From 55fb9bd6436c51e998b31851fb758cb7a0a8ba73 Mon Sep 17 00:00:00 2001 From: Dustin Sweigart Date: Thu, 5 Feb 2026 12:51:13 -0500 Subject: [PATCH 1/3] Post v1.7 Followup (#349) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Version 1.7.1 adds configurable CDK synthesizer settings, updates third‑party dependencies for better security, and streamlines ADC deployments by removing a deprecated Lambda layer and ensuring the CABundle aspect is included. It also fixes SSL verification handling by respecting the AUTH_OIDC_VERIFY_SSL flag. These changes improve deployment flexibility, reduce package size, and address security concerns raised after the initial 1.7 release. --- BFF_AUTHENTICATION_DOCS_README.md | 2 + README.md | 1 + backend/requirements.txt | 2 +- .../auth/handlers/oidc_handler.py | 19 +- .../auth/utils/key_rotation.py | 30 +- .../auth/utils/rotation_handlers.py | 22 +- bin/mlspace-cdk.ts | 46 +- cypress/package-lock.json | 10 +- cypress/package.json | 3 +- docs/BFF_AUTHENTICATION_KEY_ROTATION.md | 289 --- frontend/docs/.vitepress/config.mts | 1 + .../auth-configuration-reference.md | 10 + frontend/docs/admin-guide/custom-domain.md | 68 +- .../docs/admin-guide/custom-synthesizer.md | 600 ++++++ frontend/docs/admin-guide/install.md | 1 + frontend/package-lock.json | 72 +- frontend/package.json | 9 +- frontend/src/contexts/AuthContext.tsx | 2 - lambda_dependencies/jwt/create.sh | 8 - lib/constants.ts | 1 + lib/constructs/api/authConstruct.ts | 1 + lib/constructs/api/restApiConstruct.ts | 4 +- lib/constructs/auth/authSecretsConstruct.ts | 6 +- lib/utils/configTypes.ts | 3 + package-lock.json | 1641 ++++++++++------- package.json | 3 +- 26 files changed, 1755 insertions(+), 1099 deletions(-) delete mode 100644 docs/BFF_AUTHENTICATION_KEY_ROTATION.md create mode 100644 frontend/docs/admin-guide/custom-synthesizer.md delete mode 100644 lambda_dependencies/jwt/create.sh diff --git a/BFF_AUTHENTICATION_DOCS_README.md b/BFF_AUTHENTICATION_DOCS_README.md index b86cab8d..46c38438 100644 --- a/BFF_AUTHENTICATION_DOCS_README.md +++ b/BFF_AUTHENTICATION_DOCS_README.md @@ -47,6 +47,7 @@ All authentication configuration now uses `AUTH_*` parameters. **Deprecated `OID - **AUTH_OIDC_VERIFY_SSL**: Whether to verify SSL certificates for OIDC requests (default: `true`) - **AUTH_OIDC_VERIFY_SIGNATURE**: Whether to verify OIDC token signatures (default: `true`) - **AUTH_SESSION_TTL_HOURS**: Session duration in hours (default: `24`) +- **AUTH_KEY_VERSIONS_TO_KEEP**: Number of encryption key versions to retain during rotation (default: `3`) - **AUTH_SYNC_DOMAINS**: Optional comma-separated list of additional domains for cookie sync - **AUTH_SESSION_TABLE_NAME**: DynamoDB table name for authentication sessions (default: `mlspace-auth-sessions`) - **AUTH_TOKEN_ENCRYPTION_KEY_SECRET_NAME**: Secrets Manager secret name for token encryption keys (default: `mlspace/auth/token-encryption-keys`) @@ -130,6 +131,7 @@ frontend/docs/admin-guide/ - **AUTH_OIDC_VERIFY_SSL**: Whether to verify SSL certificates (default: `true`) - **AUTH_OIDC_VERIFY_SIGNATURE**: Whether to verify OIDC token signatures (default: `true`) - **AUTH_SESSION_TTL_HOURS**: Session duration configuration (default: `24`) +- **AUTH_KEY_VERSIONS_TO_KEEP**: Number of encryption key versions to retain during rotation (default: `3`) - **AUTH_SYNC_DOMAINS**: Multi-domain cookie synchronization - **AUTH_SESSION_TABLE_NAME**: DynamoDB table name for sessions - **AUTH_TOKEN_ENCRYPTION_KEY_SECRET_NAME**: Versioned token encryption keys (rotatable) diff --git a/README.md b/README.md index 3c2be5eb..0b4d911a 100644 --- a/README.md +++ b/README.md @@ -175,6 +175,7 @@ If the config-helper doesn't provide the level of customization you need for you | AUTH_OIDC_VERIFY_SIGNATURE | Whether or not the lambda authorizer should verify the JWT token signature | `true` | | AUTH_OIDC_USE_PKCE | Whether to use PKCE (Proof Key for Code Exchange) for OIDC authentication | `false` | | AUTH_SESSION_TTL_HOURS | The time-to-live (TTL) in hours for authentication sessions | `24` | +| AUTH_KEY_VERSIONS_TO_KEEP | Number of encryption key versions to retain during key rotation | `3` | | AUTH_SYNC_DOMAINS | Comma-separated list of domains to sync authentication state across | - | | ADDITIONAL_LAMBDA_ENVIRONMENT_VARS | A map of key value pairs which will be set as environment variables on every MLSpace lambda | `{}` | | RESOURCE_TERMINATION_INTERVAL | Interval (in minutes) to run the resource termination cleanup lambda | `60` | diff --git a/backend/requirements.txt b/backend/requirements.txt index 521f4ae5..61ff9841 100644 --- a/backend/requirements.txt +++ b/backend/requirements.txt @@ -4,7 +4,7 @@ moto==4.0.8 dynamodb-json==1.3 cachetools==5.3.2 pyseto==1.7.8 -authlib==1.2.1 +authlib==1.6.6 pydantic==2.5.3 requests==2.32.5 cryptography==42.0.8 \ No newline at end of file diff --git a/backend/src/ml_space_lambda/auth/handlers/oidc_handler.py b/backend/src/ml_space_lambda/auth/handlers/oidc_handler.py index 6e1180b4..cf2792d2 100644 --- a/backend/src/ml_space_lambda/auth/handlers/oidc_handler.py +++ b/backend/src/ml_space_lambda/auth/handlers/oidc_handler.py @@ -127,19 +127,14 @@ def _create_oauth_session(self): """ Create OAuth2 session for token operations using authlib. """ - # Create a requests session with SSL verification setting - session = requests.Session() - session.verify = self.config.verify_ssl - self.oauth_session = OAuth2Session( client_id=self.config.client_id, client_secret=self.config.client_secret, scope=" ".join(self.config.scopes), token_endpoint=self.token_endpoint, token_endpoint_auth_method="client_secret_post" if self.config.client_secret else None, + verify=self.config.verify_ssl, ) - # Set the session on the OAuth2Session to use our configured session - self.oauth_session.session = session def get_authorization_url(self, state: str, redirect_uri: str, code_verifier: Optional[str] = None) -> str: """ @@ -178,7 +173,7 @@ def get_authorization_url(self, state: str, redirect_uri: str, code_verifier: Op logger.info("Generated OIDC authorization URL") # Create temporary OAuth2 session for URL generation - client = OAuth2Session(**session_params) + client = OAuth2Session(verify=self.config.verify_ssl, **session_params) authorization_url, _ = client.create_authorization_url(self.authorization_endpoint, **authorization_params) return authorization_url @@ -283,10 +278,7 @@ def get_user_info(self, access_token: str) -> UserData: oauth_token = OAuth2Token({"access_token": access_token, "token_type": "Bearer"}) # Create a temporary session with the token - session = OAuth2Session(client_id=self.config.client_id, token=oauth_token) - # Apply SSL verification setting - session.session = requests.Session() - session.session.verify = self.config.verify_ssl + session = OAuth2Session(client_id=self.config.client_id, token=oauth_token, verify=self.config.verify_ssl) # Get user info using authlib resp = session.get(self.userinfo_endpoint) @@ -526,10 +518,7 @@ def _get_user_info_from_oauth_token(self, oauth_token: OAuth2Token) -> UserData: if access_token and self.userinfo_endpoint: try: # Use authlib's OAuth2Session to get user info - session = OAuth2Session(client_id=self.config.client_id, token=oauth_token) - # Apply SSL verification setting - session.session = requests.Session() - session.session.verify = self.config.verify_ssl + session = OAuth2Session(client_id=self.config.client_id, token=oauth_token, verify=self.config.verify_ssl) resp = session.get(self.userinfo_endpoint) if resp.status_code == 200: diff --git a/backend/src/ml_space_lambda/auth/utils/key_rotation.py b/backend/src/ml_space_lambda/auth/utils/key_rotation.py index 13be3558..bd5716d6 100644 --- a/backend/src/ml_space_lambda/auth/utils/key_rotation.py +++ b/backend/src/ml_space_lambda/auth/utils/key_rotation.py @@ -23,6 +23,7 @@ import json import logging +import os from typing import Dict, Optional import boto3 @@ -41,6 +42,20 @@ logger.setLevel(level=logging.INFO) +def _get_default_keep_versions() -> int: + """ + Get the default number of key versions to keep from environment variable. + + Returns: + Number of versions to keep (default: 3) + """ + try: + return int(os.environ.get("AUTH_KEY_VERSIONS_TO_KEEP", "3")) + except ValueError: + logger.warning("Invalid AUTH_KEY_VERSIONS_TO_KEEP value, using default: 3") + return 3 + + def initialize_state_encryption_key(secret_arn: str) -> Dict: """ Initialize state encryption key secret with versioned structure. @@ -129,7 +144,7 @@ def rotate_state_encryption_key( secret_arn: str, version_stage: str = SecretsManagerStage.PENDING, version_token: Optional[str] = None, - keep_versions: int = 3, + keep_versions: Optional[int] = None, ) -> KeyRotationResult: """ Rotate state encryption key for AWS Secrets Manager rotation protocol. @@ -139,8 +154,9 @@ def rotate_state_encryption_key( Args: secret_arn: AWS Secrets Manager ARN for state encryption key - token: Version stage (AWSPENDING for new version) - keep_versions: Number of recent versions to keep after rotation + version_stage: Version stage (AWSPENDING for new version) + version_token: Version token for the rotation + keep_versions: Number of recent versions to keep after rotation (uses AUTH_KEY_VERSIONS_TO_KEEP env var if not specified) Returns: KeyRotationResult with rotation details @@ -148,6 +164,8 @@ def rotate_state_encryption_key( Raises: Exception: If rotation fails """ + if keep_versions is None: + keep_versions = _get_default_keep_versions() try: secrets_client = boto3.client("secretsmanager") @@ -205,7 +223,7 @@ def rotate_token_encryption_key( secret_arn: str, version_stage: str = SecretsManagerStage.PENDING, version_token: Optional[str] = None, - keep_versions: int = 3, + keep_versions: Optional[int] = None, ) -> KeyRotationResult: """ Rotate token encryption key for AWS Secrets Manager rotation protocol. @@ -217,7 +235,7 @@ def rotate_token_encryption_key( secret_arn: AWS Secrets Manager ARN for token encryption key version_stage: Version stage (AWSPENDING for new version) version_token: Version token (normally from ClientRequestToken) - keep_versions: Number of recent versions to keep after rotation + keep_versions: Number of recent versions to keep after rotation (uses AUTH_KEY_VERSIONS_TO_KEEP env var if not specified) Returns: KeyRotationResult with rotation details @@ -225,6 +243,8 @@ def rotate_token_encryption_key( Raises: Exception: If rotation fails """ + if keep_versions is None: + keep_versions = _get_default_keep_versions() try: secrets_client = boto3.client("secretsmanager") diff --git a/backend/src/ml_space_lambda/auth/utils/rotation_handlers.py b/backend/src/ml_space_lambda/auth/utils/rotation_handlers.py index fc65327c..9361c42c 100644 --- a/backend/src/ml_space_lambda/auth/utils/rotation_handlers.py +++ b/backend/src/ml_space_lambda/auth/utils/rotation_handlers.py @@ -22,6 +22,7 @@ """ import logging +import os from enum import StrEnum from typing import Any, Dict, Optional @@ -39,6 +40,20 @@ logger.setLevel(level=logging.INFO) +def _get_keep_versions() -> int: + """ + Get the number of key versions to keep from environment variable. + + Returns: + Number of versions to keep (default: 3) + """ + try: + return int(os.environ.get("AUTH_KEY_VERSIONS_TO_KEEP", "3")) + except ValueError: + logger.warning("Invalid AUTH_KEY_VERSIONS_TO_KEEP value, using default: 3") + return 3 + + class RotationStep(StrEnum): """AWS Secrets Manager rotation steps.""" @@ -86,12 +101,15 @@ def _handle_create_secret_step(secret_name: str, key_type: str, version_token: O Args: secret_name: Secret ARN key_type: Type of key being rotated + version_token: Version token for the rotation """ + keep_versions = _get_keep_versions() + # Create new key version if key_type == KeyType.STATE: - result = rotate_state_encryption_key(secret_name, version_token=version_token, keep_versions=3) + result = rotate_state_encryption_key(secret_name, version_token=version_token, keep_versions=keep_versions) else: # token - result = rotate_token_encryption_key(secret_name, version_token=version_token, keep_versions=3) + result = rotate_token_encryption_key(secret_name, version_token=version_token, keep_versions=keep_versions) def _handle_set_secret_step(secret_name: str) -> None: diff --git a/bin/mlspace-cdk.ts b/bin/mlspace-cdk.ts index 70a0e03f..7592728b 100644 --- a/bin/mlspace-cdk.ts +++ b/bin/mlspace-cdk.ts @@ -16,7 +16,7 @@ limitations under the License. */ -import { App, Aspects, Tags } from 'aws-cdk-lib'; +import { App, Aspects, Tags, DefaultStackSynthesizer, CliCredentialsStackSynthesizer, LegacyStackSynthesizer } from 'aws-cdk-lib'; import { LogGroup } from 'aws-cdk-lib/aws-logs'; import 'source-map-support/register'; import { AdminApiStack } from '../lib/stacks/api/admin'; @@ -51,6 +51,37 @@ const envProperties = { }; const app = new App(); + +// Read synthesizer configuration from cdk.json +const synthesizerConfig = app.node.tryGetContext('synthesizer') || {}; +const synthesizerType = synthesizerConfig.type || 'default'; + +// Create synthesizer based on configuration +function createSynthesizer () { + // Extract type and pass remaining config as parameters + const { ...synthesizerParams } = synthesizerConfig; + + // Convert empty strings to undefined for optional parameters + const cleanParams = Object.fromEntries( + Object.entries(synthesizerParams).map(([key, value]) => [ + key, + value === '' ? undefined : value + ]) + ); + + switch (synthesizerType) { + case 'default': + return new DefaultStackSynthesizer(cleanParams); + case 'cli': + return new CliCredentialsStackSynthesizer(cleanParams); + case 'legacy': + return new LegacyStackSynthesizer(); + default: + return undefined; // Use CDK default + } +} + +const synthesizer = createSynthesizer(); const stacks = []; const isIso = ['us-iso-east-1', 'us-isob-east-1'].includes(config.AWS_REGION); @@ -59,6 +90,7 @@ const enableTranslate = !['us-isob-east-1'].includes(config.AWS_REGION); const vpcStack = new VPCStack(app, 'mlspace-vpc', { env: envProperties, + synthesizer, deployCFNEndpoint: true, deployCWEndpoint: true, deployCWLEndpoint: true, @@ -74,6 +106,7 @@ const mlSpaceVPC = vpcStack.vpc; const kmsStack = new KMSStack(app, 'mlspace-kms', { env: envProperties, + synthesizer, keyManagerRoleName: config.KEY_MANAGER_ROLE_NAME, mlspaceConfig: config }); @@ -87,6 +120,7 @@ const accessLogsBucketName = `${config.ACCESS_LOGS_BUCKET_NAME}-${config.AWS_ACC const iamStack = new IAMStack(app, 'mlspace-iam', { env: envProperties, + synthesizer, dataBucketName, configBucketName, websiteBucketName, @@ -114,6 +148,7 @@ const frontEndAssetsPath = './frontend/build/'; const coreStack = new CoreStack(app, 'mlspace-core', { env: envProperties, + synthesizer, dataBucketName, configBucketName, websiteBucketName, @@ -139,12 +174,14 @@ stacks.push(coreStack); stacks.push(new SagemakerStack(app, 'mlspace-sagemaker', { env: envProperties, + synthesizer, dataBucketName, mlspaceConfig: config })); const restStack = new RestApiStack(app, 'mlspace-web-tier', { env: envProperties, + synthesizer, dataBucketName, websiteBucketName, websiteS3ReaderRole, @@ -166,6 +203,7 @@ stacks.push(restStack); const apiStackProperties: ApiStackProperties = { env: envProperties, + synthesizer, restApiId: restStack.mlSpaceRestApiId, rootResourceId: restStack.mlSpaceRestApiRootResourceId, dataBucketName, @@ -208,9 +246,15 @@ if (enableTranslate) { } const apiDeploymentStack = new ApiDeploymentStack(app, 'mlspace-api-deployment', { env: envProperties, + synthesizer, restApiId: restStack.mlSpaceRestApiId, }); +// add ADCLambdaCABundleAspect to core in ADC regions +if (isIso) { + Aspects.of(coreStack).add(new ADCLambdaCABundleAspect()); +} + apiStacks.forEach((stack) => { stack.addDependency(coreStack); stack.addDependency(iamStack); diff --git a/cypress/package-lock.json b/cypress/package-lock.json index ed0f4767..5a3e3c39 100644 --- a/cypress/package-lock.json +++ b/cypress/package-lock.json @@ -8,7 +8,8 @@ "name": "@amzn/mlspacee2e", "version": "1.0.0", "dependencies": { - "cypress-file-upload": "^5.0.8" + "cypress-file-upload": "^5.0.8", + "lodash": "^4.17.23" }, "devDependencies": { "@cloudscape-design/components": "^3.0.886", @@ -2030,9 +2031,10 @@ } }, "node_modules/lodash": { - "version": "4.17.21", - "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", - "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==" + "version": "4.17.23", + "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.23.tgz", + "integrity": "sha512-LgVTMpQtIopCi79SJeDiP0TfWi5CNEc/L/aRdTh3yIvmZXTnheWpKjSZhnvMl8iXbC1tFg9gdHHDMLoV7CnG+w==", + "license": "MIT" }, "node_modules/lodash.once": { "version": "4.1.1", diff --git a/cypress/package.json b/cypress/package.json index 2106ce64..874cf371 100644 --- a/cypress/package.json +++ b/cypress/package.json @@ -4,7 +4,8 @@ "main": "index.ts", "version": "1.0.0", "dependencies": { - "cypress-file-upload": "^5.0.8" + "cypress-file-upload": "^5.0.8", + "lodash": "^4.17.23" }, "devDependencies": { "@cloudscape-design/components": "^3.0.886", diff --git a/docs/BFF_AUTHENTICATION_KEY_ROTATION.md b/docs/BFF_AUTHENTICATION_KEY_ROTATION.md deleted file mode 100644 index 797593f6..00000000 --- a/docs/BFF_AUTHENTICATION_KEY_ROTATION.md +++ /dev/null @@ -1,289 +0,0 @@ -# Enhanced Authentication Key Rotation Guide - -This document provides comprehensive guidance for managing encryption key rotation in the MLSpace enhanced authentication system. - -## Overview - -The enhanced authentication system uses two types of encryption keys: - -1. **Token Encryption Keys** - Encrypt IdP tokens stored in sessions (high impact) -2. **State Encryption Keys** - Encrypt CSRF state parameters during login flow (low impact) - -## Key Rotation Strategy - -### Hybrid Approach - -We implement a **hybrid key rotation strategy** that balances security with operational simplicity: - -- **Token Keys**: Versioned with automated rotation (zero downtime) -- **State Keys**: Simple deploy-time generation (minimal impact) - -### Impact Assessment - -| Key Type | Rotation Impact | Affected Users | Duration | -|----------|----------------|----------------|----------| -| Token Keys | Zero downtime | None | N/A | -| State Keys | Minimal | Users actively logging in | 1-2 minutes | - -## Token Key Rotation (Automated) - -### Architecture - -Token encryption uses a **versioned key system** that supports graceful rotation: - -- **Encryption**: Always uses the latest key version -- **Decryption**: Can decrypt with any available key version -- **Storage**: AWS Secrets Manager with versioned JSON structure -- **Rotation**: Automated via EventBridge + Lambda (90-day schedule) - -### Key Structure - -```json -{ - "current_version": 2, - "keys": { - "1": "base64-encoded-key-v1", - "2": "base64-encoded-key-v2" - }, - "key_type": "token", - "rotation_date": "2024-01-15T10:30:00Z", - "rotated_by": "key_rotation_manager" -} -``` - -### Automated Rotation - -**Schedule**: Every 90 days via EventBridge rule - -**Process**: -1. Generate new 32-byte encryption key -2. Increment version number -3. Add new key to versioned structure -4. Update Secrets Manager -5. New sessions use latest key -6. Existing sessions continue with their original key - -**Zero Impact**: Users experience no disruption during rotation. - -### Key Cleanup - -Old key versions are automatically retained for backward compatibility and cleaned up during rotation based on the configured retention policy (default: 3 versions). - -### Monitoring Token Key Rotation - -Monitor rotation through CloudWatch Logs and AWS Secrets Manager console: - -- **CloudWatch Logs**: Check `/aws/lambda/mlspace-key-rotation` log group -- **Secrets Manager Console**: View rotation configuration and history -- **CloudWatch Metrics**: Monitor rotation success/failure rates - -## State Key Rotation (Deploy-Time) - -### Architecture - -State encryption uses a **simple Fernet key** that can be regenerated as needed: - -- **Generation**: Initialization script creates key using `create_state_encryption_key()` -- **Storage**: AWS Secrets Manager (simple string value) -- **Rotation**: Regenerate via initialization script -- **Impact**: Only affects users actively logging in (1-2 minutes) -- **Rotation**: Automatic via configured rotation schedule - -## Deployment Configuration - -### CDK Integration - -The `AuthSecretsConstruct` creates the secrets with placeholder values: - -```typescript -// In your CDK stack -const authSecrets = new AuthSecretsConstruct(this, 'AuthSecrets', { - encryptionKey: kmsKey, // Optional: Use customer-managed KMS key - enableTokenKeyRotation: true, // Enable automated rotation - tokenKeyRotationSchedule: Schedule.rate(Duration.days(90)), // Optional: Custom schedule -}); -``` - -### Key Initialization - -After CDK deployment, run the initialization script to populate secrets with proper keys: - -```bash -# Initialize both state and token encryption keys -python3 scripts/initialize-auth-keys.py -``` - -**What the script does:** -- Generates proper Fernet key for state encryption using `create_state_encryption_key()` -- Generates versioned token encryption key using `create_encryption_key()` -- Stores keys in the correct format expected by the authentication system - -### Environment Variables - -Lambda functions receive these environment variables: - -```bash -# Token encryption (versioned) -AUTH_TOKEN_ENCRYPTION_KEY_SECRET_NAME=mlspace/auth/token-encryption-keys - -# State encryption (simple) -AUTH_STATE_ENCRYPTION_KEY_SECRET_NAME=mlspace/auth/state-encryption-key -``` - -### Configuration Files - -**lib/config.json**: -```json -{ - "AUTH_TOKEN_ENCRYPTION_KEY_SECRET_NAME": "mlspace/auth/token-encryption-keys", - "AUTH_STATE_ENCRYPTION_KEY_SECRET_NAME": "mlspace/auth/state-encryption-key" -} -``` - -## Security Considerations - -### Key Generation - -- **Token Keys**: 32-byte cryptographically secure random keys -- **State Keys**: Fernet-compatible keys (32-byte base64-encoded) -- **Entropy**: All keys use `os.urandom()` for cryptographic randomness - -### Access Control - -**IAM Permissions**: -```json -{ - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "secretsmanager:GetSecretValue", - "secretsmanager:UpdateSecret" - ], - "Resource": [ - "arn:aws:secretsmanager:*:*:secret:mlspace/auth/*" - ] - } - ] -} -``` - -### Encryption at Rest - -- **Secrets Manager**: Encrypted with AWS managed keys or customer-managed KMS keys -- **DynamoDB**: Session data encrypted at rest -- **Application-Level**: Tokens encrypted before storage in DynamoDB - -## Troubleshooting - -### Token Key Rotation Issues - -**Problem**: Rotation Lambda fails -- Check CloudWatch Logs for the `/aws/lambda/mlspace-key-rotation` log group -- Review CloudWatch metrics for rotation failures -- Verify IAM permissions for the rotation Lambda function - -**Problem**: Sessions become invalid after rotation -- This should not happen with versioned keys -- Check that `VersionedTokenEncryption` is being used -- Verify key versions are properly stored - -### State Key Rotation Issues - -**Problem**: Users can't log in after deployment -- Expected behavior during state key rotation -- Users should retry login after 1-2 minutes -- Check that new state key was generated properly - -**Problem**: State key generation fails -- Check CloudWatch logs for the rotation Lambda function -- Verify the rotation schedule is configured correctly in AWS Secrets Manager - -### Key Validation - -Verify key structure using AWS Secrets Manager console or by checking CloudWatch logs for the rotation Lambda function. - -## Migration from Legacy Keys - -The system now uses versioned keys by default. If migrating from a legacy deployment: - -1. **Backup existing keys** using AWS Secrets Manager console or CLI -2. **Deploy updated infrastructure** with versioned key support -3. **Initialize secrets** using the initialization script -4. **Verify rotation schedule** is configured correctly - -### Rollback Plan - -If issues occur during migration: - -1. **Check CloudWatch logs** for rotation Lambda errors -2. **Verify secret structure** matches expected versioned format -3. **Contact support** if issues persist - -## Best Practices - -### Rotation Schedule - -- **Token Keys**: Every 90 days (automated via AWS Secrets Manager) -- **State Keys**: Every 90 days (automated via AWS Secrets Manager) - -### Monitoring - -- **CloudWatch Alarms**: Monitor rotation Lambda failures -- **Session Metrics**: Track session creation/expiration rates -- **Error Rates**: Monitor authentication error rates during rotation - -### Testing - -- **Pre-Production**: Test rotation in staging environment -- **Load Testing**: Verify rotation works under load -- **Rollback Testing**: Practice emergency rollback procedures - -### Documentation - -- **Runbooks**: Document rotation procedures for operations team -- **Incident Response**: Include key rotation in security incident procedures -- **Change Management**: Include rotation schedule in change calendar - -## Emergency Procedures - -### Key Compromise Response - -If keys are compromised: - -1. **Trigger immediate rotation**: Use AWS Secrets Manager console to trigger rotation immediately -2. **Monitor rotation completion**: Check CloudWatch logs for rotation Lambda execution -3. **Invalidate sessions if necessary**: Consider clearing the session table for critical security incidents - -### Key Recovery - -If rotation fails and keys are lost: - -1. **Check CloudTrail** for key modification events -2. **Restore from backup** if available -3. **Generate new keys** and accept that existing sessions will be invalidated -4. **Notify users** of required re-authentication - -## Compliance and Auditing - -### Audit Trail - -All key operations are logged: -- **CloudTrail**: Secrets Manager API calls -- **Lambda Logs**: Rotation operation details -- **EventBridge**: Scheduled rotation events - -### Compliance Requirements - -- **Key Rotation**: Automated 90-day rotation meets most compliance requirements -- **Access Logging**: All key access is logged and auditable -- **Encryption**: Keys encrypted at rest and in transit -- **Separation of Duties**: Rotation is automated, reducing human access - -### Reporting - -Monitor rotation history through: -- **CloudWatch Logs Insights**: Query rotation events in the Lambda log group -- **AWS Secrets Manager Console**: View rotation history for each secret -- **CloudTrail**: Audit all Secrets Manager API calls \ No newline at end of file diff --git a/frontend/docs/.vitepress/config.mts b/frontend/docs/.vitepress/config.mts index bb3184ff..5d6407c1 100644 --- a/frontend/docs/.vitepress/config.mts +++ b/frontend/docs/.vitepress/config.mts @@ -26,6 +26,7 @@ const docItems = [ items: [ { text: 'Authentication Configuration Reference', link: '/admin-guide/auth-configuration-reference' }, { text: 'Custom Domain Configuration', link: '/admin-guide/custom-domain' }, + { text: 'Custom CDK Synthesizer', link: '/admin-guide/custom-synthesizer' }, { text: `Enabling Access To S3 Buckets In ${APPLICATION_NAME}`, link: '/admin-guide/manual-s3-permissions' }, { text: `Custom Algorithm Containers In ${APPLICATION_NAME}`, link: '/admin-guide/byom-permissions' }, { text: 'Branding', link: '/admin-guide/branding' }, diff --git a/frontend/docs/admin-guide/auth-configuration-reference.md b/frontend/docs/admin-guide/auth-configuration-reference.md index 75477ca0..17dc88c5 100644 --- a/frontend/docs/admin-guide/auth-configuration-reference.md +++ b/frontend/docs/admin-guide/auth-configuration-reference.md @@ -121,6 +121,15 @@ The deprecated `OIDC_*` configuration parameters (such as `OIDC_URL`, `OIDC_CLIE - **Example**: `"mlspace/auth/state-encryption-key"` - **Notes**: Used for encrypting OAuth state parameter; automatically created during deployment +### AUTH_KEY_VERSIONS_TO_KEEP +- **Type**: Number +- **Required**: No +- **Default**: `3` +- **Range**: `1` to `10` (recommended) +- **Description**: Number of encryption key versions to retain during key rotation +- **Example**: `3` +- **Notes**: Ensures backward compatibility for active sessions during key rotation. Should be set such that `AUTH_KEY_VERSIONS_TO_KEEP × rotation_interval > AUTH_SESSION_TTL_HOURS`. For example, with 90-day rotation and 24-hour sessions, keeping 3 versions provides 270 days of backward compatibility. + ## Environment-Specific Examples ### Development Environment (Minimal) @@ -165,6 +174,7 @@ The deprecated `OIDC_*` configuration parameters (such as `OIDC_URL`, `OIDC_CLIE 1. **AUTH_SYNC_DOMAINS**: Not currently used; reserved for future functionality 2. **AUTH_OIDC_USE_PKCE**: Must be boolean (true/false) +3. **AUTH_KEY_VERSIONS_TO_KEEP**: Must be positive integer between 1 and 10 (recommended) 4. **AUTH_OIDC_VERIFY_SSL**: Must be boolean (true/false); should be true in production 5. **AUTH_OIDC_VERIFY_SIGNATURE**: Must be boolean (true/false); should be true in production 6. **AUTH_OIDC_CLIENT_SECRET_NAME**: Must be valid Secrets Manager secret name if specified diff --git a/frontend/docs/admin-guide/custom-domain.md b/frontend/docs/admin-guide/custom-domain.md index 4d73472c..6e9a1661 100644 --- a/frontend/docs/admin-guide/custom-domain.md +++ b/frontend/docs/admin-guide/custom-domain.md @@ -15,8 +15,9 @@ By default, {{ $params.APPLICATION_NAME }} uses the auto-generated API Gateway U Before configuring a custom domain, ensure you have: - A registered domain name -- An SSL/TLS certificate in AWS Certificate Manager (ACM) for your domain - - For CloudFront distributions or edge-optimized API Gateway endpoints +- A valid SSL/TLS certificate for your domain + - AWS Certificate Manager (ACM) is commonly used, but any valid certificate method supported by API Gateway will work + - For CloudFront distributions or edge-optimized API Gateway endpoints, the certificate must be in us-east-1 - For regional API Gateway endpoints, the certificate must be in the same region as your API - Appropriate DNS access to create CNAME or A records - Admin access to your AWS account @@ -69,9 +70,50 @@ If you're keeping the stage name in your path (e.g., `https://mlspace.mycompany. The `homepage` value should match the base path where your application will be served. This affects how static assets are referenced. ::: -### Step 3: Deploy CDK Changes +### Step 3: Configure Documentation Base Path (Optional) -Deploy your updated {{ $params.APPLICATION_NAME }} stack: +If you're changing the base path for your application, you should also update the documentation site configuration: + +1. Open `frontend/docs/.vitepress/config.mts` + +2. Update the `base` parameter (around line 65): + +```typescript +export default defineConfig({ + title: `${APPLICATION_NAME} Documentation`, + description: 'A collaborative data science environment', + outDir: '../public/docs', + base: process.env.DOCS_BASE_PATH || '/docs/', // Update this line + themeConfig: { + // ... + } +}) +``` + +**Examples**: +- For root path: `base: '/docs/'` (default) +- For stage path: `base: '/Prod/docs/'` +- Using environment variable: `base: process.env.DOCS_BASE_PATH || '/docs/'` + +::: tip +The `base` value determines where the documentation site assets are served from. It should match your application's base path plus `/docs/`. +::: + +### Step 4: Build Frontend and Deploy CDK Changes + +After making configuration changes, you need to rebuild the frontend application before deploying: + +1. Navigate to the frontend directory and build the application: + +```bash +cd frontend +npm run build +cd .. +``` + +This will generate a production-optimized build of the web application with your updated configuration. + +2. Deploy your updated {{ $params.APPLICATION_NAME }} stack: ```bash cdk deploy --all @@ -82,7 +124,7 @@ This will update the application configuration to use your custom domain for: - API endpoint references in the frontend - Session management -### Step 4: Create API Gateway Custom Domain +### Step 5: Create API Gateway Custom Domain After deploying the CDK changes, you must manually configure the API Gateway custom domain and API mapping. @@ -94,7 +136,7 @@ After deploying the CDK changes, you must manually configure the API Gateway cus 4. Configure the custom domain: - **Domain name**: Enter your domain (e.g., `mlspace.mycompany.com`) - **Endpoint type**: Choose **Regional** (recommended) or **Edge optimized** - - **ACM certificate**: Select your SSL/TLS certificate from the dropdown + - **Certificate**: Select your SSL/TLS certificate from the dropdown (e.g., from ACM or imported certificate) - **Security policy**: Choose **TLS 1.2** (recommended) 5. Click **Create domain name** 6. Note the **API Gateway domain name** (e.g., `d-abc123xyz.execute-api.us-east-1.amazonaws.com`) - you'll need this for DNS configuration @@ -113,8 +155,10 @@ After deploying the CDK changes, you must manually configure the API Gateway cus #### Using AWS CLI +The following example uses an ACM certificate, but you can use any valid certificate method supported by API Gateway: + ```bash -# Create custom domain +# Create custom domain (example using ACM certificate) aws apigateway create-domain-name \ --domain-name mlspace.mycompany.com \ --regional-certificate-arn arn:aws:acm:us-east-1:123456789012:certificate/abc-123 \ @@ -129,7 +173,7 @@ aws apigateway create-base-path-mapping \ --base-path '' # Leave empty for root path, or use 'Prod' for /Prod path ``` -### Step 5: Configure DNS +### Step 6: Configure DNS Create a DNS record pointing your custom domain to the API Gateway domain name: @@ -171,7 +215,7 @@ If using Route 53, you can create an A record with an alias: - **API Gateway endpoint**: Select your custom domain 5. Click **Create records** -### Step 6: Verify Configuration +### Step 7: Verify Configuration 1. Wait for DNS propagation (typically 5-15 minutes, but can take up to 48 hours) @@ -197,12 +241,14 @@ https://mlspace.mycompany.com ### Certificate Validation Errors -**Problem**: API Gateway cannot validate your ACM certificate. +**Problem**: API Gateway cannot validate your certificate. **Solution**: - Ensure the certificate is in the correct region (us-east-1 for edge-optimized, same region as API for regional) -- Verify the certificate status is "Issued" in ACM +- Verify the certificate status is valid and issued - Check that the certificate covers your domain (wildcard certificates like `*.mycompany.com` work for subdomains) +- If using ACM, ensure the certificate status shows as "Issued" +- If using an imported certificate, verify it's properly formatted and includes the full certificate chain ### DNS Not Resolving diff --git a/frontend/docs/admin-guide/custom-synthesizer.md b/frontend/docs/admin-guide/custom-synthesizer.md new file mode 100644 index 00000000..efdaa6f6 --- /dev/null +++ b/frontend/docs/admin-guide/custom-synthesizer.md @@ -0,0 +1,600 @@ +--- +outline: deep +--- + +# Custom CDK Synthesizer Configuration + +This guide explains how to configure custom CDK synthesizers for {{ $params.APPLICATION_NAME }} deployments, with a focus on using custom IAM roles and choosing the right synthesizer for your environment. + +## Overview + +The CDK synthesizer controls how CloudFormation templates are generated and how assets (Lambda code, Docker images, etc.) are published to AWS. By default, {{ $params.APPLICATION_NAME }} uses the standard CDK bootstrap configuration, but you can customize this behavior through the `synthesizer` section in `cdk.json`. + +Custom synthesizers are particularly useful when: +- Your organization requires specific IAM roles for deployments +- You need to use custom S3 buckets or ECR repositories +- You're deploying in environments with strict security policies +- You need to integrate with existing CI/CD pipelines +- You're working in air-gapped or restricted environments + +## Configuration Location + +All synthesizer configuration is managed in the `cdk.json` file at the root of the {{ $params.APPLICATION_NAME }} repository: + +```json +{ + "synthesizer": { + "type": "default" + } +} +``` + +## Choosing a Synthesizer Type + +### DefaultStackSynthesizer (Recommended) + +The default synthesizer works with CDK bootstrap and provides the most flexibility. + +**Use when:** +- You can run `cdk bootstrap` in your target account +- You need fine-grained control over IAM roles +- You want to use custom asset buckets or repositories +- You're deploying in a standard AWS environment + +**Basic configuration:** +```json +{ + "synthesizer": { + "type": "default" + } +} +``` + +### CliCredentialsStackSynthesizer + +Uses your CLI credentials directly without requiring CDK bootstrap. + +**Use when:** +- You cannot or don't want to run `cdk bootstrap` +- You're doing quick prototypes or demos +- You have full admin access via CLI credentials +- You want to manage asset buckets manually + +**Configuration:** +```json +{ + "synthesizer": { + "type": "cli", + "fileAssetsBucketName": "my-deployment-bucket-${AWS::AccountId}" + } +} +``` + +**Note:** You must manually create the S3 bucket and ECR repository before deployment. + +### LegacyStackSynthesizer + +Backward compatibility with older CDK versions (pre-bootstrap). + +**Use when:** +- Migrating from very old CDK versions +- You have existing deployments using the legacy synthesizer + +**Configuration:** +```json +{ + "synthesizer": { + "type": "legacy" + } +} +``` + +**Warning:** Limited support for large assets. Not recommended for new deployments. + +## Using Custom IAM Roles + +### Why Use Custom Roles? + +Organizations often require: +- Specific naming conventions for IAM roles +- Custom permission boundaries +- Integration with existing deployment roles +- Compliance with security policies that restrict role creation +- Separation of duties between deployment operations + +### Configuring Custom Roles + +The `DefaultStackSynthesizer` supports specifying custom IAM roles for different deployment operations: + +```json +{ + "synthesizer": { + "type": "default", + "cloudFormationExecutionRole": "arn:aws:iam::123456789012:role/MLSpaceCFNExecutionRole", + "deployRoleArn": "arn:aws:iam::123456789012:role/MLSpaceDeployRole", + "fileAssetPublishingRoleArn": "arn:aws:iam::123456789012:role/MLSpaceFilePublishRole", + "imageAssetPublishingRoleArn": "arn:aws:iam::123456789012:role/MLSpaceImagePublishRole", + "lookupRoleArn": "arn:aws:iam::123456789012:role/MLSpaceLookupRole" + } +} +``` + +### Role Descriptions + +#### CloudFormation Execution Role +**Parameter:** `cloudFormationExecutionRole` + +This role is assumed by CloudFormation to create, update, and delete stack resources. + +**Required Permissions:** +- Full permissions to create/modify/delete all {{ $params.APPLICATION_NAME }} resources (VPC, Lambda, API Gateway, DynamoDB, S3, IAM, KMS, etc.) +- Trust relationship allowing CloudFormation service to assume the role + +**Example Trust Policy:** +```json +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "Service": "cloudformation.amazonaws.com" + }, + "Action": "sts:AssumeRole" + } + ] +} +``` + +#### Deploy Role +**Parameter:** `deployRoleArn` + +This role is assumed by the CDK CLI to initiate deployments and manage CloudFormation stacks. + +**Required Permissions:** +- CloudFormation stack operations (CreateStack, UpdateStack, DeleteStack, DescribeStacks, etc.) +- S3 access to read CloudFormation templates +- Permission to pass the CloudFormation execution role +- SSM parameter access for bootstrap version checking + +**Example Policy Statements:** +```json +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "cloudformation:CreateStack", + "cloudformation:UpdateStack", + "cloudformation:DeleteStack", + "cloudformation:DescribeStacks", + "cloudformation:DescribeStackEvents", + "cloudformation:GetTemplate" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": "iam:PassRole", + "Resource": "arn:aws:iam::123456789012:role/MLSpaceCFNExecutionRole" + }, + { + "Effect": "Allow", + "Action": [ + "s3:GetObject", + "s3:ListBucket" + ], + "Resource": [ + "arn:aws:s3:::cdk-*-assets-123456789012-us-east-1", + "arn:aws:s3:::cdk-*-assets-123456789012-us-east-1/*" + ] + } + ] +} +``` + +#### File Asset Publishing Role +**Parameter:** `fileAssetPublishingRoleArn` + +This role is used to upload file assets (Lambda code, configuration files) to S3. + +**Required Permissions:** +- S3 PutObject and GetObject on the asset bucket +- KMS encrypt/decrypt if using encrypted buckets + +**Example Policy:** +```json +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "s3:PutObject", + "s3:GetObject", + "s3:ListBucket" + ], + "Resource": [ + "arn:aws:s3:::cdk-*-assets-123456789012-us-east-1", + "arn:aws:s3:::cdk-*-assets-123456789012-us-east-1/*" + ] + } + ] +} +``` + +#### Image Asset Publishing Role +**Parameter:** `imageAssetPublishingRoleArn` + +This role is used to push Docker images to ECR (if your deployment uses container-based Lambda functions or custom images). + +**Required Permissions:** +- ECR repository operations (PutImage, InitiateLayerUpload, UploadLayerPart, CompleteLayerUpload) +- ECR authentication (GetAuthorizationToken) + +**Example Policy:** +```json +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "ecr:PutImage", + "ecr:InitiateLayerUpload", + "ecr:UploadLayerPart", + "ecr:CompleteLayerUpload", + "ecr:BatchCheckLayerAvailability", + "ecr:GetDownloadUrlForLayer", + "ecr:BatchGetImage" + ], + "Resource": "arn:aws:ecr:us-east-1:123456789012:repository/cdk-*-container-assets-*" + }, + { + "Effect": "Allow", + "Action": "ecr:GetAuthorizationToken", + "Resource": "*" + } + ] +} +``` + +#### Lookup Role +**Parameter:** `lookupRoleArn` + +This role is used during synthesis to look up context values (VPCs, availability zones, AMIs, etc.). + +**Required Permissions:** +- Read-only access to EC2, VPC, and other services for context lookups +- SSM parameter read access + +**Example Policy:** +```json +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "ec2:DescribeVpcs", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeImages", + "ssm:GetParameter" + ], + "Resource": "*" + } + ] +} +``` + +## Custom Asset Buckets and Repositories + +### Using Custom S3 Buckets + +If your organization requires using specific S3 buckets for CDK assets: + +```json +{ + "synthesizer": { + "type": "default", + "fileAssetsBucketName": "my-org-cdk-assets-${AWS::AccountId}-${AWS::Region}", + "bucketPrefix": "mlspace/" + } +} +``` + +**Important Notes:** +- The bucket must exist before deployment +- The bucket must be in the same region as your deployment +- You can use CloudFormation pseudo-parameters like `${AWS::AccountId}` and `${AWS::Region}` +- Ensure your file asset publishing role has access to this bucket + +### Using Custom ECR Repositories + +For custom Docker image repositories: + +```json +{ + "synthesizer": { + "type": "default", + "imageAssetsRepositoryName": "my-org-cdk-images", + "dockerTagPrefix": "mlspace-" + } +} +``` + +## Complete Configuration Examples + +### Example 1: Using Pre-Existing Custom Roles + +Most common scenario for enterprise deployments: + +```json +{ + "synthesizer": { + "type": "default", + "cloudFormationExecutionRole": "arn:aws:iam::123456789012:role/MLSpace-CFN-Execution", + "deployRoleArn": "arn:aws:iam::123456789012:role/MLSpace-Deploy", + "fileAssetPublishingRoleArn": "arn:aws:iam::123456789012:role/MLSpace-FilePublish", + "imageAssetPublishingRoleArn": "arn:aws:iam::123456789012:role/MLSpace-ImagePublish", + "lookupRoleArn": "arn:aws:iam::123456789012:role/MLSpace-Lookup" + } +} +``` + +### Example 2: CLI Synthesizer for Quick Deployments + +No bootstrap required, uses your CLI credentials: + +```json +{ + "synthesizer": { + "type": "cli", + "fileAssetsBucketName": "mlspace-deployment-assets-${AWS::AccountId}", + "bucketPrefix": "cdk-assets/" + } +} +``` + +**Before deploying:** +```bash +# Create the asset bucket +aws s3 mb s3://mlspace-deployment-assets-123456789012 + +# Enable versioning (recommended) +aws s3api put-bucket-versioning \ + --bucket mlspace-deployment-assets-123456789012 \ + --versioning-configuration Status=Enabled +``` + +### Example 3: Custom Roles with Custom Asset Locations + +Combining custom roles and custom buckets: + +```json +{ + "synthesizer": { + "type": "default", + "cloudFormationExecutionRole": "arn:aws:iam::123456789012:role/Enterprise-CFN-Execution", + "deployRoleArn": "arn:aws:iam::123456789012:role/Enterprise-Deploy", + "fileAssetPublishingRoleArn": "arn:aws:iam::123456789012:role/Enterprise-S3-Publisher", + "fileAssetsBucketName": "enterprise-cdk-assets-${AWS::AccountId}-${AWS::Region}", + "bucketPrefix": "mlspace/" + } +} +``` + +### Example 4: Air-Gapped Environment + +For restricted environments with limited internet access: + +```json +{ + "synthesizer": { + "type": "default", + "fileAssetsBucketName": "internal-cdk-assets-${AWS::AccountId}-${AWS::Region}", + "imageAssetsRepositoryName": "internal-cdk-images", + "generateBootstrapVersionRule": false + } +} +``` + +### Example 5: Using Custom Qualifier for Isolation + +When you need to isolate bootstrap resources (e.g., multiple teams in same account): + +```json +{ + "synthesizer": { + "type": "default", + "qualifier": "mlspace01" + } +} +``` + +**Bootstrap with custom qualifier:** +```bash +cdk bootstrap aws://123456789012/us-east-1 --qualifier mlspace01 +``` + +## Bootstrap Configuration + +### Standard Bootstrap + +For the default synthesizer with standard configuration: + +```bash +cdk bootstrap aws://ACCOUNT-ID/REGION +``` + +### Bootstrap with Custom Roles + +If you're using pre-existing custom roles: + +```bash +cdk bootstrap aws://123456789012/us-east-1 \ + --cloudformation-execution-policies arn:aws:iam::123456789012:policy/MLSpaceDeploymentPolicy \ + --trust 123456789012 \ + --trust-for-lookup 123456789012 +``` + +### Bootstrap with Custom Bucket + +To use an existing S3 bucket for assets: + +```bash +cdk bootstrap aws://123456789012/us-east-1 \ + --bootstrap-bucket-name my-org-cdk-assets-123456789012-us-east-1 +``` + +### No Bootstrap Required + +When using the CLI synthesizer, no bootstrap is needed. Just ensure your asset bucket exists. + +## Deployment Workflow + +### Using Default Synthesizer with Custom Roles + +**Step 1: Create Custom Roles** + +Create your custom IAM roles with the appropriate permissions as described above. + +**Step 2: Update cdk.json** + +```json +{ + "synthesizer": { + "type": "default", + "cloudFormationExecutionRole": "arn:aws:iam::123456789012:role/YourCFNRole", + "deployRoleArn": "arn:aws:iam::123456789012:role/YourDeployRole" + } +} +``` + +**Step 3: Bootstrap Environment** + +```bash +cdk bootstrap aws://ACCOUNT-ID/REGION +``` + +**Step 4: Deploy** + +```bash +cdk deploy --all +``` + +### Using CLI Synthesizer + +**Step 1: Create Asset Bucket** + +```bash +aws s3 mb s3://my-deployment-bucket-123456789012 +``` + +**Step 2: Update cdk.json** + +```json +{ + "synthesizer": { + "type": "cli", + "fileAssetsBucketName": "my-deployment-bucket-${AWS::AccountId}" + } +} +``` + +**Step 3: Deploy (No Bootstrap Needed)** + +```bash +cdk deploy --all +``` + +## Troubleshooting + +### Error: "Policy contains a statement with one or more invalid principals" + +**Cause:** The CloudFormation execution role doesn't exist or the ARN is incorrect. + +**Solution:** Verify the role exists and the ARN is correct in your `cdk.json`. + +### Error: "User is not authorized to perform: iam:PassRole" + +**Cause:** Your deploy role doesn't have permission to pass the CloudFormation execution role. + +**Solution:** Add an IAM policy to your deploy role: +```json +{ + "Effect": "Allow", + "Action": "iam:PassRole", + "Resource": "arn:aws:iam::123456789012:role/YourCFNExecutionRole" +} +``` + +### Error: "Access Denied" when uploading assets + +**Cause:** The file/image asset publishing role doesn't have S3/ECR permissions. + +**Solution:** Verify the publishing roles have the correct permissions to the asset bucket/repository. + +### Error: "Bootstrap stack version mismatch" + +**Cause:** The bootstrap stack version doesn't match the CDK version requirements. + +**Solution:** Update your bootstrap stack: +```bash +cdk bootstrap --force aws://ACCOUNT-ID/REGION +``` + +### Error: "Bucket does not exist" + +**Cause:** Custom asset bucket specified in configuration doesn't exist. + +**Solution:** Create the bucket before deployment or remove the `fileAssetsBucketName` parameter to use the default. + +## Comparison: When to Use Each Synthesizer + +| Feature | Default | CLI | Legacy | +|---------|---------|-----|--------| +| Requires Bootstrap | Yes | No | No | +| Custom Roles Support | Full | Limited | No | +| Custom Asset Locations | Yes | Yes | Limited | +| Large Asset Support | Excellent | Good | Poor | +| Security Controls | Excellent | Good | Basic | +| Setup Complexity | Medium | Low | Low | +| **Recommended For** | Production | Prototypes | Migration Only | + +## Security Best Practices + +1. **Principle of Least Privilege:** Grant only the minimum permissions required for each role. + +2. **Separate Roles:** Use different roles for different operations (deploy, publish, lookup) to limit blast radius. + +3. **Role Session Duration:** Configure appropriate session durations for your deployment roles. + +4. **MFA Requirements:** Consider requiring MFA for assuming deployment roles in production. + +5. **Audit Logging:** Enable CloudTrail logging for all role assumptions and API calls. + +6. **Permission Boundaries:** Use IAM permission boundaries to limit the maximum permissions of created roles. + +7. **Regular Reviews:** Periodically review and audit role permissions and usage. + +8. **Encryption:** Ensure asset buckets use KMS encryption and grant appropriate KMS permissions. + +## Additional Resources + +- [AWS CDK Bootstrapping Documentation](https://docs.aws.amazon.com/cdk/v2/guide/bootstrapping.html) +- [DefaultStackSynthesizer API Reference](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.DefaultStackSynthesizer.html) +- [CliCredentialsStackSynthesizer API Reference](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.CliCredentialsStackSynthesizer.html) +- [IAM Best Practices](https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html) +- [{{ $params.APPLICATION_NAME }} Security Considerations](./getting-started.md#security-considerations) + +## Support + +For issues or questions about custom synthesizer configuration: +1. Review the troubleshooting section above +2. Check CDK CLI output for detailed error messages +3. Verify IAM role permissions using the AWS IAM Policy Simulator +4. Consult the AWS CDK GitHub repository for known issues diff --git a/frontend/docs/admin-guide/install.md b/frontend/docs/admin-guide/install.md index 0b4ab603..acbe0037 100644 --- a/frontend/docs/admin-guide/install.md +++ b/frontend/docs/admin-guide/install.md @@ -1640,6 +1640,7 @@ Use the MLSpace Config Wizard by running `npm run config` and select "Advanced C | `AUTH_OIDC_VERIFY_SSL` | Whether to verify SSL certificates when making requests to the OIDC provider. Should be `true` in production | `true` | | `AUTH_OIDC_VERIFY_SIGNATURE` | Whether to verify OIDC token signatures. Should be `true` in production | `true` | | `AUTH_SESSION_TTL_HOURS` | The time-to-live (TTL) in hours for authentication sessions | `24` | +| `AUTH_KEY_VERSIONS_TO_KEEP` | Number of encryption key versions to retain during key rotation. Should be set such that `AUTH_KEY_VERSIONS_TO_KEEP × rotation_interval > AUTH_SESSION_TTL_HOURS` | `3` | | `AUTH_SYNC_DOMAINS` | **Not currently needed.** Reserved for future multi-domain cookie sync functionality | - | | `ADDITIONAL_LAMBDA_ENVIRONMENT_VARS` | A map of key-value pairs which will be set as environment variables on every {{ $params.APPLICATION_NAME }} lambda | `{}` | | `RESOURCE_TERMINATION_INTERVAL` | Interval (in minutes) to run the resource termination cleanup lambda | `60` | diff --git a/frontend/package-lock.json b/frontend/package-lock.json index ec7b65f8..47d82246 100644 --- a/frontend/package-lock.json +++ b/frontend/package-lock.json @@ -1,12 +1,12 @@ { "name": "@amzn/mlspace", - "version": "1.6.11", + "version": "1.7", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "@amzn/mlspace", - "version": "1.6.11", + "version": "1.7", "dependencies": { "@cloudscape-design/components": "^3.0.886", "@cloudscape-design/components-themeable": "^3.0.898", @@ -20,15 +20,15 @@ "@tiptap/pm": "^2.11.5", "@tiptap/react": "^2.11.5", "@tiptap/starter-kit": "^2.11.5", - "@uiw/react-markdown-preview": "^5.1.3", + "@uiw/react-markdown-preview": "^5.1.5", "ace-builds": "^1.37.5", "axios": "^1.7.9", "git-repo-info": "^2.1.1", "jest-mock-axios": "^4.8.0", - "lodash": "4.17.21", + "js-yaml": "^4.1.1", + "lodash": "^4.17.23", "react": "^18.3.1", "react-dom": "^18.3.1", - "react-oidc-context": "^2.4.0", "react-redux": "^8.1.3", "react-router-dom": "^6.29.0", "redux-persist": "^6.0.0", @@ -59,8 +59,8 @@ "react-scripts": "5.0.1", "redux-mock-store": "^1.5.5", "typescript": "^4.9.5", - "vitepress": "^1.6.3", - "vitepress-plugin-tabs": "^0.5.0" + "vitepress": "^1.6.4", + "vitepress-plugin-tabs": "^0.7.3" } }, "node_modules/@adobe/css-tools": { @@ -11387,13 +11387,6 @@ "node": ">= 8" } }, - "node_modules/crypto-js": { - "version": "4.2.0", - "resolved": "https://registry.npmjs.org/crypto-js/-/crypto-js-4.2.0.tgz", - "integrity": "sha512-KALDyEYgpY+Rlob/iriUtjV6d5Eq+Y191A5g4UqLAi8CyGP9N1+FdVbkc1SxKc2r4YAYqG8JzO2KGL+AizD70Q==", - "license": "MIT", - "peer": true - }, "node_modules/crypto-random-string": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/crypto-random-string/-/crypto-random-string-2.0.0.tgz", @@ -20467,7 +20460,6 @@ "version": "4.1.1", "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz", "integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==", - "dev": true, "license": "MIT", "dependencies": { "argparse": "^2.0.1" @@ -20734,13 +20726,6 @@ "node": ">=4.0" } }, - "node_modules/jwt-decode": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/jwt-decode/-/jwt-decode-3.1.2.tgz", - "integrity": "sha512-UfpWE/VZn0iP50d8cz9NrZLM9lSWhcJ+0Gt/nm4by88UL+J1SiKN8/5dkjMmbEzwL2CAe+67GsegCbIKtbp75A==", - "license": "MIT", - "peer": true - }, "node_modules/keyv": { "version": "4.5.4", "resolved": "https://registry.npmjs.org/keyv/-/keyv-4.5.4.tgz", @@ -21184,9 +21169,9 @@ } }, "node_modules/lodash": { - "version": "4.17.21", - "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", - "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==", + "version": "4.17.23", + "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.23.tgz", + "integrity": "sha512-LgVTMpQtIopCi79SJeDiP0TfWi5CNEc/L/aRdTh3yIvmZXTnheWpKjSZhnvMl8iXbC1tFg9gdHHDMLoV7CnG+w==", "license": "MIT" }, "node_modules/lodash.camelcase": { @@ -22972,20 +22957,6 @@ "dev": true, "license": "MIT" }, - "node_modules/oidc-client-ts": { - "version": "2.5.0", - "resolved": "https://registry.npmjs.org/oidc-client-ts/-/oidc-client-ts-2.5.0.tgz", - "integrity": "sha512-JZ/Sp+AoML4sBWCn8ShAjnIMKx3GXwU/8sQY2btRPOUS8kBZltC2dFqOdN5Mimc4g7oVGSTC/bVDBviYcuud9g==", - "license": "Apache-2.0", - "peer": true, - "dependencies": { - "crypto-js": "^4.2.0", - "jwt-decode": "^3.1.2" - }, - "engines": { - "node": ">=12.13.0" - } - }, "node_modules/on-finished": { "version": "2.4.1", "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz", @@ -25921,19 +25892,6 @@ "react": ">=18" } }, - "node_modules/react-oidc-context": { - "version": "2.4.0", - "resolved": "https://registry.npmjs.org/react-oidc-context/-/react-oidc-context-2.4.0.tgz", - "integrity": "sha512-7xbEXlBBlWBQfdSibjeA7jC5w1oKTvZVAodd9A+fmqDRt4bD+gGODWgGT8dX+a0S96Vfo7lzIrEBP7eZCFkwWw==", - "license": "MIT", - "engines": { - "node": ">=12.13.0" - }, - "peerDependencies": { - "oidc-client-ts": "^2.4.1", - "react": ">=16.8.0" - } - }, "node_modules/react-redux": { "version": "8.1.3", "resolved": "https://registry.npmjs.org/react-redux/-/react-redux-8.1.3.tgz", @@ -31315,14 +31273,14 @@ } }, "node_modules/vitepress-plugin-tabs": { - "version": "0.5.0", - "resolved": "https://registry.npmjs.org/vitepress-plugin-tabs/-/vitepress-plugin-tabs-0.5.0.tgz", - "integrity": "sha512-SIhFWwGsUkTByfc2b279ray/E0Jt8vDTsM1LiHxmCOBAEMmvzIBZSuYYT1DpdDTiS3SuJieBheJkYnwCq/yD9A==", + "version": "0.7.3", + "resolved": "https://registry.npmjs.org/vitepress-plugin-tabs/-/vitepress-plugin-tabs-0.7.3.tgz", + "integrity": "sha512-CkUz49UrTLcVOszuiHIA7ZBvfsg9RluRkFjRG1KvCg/NwuOTLZwcBRv7vBB3vMlDp0bWXIFOIwdI7bE93cV3Hw==", "dev": true, "license": "MIT", "peerDependencies": { - "vitepress": "^1.0.0-rc.27", - "vue": "^3.3.8" + "vitepress": "^1.0.0", + "vue": "^3.5.0" } }, "node_modules/vitepress/node_modules/@types/node": { diff --git a/frontend/package.json b/frontend/package.json index 95845d4c..f957ae39 100644 --- a/frontend/package.json +++ b/frontend/package.json @@ -18,12 +18,13 @@ "@tiptap/pm": "^2.11.5", "@tiptap/react": "^2.11.5", "@tiptap/starter-kit": "^2.11.5", - "@uiw/react-markdown-preview": "^5.1.3", + "@uiw/react-markdown-preview": "^5.1.5", "ace-builds": "^1.37.5", "axios": "^1.7.9", "git-repo-info": "^2.1.1", "jest-mock-axios": "^4.8.0", - "lodash": "4.17.21", + "js-yaml": "^4.1.1", + "lodash": "^4.17.23", "react": "^18.3.1", "react-dom": "^18.3.1", "react-redux": "^8.1.3", @@ -83,8 +84,8 @@ "react-scripts": "5.0.1", "redux-mock-store": "^1.5.5", "typescript": "^4.9.5", - "vitepress": "^1.6.3", - "vitepress-plugin-tabs": "^0.5.0" + "vitepress": "^1.6.4", + "vitepress-plugin-tabs": "^0.7.3" }, "overrides": { "react-scripts": { diff --git a/frontend/src/contexts/AuthContext.tsx b/frontend/src/contexts/AuthContext.tsx index 5aa84253..15556cdb 100644 --- a/frontend/src/contexts/AuthContext.tsx +++ b/frontend/src/contexts/AuthContext.tsx @@ -123,7 +123,6 @@ export const AuthProvider: React.FC = ({ const checkAuthStatusRef = useRef<() => void>(); const checkAuthStatus = useCallback(async () => { - console.log('checking auth status'); const wasAuthenticated = state.status === 'authenticated'; try { @@ -183,7 +182,6 @@ export const AuthProvider: React.FC = ({ // Periodic session validation useEffect(() => { - console.log('reset periodic refresh'); const interval = setInterval(checkAuthStatus, checkInterval); return () => clearInterval(interval); }, [checkInterval, checkAuthStatus]); diff --git a/lambda_dependencies/jwt/create.sh b/lambda_dependencies/jwt/create.sh deleted file mode 100644 index fbbc7231..00000000 --- a/lambda_dependencies/jwt/create.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash - -set -e - -mkdir -p /asset-output/python -pushd /asset-output/python - -python3 -m pip install --no-deps pyjwt -t . \ No newline at end of file diff --git a/lib/constants.ts b/lib/constants.ts index 5e29e022..01eefab1 100644 --- a/lib/constants.ts +++ b/lib/constants.ts @@ -142,6 +142,7 @@ export const AUTH_SESSION_TTL_HOURS = 24; // Session duration in hours // Encryption configuration export const AUTH_TOKEN_ENCRYPTION_KEY_SECRET_NAME = 'mlspace/auth/token-encryption-keys'; // Versioned secret for token encryption keys (rotatable) export const AUTH_STATE_ENCRYPTION_KEY_SECRET_NAME = 'mlspace/auth/state-encryption-key'; // Simple secret for state encryption key (deploy-time generated) +export const AUTH_KEY_VERSIONS_TO_KEEP = 3; // Number of key versions to retain during rotation // Legacy OIDC configuration (deprecated - maintained for backward compatibility during migration) // Use AUTH_OIDC_URL, AUTH_OIDC_CLIENT_ID, and other AUTH_* constants instead diff --git a/lib/constructs/api/authConstruct.ts b/lib/constructs/api/authConstruct.ts index 4ff6091d..f2b55a5b 100644 --- a/lib/constructs/api/authConstruct.ts +++ b/lib/constructs/api/authConstruct.ts @@ -46,6 +46,7 @@ export class AuthApiConstruct extends Construct { AUTH_SESSION_TTL_HOURS: props.mlspaceConfig.AUTH_SESSION_TTL_HOURS.toString(), AUTH_TOKEN_ENCRYPTION_KEY_SECRET_NAME: props.mlspaceConfig.AUTH_TOKEN_ENCRYPTION_KEY_SECRET_NAME, AUTH_STATE_ENCRYPTION_KEY_SECRET_NAME: props.mlspaceConfig.AUTH_STATE_ENCRYPTION_KEY_SECRET_NAME, + AUTH_KEY_VERSIONS_TO_KEEP: String(props.mlspaceConfig.AUTH_KEY_VERSIONS_TO_KEEP), NEW_USERS_SUSPENDED: props.mlspaceConfig.NEW_USERS_SUSPENDED ? 'True' : 'False', WEB_CUSTOM_DOMAIN_NAME: props.mlspaceConfig.WEB_CUSTOM_DOMAIN_NAME || '' }; diff --git a/lib/constructs/api/restApiConstruct.ts b/lib/constructs/api/restApiConstruct.ts index f12d96e6..7d2648ce 100644 --- a/lib/constructs/api/restApiConstruct.ts +++ b/lib/constructs/api/restApiConstruct.ts @@ -36,7 +36,6 @@ import { Bucket } from 'aws-cdk-lib/aws-s3'; import { BucketDeployment, Source } from 'aws-cdk-lib/aws-s3-deployment'; import { StringParameter } from 'aws-cdk-lib/aws-ssm'; import { ADCLambdaCABundleAspect } from '../../utils/adcCertBundleAspect'; -import { createLambdaLayer } from '../../utils/layers'; import { MLSpaceConfig } from '../../utils/configTypes'; import { Construct } from 'constructs'; @@ -235,7 +234,6 @@ export class RestApiConstruct extends Construct { } ); - const jwtDependencyLayer = createLambdaLayer(scope, 'jwt', undefined, props.mlspaceConfig.JWT_LAYER_PATH); // Get common layer based on arn from SSM due to issues with cross stack references const commonLambdaLayer = LayerVersion.fromLayerVersionArn( scope, @@ -253,7 +251,7 @@ export class RestApiConstruct extends Construct { timeout: Duration.seconds(30), memorySize: 512, role: props.mlSpaceAppRole, - layers: [jwtDependencyLayer.layerVersion, commonLambdaLayer], + layers: [commonLambdaLayer], environment: { AUTH_SESSION_TABLE_NAME: props.mlspaceConfig.AUTH_SESSION_TABLE_NAME, AUTH_TOKEN_ENCRYPTION_KEY_SECRET_NAME: props.mlspaceConfig.AUTH_TOKEN_ENCRYPTION_KEY_SECRET_NAME, diff --git a/lib/constructs/auth/authSecretsConstruct.ts b/lib/constructs/auth/authSecretsConstruct.ts index ea275ca0..01b82e93 100644 --- a/lib/constructs/auth/authSecretsConstruct.ts +++ b/lib/constructs/auth/authSecretsConstruct.ts @@ -97,6 +97,7 @@ export class AuthSecretsConstruct extends Construct { layers: props.layers, environment: { STATE_ENCRYPTION_SECRET_ARN: this.stateEncryptionSecret.secretArn, + AUTH_KEY_VERSIONS_TO_KEEP: String(props.config.AUTH_KEY_VERSIONS_TO_KEEP), }, vpc: props.vpc, securityGroups: props.securityGroups, @@ -138,6 +139,7 @@ export class AuthSecretsConstruct extends Construct { layers: props.layers, environment: { TOKEN_ENCRYPTION_SECRET_ARN: this.tokenEncryptionSecret.secretArn, + AUTH_KEY_VERSIONS_TO_KEEP: String(props.config.AUTH_KEY_VERSIONS_TO_KEEP), }, vpc: props.vpc, securityGroups: props.securityGroups, @@ -171,7 +173,7 @@ export class AuthSecretsConstruct extends Construct { * Create manual initialization functions for secrets. * These can be invoked on-demand to initialize secrets with proper key structures. */ - public createManualInitializationFunctions (): { stateInit: IFunction; tokenInit: IFunction } { + public createManualInitializationFunctions (config: MLSpaceConfig): { stateInit: IFunction; tokenInit: IFunction } { const stateInitFunction = new Function(this, 'ManualStateInitFunction', { runtime: Runtime.PYTHON_3_11, code: Code.fromAsset('backend/src'), @@ -180,6 +182,7 @@ export class AuthSecretsConstruct extends Construct { memorySize: 256, environment: { STATE_ENCRYPTION_SECRET_ARN: this.stateEncryptionSecret.secretArn, + AUTH_KEY_VERSIONS_TO_KEEP: String(config.AUTH_KEY_VERSIONS_TO_KEEP), }, }); @@ -191,6 +194,7 @@ export class AuthSecretsConstruct extends Construct { memorySize: 256, environment: { TOKEN_ENCRYPTION_SECRET_ARN: this.tokenEncryptionSecret.secretArn, + AUTH_KEY_VERSIONS_TO_KEEP: String(config.AUTH_KEY_VERSIONS_TO_KEEP), }, }); diff --git a/lib/utils/configTypes.ts b/lib/utils/configTypes.ts index 34ff44dc..067f06e0 100644 --- a/lib/utils/configTypes.ts +++ b/lib/utils/configTypes.ts @@ -33,6 +33,7 @@ import { AUTH_SESSION_TTL_HOURS, AUTH_STATE_ENCRYPTION_KEY_SECRET_NAME, AUTH_SYNC_DOMAINS, + AUTH_KEY_VERSIONS_TO_KEEP, AWS_ACCOUNT, AWS_REGION, BACKGROUND_REFRESH_INTERVAL, @@ -142,6 +143,7 @@ export type MLSpaceConfig = { AUTH_SESSION_TTL_HOURS: number, AUTH_TOKEN_ENCRYPTION_KEY_SECRET_NAME: string, AUTH_STATE_ENCRYPTION_KEY_SECRET_NAME: string, + AUTH_KEY_VERSIONS_TO_KEEP: number, // Other properties not handled in config.json SYSTEM_TAG: string, IAM_RESOURCE_PREFIX: string, @@ -250,6 +252,7 @@ export function generateConfig (accountId?: string) { AUTH_SESSION_TTL_HOURS: AUTH_SESSION_TTL_HOURS, AUTH_TOKEN_ENCRYPTION_KEY_SECRET_NAME: AUTH_TOKEN_ENCRYPTION_KEY_SECRET_NAME, AUTH_STATE_ENCRYPTION_KEY_SECRET_NAME: AUTH_STATE_ENCRYPTION_KEY_SECRET_NAME, + AUTH_KEY_VERSIONS_TO_KEEP: AUTH_KEY_VERSIONS_TO_KEEP, // Other properties not prompted for in config-helper SYSTEM_TAG: SYSTEM_TAG, IAM_RESOURCE_PREFIX: IAM_RESOURCE_PREFIX, diff --git a/package-lock.json b/package-lock.json index ce28bc14..7b2b9bb4 100644 --- a/package-lock.json +++ b/package-lock.json @@ -11,10 +11,11 @@ "dependencies": { "aws-cdk-lib": "^2.177.0", "fs-extra": "^11.3.0", + "js-yaml": "^4.1.1", "jsonschema": "^1.5.0" }, "devDependencies": { - "@aws-sdk/client-s3": "^3.741.0", + "@aws-sdk/client-s3": "^3.975.0", "@cdklabs/cdk-enterprise-iac": "^0.0.512", "@stylistic/eslint-plugin": "^1.8.1", "@types/aws-lambda": "8.10.119", @@ -91,6 +92,7 @@ "resolved": "https://registry.npmjs.org/@aws-crypto/crc32/-/crc32-5.2.0.tgz", "integrity": "sha512-nLbCWqQNgUiwwtFsen1AdzAtvuLRsQS8rYgMuxCrdKf9kOssamGLuPwyTY9wyYblNr9+1XM8v6zoDTPPSIeANg==", "dev": true, + "license": "Apache-2.0", "dependencies": { "@aws-crypto/util": "^5.2.0", "@aws-sdk/types": "^3.222.0", @@ -105,6 +107,7 @@ "resolved": "https://registry.npmjs.org/@aws-crypto/crc32c/-/crc32c-5.2.0.tgz", "integrity": "sha512-+iWb8qaHLYKrNvGRbiYRHSdKRWhto5XlZUEBwDjYNf+ly5SVYG6zEoYIdxvf5R3zyeP16w4PLBn3rH1xc74Rag==", "dev": true, + "license": "Apache-2.0", "dependencies": { "@aws-crypto/util": "^5.2.0", "@aws-sdk/types": "^3.222.0", @@ -168,6 +171,7 @@ "resolved": "https://registry.npmjs.org/@aws-crypto/sha256-browser/-/sha256-browser-5.2.0.tgz", "integrity": "sha512-AXfN/lGotSQwu6HNcEsIASo7kWXZ5HYWvfOmSNKDsEqC4OashTp8alTmaz+F7TC2L083SFv5RdB+qU3Vs1kZqw==", "dev": true, + "license": "Apache-2.0", "dependencies": { "@aws-crypto/sha256-js": "^5.2.0", "@aws-crypto/supports-web-crypto": "^5.2.0", @@ -183,6 +187,7 @@ "resolved": "https://registry.npmjs.org/@smithy/is-array-buffer/-/is-array-buffer-2.2.0.tgz", "integrity": "sha512-GGP3O9QFD24uGeAXYUjwSTXARoqpZykHadOmA8G5vfJPK0/DC67qa//0qvqrJzL1xc8WQWX7/yc7fwudjPHPhA==", "dev": true, + "license": "Apache-2.0", "dependencies": { "tslib": "^2.6.2" }, @@ -195,6 +200,7 @@ "resolved": "https://registry.npmjs.org/@smithy/util-buffer-from/-/util-buffer-from-2.2.0.tgz", "integrity": "sha512-IJdWBbTcMQ6DA0gdNhh/BwrLkDR+ADW5Kr1aZmd4k3DIF6ezMV4R2NIAmT08wQJ3yUK82thHWmC/TnK/wpMMIA==", "dev": true, + "license": "Apache-2.0", "dependencies": { "@smithy/is-array-buffer": "^2.2.0", "tslib": "^2.6.2" @@ -208,6 +214,7 @@ "resolved": "https://registry.npmjs.org/@smithy/util-utf8/-/util-utf8-2.3.0.tgz", "integrity": "sha512-R8Rdn8Hy72KKcebgLiv8jQcQkXoLMOGGv5uI1/k0l+snqkOzQ1R0ChUBCxWMlBsFMekWjq0wRudIweFs7sKT5A==", "dev": true, + "license": "Apache-2.0", "dependencies": { "@smithy/util-buffer-from": "^2.2.0", "tslib": "^2.6.2" @@ -221,6 +228,7 @@ "resolved": "https://registry.npmjs.org/@aws-crypto/sha256-js/-/sha256-js-5.2.0.tgz", "integrity": "sha512-FFQQyu7edu4ufvIZ+OadFpHHOt+eSTBaYaki44c+akjg7qZg9oOQeLlk77F6tSYqjDAFClrHJk9tMf0HdVyOvA==", "dev": true, + "license": "Apache-2.0", "dependencies": { "@aws-crypto/util": "^5.2.0", "@aws-sdk/types": "^3.222.0", @@ -289,590 +297,764 @@ } }, "node_modules/@aws-sdk/client-s3": { - "version": "3.741.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/client-s3/-/client-s3-3.741.0.tgz", - "integrity": "sha512-sZvdbRZ+E9/GcOMUOkZvYvob95N6c9LdzDneXHFASA7OIaEOQxQT1Arimz7JpEhfq/h9K2/j7wNO4jh4x80bmA==", + "version": "3.975.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/client-s3/-/client-s3-3.975.0.tgz", + "integrity": "sha512-aF1M/iMD29BPcpxjqoym0YFa4WR9Xie1/IhVumwOGH6TB45DaqYO7vLwantDBcYNRn/cZH6DFHksO7RmwTFBhw==", "dev": true, + "license": "Apache-2.0", "dependencies": { "@aws-crypto/sha1-browser": "5.2.0", "@aws-crypto/sha256-browser": "5.2.0", "@aws-crypto/sha256-js": "5.2.0", - "@aws-sdk/core": "3.734.0", - "@aws-sdk/credential-provider-node": "3.741.0", - "@aws-sdk/middleware-bucket-endpoint": "3.734.0", - "@aws-sdk/middleware-expect-continue": "3.734.0", - "@aws-sdk/middleware-flexible-checksums": "3.735.0", - "@aws-sdk/middleware-host-header": "3.734.0", - "@aws-sdk/middleware-location-constraint": "3.734.0", - "@aws-sdk/middleware-logger": "3.734.0", - "@aws-sdk/middleware-recursion-detection": "3.734.0", - "@aws-sdk/middleware-sdk-s3": "3.740.0", - "@aws-sdk/middleware-ssec": "3.734.0", - "@aws-sdk/middleware-user-agent": "3.734.0", - "@aws-sdk/region-config-resolver": "3.734.0", - "@aws-sdk/signature-v4-multi-region": "3.740.0", - "@aws-sdk/types": "3.734.0", - "@aws-sdk/util-endpoints": "3.734.0", - "@aws-sdk/util-user-agent-browser": "3.734.0", - "@aws-sdk/util-user-agent-node": "3.734.0", - "@aws-sdk/xml-builder": "3.734.0", - "@smithy/config-resolver": "^4.0.1", - "@smithy/core": "^3.1.1", - "@smithy/eventstream-serde-browser": "^4.0.1", - "@smithy/eventstream-serde-config-resolver": "^4.0.1", - "@smithy/eventstream-serde-node": "^4.0.1", - "@smithy/fetch-http-handler": "^5.0.1", - "@smithy/hash-blob-browser": "^4.0.1", - "@smithy/hash-node": "^4.0.1", - "@smithy/hash-stream-node": "^4.0.1", - "@smithy/invalid-dependency": "^4.0.1", - "@smithy/md5-js": "^4.0.1", - "@smithy/middleware-content-length": "^4.0.1", - "@smithy/middleware-endpoint": "^4.0.2", - "@smithy/middleware-retry": "^4.0.3", - "@smithy/middleware-serde": "^4.0.1", - "@smithy/middleware-stack": "^4.0.1", - "@smithy/node-config-provider": "^4.0.1", - "@smithy/node-http-handler": "^4.0.2", - "@smithy/protocol-http": "^5.0.1", - "@smithy/smithy-client": "^4.1.2", - "@smithy/types": "^4.1.0", - "@smithy/url-parser": "^4.0.1", - "@smithy/util-base64": "^4.0.0", - "@smithy/util-body-length-browser": "^4.0.0", - "@smithy/util-body-length-node": "^4.0.0", - "@smithy/util-defaults-mode-browser": "^4.0.3", - "@smithy/util-defaults-mode-node": "^4.0.3", - "@smithy/util-endpoints": "^3.0.1", - "@smithy/util-middleware": "^4.0.1", - "@smithy/util-retry": "^4.0.1", - "@smithy/util-stream": "^4.0.2", - "@smithy/util-utf8": "^4.0.0", - "@smithy/util-waiter": "^4.0.2", + "@aws-sdk/core": "^3.973.1", + "@aws-sdk/credential-provider-node": "^3.972.1", + "@aws-sdk/middleware-bucket-endpoint": "^3.972.1", + "@aws-sdk/middleware-expect-continue": "^3.972.1", + "@aws-sdk/middleware-flexible-checksums": "^3.972.1", + "@aws-sdk/middleware-host-header": "^3.972.1", + "@aws-sdk/middleware-location-constraint": "^3.972.1", + "@aws-sdk/middleware-logger": "^3.972.1", + "@aws-sdk/middleware-recursion-detection": "^3.972.1", + "@aws-sdk/middleware-sdk-s3": "^3.972.2", + "@aws-sdk/middleware-ssec": "^3.972.1", + "@aws-sdk/middleware-user-agent": "^3.972.2", + "@aws-sdk/region-config-resolver": "^3.972.1", + "@aws-sdk/signature-v4-multi-region": "3.972.0", + "@aws-sdk/types": "^3.973.0", + "@aws-sdk/util-endpoints": "3.972.0", + "@aws-sdk/util-user-agent-browser": "^3.972.1", + "@aws-sdk/util-user-agent-node": "^3.972.1", + "@smithy/config-resolver": "^4.4.6", + "@smithy/core": "^3.21.1", + "@smithy/eventstream-serde-browser": "^4.2.8", + "@smithy/eventstream-serde-config-resolver": "^4.3.8", + "@smithy/eventstream-serde-node": "^4.2.8", + "@smithy/fetch-http-handler": "^5.3.9", + "@smithy/hash-blob-browser": "^4.2.9", + "@smithy/hash-node": "^4.2.8", + "@smithy/hash-stream-node": "^4.2.8", + "@smithy/invalid-dependency": "^4.2.8", + "@smithy/md5-js": "^4.2.8", + "@smithy/middleware-content-length": "^4.2.8", + "@smithy/middleware-endpoint": "^4.4.11", + "@smithy/middleware-retry": "^4.4.27", + "@smithy/middleware-serde": "^4.2.9", + "@smithy/middleware-stack": "^4.2.8", + "@smithy/node-config-provider": "^4.3.8", + "@smithy/node-http-handler": "^4.4.8", + "@smithy/protocol-http": "^5.3.8", + "@smithy/smithy-client": "^4.10.12", + "@smithy/types": "^4.12.0", + "@smithy/url-parser": "^4.2.8", + "@smithy/util-base64": "^4.3.0", + "@smithy/util-body-length-browser": "^4.2.0", + "@smithy/util-body-length-node": "^4.2.1", + "@smithy/util-defaults-mode-browser": "^4.3.26", + "@smithy/util-defaults-mode-node": "^4.2.29", + "@smithy/util-endpoints": "^3.2.8", + "@smithy/util-middleware": "^4.2.8", + "@smithy/util-retry": "^4.2.8", + "@smithy/util-stream": "^4.5.10", + "@smithy/util-utf8": "^4.2.0", + "@smithy/util-waiter": "^4.2.8", "tslib": "^2.6.2" }, "engines": { - "node": ">=18.0.0" + "node": ">=20.0.0" } }, "node_modules/@aws-sdk/client-sso": { - "version": "3.734.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.734.0.tgz", - "integrity": "sha512-oerepp0mut9VlgTwnG5Ds/lb0C0b2/rQ+hL/rF6q+HGKPfGsCuPvFx1GtwGKCXd49ase88/jVgrhcA9OQbz3kg==", + "version": "3.975.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.975.0.tgz", + "integrity": "sha512-HpgJuleH7P6uILxzJKQOmlHdwaCY+xYC6VgRDzlwVEqU/HXjo4m2gOAyjUbpXlBOCWfGgMUzfBlNJ9z3MboqEQ==", "dev": true, + "license": "Apache-2.0", "dependencies": { "@aws-crypto/sha256-browser": "5.2.0", "@aws-crypto/sha256-js": "5.2.0", - "@aws-sdk/core": "3.734.0", - "@aws-sdk/middleware-host-header": "3.734.0", - "@aws-sdk/middleware-logger": "3.734.0", - "@aws-sdk/middleware-recursion-detection": "3.734.0", - "@aws-sdk/middleware-user-agent": "3.734.0", - "@aws-sdk/region-config-resolver": "3.734.0", - "@aws-sdk/types": "3.734.0", - "@aws-sdk/util-endpoints": "3.734.0", - "@aws-sdk/util-user-agent-browser": "3.734.0", - "@aws-sdk/util-user-agent-node": "3.734.0", - "@smithy/config-resolver": "^4.0.1", - "@smithy/core": "^3.1.1", - "@smithy/fetch-http-handler": "^5.0.1", - "@smithy/hash-node": "^4.0.1", - "@smithy/invalid-dependency": "^4.0.1", - "@smithy/middleware-content-length": "^4.0.1", - "@smithy/middleware-endpoint": "^4.0.2", - "@smithy/middleware-retry": "^4.0.3", - "@smithy/middleware-serde": "^4.0.1", - "@smithy/middleware-stack": "^4.0.1", - "@smithy/node-config-provider": "^4.0.1", - "@smithy/node-http-handler": "^4.0.2", - "@smithy/protocol-http": "^5.0.1", - "@smithy/smithy-client": "^4.1.2", - "@smithy/types": "^4.1.0", - "@smithy/url-parser": "^4.0.1", - "@smithy/util-base64": "^4.0.0", - "@smithy/util-body-length-browser": "^4.0.0", - "@smithy/util-body-length-node": "^4.0.0", - "@smithy/util-defaults-mode-browser": "^4.0.3", - "@smithy/util-defaults-mode-node": "^4.0.3", - "@smithy/util-endpoints": "^3.0.1", - "@smithy/util-middleware": "^4.0.1", - "@smithy/util-retry": "^4.0.1", - "@smithy/util-utf8": "^4.0.0", + "@aws-sdk/core": "^3.973.1", + "@aws-sdk/middleware-host-header": "^3.972.1", + "@aws-sdk/middleware-logger": "^3.972.1", + "@aws-sdk/middleware-recursion-detection": "^3.972.1", + "@aws-sdk/middleware-user-agent": "^3.972.2", + "@aws-sdk/region-config-resolver": "^3.972.1", + "@aws-sdk/types": "^3.973.0", + "@aws-sdk/util-endpoints": "3.972.0", + "@aws-sdk/util-user-agent-browser": "^3.972.1", + "@aws-sdk/util-user-agent-node": "^3.972.1", + "@smithy/config-resolver": "^4.4.6", + "@smithy/core": "^3.21.1", + "@smithy/fetch-http-handler": "^5.3.9", + "@smithy/hash-node": "^4.2.8", + "@smithy/invalid-dependency": "^4.2.8", + "@smithy/middleware-content-length": "^4.2.8", + "@smithy/middleware-endpoint": "^4.4.11", + "@smithy/middleware-retry": "^4.4.27", + "@smithy/middleware-serde": "^4.2.9", + "@smithy/middleware-stack": "^4.2.8", + "@smithy/node-config-provider": "^4.3.8", + "@smithy/node-http-handler": "^4.4.8", + "@smithy/protocol-http": "^5.3.8", + "@smithy/smithy-client": "^4.10.12", + "@smithy/types": "^4.12.0", + "@smithy/url-parser": "^4.2.8", + "@smithy/util-base64": "^4.3.0", + "@smithy/util-body-length-browser": "^4.2.0", + "@smithy/util-body-length-node": "^4.2.1", + "@smithy/util-defaults-mode-browser": "^4.3.26", + "@smithy/util-defaults-mode-node": "^4.2.29", + "@smithy/util-endpoints": "^3.2.8", + "@smithy/util-middleware": "^4.2.8", + "@smithy/util-retry": "^4.2.8", + "@smithy/util-utf8": "^4.2.0", "tslib": "^2.6.2" }, "engines": { - "node": ">=18.0.0" + "node": ">=20.0.0" } }, "node_modules/@aws-sdk/core": { - "version": "3.734.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.734.0.tgz", - "integrity": "sha512-SxnDqf3vobdm50OLyAKfqZetv6zzwnSqwIwd3jrbopxxHKqNIM/I0xcYjD6Tn+mPig+u7iRKb9q3QnEooFTlmg==", - "dev": true, - "dependencies": { - "@aws-sdk/types": "3.734.0", - "@smithy/core": "^3.1.1", - "@smithy/node-config-provider": "^4.0.1", - "@smithy/property-provider": "^4.0.1", - "@smithy/protocol-http": "^5.0.1", - "@smithy/signature-v4": "^5.0.1", - "@smithy/smithy-client": "^4.1.2", - "@smithy/types": "^4.1.0", - "@smithy/util-middleware": "^4.0.1", - "fast-xml-parser": "4.4.1", + "version": "3.973.2", + "resolved": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.973.2.tgz", + "integrity": "sha512-XwOjX86CNtmhO/Tx2vmNt1tT1yda045LXVm453w9crrkl7oyDEWV3ASg2xNi6hCPWbx1BXtLKJduQiGZnmHXrg==", + "dev": true, + "license": "Apache-2.0", + "dependencies": { + "@aws-sdk/types": "^3.973.1", + "@aws-sdk/xml-builder": "^3.972.2", + "@smithy/core": "^3.21.1", + "@smithy/node-config-provider": "^4.3.8", + "@smithy/property-provider": "^4.2.8", + "@smithy/protocol-http": "^5.3.8", + "@smithy/signature-v4": "^5.3.8", + "@smithy/smithy-client": "^4.10.12", + "@smithy/types": "^4.12.0", + "@smithy/util-base64": "^4.3.0", + "@smithy/util-middleware": "^4.2.8", + "@smithy/util-utf8": "^4.2.0", "tslib": "^2.6.2" }, "engines": { - "node": ">=18.0.0" + "node": ">=20.0.0" + } + }, + "node_modules/@aws-sdk/crc64-nvme": { + "version": "3.972.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/crc64-nvme/-/crc64-nvme-3.972.0.tgz", + "integrity": "sha512-ThlLhTqX68jvoIVv+pryOdb5coP1cX1/MaTbB9xkGDCbWbsqQcLqzPxuSoW1DCnAAIacmXCWpzUNOB9pv+xXQw==", + "dev": true, + "license": "Apache-2.0", + "dependencies": { + "@smithy/types": "^4.12.0", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=20.0.0" } }, "node_modules/@aws-sdk/credential-provider-env": { - "version": "3.734.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.734.0.tgz", - "integrity": "sha512-gtRkzYTGafnm1FPpiNO8VBmJrYMoxhDlGPYDVcijzx3DlF8dhWnowuSBCxLSi+MJMx5hvwrX2A+e/q0QAeHqmw==", + "version": "3.972.2", + "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.972.2.tgz", + "integrity": "sha512-wzH1EdrZsytG1xN9UHaK12J9+kfrnd2+c8y0LVoS4O4laEjPoie1qVK3k8/rZe7KOtvULzyMnO3FT4Krr9Z0Dg==", "dev": true, + "license": "Apache-2.0", "dependencies": { - "@aws-sdk/core": "3.734.0", - "@aws-sdk/types": "3.734.0", - "@smithy/property-provider": "^4.0.1", - "@smithy/types": "^4.1.0", + "@aws-sdk/core": "^3.973.2", + "@aws-sdk/types": "^3.973.1", + "@smithy/property-provider": "^4.2.8", + "@smithy/types": "^4.12.0", "tslib": "^2.6.2" }, "engines": { - "node": ">=18.0.0" + "node": ">=20.0.0" } }, "node_modules/@aws-sdk/credential-provider-http": { - "version": "3.734.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.734.0.tgz", - "integrity": "sha512-JFSL6xhONsq+hKM8xroIPhM5/FOhiQ1cov0lZxhzZWj6Ai3UAjucy3zyIFDr9MgP1KfCYNdvyaUq9/o+HWvEDg==", - "dev": true, - "dependencies": { - "@aws-sdk/core": "3.734.0", - "@aws-sdk/types": "3.734.0", - "@smithy/fetch-http-handler": "^5.0.1", - "@smithy/node-http-handler": "^4.0.2", - "@smithy/property-provider": "^4.0.1", - "@smithy/protocol-http": "^5.0.1", - "@smithy/smithy-client": "^4.1.2", - "@smithy/types": "^4.1.0", - "@smithy/util-stream": "^4.0.2", + "version": "3.972.3", + "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.972.3.tgz", + "integrity": "sha512-IbBGWhaxiEl64fznwh5PDEB0N7YJEAvK5b6nRtPVUKdKAHlOPgo6B9XB8mqWDs8Ct0oF/E34ZLiq2U0L5xDkrg==", + "dev": true, + "license": "Apache-2.0", + "dependencies": { + "@aws-sdk/core": "^3.973.2", + "@aws-sdk/types": "^3.973.1", + "@smithy/fetch-http-handler": "^5.3.9", + "@smithy/node-http-handler": "^4.4.8", + "@smithy/property-provider": "^4.2.8", + "@smithy/protocol-http": "^5.3.8", + "@smithy/smithy-client": "^4.10.12", + "@smithy/types": "^4.12.0", + "@smithy/util-stream": "^4.5.10", "tslib": "^2.6.2" }, "engines": { - "node": ">=18.0.0" + "node": ">=20.0.0" } }, "node_modules/@aws-sdk/credential-provider-ini": { - "version": "3.741.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.741.0.tgz", - "integrity": "sha512-/XvnVp6zZXsyUlP1FtmspcWnd+Z1u2WK0wwzTE/x277M0oIhAezCW79VmcY4jcDQbYH+qMbtnBexfwgFDARxQg==", - "dev": true, - "dependencies": { - "@aws-sdk/core": "3.734.0", - "@aws-sdk/credential-provider-env": "3.734.0", - "@aws-sdk/credential-provider-http": "3.734.0", - "@aws-sdk/credential-provider-process": "3.734.0", - "@aws-sdk/credential-provider-sso": "3.734.0", - "@aws-sdk/credential-provider-web-identity": "3.734.0", - "@aws-sdk/nested-clients": "3.734.0", - "@aws-sdk/types": "3.734.0", - "@smithy/credential-provider-imds": "^4.0.1", - "@smithy/property-provider": "^4.0.1", - "@smithy/shared-ini-file-loader": "^4.0.1", - "@smithy/types": "^4.1.0", + "version": "3.972.2", + "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.972.2.tgz", + "integrity": "sha512-Jrb8sLm6k8+L7520irBrvCtdLxNtrG7arIxe9TCeMJt/HxqMGJdbIjw8wILzkEHLMIi4MecF2FbXCln7OT1Tag==", + "dev": true, + "license": "Apache-2.0", + "dependencies": { + "@aws-sdk/core": "^3.973.2", + "@aws-sdk/credential-provider-env": "^3.972.2", + "@aws-sdk/credential-provider-http": "^3.972.3", + "@aws-sdk/credential-provider-login": "^3.972.2", + "@aws-sdk/credential-provider-process": "^3.972.2", + "@aws-sdk/credential-provider-sso": "^3.972.2", + "@aws-sdk/credential-provider-web-identity": "^3.972.2", + "@aws-sdk/nested-clients": "3.975.0", + "@aws-sdk/types": "^3.973.1", + "@smithy/credential-provider-imds": "^4.2.8", + "@smithy/property-provider": "^4.2.8", + "@smithy/shared-ini-file-loader": "^4.4.3", + "@smithy/types": "^4.12.0", "tslib": "^2.6.2" }, "engines": { - "node": ">=18.0.0" + "node": ">=20.0.0" + } + }, + "node_modules/@aws-sdk/credential-provider-login": { + "version": "3.972.2", + "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-login/-/credential-provider-login-3.972.2.tgz", + "integrity": "sha512-mlaw2aiI3DrimW85ZMn3g7qrtHueidS58IGytZ+mbFpsYLK5wMjCAKZQtt7VatLMtSBG/dn/EY4njbnYXIDKeQ==", + "dev": true, + "license": "Apache-2.0", + "dependencies": { + "@aws-sdk/core": "^3.973.2", + "@aws-sdk/nested-clients": "3.975.0", + "@aws-sdk/types": "^3.973.1", + "@smithy/property-provider": "^4.2.8", + "@smithy/protocol-http": "^5.3.8", + "@smithy/shared-ini-file-loader": "^4.4.3", + "@smithy/types": "^4.12.0", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=20.0.0" } }, "node_modules/@aws-sdk/credential-provider-node": { - "version": "3.741.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.741.0.tgz", - "integrity": "sha512-iz/puK9CZZkZjrKXX2W+PaiewHtlcD7RKUIsw4YHFyb8lrOt7yTYpM6VjeI+T//1sozjymmAnnp1SST9TXApLQ==", - "dev": true, - "dependencies": { - "@aws-sdk/credential-provider-env": "3.734.0", - "@aws-sdk/credential-provider-http": "3.734.0", - "@aws-sdk/credential-provider-ini": "3.741.0", - "@aws-sdk/credential-provider-process": "3.734.0", - "@aws-sdk/credential-provider-sso": "3.734.0", - "@aws-sdk/credential-provider-web-identity": "3.734.0", - "@aws-sdk/types": "3.734.0", - "@smithy/credential-provider-imds": "^4.0.1", - "@smithy/property-provider": "^4.0.1", - "@smithy/shared-ini-file-loader": "^4.0.1", - "@smithy/types": "^4.1.0", + "version": "3.972.2", + "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.972.2.tgz", + "integrity": "sha512-Lz1J5IZdTjLYTVIcDP5DVDgi1xlgsF3p1cnvmbfKbjCRhQpftN2e2J4NFfRRvPD54W9+bZ8l5VipPXtTYK7aEg==", + "dev": true, + "license": "Apache-2.0", + "dependencies": { + "@aws-sdk/credential-provider-env": "^3.972.2", + "@aws-sdk/credential-provider-http": "^3.972.3", + "@aws-sdk/credential-provider-ini": "^3.972.2", + "@aws-sdk/credential-provider-process": "^3.972.2", + "@aws-sdk/credential-provider-sso": "^3.972.2", + "@aws-sdk/credential-provider-web-identity": "^3.972.2", + "@aws-sdk/types": "^3.973.1", + "@smithy/credential-provider-imds": "^4.2.8", + "@smithy/property-provider": "^4.2.8", + "@smithy/shared-ini-file-loader": "^4.4.3", + "@smithy/types": "^4.12.0", "tslib": "^2.6.2" }, "engines": { - "node": ">=18.0.0" + "node": ">=20.0.0" } }, "node_modules/@aws-sdk/credential-provider-process": { - "version": "3.734.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.734.0.tgz", - "integrity": "sha512-zvjsUo+bkYn2vjT+EtLWu3eD6me+uun+Hws1IyWej/fKFAqiBPwyeyCgU7qjkiPQSXqk1U9+/HG9IQ6Iiz+eBw==", + "version": "3.972.2", + "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.972.2.tgz", + "integrity": "sha512-NLKLTT7jnUe9GpQAVkPTJO+cs2FjlQDt5fArIYS7h/Iw/CvamzgGYGFRVD2SE05nOHCMwafUSi42If8esGFV+g==", "dev": true, + "license": "Apache-2.0", "dependencies": { - "@aws-sdk/core": "3.734.0", - "@aws-sdk/types": "3.734.0", - "@smithy/property-provider": "^4.0.1", - "@smithy/shared-ini-file-loader": "^4.0.1", - "@smithy/types": "^4.1.0", + "@aws-sdk/core": "^3.973.2", + "@aws-sdk/types": "^3.973.1", + "@smithy/property-provider": "^4.2.8", + "@smithy/shared-ini-file-loader": "^4.4.3", + "@smithy/types": "^4.12.0", "tslib": "^2.6.2" }, "engines": { - "node": ">=18.0.0" + "node": ">=20.0.0" } }, "node_modules/@aws-sdk/credential-provider-sso": { - "version": "3.734.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.734.0.tgz", - "integrity": "sha512-cCwwcgUBJOsV/ddyh1OGb4gKYWEaTeTsqaAK19hiNINfYV/DO9r4RMlnWAo84sSBfJuj9shUNsxzyoe6K7R92Q==", - "dev": true, - "dependencies": { - "@aws-sdk/client-sso": "3.734.0", - "@aws-sdk/core": "3.734.0", - "@aws-sdk/token-providers": "3.734.0", - "@aws-sdk/types": "3.734.0", - "@smithy/property-provider": "^4.0.1", - "@smithy/shared-ini-file-loader": "^4.0.1", - "@smithy/types": "^4.1.0", + "version": "3.972.2", + "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.972.2.tgz", + "integrity": "sha512-YpwDn8g3gCGUl61cCV0sRxP2pFIwg+ZsMfWQ/GalSyjXtRkctCMFA+u0yPb/Q4uTfNEiya1Y4nm0C5rIHyPW5Q==", + "dev": true, + "license": "Apache-2.0", + "dependencies": { + "@aws-sdk/client-sso": "3.975.0", + "@aws-sdk/core": "^3.973.2", + "@aws-sdk/token-providers": "3.975.0", + "@aws-sdk/types": "^3.973.1", + "@smithy/property-provider": "^4.2.8", + "@smithy/shared-ini-file-loader": "^4.4.3", + "@smithy/types": "^4.12.0", "tslib": "^2.6.2" }, "engines": { - "node": ">=18.0.0" + "node": ">=20.0.0" } }, "node_modules/@aws-sdk/credential-provider-web-identity": { - "version": "3.734.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.734.0.tgz", - "integrity": "sha512-t4OSOerc+ppK541/Iyn1AS40+2vT/qE+MFMotFkhCgCJbApeRF2ozEdnDN6tGmnl4ybcUuxnp9JWLjwDVlR/4g==", + "version": "3.972.2", + "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.972.2.tgz", + "integrity": "sha512-x9DAiN9Qz+NjJ99ltDiVQ8d511M/tuF/9MFbe2jUgo7HZhD6+x4S3iT1YcP07ndwDUjmzKGmeOEgE24k4qvfdg==", "dev": true, + "license": "Apache-2.0", "dependencies": { - "@aws-sdk/core": "3.734.0", - "@aws-sdk/nested-clients": "3.734.0", - "@aws-sdk/types": "3.734.0", - "@smithy/property-provider": "^4.0.1", - "@smithy/types": "^4.1.0", + "@aws-sdk/core": "^3.973.2", + "@aws-sdk/nested-clients": "3.975.0", + "@aws-sdk/types": "^3.973.1", + "@smithy/property-provider": "^4.2.8", + "@smithy/shared-ini-file-loader": "^4.4.3", + "@smithy/types": "^4.12.0", "tslib": "^2.6.2" }, "engines": { - "node": ">=18.0.0" + "node": ">=20.0.0" } }, "node_modules/@aws-sdk/middleware-bucket-endpoint": { - "version": "3.734.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-bucket-endpoint/-/middleware-bucket-endpoint-3.734.0.tgz", - "integrity": "sha512-etC7G18aF7KdZguW27GE/wpbrNmYLVT755EsFc8kXpZj8D6AFKxc7OuveinJmiy0bYXAMspJUWsF6CrGpOw6CQ==", + "version": "3.972.2", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-bucket-endpoint/-/middleware-bucket-endpoint-3.972.2.tgz", + "integrity": "sha512-ofuXBnitp9j8t05O4NQVrpMZDECPtUhRIWdLzR35baR5njOIPY7YqNtJE+yELVpSn2m4jt2sV1ezYMBY4/Lo+w==", "dev": true, + "license": "Apache-2.0", "dependencies": { - "@aws-sdk/types": "3.734.0", - "@aws-sdk/util-arn-parser": "3.723.0", - "@smithy/node-config-provider": "^4.0.1", - "@smithy/protocol-http": "^5.0.1", - "@smithy/types": "^4.1.0", - "@smithy/util-config-provider": "^4.0.0", + "@aws-sdk/types": "^3.973.1", + "@aws-sdk/util-arn-parser": "^3.972.2", + "@smithy/node-config-provider": "^4.3.8", + "@smithy/protocol-http": "^5.3.8", + "@smithy/types": "^4.12.0", + "@smithy/util-config-provider": "^4.2.0", "tslib": "^2.6.2" }, "engines": { - "node": ">=18.0.0" + "node": ">=20.0.0" } }, "node_modules/@aws-sdk/middleware-expect-continue": { - "version": "3.734.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-expect-continue/-/middleware-expect-continue-3.734.0.tgz", - "integrity": "sha512-P38/v1l6HjuB2aFUewt7ueAW5IvKkFcv5dalPtbMGRhLeyivBOHwbCyuRKgVs7z7ClTpu9EaViEGki2jEQqEsQ==", + "version": "3.972.2", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-expect-continue/-/middleware-expect-continue-3.972.2.tgz", + "integrity": "sha512-d9bBQlGk1T5j5rWfof20M2tErddOSoSLDauP2/yyuXfeOfQRCSBUZNrApSxjJ9Hw+/RDGR/XL+LEOqmXxSlV3A==", "dev": true, + "license": "Apache-2.0", "dependencies": { - "@aws-sdk/types": "3.734.0", - "@smithy/protocol-http": "^5.0.1", - "@smithy/types": "^4.1.0", + "@aws-sdk/types": "^3.973.1", + "@smithy/protocol-http": "^5.3.8", + "@smithy/types": "^4.12.0", "tslib": "^2.6.2" }, "engines": { - "node": ">=18.0.0" + "node": ">=20.0.0" } }, "node_modules/@aws-sdk/middleware-flexible-checksums": { - "version": "3.735.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-flexible-checksums/-/middleware-flexible-checksums-3.735.0.tgz", - "integrity": "sha512-Tx7lYTPwQFRe/wQEHMR6Drh/S+X0ToAEq1Ava9QyxV1riwtepzRLojpNDELFb3YQVVYbX7FEiBMCJLMkmIIY+A==", + "version": "3.972.2", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-flexible-checksums/-/middleware-flexible-checksums-3.972.2.tgz", + "integrity": "sha512-GgWVZJdzXzqhXxzNAYB3TnZCj7d5rZNdovqSIV91e97nowHVaExRoyaZ3H/Ydqot7veHGPTl8nBp464zZeLDTQ==", "dev": true, + "license": "Apache-2.0", "dependencies": { "@aws-crypto/crc32": "5.2.0", "@aws-crypto/crc32c": "5.2.0", "@aws-crypto/util": "5.2.0", - "@aws-sdk/core": "3.734.0", - "@aws-sdk/types": "3.734.0", - "@smithy/is-array-buffer": "^4.0.0", - "@smithy/node-config-provider": "^4.0.1", - "@smithy/protocol-http": "^5.0.1", - "@smithy/types": "^4.1.0", - "@smithy/util-middleware": "^4.0.1", - "@smithy/util-stream": "^4.0.2", - "@smithy/util-utf8": "^4.0.0", + "@aws-sdk/core": "^3.973.2", + "@aws-sdk/crc64-nvme": "3.972.0", + "@aws-sdk/types": "^3.973.1", + "@smithy/is-array-buffer": "^4.2.0", + "@smithy/node-config-provider": "^4.3.8", + "@smithy/protocol-http": "^5.3.8", + "@smithy/types": "^4.12.0", + "@smithy/util-middleware": "^4.2.8", + "@smithy/util-stream": "^4.5.10", + "@smithy/util-utf8": "^4.2.0", "tslib": "^2.6.2" }, "engines": { - "node": ">=18.0.0" + "node": ">=20.0.0" } }, "node_modules/@aws-sdk/middleware-host-header": { - "version": "3.734.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-host-header/-/middleware-host-header-3.734.0.tgz", - "integrity": "sha512-LW7RRgSOHHBzWZnigNsDIzu3AiwtjeI2X66v+Wn1P1u+eXssy1+up4ZY/h+t2sU4LU36UvEf+jrZti9c6vRnFw==", + "version": "3.972.2", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-host-header/-/middleware-host-header-3.972.2.tgz", + "integrity": "sha512-42hZ8jEXT2uR6YybCzNq9OomqHPw43YIfRfz17biZjMQA4jKSQUaHIl6VvqO2Ddl5904pXg2Yd/ku78S0Ikgog==", "dev": true, + "license": "Apache-2.0", "dependencies": { - "@aws-sdk/types": "3.734.0", - "@smithy/protocol-http": "^5.0.1", - "@smithy/types": "^4.1.0", + "@aws-sdk/types": "^3.973.1", + "@smithy/protocol-http": "^5.3.8", + "@smithy/types": "^4.12.0", "tslib": "^2.6.2" }, "engines": { - "node": ">=18.0.0" + "node": ">=20.0.0" } }, "node_modules/@aws-sdk/middleware-location-constraint": { - "version": "3.734.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-location-constraint/-/middleware-location-constraint-3.734.0.tgz", - "integrity": "sha512-EJEIXwCQhto/cBfHdm3ZOeLxd2NlJD+X2F+ZTOxzokuhBtY0IONfC/91hOo5tWQweerojwshSMHRCKzRv1tlwg==", + "version": "3.972.2", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-location-constraint/-/middleware-location-constraint-3.972.2.tgz", + "integrity": "sha512-pyayzpq+VQiG1o9pEUyr6BXEJ2g2t4JIPdNxDkIHp2AhR63Gy/10WQkXTBOgRnfQ7/aLPLOnjRIWwOPp0CfUlA==", "dev": true, + "license": "Apache-2.0", "dependencies": { - "@aws-sdk/types": "3.734.0", - "@smithy/types": "^4.1.0", + "@aws-sdk/types": "^3.973.1", + "@smithy/types": "^4.12.0", "tslib": "^2.6.2" }, "engines": { - "node": ">=18.0.0" + "node": ">=20.0.0" } }, "node_modules/@aws-sdk/middleware-logger": { - "version": "3.734.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-logger/-/middleware-logger-3.734.0.tgz", - "integrity": "sha512-mUMFITpJUW3LcKvFok176eI5zXAUomVtahb9IQBwLzkqFYOrMJvWAvoV4yuxrJ8TlQBG8gyEnkb9SnhZvjg67w==", + "version": "3.972.2", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-logger/-/middleware-logger-3.972.2.tgz", + "integrity": "sha512-iUzdXKOgi4JVDDEG/VvoNw50FryRCEm0qAudw12DcZoiNJWl0rN6SYVLcL1xwugMfQncCXieK5UBlG6mhH7iYA==", "dev": true, + "license": "Apache-2.0", "dependencies": { - "@aws-sdk/types": "3.734.0", - "@smithy/types": "^4.1.0", + "@aws-sdk/types": "^3.973.1", + "@smithy/types": "^4.12.0", "tslib": "^2.6.2" }, "engines": { - "node": ">=18.0.0" + "node": ">=20.0.0" } }, "node_modules/@aws-sdk/middleware-recursion-detection": { - "version": "3.734.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-recursion-detection/-/middleware-recursion-detection-3.734.0.tgz", - "integrity": "sha512-CUat2d9ITsFc2XsmeiRQO96iWpxSKYFjxvj27Hc7vo87YUHRnfMfnc8jw1EpxEwMcvBD7LsRa6vDNky6AjcrFA==", + "version": "3.972.2", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-recursion-detection/-/middleware-recursion-detection-3.972.2.tgz", + "integrity": "sha512-/mzlyzJDtngNFd/rAYvqx29a2d0VuiYKN84Y/Mu9mGw7cfMOCyRK+896tb9wV6MoPRHUX7IXuKCIL8nzz2Pz5A==", "dev": true, + "license": "Apache-2.0", "dependencies": { - "@aws-sdk/types": "3.734.0", - "@smithy/protocol-http": "^5.0.1", - "@smithy/types": "^4.1.0", + "@aws-sdk/types": "^3.973.1", + "@aws/lambda-invoke-store": "^0.2.2", + "@smithy/protocol-http": "^5.3.8", + "@smithy/types": "^4.12.0", "tslib": "^2.6.2" }, "engines": { - "node": ">=18.0.0" + "node": ">=20.0.0" } }, "node_modules/@aws-sdk/middleware-sdk-s3": { - "version": "3.740.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-sdk-s3/-/middleware-sdk-s3-3.740.0.tgz", - "integrity": "sha512-VML9TzNoQdAs5lSPQSEgZiPgMUSz2H7SltaLb9g4tHwKK5xQoTq5WcDd6V1d2aPxSN5Q2Q63aiVUBby6MdUN/Q==", - "dev": true, - "dependencies": { - "@aws-sdk/core": "3.734.0", - "@aws-sdk/types": "3.734.0", - "@aws-sdk/util-arn-parser": "3.723.0", - "@smithy/core": "^3.1.1", - "@smithy/node-config-provider": "^4.0.1", - "@smithy/protocol-http": "^5.0.1", - "@smithy/signature-v4": "^5.0.1", - "@smithy/smithy-client": "^4.1.2", - "@smithy/types": "^4.1.0", - "@smithy/util-config-provider": "^4.0.0", - "@smithy/util-middleware": "^4.0.1", - "@smithy/util-stream": "^4.0.2", - "@smithy/util-utf8": "^4.0.0", + "version": "3.972.3", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-sdk-s3/-/middleware-sdk-s3-3.972.3.tgz", + "integrity": "sha512-ZVtakKpQ7vI9l7tE2SJjQgoPYv2f/Bw/HMip5wBigsQBDvVbN300h+6nPnm0gnEQwIGGG0yJF3XCvr1/4pZW9A==", + "dev": true, + "license": "Apache-2.0", + "dependencies": { + "@aws-sdk/core": "^3.973.2", + "@aws-sdk/types": "^3.973.1", + "@aws-sdk/util-arn-parser": "^3.972.2", + "@smithy/core": "^3.21.1", + "@smithy/node-config-provider": "^4.3.8", + "@smithy/protocol-http": "^5.3.8", + "@smithy/signature-v4": "^5.3.8", + "@smithy/smithy-client": "^4.10.12", + "@smithy/types": "^4.12.0", + "@smithy/util-config-provider": "^4.2.0", + "@smithy/util-middleware": "^4.2.8", + "@smithy/util-stream": "^4.5.10", + "@smithy/util-utf8": "^4.2.0", "tslib": "^2.6.2" }, "engines": { - "node": ">=18.0.0" + "node": ">=20.0.0" } }, "node_modules/@aws-sdk/middleware-ssec": { - "version": "3.734.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-ssec/-/middleware-ssec-3.734.0.tgz", - "integrity": "sha512-d4yd1RrPW/sspEXizq2NSOUivnheac6LPeLSLnaeTbBG9g1KqIqvCzP1TfXEqv2CrWfHEsWtJpX7oyjySSPvDQ==", + "version": "3.972.2", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-ssec/-/middleware-ssec-3.972.2.tgz", + "integrity": "sha512-HJ3OmQnlQ1es6esrDWnx3nVPhBAN89WaFCzsDcb6oT7TMjBPUfZ5+1BpI7B0Hnme8cc6kp7qc4cgo2plrlROJA==", "dev": true, + "license": "Apache-2.0", "dependencies": { - "@aws-sdk/types": "3.734.0", - "@smithy/types": "^4.1.0", + "@aws-sdk/types": "^3.973.1", + "@smithy/types": "^4.12.0", "tslib": "^2.6.2" }, "engines": { - "node": ">=18.0.0" + "node": ">=20.0.0" } }, "node_modules/@aws-sdk/middleware-user-agent": { - "version": "3.734.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.734.0.tgz", - "integrity": "sha512-MFVzLWRkfFz02GqGPjqSOteLe5kPfElUrXZft1eElnqulqs6RJfVSpOV7mO90gu293tNAeggMWAVSGRPKIYVMg==", + "version": "3.972.3", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.972.3.tgz", + "integrity": "sha512-zq6aTiO/BiAIOA8EH8nB+wYvvnZ14Md9Gomm5DDhParshVEVglAyNPO5ADK4ZXFQbftIoO+Vgcvf4gewW/+iYQ==", "dev": true, + "license": "Apache-2.0", "dependencies": { - "@aws-sdk/core": "3.734.0", - "@aws-sdk/types": "3.734.0", - "@aws-sdk/util-endpoints": "3.734.0", - "@smithy/core": "^3.1.1", - "@smithy/protocol-http": "^5.0.1", - "@smithy/types": "^4.1.0", + "@aws-sdk/core": "^3.973.2", + "@aws-sdk/types": "^3.973.1", + "@aws-sdk/util-endpoints": "3.972.0", + "@smithy/core": "^3.21.1", + "@smithy/protocol-http": "^5.3.8", + "@smithy/types": "^4.12.0", "tslib": "^2.6.2" }, "engines": { - "node": ">=18.0.0" + "node": ">=20.0.0" } }, "node_modules/@aws-sdk/nested-clients": { - "version": "3.734.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/nested-clients/-/nested-clients-3.734.0.tgz", - "integrity": "sha512-iph2XUy8UzIfdJFWo1r0Zng9uWj3253yvW9gljhtu+y/LNmNvSnJxQk1f3D2BC5WmcoPZqTS3UsycT3mLPSzWA==", + "version": "3.975.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/nested-clients/-/nested-clients-3.975.0.tgz", + "integrity": "sha512-OkeFHPlQj2c/Y5bQGkX14pxhDWUGUFt3LRHhjcDKsSCw6lrxKcxN3WFZN0qbJwKNydP+knL5nxvfgKiCLpTLRA==", "dev": true, + "license": "Apache-2.0", "dependencies": { "@aws-crypto/sha256-browser": "5.2.0", "@aws-crypto/sha256-js": "5.2.0", - "@aws-sdk/core": "3.734.0", - "@aws-sdk/middleware-host-header": "3.734.0", - "@aws-sdk/middleware-logger": "3.734.0", - "@aws-sdk/middleware-recursion-detection": "3.734.0", - "@aws-sdk/middleware-user-agent": "3.734.0", - "@aws-sdk/region-config-resolver": "3.734.0", - "@aws-sdk/types": "3.734.0", - "@aws-sdk/util-endpoints": "3.734.0", - "@aws-sdk/util-user-agent-browser": "3.734.0", - "@aws-sdk/util-user-agent-node": "3.734.0", - "@smithy/config-resolver": "^4.0.1", - "@smithy/core": "^3.1.1", - "@smithy/fetch-http-handler": "^5.0.1", - "@smithy/hash-node": "^4.0.1", - "@smithy/invalid-dependency": "^4.0.1", - "@smithy/middleware-content-length": "^4.0.1", - "@smithy/middleware-endpoint": "^4.0.2", - "@smithy/middleware-retry": "^4.0.3", - "@smithy/middleware-serde": "^4.0.1", - "@smithy/middleware-stack": "^4.0.1", - "@smithy/node-config-provider": "^4.0.1", - "@smithy/node-http-handler": "^4.0.2", - "@smithy/protocol-http": "^5.0.1", - "@smithy/smithy-client": "^4.1.2", - "@smithy/types": "^4.1.0", - "@smithy/url-parser": "^4.0.1", - "@smithy/util-base64": "^4.0.0", - "@smithy/util-body-length-browser": "^4.0.0", - "@smithy/util-body-length-node": "^4.0.0", - "@smithy/util-defaults-mode-browser": "^4.0.3", - "@smithy/util-defaults-mode-node": "^4.0.3", - "@smithy/util-endpoints": "^3.0.1", - "@smithy/util-middleware": "^4.0.1", - "@smithy/util-retry": "^4.0.1", - "@smithy/util-utf8": "^4.0.0", + "@aws-sdk/core": "^3.973.1", + "@aws-sdk/middleware-host-header": "^3.972.1", + "@aws-sdk/middleware-logger": "^3.972.1", + "@aws-sdk/middleware-recursion-detection": "^3.972.1", + "@aws-sdk/middleware-user-agent": "^3.972.2", + "@aws-sdk/region-config-resolver": "^3.972.1", + "@aws-sdk/types": "^3.973.0", + "@aws-sdk/util-endpoints": "3.972.0", + "@aws-sdk/util-user-agent-browser": "^3.972.1", + "@aws-sdk/util-user-agent-node": "^3.972.1", + "@smithy/config-resolver": "^4.4.6", + "@smithy/core": "^3.21.1", + "@smithy/fetch-http-handler": "^5.3.9", + "@smithy/hash-node": "^4.2.8", + "@smithy/invalid-dependency": "^4.2.8", + "@smithy/middleware-content-length": "^4.2.8", + "@smithy/middleware-endpoint": "^4.4.11", + "@smithy/middleware-retry": "^4.4.27", + "@smithy/middleware-serde": "^4.2.9", + "@smithy/middleware-stack": "^4.2.8", + "@smithy/node-config-provider": "^4.3.8", + "@smithy/node-http-handler": "^4.4.8", + "@smithy/protocol-http": "^5.3.8", + "@smithy/smithy-client": "^4.10.12", + "@smithy/types": "^4.12.0", + "@smithy/url-parser": "^4.2.8", + "@smithy/util-base64": "^4.3.0", + "@smithy/util-body-length-browser": "^4.2.0", + "@smithy/util-body-length-node": "^4.2.1", + "@smithy/util-defaults-mode-browser": "^4.3.26", + "@smithy/util-defaults-mode-node": "^4.2.29", + "@smithy/util-endpoints": "^3.2.8", + "@smithy/util-middleware": "^4.2.8", + "@smithy/util-retry": "^4.2.8", + "@smithy/util-utf8": "^4.2.0", "tslib": "^2.6.2" }, "engines": { - "node": ">=18.0.0" + "node": ">=20.0.0" } }, "node_modules/@aws-sdk/region-config-resolver": { - "version": "3.734.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/region-config-resolver/-/region-config-resolver-3.734.0.tgz", - "integrity": "sha512-Lvj1kPRC5IuJBr9DyJ9T9/plkh+EfKLy+12s/mykOy1JaKHDpvj+XGy2YO6YgYVOb8JFtaqloid+5COtje4JTQ==", + "version": "3.972.2", + "resolved": "https://registry.npmjs.org/@aws-sdk/region-config-resolver/-/region-config-resolver-3.972.2.tgz", + "integrity": "sha512-/7vRBsfmiOlg2X67EdKrzzQGw5/SbkXb7ALHQmlQLkZh8qNgvS2G2dDC6NtF3hzFlpP3j2k+KIEtql/6VrI6JA==", "dev": true, + "license": "Apache-2.0", "dependencies": { - "@aws-sdk/types": "3.734.0", - "@smithy/node-config-provider": "^4.0.1", - "@smithy/types": "^4.1.0", - "@smithy/util-config-provider": "^4.0.0", - "@smithy/util-middleware": "^4.0.1", + "@aws-sdk/types": "^3.973.1", + "@smithy/config-resolver": "^4.4.6", + "@smithy/node-config-provider": "^4.3.8", + "@smithy/types": "^4.12.0", "tslib": "^2.6.2" }, "engines": { - "node": ">=18.0.0" + "node": ">=20.0.0" } }, "node_modules/@aws-sdk/signature-v4-multi-region": { - "version": "3.740.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/signature-v4-multi-region/-/signature-v4-multi-region-3.740.0.tgz", - "integrity": "sha512-w+psidN3i+kl51nQEV3V+fKjKUqcEbqUA1GtubruDBvBqrl5El/fU2NF3Lo53y8CfI9wCdf3V7KOEpHIqxHNng==", + "version": "3.972.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/signature-v4-multi-region/-/signature-v4-multi-region-3.972.0.tgz", + "integrity": "sha512-2udiRijmjpN81Pvajje4TsjbXDZNP6K9bYUanBYH8hXa/tZG5qfGCySD+TyX0sgDxCQmEDMg3LaQdfjNHBDEgQ==", "dev": true, + "license": "Apache-2.0", "dependencies": { - "@aws-sdk/middleware-sdk-s3": "3.740.0", - "@aws-sdk/types": "3.734.0", - "@smithy/protocol-http": "^5.0.1", - "@smithy/signature-v4": "^5.0.1", - "@smithy/types": "^4.1.0", + "@aws-sdk/middleware-sdk-s3": "3.972.0", + "@aws-sdk/types": "3.972.0", + "@smithy/protocol-http": "^5.3.8", + "@smithy/signature-v4": "^5.3.8", + "@smithy/types": "^4.12.0", "tslib": "^2.6.2" }, "engines": { - "node": ">=18.0.0" + "node": ">=20.0.0" + } + }, + "node_modules/@aws-sdk/signature-v4-multi-region/node_modules/@aws-sdk/core": { + "version": "3.972.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.972.0.tgz", + "integrity": "sha512-nEeUW2M9F+xdIaD98F5MBcQ4ITtykj3yKbgFZ6J0JtL3bq+Z90szQ6Yy8H/BLPYXTs3V4n9ifnBo8cprRDiE6A==", + "dev": true, + "license": "Apache-2.0", + "dependencies": { + "@aws-sdk/types": "3.972.0", + "@aws-sdk/xml-builder": "3.972.0", + "@smithy/core": "^3.20.6", + "@smithy/node-config-provider": "^4.3.8", + "@smithy/property-provider": "^4.2.8", + "@smithy/protocol-http": "^5.3.8", + "@smithy/signature-v4": "^5.3.8", + "@smithy/smithy-client": "^4.10.8", + "@smithy/types": "^4.12.0", + "@smithy/util-base64": "^4.3.0", + "@smithy/util-middleware": "^4.2.8", + "@smithy/util-utf8": "^4.2.0", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=20.0.0" + } + }, + "node_modules/@aws-sdk/signature-v4-multi-region/node_modules/@aws-sdk/middleware-sdk-s3": { + "version": "3.972.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-sdk-s3/-/middleware-sdk-s3-3.972.0.tgz", + "integrity": "sha512-0bcKFXWx+NZ7tIlOo7KjQ+O2rydiHdIQahrq+fN6k9Osky29v17guy68urUKfhTobR6iY6KvxkroFWaFtTgS5w==", + "dev": true, + "license": "Apache-2.0", + "dependencies": { + "@aws-sdk/core": "3.972.0", + "@aws-sdk/types": "3.972.0", + "@aws-sdk/util-arn-parser": "3.972.0", + "@smithy/core": "^3.20.6", + "@smithy/node-config-provider": "^4.3.8", + "@smithy/protocol-http": "^5.3.8", + "@smithy/signature-v4": "^5.3.8", + "@smithy/smithy-client": "^4.10.8", + "@smithy/types": "^4.12.0", + "@smithy/util-config-provider": "^4.2.0", + "@smithy/util-middleware": "^4.2.8", + "@smithy/util-stream": "^4.5.10", + "@smithy/util-utf8": "^4.2.0", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=20.0.0" + } + }, + "node_modules/@aws-sdk/signature-v4-multi-region/node_modules/@aws-sdk/types": { + "version": "3.972.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.972.0.tgz", + "integrity": "sha512-U7xBIbLSetONxb2bNzHyDgND3oKGoIfmknrEVnoEU4GUSs+0augUOIn9DIWGUO2ETcRFdsRUnmx9KhPT9Ojbug==", + "dev": true, + "license": "Apache-2.0", + "dependencies": { + "@smithy/types": "^4.12.0", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=20.0.0" + } + }, + "node_modules/@aws-sdk/signature-v4-multi-region/node_modules/@aws-sdk/util-arn-parser": { + "version": "3.972.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/util-arn-parser/-/util-arn-parser-3.972.0.tgz", + "integrity": "sha512-RM5Mmo/KJ593iMSrALlHEOcc9YOIyOsDmS5x2NLOMdEmzv1o00fcpAkCQ02IGu1eFneBFT7uX0Mpag0HI+Cz2g==", + "dev": true, + "license": "Apache-2.0", + "dependencies": { + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=20.0.0" + } + }, + "node_modules/@aws-sdk/signature-v4-multi-region/node_modules/@aws-sdk/xml-builder": { + "version": "3.972.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/xml-builder/-/xml-builder-3.972.0.tgz", + "integrity": "sha512-POaGMcXnozzqBUyJM3HLUZ9GR6OKJWPGJEmhtTnxZXt8B6JcJ/6K3xRJ5H/j8oovVLz8Wg6vFxAHv8lvuASxMg==", + "dev": true, + "license": "Apache-2.0", + "dependencies": { + "@smithy/types": "^4.12.0", + "fast-xml-parser": "5.2.5", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=20.0.0" } }, "node_modules/@aws-sdk/token-providers": { - "version": "3.734.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.734.0.tgz", - "integrity": "sha512-2U6yWKrjWjZO8Y5SHQxkFvMVWHQWbS0ufqfAIBROqmIZNubOL7jXCiVdEFekz6MZ9LF2tvYGnOW4jX8OKDGfIw==", + "version": "3.975.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.975.0.tgz", + "integrity": "sha512-AWQt64hkVbDQ+CmM09wnvSk2mVyH4iRROkmYkr3/lmUtFNbE2L/fnw26sckZnUcFCsHPqbkQrcsZAnTcBLbH4w==", "dev": true, + "license": "Apache-2.0", "dependencies": { - "@aws-sdk/nested-clients": "3.734.0", - "@aws-sdk/types": "3.734.0", - "@smithy/property-provider": "^4.0.1", - "@smithy/shared-ini-file-loader": "^4.0.1", - "@smithy/types": "^4.1.0", + "@aws-sdk/core": "^3.973.1", + "@aws-sdk/nested-clients": "3.975.0", + "@aws-sdk/types": "^3.973.0", + "@smithy/property-provider": "^4.2.8", + "@smithy/shared-ini-file-loader": "^4.4.3", + "@smithy/types": "^4.12.0", "tslib": "^2.6.2" }, "engines": { - "node": ">=18.0.0" + "node": ">=20.0.0" } }, "node_modules/@aws-sdk/types": { - "version": "3.734.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.734.0.tgz", - "integrity": "sha512-o11tSPTT70nAkGV1fN9wm/hAIiLPyWX6SuGf+9JyTp7S/rC2cFWhR26MvA69nplcjNaXVzB0f+QFrLXXjOqCrg==", + "version": "3.973.1", + "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.973.1.tgz", + "integrity": "sha512-DwHBiMNOB468JiX6+i34c+THsKHErYUdNQ3HexeXZvVn4zouLjgaS4FejiGSi2HyBuzuyHg7SuOPmjSvoU9NRg==", "dev": true, + "license": "Apache-2.0", "dependencies": { - "@smithy/types": "^4.1.0", + "@smithy/types": "^4.12.0", "tslib": "^2.6.2" }, "engines": { - "node": ">=18.0.0" + "node": ">=20.0.0" } }, "node_modules/@aws-sdk/util-arn-parser": { - "version": "3.723.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/util-arn-parser/-/util-arn-parser-3.723.0.tgz", - "integrity": "sha512-ZhEfvUwNliOQROcAk34WJWVYTlTa4694kSVhDSjW6lE1bMataPnIN8A0ycukEzBXmd8ZSoBcQLn6lKGl7XIJ5w==", + "version": "3.972.2", + "resolved": "https://registry.npmjs.org/@aws-sdk/util-arn-parser/-/util-arn-parser-3.972.2.tgz", + "integrity": "sha512-VkykWbqMjlSgBFDyrY3nOSqupMc6ivXuGmvci6Q3NnLq5kC+mKQe2QBZ4nrWRE/jqOxeFP2uYzLtwncYYcvQDg==", "dev": true, + "license": "Apache-2.0", "dependencies": { "tslib": "^2.6.2" }, "engines": { - "node": ">=18.0.0" + "node": ">=20.0.0" } }, "node_modules/@aws-sdk/util-endpoints": { - "version": "3.734.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.734.0.tgz", - "integrity": "sha512-w2+/E88NUbqql6uCVAsmMxDQKu7vsKV0KqhlQb0lL+RCq4zy07yXYptVNs13qrnuTfyX7uPXkXrlugvK9R1Ucg==", + "version": "3.972.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.972.0.tgz", + "integrity": "sha512-6JHsl1V/a1ZW8D8AFfd4R52fwZPnZ5H4U6DS8m/bWT8qad72NvbOFAC7U2cDtFs2TShqUO3TEiX/EJibtY3ijg==", "dev": true, + "license": "Apache-2.0", "dependencies": { - "@aws-sdk/types": "3.734.0", - "@smithy/types": "^4.1.0", - "@smithy/util-endpoints": "^3.0.1", + "@aws-sdk/types": "3.972.0", + "@smithy/types": "^4.12.0", + "@smithy/url-parser": "^4.2.8", + "@smithy/util-endpoints": "^3.2.8", "tslib": "^2.6.2" }, "engines": { - "node": ">=18.0.0" + "node": ">=20.0.0" + } + }, + "node_modules/@aws-sdk/util-endpoints/node_modules/@aws-sdk/types": { + "version": "3.972.0", + "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.972.0.tgz", + "integrity": "sha512-U7xBIbLSetONxb2bNzHyDgND3oKGoIfmknrEVnoEU4GUSs+0augUOIn9DIWGUO2ETcRFdsRUnmx9KhPT9Ojbug==", + "dev": true, + "license": "Apache-2.0", + "dependencies": { + "@smithy/types": "^4.12.0", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=20.0.0" } }, "node_modules/@aws-sdk/util-locate-window": { @@ -888,31 +1070,33 @@ } }, "node_modules/@aws-sdk/util-user-agent-browser": { - "version": "3.734.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/util-user-agent-browser/-/util-user-agent-browser-3.734.0.tgz", - "integrity": "sha512-xQTCus6Q9LwUuALW+S76OL0jcWtMOVu14q+GoLnWPUM7QeUw963oQcLhF7oq0CtaLLKyl4GOUfcwc773Zmwwng==", + "version": "3.972.2", + "resolved": "https://registry.npmjs.org/@aws-sdk/util-user-agent-browser/-/util-user-agent-browser-3.972.2.tgz", + "integrity": "sha512-gz76bUyebPZRxIsBHJUd/v+yiyFzm9adHbr8NykP2nm+z/rFyvQneOHajrUejtmnc5tTBeaDPL4X25TnagRk4A==", "dev": true, + "license": "Apache-2.0", "dependencies": { - "@aws-sdk/types": "3.734.0", - "@smithy/types": "^4.1.0", + "@aws-sdk/types": "^3.973.1", + "@smithy/types": "^4.12.0", "bowser": "^2.11.0", "tslib": "^2.6.2" } }, "node_modules/@aws-sdk/util-user-agent-node": { - "version": "3.734.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.734.0.tgz", - "integrity": "sha512-c6Iinh+RVQKs6jYUFQ64htOU2HUXFQ3TVx+8Tu3EDF19+9vzWi9UukhIMH9rqyyEXIAkk9XL7avt8y2Uyw2dGA==", + "version": "3.972.2", + "resolved": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.972.2.tgz", + "integrity": "sha512-vnxOc4C6AR7hVbwyFo1YuH0GB6dgJlWt8nIOOJpnzJAWJPkUMPJ9Zv2lnKsSU7TTZbhP2hEO8OZ4PYH59XFv8Q==", "dev": true, + "license": "Apache-2.0", "dependencies": { - "@aws-sdk/middleware-user-agent": "3.734.0", - "@aws-sdk/types": "3.734.0", - "@smithy/node-config-provider": "^4.0.1", - "@smithy/types": "^4.1.0", + "@aws-sdk/middleware-user-agent": "^3.972.3", + "@aws-sdk/types": "^3.973.1", + "@smithy/node-config-provider": "^4.3.8", + "@smithy/types": "^4.12.0", "tslib": "^2.6.2" }, "engines": { - "node": ">=18.0.0" + "node": ">=20.0.0" }, "peerDependencies": { "aws-crt": ">=1.0.0" @@ -924,14 +1108,26 @@ } }, "node_modules/@aws-sdk/xml-builder": { - "version": "3.734.0", - "resolved": "https://registry.npmjs.org/@aws-sdk/xml-builder/-/xml-builder-3.734.0.tgz", - "integrity": "sha512-Zrjxi5qwGEcUsJ0ru7fRtW74WcTS0rbLcehoFB+rN1GRi2hbLcFaYs4PwVA5diLeAJH0gszv3x4Hr/S87MfbKQ==", + "version": "3.972.2", + "resolved": "https://registry.npmjs.org/@aws-sdk/xml-builder/-/xml-builder-3.972.2.tgz", + "integrity": "sha512-jGOOV/bV1DhkkUhHiZ3/1GZ67cZyOXaDb7d1rYD6ZiXf5V9tBNOcgqXwRRPvrCbYaFRa1pPMFb3ZjqjWpR3YfA==", "dev": true, + "license": "Apache-2.0", "dependencies": { - "@smithy/types": "^4.1.0", + "@smithy/types": "^4.12.0", + "fast-xml-parser": "5.2.5", "tslib": "^2.6.2" }, + "engines": { + "node": ">=20.0.0" + } + }, + "node_modules/@aws/lambda-invoke-store": { + "version": "0.2.3", + "resolved": "https://registry.npmjs.org/@aws/lambda-invoke-store/-/lambda-invoke-store-0.2.3.tgz", + "integrity": "sha512-oLvsaPMTBejkkmHhjf09xTgk71mOqyr/409NKhRIL08If7AhVfUsJhVsx386uJaqNd42v9kWamQ9lFbkoC2dYw==", + "dev": true, + "license": "Apache-2.0", "engines": { "node": ">=18.0.0" } @@ -2030,12 +2226,13 @@ } }, "node_modules/@smithy/abort-controller": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/@smithy/abort-controller/-/abort-controller-4.0.1.tgz", - "integrity": "sha512-fiUIYgIgRjMWznk6iLJz35K2YxSLHzLBA/RC6lBrKfQ8fHbPfvk7Pk9UvpKoHgJjI18MnbPuEju53zcVy6KF1g==", + "version": "4.2.8", + "resolved": "https://registry.npmjs.org/@smithy/abort-controller/-/abort-controller-4.2.8.tgz", + "integrity": "sha512-peuVfkYHAmS5ybKxWcfraK7WBBP0J+rkfUcbHJJKQ4ir3UAUNQI+Y4Vt/PqSzGqgloJ5O1dk7+WzNL8wcCSXbw==", "dev": true, + "license": "Apache-2.0", "dependencies": { - "@smithy/types": "^4.1.0", + "@smithy/types": "^4.12.0", "tslib": "^2.6.2" }, "engines": { @@ -2043,10 +2240,11 @@ } }, "node_modules/@smithy/chunked-blob-reader": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/@smithy/chunked-blob-reader/-/chunked-blob-reader-5.0.0.tgz", - "integrity": "sha512-+sKqDBQqb036hh4NPaUiEkYFkTUGYzRsn3EuFhyfQfMy6oGHEUJDurLP9Ufb5dasr/XiAmPNMr6wa9afjQB+Gw==", + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/@smithy/chunked-blob-reader/-/chunked-blob-reader-5.2.0.tgz", + "integrity": "sha512-WmU0TnhEAJLWvfSeMxBNe5xtbselEO8+4wG0NtZeL8oR21WgH1xiO37El+/Y+H/Ie4SCwBy3MxYWmOYaGgZueA==", "dev": true, + "license": "Apache-2.0", "dependencies": { "tslib": "^2.6.2" }, @@ -2055,12 +2253,13 @@ } }, "node_modules/@smithy/chunked-blob-reader-native": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/@smithy/chunked-blob-reader-native/-/chunked-blob-reader-native-4.0.0.tgz", - "integrity": "sha512-R9wM2yPmfEMsUmlMlIgSzOyICs0x9uu7UTHoccMyt7BWw8shcGM8HqB355+BZCPBcySvbTYMs62EgEQkNxz2ig==", + "version": "4.2.1", + "resolved": "https://registry.npmjs.org/@smithy/chunked-blob-reader-native/-/chunked-blob-reader-native-4.2.1.tgz", + "integrity": "sha512-lX9Ay+6LisTfpLid2zZtIhSEjHMZoAR5hHCR4H7tBz/Zkfr5ea8RcQ7Tk4mi0P76p4cN+Btz16Ffno7YHpKXnQ==", "dev": true, + "license": "Apache-2.0", "dependencies": { - "@smithy/util-base64": "^4.0.0", + "@smithy/util-base64": "^4.3.0", "tslib": "^2.6.2" }, "engines": { @@ -2068,15 +2267,17 @@ } }, "node_modules/@smithy/config-resolver": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/@smithy/config-resolver/-/config-resolver-4.0.1.tgz", - "integrity": "sha512-Igfg8lKu3dRVkTSEm98QpZUvKEOa71jDX4vKRcvJVyRc3UgN3j7vFMf0s7xLQhYmKa8kyJGQgUJDOV5V3neVlQ==", + "version": "4.4.6", + "resolved": "https://registry.npmjs.org/@smithy/config-resolver/-/config-resolver-4.4.6.tgz", + "integrity": "sha512-qJpzYC64kaj3S0fueiu3kXm8xPrR3PcXDPEgnaNMRn0EjNSZFoFjvbUp0YUDsRhN1CB90EnHJtbxWKevnH99UQ==", "dev": true, + "license": "Apache-2.0", "dependencies": { - "@smithy/node-config-provider": "^4.0.1", - "@smithy/types": "^4.1.0", - "@smithy/util-config-provider": "^4.0.0", - "@smithy/util-middleware": "^4.0.1", + "@smithy/node-config-provider": "^4.3.8", + "@smithy/types": "^4.12.0", + "@smithy/util-config-provider": "^4.2.0", + "@smithy/util-endpoints": "^3.2.8", + "@smithy/util-middleware": "^4.2.8", "tslib": "^2.6.2" }, "engines": { @@ -2084,18 +2285,21 @@ } }, "node_modules/@smithy/core": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/@smithy/core/-/core-3.1.2.tgz", - "integrity": "sha512-htwQXkbdF13uwwDevz9BEzL5ABK+1sJpVQXywwGSH973AVOvisHNfpcB8A8761G6XgHoS2kHPqc9DqHJ2gp+/Q==", + "version": "3.21.1", + "resolved": "https://registry.npmjs.org/@smithy/core/-/core-3.21.1.tgz", + "integrity": "sha512-NUH8R4O6FkN8HKMojzbGg/5pNjsfTjlMmeFclyPfPaXXUrbr5TzhWgbf7t92wfrpCHRgpjyz7ffASIS3wX28aA==", "dev": true, + "license": "Apache-2.0", "dependencies": { - "@smithy/middleware-serde": "^4.0.2", - "@smithy/protocol-http": "^5.0.1", - "@smithy/types": "^4.1.0", - "@smithy/util-body-length-browser": "^4.0.0", - "@smithy/util-middleware": "^4.0.1", - "@smithy/util-stream": "^4.0.2", - "@smithy/util-utf8": "^4.0.0", + "@smithy/middleware-serde": "^4.2.9", + "@smithy/protocol-http": "^5.3.8", + "@smithy/types": "^4.12.0", + "@smithy/util-base64": "^4.3.0", + "@smithy/util-body-length-browser": "^4.2.0", + "@smithy/util-middleware": "^4.2.8", + "@smithy/util-stream": "^4.5.10", + "@smithy/util-utf8": "^4.2.0", + "@smithy/uuid": "^1.1.0", "tslib": "^2.6.2" }, "engines": { @@ -2103,15 +2307,16 @@ } }, "node_modules/@smithy/credential-provider-imds": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/@smithy/credential-provider-imds/-/credential-provider-imds-4.0.1.tgz", - "integrity": "sha512-l/qdInaDq1Zpznpmev/+52QomsJNZ3JkTl5yrTl02V6NBgJOQ4LY0SFw/8zsMwj3tLe8vqiIuwF6nxaEwgf6mg==", + "version": "4.2.8", + "resolved": "https://registry.npmjs.org/@smithy/credential-provider-imds/-/credential-provider-imds-4.2.8.tgz", + "integrity": "sha512-FNT0xHS1c/CPN8upqbMFP83+ul5YgdisfCfkZ86Jh2NSmnqw/AJ6x5pEogVCTVvSm7j9MopRU89bmDelxuDMYw==", "dev": true, + "license": "Apache-2.0", "dependencies": { - "@smithy/node-config-provider": "^4.0.1", - "@smithy/property-provider": "^4.0.1", - "@smithy/types": "^4.1.0", - "@smithy/url-parser": "^4.0.1", + "@smithy/node-config-provider": "^4.3.8", + "@smithy/property-provider": "^4.2.8", + "@smithy/types": "^4.12.0", + "@smithy/url-parser": "^4.2.8", "tslib": "^2.6.2" }, "engines": { @@ -2119,14 +2324,15 @@ } }, "node_modules/@smithy/eventstream-codec": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/@smithy/eventstream-codec/-/eventstream-codec-4.0.1.tgz", - "integrity": "sha512-Q2bCAAR6zXNVtJgifsU16ZjKGqdw/DyecKNgIgi7dlqw04fqDu0mnq+JmGphqheypVc64CYq3azSuCpAdFk2+A==", + "version": "4.2.8", + "resolved": "https://registry.npmjs.org/@smithy/eventstream-codec/-/eventstream-codec-4.2.8.tgz", + "integrity": "sha512-jS/O5Q14UsufqoGhov7dHLOPCzkYJl9QDzusI2Psh4wyYx/izhzvX9P4D69aTxcdfVhEPhjK+wYyn/PzLjKbbw==", "dev": true, + "license": "Apache-2.0", "dependencies": { "@aws-crypto/crc32": "5.2.0", - "@smithy/types": "^4.1.0", - "@smithy/util-hex-encoding": "^4.0.0", + "@smithy/types": "^4.12.0", + "@smithy/util-hex-encoding": "^4.2.0", "tslib": "^2.6.2" }, "engines": { @@ -2134,13 +2340,14 @@ } }, "node_modules/@smithy/eventstream-serde-browser": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/@smithy/eventstream-serde-browser/-/eventstream-serde-browser-4.0.1.tgz", - "integrity": "sha512-HbIybmz5rhNg+zxKiyVAnvdM3vkzjE6ccrJ620iPL8IXcJEntd3hnBl+ktMwIy12Te/kyrSbUb8UCdnUT4QEdA==", + "version": "4.2.8", + "resolved": "https://registry.npmjs.org/@smithy/eventstream-serde-browser/-/eventstream-serde-browser-4.2.8.tgz", + "integrity": "sha512-MTfQT/CRQz5g24ayXdjg53V0mhucZth4PESoA5IhvaWVDTOQLfo8qI9vzqHcPsdd2v6sqfTYqF5L/l+pea5Uyw==", "dev": true, + "license": "Apache-2.0", "dependencies": { - "@smithy/eventstream-serde-universal": "^4.0.1", - "@smithy/types": "^4.1.0", + "@smithy/eventstream-serde-universal": "^4.2.8", + "@smithy/types": "^4.12.0", "tslib": "^2.6.2" }, "engines": { @@ -2148,12 +2355,13 @@ } }, "node_modules/@smithy/eventstream-serde-config-resolver": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/@smithy/eventstream-serde-config-resolver/-/eventstream-serde-config-resolver-4.0.1.tgz", - "integrity": "sha512-lSipaiq3rmHguHa3QFF4YcCM3VJOrY9oq2sow3qlhFY+nBSTF/nrO82MUQRPrxHQXA58J5G1UnU2WuJfi465BA==", + "version": "4.3.8", + "resolved": "https://registry.npmjs.org/@smithy/eventstream-serde-config-resolver/-/eventstream-serde-config-resolver-4.3.8.tgz", + "integrity": "sha512-ah12+luBiDGzBruhu3efNy1IlbwSEdNiw8fOZksoKoWW1ZHvO/04MQsdnws/9Aj+5b0YXSSN2JXKy/ClIsW8MQ==", "dev": true, + "license": "Apache-2.0", "dependencies": { - "@smithy/types": "^4.1.0", + "@smithy/types": "^4.12.0", "tslib": "^2.6.2" }, "engines": { @@ -2161,13 +2369,14 @@ } }, "node_modules/@smithy/eventstream-serde-node": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/@smithy/eventstream-serde-node/-/eventstream-serde-node-4.0.1.tgz", - "integrity": "sha512-o4CoOI6oYGYJ4zXo34U8X9szDe3oGjmHgsMGiZM0j4vtNoT+h80TLnkUcrLZR3+E6HIxqW+G+9WHAVfl0GXK0Q==", + "version": "4.2.8", + "resolved": "https://registry.npmjs.org/@smithy/eventstream-serde-node/-/eventstream-serde-node-4.2.8.tgz", + "integrity": "sha512-cYpCpp29z6EJHa5T9WL0KAlq3SOKUQkcgSoeRfRVwjGgSFl7Uh32eYGt7IDYCX20skiEdRffyDpvF2efEZPC0A==", "dev": true, + "license": "Apache-2.0", "dependencies": { - "@smithy/eventstream-serde-universal": "^4.0.1", - "@smithy/types": "^4.1.0", + "@smithy/eventstream-serde-universal": "^4.2.8", + "@smithy/types": "^4.12.0", "tslib": "^2.6.2" }, "engines": { @@ -2175,13 +2384,14 @@ } }, "node_modules/@smithy/eventstream-serde-universal": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/@smithy/eventstream-serde-universal/-/eventstream-serde-universal-4.0.1.tgz", - "integrity": "sha512-Z94uZp0tGJuxds3iEAZBqGU2QiaBHP4YytLUjwZWx+oUeohCsLyUm33yp4MMBmhkuPqSbQCXq5hDet6JGUgHWA==", + "version": "4.2.8", + "resolved": "https://registry.npmjs.org/@smithy/eventstream-serde-universal/-/eventstream-serde-universal-4.2.8.tgz", + "integrity": "sha512-iJ6YNJd0bntJYnX6s52NC4WFYcZeKrPUr1Kmmr5AwZcwCSzVpS7oavAmxMR7pMq7V+D1G4s9F5NJK0xwOsKAlQ==", "dev": true, + "license": "Apache-2.0", "dependencies": { - "@smithy/eventstream-codec": "^4.0.1", - "@smithy/types": "^4.1.0", + "@smithy/eventstream-codec": "^4.2.8", + "@smithy/types": "^4.12.0", "tslib": "^2.6.2" }, "engines": { @@ -2189,15 +2399,16 @@ } }, "node_modules/@smithy/fetch-http-handler": { - "version": "5.0.1", - "resolved": "https://registry.npmjs.org/@smithy/fetch-http-handler/-/fetch-http-handler-5.0.1.tgz", - "integrity": "sha512-3aS+fP28urrMW2KTjb6z9iFow6jO8n3MFfineGbndvzGZit3taZhKWtTorf+Gp5RpFDDafeHlhfsGlDCXvUnJA==", + "version": "5.3.9", + "resolved": "https://registry.npmjs.org/@smithy/fetch-http-handler/-/fetch-http-handler-5.3.9.tgz", + "integrity": "sha512-I4UhmcTYXBrct03rwzQX1Y/iqQlzVQaPxWjCjula++5EmWq9YGBrx6bbGqluGc1f0XEfhSkiY4jhLgbsJUMKRA==", "dev": true, + "license": "Apache-2.0", "dependencies": { - "@smithy/protocol-http": "^5.0.1", - "@smithy/querystring-builder": "^4.0.1", - "@smithy/types": "^4.1.0", - "@smithy/util-base64": "^4.0.0", + "@smithy/protocol-http": "^5.3.8", + "@smithy/querystring-builder": "^4.2.8", + "@smithy/types": "^4.12.0", + "@smithy/util-base64": "^4.3.0", "tslib": "^2.6.2" }, "engines": { @@ -2205,14 +2416,15 @@ } }, "node_modules/@smithy/hash-blob-browser": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/@smithy/hash-blob-browser/-/hash-blob-browser-4.0.1.tgz", - "integrity": "sha512-rkFIrQOKZGS6i1D3gKJ8skJ0RlXqDvb1IyAphksaFOMzkn3v3I1eJ8m7OkLj0jf1McP63rcCEoLlkAn/HjcTRw==", + "version": "4.2.9", + "resolved": "https://registry.npmjs.org/@smithy/hash-blob-browser/-/hash-blob-browser-4.2.9.tgz", + "integrity": "sha512-m80d/iicI7DlBDxyQP6Th7BW/ejDGiF0bgI754+tiwK0lgMkcaIBgvwwVc7OFbY4eUzpGtnig52MhPAEJ7iNYg==", "dev": true, + "license": "Apache-2.0", "dependencies": { - "@smithy/chunked-blob-reader": "^5.0.0", - "@smithy/chunked-blob-reader-native": "^4.0.0", - "@smithy/types": "^4.1.0", + "@smithy/chunked-blob-reader": "^5.2.0", + "@smithy/chunked-blob-reader-native": "^4.2.1", + "@smithy/types": "^4.12.0", "tslib": "^2.6.2" }, "engines": { @@ -2220,14 +2432,15 @@ } }, "node_modules/@smithy/hash-node": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/@smithy/hash-node/-/hash-node-4.0.1.tgz", - "integrity": "sha512-TJ6oZS+3r2Xu4emVse1YPB3Dq3d8RkZDKcPr71Nj/lJsdAP1c7oFzYqEn1IBc915TsgLl2xIJNuxCz+gLbLE0w==", + "version": "4.2.8", + "resolved": "https://registry.npmjs.org/@smithy/hash-node/-/hash-node-4.2.8.tgz", + "integrity": "sha512-7ZIlPbmaDGxVoxErDZnuFG18WekhbA/g2/i97wGj+wUBeS6pcUeAym8u4BXh/75RXWhgIJhyC11hBzig6MljwA==", "dev": true, + "license": "Apache-2.0", "dependencies": { - "@smithy/types": "^4.1.0", - "@smithy/util-buffer-from": "^4.0.0", - "@smithy/util-utf8": "^4.0.0", + "@smithy/types": "^4.12.0", + "@smithy/util-buffer-from": "^4.2.0", + "@smithy/util-utf8": "^4.2.0", "tslib": "^2.6.2" }, "engines": { @@ -2235,13 +2448,14 @@ } }, "node_modules/@smithy/hash-stream-node": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/@smithy/hash-stream-node/-/hash-stream-node-4.0.1.tgz", - "integrity": "sha512-U1rAE1fxmReCIr6D2o/4ROqAQX+GffZpyMt3d7njtGDr2pUNmAKRWa49gsNVhCh2vVAuf3wXzWwNr2YN8PAXIw==", + "version": "4.2.8", + "resolved": "https://registry.npmjs.org/@smithy/hash-stream-node/-/hash-stream-node-4.2.8.tgz", + "integrity": "sha512-v0FLTXgHrTeheYZFGhR+ehX5qUm4IQsjAiL9qehad2cyjMWcN2QG6/4mSwbSgEQzI7jwfoXj7z4fxZUx/Mhj2w==", "dev": true, + "license": "Apache-2.0", "dependencies": { - "@smithy/types": "^4.1.0", - "@smithy/util-utf8": "^4.0.0", + "@smithy/types": "^4.12.0", + "@smithy/util-utf8": "^4.2.0", "tslib": "^2.6.2" }, "engines": { @@ -2249,12 +2463,13 @@ } }, "node_modules/@smithy/invalid-dependency": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/@smithy/invalid-dependency/-/invalid-dependency-4.0.1.tgz", - "integrity": "sha512-gdudFPf4QRQ5pzj7HEnu6FhKRi61BfH/Gk5Yf6O0KiSbr1LlVhgjThcvjdu658VE6Nve8vaIWB8/fodmS1rBPQ==", + "version": "4.2.8", + "resolved": "https://registry.npmjs.org/@smithy/invalid-dependency/-/invalid-dependency-4.2.8.tgz", + "integrity": "sha512-N9iozRybwAQ2dn9Fot9kI6/w9vos2oTXLhtK7ovGqwZjlOcxu6XhPlpLpC+INsxktqHinn5gS2DXDjDF2kG5sQ==", "dev": true, + "license": "Apache-2.0", "dependencies": { - "@smithy/types": "^4.1.0", + "@smithy/types": "^4.12.0", "tslib": "^2.6.2" }, "engines": { @@ -2262,10 +2477,11 @@ } }, "node_modules/@smithy/is-array-buffer": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/@smithy/is-array-buffer/-/is-array-buffer-4.0.0.tgz", - "integrity": "sha512-saYhF8ZZNoJDTvJBEWgeBccCg+yvp1CX+ed12yORU3NilJScfc6gfch2oVb4QgxZrGUx3/ZJlb+c/dJbyupxlw==", + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/@smithy/is-array-buffer/-/is-array-buffer-4.2.0.tgz", + "integrity": "sha512-DZZZBvC7sjcYh4MazJSGiWMI2L7E0oCiRHREDzIxi/M2LY79/21iXt6aPLHge82wi5LsuRF5A06Ds3+0mlh6CQ==", "dev": true, + "license": "Apache-2.0", "dependencies": { "tslib": "^2.6.2" }, @@ -2274,13 +2490,14 @@ } }, "node_modules/@smithy/md5-js": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/@smithy/md5-js/-/md5-js-4.0.1.tgz", - "integrity": "sha512-HLZ647L27APi6zXkZlzSFZIjpo8po45YiyjMGJZM3gyDY8n7dPGdmxIIljLm4gPt/7rRvutLTTkYJpZVfG5r+A==", + "version": "4.2.8", + "resolved": "https://registry.npmjs.org/@smithy/md5-js/-/md5-js-4.2.8.tgz", + "integrity": "sha512-oGMaLj4tVZzLi3itBa9TCswgMBr7k9b+qKYowQ6x1rTyTuO1IU2YHdHUa+891OsOH+wCsH7aTPRsTJO3RMQmjQ==", "dev": true, + "license": "Apache-2.0", "dependencies": { - "@smithy/types": "^4.1.0", - "@smithy/util-utf8": "^4.0.0", + "@smithy/types": "^4.12.0", + "@smithy/util-utf8": "^4.2.0", "tslib": "^2.6.2" }, "engines": { @@ -2288,13 +2505,14 @@ } }, "node_modules/@smithy/middleware-content-length": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/@smithy/middleware-content-length/-/middleware-content-length-4.0.1.tgz", - "integrity": "sha512-OGXo7w5EkB5pPiac7KNzVtfCW2vKBTZNuCctn++TTSOMpe6RZO/n6WEC1AxJINn3+vWLKW49uad3lo/u0WJ9oQ==", + "version": "4.2.8", + "resolved": "https://registry.npmjs.org/@smithy/middleware-content-length/-/middleware-content-length-4.2.8.tgz", + "integrity": "sha512-RO0jeoaYAB1qBRhfVyq0pMgBoUK34YEJxVxyjOWYZiOKOq2yMZ4MnVXMZCUDenpozHue207+9P5ilTV1zeda0A==", "dev": true, + "license": "Apache-2.0", "dependencies": { - "@smithy/protocol-http": "^5.0.1", - "@smithy/types": "^4.1.0", + "@smithy/protocol-http": "^5.3.8", + "@smithy/types": "^4.12.0", "tslib": "^2.6.2" }, "engines": { @@ -2302,18 +2520,19 @@ } }, "node_modules/@smithy/middleware-endpoint": { - "version": "4.0.3", - "resolved": "https://registry.npmjs.org/@smithy/middleware-endpoint/-/middleware-endpoint-4.0.3.tgz", - "integrity": "sha512-YdbmWhQF5kIxZjWqPIgboVfi8i5XgiYMM7GGKFMTvBei4XjNQfNv8sukT50ITvgnWKKKpOtp0C0h7qixLgb77Q==", + "version": "4.4.11", + "resolved": "https://registry.npmjs.org/@smithy/middleware-endpoint/-/middleware-endpoint-4.4.11.tgz", + "integrity": "sha512-/WqsrycweGGfb9sSzME4CrsuayjJF6BueBmkKlcbeU5q18OhxRrvvKlmfw3tpDsK5ilx2XUJvoukwxHB0nHs/Q==", "dev": true, + "license": "Apache-2.0", "dependencies": { - "@smithy/core": "^3.1.2", - "@smithy/middleware-serde": "^4.0.2", - "@smithy/node-config-provider": "^4.0.1", - "@smithy/shared-ini-file-loader": "^4.0.1", - "@smithy/types": "^4.1.0", - "@smithy/url-parser": "^4.0.1", - "@smithy/util-middleware": "^4.0.1", + "@smithy/core": "^3.21.1", + "@smithy/middleware-serde": "^4.2.9", + "@smithy/node-config-provider": "^4.3.8", + "@smithy/shared-ini-file-loader": "^4.4.3", + "@smithy/types": "^4.12.0", + "@smithy/url-parser": "^4.2.8", + "@smithy/util-middleware": "^4.2.8", "tslib": "^2.6.2" }, "engines": { @@ -2321,32 +2540,35 @@ } }, "node_modules/@smithy/middleware-retry": { - "version": "4.0.4", - "resolved": "https://registry.npmjs.org/@smithy/middleware-retry/-/middleware-retry-4.0.4.tgz", - "integrity": "sha512-wmxyUBGHaYUqul0wZiset4M39SMtDBOtUr2KpDuftKNN74Do9Y36Go6Eqzj9tL0mIPpr31ulB5UUtxcsCeGXsQ==", + "version": "4.4.28", + "resolved": "https://registry.npmjs.org/@smithy/middleware-retry/-/middleware-retry-4.4.28.tgz", + "integrity": "sha512-/oTx98KEvnadWVJYrWp2JttP/Xkj0VzRljgYD3d+tY+tuhdm0ymvOa55Khap0TGv0QwZl968b1EJB0enhShOJQ==", "dev": true, + "license": "Apache-2.0", "dependencies": { - "@smithy/node-config-provider": "^4.0.1", - "@smithy/protocol-http": "^5.0.1", - "@smithy/service-error-classification": "^4.0.1", - "@smithy/smithy-client": "^4.1.3", - "@smithy/types": "^4.1.0", - "@smithy/util-middleware": "^4.0.1", - "@smithy/util-retry": "^4.0.1", - "tslib": "^2.6.2", - "uuid": "^9.0.1" + "@smithy/node-config-provider": "^4.3.8", + "@smithy/protocol-http": "^5.3.8", + "@smithy/service-error-classification": "^4.2.8", + "@smithy/smithy-client": "^4.11.0", + "@smithy/types": "^4.12.0", + "@smithy/util-middleware": "^4.2.8", + "@smithy/util-retry": "^4.2.8", + "@smithy/uuid": "^1.1.0", + "tslib": "^2.6.2" }, "engines": { "node": ">=18.0.0" } }, "node_modules/@smithy/middleware-serde": { - "version": "4.0.2", - "resolved": "https://registry.npmjs.org/@smithy/middleware-serde/-/middleware-serde-4.0.2.tgz", - "integrity": "sha512-Sdr5lOagCn5tt+zKsaW+U2/iwr6bI9p08wOkCp6/eL6iMbgdtc2R5Ety66rf87PeohR0ExI84Txz9GYv5ou3iQ==", + "version": "4.2.9", + "resolved": "https://registry.npmjs.org/@smithy/middleware-serde/-/middleware-serde-4.2.9.tgz", + "integrity": "sha512-eMNiej0u/snzDvlqRGSN3Vl0ESn3838+nKyVfF2FKNXFbi4SERYT6PR392D39iczngbqqGG0Jl1DlCnp7tBbXQ==", "dev": true, + "license": "Apache-2.0", "dependencies": { - "@smithy/types": "^4.1.0", + "@smithy/protocol-http": "^5.3.8", + "@smithy/types": "^4.12.0", "tslib": "^2.6.2" }, "engines": { @@ -2354,12 +2576,13 @@ } }, "node_modules/@smithy/middleware-stack": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/@smithy/middleware-stack/-/middleware-stack-4.0.1.tgz", - "integrity": "sha512-dHwDmrtR/ln8UTHpaIavRSzeIk5+YZTBtLnKwDW3G2t6nAupCiQUvNzNoHBpik63fwUaJPtlnMzXbQrNFWssIA==", + "version": "4.2.8", + "resolved": "https://registry.npmjs.org/@smithy/middleware-stack/-/middleware-stack-4.2.8.tgz", + "integrity": "sha512-w6LCfOviTYQjBctOKSwy6A8FIkQy7ICvglrZFl6Bw4FmcQ1Z420fUtIhxaUZZshRe0VCq4kvDiPiXrPZAe8oRA==", "dev": true, + "license": "Apache-2.0", "dependencies": { - "@smithy/types": "^4.1.0", + "@smithy/types": "^4.12.0", "tslib": "^2.6.2" }, "engines": { @@ -2367,14 +2590,15 @@ } }, "node_modules/@smithy/node-config-provider": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/@smithy/node-config-provider/-/node-config-provider-4.0.1.tgz", - "integrity": "sha512-8mRTjvCtVET8+rxvmzRNRR0hH2JjV0DFOmwXPrISmTIJEfnCBugpYYGAsCj8t41qd+RB5gbheSQ/6aKZCQvFLQ==", + "version": "4.3.8", + "resolved": "https://registry.npmjs.org/@smithy/node-config-provider/-/node-config-provider-4.3.8.tgz", + "integrity": "sha512-aFP1ai4lrbVlWjfpAfRSL8KFcnJQYfTl5QxLJXY32vghJrDuFyPZ6LtUL+JEGYiFRG1PfPLHLoxj107ulncLIg==", "dev": true, + "license": "Apache-2.0", "dependencies": { - "@smithy/property-provider": "^4.0.1", - "@smithy/shared-ini-file-loader": "^4.0.1", - "@smithy/types": "^4.1.0", + "@smithy/property-provider": "^4.2.8", + "@smithy/shared-ini-file-loader": "^4.4.3", + "@smithy/types": "^4.12.0", "tslib": "^2.6.2" }, "engines": { @@ -2382,15 +2606,16 @@ } }, "node_modules/@smithy/node-http-handler": { - "version": "4.0.2", - "resolved": "https://registry.npmjs.org/@smithy/node-http-handler/-/node-http-handler-4.0.2.tgz", - "integrity": "sha512-X66H9aah9hisLLSnGuzRYba6vckuFtGE+a5DcHLliI/YlqKrGoxhisD5XbX44KyoeRzoNlGr94eTsMVHFAzPOw==", + "version": "4.4.8", + "resolved": "https://registry.npmjs.org/@smithy/node-http-handler/-/node-http-handler-4.4.8.tgz", + "integrity": "sha512-q9u+MSbJVIJ1QmJ4+1u+cERXkrhuILCBDsJUBAW1MPE6sFonbCNaegFuwW9ll8kh5UdyY3jOkoOGlc7BesoLpg==", "dev": true, + "license": "Apache-2.0", "dependencies": { - "@smithy/abort-controller": "^4.0.1", - "@smithy/protocol-http": "^5.0.1", - "@smithy/querystring-builder": "^4.0.1", - "@smithy/types": "^4.1.0", + "@smithy/abort-controller": "^4.2.8", + "@smithy/protocol-http": "^5.3.8", + "@smithy/querystring-builder": "^4.2.8", + "@smithy/types": "^4.12.0", "tslib": "^2.6.2" }, "engines": { @@ -2398,12 +2623,13 @@ } }, "node_modules/@smithy/property-provider": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/@smithy/property-provider/-/property-provider-4.0.1.tgz", - "integrity": "sha512-o+VRiwC2cgmk/WFV0jaETGOtX16VNPp2bSQEzu0whbReqE1BMqsP2ami2Vi3cbGVdKu1kq9gQkDAGKbt0WOHAQ==", + "version": "4.2.8", + "resolved": "https://registry.npmjs.org/@smithy/property-provider/-/property-provider-4.2.8.tgz", + "integrity": "sha512-EtCTbyIveCKeOXDSWSdze3k612yCPq1YbXsbqX3UHhkOSW8zKsM9NOJG5gTIya0vbY2DIaieG8pKo1rITHYL0w==", "dev": true, + "license": "Apache-2.0", "dependencies": { - "@smithy/types": "^4.1.0", + "@smithy/types": "^4.12.0", "tslib": "^2.6.2" }, "engines": { @@ -2411,12 +2637,13 @@ } }, "node_modules/@smithy/protocol-http": { - "version": "5.0.1", - "resolved": "https://registry.npmjs.org/@smithy/protocol-http/-/protocol-http-5.0.1.tgz", - "integrity": "sha512-TE4cpj49jJNB/oHyh/cRVEgNZaoPaxd4vteJNB0yGidOCVR0jCw/hjPVsT8Q8FRmj8Bd3bFZt8Dh7xGCT+xMBQ==", + "version": "5.3.8", + "resolved": "https://registry.npmjs.org/@smithy/protocol-http/-/protocol-http-5.3.8.tgz", + "integrity": "sha512-QNINVDhxpZ5QnP3aviNHQFlRogQZDfYlCkQT+7tJnErPQbDhysondEjhikuANxgMsZrkGeiAxXy4jguEGsDrWQ==", "dev": true, + "license": "Apache-2.0", "dependencies": { - "@smithy/types": "^4.1.0", + "@smithy/types": "^4.12.0", "tslib": "^2.6.2" }, "engines": { @@ -2424,13 +2651,14 @@ } }, "node_modules/@smithy/querystring-builder": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/@smithy/querystring-builder/-/querystring-builder-4.0.1.tgz", - "integrity": "sha512-wU87iWZoCbcqrwszsOewEIuq+SU2mSoBE2CcsLwE0I19m0B2gOJr1MVjxWcDQYOzHbR1xCk7AcOBbGFUYOKvdg==", + "version": "4.2.8", + "resolved": "https://registry.npmjs.org/@smithy/querystring-builder/-/querystring-builder-4.2.8.tgz", + "integrity": "sha512-Xr83r31+DrE8CP3MqPgMJl+pQlLLmOfiEUnoyAlGzzJIrEsbKsPy1hqH0qySaQm4oWrCBlUqRt+idEgunKB+iw==", "dev": true, + "license": "Apache-2.0", "dependencies": { - "@smithy/types": "^4.1.0", - "@smithy/util-uri-escape": "^4.0.0", + "@smithy/types": "^4.12.0", + "@smithy/util-uri-escape": "^4.2.0", "tslib": "^2.6.2" }, "engines": { @@ -2438,12 +2666,13 @@ } }, "node_modules/@smithy/querystring-parser": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/@smithy/querystring-parser/-/querystring-parser-4.0.1.tgz", - "integrity": "sha512-Ma2XC7VS9aV77+clSFylVUnPZRindhB7BbmYiNOdr+CHt/kZNJoPP0cd3QxCnCFyPXC4eybmyE98phEHkqZ5Jw==", + "version": "4.2.8", + "resolved": "https://registry.npmjs.org/@smithy/querystring-parser/-/querystring-parser-4.2.8.tgz", + "integrity": "sha512-vUurovluVy50CUlazOiXkPq40KGvGWSdmusa3130MwrR1UNnNgKAlj58wlOe61XSHRpUfIIh6cE0zZ8mzKaDPA==", "dev": true, + "license": "Apache-2.0", "dependencies": { - "@smithy/types": "^4.1.0", + "@smithy/types": "^4.12.0", "tslib": "^2.6.2" }, "engines": { @@ -2451,24 +2680,26 @@ } }, "node_modules/@smithy/service-error-classification": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/@smithy/service-error-classification/-/service-error-classification-4.0.1.tgz", - "integrity": "sha512-3JNjBfOWpj/mYfjXJHB4Txc/7E4LVq32bwzE7m28GN79+M1f76XHflUaSUkhOriprPDzev9cX/M+dEB80DNDKA==", + "version": "4.2.8", + "resolved": "https://registry.npmjs.org/@smithy/service-error-classification/-/service-error-classification-4.2.8.tgz", + "integrity": "sha512-mZ5xddodpJhEt3RkCjbmUQuXUOaPNTkbMGR0bcS8FE0bJDLMZlhmpgrvPNCYglVw5rsYTpSnv19womw9WWXKQQ==", "dev": true, + "license": "Apache-2.0", "dependencies": { - "@smithy/types": "^4.1.0" + "@smithy/types": "^4.12.0" }, "engines": { "node": ">=18.0.0" } }, "node_modules/@smithy/shared-ini-file-loader": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/@smithy/shared-ini-file-loader/-/shared-ini-file-loader-4.0.1.tgz", - "integrity": "sha512-hC8F6qTBbuHRI/uqDgqqi6J0R4GtEZcgrZPhFQnMhfJs3MnUTGSnR1NSJCJs5VWlMydu0kJz15M640fJlRsIOw==", + "version": "4.4.3", + "resolved": "https://registry.npmjs.org/@smithy/shared-ini-file-loader/-/shared-ini-file-loader-4.4.3.tgz", + "integrity": "sha512-DfQjxXQnzC5UbCUPeC3Ie8u+rIWZTvuDPAGU/BxzrOGhRvgUanaP68kDZA+jaT3ZI+djOf+4dERGlm9mWfFDrg==", "dev": true, + "license": "Apache-2.0", "dependencies": { - "@smithy/types": "^4.1.0", + "@smithy/types": "^4.12.0", "tslib": "^2.6.2" }, "engines": { @@ -2476,18 +2707,19 @@ } }, "node_modules/@smithy/signature-v4": { - "version": "5.0.1", - "resolved": "https://registry.npmjs.org/@smithy/signature-v4/-/signature-v4-5.0.1.tgz", - "integrity": "sha512-nCe6fQ+ppm1bQuw5iKoeJ0MJfz2os7Ic3GBjOkLOPtavbD1ONoyE3ygjBfz2ythFWm4YnRm6OxW+8p/m9uCoIA==", + "version": "5.3.8", + "resolved": "https://registry.npmjs.org/@smithy/signature-v4/-/signature-v4-5.3.8.tgz", + "integrity": "sha512-6A4vdGj7qKNRF16UIcO8HhHjKW27thsxYci+5r/uVRkdcBEkOEiY8OMPuydLX4QHSrJqGHPJzPRwwVTqbLZJhg==", "dev": true, + "license": "Apache-2.0", "dependencies": { - "@smithy/is-array-buffer": "^4.0.0", - "@smithy/protocol-http": "^5.0.1", - "@smithy/types": "^4.1.0", - "@smithy/util-hex-encoding": "^4.0.0", - "@smithy/util-middleware": "^4.0.1", - "@smithy/util-uri-escape": "^4.0.0", - "@smithy/util-utf8": "^4.0.0", + "@smithy/is-array-buffer": "^4.2.0", + "@smithy/protocol-http": "^5.3.8", + "@smithy/types": "^4.12.0", + "@smithy/util-hex-encoding": "^4.2.0", + "@smithy/util-middleware": "^4.2.8", + "@smithy/util-uri-escape": "^4.2.0", + "@smithy/util-utf8": "^4.2.0", "tslib": "^2.6.2" }, "engines": { @@ -2495,17 +2727,18 @@ } }, "node_modules/@smithy/smithy-client": { - "version": "4.1.3", - "resolved": "https://registry.npmjs.org/@smithy/smithy-client/-/smithy-client-4.1.3.tgz", - "integrity": "sha512-A2Hz85pu8BJJaYFdX8yb1yocqigyqBzn+OVaVgm+Kwi/DkN8vhN2kbDVEfADo6jXf5hPKquMLGA3UINA64UZ7A==", + "version": "4.11.0", + "resolved": "https://registry.npmjs.org/@smithy/smithy-client/-/smithy-client-4.11.0.tgz", + "integrity": "sha512-hh9EaLBoiPG3NUlJ4c/JGJMTBtSWGm6PCcLjMoUKn64aWIxuV13+cgeYPz7MT8FpZ+tBAmo38l0C5i2BD5iq4g==", "dev": true, + "license": "Apache-2.0", "dependencies": { - "@smithy/core": "^3.1.2", - "@smithy/middleware-endpoint": "^4.0.3", - "@smithy/middleware-stack": "^4.0.1", - "@smithy/protocol-http": "^5.0.1", - "@smithy/types": "^4.1.0", - "@smithy/util-stream": "^4.0.2", + "@smithy/core": "^3.21.1", + "@smithy/middleware-endpoint": "^4.4.11", + "@smithy/middleware-stack": "^4.2.8", + "@smithy/protocol-http": "^5.3.8", + "@smithy/types": "^4.12.0", + "@smithy/util-stream": "^4.5.10", "tslib": "^2.6.2" }, "engines": { @@ -2513,10 +2746,11 @@ } }, "node_modules/@smithy/types": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/@smithy/types/-/types-4.1.0.tgz", - "integrity": "sha512-enhjdwp4D7CXmwLtD6zbcDMbo6/T6WtuuKCY49Xxc6OMOmUWlBEBDREsxxgV2LIdeQPW756+f97GzcgAwp3iLw==", + "version": "4.12.0", + "resolved": "https://registry.npmjs.org/@smithy/types/-/types-4.12.0.tgz", + "integrity": "sha512-9YcuJVTOBDjg9LWo23Qp0lTQ3D7fQsQtwle0jVfpbUHy9qBwCEgKuVH4FqFB3VYu0nwdHKiEMA+oXz7oV8X1kw==", "dev": true, + "license": "Apache-2.0", "dependencies": { "tslib": "^2.6.2" }, @@ -2525,13 +2759,14 @@ } }, "node_modules/@smithy/url-parser": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/@smithy/url-parser/-/url-parser-4.0.1.tgz", - "integrity": "sha512-gPXcIEUtw7VlK8f/QcruNXm7q+T5hhvGu9tl63LsJPZ27exB6dtNwvh2HIi0v7JcXJ5emBxB+CJxwaLEdJfA+g==", + "version": "4.2.8", + "resolved": "https://registry.npmjs.org/@smithy/url-parser/-/url-parser-4.2.8.tgz", + "integrity": "sha512-NQho9U68TGMEU639YkXnVMV3GEFFULmmaWdlu1E9qzyIePOHsoSnagTGSDv1Zi8DCNN6btxOSdgmy5E/hsZwhA==", "dev": true, + "license": "Apache-2.0", "dependencies": { - "@smithy/querystring-parser": "^4.0.1", - "@smithy/types": "^4.1.0", + "@smithy/querystring-parser": "^4.2.8", + "@smithy/types": "^4.12.0", "tslib": "^2.6.2" }, "engines": { @@ -2539,13 +2774,14 @@ } }, "node_modules/@smithy/util-base64": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/@smithy/util-base64/-/util-base64-4.0.0.tgz", - "integrity": "sha512-CvHfCmO2mchox9kjrtzoHkWHxjHZzaFojLc8quxXY7WAAMAg43nuxwv95tATVgQFNDwd4M9S1qFzj40Ul41Kmg==", + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/@smithy/util-base64/-/util-base64-4.3.0.tgz", + "integrity": "sha512-GkXZ59JfyxsIwNTWFnjmFEI8kZpRNIBfxKjv09+nkAWPt/4aGaEWMM04m4sxgNVWkbt2MdSvE3KF/PfX4nFedQ==", "dev": true, + "license": "Apache-2.0", "dependencies": { - "@smithy/util-buffer-from": "^4.0.0", - "@smithy/util-utf8": "^4.0.0", + "@smithy/util-buffer-from": "^4.2.0", + "@smithy/util-utf8": "^4.2.0", "tslib": "^2.6.2" }, "engines": { @@ -2553,10 +2789,11 @@ } }, "node_modules/@smithy/util-body-length-browser": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/@smithy/util-body-length-browser/-/util-body-length-browser-4.0.0.tgz", - "integrity": "sha512-sNi3DL0/k64/LO3A256M+m3CDdG6V7WKWHdAiBBMUN8S3hK3aMPhwnPik2A/a2ONN+9doY9UxaLfgqsIRg69QA==", + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/@smithy/util-body-length-browser/-/util-body-length-browser-4.2.0.tgz", + "integrity": "sha512-Fkoh/I76szMKJnBXWPdFkQJl2r9SjPt3cMzLdOB6eJ4Pnpas8hVoWPYemX/peO0yrrvldgCUVJqOAjUrOLjbxg==", "dev": true, + "license": "Apache-2.0", "dependencies": { "tslib": "^2.6.2" }, @@ -2565,10 +2802,11 @@ } }, "node_modules/@smithy/util-body-length-node": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/@smithy/util-body-length-node/-/util-body-length-node-4.0.0.tgz", - "integrity": "sha512-q0iDP3VsZzqJyje8xJWEJCNIu3lktUGVoSy1KB0UWym2CL1siV3artm+u1DFYTLejpsrdGyCSWBdGNjJzfDPjg==", + "version": "4.2.1", + "resolved": "https://registry.npmjs.org/@smithy/util-body-length-node/-/util-body-length-node-4.2.1.tgz", + "integrity": "sha512-h53dz/pISVrVrfxV1iqXlx5pRg3V2YWFcSQyPyXZRrZoZj4R4DeWRDo1a7dd3CPTcFi3kE+98tuNyD2axyZReA==", "dev": true, + "license": "Apache-2.0", "dependencies": { "tslib": "^2.6.2" }, @@ -2577,12 +2815,13 @@ } }, "node_modules/@smithy/util-buffer-from": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/@smithy/util-buffer-from/-/util-buffer-from-4.0.0.tgz", - "integrity": "sha512-9TOQ7781sZvddgO8nxueKi3+yGvkY35kotA0Y6BWRajAv8jjmigQ1sBwz0UX47pQMYXJPahSKEKYFgt+rXdcug==", + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/@smithy/util-buffer-from/-/util-buffer-from-4.2.0.tgz", + "integrity": "sha512-kAY9hTKulTNevM2nlRtxAG2FQ3B2OR6QIrPY3zE5LqJy1oxzmgBGsHLWTcNhWXKchgA0WHW+mZkQrng/pgcCew==", "dev": true, + "license": "Apache-2.0", "dependencies": { - "@smithy/is-array-buffer": "^4.0.0", + "@smithy/is-array-buffer": "^4.2.0", "tslib": "^2.6.2" }, "engines": { @@ -2590,10 +2829,11 @@ } }, "node_modules/@smithy/util-config-provider": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/@smithy/util-config-provider/-/util-config-provider-4.0.0.tgz", - "integrity": "sha512-L1RBVzLyfE8OXH+1hsJ8p+acNUSirQnWQ6/EgpchV88G6zGBTDPdXiiExei6Z1wR2RxYvxY/XLw6AMNCCt8H3w==", + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/@smithy/util-config-provider/-/util-config-provider-4.2.0.tgz", + "integrity": "sha512-YEjpl6XJ36FTKmD+kRJJWYvrHeUvm5ykaUS5xK+6oXffQPHeEM4/nXlZPe+Wu0lsgRUcNZiliYNh/y7q9c2y6Q==", "dev": true, + "license": "Apache-2.0", "dependencies": { "tslib": "^2.6.2" }, @@ -2602,15 +2842,15 @@ } }, "node_modules/@smithy/util-defaults-mode-browser": { - "version": "4.0.4", - "resolved": "https://registry.npmjs.org/@smithy/util-defaults-mode-browser/-/util-defaults-mode-browser-4.0.4.tgz", - "integrity": "sha512-Ej1bV5sbrIfH++KnWxjjzFNq9nyP3RIUq2c9Iqq7SmMO/idUR24sqvKH2LUQFTSPy/K7G4sB2m8n7YYlEAfZaw==", + "version": "4.3.27", + "resolved": "https://registry.npmjs.org/@smithy/util-defaults-mode-browser/-/util-defaults-mode-browser-4.3.27.tgz", + "integrity": "sha512-d9UYYgcMDVIveK83RCKJcxK+4gn0D65i9WqsWnXeS7/oALMU4KUANKjliBi+PEeDXlpXrlrr+i4MT7B2RREPbw==", "dev": true, + "license": "Apache-2.0", "dependencies": { - "@smithy/property-provider": "^4.0.1", - "@smithy/smithy-client": "^4.1.3", - "@smithy/types": "^4.1.0", - "bowser": "^2.11.0", + "@smithy/property-provider": "^4.2.8", + "@smithy/smithy-client": "^4.11.0", + "@smithy/types": "^4.12.0", "tslib": "^2.6.2" }, "engines": { @@ -2618,17 +2858,18 @@ } }, "node_modules/@smithy/util-defaults-mode-node": { - "version": "4.0.4", - "resolved": "https://registry.npmjs.org/@smithy/util-defaults-mode-node/-/util-defaults-mode-node-4.0.4.tgz", - "integrity": "sha512-HE1I7gxa6yP7ZgXPCFfZSDmVmMtY7SHqzFF55gM/GPegzZKaQWZZ+nYn9C2Cc3JltCMyWe63VPR3tSFDEvuGjw==", + "version": "4.2.30", + "resolved": "https://registry.npmjs.org/@smithy/util-defaults-mode-node/-/util-defaults-mode-node-4.2.30.tgz", + "integrity": "sha512-zmZY2gQhtirdKcV5lRm65vHw/8lbCo77UuK1sTRt5yxm7pNSVkbPPuadviwiTwXjeH7JZvygM7A1B6/XPqbwoQ==", "dev": true, + "license": "Apache-2.0", "dependencies": { - "@smithy/config-resolver": "^4.0.1", - "@smithy/credential-provider-imds": "^4.0.1", - "@smithy/node-config-provider": "^4.0.1", - "@smithy/property-provider": "^4.0.1", - "@smithy/smithy-client": "^4.1.3", - "@smithy/types": "^4.1.0", + "@smithy/config-resolver": "^4.4.6", + "@smithy/credential-provider-imds": "^4.2.8", + "@smithy/node-config-provider": "^4.3.8", + "@smithy/property-provider": "^4.2.8", + "@smithy/smithy-client": "^4.11.0", + "@smithy/types": "^4.12.0", "tslib": "^2.6.2" }, "engines": { @@ -2636,13 +2877,14 @@ } }, "node_modules/@smithy/util-endpoints": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/@smithy/util-endpoints/-/util-endpoints-3.0.1.tgz", - "integrity": "sha512-zVdUENQpdtn9jbpD9SCFK4+aSiavRb9BxEtw9ZGUR1TYo6bBHbIoi7VkrFQ0/RwZlzx0wRBaRmPclj8iAoJCLA==", + "version": "3.2.8", + "resolved": "https://registry.npmjs.org/@smithy/util-endpoints/-/util-endpoints-3.2.8.tgz", + "integrity": "sha512-8JaVTn3pBDkhZgHQ8R0epwWt+BqPSLCjdjXXusK1onwJlRuN69fbvSK66aIKKO7SwVFM6x2J2ox5X8pOaWcUEw==", "dev": true, + "license": "Apache-2.0", "dependencies": { - "@smithy/node-config-provider": "^4.0.1", - "@smithy/types": "^4.1.0", + "@smithy/node-config-provider": "^4.3.8", + "@smithy/types": "^4.12.0", "tslib": "^2.6.2" }, "engines": { @@ -2650,10 +2892,11 @@ } }, "node_modules/@smithy/util-hex-encoding": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/@smithy/util-hex-encoding/-/util-hex-encoding-4.0.0.tgz", - "integrity": "sha512-Yk5mLhHtfIgW2W2WQZWSg5kuMZCVbvhFmC7rV4IO2QqnZdbEFPmQnCcGMAX2z/8Qj3B9hYYNjZOhWym+RwhePw==", + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/@smithy/util-hex-encoding/-/util-hex-encoding-4.2.0.tgz", + "integrity": "sha512-CCQBwJIvXMLKxVbO88IukazJD9a4kQ9ZN7/UMGBjBcJYvatpWk+9g870El4cB8/EJxfe+k+y0GmR9CAzkF+Nbw==", "dev": true, + "license": "Apache-2.0", "dependencies": { "tslib": "^2.6.2" }, @@ -2662,12 +2905,13 @@ } }, "node_modules/@smithy/util-middleware": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/@smithy/util-middleware/-/util-middleware-4.0.1.tgz", - "integrity": "sha512-HiLAvlcqhbzhuiOa0Lyct5IIlyIz0PQO5dnMlmQ/ubYM46dPInB+3yQGkfxsk6Q24Y0n3/JmcA1v5iEhmOF5mA==", + "version": "4.2.8", + "resolved": "https://registry.npmjs.org/@smithy/util-middleware/-/util-middleware-4.2.8.tgz", + "integrity": "sha512-PMqfeJxLcNPMDgvPbbLl/2Vpin+luxqTGPpW3NAQVLbRrFRzTa4rNAASYeIGjRV9Ytuhzny39SpyU04EQreF+A==", "dev": true, + "license": "Apache-2.0", "dependencies": { - "@smithy/types": "^4.1.0", + "@smithy/types": "^4.12.0", "tslib": "^2.6.2" }, "engines": { @@ -2675,13 +2919,14 @@ } }, "node_modules/@smithy/util-retry": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/@smithy/util-retry/-/util-retry-4.0.1.tgz", - "integrity": "sha512-WmRHqNVwn3kI3rKk1LsKcVgPBG6iLTBGC1iYOV3GQegwJ3E8yjzHytPt26VNzOWr1qu0xE03nK0Ug8S7T7oufw==", + "version": "4.2.8", + "resolved": "https://registry.npmjs.org/@smithy/util-retry/-/util-retry-4.2.8.tgz", + "integrity": "sha512-CfJqwvoRY0kTGe5AkQokpURNCT1u/MkRzMTASWMPPo2hNSnKtF1D45dQl3DE2LKLr4m+PW9mCeBMJr5mCAVThg==", "dev": true, + "license": "Apache-2.0", "dependencies": { - "@smithy/service-error-classification": "^4.0.1", - "@smithy/types": "^4.1.0", + "@smithy/service-error-classification": "^4.2.8", + "@smithy/types": "^4.12.0", "tslib": "^2.6.2" }, "engines": { @@ -2689,18 +2934,19 @@ } }, "node_modules/@smithy/util-stream": { - "version": "4.0.2", - "resolved": "https://registry.npmjs.org/@smithy/util-stream/-/util-stream-4.0.2.tgz", - "integrity": "sha512-0eZ4G5fRzIoewtHtwaYyl8g2C+osYOT4KClXgfdNEDAgkbe2TYPqcnw4GAWabqkZCax2ihRGPe9LZnsPdIUIHA==", + "version": "4.5.10", + "resolved": "https://registry.npmjs.org/@smithy/util-stream/-/util-stream-4.5.10.tgz", + "integrity": "sha512-jbqemy51UFSZSp2y0ZmRfckmrzuKww95zT9BYMmuJ8v3altGcqjwoV1tzpOwuHaKrwQrCjIzOib499ymr2f98g==", "dev": true, + "license": "Apache-2.0", "dependencies": { - "@smithy/fetch-http-handler": "^5.0.1", - "@smithy/node-http-handler": "^4.0.2", - "@smithy/types": "^4.1.0", - "@smithy/util-base64": "^4.0.0", - "@smithy/util-buffer-from": "^4.0.0", - "@smithy/util-hex-encoding": "^4.0.0", - "@smithy/util-utf8": "^4.0.0", + "@smithy/fetch-http-handler": "^5.3.9", + "@smithy/node-http-handler": "^4.4.8", + "@smithy/types": "^4.12.0", + "@smithy/util-base64": "^4.3.0", + "@smithy/util-buffer-from": "^4.2.0", + "@smithy/util-hex-encoding": "^4.2.0", + "@smithy/util-utf8": "^4.2.0", "tslib": "^2.6.2" }, "engines": { @@ -2708,10 +2954,11 @@ } }, "node_modules/@smithy/util-uri-escape": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/@smithy/util-uri-escape/-/util-uri-escape-4.0.0.tgz", - "integrity": "sha512-77yfbCbQMtgtTylO9itEAdpPXSog3ZxMe09AEhm0dU0NLTalV70ghDZFR+Nfi1C60jnJoh/Re4090/DuZh2Omg==", + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/@smithy/util-uri-escape/-/util-uri-escape-4.2.0.tgz", + "integrity": "sha512-igZpCKV9+E/Mzrpq6YacdTQ0qTiLm85gD6N/IrmyDvQFA4UnU3d5g3m8tMT/6zG/vVkWSU+VxeUyGonL62DuxA==", "dev": true, + "license": "Apache-2.0", "dependencies": { "tslib": "^2.6.2" }, @@ -2720,12 +2967,13 @@ } }, "node_modules/@smithy/util-utf8": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/@smithy/util-utf8/-/util-utf8-4.0.0.tgz", - "integrity": "sha512-b+zebfKCfRdgNJDknHCob3O7FpeYQN6ZG6YLExMcasDHsCXlsXCEuiPZeLnJLpwa5dvPetGlnGCiMHuLwGvFow==", + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/@smithy/util-utf8/-/util-utf8-4.2.0.tgz", + "integrity": "sha512-zBPfuzoI8xyBtR2P6WQj63Rz8i3AmfAaJLuNG8dWsfvPe8lO4aCPYLn879mEgHndZH1zQ2oXmG8O1GGzzaoZiw==", "dev": true, + "license": "Apache-2.0", "dependencies": { - "@smithy/util-buffer-from": "^4.0.0", + "@smithy/util-buffer-from": "^4.2.0", "tslib": "^2.6.2" }, "engines": { @@ -2733,13 +2981,27 @@ } }, "node_modules/@smithy/util-waiter": { - "version": "4.0.2", - "resolved": "https://registry.npmjs.org/@smithy/util-waiter/-/util-waiter-4.0.2.tgz", - "integrity": "sha512-piUTHyp2Axx3p/kc2CIJkYSv0BAaheBQmbACZgQSSfWUumWNW+R1lL+H9PDBxKJkvOeEX+hKYEFiwO8xagL8AQ==", + "version": "4.2.8", + "resolved": "https://registry.npmjs.org/@smithy/util-waiter/-/util-waiter-4.2.8.tgz", + "integrity": "sha512-n+lahlMWk+aejGuax7DPWtqav8HYnWxQwR+LCG2BgCUmaGcTe9qZCFsmw8TMg9iG75HOwhrJCX9TCJRLH+Yzqg==", + "dev": true, + "license": "Apache-2.0", + "dependencies": { + "@smithy/abort-controller": "^4.2.8", + "@smithy/types": "^4.12.0", + "tslib": "^2.6.2" + }, + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/@smithy/uuid": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/@smithy/uuid/-/uuid-1.1.0.tgz", + "integrity": "sha512-4aUIteuyxtBUhVdiQqcDhKFitwfd9hqoSDYY2KRXiWtgoWJ9Bmise+KfEPDiVHWeJepvF8xJO9/9+WDIciMFFw==", "dev": true, + "license": "Apache-2.0", "dependencies": { - "@smithy/abort-controller": "^4.0.1", - "@smithy/types": "^4.1.0", "tslib": "^2.6.2" }, "engines": { @@ -3326,8 +3588,7 @@ "node_modules/argparse": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", - "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==", - "dev": true + "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==" }, "node_modules/array-union": { "version": "2.1.0", @@ -3730,10 +3991,11 @@ "dev": true }, "node_modules/bowser": { - "version": "2.11.0", - "resolved": "https://registry.npmjs.org/bowser/-/bowser-2.11.0.tgz", - "integrity": "sha512-AlcaJBi/pqqJBIQ8U9Mcpc9i8Aqxn88Skv5d+xBX006BY5u8N3mGLHa5Lgppa7L/HfwgwLgZ6NYs+Ag6uUmJRA==", - "dev": true + "version": "2.13.1", + "resolved": "https://registry.npmjs.org/bowser/-/bowser-2.13.1.tgz", + "integrity": "sha512-OHawaAbjwx6rqICCKgSG0SAnT05bzd7ppyKLVUITZpANBaaMFBAsaNkto3LoQ31tyFP5kNujE8Cdx85G9VzOkw==", + "dev": true, + "license": "MIT" }, "node_modules/brace-expansion": { "version": "2.0.2", @@ -4265,22 +4527,19 @@ "dev": true }, "node_modules/fast-xml-parser": { - "version": "4.4.1", - "resolved": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-4.4.1.tgz", - "integrity": "sha512-xkjOecfnKGkSsOwtZ5Pz7Us/T6mrbPQrq0nh+aCO5V9nk5NLWmasAHumTKjiPJPWANe+kAZ84Jc8ooJkzZ88Sw==", + "version": "5.2.5", + "resolved": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-5.2.5.tgz", + "integrity": "sha512-pfX9uG9Ki0yekDHx2SiuRIyFdyAr1kMIMitPvb0YBo8SUfKvia7w7FIyd/l6av85pFYRhZscS75MwMnbvY+hcQ==", "dev": true, "funding": [ { "type": "github", "url": "https://github.com/sponsors/NaturalIntelligence" - }, - { - "type": "paypal", - "url": "https://paypal.me/naturalintelligence" } ], + "license": "MIT", "dependencies": { - "strnum": "^1.0.5" + "strnum": "^2.1.0" }, "bin": { "fxparser": "src/cli/cli.js" @@ -4648,10 +4907,10 @@ "dev": true }, "node_modules/js-yaml": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", - "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==", - "dev": true, + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz", + "integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==", + "license": "MIT", "dependencies": { "argparse": "^2.0.1" }, @@ -5469,10 +5728,17 @@ } }, "node_modules/strnum": { - "version": "1.0.5", - "resolved": "https://registry.npmjs.org/strnum/-/strnum-1.0.5.tgz", - "integrity": "sha512-J8bbNyKKXl5qYcR36TIO8W3mVGVHrmmxsd5PAItGkmyzwJvybiw2IVq5nqd0i4LSNSkB/sx9VHllbfFdr9k1JA==", - "dev": true + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/strnum/-/strnum-2.1.2.tgz", + "integrity": "sha512-l63NF9y/cLROq/yqKXSLtcMeeyOfnSQlfMSlzFt/K73oIaD8DGaQWd7Z34X9GPiKqP5rbSh84Hl4bOlLcjiSrQ==", + "dev": true, + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/NaturalIntelligence" + } + ], + "license": "MIT" }, "node_modules/supports-color": { "version": "7.2.0", @@ -5582,19 +5848,6 @@ "punycode": "^2.1.0" } }, - "node_modules/uuid": { - "version": "9.0.1", - "resolved": "https://registry.npmjs.org/uuid/-/uuid-9.0.1.tgz", - "integrity": "sha512-b+1eJOlsR9K8HJpow9Ok3fiWOWSIcIzXodvv0rQjVoOVNpWMpxf1wZNpt4y9h10odCNrqnYp1OBzRktckBe3sA==", - "dev": true, - "funding": [ - "https://github.com/sponsors/broofa", - "https://github.com/sponsors/ctavan" - ], - "bin": { - "uuid": "dist/bin/uuid" - } - }, "node_modules/which": { "version": "2.0.2", "resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz", diff --git a/package.json b/package.json index 64533aa9..e2e4d835 100644 --- a/package.json +++ b/package.json @@ -14,7 +14,7 @@ "config": "node ./bin/scripts/config-helper.mjs" }, "devDependencies": { - "@aws-sdk/client-s3": "^3.741.0", + "@aws-sdk/client-s3": "^3.975.0", "@cdklabs/cdk-enterprise-iac": "^0.0.512", "@stylistic/eslint-plugin": "^1.8.1", "@types/aws-lambda": "8.10.119", @@ -36,6 +36,7 @@ "dependencies": { "aws-cdk-lib": "^2.177.0", "fs-extra": "^11.3.0", + "js-yaml": "^4.1.1", "jsonschema": "^1.5.0" }, "lint-staged": { From 680728b8dbe8b11d89ab8533d2aecb5f5f714fa0 Mon Sep 17 00:00:00 2001 From: dustins Date: Thu, 5 Feb 2026 17:51:45 +0000 Subject: [PATCH 2/3] Updating version for release v1.7.1 --- frontend/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/frontend/package.json b/frontend/package.json index f957ae39..23bc9d39 100644 --- a/frontend/package.json +++ b/frontend/package.json @@ -1,7 +1,7 @@ { "name": "@amzn/mlspace", "homepage": "/Prod", - "version": "1.7", + "version": "1.7.1", "main": "dist/lib/index.js", "types": "dist/types/index.d.ts", "private": true, From 099adc76f8ccb44d2391d43d3cf0c86a9bd69d36 Mon Sep 17 00:00:00 2001 From: Dustin Sweigart Date: Thu, 5 Feb 2026 20:14:38 +0000 Subject: [PATCH 3/3] updated release notes --- frontend/src/release-notes.md | 34 +++++++++++++++++++--------------- 1 file changed, 19 insertions(+), 15 deletions(-) diff --git a/frontend/src/release-notes.md b/frontend/src/release-notes.md index 00b84397..37060127 100644 --- a/frontend/src/release-notes.md +++ b/frontend/src/release-notes.md @@ -1,24 +1,28 @@ -# v1.7 +# v1.7.1 -## Features +This minor release addresses initial v1.7 customer feedback. These updates make deployments smoother and more secure. -* **Redesigned Authentication System**: MLSpace now supports a wider range of identity providers through a redesigned authentication flow. The new backend-driven approach enables integration with identity providers that require secure server-side authentication. This change is fully backward compatible—existing login methods continue to work with only configuration changes. While the user experience remains the same, the authentication process now happens server-side rather than in the browser, providing better compatibility with a wider variety of identify providers. -* **Custom Domain Support**: MLSpace now includes initial support for using a custom domain instead of the default API Gateway domain. -* **Enhanced Configuration Helper:** The configuration helper has been updated to support the new authentication parameters and custom domain configuration, making it easier to set up and deploy MLSpace with these new capabilities. -* Updated dependencies with the latest security patches. +## Changes -## Documentation +* **CDK Synthesizer Customization** — The synthesizer and its settings can now be configured. This flexibility gives teams greater control over infrastructure generation. +* **Dependency Updates** — Third‑party libraries were upgraded to their latest versions to follow security best practices. Updated dependencies reduce exposure to known vulnerabilities and align with industry security standards. +* **Ease Deployments** + * Removed deprecated Lambda layer. This reduces package size and eliminates potential runtime conflicts. + * Ensured `ADCLambdaCABundleAspect` is added to the Core stack for isolated regions. Adding the CABundle aspect ensures proper certificate handling in isolated regions. -* Added comprehensive documentation for configuring the new authentication system with various examples. -* Added instructions for setting up and configuring a custom domain for MLSpace deployments. +## Bug Fixes -## Special Thanks +* **Respect `AUTH_OIDC_VERIFY_SSL`** — Communication with the IdP now honors this configuration when SSL verification is disabled. Honoring the SSL verification flag prevents unexpected connection failures for customers who need to bypass verification in controlled environments. -* 🎉 Special thanks to [@emacthecav](https://github.com/awslabs/mlspace/pull/345) for contributing their first PR! +## Documentation -## Acknowledgements +* Updated custom domain documentation +* Updated CDK synthesizer documentation -* @dustins -* @estohlmann -**Full Changelog**: [v1.6.11...v1.7](https://github.com/awslabs/mlspace/compare/v1.6.11...v1.7) + +## Acknowledgements + +* @dustins + +**Full Changelog**: [v1.7.0…v1.7.1](https://github.com/awslabs/mlspace/compare/v1.7.0...v1.7.1) \ No newline at end of file