Snyk has created this PR to upgrade @cumulus/common from 18.2.0 to 18.3.0.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **3 versions** ahead of your current version.
- The recommended version was released on **25 days ago**.
Release notes Package name: @cumulus/common
CUMULUS-3591 - SNS topics set to use encrypted storage
As part of the requirements for this ticket Cumulus Core created SNS topics are
being updated to use server-side encryption with an AWS managed key. No user
action is required, this note is being added to increase visibility re: this
modification.
Changed
CUMULUS-3591
Enable server-side encryption for all SNS topcis deployed by Cumulus Core
Update all integration/unit tests to use encrypted SNS topics
Fixed
CUMULUS-3547
Updated ECS Cluster /dev/xvdcz EBS volumes so they're encrypted.
CUMULUS-3527
Added suppport for additional kex algorithms in the sftp-client.
Please note changes in 18.2.1 may not yet be released in future versions, as this
is a backport/patch release on the 18.2.x series of releases. Updates that are
included in the future will have a corresponding CHANGELOG entry in future releases.
Fixed
CUMULUS-3721
Update lambda:GetFunctionConfiguration policy statement to fix error related to resource naming
CUMULUS-3701
Updated @ cumulus/api to no longer improperly pass PATCH/PUT null values to Eventbridge rules
From this release forward, Cumulus Core will be tested against PostgreSQL v13. Users
should migrate their datastores to Aurora PostgreSQL 13.9+ compatible data
stores as soon as possible after upgrading to this release.
Update cumulus-rds-tf module to take additional parameters in support of
migration from Aurora PostgreSQl v11 to v13. See Migration Notes for more details.
CUMULUS-3564
Update webpack configuration to explicitly disable chunking
CUMULUS-2895
Updated KMS code to aws sdk v3
CUMULUS-2888
Update CloudWatch Events code to AWS SDK v3
CUMULUS-2893
Updated Kinesis code to AWS SDK v3
CUMULUS-3555
Revert 3540, un-stubbing cmr facing tests
Raise memory_size of ftpPopulateTestLambda to 512MB
CUMULUS-2887
Updated CloudFormation code to aws sdk v3
CUMULUS-2899
Updated SNS code to aws sdk v3
CUMULUS_3499
Update AWS-SDK dependency pin to "2.1490" to prevent SQS issue. Dependency
pin expected to be changed with the resolution to CUMULUS-2900
CUMULUS-2894
Update Lambda code to AWS SDK v3
CUMULUS-3432
Update cumulus-rds-tfengine_version to 13.9
Update cumulus-rds-tfparameter_group_family to aurora-postgresql13
Update development/local stack postgres image version to postgres:13.9-alpine
CUMULUS-2900
Update SQS code to AWS SDK v3
CUMULUS-3352
Update example project to use CMA v2.0.3 for integration testing
Update example deployment to deploy cnmResponse lambda version
2.1.1-aplha.2-SNAPSHOT
Update example deployment to deploy cnmToGranule lambda
version 1.7.0-alpha.2-SNAPSHOT
CUMULUS-3501
Updated CreateReconciliationReport lambda to save report record to Elasticsearch.
Created docker image cumuluss/async-operation:48 from v16.1.2, and used it as default async_operation_image.
CUMULUS-3502
Upgraded localstack to v3.0.0 to support recent aws-sdk releases and update unit tests.
CUMULUS-3540
stubbed cmr interfaces in integration tests allow integration tests to pass
needed while cmr is failing to continue needed releases and progress
this change should be reverted ASAP when cmr is working as needed again
Fixed
CUMULUS-3177
changed _removeGranuleFromCmr function for granule bulkDelete to not throw an error and instead catch the error when the granule is not found in CMR
CUMULUS-3293
Process Dead Letter Archive is fixed to properly copy objects from /sqs/ to /failed-sqs/ location
CUMULUS-3467
Added childWorkflowMeta to QueueWorkflow task configuration
CUMULUS-3474
Fixed overridden changes to rules.buildPayload' to restore changes from ticket CUMULUS-2969which limited the definition object tonameandarn` to
account for AWS character limits.
CUMULUS-3479
Fixed typo in s3-replicator resource declaration where var.lambda_memory_size is supposed to be var.lambda_memory_sizes
CUMULUS-3510
Fixed @ cumulus/apivalidateAndUpdateSqsRule method to allow 0 retries and 0 visibilityTimeout
in rule's meta. This fix from CUMULUS-2863 was not in release 16 and later.
CUMULUS-3562
updated crypto-js to 4.2.0
updated aws-sdk/client-api-gateway to 3.499 to avoid older crypto-js dependency
</li>
</ul>
from <a href="https://github.com/nasa/cumulus/releases">@cumulus/common GitHub release notes</a>
[!IMPORTANT]
Check the changes in this PR to ensure they won't cause issues with your project.
This PR was automatically created by Snyk using the credentials of a real user.
Note:You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
This PR was automatically created by Snyk using the credentials of a real user.
![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123)
Snyk has created this PR to upgrade @cumulus/common from 18.2.0 to 18.3.0.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.- The recommended version is **3 versions** ahead of your current version. - The recommended version was released on **25 days ago**.
Release notes
Package name: @cumulus/common
Release 18.3.0
Migration Notes
CUMULUS-3591 - SNS topics set to use encrypted storage
As part of the requirements for this ticket Cumulus Core created SNS topics are
being updated to use server-side encryption with an AWS managed key. No user
action is required, this note is being added to increase visibility re: this
modification.
Changed
Fixed
/dev/xvdcz
EBS volumes so they're encrypted.updates of sub-dependencies and maintain without refactoring errors in
API/etc wholesale
updating babel packages and .babelrc
[v18.2.1] 2024-05-08
Please note changes in 18.2.1 may not yet be released in future versions, as this
is a backport/patch release on the 18.2.x series of releases. Updates that are
included in the future will have a corresponding CHANGELOG entry in future releases.
Fixed
@ cumulus/api
to no longer improperly pass PATCH/PUT null values to Eventbridge rulesMigration Notes
From this release forward, Cumulus Core will be tested against PostgreSQL v13. Users
should migrate their datastores to Aurora PostgreSQL 13.9+ compatible data
stores as soon as possible after upgrading to this release.
Database Upgrade
Users utilizing the
cumulus-rds-tf
module should reference cumulus-rds-tf upgrade instructions.Changed
cumulus-rds-tf
module to take additional parameters in support ofmigration from Aurora PostgreSQl v11 to v13. See Migration Notes for more details.
pin expected to be changed with the resolution to CUMULUS-2900
cumulus-rds-tf
engine_version
to13.9
cumulus-rds-tf
parameter_group_family
toaurora-postgresql13
2.1.1-aplha.2-SNAPSHOT
version 1.7.0-alpha.2-SNAPSHOT
Fixed
_removeGranuleFromCmr
function for granulebulkDelete
to not throw an error and instead catch the error when the granule is not found in CMR/sqs/
to/failed-sqs/
locationchildWorkflowMeta
toQueueWorkflow
task configurationrules.buildPayload' to restore changes from ticket
CUMULUS-2969which limited the definition object to
nameand
arn` toaccount for AWS character limits.
var.lambda_memory_size
is supposed to bevar.lambda_memory_sizes
@ cumulus/api
validateAndUpdateSqsRule
method to allow 0 retries and 0 visibilityTimeoutin rule's meta. This fix from CUMULUS-2863 was not in release 16 and later.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information: