Update awsVersion re snyk high vulnerability

[codingWithRach]

What does this change?

Update awsVersion to remove snyk high vulnerability

How to test

Run sbt test - tests pass Run sbt assembly - no conflicts Deploy to CODE and test with DRY_RUN = true

How can we measure success?

Lambda should run fine Snyk high vulnerabilities removed

Have we considered potential risks?

Images

Accessibility

• [ ] Tested with screen reader
• [ ] Navigable with keyboard
• [ ] Colour contrast passed
• [ ] The change doesn't use only colour to convey meaning

[emdash-ie]

This is a bigger jump than the other repositories. When run with DRY_RUN, does gibbons still query dynamodb? It makes me a little nervous that we’re evicting the dependency com.amazonaws:aws-java-sdk-dynamodb:1.11.256 coming from com.gu:scanamo-formats_2.12:1.0.0-M7 in favour of com.amazonaws:aws-java-sdk-dynamodb:1.12.641 (which is a minor version increase, not just a patch increase). I’ll dig into it a bit.

[emdash-ie]

When run with DRY_RUN, does gibbons still query dynamodb?

To answer this: yes, each of the scripts runs its getKeys step but not its processKeys step. So I think we can be pretty sure it’s querying dynamodb but not writing to it. We could test more thoroughly by running it with the arguments necessary to only affect some CODE keys that don’t matter, e.g. ones we’ve manually set to have very old data – I’ll think about it.

[emdash-ie]

We could test more thoroughly by running it with the arguments necessary to only affect some CODE keys that don’t matter

I’m gonna give this a go: will add a commit to this branch ignoring the env vars in favour of hardcoded values, push to CODE, then get data in place in dynamo and trigger executions of the lambdas.

[emdash-ie]

Running the gibbons-reminder-CODE lambda succeeded, but I didn’t get an email. However, the lambda did successfully write to dynamo db. Will check that the other two succeed as well.

[emdash-ie]

The gibbons-unverified-cleanup-CODE lambda succeeded without problem. The gibbons-cleanup-CODE lambda threw an error calling Bonobo that I don’t understand. I think we can merge away (without my testing commit of course) and monitor to confirm that keys are deleted as expected.

[codingWithRach]

The gibbons-unverified-cleanup-CODE lambda succeeded without problem. The gibbons-cleanup-CODE lambda threw an error calling Bonobo that I don’t understand. I think we can merge away (without my testing commit of course) and monitor to confirm that keys are deleted as expected.

@emdash-ie thanks for all your additional testing on this!