fix(deps): update all minor and patch updates#381
Merged
Conversation
renovate
Bot
changed the title
renovate
Bot
force-pushed
the
renovate/all-minor-and-patch-updates
branch
2 times, most recently
from
f2a6349 to
a4733a5
Compare
renovate
Bot
changed the title
renovate
Bot
force-pushed
the
renovate/all-minor-and-patch-updates
branch
from
a4733a5 to
2142966
Compare
Contributor
Author
Edited/Blocked NotificationRenovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR. You can manually request rebase by checking the rebase/retry box above. |
drernie
added a commit
that referenced
this pull request
Apr 15, 2026
* docs: release CHANGELOG section for v0.16.0 Promote the Unreleased section to [0.16.0] - 2026-04-11, matching the tag. Attribute bullets to #379 and add a note for the #378 dependency bumps. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * docs: log post-v0.16.0 dependency updates in Unreleased Capture #380 (gh-release action v3) and #381 (minor/patch deps) in the CHANGELOG so the next release cut has them ready. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * chore: bump version to 0.17.0 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * docs: add a11 spec for EventBridge→SQS migration Replaces EventBridge→API Gateway→ECS with EventBridge→SQS→sidecar consumer for package-revision events. Captures: - Problem (5s API Gateway timeout, retry storms, public endpoint). - Process model pinned at one consumer process per task, bounded by asyncio.Semaphore(PACKAGE_EVENT_CONCURRENCY=5). - Sidecar container (essential: true) in the same task def, sharing image and task role with the HTTP container. Consumer crash forces ECS to replace the task — silent-outage risk outweighs HTTP-isolation. - EventBridge rule filters on source + detail-type only; bucket and prefix are secret-derived and enforced inside refresh_canvas_for_package_event (see 2026-04-11-iac-integrated/ 01-iac-breakage.md). - Single poison-message policy: never delete on failure, rely on maxReceiveCount=5 redrive to DLQ. Refresh function is a total function returning RefreshResult. - Visibility timeout 300s to cover worst-case refresh latency (PackageFileFetcher + Athena poll + Benchling SDK each 30s-class). Heartbeat cutover documented for when P99 approaches 240s. - Observability, rollout, verification, and out-of-scope sections. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * docs: tighten A11 async SQS rollout design * feat: move package revision refresh to SQS * refactor: remove --stage CLI option and stage concept from deployments The --stage flag was never functional — the API Gateway stage was always "prod" regardless of the flag value. Stage was only used as a label in deployment tracking (deployments.json), adding complexity with no benefit. Changes: - Remove --stage from deploy/destroy CLI commands - Simplify DeploymentHistory.active from Record<string, DeploymentRecord> to DeploymentRecord | null (one active deployment per profile) - Remove stage field from DeploymentRecord type and JSON schema - Hardcode API Gateway stage to "prod" in CDK stack - Add migration logic in xdg-base.ts to convert legacy deployments.json - Update all commands, wizards, tests, Makefile, and package.json scripts Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: SQS consumer applies secrets at startup so bucket filter works The SQS consumer's main() created a config with s3_bucket_name="" but never called apply_benchling_secrets() before polling. Every message was silently skipped as "unexpected bucket" because the filter compared the event bucket against an empty string. Also adds TTL cache (60s) to get_benchling_secrets() to avoid per-request Secrets Manager latency. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: background refresh for secrets cache prevents 504 on cache miss When the TTL cache expires, return the stale cached value immediately and refresh in a background thread. This ensures no webhook request ever blocks on a Secrets Manager call (which takes 10-30s in VPC environments without a VPC endpoint, exceeding the 29s API Gateway timeout). The lock prevents multiple concurrent refreshes. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * feat: split SQS consumer logs and filter health checks server-side Separate ECS and SQS consumer log streams via streamPrefix so they can be queried independently. Apply a server-side filter to exclude GET /health entries, which previously filled the fetch limit and hid real application logs. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * docs: update CHANGELOG for 0.17.0 release Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: resolve canvas_id race condition with sidecar file and add processing feedback Use a dedicated .canvas_id sidecar file in S3 so canvas events persist their canvas_id independently of entry.json, preventing entry events from overwriting it during concurrent processing. Add immediate "Processing..." canvas feedback on canvas creation and a best-effort direct canvas update after the export workflow. Improve error logging with exc_info=True in canvas error handlers. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: force standalone mode for dev profile and improve confirm prompts Dev profile always uses standalone deployment flow, even when the underlying Quilt stack has BenchlingIntegration enabled. This prevents the setup wizard from routing dev into integrated mode when testing against shared stacks like quilt-staging. Also adds yes/no formatting to enquirer confirm prompts and passes --yes to test:dev scripts. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: pass benchlingSecretArn to config and sync secrets before deploy The update-standalone-redeploy flow was missing benchlingSecretArn in the config builder call, and ran deployCommand before syncSecretsToAWS, causing deploy to fail with "benchlingSecret is required". Reorder to sync secrets first (matching deploy-standalone), and pass the discovered ARN to both standalone config builders. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: show workflow name in deployment plan when configured Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
3.1029.0→3.1030.03.1029.0→3.1030.03.1029.0→3.1030.03.1029.0→3.1030.03.1029.0→3.1030.03.1029.0→3.1030.03.1029.0→3.1030.03.1029.0→3.1030.03.1029.0→3.1030.03.1029.0→3.1030.03.1029.0→3.1030.08.58.1→8.58.28.58.1→8.58.22.248.0→2.249.0==1.42.88→==1.42.8917.4.1→17.4.217.4.0→17.5.0Release Notes
aws/aws-sdk-js-v3 (@aws-sdk/client-api-gateway)
v3.1030.0Compare Source
Note: Version bump only for package @aws-sdk/client-api-gateway
aws/aws-sdk-js-v3 (@aws-sdk/client-apigatewayv2)
v3.1030.0Compare Source
Note: Version bump only for package @aws-sdk/client-apigatewayv2
aws/aws-sdk-js-v3 (@aws-sdk/client-cloudformation)
v3.1030.0Compare Source
Note: Version bump only for package @aws-sdk/client-cloudformation
aws/aws-sdk-js-v3 (@aws-sdk/client-cloudwatch-logs)
v3.1030.0Compare Source
Note: Version bump only for package @aws-sdk/client-cloudwatch-logs
aws/aws-sdk-js-v3 (@aws-sdk/client-ec2)
v3.1030.0Compare Source
Note: Version bump only for package @aws-sdk/client-ec2
aws/aws-sdk-js-v3 (@aws-sdk/client-ecs)
v3.1030.0Compare Source
Note: Version bump only for package @aws-sdk/client-ecs
aws/aws-sdk-js-v3 (@aws-sdk/client-elastic-load-balancing-v2)
v3.1030.0Compare Source
Note: Version bump only for package @aws-sdk/client-elastic-load-balancing-v2
aws/aws-sdk-js-v3 (@aws-sdk/client-s3)
v3.1030.0Compare Source
Note: Version bump only for package @aws-sdk/client-s3
aws/aws-sdk-js-v3 (@aws-sdk/client-secrets-manager)
v3.1030.0Compare Source
Note: Version bump only for package @aws-sdk/client-secrets-manager
aws/aws-sdk-js-v3 (@aws-sdk/client-sts)
v3.1030.0Compare Source
Note: Version bump only for package @aws-sdk/client-sts
aws/aws-sdk-js-v3 (@aws-sdk/credential-providers)
v3.1030.0Compare Source
Note: Version bump only for package @aws-sdk/credential-providers
typescript-eslint/typescript-eslint (@typescript-eslint/eslint-plugin)
v8.58.2Compare Source
🩹 Fixes
❤️ Thank You
See GitHub Releases for more information.
You can read about our versioning strategy and releases on our website.
typescript-eslint/typescript-eslint (@typescript-eslint/parser)
v8.58.2Compare Source
🩹 Fixes
❤️ Thank You
See GitHub Releases for more information.
You can read about our versioning strategy and releases on our website.
aws/aws-cdk (aws-cdk-lib)
v2.249.0Compare Source
⚠ BREAKING CHANGES
public CloudFormation Resource Schemas. They are built to closely
reflect the real state of CloudFormation. Sometimes these updates can
contain changes that are incompatible with previous types, but more
accurately reflect reality. In this release we have changed:
aws-appstream: AWS::AppStream::Stack: Id attribute removed.
aws-appsync: AWS::AppSync::GraphQLApi: LogConfig.CloudWatchLogsRoleArn
property is now required.
aws-appsync: AWS::AppSync::GraphQLApi: LogConfig.FieldLogLevel property
is now required.
aws-kafkaconnect: AWS::KafkaConnect::Connector:
ProvisionedCapacity.McuCount property is now required.
Features
Bug Fixes
Alpha modules (2.249.0-alpha.0)
boto/boto3 (boto3)
v1.42.89Compare Source
=======
customer-profiles: [botocore] This release introduces changes to SegmentDefinition APIs to support sorting by attributes.deadline: [botocore] Adds GetMonitorSettings and UpdateMonitorSettings APIs to Deadline Cloud. Enables reading and writing monitor settings as key-value pairs (up to 64 keys per monitor). UpdateMonitorSettings supports upsert and delete (via empty value) semantics and is idempotent.endpoint-rules: [botocore] Update endpoint-rules client to latest versionglue: [botocore] AWS Glue now defaults to Glue version 5.1 for newly created jobs if the Glue version is not specified in the request, and UpdateJob now preserves the existing Glue version of a job when the Glue version is not specified in the update request.interconnect: [botocore] Initial release of AWS Interconnect -- a managed private connectivity service that enables you to create high-speed network connections between your AWS Virtual Private Clouds (VPCs) and your VPCs on other public clouds or your on-premise networks.macie2: [botocore] This release adds an optional expectedBucketOwner field to the Macie S3 export configuration, allowing customers to verify bucket ownership before Macie writes results to the destination bucket.securityhub: [botocore] Provide organizational unit scoping capability for GetFindingsV2, GetFindingStatisticsV2, GetResourcesV2, GetResourcesStatisticsV2 APIs.motdotla/dotenv (dotenv)
v17.4.2Compare Source
Changed
sindresorhus/globals (globals)
v17.5.0Compare Source
Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.