Skip to content

fix(deps): bump the all group across 1 directory with 4 updates#147

Merged
nmccready merged 1 commit intomasterfrom
dependabot/npm_and_yarn/all-b474e39f7e
Apr 11, 2026
Merged

fix(deps): bump the all group across 1 directory with 4 updates#147
nmccready merged 1 commit intomasterfrom
dependabot/npm_and_yarn/all-b474e39f7e

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot bot commented on behalf of github Apr 10, 2026

Bumps the all group with 4 updates in the / directory: @aws-sdk/client-cloudformation, @aws-sdk/client-s3, proxy-agent and @types/node.

Updates @aws-sdk/client-cloudformation from 3.1021.0 to 3.1024.0

Release notes

Sourced from @​aws-sdk/client-cloudformation's releases.

v3.1024.0

3.1024.0(2026-04-03)

Documentation Changes
  • client-organizations: Updates close Account quota for member accounts in an Organization. (4bc933f4)
  • client-bedrock-agentcore-control: Documentation Update for Adds support for three-legged (Authorization Code grant type) OAuth along with predefined MCP tool schema configuration for Amazon Bedrock AgentCore gateway MCP server targets. (96ae995b)
New Features
  • client-bedrock-agent: Added strict parameter to ToolSpecification to allow users to enforce strict JSON schema adherence for tool input schemas. (2d57cd61)
  • client-medialive: AWS Elemental MediaLive released a new features that allows customers to use HLG 2020 as a color space for AV1 video codec. (b9ff368c)
  • client-imagebuilder: Updated pagination token validation for ListContainerRecipes API to support maximum size of 65K characters (0d392c90)
  • client-cloudwatch-logs: Added queryDuration, bytesScanned, and userIdentity fields to the QueryInfo response object returned by DescribeQueries. Customers can now view detailed query cost information including who ran the query, how long it took, and the volume of data scanned. (c4b9df8e)
  • client-payment-cryptography: Adds optional support to retrieve previously generated import and export tokens to simplify import and export functions (76274743)
  • client-bedrock: Amazon Bedrock Guardrails enforcement configuration APIs now support selective guarding controls for system prompts as well as user and assistant messages, along with SDK support for Amazon Bedrock resource policy APIs. (4aa232cc)
  • client-lightsail: Add support for tagging of Alarm resource type (ad9e0d71)

For list of updated packages, view updated-packages.md in assets-3.1024.0.zip

v3.1023.0

3.1023.0(2026-04-02)

Documentation Changes
  • client-geo-places: This release updates API reference documentation for Amazon Location Service Places APIs to reflect regional restrictions for Grab Maps users in ReverseGeocode, Suggest, SearchText, and GetPlace operations (f60237d7)
New Features
  • clients: update client endpoints as of 2026-04-02 (b5ffded0)
  • client-gamelift: Amazon GameLift Servers now includes a ComputeName field in game session API responses, making it easier to identify which compute is hosting a game session without cross-referencing IP addresses. (9eb2723f)
  • client-connect: Include CUSTOMER to evaluation target and participant role. Support Korean, Japanese and Simplified Chinese in evaluation forms. (69be1448)
  • client-bedrock-data-automation: Data Automation Library is a BDA capability that lets you create reusable entity resources to improve extraction accuracy. Libraries support Custom Vocabulary entities that enhance speech recognition for audio and video content with domain-specific terminology shared across projects (b7560ab1)
  • client-pricing: This release increases the MaxResults parameter of the GetAttributeValues API from 100 to 10000. (f3944601)
  • client-cloudwatch: CloudWatch now supports OTel enrichment to make vended metrics for supported AWS resources queryable via PromQL with resource ARN and tag labels, and PromQL alarms for metrics ingested via the OTLP endpoint with multi-contributor evaluation. (c34638a1)
  • client-bedrock-agentcore-control: Adds support for three-legged (Authorization Code grant type) OAuth along with predefined MCP tool schema configuration for Amazon Bedrock AgentCore gateway MCP server targets. (3bf4e650)
  • client-bedrock-runtime: Relax ToolUseId pattern to allow dots and colons (2837c477)
  • client-appstream: Amazon WorkSpaces Applications now supports drain mode for instances in multi-session fleets. This capability allows administrators to instruct individual fleet instances to stop accepting new user sessions while allowing existing sessions to continue uninterrupted. (3644b4c1)
  • client-cloudwatch-logs: We are pleased to announce that our logs transformation csv processor now has a destination field, allowing you to specify under which parent node parsed columns be placed under. (d3d6f2bb)
  • client-deadline: AWS Deadline Cloud now supports configurable scheduling on each queue. The scheduling configuration controls how workers are distributed across jobs. (522c454c)

For list of updated packages, view updated-packages.md in assets-3.1023.0.zip

v3.1022.0

... (truncated)

Changelog

Sourced from @​aws-sdk/client-cloudformation's changelog.

3.1024.0 (2026-04-03)

Note: Version bump only for package @​aws-sdk/client-cloudformation

3.1023.0 (2026-04-02)

Note: Version bump only for package @​aws-sdk/client-cloudformation

3.1022.0 (2026-04-01)

Note: Version bump only for package @​aws-sdk/client-cloudformation

Commits

Updates @aws-sdk/client-s3 from 3.1021.0 to 3.1024.0

Release notes

Sourced from @​aws-sdk/client-s3's releases.

v3.1024.0

3.1024.0(2026-04-03)

Documentation Changes
  • client-organizations: Updates close Account quota for member accounts in an Organization. (4bc933f4)
  • client-bedrock-agentcore-control: Documentation Update for Adds support for three-legged (Authorization Code grant type) OAuth along with predefined MCP tool schema configuration for Amazon Bedrock AgentCore gateway MCP server targets. (96ae995b)
New Features
  • client-bedrock-agent: Added strict parameter to ToolSpecification to allow users to enforce strict JSON schema adherence for tool input schemas. (2d57cd61)
  • client-medialive: AWS Elemental MediaLive released a new features that allows customers to use HLG 2020 as a color space for AV1 video codec. (b9ff368c)
  • client-imagebuilder: Updated pagination token validation for ListContainerRecipes API to support maximum size of 65K characters (0d392c90)
  • client-cloudwatch-logs: Added queryDuration, bytesScanned, and userIdentity fields to the QueryInfo response object returned by DescribeQueries. Customers can now view detailed query cost information including who ran the query, how long it took, and the volume of data scanned. (c4b9df8e)
  • client-payment-cryptography: Adds optional support to retrieve previously generated import and export tokens to simplify import and export functions (76274743)
  • client-bedrock: Amazon Bedrock Guardrails enforcement configuration APIs now support selective guarding controls for system prompts as well as user and assistant messages, along with SDK support for Amazon Bedrock resource policy APIs. (4aa232cc)
  • client-lightsail: Add support for tagging of Alarm resource type (ad9e0d71)

For list of updated packages, view updated-packages.md in assets-3.1024.0.zip

v3.1023.0

3.1023.0(2026-04-02)

Documentation Changes
  • client-geo-places: This release updates API reference documentation for Amazon Location Service Places APIs to reflect regional restrictions for Grab Maps users in ReverseGeocode, Suggest, SearchText, and GetPlace operations (f60237d7)
New Features
  • clients: update client endpoints as of 2026-04-02 (b5ffded0)
  • client-gamelift: Amazon GameLift Servers now includes a ComputeName field in game session API responses, making it easier to identify which compute is hosting a game session without cross-referencing IP addresses. (9eb2723f)
  • client-connect: Include CUSTOMER to evaluation target and participant role. Support Korean, Japanese and Simplified Chinese in evaluation forms. (69be1448)
  • client-bedrock-data-automation: Data Automation Library is a BDA capability that lets you create reusable entity resources to improve extraction accuracy. Libraries support Custom Vocabulary entities that enhance speech recognition for audio and video content with domain-specific terminology shared across projects (b7560ab1)
  • client-pricing: This release increases the MaxResults parameter of the GetAttributeValues API from 100 to 10000. (f3944601)
  • client-cloudwatch: CloudWatch now supports OTel enrichment to make vended metrics for supported AWS resources queryable via PromQL with resource ARN and tag labels, and PromQL alarms for metrics ingested via the OTLP endpoint with multi-contributor evaluation. (c34638a1)
  • client-bedrock-agentcore-control: Adds support for three-legged (Authorization Code grant type) OAuth along with predefined MCP tool schema configuration for Amazon Bedrock AgentCore gateway MCP server targets. (3bf4e650)
  • client-bedrock-runtime: Relax ToolUseId pattern to allow dots and colons (2837c477)
  • client-appstream: Amazon WorkSpaces Applications now supports drain mode for instances in multi-session fleets. This capability allows administrators to instruct individual fleet instances to stop accepting new user sessions while allowing existing sessions to continue uninterrupted. (3644b4c1)
  • client-cloudwatch-logs: We are pleased to announce that our logs transformation csv processor now has a destination field, allowing you to specify under which parent node parsed columns be placed under. (d3d6f2bb)
  • client-deadline: AWS Deadline Cloud now supports configurable scheduling on each queue. The scheduling configuration controls how workers are distributed across jobs. (522c454c)

For list of updated packages, view updated-packages.md in assets-3.1023.0.zip

v3.1022.0

... (truncated)

Changelog

Sourced from @​aws-sdk/client-s3's changelog.

3.1024.0 (2026-04-03)

Note: Version bump only for package @​aws-sdk/client-s3

3.1023.0 (2026-04-02)

Note: Version bump only for package @​aws-sdk/client-s3

3.1022.0 (2026-04-01)

Note: Version bump only for package @​aws-sdk/client-s3

Commits

Updates proxy-agent from 7.0.0 to 8.0.0

Release notes

Sourced from proxy-agent's releases.

proxy-agent@8.0.0

Major Changes

  • 7d12b51: Set minimum Node.js version to 20

Patch Changes

  • 0e639d4: chore: update proxy-from-env to fix DEP0169
  • 7ca27d0: Simplify package.json exports to remove unnecessary imports restriction
  • Updated dependencies [ca12148]
  • Updated dependencies [7d12b51]
  • Updated dependencies [7ca27d0]
    • agent-base@9.0.0
    • http-proxy-agent@9.0.0
    • https-proxy-agent@9.0.0
    • pac-proxy-agent@9.0.0
    • socks-proxy-agent@10.0.0
Changelog

Sourced from proxy-agent's changelog.

8.0.0

Major Changes

  • 7d12b51: Set minimum Node.js version to 20

Patch Changes

  • 0e639d4: chore: update proxy-from-env to fix DEP0169
  • 7ca27d0: Simplify package.json exports to remove unnecessary imports restriction
  • Updated dependencies [ca12148]
  • Updated dependencies [7d12b51]
  • Updated dependencies [7ca27d0]
    • agent-base@9.0.0
    • http-proxy-agent@9.0.0
    • https-proxy-agent@9.0.0
    • pac-proxy-agent@9.0.0
    • socks-proxy-agent@10.0.0
Commits
  • af317e0 Version Packages (#397)
  • 7ca27d0 Simplify package.json exports to remove unnecessary imports restriction (#408)
  • 0e639d4 chore: update proxy-from-env (#400)
  • 7d12b51 Set minimum Node.js version to 20 and add Node 24.x to CI matrix
  • See full diff in compare view

Updates @types/node from 25.5.0 to 25.5.2

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
fix(deps): bump the all group across 1 directory with 4 updates
4ee6be4 
Bumps the all group with 4 updates in the / directory: [@aws-sdk/client-cloudformation](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-cloudformation), [@aws-sdk/client-s3](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3), [proxy-agent](https://github.com/TooTallNate/proxy-agents/tree/HEAD/packages/proxy-agent) and [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node).


Updates `@aws-sdk/client-cloudformation` from 3.1021.0 to 3.1024.0
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases)
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-cloudformation/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1024.0/clients/client-cloudformation)

Updates `@aws-sdk/client-s3` from 3.1021.0 to 3.1024.0
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases)
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-s3/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1024.0/clients/client-s3)

Updates `proxy-agent` from 7.0.0 to 8.0.0
- [Release notes](https://github.com/TooTallNate/proxy-agents/releases)
- [Changelog](https://github.com/TooTallNate/proxy-agents/blob/main/packages/proxy-agent/CHANGELOG.md)
- [Commits](https://github.com/TooTallNate/proxy-agents/commits/proxy-agent@8.0.0/packages/proxy-agent)

Updates `@types/node` from 25.5.0 to 25.5.2
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@aws-sdk/client-cloudformation"
  dependency-version: 3.1024.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: "@aws-sdk/client-s3"
  dependency-version: 3.1024.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: proxy-agent
  dependency-version: 8.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all
- dependency-name: "@types/node"
  dependency-version: 25.5.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 10, 2026
@nmccready-tars
Copy link
Copy Markdown

nmccready-tars commented Apr 10, 2026

Dependabot Triage — BrickTARS

Bump: 4 packages bumped in group update

Package From To Type
@aws-sdk/client-cloudformation 3.1021.0 3.1024.0 Minor
@aws-sdk/client-s3 3.1021.0 3.1024.0 Minor
proxy-agent 7.0.0 8.0.0 MAJOR
@types/node 25.5.0 25.5.2 Patch

CI status: Passing ✅ (only the dependabot/auto-merge check failed — actual tests on Node 20/22/24 + shell tests all pass)

Breaking changes:

  • @aws-sdk/client-cloudformation 3.1021→3.1024: No breaking changes — doc updates and new bedrock/cloudwatch client features
  • @aws-sdk/client-s3 3.1021→3.1024: No breaking changes — same SDK batch release
  • proxy-agent 7→8: Major bump — changelog only shows a proxy-from-env dep update; no API surface changes noted. Low risk in practice.
  • @types/node 25.5.0→25.5.2: Patch, type defs only — zero runtime impact

Our usage: AWS SDK clients used directly for CloudFormation + S3 ops; proxy-agent handles env-based HTTP proxy routing; @types/node is dev-only.

Security advisory: No CVEs driving any of these bumps.

Recommendation: ⚠️ Safe to merge with low caution on proxy-agent.

  • AWS SDK + @types/node: ✅ merge anytime, CI is green
  • proxy-agent 7→8: changelog is thin (just a dep update), tests pass, but it's a major bump — worth a quick local smoke test if HTTP_PROXY is used in prod. Otherwise green light.

Reasoning: All actual test jobs pass (Node 20/22/24, shell tests, commitlint). The only failed check is the auto-merge action itself, which we intentionally don't use.

@nmccready-tars
Copy link
Copy Markdown

nmccready-tars commented Apr 11, 2026

Dependabot Triage — BrickTARS

This is a grouped bump of 4 packages. Mixed risk levels — details below.

@aws-sdk/client-cloudformation 3.1021.0 → 3.1024.0

Bump: Minor (x.MINOR.x)
Breaking changes: No — version bump only for this client package; changes are in other clients
Our usage: Direct dependency — used for CloudFormation stack operations in cfn-include
CI status: ⚠️ FAILING (see below)
Security advisory: No
Recommendation: Safe to merge once CI is green
Reasoning: Pure minor bumps with no breaking changes to cloudformation client itself. Changelog shows "version bump only" for this package across all 3 versions.

@aws-sdk/client-s3 3.1021.0 → 3.1024.0

Bump: Minor (x.MINOR.x)
Breaking changes: No — same pattern as above, version bump only for this client
Our usage: Direct dependency — S3 operations in cfn-include
CI status: ⚠️ FAILING
Security advisory: No
Recommendation: Safe to merge once CI is green
Reasoning: No breaking changes to S3 client. Minor version bumps in monorepo publish pattern.

proxy-agent 7.0.0 → 8.0.0

Bump: MAJOR (MAJOR.x.x)
Breaking changes: YES — minimum Node.js version raised to 20. Also bumps agent-base, http-proxy-agent, https-proxy-agent, pac-proxy-agent, socks-proxy-agent to new major versions.
Our usage: Transitive — pulled in via aws-sdk clients for proxy support
CI status: ⚠️ FAILING — likely the cause of CI failure
Security advisory: No (fix for DEP0169 deprecation warning, not a security advisory)
Recommendation: Needs investigation — CI failure is likely tied to this major bump
Reasoning: Major version with Node 20 minimum. If cfn-include runs on Node 18, this will break. Investigate CI logs before merging.

@types/node 25.5.0 → 25.5.2

Bump: Patch (x.x.PATCH)
Breaking changes: No — type-only patch
Our usage: Dev dependency — TypeScript types
CI status: ⚠️ FAILING (unrelated to this package)
Security advisory: No
Recommendation: Safe to merge
Reasoning: Type-only patch bump, no runtime impact.

Overall Assessment

⚠️ Do NOT merge until CI is investigated. The proxy-agent 7→8 major bump (requires Node 20+) is the most likely cause of CI failure. Check what Node version cfn-include's CI uses. If Node 18, you'll need to either upgrade Node or pin proxy-agent to v7.

@nmccready — please check the CI failure logs before merging.

🤖 TARS automated triage — 2026-04-11

@nmccready nmccready merged commit 05b18b1 into master Apr 11, 2026
7 of 8 checks passed
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/all-b474e39f7e branch April 11, 2026 15:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nmccready nmccready nmccready approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nmccready-tars @nmccready