This affects the package @aws-sdk/shared-ini-file-loader before 1.0.0-rc.9; the package aws-sdk before 2.814.0. If an attacker submits a malicious INI file to an application that parses it with loadSharedConfigFiles , they will pollute the prototype on the application. This can be exploited further depending on the context.
Release Notes
aws/aws-sdk-js (aws-sdk)
### [`v2.814.0`](https://togithub.com/aws/aws-sdk-js/blob/HEAD/CHANGELOG.md#28140)
[Compare Source](https://togithub.com/aws/aws-sdk-js/compare/v2.813.0...v2.814.0)
- bugfix: Credentials: SDK will throw if shared ini file's profile name can be resolved to **proto**
- feature: EC2: EBS io2 volumes now supports Multi-Attach
- feature: PersonalizeRuntime: Updated FilterValues regex pattern to align with Filter Expression.
- feature: RDS: Adds IAM DB authentication information to the PendingModifiedValues output of the DescribeDBInstances API. Adds ClusterPendingModifiedValues information to the output of the DescribeDBClusters API.
### [`v2.813.0`](https://togithub.com/aws/aws-sdk-js/blob/HEAD/CHANGELOG.md#28130)
[Compare Source](https://togithub.com/aws/aws-sdk-js/compare/v2.812.0...v2.813.0)
- feature: ConfigService: Adding PutExternalEvaluation API which grants permission to deliver evaluation result to AWS Config
- feature: DLM: Provide Cross-account copy event based policy support in DataLifecycleManager (DLM)
- feature: EC2: C6gn instances are powered by AWS Graviton2 processors and offer 100 Gbps networking bandwidth. These instances deliver up to 40% better price-performance benefit versus comparable x86-based instances
- feature: Imagebuilder: This release adds support for building and distributing container images within EC2 Image Builder.
- feature: KMS: Added CreationDate and LastUpdatedDate timestamps to ListAliases API response
- feature: Route53: This release adds support for DNSSEC signing in Amazon Route 53.
- feature: Route53Resolver: Route 53 Resolver adds support for enabling resolver DNSSEC validation in virtual private cloud (VPC).
- feature: SQS: Amazon SQS adds queue attributes to enable high throughput FIFO.
- feature: ServiceCatalog: Support TagOptions sharing with Service Catalog portfolio sharing.
### [`v2.812.0`](https://togithub.com/aws/aws-sdk-js/blob/HEAD/CHANGELOG.md#28120)
[Compare Source](https://togithub.com/aws/aws-sdk-js/compare/v2.811.0...v2.812.0)
- feature: CostExplorer: This release updates the "MonitorArnList" from a list of String to be a list of Arn for both CreateAnomalySubscription and UpdateAnomalySubscription APIs
- feature: Location: Initial release of Amazon Location Service. A new geospatial service providing capabilities to render maps, geocode/reverse geocode, track device locations, and detect geofence entry/exit events.
- feature: QuickSight: QuickSight now supports connecting to federated data sources of Athena
- feature: WellArchitected: This is the first release of AWS Well-Architected Tool API support, use to review your workload and compare against the latest AWS architectural best practices.
### [`v2.811.0`](https://togithub.com/aws/aws-sdk-js/blob/HEAD/CHANGELOG.md#28110)
[Compare Source](https://togithub.com/aws/aws-sdk-js/compare/v2.810.0...v2.811.0)
- feature: Amp: (New Service) Amazon Managed Service for Prometheus is a fully managed Prometheus-compatible monitoring service that makes it easy to monitor containerized applications securely and at scale.
- feature: GreengrassV2: AWS IoT Greengrass V2 is a new major version of AWS IoT Greengrass. This release adds several updates such as modular components, continuous deployments, and improved ease of use.
- feature: IoTAnalytics: FileFormatConfiguration enables data store to save data in JSON or Parquet format. S3Paths enables you to specify the S3 objects that save your channel messages when you reprocess the pipeline.
- feature: IoTFleetHub: AWS IoT Fleet Hub, a new feature of AWS IoT Device Management that provides a web application for monitoring and managing device fleets connected to AWS IoT at scale.
- feature: IoTWireless: AWS IoT for LoRaWAN enables customers to setup a private LoRaWAN network by connecting their LoRaWAN devices and gateways to the AWS cloud without managing a LoRaWAN Network Server.
- feature: Iot: AWS IoT Rules Engine adds Kafka Action that allows sending data to Apache Kafka clusters inside a VPC. AWS IoT Device Defender adds custom metrics and machine-learning based anomaly detection.
- feature: IotDeviceAdvisor: AWS IoT Core Device Advisor is fully managed test capability for IoT devices. Device manufacturers can use Device Advisor to test their IoT devices for reliable and secure connectivity with AWS IoT.
- feature: Lambda: Added support for Apache Kafka as a event source. Added support for TumblingWindowInSeconds for streams event source mappings. Added support for FunctionResponseTypes for streams event source mappings
- feature: SSM: Adding support for Change Manager API content
### [`v2.810.0`](https://togithub.com/aws/aws-sdk-js/blob/HEAD/CHANGELOG.md#28100)
[Compare Source](https://togithub.com/aws/aws-sdk-js/compare/v2.809.0...v2.810.0)
- feature: DevOpsGuru: Documentation updates for DevOps Guru.
- feature: EC2: Add c5n.metal to ec2 instance types list
- feature: GlobalAccelerator: This release adds support for custom routing accelerators
### [`v2.809.0`](https://togithub.com/aws/aws-sdk-js/blob/HEAD/CHANGELOG.md#28090)
[Compare Source](https://togithub.com/aws/aws-sdk-js/compare/v2.808.0...v2.809.0)
- feature: AutoScaling: Documentation updates and corrections for Amazon EC2 Auto Scaling API Reference and SDKs.
- feature: CloudTrail: CloudTrailInvalidClientTokenIdException is now thrown when a call results in the InvalidClientTokenId error code. The Name parameter of the AdvancedEventSelector data type is now optional.
- feature: IoTSiteWise: Added the ListAssetRelationships operation and support for composite asset models, which represent structured sets of properties within asset models.
### [`v2.808.0`](https://togithub.com/aws/aws-sdk-js/blob/HEAD/CHANGELOG.md#28080)
[Compare Source](https://togithub.com/aws/aws-sdk-js/compare/v2.807.0...v2.808.0)
- feature: EC2: TGW connect simplifies connectivity of SD-WAN appliances; IGMP support for TGW multicast; VPC Reachability Analyzer for VPC resources connectivity analysis.
- feature: Kendra: Amazon Kendra now supports adding synonyms to an index through the new Thesaurus resource.
- feature: NetworkManager: This release adds API support for Transit Gateway Connect integration into AWS Network Manager.
### [`v2.807.0`](https://togithub.com/aws/aws-sdk-js/blob/HEAD/CHANGELOG.md#28070)
[Compare Source](https://togithub.com/aws/aws-sdk-js/compare/v2.806.0...v2.807.0)
- feature: EC2: This release adds support for G4ad instances powered by AMD Radeon Pro V520 GPUs and AMD 2nd Generation EPYC processors
- feature: GlobalAccelerator: This release adds support for custom routing accelerators
- feature: Redshift: Add support for availability zone relocation feature.
### [`v2.806.0`](https://togithub.com/aws/aws-sdk-js/blob/HEAD/CHANGELOG.md#28060)
[Compare Source](https://togithub.com/aws/aws-sdk-js/compare/v2.805.0...v2.806.0)
- feature: AuditManager: AWS Audit Manager helps you continuously audit your AWS usage to simplify how you manage risk and compliance. This update releases the first version of the AWS Audit Manager APIs and SDK.
- feature: ECR: This release adds support for configuring cross-region and cross-account replication of your Amazon ECR images.
- feature: EMRcontainers: This release adds support for Amazon EMR on EKS, a simple way to run Spark on Kubernetes.
- feature: ForecastService: This release adds support for the Amazon Forecast Weather Index which can increase forecasting accuracy by automatically including weather forecasts in demand forecasts.
- feature: HealthLake: This release introduces Amazon HealthLake (preview), a HIPAA-eligible service that enables healthcare and life sciences customers to store, transform, query, and analyze health data in the AWS Cloud.
- feature: Kendra: 1. Amazon Kendra connector for Google Drive repositories 2. Amazon Kendra's relevance ranking models are regularly tuned for each customer by capturing end-user search patterns and feedback.
- feature: QuickSight: Added new parameters for join optimization.
- feature: SageMaker: This feature helps you monitor model performance characteristics such as accuracy, identify undesired bias in your ML models, and explain model decisions better with explainability drift detection.
- feature: SageMakerRuntime: This feature allows customers to invoke their endpoint with an inference ID. If used and data capture for the endpoint is enabled, this ID will be captured along with request data.
- feature: SagemakerEdge: Amazon SageMaker Edge Manager makes it easy to optimize, secure, monitor, and maintain machine learning (ML) models across fleets of edge devices such as smart cameras, smart speakers, and robots.
### [`v2.805.0`](https://togithub.com/aws/aws-sdk-js/blob/HEAD/CHANGELOG.md#28050)
[Compare Source](https://togithub.com/aws/aws-sdk-js/compare/v2.804.0...v2.805.0)
- bugfix: S3: fixed a bug where createPresignedPost could result in a process crash.
- feature: DMS: Added PreserveTransaction setting to preserve order of CDC for S3 as target. Added CsvNoSupValue setting to replace empty value for columns not included in the supplemental log for S3 as target.
- feature: ServiceCatalogAppRegistry: AWS Service Catalog AppRegistry now supports adding, removing, and listing tags on resources after they are created.
### [`v2.804.0`](https://togithub.com/aws/aws-sdk-js/blob/HEAD/CHANGELOG.md#28040)
[Compare Source](https://togithub.com/aws/aws-sdk-js/compare/v2.803.0...v2.804.0)
- feature: EC2: This release introduces tag-on-create capability for the CreateImage API. A user can now specify tags that will be applied to the new resources (image, snapshots or both), during creation time.
- feature: Kafka: Adding HEALING to ClusterState.
- feature: Lambda: Added the additional enum InvalidImage to StateReasonCode and LastUpdateStatusReasonCode fields.
- feature: LicenseManager: Automated Discovery now has support for custom tags, and detects software uninstalls.
- feature: MediaLive: AWS Elemental MediaLive now supports black video and audio silence as new conditions to trigger automatic input failover.
- feature: RDS: Adds support for Amazon RDS Cross-Region Automated Backups, the ability to setup automatic replication of snapshots and transaction logs from a primary AWS Region to a secondary AWS Region.
- feature: SSM: AWS Systems Manager Patch Manager MAC OS Support and OpsMetadata Store APIs to store operational metadata for an Application.
- feature: WorkSpaces: Update the import-workspace-image API to have "BYOL_REGULAR_WSP" as a valid input string for ingestion-process.
### [`v2.803.0`](https://togithub.com/aws/aws-sdk-js/blob/HEAD/CHANGELOG.md#28030)
[Compare Source](https://togithub.com/aws/aws-sdk-js/compare/v2.802.0...v2.803.0)
- feature: Batch: This release adds support for customer to run Batch Jobs on ECS Fargate, the serverless compute engine built for containers on AWS. Customer can also propagate Job and Job Definition Tags to ECS Task.
- feature: ComputeOptimizer: This release enables AWS Compute Optimizer to analyze and generate optimization recommendations for EBS volumes that are attached to instances.
- feature: LicenseManager: AWS License Manager enables managed entitlements for AWS customers and Software Vendors (ISV). You can track and distribute license entitlements from AWS Marketplace and supported ISVs.
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
â™» Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR contains the following updates:
2.802.0->2.814.0GitHub Vulnerability Alerts
CVE-2020-28472
This affects the package @aws-sdk/shared-ini-file-loader before 1.0.0-rc.9; the package aws-sdk before 2.814.0. If an attacker submits a malicious INI file to an application that parses it with loadSharedConfigFiles , they will pollute the prototype on the application. This can be exploited further depending on the context.
Release Notes
aws/aws-sdk-js (aws-sdk)
### [`v2.814.0`](https://togithub.com/aws/aws-sdk-js/blob/HEAD/CHANGELOG.md#28140) [Compare Source](https://togithub.com/aws/aws-sdk-js/compare/v2.813.0...v2.814.0) - bugfix: Credentials: SDK will throw if shared ini file's profile name can be resolved to **proto** - feature: EC2: EBS io2 volumes now supports Multi-Attach - feature: PersonalizeRuntime: Updated FilterValues regex pattern to align with Filter Expression. - feature: RDS: Adds IAM DB authentication information to the PendingModifiedValues output of the DescribeDBInstances API. Adds ClusterPendingModifiedValues information to the output of the DescribeDBClusters API. ### [`v2.813.0`](https://togithub.com/aws/aws-sdk-js/blob/HEAD/CHANGELOG.md#28130) [Compare Source](https://togithub.com/aws/aws-sdk-js/compare/v2.812.0...v2.813.0) - feature: ConfigService: Adding PutExternalEvaluation API which grants permission to deliver evaluation result to AWS Config - feature: DLM: Provide Cross-account copy event based policy support in DataLifecycleManager (DLM) - feature: EC2: C6gn instances are powered by AWS Graviton2 processors and offer 100 Gbps networking bandwidth. These instances deliver up to 40% better price-performance benefit versus comparable x86-based instances - feature: Imagebuilder: This release adds support for building and distributing container images within EC2 Image Builder. - feature: KMS: Added CreationDate and LastUpdatedDate timestamps to ListAliases API response - feature: Route53: This release adds support for DNSSEC signing in Amazon Route 53. - feature: Route53Resolver: Route 53 Resolver adds support for enabling resolver DNSSEC validation in virtual private cloud (VPC). - feature: SQS: Amazon SQS adds queue attributes to enable high throughput FIFO. - feature: ServiceCatalog: Support TagOptions sharing with Service Catalog portfolio sharing. ### [`v2.812.0`](https://togithub.com/aws/aws-sdk-js/blob/HEAD/CHANGELOG.md#28120) [Compare Source](https://togithub.com/aws/aws-sdk-js/compare/v2.811.0...v2.812.0) - feature: CostExplorer: This release updates the "MonitorArnList" from a list of String to be a list of Arn for both CreateAnomalySubscription and UpdateAnomalySubscription APIs - feature: Location: Initial release of Amazon Location Service. A new geospatial service providing capabilities to render maps, geocode/reverse geocode, track device locations, and detect geofence entry/exit events. - feature: QuickSight: QuickSight now supports connecting to federated data sources of Athena - feature: WellArchitected: This is the first release of AWS Well-Architected Tool API support, use to review your workload and compare against the latest AWS architectural best practices. ### [`v2.811.0`](https://togithub.com/aws/aws-sdk-js/blob/HEAD/CHANGELOG.md#28110) [Compare Source](https://togithub.com/aws/aws-sdk-js/compare/v2.810.0...v2.811.0) - feature: Amp: (New Service) Amazon Managed Service for Prometheus is a fully managed Prometheus-compatible monitoring service that makes it easy to monitor containerized applications securely and at scale. - feature: GreengrassV2: AWS IoT Greengrass V2 is a new major version of AWS IoT Greengrass. This release adds several updates such as modular components, continuous deployments, and improved ease of use. - feature: IoTAnalytics: FileFormatConfiguration enables data store to save data in JSON or Parquet format. S3Paths enables you to specify the S3 objects that save your channel messages when you reprocess the pipeline. - feature: IoTFleetHub: AWS IoT Fleet Hub, a new feature of AWS IoT Device Management that provides a web application for monitoring and managing device fleets connected to AWS IoT at scale. - feature: IoTWireless: AWS IoT for LoRaWAN enables customers to setup a private LoRaWAN network by connecting their LoRaWAN devices and gateways to the AWS cloud without managing a LoRaWAN Network Server. - feature: Iot: AWS IoT Rules Engine adds Kafka Action that allows sending data to Apache Kafka clusters inside a VPC. AWS IoT Device Defender adds custom metrics and machine-learning based anomaly detection. - feature: IotDeviceAdvisor: AWS IoT Core Device Advisor is fully managed test capability for IoT devices. Device manufacturers can use Device Advisor to test their IoT devices for reliable and secure connectivity with AWS IoT. - feature: Lambda: Added support for Apache Kafka as a event source. Added support for TumblingWindowInSeconds for streams event source mappings. Added support for FunctionResponseTypes for streams event source mappings - feature: SSM: Adding support for Change Manager API content ### [`v2.810.0`](https://togithub.com/aws/aws-sdk-js/blob/HEAD/CHANGELOG.md#28100) [Compare Source](https://togithub.com/aws/aws-sdk-js/compare/v2.809.0...v2.810.0) - feature: DevOpsGuru: Documentation updates for DevOps Guru. - feature: EC2: Add c5n.metal to ec2 instance types list - feature: GlobalAccelerator: This release adds support for custom routing accelerators ### [`v2.809.0`](https://togithub.com/aws/aws-sdk-js/blob/HEAD/CHANGELOG.md#28090) [Compare Source](https://togithub.com/aws/aws-sdk-js/compare/v2.808.0...v2.809.0) - feature: AutoScaling: Documentation updates and corrections for Amazon EC2 Auto Scaling API Reference and SDKs. - feature: CloudTrail: CloudTrailInvalidClientTokenIdException is now thrown when a call results in the InvalidClientTokenId error code. The Name parameter of the AdvancedEventSelector data type is now optional. - feature: IoTSiteWise: Added the ListAssetRelationships operation and support for composite asset models, which represent structured sets of properties within asset models. ### [`v2.808.0`](https://togithub.com/aws/aws-sdk-js/blob/HEAD/CHANGELOG.md#28080) [Compare Source](https://togithub.com/aws/aws-sdk-js/compare/v2.807.0...v2.808.0) - feature: EC2: TGW connect simplifies connectivity of SD-WAN appliances; IGMP support for TGW multicast; VPC Reachability Analyzer for VPC resources connectivity analysis. - feature: Kendra: Amazon Kendra now supports adding synonyms to an index through the new Thesaurus resource. - feature: NetworkManager: This release adds API support for Transit Gateway Connect integration into AWS Network Manager. ### [`v2.807.0`](https://togithub.com/aws/aws-sdk-js/blob/HEAD/CHANGELOG.md#28070) [Compare Source](https://togithub.com/aws/aws-sdk-js/compare/v2.806.0...v2.807.0) - feature: EC2: This release adds support for G4ad instances powered by AMD Radeon Pro V520 GPUs and AMD 2nd Generation EPYC processors - feature: GlobalAccelerator: This release adds support for custom routing accelerators - feature: Redshift: Add support for availability zone relocation feature. ### [`v2.806.0`](https://togithub.com/aws/aws-sdk-js/blob/HEAD/CHANGELOG.md#28060) [Compare Source](https://togithub.com/aws/aws-sdk-js/compare/v2.805.0...v2.806.0) - feature: AuditManager: AWS Audit Manager helps you continuously audit your AWS usage to simplify how you manage risk and compliance. This update releases the first version of the AWS Audit Manager APIs and SDK. - feature: ECR: This release adds support for configuring cross-region and cross-account replication of your Amazon ECR images. - feature: EMRcontainers: This release adds support for Amazon EMR on EKS, a simple way to run Spark on Kubernetes. - feature: ForecastService: This release adds support for the Amazon Forecast Weather Index which can increase forecasting accuracy by automatically including weather forecasts in demand forecasts. - feature: HealthLake: This release introduces Amazon HealthLake (preview), a HIPAA-eligible service that enables healthcare and life sciences customers to store, transform, query, and analyze health data in the AWS Cloud. - feature: Kendra: 1. Amazon Kendra connector for Google Drive repositories 2. Amazon Kendra's relevance ranking models are regularly tuned for each customer by capturing end-user search patterns and feedback. - feature: QuickSight: Added new parameters for join optimization. - feature: SageMaker: This feature helps you monitor model performance characteristics such as accuracy, identify undesired bias in your ML models, and explain model decisions better with explainability drift detection. - feature: SageMakerRuntime: This feature allows customers to invoke their endpoint with an inference ID. If used and data capture for the endpoint is enabled, this ID will be captured along with request data. - feature: SagemakerEdge: Amazon SageMaker Edge Manager makes it easy to optimize, secure, monitor, and maintain machine learning (ML) models across fleets of edge devices such as smart cameras, smart speakers, and robots. ### [`v2.805.0`](https://togithub.com/aws/aws-sdk-js/blob/HEAD/CHANGELOG.md#28050) [Compare Source](https://togithub.com/aws/aws-sdk-js/compare/v2.804.0...v2.805.0) - bugfix: S3: fixed a bug where createPresignedPost could result in a process crash. - feature: DMS: Added PreserveTransaction setting to preserve order of CDC for S3 as target. Added CsvNoSupValue setting to replace empty value for columns not included in the supplemental log for S3 as target. - feature: ServiceCatalogAppRegistry: AWS Service Catalog AppRegistry now supports adding, removing, and listing tags on resources after they are created. ### [`v2.804.0`](https://togithub.com/aws/aws-sdk-js/blob/HEAD/CHANGELOG.md#28040) [Compare Source](https://togithub.com/aws/aws-sdk-js/compare/v2.803.0...v2.804.0) - feature: EC2: This release introduces tag-on-create capability for the CreateImage API. A user can now specify tags that will be applied to the new resources (image, snapshots or both), during creation time. - feature: Kafka: Adding HEALING to ClusterState. - feature: Lambda: Added the additional enum InvalidImage to StateReasonCode and LastUpdateStatusReasonCode fields. - feature: LicenseManager: Automated Discovery now has support for custom tags, and detects software uninstalls. - feature: MediaLive: AWS Elemental MediaLive now supports black video and audio silence as new conditions to trigger automatic input failover. - feature: RDS: Adds support for Amazon RDS Cross-Region Automated Backups, the ability to setup automatic replication of snapshots and transaction logs from a primary AWS Region to a secondary AWS Region. - feature: SSM: AWS Systems Manager Patch Manager MAC OS Support and OpsMetadata Store APIs to store operational metadata for an Application. - feature: WorkSpaces: Update the import-workspace-image API to have "BYOL_REGULAR_WSP" as a valid input string for ingestion-process. ### [`v2.803.0`](https://togithub.com/aws/aws-sdk-js/blob/HEAD/CHANGELOG.md#28030) [Compare Source](https://togithub.com/aws/aws-sdk-js/compare/v2.802.0...v2.803.0) - feature: Batch: This release adds support for customer to run Batch Jobs on ECS Fargate, the serverless compute engine built for containers on AWS. Customer can also propagate Job and Job Definition Tags to ECS Task. - feature: ComputeOptimizer: This release enables AWS Compute Optimizer to analyze and generate optimization recommendations for EBS volumes that are attached to instances. - feature: LicenseManager: AWS License Manager enables managed entitlements for AWS customers and Software Vendors (ISV). You can track and distribute license entitlements from AWS Marketplace and supported ISVs.Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
â™» Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.