search

guardian / security-hq

Centralised security information for AWS accounts
https://security-hq.gutools.co.uk/
12 stars 4 forks source link

chore(deps): Bump the all group in /cdk with 4 updates #1110

Closed dependabot[bot] closed 7 months ago

dependabot[bot] commented 7 months ago

Bumps the all group in /cdk with 4 updates: @guardian/cdk, @guardian/eslint-config-typescript, @types/node and typescript.

Updates @guardian/cdk from 54.1.0 to 56.0.2

Release notes

Sourced from @​guardian/cdk's releases.

v56.0.2

Patch Changes

  • a98acf3: Update aws-cdk to 2.134.0, aws-cdk-lib to 2.134.0, constructs to 10.3.0

v56.0.1

Patch Changes

  • 44788e5: Update aws-cdk to 2.132.0, aws-cdk-lib to 2.132.0, constructs to 10.3.0

v56.0.0

Major Changes

  • 5fead41: - Load balancers now add headers with information about the TLS version and cipher suite used during negotiation
    • Load balancers now drop invalid headers before forwarding requests to the target. Invalid headers are described as HTTP header names that do not conform to the regular expression [-A-Za-z0-9]+

Patch Changes

  • a551119: Apply the App tag to the launch template created in the EC2 App pattern.

  • de7c472: Update dependencies

  • e1f3751: Fixes a bug where this.app on a GuStack is always undefined, as it is never set.

    See guardian/cdk#1497.

v55.0.0

Major Changes

  • 6c5e701: Use PROD version of cognito-auth-lambdas instead of INFRA.

    We no longer update/use the INFRA version of cognito-auth-lambdas, although we won't be making any breaking changes to these lambdas there may be a situation if a user of CDK does not update for a long while, when they switch from INFRA to PROD they will suddenly receive a lot of updates to their lambdas.

    Users should take care to verify that any applications use Google Auth are still functional.

Changelog

Sourced from @​guardian/cdk's changelog.

56.0.2

Patch Changes

  • a98acf3: Update aws-cdk to 2.134.0, aws-cdk-lib to 2.134.0, constructs to 10.3.0

56.0.1

Patch Changes

  • 44788e5: Update aws-cdk to 2.132.0, aws-cdk-lib to 2.132.0, constructs to 10.3.0

56.0.0

Major Changes

  • 5fead41: - Load balancers now add headers with information about the TLS version and cipher suite used during negotiation
    • Load balancers now drop invalid headers before forwarding requests to the target. Invalid headers are described as HTTP header names that do not conform to the regular expression [-A-Za-z0-9]+

Patch Changes

  • a551119: Apply the App tag to the launch template created in the EC2 App pattern.

  • de7c472: Update dependencies

  • e1f3751: Fixes a bug where this.app on a GuStack is always undefined, as it is never set.

    See guardian/cdk#1497.

55.0.0

Major Changes

  • 6c5e701: Use PROD version of cognito-auth-lambdas instead of INFRA.

    We no longer update/use the INFRA version of cognito-auth-lambdas, although we won't be making any breaking changes to these lambdas there may be a situation if a user of CDK does not update for a long while, when they switch from INFRA to PROD they will suddenly receive a lot of updates to their lambdas.

    Users should take care to verify that any applications use Google Auth are still functional.

Commits
  • 3aa6499 Merge pull request #2265 from guardian/changeset-release/main
  • db68bb3 Bump package version
  • 7859ca4 Merge pull request #2264 from guardian/update-aws-cdk-2.134.0
  • a98acf3 fix(deps): Update AWS CDK libraries to 2.134.0, and constructs to 10.3.0
  • 79dd4cd Merge pull request #2263 from guardian/dependabot/npm_and_yarn/codemaker-1.96.0
  • a6f1056 chore(deps): bump codemaker from 1.95.0 to 1.96.0
  • d855198 Merge pull request #2262 from guardian/dependabot/npm_and_yarn/oclif/core-3.26.0
  • d1d1230 chore(deps): bump @​oclif/core from 3.25.3 to 3.26.0
  • 64d616b Merge pull request #2261 from guardian/dependabot/npm_and_yarn/aws-sdk-2.1586.0
  • ac0edb5 chore(deps): bump aws-sdk from 2.1576.0 to 2.1586.0
  • Additional commits viewable in compare view


Updates @guardian/eslint-config-typescript from 9.0.3 to 9.0.4

Release notes

Sourced from @​guardian/eslint-config-typescript's releases.

@​guardian/eslint-config-typescript@​9.0.4

Patch Changes

  • 2e530a6: Update deps to @​typescript-eslint/eslint-plugin@​7.31 and @​typescript-eslint/parser@​7.31
Commits
  • 6d15660 🦋 Release package updates (#1297)
  • 2e530a6 Update deps to @​typescript-eslint/eslint-plugin@​7.31 and @​typescript-… (#1296)
  • 561bed3 build(deps): bump the dependencies group with 3 updates (#1290)
  • 4e73e5d build(deps-dev): bump the devdependencies group with 3 updates (#1287)
  • fa48e63 build(deps-dev): bump the storybook group with 9 updates (#1278)
  • 1029d7c build(deps-dev): bump the devdependencies group with 1 update (#1279)
  • 4266045 build(deps): bump follow-redirects from 1.15.5 to 1.15.6 (#1284)
  • 9201b3e build(deps-dev): bump the swc group with 1 update (#1274)
  • 14ad9e1 Merge branch 'main' into dependabot/npm_and_yarn/swc-8428572a96
  • 8719868 Map underline thickness tokens to font size (#1248)
  • Additional commits viewable in compare view


Updates @types/node from 20.11.24 to 20.12.2

Commits


Updates typescript from 5.3.3 to 5.4.3

Release notes

Sourced from typescript's releases.

TypeScript 5.4.3

For release notes, check out the release announcement.

For the complete list of fixed issues, check out the

Downloads are available on:

TypeScript 5.4

For release notes, check out the release announcement.

For the complete list of fixed issues, check out the

Downloads are available on:

TypeScript 5.4 RC

For release notes, check out the release announcement.

For the complete list of fixed issues, check out the

Downloads are available on:

TypeScript 5.4 Beta

For release notes, check out the release announcement.

For the complete list of fixed issues, check out the

Downloads are available on:

... (truncated)

Commits
  • 6ea273c Update LKG
  • cd06f92 🤖 Pick PR #57853 (Revert PR 56161) into release-5.4 (#57854)
  • ca8e720 Update LKG
  • 010b188 release-5.4: Revert PR 56087 (#57850)
  • fc7006c Update LKG
  • b45a418 🤖 Pick PR #57801 (Distribute mapped types over array/...) into release-5.4 (#...
  • 609560f Bump version to 5.4.3 and LKG
  • f42605f 🤖 Pick PR #57746 (Revert "Defer processing of nested ...) into release-5.4 (#...
  • 485c7c5 Revert "Allow (non-assert) type predicates to narrow by discriminant"… (#57795)
  • 7f11456 🤖 Pick PR #57751 (Exclude generic string-like types f...) into release-5.4 (#...
  • Additional commits viewable in compare view


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
dependabot[bot] commented 7 months ago

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml