From f4f913a7f89f9483bc286ca38e0e1e1fd0b91525 Mon Sep 17 00:00:00 2001 From: reetkat Date: Wed, 21 Jun 2023 22:10:49 -0400 Subject: [PATCH] Upgrade to version v1.4.2 --- CHANGELOG.md | 8 +++++++- .../solutions_metrics/src/custom_resources/metrics.py | 3 ++- .../src/custom_resources/requirements.txt | 2 +- .../aws_lambda_powertools/requirements/requirements.txt | 2 +- source/cdk_solution_helper_py/helpers_cdk/setup.py | 2 +- source/cdk_solution_helper_py/requirements-dev.txt | 2 +- source/infrastructure/cdk.json | 2 +- source/requirements-dev.txt | 2 +- source/scheduler/common/setup.py | 4 ++-- source/tests/aspects/test_personalize_app_stack.py | 4 ++-- 10 files changed, 19 insertions(+), 12 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7c4317d..fc45343 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,11 +5,17 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## [1.4.2] - 2023-06-22 + +### Changed + +- Upgraded requests to 2.31.0 that addresses the [unintended leak of proxy-authorization header in requests](https://github.com/advisories/GHSA-j8r2-6x86-q33q) + ## [1.4.1] - 2023-04-18 ### Changed -- Enabled Amazon S3 server access logging on the logging bucket +- Updated the bucket policy on the logging bucket to grant access to the logging service principal (logging.s3.amazonaws.com) for access log delivery. - Upgraded CDK version to 2.75.0 ## [1.4.0] - 2023-03-29 diff --git a/source/cdk_solution_helper_py/helpers_cdk/aws_solutions/cdk/aws_lambda/cfn_custom_resources/solutions_metrics/src/custom_resources/metrics.py b/source/cdk_solution_helper_py/helpers_cdk/aws_solutions/cdk/aws_lambda/cfn_custom_resources/solutions_metrics/src/custom_resources/metrics.py index 578468e..a2d0f50 100644 --- a/source/cdk_solution_helper_py/helpers_cdk/aws_solutions/cdk/aws_lambda/cfn_custom_resources/solutions_metrics/src/custom_resources/metrics.py +++ b/source/cdk_solution_helper_py/helpers_cdk/aws_solutions/cdk/aws_lambda/cfn_custom_resources/solutions_metrics/src/custom_resources/metrics.py @@ -23,6 +23,7 @@ logger = logging.getLogger(__name__) helper = CfnResource(log_level=getenv("LOG_LEVEL", "WARNING")) METRICS_ENDPOINT = "https://metrics.awssolutionsbuilder.com/generic" +REQUESTS_TIMEOUT = 10 def _sanitize_data(event): @@ -59,7 +60,7 @@ def send_metrics(event, _): } logger.info(f"Sending payload: {payload}") - response = requests.post(METRICS_ENDPOINT, json=payload, headers=headers) + response = requests.post(METRICS_ENDPOINT, json=payload, headers=headers, timeout=REQUESTS_TIMEOUT) logger.info(f"Response from metrics endpoint: {response.status_code} {response.reason}") if "stackTrace" in response.text: logger.exception("Error submitting usage data: %s" % response.text) diff --git a/source/cdk_solution_helper_py/helpers_cdk/aws_solutions/cdk/aws_lambda/cfn_custom_resources/solutions_metrics/src/custom_resources/requirements.txt b/source/cdk_solution_helper_py/helpers_cdk/aws_solutions/cdk/aws_lambda/cfn_custom_resources/solutions_metrics/src/custom_resources/requirements.txt index b8019a9..a5430fc 100644 --- a/source/cdk_solution_helper_py/helpers_cdk/aws_solutions/cdk/aws_lambda/cfn_custom_resources/solutions_metrics/src/custom_resources/requirements.txt +++ b/source/cdk_solution_helper_py/helpers_cdk/aws_solutions/cdk/aws_lambda/cfn_custom_resources/solutions_metrics/src/custom_resources/requirements.txt @@ -1,2 +1,2 @@ -requests==2.28.1 +requests==2.31.0 crhelper==2.0.11 diff --git a/source/cdk_solution_helper_py/helpers_cdk/aws_solutions/cdk/aws_lambda/layers/aws_lambda_powertools/requirements/requirements.txt b/source/cdk_solution_helper_py/helpers_cdk/aws_solutions/cdk/aws_lambda/layers/aws_lambda_powertools/requirements/requirements.txt index 49d08fa..fdeb91a 100644 --- a/source/cdk_solution_helper_py/helpers_cdk/aws_solutions/cdk/aws_lambda/layers/aws_lambda_powertools/requirements/requirements.txt +++ b/source/cdk_solution_helper_py/helpers_cdk/aws_solutions/cdk/aws_lambda/layers/aws_lambda_powertools/requirements/requirements.txt @@ -1,2 +1,2 @@ -aws-lambda-powertools==2.14.0 +aws-lambda-powertools==2.15.0 aws-xray-sdk==2.12.0 \ No newline at end of file diff --git a/source/cdk_solution_helper_py/helpers_cdk/setup.py b/source/cdk_solution_helper_py/helpers_cdk/setup.py index 3bf6071..546de5a 100644 --- a/source/cdk_solution_helper_py/helpers_cdk/setup.py +++ b/source/cdk_solution_helper_py/helpers_cdk/setup.py @@ -53,7 +53,7 @@ def get_version(): "aws_cdk_lib==2.75.0", "Click==8.1.3", "boto3==1.26.47", - "requests==2.28.1", + "requests==2.31.0", "crhelper==2.0.11", ], entry_points=""" diff --git a/source/cdk_solution_helper_py/requirements-dev.txt b/source/cdk_solution_helper_py/requirements-dev.txt index 147bf71..5dc819e 100644 --- a/source/cdk_solution_helper_py/requirements-dev.txt +++ b/source/cdk_solution_helper_py/requirements-dev.txt @@ -2,7 +2,7 @@ aws_cdk_lib==2.75.0 aws-cdk.aws-servicecatalogappregistry-alpha==2.75.0a0 black boto3==1.26.47 -requests==2.28.1 +requests==2.31.0 crhelper==2.0.11 Click moto diff --git a/source/infrastructure/cdk.json b/source/infrastructure/cdk.json index 1db6d6d..690b99d 100644 --- a/source/infrastructure/cdk.json +++ b/source/infrastructure/cdk.json @@ -3,7 +3,7 @@ "context": { "SOLUTION_NAME": "Maintaining Personalized Experiences with Machine Learning", "SOLUTION_ID": "SO0170", - "SOLUTION_VERSION": "v1.4.1", + "SOLUTION_VERSION": "v1.4.2", "APP_REGISTRY_NAME": "personalized-experiences-ML", "APPLICATION_TYPE": "AWS-Solutions", "@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": true diff --git a/source/requirements-dev.txt b/source/requirements-dev.txt index c90a684..7084bdf 100644 --- a/source/requirements-dev.txt +++ b/source/requirements-dev.txt @@ -4,7 +4,7 @@ boto3==1.26.47 aws_cdk_lib==2.75.0 aws_solutions_constructs.aws_lambda_sns==2.38.0 aws-cdk.aws-servicecatalogappregistry-alpha==2.75.0a0 -requests==2.28.1 +requests==2.31.0 crhelper==2.0.11 cronex==0.1.3.1 moto==2.3.0 diff --git a/source/scheduler/common/setup.py b/source/scheduler/common/setup.py index f9810b2..fcf2355 100644 --- a/source/scheduler/common/setup.py +++ b/source/scheduler/common/setup.py @@ -43,13 +43,13 @@ def get_version(): packages=setuptools.find_namespace_packages(exclude=["build*"]), install_requires=[ "pip>=22.3.1", - "aws-lambda-powertools==2.14.0", + "aws-lambda-powertools==2.15.0", "aws-xray-sdk==2.12.0", "aws-solutions-python==2.0.0", "click==8.1.3", "cronex==0.1.3.1", "boto3==1.26.47", - "requests==2.28.1", + "requests==2.31.0", "crhelper==2.0.11", "rich==12.6.0", ], diff --git a/source/tests/aspects/test_personalize_app_stack.py b/source/tests/aspects/test_personalize_app_stack.py index 96604a1..ee9bd09 100644 --- a/source/tests/aspects/test_personalize_app_stack.py +++ b/source/tests/aspects/test_personalize_app_stack.py @@ -67,11 +67,11 @@ def test_service_catalog_registry_application(synth_template): "Tags": { "SOLUTION_ID": "SO0170", "SOLUTION_NAME": "Maintaining Personalized Experiences with Machine Learning", - "SOLUTION_VERSION": "v1.4.1", + "SOLUTION_VERSION": "v1.4.2", "Solutions:ApplicationType": "AWS-Solutions", "Solutions:SolutionID": "SO0170", "Solutions:SolutionName": "Maintaining Personalized Experiences with Machine Learning", - "Solutions:SolutionVersion": "v1.4.1", + "Solutions:SolutionVersion": "v1.4.2", }, }, )