Merge pull request #617 from awslabs/release/4.0.1

Release/4.0.1

.github/dependabot.yaml

@@ -0,0 +1,20 @@
+version: 2
+updates:
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    groups:
+      production-dependencies:
+        dependency-type: "production"
+      development-dependencies:
+        dependency-type: "development"
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    groups:
+      github-actions:
+        patterns:
+          - "*"

.github/workflows/dependabot-prs.yml

@@ -0,0 +1,26 @@
+name: Dependabot Pull Request Metadata
+on: pull_request_target
+
+jobs:
+  build:
+    permissions:
+      pull-requests: read
+
+    runs-on: ubuntu-latest
+    if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }}
+
+    steps:
+      - name: Fetch Dependabot metadata
+        id: dependabot-metadata
+        uses: dependabot/fetch-metadata@v2
+        with:
+          alert-lookup: true
+          compat-lookup: true
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Add a label for all PRs with an alert state
+        if: ${{ steps.dependabot-metadata.outputs.alert-state != '' }}
+        run: gh pr edit "$PR_URL" --add-label "vulnerability"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}

.github/workflows/snyk.yml

@@ -0,0 +1,28 @@
+name: Snyk
+
+on:
+  workflow_dispatch:
+
+  schedule:
+    - cron: "0 9 * * 1"  # runs each Monday at 9:00 UTC
+
+permissions:
+  contents: read
+  security-events: write
+
+jobs:
+  security:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Run Snyk to check for vulnerabilities
+        uses: snyk/actions/python-3.8@master
+        continue-on-error: true # To make sure that SARIF upload gets called
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          args: --severity-threshold=medium --file=requirements.txt --sarif-file-output=snyk.sarif
+      - name: Upload result to GitHub Code Scanning
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: snyk.sarif

CHANGELOG.md

@@ -11,6 +11,17 @@ This project adheres to [Semantic Versioning](http://semver.org/) and [Keep a Ch
 
 ### Fixes
 
+
+## v4.0.1 (2024-06-10)
+
+### New
+
+### Changes
+
+### Fixes
+- correcting how SeedFarmer stores deployed manifests of previously deployed modules in SSM
+
+
 ## v4.0.0 (2024-06-03)
 
 ### New

VERSION

@@ -1,2 +1 @@
-4.0.0
-
+4.1.0

docs/requirements-docs.in

@@ -1,17 +1,17 @@
 sphinx-autoapi==2.1.0
-sphinx-rtd-theme==1.2.1
+sphinx-rtd-theme==1.3.0
 sphinxcontrib-applehelp==1.0.4
 sphinxcontrib-devhelp==1.0.2
 sphinxcontrib-htmlhelp==2.0.1
 sphinxcontrib-jquery==4.1
 sphinxcontrib-jsmath==1.0.1
 sphinxcontrib-qthelp==1.0.3
 sphinxcontrib-serializinghtml==1.1.5
-sphinx-click==5.1.0
+sphinx-click==6.0.0
 myst_parser==1.0.0
 docutils~=0.16
-PyYAML==5.4
+PyYAML==6.0.1
 urllib3~=1.26.18
-wheel==0.38.1
-typing-extensions==4.5.0
-certifi~=2023.7.22
+wheel==0.43.0
+typing-extensions==4.12.2
+certifi~=2024.6.2

docs/requirements-docs.txt

@@ -10,7 +10,7 @@ astroid==2.15.5
     # via sphinx-autoapi
 babel==2.12.1
     # via sphinx
-certifi==2023.7.22
+certifi==2024.6.2
     # via
     #   -r docs/requirements-docs.in
     #   requests
@@ -29,6 +29,8 @@ idna==3.7
     # via requests
 imagesize==1.4.1
     # via sphinx
+importlib-metadata==7.1.0
+    # via sphinx
 jinja2==3.1.4
     # via
     #   myst-parser
@@ -52,16 +54,18 @@ packaging==23.1
     # via sphinx
 pygments==2.15.1
     # via sphinx
-pyyaml==5.4
+pytz==2024.1
+    # via babel
+pyyaml==6.0.1
     # via
     #   -r docs/requirements-docs.in
     #   myst-parser
     #   sphinx-autoapi
-requests==2.32.0
+requests==2.32.3
     # via sphinx
 snowballstemmer==2.2.0
     # via sphinx
-sphinx==6.2.1
+sphinx==5.3.0
     # via
     #   myst-parser
     #   sphinx-autoapi
@@ -70,9 +74,9 @@ sphinx==6.2.1
     #   sphinxcontrib-jquery
 sphinx-autoapi==2.1.0
     # via -r docs/requirements-docs.in
-sphinx-click==5.1.0
+sphinx-click==6.0.0
     # via -r docs/requirements-docs.in
-sphinx-rtd-theme==1.2.1
+sphinx-rtd-theme==1.3.0
     # via -r docs/requirements-docs.in
 sphinxcontrib-applehelp==1.0.4
     # via
@@ -102,15 +106,19 @@ sphinxcontrib-serializinghtml==1.1.5
     # via
     #   -r docs/requirements-docs.in
     #   sphinx
-typing-extensions==4.5.0
-    # via -r docs/requirements-docs.in
+typing-extensions==4.12.2
+    # via
+    #   -r docs/requirements-docs.in
+    #   astroid
 unidecode==1.3.6
     # via sphinx-autoapi
 urllib3==1.26.18
     # via
     #   -r docs/requirements-docs.in
     #   requests
-wheel==0.38.1
+wheel==0.43.0
     # via -r docs/requirements-docs.in
 wrapt==1.15.0
     # via astroid
+zipp==3.19.2
+    # via importlib-metadata

requirements-dev.in

@@ -1,24 +1,24 @@
 awscli~=1.31.13
-certifi~=2023.7.22
+certifi~=2024.6.2
 check-manifest~=0.48
-mypy~=0.961
+mypy~=1.10
 myst-parser~=0.18.0
-pip-tools~=6.14.0
-pydot~=1.4.2
+pip-tools~=7.4.1
+pydot~=2.0.0
 pyroma~=4.0
-pytest~=7.2.0
-pytest-cov~=4.0.0
-pytest-mock~=3.10.0
+pytest~=8.2.2
+pytest-cov~=5.0.0
+pytest-mock~=3.14.0
 pytest-ordering~=0.6
-ruff~=0.4.4
-twine~=4.0.1
-types-PyYAML~=6.0.8
-types-setuptools~=57.4.17
-wheel~=0.38.1
+ruff~=0.4.8
+twine~=5.1.0
+types-PyYAML~=6.0.12
+types-setuptools~=70.0.0
+wheel~=0.43.0
 sphinx-autoapi~=1.8.0
-sphinx-rtd-theme~=1.0.0
-sphinx~=4.3.0
-moto[s3,sts,iam,codebuild,secretsmanager,ssm]~=4.0.9
-requests~=2.32.0
+sphinx-rtd-theme~=1.3.0
+sphinx~=5.3.0
+moto[s3,sts,iam,codebuild,secretsmanager,ssm]~=5.0.9
+requests~=2.32.3
 werkzeug~=3.0.3
 urllib3~=1.26.18