @smithy/types@4.14.3 These packages each contain the following license: @@ -1254,7 +1254,7 @@ SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. The following npm package may be included in this product: - - @aws-sdk/core@3.974.15 + - @aws-sdk/core@3.974.17 This package contains the following license: @@ -1674,18 +1674,18 @@ Apache License The following npm packages may be included in this product: - - @aws-sdk/credential-provider-env@3.972.41 - - @aws-sdk/credential-provider-ini@3.972.42 - - @aws-sdk/credential-provider-node@3.972.43 - - @aws-sdk/token-providers@3.1049.0 - - @aws-sdk/types@3.973.9 + - @aws-sdk/credential-provider-env@3.972.43 + - @aws-sdk/credential-provider-ini@3.972.48 + - @aws-sdk/credential-provider-node@3.972.50 + - @aws-sdk/token-providers@3.1060.0 + - @aws-sdk/types@3.973.10 - @aws-sdk/util-locate-window@3.965.5 - - @aws-sdk/xml-builder@3.972.26 - - @smithy/credential-provider-imds@4.3.3 - - @smithy/fetch-http-handler@5.4.3 + - @aws-sdk/xml-builder@3.972.27 + - @smithy/credential-provider-imds@4.3.7 + - @smithy/fetch-http-handler@5.4.6 - @smithy/is-array-buffer@2.2.0 - - @smithy/node-http-handler@4.7.3 - - @smithy/signature-v4@5.4.5 + - @smithy/node-http-handler@4.7.6 + - @smithy/signature-v4@5.4.6 - @smithy/util-buffer-from@2.2.0 - @smithy/util-utf8@2.3.0 @@ -1897,9 +1897,9 @@ Apache License The following npm packages may be included in this product: - - @aws-sdk/credential-provider-process@3.972.38 - - @aws-sdk/credential-provider-sso@3.972.42 - - @aws-sdk/credential-provider-web-identity@3.972.42 + - @aws-sdk/credential-provider-process@3.972.43 + - @aws-sdk/credential-provider-sso@3.972.47 + - @aws-sdk/credential-provider-web-identity@3.972.47 These packages each contain the following license: @@ -2109,9 +2109,9 @@ Apache License The following npm packages may be included in this product: - - @aws-sdk/credential-provider-http@3.972.40 - - @aws-sdk/credential-provider-login@3.972.42 - - @aws-sdk/nested-clients@3.997.10 + - @aws-sdk/credential-provider-http@3.972.45 + - @aws-sdk/credential-provider-login@3.972.47 + - @aws-sdk/nested-clients@3.997.15 These packages each contain the following license: diff --git a/dist/index.js b/dist/index.js index 051134f..559d31b 100644 --- a/dist/index.js +++ b/dist/index.js @@ -28857,7 +28857,7 @@ var init_constants4 = __esm({ TRANSIENT_ERROR_CODES = ["TimeoutError", "RequestTimeout", "RequestTimeoutException"]; TRANSIENT_ERROR_STATUS_CODES = [500, 502, 503, 504]; NODEJS_TIMEOUT_ERROR_CODES = ["ECONNRESET", "ECONNREFUSED", "EPIPE", "ETIMEDOUT"]; - NODEJS_NETWORK_ERROR_CODES = ["EHOSTUNREACH", "ENETUNREACH", "ENOTFOUND"]; + NODEJS_NETWORK_ERROR_CODES = ["EHOSTUNREACH", "ENETUNREACH", "ENOTFOUND", "EAI_AGAIN"]; } }); @@ -29019,9 +29019,6 @@ function bindRetryMiddleware(isStreamingPayload2) { try { retryToken = await retryStrategy.refreshRetryTokenForRetry(retryToken, retryErrorInfo); } catch (refreshError) { - if (typeof refreshError.$backoff === "number") { - await cooldown(refreshError.$backoff); - } if (!lastError.$metadata) { lastError.$metadata = {}; } @@ -29031,8 +29028,10 @@ function bindRetryMiddleware(isStreamingPayload2) { } attempts = retryToken.getRetryCount(); const delay = retryToken.getRetryDelay(); - totalRetryDelay += delay; - await cooldown(delay); + totalRetryDelay += (retryToken?.$retryLog?.acquisitionDelay ?? 0) + delay; + if (delay > 0) { + await cooldown(delay); + } } } } else { @@ -29267,6 +29266,9 @@ var init_DefaultRetryToken = __esm({ count; cost; longPoll; + $retryLog = { + acquisitionDelay: 0 + }; constructor(delay, count, cost, longPoll) { this.delay = delay; this.count = count; @@ -29318,8 +29320,8 @@ var init_StandardRetryStrategy = __esm({ }; StandardRetryStrategy = class { mode = RETRY_MODES.STANDARD; - capacity = INITIAL_RETRY_TOKENS; retryBackoffStrategy; + capacity = INITIAL_RETRY_TOKENS; maxAttemptsProvider; baseDelay; constructor(arg1) { @@ -29353,13 +29355,17 @@ var init_StandardRetryStrategy = __esm({ retryDelay = Math.max(delayFromErrorType, Math.min(errorInfo.retryAfterHint.getTime() - Date.now(), delayFromErrorType + 5e3)); } if (!shouldRetry) { - throw Object.assign(new Error("No retry token available"), { - $backoff: Retry.v2026 && retryCode === refusal.capacity && isLongPoll ? retryDelay : 0 - }); + const longPollBackoff = Retry.v2026 && retryCode === refusal.capacity && isLongPoll ? retryDelay : 0; + if (longPollBackoff > 0) { + await new Promise((r5) => setTimeout(r5, longPollBackoff)); + } } else { const capacityCost = this.getCapacityCost(errorType); this.capacity -= capacityCost; - return new DefaultRetryToken(retryDelay, token.getRetryCount() + 1, capacityCost, token.isLongPoll?.() ?? false); + const nextToken = new DefaultRetryToken(0, token.getRetryCount() + 1, capacityCost, token.isLongPoll?.() ?? false); + await new Promise((r5) => setTimeout(r5, retryDelay)); + nextToken.$retryLog.acquisitionDelay = retryDelay; + return nextToken; } } throw new Error("No retry token available"); @@ -29454,11 +29460,10 @@ var init_ConfiguredRetryStrategy = __esm({ } else { this.computeNextBackoffDelay = computeNextBackoffDelay; } - } - async refreshRetryTokenForRetry(tokenToRenew, errorInfo) { - const token = await super.refreshRetryTokenForRetry(tokenToRenew, errorInfo); - token.getRetryDelay = () => this.computeNextBackoffDelay(token.getRetryCount()); - return token; + this.retryBackoffStrategy.computeNextBackoffDelay = (completedAttempt) => { + const nextAttempt = completedAttempt + 1; + return this.computeNextBackoffDelay(nextAttempt); + }; } }; } @@ -29658,6 +29663,7 @@ var init_configurations = __esm({ init_AdaptiveRetryStrategy(); init_StandardRetryStrategy(); init_config3(); + init_retries_2026_config(); ENV_MAX_ATTEMPTS = "AWS_MAX_ATTEMPTS"; CONFIG_MAX_ATTEMPTS = "max_attempts"; NODE_MAX_ATTEMPT_CONFIG_OPTIONS = { @@ -29683,13 +29689,27 @@ var init_configurations = __esm({ }, default: DEFAULT_MAX_ATTEMPTS }; - resolveRetryConfig = (input) => { + resolveRetryConfig = (input, defaults) => { const { retryStrategy, retryMode } = input; - const maxAttempts = normalizeProvider(input.maxAttempts ?? DEFAULT_MAX_ATTEMPTS); + const { defaultMaxAttempts = DEFAULT_MAX_ATTEMPTS, defaultBaseDelay = Retry.delay() } = defaults ?? {}; + const maxAttemptsProvider = normalizeProvider(input.maxAttempts ?? defaultMaxAttempts); let controller = retryStrategy ? Promise.resolve(retryStrategy) : void 0; - const getDefault = async () => await normalizeProvider(retryMode)() === RETRY_MODES.ADAPTIVE ? new AdaptiveRetryStrategy(maxAttempts) : new StandardRetryStrategy(maxAttempts); + const getDefault = async () => { + const maxAttempts = await maxAttemptsProvider(); + const adaptive = await normalizeProvider(retryMode)() === RETRY_MODES.ADAPTIVE; + if (adaptive) { + return new AdaptiveRetryStrategy(maxAttemptsProvider, { + maxAttempts, + baseDelay: defaultBaseDelay + }); + } + return new StandardRetryStrategy({ + maxAttempts, + baseDelay: defaultBaseDelay + }); + }; return Object.assign(input, { - maxAttempts, + maxAttempts: maxAttemptsProvider, retryStrategy: () => controller ??= getDefault() }); }; @@ -33625,7 +33645,7 @@ var require_package = __commonJS({ module2.exports = { name: "@aws-sdk/client-sts", description: "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native", - version: "3.1049.0", + version: "3.1061.0", scripts: { build: "concurrently 'yarn:build:types' 'yarn:build:es' && yarn build:cjs", "build:cjs": "node ../../scripts/compilation/inline client-sts", @@ -33651,18 +33671,18 @@ var require_package = __commonJS({ dependencies: { "@aws-crypto/sha256-browser": "5.2.0", "@aws-crypto/sha256-js": "5.2.0", - "@aws-sdk/core": "^3.974.12", - "@aws-sdk/credential-provider-node": "^3.972.43", - "@aws-sdk/signature-v4-multi-region": "^3.996.27", - "@aws-sdk/types": "^3.973.8", - "@smithy/core": "^3.24.2", - "@smithy/fetch-http-handler": "^5.4.2", - "@smithy/node-http-handler": "^4.7.2", - "@smithy/types": "^4.14.1", + "@aws-sdk/core": "^3.974.17", + "@aws-sdk/credential-provider-node": "^3.972.50", + "@aws-sdk/signature-v4-multi-region": "^3.996.31", + "@aws-sdk/types": "^3.973.10", + "@smithy/core": "^3.24.6", + "@smithy/fetch-http-handler": "^5.4.6", + "@smithy/node-http-handler": "^4.7.6", + "@smithy/types": "^4.14.3", tslib: "^2.6.2" }, devDependencies: { - "@smithy/snapshot-testing": "^2.1.2", + "@smithy/snapshot-testing": "^2.1.7", "@tsconfig/node20": "20.1.8", "@types/node": "^20.14.8", concurrently: "7.0.0", @@ -33753,7 +33773,6 @@ var require_dist_cjs7 = __commonJS({ var require_dist_cjs8 = __commonJS({ "node_modules/@smithy/credential-provider-imds/dist-cjs/index.js"(exports2) { "use strict"; - var node_url = require("node:url"); var config = (init_config2(), __toCommonJS(config_exports)); var node_http = require("node:http"); var protocols2 = (init_protocols(), __toCommonJS(protocols_exports)); @@ -33838,14 +33857,8 @@ var require_dist_cjs8 = __commonJS({ return buffer.toString(); }; var CMDS_IP = "169.254.170.2"; - var GREENGRASS_HOSTS = { - localhost: true, - "127.0.0.1": true - }; - var GREENGRASS_PROTOCOLS = { - "http:": true, - "https:": true - }; + var GREENGRASS_HOSTS = /* @__PURE__ */ new Set(["localhost", "127.0.0.1"]); + var GREENGRASS_PROTOCOLS = /* @__PURE__ */ new Set(["http:", "https:"]); var getCmdsUri = async ({ logger: logger2 }) => { if (process.env[ENV_CMDS_RELATIVE_URI]) { return { @@ -33854,21 +33867,28 @@ var require_dist_cjs8 = __commonJS({ }; } if (process.env[ENV_CMDS_FULL_URI]) { - const parsed = node_url.parse(process.env[ENV_CMDS_FULL_URI]); - if (!parsed.hostname || !(parsed.hostname in GREENGRASS_HOSTS)) { + let parsed; + try { + parsed = new URL(process.env[ENV_CMDS_FULL_URI]); + } catch { + throw new config.CredentialsProviderError(`${process.env[ENV_CMDS_FULL_URI]} is not a valid container metadata service URL`, { tryNextLink: false, logger: logger2 }); + } + if (!parsed.hostname || !GREENGRASS_HOSTS.has(parsed.hostname)) { throw new config.CredentialsProviderError(`${parsed.hostname} is not a valid container metadata service hostname`, { tryNextLink: false, logger: logger2 }); } - if (!parsed.protocol || !(parsed.protocol in GREENGRASS_PROTOCOLS)) { + if (!parsed.protocol || !GREENGRASS_PROTOCOLS.has(parsed.protocol)) { throw new config.CredentialsProviderError(`${parsed.protocol} is not a valid container metadata service protocol`, { tryNextLink: false, logger: logger2 }); } return { - ...parsed, + protocol: parsed.protocol, + hostname: parsed.hostname, + path: parsed.pathname + parsed.search, port: parsed.port ? parseInt(parsed.port, 10) : void 0 }; } @@ -35107,11 +35127,9 @@ Set AWS_CONTAINER_CREDENTIALS_FULL_URI or AWS_CONTAINER_CREDENTIALS_RELATIVE_URI } const url = new URL(host); (0, checkUrl_1.checkUrl)(url, options.logger); - const requestHandler = node_http_handler_1.NodeHttpHandler.create({ - requestTimeout: options.timeout ?? 1e3, - connectionTimeout: options.timeout ?? 1e3 - }); - return (0, retry_wrapper_1.retryWrapper)(async () => { + const requestHandler = node_http_handler_1.NodeHttpHandler.create({ connectionTimeout: options.timeout ?? 1e3 }); + const requestTimeout = options.timeout ?? 1e3; + const provider = (0, retry_wrapper_1.retryWrapper)(async () => { const request = (0, requestHelpers_1.createGetRequest)(url); if (token) { request.headers.Authorization = token; @@ -35119,12 +35137,19 @@ Set AWS_CONTAINER_CREDENTIALS_FULL_URI or AWS_CONTAINER_CREDENTIALS_RELATIVE_URI request.headers.Authorization = (await promises_1.default.readFile(tokenFile)).toString(); } try { - const result = await requestHandler.handle(request); + const result = await requestHandler.handle(request, { requestTimeout }); return (0, requestHelpers_1.getCredentials)(result.response).then((creds) => (0, client_1.setCredentialFeature)(creds, "CREDENTIALS_HTTP", "z")); } catch (e5) { throw new config_1.CredentialsProviderError(String(e5), { logger: options.logger }); } }, options.maxRetries ?? 3, options.timeout ?? 1e3); + return async () => { + try { + return await provider(); + } finally { + requestHandler.destroy?.(); + } + }; }; exports2.fromHttp = fromHttp; } @@ -35221,7 +35246,7 @@ var init_package = __esm({ "node_modules/@aws-sdk/nested-clients/package.json"() { package_default = { name: "@aws-sdk/nested-clients", - version: "3.997.10", + version: "3.997.15", description: "Nested clients for AWS SDK packages.", main: "./dist-cjs/index.js", module: "./dist-es/index.js", @@ -35250,13 +35275,13 @@ var init_package = __esm({ dependencies: { "@aws-crypto/sha256-browser": "5.2.0", "@aws-crypto/sha256-js": "5.2.0", - "@aws-sdk/core": "^3.974.12", - "@aws-sdk/signature-v4-multi-region": "^3.996.27", - "@aws-sdk/types": "^3.973.8", - "@smithy/core": "^3.24.2", - "@smithy/fetch-http-handler": "^5.4.2", - "@smithy/node-http-handler": "^4.7.2", - "@smithy/types": "^4.14.1", + "@aws-sdk/core": "^3.974.17", + "@aws-sdk/signature-v4-multi-region": "^3.996.31", + "@aws-sdk/types": "^3.973.10", + "@smithy/core": "^3.24.6", + "@smithy/fetch-http-handler": "^5.4.6", + "@smithy/node-http-handler": "^4.7.6", + "@smithy/types": "^4.14.3", tslib: "^2.6.2" }, devDependencies: { @@ -44813,9 +44838,18 @@ var require_dist_cjs18 = __commonJS({ let activeLock; let passiveLock; let credentials; + let forceRefreshLock; const provider = async (options) => { if (options?.forceRefresh) { - return await chain2(options); + if (!forceRefreshLock) { + forceRefreshLock = chain2(options).then((c5) => { + credentials = c5; + }).finally(() => { + forceRefreshLock = void 0; + }); + } + await forceRefreshLock; + return credentials; } if (credentials?.expiration) { if (credentials?.expiration?.getTime() < Date.now()) { From aefb6ea01862373a081f24ffb2b8019f0a275f65 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 3 Jun 2026 21:56:02 +0000 Subject: [PATCH 13/16] chore(deps-dev): bump @smithy/property-provider from 4.3.5 to 4.3.6 (#1816) Bumps [@smithy/property-provider](https://github.com/smithy-lang/smithy-typescript/tree/HEAD/packages/property-provider) from 4.3.5 to 4.3.6. - [Release notes](https://github.com/smithy-lang/smithy-typescript/releases) - [Changelog](https://github.com/smithy-lang/smithy-typescript/blob/main/packages/property-provider/CHANGELOG.md) - [Commits](https://github.com/smithy-lang/smithy-typescript/commits/@smithy/util-retry@4.3.6/packages/property-provider) --- updated-dependencies: - dependency-name: "@smithy/property-provider" dependency-version: 4.3.6 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package-lock.json | 10 +++++----- package.json | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/package-lock.json b/package-lock.json index 86d7541..379b7a0 100644 --- a/package-lock.json +++ b/package-lock.json @@ -17,7 +17,7 @@ "devDependencies": { "@aws-sdk/credential-provider-env": "^3.972.39", "@biomejs/biome": "2.4.16", - "@smithy/property-provider": "^4.3.4", + "@smithy/property-provider": "^4.3.6", "@types/node": "^25.9.1", "@vitest/coverage-v8": "4.1.5", "aws-sdk-client-mock": "^4.1.0", @@ -2387,13 +2387,13 @@ } }, "node_modules/@smithy/property-provider": { - "version": "4.3.5", - "resolved": "https://registry.npmjs.org/@smithy/property-provider/-/property-provider-4.3.5.tgz", - "integrity": "sha512-QNc22/FgfEm/9/rkefShfQUVckH3HWiQ2RPs+40hwAdY65hbg88gombeHwkfMzmVDZjolcyQeyOjnxZRmpavIA==", + "version": "4.3.6", + "resolved": "https://registry.npmjs.org/@smithy/property-provider/-/property-provider-4.3.6.tgz", + "integrity": "sha512-0rhHv1Ww27kajF6qewme2aRtJmKFtSwE6EZ2dj5KxdX/R3ANsUugqTnH0tvpZwGiQ3MOMhetuCGFAeKVv3/Onw==", "dev": true, "license": "Apache-2.0", "dependencies": { - "@smithy/core": "^3.24.5", + "@smithy/core": "^3.24.6", "tslib": "^2.6.2" }, "engines": { diff --git a/package.json b/package.json index 486e3cf..da9d447 100644 --- a/package.json +++ b/package.json @@ -19,7 +19,7 @@ "devDependencies": { "@aws-sdk/credential-provider-env": "^3.972.39", "@biomejs/biome": "2.4.16", - "@smithy/property-provider": "^4.3.4", + "@smithy/property-provider": "^4.3.6", "@types/node": "^25.9.1", "@vitest/coverage-v8": "4.1.5", "aws-sdk-client-mock": "^4.1.0", From d63f12fba56631014a22d4a54ed8058752f78b67 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 3 Jun 2026 21:58:21 +0000 Subject: [PATCH 14/16] chore(deps-dev): bump memfs from 4.57.2 to 4.57.6 (#1813) Bumps [memfs](https://github.com/streamich/memfs) from 4.57.2 to 4.57.6. - [Release notes](https://github.com/streamich/memfs/releases) - [Changelog](https://github.com/streamich/memfs/blob/master/CHANGELOG.md) - [Commits](https://github.com/streamich/memfs/compare/v4.57.2...v4.57.6) --- updated-dependencies: - dependency-name: memfs dependency-version: 4.57.6 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package-lock.json | 104 +++++++++++++++++++++++----------------------- package.json | 2 +- 2 files changed, 53 insertions(+), 53 deletions(-) diff --git a/package-lock.json b/package-lock.json index 379b7a0..b340ca9 100644 --- a/package-lock.json +++ b/package-lock.json @@ -25,7 +25,7 @@ "generate-license-file": "^4.2.1", "json-schema": "^0.4.0", "markdownlint-cli": "^0.48.0", - "memfs": "^4.57.2", + "memfs": "^4.57.6", "standard-version": "^9.5.0", "typescript": "^6.0.3", "vitest": "4.1.5" @@ -1273,14 +1273,14 @@ } }, "node_modules/@jsonjoy.com/fs-core": { - "version": "4.57.2", - "resolved": "https://registry.npmjs.org/@jsonjoy.com/fs-core/-/fs-core-4.57.2.tgz", - "integrity": "sha512-SVjwklkpIV5wrynpYtuYnfYH1QF4/nDuLBX7VXdb+3miglcAgBVZb/5y0cOsehRV/9Vb+3UqhkMq3/NR3ztdkQ==", + "version": "4.57.6", + "resolved": "https://registry.npmjs.org/@jsonjoy.com/fs-core/-/fs-core-4.57.6.tgz", + "integrity": "sha512-uI++Wx6VkBJqVmkb4ZeExwAVpZiA2Do5NrEtXoDk0Pdvce3ytFXJoviT1sLOj16+qDIMnD5nWPfOhVpnDmRJKg==", "dev": true, "license": "Apache-2.0", "dependencies": { - "@jsonjoy.com/fs-node-builtins": "4.57.2", - "@jsonjoy.com/fs-node-utils": "4.57.2", + "@jsonjoy.com/fs-node-builtins": "4.57.6", + "@jsonjoy.com/fs-node-utils": "4.57.6", "thingies": "^2.5.0" }, "engines": { @@ -1295,15 +1295,15 @@ } }, "node_modules/@jsonjoy.com/fs-fsa": { - "version": "4.57.2", - "resolved": "https://registry.npmjs.org/@jsonjoy.com/fs-fsa/-/fs-fsa-4.57.2.tgz", - "integrity": "sha512-fhO8+iR2I+OCw668ISDJdn1aArc9zx033sWejIyzQ8RBeXa9bDSaUeA3ix0poYOfrj1KdOzytmYNv2/uLDfV6g==", + "version": "4.57.6", + "resolved": "https://registry.npmjs.org/@jsonjoy.com/fs-fsa/-/fs-fsa-4.57.6.tgz", + "integrity": "sha512-pKkw/yC5CzSZKhIIUIsH1przOa+K5jGmZIg1sWaSF24JojyrUFbjcQv7QrcGAudriei6HQ6R0BFj+V8NbQinJw==", "dev": true, "license": "Apache-2.0", "dependencies": { - "@jsonjoy.com/fs-core": "4.57.2", - "@jsonjoy.com/fs-node-builtins": "4.57.2", - "@jsonjoy.com/fs-node-utils": "4.57.2", + "@jsonjoy.com/fs-core": "4.57.6", + "@jsonjoy.com/fs-node-builtins": "4.57.6", + "@jsonjoy.com/fs-node-utils": "4.57.6", "thingies": "^2.5.0" }, "engines": { @@ -1318,17 +1318,17 @@ } }, "node_modules/@jsonjoy.com/fs-node": { - "version": "4.57.2", - "resolved": "https://registry.npmjs.org/@jsonjoy.com/fs-node/-/fs-node-4.57.2.tgz", - "integrity": "sha512-nX2AdL6cOFwLdju9G4/nbRnYevmCJbh7N7hvR3gGm97Cs60uEjyd0rpR+YBS7cTg175zzl22pGKXR5USaQMvKg==", + "version": "4.57.6", + "resolved": "https://registry.npmjs.org/@jsonjoy.com/fs-node/-/fs-node-4.57.6.tgz", + "integrity": "sha512-Kbn1jdkvDN4F2+BhoB6mMu7NCbhP0bgA5NcI1aJj/Q5UcU+I1JLLW+dEQean33iV4tXv35AzBVKPICnDltBpxw==", "dev": true, "license": "Apache-2.0", "dependencies": { - "@jsonjoy.com/fs-core": "4.57.2", - "@jsonjoy.com/fs-node-builtins": "4.57.2", - "@jsonjoy.com/fs-node-utils": "4.57.2", - "@jsonjoy.com/fs-print": "4.57.2", - "@jsonjoy.com/fs-snapshot": "4.57.2", + "@jsonjoy.com/fs-core": "4.57.6", + "@jsonjoy.com/fs-node-builtins": "4.57.6", + "@jsonjoy.com/fs-node-utils": "4.57.6", + "@jsonjoy.com/fs-print": "4.57.6", + "@jsonjoy.com/fs-snapshot": "4.57.6", "glob-to-regex.js": "^1.0.0", "thingies": "^2.5.0" }, @@ -1344,9 +1344,9 @@ } }, "node_modules/@jsonjoy.com/fs-node-builtins": { - "version": "4.57.2", - "resolved": "https://registry.npmjs.org/@jsonjoy.com/fs-node-builtins/-/fs-node-builtins-4.57.2.tgz", - "integrity": "sha512-xhiegylRmhw43Ki2HO1ZBL7DQ5ja/qpRsL29VtQ2xuUHiuDGbgf2uD4p9Qd8hJI5P6RCtGYD50IXHXVq/Ocjcg==", + "version": "4.57.6", + "resolved": "https://registry.npmjs.org/@jsonjoy.com/fs-node-builtins/-/fs-node-builtins-4.57.6.tgz", + "integrity": "sha512-V4DgEFT3Cg5S9fCMOZSCVdTxdJWWLBO0WnAazV7hnCM96u5zXHyW/ubDAfcSVwqjkMJ50W1Y44IXtxRoIwaCVg==", "dev": true, "license": "Apache-2.0", "engines": { @@ -1361,15 +1361,15 @@ } }, "node_modules/@jsonjoy.com/fs-node-to-fsa": { - "version": "4.57.2", - "resolved": "https://registry.npmjs.org/@jsonjoy.com/fs-node-to-fsa/-/fs-node-to-fsa-4.57.2.tgz", - "integrity": "sha512-18LmWTSONhoAPW+IWRuf8w/+zRolPFGPeGwMxlAhhfY11EKzX+5XHDBPAw67dBF5dxDErHJbl40U+3IXSDRXSQ==", + "version": "4.57.6", + "resolved": "https://registry.npmjs.org/@jsonjoy.com/fs-node-to-fsa/-/fs-node-to-fsa-4.57.6.tgz", + "integrity": "sha512-+JptNw3iifihxH2rEXrninDzX4FFVW8JD/wPR8GbJPAeL9CQUSblrlumOPB5gZuS7tYRX+PJPLtT7XzKoRhv/Q==", "dev": true, "license": "Apache-2.0", "dependencies": { - "@jsonjoy.com/fs-fsa": "4.57.2", - "@jsonjoy.com/fs-node-builtins": "4.57.2", - "@jsonjoy.com/fs-node-utils": "4.57.2" + "@jsonjoy.com/fs-fsa": "4.57.6", + "@jsonjoy.com/fs-node-builtins": "4.57.6", + "@jsonjoy.com/fs-node-utils": "4.57.6" }, "engines": { "node": ">=10.0" @@ -1383,13 +1383,13 @@ } }, "node_modules/@jsonjoy.com/fs-node-utils": { - "version": "4.57.2", - "resolved": "https://registry.npmjs.org/@jsonjoy.com/fs-node-utils/-/fs-node-utils-4.57.2.tgz", - "integrity": "sha512-rsPSJgekz43IlNbLyAM/Ab+ouYLWGp5DDBfYBNNEqDaSpsbXfthBn29Q4muFA9L0F+Z3mKo+CWlgSCXrf+mOyQ==", + "version": "4.57.6", + "resolved": "https://registry.npmjs.org/@jsonjoy.com/fs-node-utils/-/fs-node-utils-4.57.6.tgz", + "integrity": "sha512-foyUrfS7WmYEUzqYXSNxmJBcSj04TABrkpFabwO9SCDCpVCfJ+qG+2sk5FjfiflG2n0SDFZDCJ6vYlJAEpxJFg==", "dev": true, "license": "Apache-2.0", "dependencies": { - "@jsonjoy.com/fs-node-builtins": "4.57.2" + "@jsonjoy.com/fs-node-builtins": "4.57.6" }, "engines": { "node": ">=10.0" @@ -1403,13 +1403,13 @@ } }, "node_modules/@jsonjoy.com/fs-print": { - "version": "4.57.2", - "resolved": "https://registry.npmjs.org/@jsonjoy.com/fs-print/-/fs-print-4.57.2.tgz", - "integrity": "sha512-wK9NSow48i4DbDl9F1CQE5TqnyZOJ04elU3WFG5aJ76p+YxO/ulyBBQvKsessPxdo381Bc2pcEoyPujMOhcRqQ==", + "version": "4.57.6", + "resolved": "https://registry.npmjs.org/@jsonjoy.com/fs-print/-/fs-print-4.57.6.tgz", + "integrity": "sha512-96eAn4Dudtt67LTeuU47yUD+pg9/G/oKpI10zei9ljk3X3WK4lYKc+n3cpaPCAbKPzoyfxl0mXm8f8Y7BOSFXw==", "dev": true, "license": "Apache-2.0", "dependencies": { - "@jsonjoy.com/fs-node-utils": "4.57.2", + "@jsonjoy.com/fs-node-utils": "4.57.6", "tree-dump": "^1.1.0" }, "engines": { @@ -1424,14 +1424,14 @@ } }, "node_modules/@jsonjoy.com/fs-snapshot": { - "version": "4.57.2", - "resolved": "https://registry.npmjs.org/@jsonjoy.com/fs-snapshot/-/fs-snapshot-4.57.2.tgz", - "integrity": "sha512-GdduDZuoP5V/QCgJkx9+BZ6SC0EZ/smXAdTS7PfMqgMTGXLlt/bH/FqMYaqB9JmLf05sJPtO0XRbAwwkEEPbVw==", + "version": "4.57.6", + "resolved": "https://registry.npmjs.org/@jsonjoy.com/fs-snapshot/-/fs-snapshot-4.57.6.tgz", + "integrity": "sha512-V57CMzbOgTzUWGOWQ8GzHQdpJP6JnrYVNCtTBNxVYEnlVRvo4uEJqHhtAT8vhDFrIuJOXLrTL1Fki4h5oI7xxg==", "dev": true, "license": "Apache-2.0", "dependencies": { "@jsonjoy.com/buffers": "^17.65.0", - "@jsonjoy.com/fs-node-utils": "4.57.2", + "@jsonjoy.com/fs-node-utils": "4.57.6", "@jsonjoy.com/json-pack": "^17.65.0", "@jsonjoy.com/util": "^17.65.0" }, @@ -5670,20 +5670,20 @@ "license": "MIT" }, "node_modules/memfs": { - "version": "4.57.2", - "resolved": "https://registry.npmjs.org/memfs/-/memfs-4.57.2.tgz", - "integrity": "sha512-2nWzSsJzrukurSDna4Z0WywuScK4Id3tSKejgu74u8KCdW4uNrseKRSIDg75C6Yw5ZRqBe0F0EtMNlTbUq8bAQ==", + "version": "4.57.6", + "resolved": "https://registry.npmjs.org/memfs/-/memfs-4.57.6.tgz", + "integrity": "sha512-WQK+DGjKCnPdpSyJUXphz+COF2uEhhsxQ3VIWBSbzpbbXuch3h4FePMqXrXGdLjsTgo4JFzBFsP6AWd9pVazGw==", "dev": true, "license": "Apache-2.0", "dependencies": { - "@jsonjoy.com/fs-core": "4.57.2", - "@jsonjoy.com/fs-fsa": "4.57.2", - "@jsonjoy.com/fs-node": "4.57.2", - "@jsonjoy.com/fs-node-builtins": "4.57.2", - "@jsonjoy.com/fs-node-to-fsa": "4.57.2", - "@jsonjoy.com/fs-node-utils": "4.57.2", - "@jsonjoy.com/fs-print": "4.57.2", - "@jsonjoy.com/fs-snapshot": "4.57.2", + "@jsonjoy.com/fs-core": "4.57.6", + "@jsonjoy.com/fs-fsa": "4.57.6", + "@jsonjoy.com/fs-node": "4.57.6", + "@jsonjoy.com/fs-node-builtins": "4.57.6", + "@jsonjoy.com/fs-node-to-fsa": "4.57.6", + "@jsonjoy.com/fs-node-utils": "4.57.6", + "@jsonjoy.com/fs-print": "4.57.6", + "@jsonjoy.com/fs-snapshot": "4.57.6", "@jsonjoy.com/json-pack": "^1.11.0", "@jsonjoy.com/util": "^1.9.0", "glob-to-regex.js": "^1.0.1", diff --git a/package.json b/package.json index da9d447..1d9a306 100644 --- a/package.json +++ b/package.json @@ -27,7 +27,7 @@ "generate-license-file": "^4.2.1", "json-schema": "^0.4.0", "markdownlint-cli": "^0.48.0", - "memfs": "^4.57.2", + "memfs": "^4.57.6", "standard-version": "^9.5.0", "typescript": "^6.0.3", "vitest": "4.1.5" From 89a34d9b83f961b1c94aa5dd5121c4db254f0610 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 3 Jun 2026 22:04:30 +0000 Subject: [PATCH 15/16] chore(deps-dev): bump vitest from 4.1.5 to 4.1.8 (#1815) * chore(deps-dev): bump vitest from 4.1.5 to 4.1.8 Bumps [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) from 4.1.5 to 4.1.8. - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.8/packages/vitest) --- updated-dependencies: - dependency-name: vitest dependency-version: 4.1.8 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] * chore(deps-dev): bump vitest and coverage-v8 to 4.1.8 --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Tom Keller --- package-lock.json | 254 +++++++++++++++++++++++----------------------- package.json | 4 +- 2 files changed, 129 insertions(+), 129 deletions(-) diff --git a/package-lock.json b/package-lock.json index b340ca9..619069c 100644 --- a/package-lock.json +++ b/package-lock.json @@ -19,7 +19,7 @@ "@biomejs/biome": "2.4.16", "@smithy/property-provider": "^4.3.6", "@types/node": "^25.9.1", - "@vitest/coverage-v8": "4.1.5", + "@vitest/coverage-v8": "4.1.8", "aws-sdk-client-mock": "^4.1.0", "esbuild": "^0.28.0", "generate-license-file": "^4.2.1", @@ -28,7 +28,7 @@ "memfs": "^4.57.6", "standard-version": "^9.5.0", "typescript": "^6.0.3", - "vitest": "4.1.5" + "vitest": "4.1.8" }, "engines": { "node": ">= 16.3.0" @@ -1924,9 +1924,9 @@ } }, "node_modules/@oxc-project/types": { - "version": "0.132.0", - "resolved": "https://registry.npmjs.org/@oxc-project/types/-/types-0.132.0.tgz", - "integrity": "sha512-FESMOxil5Se014ui/Eq8fT5uHJo6nIRwH0PfJrZJXs6Gek3ZVFOrpUv3YIZT20m+extU98Hg1Ym72U58rlsxUQ==", + "version": "0.133.0", + "resolved": "https://registry.npmjs.org/@oxc-project/types/-/types-0.133.0.tgz", + "integrity": "sha512-KzkdCd6Uxqnf6l3HOw1xfatAlUURA0g14cvBYFyJ5SaNOQbOUvBr9PKArcPcrNIeRsBdgcUzOGrhKveVpvOIGA==", "dev": true, "license": "MIT", "funding": { @@ -1934,9 +1934,9 @@ } }, "node_modules/@rolldown/binding-android-arm64": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/@rolldown/binding-android-arm64/-/binding-android-arm64-1.0.2.tgz", - "integrity": "sha512-ZS4D1JPGn/MYQN/SYDWftIE/nVsM8j/AFOYEzAoOE2O3NktQOZru+/vYXGbR/qtdLdIfGCP0lcoJiYVzsEz+iQ==", + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/@rolldown/binding-android-arm64/-/binding-android-arm64-1.0.3.tgz", + "integrity": "sha512-454rs7jHngixp/NMxd5srYD57OnzSlZ/eFTETjORQHLwJG1lRtmNOJcBerZlfu4GjKqeq8aCCIQrMdHyhI51Hw==", "cpu": [ "arm64" ], @@ -1951,9 +1951,9 @@ } }, "node_modules/@rolldown/binding-darwin-arm64": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/@rolldown/binding-darwin-arm64/-/binding-darwin-arm64-1.0.2.tgz", - "integrity": "sha512-vdFA9+C/rekyGce7WqHs/xoT0ioZEWaOFyZLIV1mEeNFaFDUQrPIo8Vs2GvJ6eetb3rzDUtUBgzto3ExpXJB3w==", + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/@rolldown/binding-darwin-arm64/-/binding-darwin-arm64-1.0.3.tgz", + "integrity": "sha512-PcAhP+ynjURNyy8SKGl5DQP94aGuB/7JrXJb/t7P+hanXvQVMWzUvRRhBAcg/lNRadBhoUPqSoP4xw5tR/KBEA==", "cpu": [ "arm64" ], @@ -1968,9 +1968,9 @@ } }, "node_modules/@rolldown/binding-darwin-x64": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/@rolldown/binding-darwin-x64/-/binding-darwin-x64-1.0.2.tgz", - "integrity": "sha512-BewSOwTHazv77DTYiAZXSqqKZ4KP/KonFisDMVU7PImxoWfB2aepnPhd2E4SWz3zDzYgDNbs6jBmTdgNnF02GA==", + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/@rolldown/binding-darwin-x64/-/binding-darwin-x64-1.0.3.tgz", + "integrity": "sha512-9YpfeUvSE2RS7wysJ81uOZkXJz7f7Q55H2Gvp3VEw/EsahqDtrphrZ0EwDLK5vvKOzaCrBsjF8JmnMLcUt78Gg==", "cpu": [ "x64" ], @@ -1985,9 +1985,9 @@ } }, "node_modules/@rolldown/binding-freebsd-x64": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/@rolldown/binding-freebsd-x64/-/binding-freebsd-x64-1.0.2.tgz", - "integrity": "sha512-m41o7M0YWtUdqk61Tb+jnKb2rN++iRdIASlExkUoKfIAH30DOHCB8fVLzSUpbWHHU8esmEioY62PxzexE8MBuA==", + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/@rolldown/binding-freebsd-x64/-/binding-freebsd-x64-1.0.3.tgz", + "integrity": "sha512-yB1IlAsSNHncV6SCTL27/MVGR5htvQsoGxIv5KMGXALp+Ll1wYsn+x98M9MW7qa+NdSbvrrY7ANI4wLJ0n1e6g==", "cpu": [ "x64" ], @@ -2002,9 +2002,9 @@ } }, "node_modules/@rolldown/binding-linux-arm-gnueabihf": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-arm-gnueabihf/-/binding-linux-arm-gnueabihf-1.0.2.tgz", - "integrity": "sha512-jcojB9H7W/jS29pMKWAK1N+fU99vXodHDTatS3b3y/XSOCiHo0kkA74pL3jJmkoQtYpOCxDvaKs1fo2Ij/1X5w==", + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-arm-gnueabihf/-/binding-linux-arm-gnueabihf-1.0.3.tgz", + "integrity": "sha512-Yi30IVAAfLUCy2MseFjbB1jAMDl1VMCAas5StnYp8da9+CKvMd2H2cbEjWcw5NPaPqzvYkVIaF1nNUG+b7u/sw==", "cpu": [ "arm" ], @@ -2019,9 +2019,9 @@ } }, "node_modules/@rolldown/binding-linux-arm64-gnu": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-arm64-gnu/-/binding-linux-arm64-gnu-1.0.2.tgz", - "integrity": "sha512-1jn6qDU5iiOgFgygDzKUuKP0maTi0/f1+sBLgvij/76C77Nm3ts6ufz9Bjg5q5dduxiUIxtq86JIoBvo1xQ4Ig==", + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-arm64-gnu/-/binding-linux-arm64-gnu-1.0.3.tgz", + "integrity": "sha512-jsO7R8To+AdlYgUmN5sHSCZbfhtMBkO0WUx8iORQnPcMMdgr7qM2DQmMwgabs3GhNztdmoKkMKQFHD6DTMCIQw==", "cpu": [ "arm64" ], @@ -2036,9 +2036,9 @@ } }, "node_modules/@rolldown/binding-linux-arm64-musl": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-arm64-musl/-/binding-linux-arm64-musl-1.0.2.tgz", - "integrity": "sha512-QVLO/czFMdoMFSqlX3bcswcJNm/23r+qoa/jgtmFc/qEp6/jXmIkDjF/XIo8dPfGaiwy1xfQn8o77L79GeXFgw==", + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-arm64-musl/-/binding-linux-arm64-musl-1.0.3.tgz", + "integrity": "sha512-VWkUHwWriDciit80wleYwKILoR/KMvxh/IdwS/paX+ZgpuRpCrKLUdadJbc0NpBEiyhpYawsJ73j9aCvOH+f7Q==", "cpu": [ "arm64" ], @@ -2053,9 +2053,9 @@ } }, "node_modules/@rolldown/binding-linux-ppc64-gnu": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-ppc64-gnu/-/binding-linux-ppc64-gnu-1.0.2.tgz", - "integrity": "sha512-hgO5Abm0w5UL6FEa2iFnZqo2KlK7TQ5QhV5x09hujBf7t5KzHQ1VmfPuTpqRy/rNlSxua3eWH374xxiVrP+lcA==", + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-ppc64-gnu/-/binding-linux-ppc64-gnu-1.0.3.tgz", + "integrity": "sha512-5f1laC0SlIR0yDbFCd8acUhvJIag6N3zC5P7oUPN6wX0aOma+uKJ0wBDH5aq7I1PVI2ttTlhJwzwRIBnLiSGEg==", "cpu": [ "ppc64" ], @@ -2070,9 +2070,9 @@ } }, "node_modules/@rolldown/binding-linux-s390x-gnu": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-s390x-gnu/-/binding-linux-s390x-gnu-1.0.2.tgz", - "integrity": "sha512-fy8rXxuYEu602abC8MUNaPjYLIFzReOaEIEMKMUa0rFEUxNpVXhs15KSSQ4qlqSaM7B6rcj9rDZgADh/IGDzLQ==", + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-s390x-gnu/-/binding-linux-s390x-gnu-1.0.3.tgz", + "integrity": "sha512-Iq4ko0r4XsgbrF/LunNgHtAGLRRVE2kXonAXQ/MV0mC6jQpMOhW1SvtZja2EhC/kd05++bP78dsqBeIQyYJ6Yg==", "cpu": [ "s390x" ], @@ -2087,9 +2087,9 @@ } }, "node_modules/@rolldown/binding-linux-x64-gnu": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-x64-gnu/-/binding-linux-x64-gnu-1.0.2.tgz", - "integrity": "sha512-0+bOkiQ779+r1WpoHOWHqncvyySci0vKph+myNDYb+im6meJAzHQXay6oEgnkHuUGouM1LKTZwqKpBow6Kj7CQ==", + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-x64-gnu/-/binding-linux-x64-gnu-1.0.3.tgz", + "integrity": "sha512-B8m6tD5+/N5FeNQFbKlLA/2yVq9ycQP1SeedyEYYKWBNR3ZQbkvIUcNnDNM03lO1l5F2roiiFJGgvoLLyZXtSg==", "cpu": [ "x64" ], @@ -2104,9 +2104,9 @@ } }, "node_modules/@rolldown/binding-linux-x64-musl": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-x64-musl/-/binding-linux-x64-musl-1.0.2.tgz", - "integrity": "sha512-mjSkrzZK5Qsl0a9d1JgILOiuZOSDTVdKENcSXBoqbzSrspLR/4/IRVDo5wd2GgZjNss/viBFJdeq+j7qH2nypw==", + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-x64-musl/-/binding-linux-x64-musl-1.0.3.tgz", + "integrity": "sha512-pSdpdUJHkuCxun9LE7jvgUB9qsRgaiyNNCX7m/AvHTcq67AiT/Yhoxvw5zPfhrM8k/BfP8ce/hMOpthKDpEUow==", "cpu": [ "x64" ], @@ -2121,9 +2121,9 @@ } }, "node_modules/@rolldown/binding-openharmony-arm64": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/@rolldown/binding-openharmony-arm64/-/binding-openharmony-arm64-1.0.2.tgz", - "integrity": "sha512-1v5vHasdfQAZoEHakBV72LIFAC9JjnymsiKxp+GEr/ma3+NJCPSaYK+qavInOovJkgwFrs7GccX2d6IgDA3Z5w==", + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/@rolldown/binding-openharmony-arm64/-/binding-openharmony-arm64-1.0.3.tgz", + "integrity": "sha512-OXXS3RKJgX2uLwM+gYyuH5omcH8fL1LJs96pZGgtetVCahON57+d4SJHzTgZiOjxgGkSnpXpOsWuPDGAKAigEg==", "cpu": [ "arm64" ], @@ -2138,9 +2138,9 @@ } }, "node_modules/@rolldown/binding-wasm32-wasi": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/@rolldown/binding-wasm32-wasi/-/binding-wasm32-wasi-1.0.2.tgz", - "integrity": "sha512-mb1VobWn6NheziTk5/WEaR6AKVbrwT5sOi6C7zk3gy/pD1qtJfU1j4PgTo2NJnOtbL9Dl3Aeei8w9jJ7qC2jZQ==", + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/@rolldown/binding-wasm32-wasi/-/binding-wasm32-wasi-1.0.3.tgz", + "integrity": "sha512-JTtb8BWFynicNSoPrehsCzBtOKjZ6jhMiPFEmOiuXg1Fl8dn2KHQob+GuPSGR0dryQa1PQJbzjF3dqO/whhjLg==", "cpu": [ "wasm32" ], @@ -2157,9 +2157,9 @@ } }, "node_modules/@rolldown/binding-win32-arm64-msvc": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/@rolldown/binding-win32-arm64-msvc/-/binding-win32-arm64-msvc-1.0.2.tgz", - "integrity": "sha512-SqKonF56vA/L2yHwHYcEp2P34URpOZ7d1fS635cTkpDnUtEGdUbhI6NzsPdqeSWvAAeGDrxjWjNmibDIdFf9/A==", + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/@rolldown/binding-win32-arm64-msvc/-/binding-win32-arm64-msvc-1.0.3.tgz", + "integrity": "sha512-gEdFFEN70A/jxb2svrWsN3aDL7OUtmvlOy+6fa2jxG8K0wQ1ZbdeLGnidov6Yu5/733dI5ySfzFlQ/cb0bSz1g==", "cpu": [ "arm64" ], @@ -2174,9 +2174,9 @@ } }, "node_modules/@rolldown/binding-win32-x64-msvc": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/@rolldown/binding-win32-x64-msvc/-/binding-win32-x64-msvc-1.0.2.tgz", - "integrity": "sha512-v7qRI7gXLRINcOGXt+7YmAZ6iFuyZVMIoXAxhd8oP+DR9dLfL9GfNIx7PLMxmhZdvq8waUJBQiWN9EKNy+TRBQ==", + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/@rolldown/binding-win32-x64-msvc/-/binding-win32-x64-msvc-1.0.3.tgz", + "integrity": "sha512-eXB7CHuaQdqmJcc3koCNtNPmT/bj2gc999kUFgBxG8Ac0NdgXc4rkCHhqrgrhN3zddvvvrgzj1e90SuSfmyIXA==", "cpu": [ "x64" ], @@ -2592,14 +2592,14 @@ "license": "MIT" }, "node_modules/@vitest/coverage-v8": { - "version": "4.1.5", - "resolved": "https://registry.npmjs.org/@vitest/coverage-v8/-/coverage-v8-4.1.5.tgz", - "integrity": "sha512-38C0/Ddb7HcRG0Z4/DUem8x57d2p9jYgp18mkaYswEOQBGsI1CG4f/hjm0ZCeaJfWhSZ4k7jgs29V1Zom7Ki9A==", + "version": "4.1.8", + "resolved": "https://registry.npmjs.org/@vitest/coverage-v8/-/coverage-v8-4.1.8.tgz", + "integrity": "sha512-lt3kovsyHwYe00wq4D1ti0Z974fWj4NLp6siqiyEufUpyFwK9Yhi7rBhac9JL5aA0zoMrJqc4vYPZRUnI7l7nw==", "dev": true, "license": "MIT", "dependencies": { "@bcoe/v8-coverage": "^1.0.2", - "@vitest/utils": "4.1.5", + "@vitest/utils": "4.1.8", "ast-v8-to-istanbul": "^1.0.0", "istanbul-lib-coverage": "^3.2.2", "istanbul-lib-report": "^3.0.1", @@ -2613,8 +2613,8 @@ "url": "https://opencollective.com/vitest" }, "peerDependencies": { - "@vitest/browser": "4.1.5", - "vitest": "4.1.5" + "@vitest/browser": "4.1.8", + "vitest": "4.1.8" }, "peerDependenciesMeta": { "@vitest/browser": { @@ -2623,16 +2623,16 @@ } }, "node_modules/@vitest/expect": { - "version": "4.1.5", - "resolved": "https://registry.npmjs.org/@vitest/expect/-/expect-4.1.5.tgz", - "integrity": "sha512-PWBaRY5JoKuRnHlUHfpV/KohFylaDZTupcXN1H9vYryNLOnitSw60Mw9IAE2r67NbwwzBw/Cc/8q9BK3kIX8Kw==", + "version": "4.1.8", + "resolved": "https://registry.npmjs.org/@vitest/expect/-/expect-4.1.8.tgz", + "integrity": "sha512-h3nDO677RDLEGlBxyQ5CW8RlMThSKSRLUePLOx09gNIWRL40edgA1GCZSZgf1W55MFAG6/Sw14KeaAnqv0NKdQ==", "dev": true, "license": "MIT", "dependencies": { "@standard-schema/spec": "^1.1.0", "@types/chai": "^5.2.2", - "@vitest/spy": "4.1.5", - "@vitest/utils": "4.1.5", + "@vitest/spy": "4.1.8", + "@vitest/utils": "4.1.8", "chai": "^6.2.2", "tinyrainbow": "^3.1.0" }, @@ -2641,13 +2641,13 @@ } }, "node_modules/@vitest/mocker": { - "version": "4.1.5", - "resolved": "https://registry.npmjs.org/@vitest/mocker/-/mocker-4.1.5.tgz", - "integrity": "sha512-/x2EmFC4mT4NNzqvC3fmesuV97w5FC903KPmey4gsnJiMQ3Be1IlDKVaDaG8iqaLFHqJ2FVEkxZk5VmeLjIItw==", + "version": "4.1.8", + "resolved": "https://registry.npmjs.org/@vitest/mocker/-/mocker-4.1.8.tgz", + "integrity": "sha512-LEiN/xe4OSIbKe9HQIp5OC24agGD9J5CnmMgsLohVVoOPWL9a2sBoR6VBx43jQZb7Kr1l4RCuyCJzcAa0+dojw==", "dev": true, "license": "MIT", "dependencies": { - "@vitest/spy": "4.1.5", + "@vitest/spy": "4.1.8", "estree-walker": "^3.0.3", "magic-string": "^0.30.21" }, @@ -2668,9 +2668,9 @@ } }, "node_modules/@vitest/pretty-format": { - "version": "4.1.5", - "resolved": "https://registry.npmjs.org/@vitest/pretty-format/-/pretty-format-4.1.5.tgz", - "integrity": "sha512-7I3q6l5qr03dVfMX2wCo9FxwSJbPdwKjy2uu/YPpU3wfHvIL4QHwVRp57OfGrDFeUJ8/8QdfBKIV12FTtLn00g==", + "version": "4.1.8", + "resolved": "https://registry.npmjs.org/@vitest/pretty-format/-/pretty-format-4.1.8.tgz", + "integrity": "sha512-9GasEBxpZ1VYIpqHf/0+YGg121uSNwCKOJqIrTwWP/TB7DmFCiaBpNl3aPZzoLWfWkuqhbH8vJIVobZkvdo2cA==", "dev": true, "license": "MIT", "dependencies": { @@ -2681,13 +2681,13 @@ } }, "node_modules/@vitest/runner": { - "version": "4.1.5", - "resolved": "https://registry.npmjs.org/@vitest/runner/-/runner-4.1.5.tgz", - "integrity": "sha512-2D+o7Pr82IEO46YPpoA/YU0neeyr6FTerQb5Ro7BUnBuv6NQtT/kmVnczngiMEBhzgqz2UZYl5gArejsyERDSQ==", + "version": "4.1.8", + "resolved": "https://registry.npmjs.org/@vitest/runner/-/runner-4.1.8.tgz", + "integrity": "sha512-EmVxeBAfMJvycdjd6Hm+RbFBbA9fKvo0Kx37hNpBYoYeavH3RNsBXWDooR1mgD52dCrxIIuP7UotpfiwOikvcg==", "dev": true, "license": "MIT", "dependencies": { - "@vitest/utils": "4.1.5", + "@vitest/utils": "4.1.8", "pathe": "^2.0.3" }, "funding": { @@ -2695,14 +2695,14 @@ } }, "node_modules/@vitest/snapshot": { - "version": "4.1.5", - "resolved": "https://registry.npmjs.org/@vitest/snapshot/-/snapshot-4.1.5.tgz", - "integrity": "sha512-zypXEt4KH/XgKGPUz4eC2AvErYx0My5hfL8oDb1HzGFpEk1P62bxSohdyOmvz+d9UJwanI68MKwr2EquOaOgMQ==", + "version": "4.1.8", + "resolved": "https://registry.npmjs.org/@vitest/snapshot/-/snapshot-4.1.8.tgz", + "integrity": "sha512-acfZboRmAIf05DEKcBQy33VXojFJjtUdLyo7oOmV9kebb2xdU01UknNiPuPZoJZQyO7DF0gZdTGTpeAzET9QPQ==", "dev": true, "license": "MIT", "dependencies": { - "@vitest/pretty-format": "4.1.5", - "@vitest/utils": "4.1.5", + "@vitest/pretty-format": "4.1.8", + "@vitest/utils": "4.1.8", "magic-string": "^0.30.21", "pathe": "^2.0.3" }, @@ -2711,9 +2711,9 @@ } }, "node_modules/@vitest/spy": { - "version": "4.1.5", - "resolved": "https://registry.npmjs.org/@vitest/spy/-/spy-4.1.5.tgz", - "integrity": "sha512-2lNOsh6+R2Idnf1TCZqSwYlKN2E/iDlD8sgU59kYVl+OMDmvldO1VDk39smRfpUNwYpNRVn3w4YfuC7KfbBnkQ==", + "version": "4.1.8", + "resolved": "https://registry.npmjs.org/@vitest/spy/-/spy-4.1.8.tgz", + "integrity": "sha512-6EevtBp6OZOPF7bmz36HrGMeP3txgVSrgebWxHOafDXGkhIzfXK14f8KF6MuFfgXXUeHxmpD3BQxkV00/3s5mA==", "dev": true, "license": "MIT", "funding": { @@ -2721,13 +2721,13 @@ } }, "node_modules/@vitest/utils": { - "version": "4.1.5", - "resolved": "https://registry.npmjs.org/@vitest/utils/-/utils-4.1.5.tgz", - "integrity": "sha512-76wdkrmfXfqGjueGgnb45ITPyUi1ycZ4IHgC2bhPDUfWHklY/q3MdLOAB+TF1e6xfl8NxNY0ZYaPCFNWSsw3Ug==", + "version": "4.1.8", + "resolved": "https://registry.npmjs.org/@vitest/utils/-/utils-4.1.8.tgz", + "integrity": "sha512-uOJamYALNhfJ6iolExyQM40yIQwDqYnkKtQ5VCiSe17E33H0aQ/u+1GlRuz4LZBk6Mm3sg90G9hEbmEt37C1Zg==", "dev": true, "license": "MIT", "dependencies": { - "@vitest/pretty-format": "4.1.5", + "@vitest/pretty-format": "4.1.8", "convert-source-map": "^2.0.0", "tinyrainbow": "^3.1.0" }, @@ -7736,13 +7736,13 @@ "license": "ISC" }, "node_modules/rolldown": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/rolldown/-/rolldown-1.0.2.tgz", - "integrity": "sha512-oZx5zVDtVB44AW3eaifgDml1gWRDZGvjcfdxonE4swNPG98PrrXjaO/KrnUjzlMnztCCRVlUueA1kCXhARGk6g==", + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/rolldown/-/rolldown-1.0.3.tgz", + "integrity": "sha512-i00lAJ2ks1BYr7rjNjKC7BcqAS7nVfiT3QX1SI5aY+AFHblCmaUf9OE9dbdzDvW6dJxbi2ZCZiy9v3CcwOiX3g==", "dev": true, "license": "MIT", "dependencies": { - "@oxc-project/types": "=0.132.0", + "@oxc-project/types": "=0.133.0", "@rolldown/pluginutils": "^1.0.0" }, "bin": { @@ -7752,21 +7752,21 @@ "node": "^20.19.0 || >=22.12.0" }, "optionalDependencies": { - "@rolldown/binding-android-arm64": "1.0.2", - "@rolldown/binding-darwin-arm64": "1.0.2", - "@rolldown/binding-darwin-x64": "1.0.2", - "@rolldown/binding-freebsd-x64": "1.0.2", - "@rolldown/binding-linux-arm-gnueabihf": "1.0.2", - "@rolldown/binding-linux-arm64-gnu": "1.0.2", - "@rolldown/binding-linux-arm64-musl": "1.0.2", - "@rolldown/binding-linux-ppc64-gnu": "1.0.2", - "@rolldown/binding-linux-s390x-gnu": "1.0.2", - "@rolldown/binding-linux-x64-gnu": "1.0.2", - "@rolldown/binding-linux-x64-musl": "1.0.2", - "@rolldown/binding-openharmony-arm64": "1.0.2", - "@rolldown/binding-wasm32-wasi": "1.0.2", - "@rolldown/binding-win32-arm64-msvc": "1.0.2", - "@rolldown/binding-win32-x64-msvc": "1.0.2" + "@rolldown/binding-android-arm64": "1.0.3", + "@rolldown/binding-darwin-arm64": "1.0.3", + "@rolldown/binding-darwin-x64": "1.0.3", + "@rolldown/binding-freebsd-x64": "1.0.3", + "@rolldown/binding-linux-arm-gnueabihf": "1.0.3", + "@rolldown/binding-linux-arm64-gnu": "1.0.3", + "@rolldown/binding-linux-arm64-musl": "1.0.3", + "@rolldown/binding-linux-ppc64-gnu": "1.0.3", + "@rolldown/binding-linux-s390x-gnu": "1.0.3", + "@rolldown/binding-linux-x64-gnu": "1.0.3", + "@rolldown/binding-linux-x64-musl": "1.0.3", + "@rolldown/binding-openharmony-arm64": "1.0.3", + "@rolldown/binding-wasm32-wasi": "1.0.3", + "@rolldown/binding-win32-arm64-msvc": "1.0.3", + "@rolldown/binding-win32-x64-msvc": "1.0.3" } }, "node_modules/run-con": { @@ -8390,9 +8390,9 @@ } }, "node_modules/tinyglobby": { - "version": "0.2.16", - "resolved": "https://registry.npmjs.org/tinyglobby/-/tinyglobby-0.2.16.tgz", - "integrity": "sha512-pn99VhoACYR8nFHhxqix+uvsbXineAasWm5ojXoN8xEwK5Kd3/TrhNn1wByuD52UxWRLy8pu+kRMniEi6Eq9Zg==", + "version": "0.2.17", + "resolved": "https://registry.npmjs.org/tinyglobby/-/tinyglobby-0.2.17.tgz", + "integrity": "sha512-wXR/dYpcqKmfWpEdZjiKJOwCNFndD0DMnrW/cYjVGttEkBfVgcLFHoNrlj47mjOVic9yyNu65alsgF4NQyTa2g==", "dev": true, "license": "MIT", "dependencies": { @@ -8604,17 +8604,17 @@ } }, "node_modules/vite": { - "version": "8.0.14", - "resolved": "https://registry.npmjs.org/vite/-/vite-8.0.14.tgz", - "integrity": "sha512-s4BJJ+5y1pYL6Otw51FHhVJQhPnuRinKig64g/1+EUNaJsd3gCKdD31IPFvswUgW9/60QT9oFHbZHbQK5imcxw==", + "version": "8.0.16", + "resolved": "https://registry.npmjs.org/vite/-/vite-8.0.16.tgz", + "integrity": "sha512-h9bXPmJichP5fLmVQo3PyaGSDE2n3aPuomeAlVRm0JLmt4rY6zmPKd59HYI4LNW8oTK7tlTsuC7l/m7awx9Jcw==", "dev": true, "license": "MIT", "dependencies": { "lightningcss": "^1.32.0", "picomatch": "^4.0.4", "postcss": "^8.5.15", - "rolldown": "1.0.2", - "tinyglobby": "^0.2.16" + "rolldown": "1.0.3", + "tinyglobby": "^0.2.17" }, "bin": { "vite": "bin/vite.js" @@ -8682,19 +8682,19 @@ } }, "node_modules/vitest": { - "version": "4.1.5", - "resolved": "https://registry.npmjs.org/vitest/-/vitest-4.1.5.tgz", - "integrity": "sha512-9Xx1v3/ih3m9hN+SbfkUyy0JAs72ap3r7joc87XL6jwF0jGg6mFBvQ1SrwaX+h8BlkX6Hz9shdd1uo6AF+ZGpg==", + "version": "4.1.8", + "resolved": "https://registry.npmjs.org/vitest/-/vitest-4.1.8.tgz", + "integrity": "sha512-flY6ScbCIt9HThs+C5HS7jvGOB560DJtk/Z15IQROTA6zEy49Nh8T/dofWTQL+n3vswqn87sbJNiuqw1SDp5Ig==", "dev": true, "license": "MIT", "dependencies": { - "@vitest/expect": "4.1.5", - "@vitest/mocker": "4.1.5", - "@vitest/pretty-format": "4.1.5", - "@vitest/runner": "4.1.5", - "@vitest/snapshot": "4.1.5", - "@vitest/spy": "4.1.5", - "@vitest/utils": "4.1.5", + "@vitest/expect": "4.1.8", + "@vitest/mocker": "4.1.8", + "@vitest/pretty-format": "4.1.8", + "@vitest/runner": "4.1.8", + "@vitest/snapshot": "4.1.8", + "@vitest/spy": "4.1.8", + "@vitest/utils": "4.1.8", "es-module-lexer": "^2.0.0", "expect-type": "^1.3.0", "magic-string": "^0.30.21", @@ -8722,12 +8722,12 @@ "@edge-runtime/vm": "*", "@opentelemetry/api": "^1.9.0", "@types/node": "^20.0.0 || ^22.0.0 || >=24.0.0", - "@vitest/browser-playwright": "4.1.5", - "@vitest/browser-preview": "4.1.5", - "@vitest/browser-webdriverio": "4.1.5", - "@vitest/coverage-istanbul": "4.1.5", - "@vitest/coverage-v8": "4.1.5", - "@vitest/ui": "4.1.5", + "@vitest/browser-playwright": "4.1.8", + "@vitest/browser-preview": "4.1.8", + "@vitest/browser-webdriverio": "4.1.8", + "@vitest/coverage-istanbul": "4.1.8", + "@vitest/coverage-v8": "4.1.8", + "@vitest/ui": "4.1.8", "happy-dom": "*", "jsdom": "*", "vite": "^6.0.0 || ^7.0.0 || ^8.0.0" diff --git a/package.json b/package.json index 1d9a306..027fa25 100644 --- a/package.json +++ b/package.json @@ -21,7 +21,7 @@ "@biomejs/biome": "2.4.16", "@smithy/property-provider": "^4.3.6", "@types/node": "^25.9.1", - "@vitest/coverage-v8": "4.1.5", + "@vitest/coverage-v8": "4.1.8", "aws-sdk-client-mock": "^4.1.0", "esbuild": "^0.28.0", "generate-license-file": "^4.2.1", @@ -30,7 +30,7 @@ "memfs": "^4.57.6", "standard-version": "^9.5.0", "typescript": "^6.0.3", - "vitest": "4.1.5" + "vitest": "4.1.8" }, "dependencies": { "@actions/core": "^3.0.1", From 037dd1632282c65ab6f7e5c237e79a5078a03926 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 3 Jun 2026 22:06:07 +0000 Subject: [PATCH 16/16] chore(deps-dev): bump @vitest/coverage-v8 from 4.1.5 to 4.1.8 (#1817) Bumps [@vitest/coverage-v8](https://github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-v8) from 4.1.5 to 4.1.8. - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.8/packages/coverage-v8) --- updated-dependencies: - dependency-name: "@vitest/coverage-v8" dependency-version: 4.1.8 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Tom Keller <1083460+kellertk@users.noreply.github.com> --- package-lock.json | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/package-lock.json b/package-lock.json index 619069c..20074cc 100644 --- a/package-lock.json +++ b/package-lock.json @@ -2622,6 +2622,34 @@ } } }, + "node_modules/@vitest/coverage-v8/node_modules/@vitest/pretty-format": { + "version": "4.1.8", + "resolved": "https://registry.npmjs.org/@vitest/pretty-format/-/pretty-format-4.1.8.tgz", + "integrity": "sha512-9GasEBxpZ1VYIpqHf/0+YGg121uSNwCKOJqIrTwWP/TB7DmFCiaBpNl3aPZzoLWfWkuqhbH8vJIVobZkvdo2cA==", + "dev": true, + "license": "MIT", + "dependencies": { + "tinyrainbow": "^3.1.0" + }, + "funding": { + "url": "https://opencollective.com/vitest" + } + }, + "node_modules/@vitest/coverage-v8/node_modules/@vitest/utils": { + "version": "4.1.8", + "resolved": "https://registry.npmjs.org/@vitest/utils/-/utils-4.1.8.tgz", + "integrity": "sha512-uOJamYALNhfJ6iolExyQM40yIQwDqYnkKtQ5VCiSe17E33H0aQ/u+1GlRuz4LZBk6Mm3sg90G9hEbmEt37C1Zg==", + "dev": true, + "license": "MIT", + "dependencies": { + "@vitest/pretty-format": "4.1.8", + "convert-source-map": "^2.0.0", + "tinyrainbow": "^3.1.0" + }, + "funding": { + "url": "https://opencollective.com/vitest" + } + }, "node_modules/@vitest/expect": { "version": "4.1.8", "resolved": "https://registry.npmjs.org/@vitest/expect/-/expect-4.1.8.tgz",