Renovate Update Patch & Minor Updates

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update	Pending
@ministryofjustice/frontend	3.3.0 -> 3.3.1					dependencies	patch
actions/upload-artifact	v4.5.0 -> v4.6.0					action	minor
aws (source)	~> 5.82.0 -> ~> 5.83.0					required_provider	minor	5.83.1
docker/build-push-action	v6.10.0 -> v6.11.0					action	minor
docker/setup-qemu-action	v3.2.0 -> v3.3.0					action	minor
github.com/MicahParks/jwkset	v0.5.20 -> v0.7.0					require	minor
github.com/MicahParks/keyfunc/v3	v3.3.5 -> v3.3.8					require	patch
github.com/aws/aws-sdk-go-v2	v1.32.7 -> v1.32.8					require	patch
github.com/aws/aws-sdk-go-v2/config	v1.28.7 -> v1.28.9					require	patch	v1.28.10
github.com/aws/aws-sdk-go-v2/credentials	v1.17.48 -> v1.17.50					require	patch	v1.17.51
github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue	v1.15.22 -> v1.15.25					require	patch
github.com/aws/aws-sdk-go-v2/service/cloudwatch	v1.43.4 -> v1.43.6					require	patch
github.com/aws/aws-sdk-go-v2/service/dynamodb	v1.38.1 -> v1.39.2					require	minor
github.com/aws/aws-sdk-go-v2/service/eventbridge	v1.36.1 -> v1.36.3					require	patch
github.com/aws/aws-sdk-go-v2/service/s3	v1.71.1 -> v1.72.2					require	minor
github.com/aws/aws-sdk-go-v2/service/s3control	v1.52.1 -> v1.52.3					require	patch
github.com/aws/aws-sdk-go-v2/service/secretsmanager	v1.34.8 -> v1.34.10					require	patch
github.com/aws/aws-sdk-go-v2/service/sqs	v1.37.4 -> v1.37.6					require	patch
github.com/aws/aws-sdk-go-v2/service/ssm	v1.56.2 -> v1.56.4					require	patch
github.com/gabriel-vasile/mimetype	v1.4.7 -> v1.4.8					require	patch
github.com/vektra/mockery/v2	v2.50.3 -> v2.50.4					require	patch
golang.org/x/time	v0.8.0 -> v0.9.0					require	minor
golang.org/x/tools	v0.28.0 -> v0.29.0					require	minor
govuk-frontend (source)	5.7.1 -> 5.8.0					dependencies	minor
hashicorp/terraform	1.10.3 -> 1.10.4					required_version	patch
node (source)	22.12.0 -> 22.13.0					engines	minor
node	22.12.0-alpine3.20 -> 22.13.0-alpine3.20					final	minor
node (source)	22.12.0 -> 22.13.0						minor
outofcoffee/imposter	4.3.0 -> 4.5.0					final	minor
sass	1.83.0 -> 1.83.1					dependencies	patch

---

Release Notes

ministryofjustice/moj-frontend (@​ministryofjustice/frontend)

v3.3.1

Compare Source

Bug Fixes

• text color in interruption card and initAll function updates (#​1062) (c8a3800), closes #​1059 #​1060 #​1061

actions/upload-artifact (actions/upload-artifact)

v4.6.0

Compare Source

What's Changed

• Expose env vars to control concurrency and timeout by @​yacaovsnc in https://github.com/actions/upload-artifact/pull/662

Full Changelog: actions/upload-artifact@v4...v4.6.0

hashicorp/terraform-provider-aws (aws)

v5.83.0

Compare Source

NOTES:

• provider: The retry handling in the apigatewayv2 client has been updated to more extensively match ConflictException error responses. This change should be transparent to users, but if any unexpected changes in behavior with apigatewayv2 resources occur following an upgrade to this release, please open a bug report. (#​40840)
• resource/aws_api_gateway_domain_name_access_association: Deprecates id in favor of arn. (#​40626)
• resource/aws_route53_cidr_location: Deprecates id. (#​40626)
• resource/aws_s3_directory_bucket: Deprecates id in favor of bucket. (#​40626)

FEATURES:

• New Data Source: aws_cloudwatch_event_buses (#​40662)
• New Data Source: aws_ecs_clusters (#​40638)
• New Data Source: aws_route53_records (#​38186)
• New Ephemeral Resource: aws_cognito_identity_openid_token_for_developer_identity (#​40763)
• New Resource: aws_bedrockagent_agent_collaborator (#​40559)
• New Resource: aws_cleanrooms_membership (#​35165)
• New Resource: aws_cloudwatch_log_delivery (#​40731)
• New Resource: aws_cloudwatch_log_delivery_destination (#​40731)
• New Resource: aws_cloudwatch_log_delivery_destination_policy (#​40731)
• New Resource: aws_cloudwatch_log_delivery_source (#​40731)
• New Resource: aws_cloudwatch_log_index_policy (#​40594)
• New Resource: aws_vpclattice_resource_gateway (#​40821)

ENHANCEMENTS:

• data-source/aws_codebuild_fleet: Add compute_configuration attribute (#​40752)
• data-source/aws_dms_endpoint: Add kafka_settings.sasl_mechanism attribute (#​36918)
• data-source/aws_elb_hosted_zone_id: Add hosted zone ID for ap-southeast-7 AWS Region (#​40850)
• data-source/aws_lb_hosted_zone_id: Add hosted zone IDs for ap-southeast-7 AWS Region (#​40850)
• data-source/aws_rds_certificate: Add default_for_new_launches attribute (#​40536)
• data-source/aws_rds_engine_version: Add supports_certificate_rotation_without_restart, supports_integrations, and supports_local_write_forwarding attributes (#​40700)
• data-source/aws_s3_bucket: Add hosted zone ID for ap-southeast-7 AWS Region (#​40850)
• data-source/aws_vpc_endpoint_service: Add region attribute (#​40795)
• data-source/aws_vpc_endpoint_service: Add service_regions argument (#​40795)
• provider: Support ap-southeast-7 as a valid AWS Region (#​40849)
• resource/aws_appflow_flow: Add data_transfer_api attribute to destination_flow_config_list.destination_connector_properties.salesforce (#​34937)
• resource/aws_cloudfront_distribution: Add grpc_config argument to default_cache_behavior and ordered_cache_behavior configuration blocks (#​40762)
• resource/aws_codebuild_fleet: Add compute_configuration argument (#​40752)
• resource/aws_cognito_user_pool: Add email_mfa_configuration argument (#​40734)
• resource/aws_cognito_user_pool: Add sign_in_policy and web_authn_configuration arguments (#​40765)
• resource/aws_cognito_user_pool: Add user_pool_tier argument (#​40633)
• resource/aws_dms_endpoint: Add kafka_settings.sasl_mechanism argument (#​36918)
• resource/aws_ecr_account_setting: Add valid values for registry policy scope to name and value arguments (#​40772)
• resource/aws_eip_association: Adds validation to only allow one of instance_id or network_interface_id (#​40769)
• resource/aws_eks_node_group: Add node_repair_config configuration block (#​40698)
• resource/aws_elasticache_user: Add VALKEY as supported value for 'engine' argument (#​40764)
• resource/aws_elasticache_user_group: Add VALKEY as supported value for 'engine' argument (#​40764)
• resource/aws_emr_studio: Add encryption_key_arn argument (#​40771)
• resource/aws_quicksight_user: Add user_invitation_url attribute (#​40775)
• resource/aws_rds_cluster: Support iam-db-auth-error as a valid value for enabled_cloudwatch_logs_exports (#​40789)
• resource/aws_rds_integration: Add data_filter argument (#​40816)
• resource/aws_s3_object_copy: Add override_provider configuration block, allowing tags inherited from the provider default_tags configuration block to be ignored (#​40689)

BUG FIXES:

• resource/aws_api_gateway_domain_name: Fixed error when adding policy to existing private domain name (#​40708)
• resource/aws_apigatewayv2_api: Don't overwrite the configured values of description, name or version if they are not present in the OpenAPI definition body (#​40707)
• resource/aws_apigatewayv2_route: Fix retry handling of ConflictException error responses (#​40840)
• resource/aws_cloudfront_cache_policy: Fix panic: interface conversion: interface {} is nil, not map[string]interface {} when parameters_in_cache_key_and_forwarded_to_origin.cookies_config, parameters_in_cache_key_and_forwarded_to_origin.headers_config, or parameters_in_cache_key_and_forwarded_to_origin.query_strings_config are empty (#​40815)
• resource/aws_codebuild_fleet: Allow scaling_configuration to be removed on Update (#​40773)
• resource/aws_codebuild_project: Allow file_system_locations to be removed on Update (#​40842)
• resource/aws_ec2_instance_connect_endpoint: Set fips_dns_name to an empty value ("") when no value is returned from the EC2 API. This fixes known-after-apply loops in Regions that don't support FIPS endpoints (#​37939)
• resource/aws_emr_studio: Fix issue with IAM/KMS policy eventual consistency handling not working (#​40771)
• resource/aws_glue_catalog_database: Fix crash when expanding create_table_default_permission with a nil principal block (#​40761)
• resource/aws_instance: Always set http_tokens when metadata_options is updated (#​40727)
• resource/aws_instance: Set new computed value for public_dns and public_ip attributes when changing instance_type, user_data, or user_data_base64 (#​40710)
• resource/aws_internet_gateway: Handle operation error EC2: DetachInternetGateway, ..., api error InvalidInternetGatewayID.NotFound: ... errors on delete for resources deleted out-of-band (#​40790)
• resource/aws_internet_gateway_attachment: Handle operation error EC2: DetachInternetGateway, ..., api error InvalidInternetGatewayID.NotFound: ... errors on delete for resources deleted out-of-band (#​40790)
• resource/aws_quicksight_data_set: Correctly expand logical_table_map.tag_column_operation.tags.column_description (#​40713)
• resource/aws_rds_instance Fix manage_master_user_password being updated in state when update errors (#​40538)
• resource/aws_route53_record: Fix perpetual diff if alias.name contains characters that the Route 53 API escapes (#​40154)
• resource/aws_route53_zone: Fix perpetual diff if name contains characters that the Route 53 API escapes (#​40154)
• resource/aws_ses_identity_notification_topic: Prevent destroy failure when resource is already deleted outside of Terraform (#​40684)
• resource/aws_sesv2_configuration_set: Fix handling of delivery_options.max_delivery_seconds when not configured (#​40670)
• resource/aws_sesv2_configuration_set_event_destination: Retry IAM eventual consistency errors (#​40843)
• resource/aws_sqs_queue: Fix timeout error on creation if sqs_managed_sse_enabled=true and kms_data_key_reuse_period_seconds is configured (#​40729)

docker/build-push-action (docker/build-push-action)

v6.11.0

Compare Source

• Handlebar defaultContext support for build-contexts input by @​crazy-max in https://github.com/docker/build-push-action/pull/1283
• Bump @​docker/actions-toolkit from 0.46.0 to 0.49.0 in https://github.com/docker/build-push-action/pull/1281

Full Changelog: docker/build-push-action@v6.10.0...v6.11.0

docker/setup-qemu-action (docker/setup-qemu-action)

v3.3.0

Compare Source

• Add cache-image input to enable/disable caching of binfmt image by @​crazy-max in https://github.com/docker/setup-qemu-action/pull/130
• Bump @​actions/core from 1.10.1 to 1.11.1 in https://github.com/docker/setup-qemu-action/pull/172
• Bump @​docker/actions-toolkit from 0.35.0 to 0.49.0 in https://github.com/docker/setup-qemu-action/pull/187
• Bump cross-spawn from 7.0.3 to 7.0.6 in https://github.com/docker/setup-qemu-action/pull/182
• Bump path-to-regexp from 6.2.2 to 6.3.0 in https://github.com/docker/setup-qemu-action/pull/162

Full Changelog: docker/setup-qemu-action@v3.2.0...v3.3.0

MicahParks/jwkset (github.com/MicahParks/jwkset)

v0.7.0: Fix potential race condition

Compare Source

The purpose of this release is to fix a potential race condition.

Relevant pull requests:

• #​42

v0.6.0

Compare Source

The purpose of this release is to fix a bug pointed out by @​rohitkoul in https://github.com/MicahParks/jwkset/pull/7#discussion_r1907816656. There is a bug in the refresh goroutine related to key replacement.

The project's provided HTTP client's local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. The current behavior is to overwrite or append. This is a security issue for use cases that utilize the provided auto-caching HTTP client and where key removal from a JWK Set is equivalent to revocation.

Regardless of this bug, please note that removing a key from a JWK Set does not equate to instant revocation for most use cases as it takes time for JWK Set updates to propagate to all clients.

Relevant issues:

• https://github.com/MicahParks/jwkset/issues/40

Relevant pull requests:

• https://github.com/MicahParks/jwkset/pull/41

v0.5.21

Compare Source

MicahParks/keyfunc (github.com/MicahParks/keyfunc/v3)

v3.3.8

Compare Source

v3.3.7

Compare Source

v3.3.6

Compare Source

aws/aws-sdk-go-v2 (github.com/aws/aws-sdk-go-v2)

v1.32.8

Compare Source

gabriel-vasile/mimetype (github.com/gabriel-vasile/mimetype)

v1.4.8: Add support for APK

Compare Source

What's Changed

• Add support for APK; close #​345 in https://github.com/gabriel-vasile/mimetype/pull/624
• (cve_fix)bump golang.org/x/net to v0.33.0 to fix CVE-2024-45338 by @​sonasingh46 in https://github.com/gabriel-vasile/mimetype/pull/623
• zstd: check for skippable frames as well; fix #​619 in https://github.com/gabriel-vasile/mimetype/pull/621

New Contributors

• @​sonasingh46 made their first contribution in https://github.com/gabriel-vasile/mimetype/pull/623

Full Changelog: gabriel-vasile/mimetype@v1.4.7...v1.4.8

vektra/mockery (github.com/vektra/mockery/v2)

v2.50.4

Compare Source

Changelog

• cd34e8b Fix tagging
• d5bc859 Support *ast.SelectorExpr aliases (#​881)
• fe58af4 bump version
• bb1e69e updates to CICD

alphagov/govuk-frontend (govuk-frontend)

v5.8.0

Compare Source

To install this version with npm, run npm install govuk-frontend@5.8.0. You can also find more information about how to stay up to date in our documentation.

New features

Use our base configurable component to build your own configurable component

We've added a ConfigurableComponent class to help you build your own configurable components. It extends our Component class and allows you to focus on your components' specific features by handling these shared behaviours across components:

• checking that GOV.UK Frontend is supported
• checking that the component is not already initialised on its root element
• checking the type of the root element and storing it for access within the component as this.$root
• taking a configuration object as a parameter and then storing it for access within the component as this.config
• merging a passed configuration object with configuration options specified on the data attributes of the root element

We introduced this change in:

• #​5499: Rename GOVUKFrontendComponentConfigurable, export ConfigurableComponent
• #​5456: Refactor Accordion to extend from a GOVUKFrontendConfigurableComponent

Deprecated features

Importing Sass using govuk/all

You'll see a warning when compiling your Sass if you import all of GOV.UK Frontend's styling using govuk/all. Importing using the all file is deprecated, and we’ll remove it in the next major release.

In your import statements, use a trailing /index rather than /all to load GOV.UK Frontend's files:

• @import "govuk/index"; instead of @import "govuk/all";

You do not need /index at the end of each import path if you’re using Dart Sass.

This change was introduced in pull request #​5518: Deprecate govuk/all.scss and only reference govuk/index.scss internally.

Fixes

We've made fixes to GOV.UK Frontend in the following pull requests:

• #​5533: Fix UMD files overriding existing global

hashicorp/terraform (hashicorp/terraform)

v1.10.4

Compare Source

1.10.4 (January 8, 2025)

BUG FIXES:

• type conversion: Empty map conversions now return correct type information (#​36262)

• terraform console: Fix crash when printing ephemeral values (#​36267)

nodejs/node (node)

v22.13.0

Compare Source

sass/dart-sass (sass)

v1.83.1

Compare Source

• Fix a bug where --quiet-deps would get deactivated for @content blocks,
  even when those blocks were entirely contained within dependencies.

• Include deprecation IDs in deprecation warnings to make it easier to determine
  what to pass to --silence-deprecation or --fatal-deprecation.

---

Configuration

📅 Schedule: Branch creation - "* 0-3 * * 1" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 15 additional dependencies were updated

Details:

Package	Change
github.com/aws/aws-sdk-go-v2/feature/ec2/imds	v1.16.22 -> v1.16.23
github.com/aws/aws-sdk-go-v2/internal/configsources	v1.3.26 -> v1.3.27
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2	v2.6.26 -> v2.6.27
github.com/aws/aws-sdk-go-v2/internal/v4a	v1.3.26 -> v1.3.27
github.com/aws/aws-sdk-go-v2/service/dynamodbstreams	v1.24.10 -> v1.24.12
github.com/aws/aws-sdk-go-v2/service/internal/checksum	v1.4.7 -> v1.4.8
github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery	v1.10.7 -> v1.10.8
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url	v1.12.7 -> v1.12.8
github.com/aws/aws-sdk-go-v2/service/internal/s3shared	v1.18.7 -> v1.18.8
github.com/aws/aws-sdk-go-v2/service/sso	v1.24.8 -> v1.24.9
github.com/aws/aws-sdk-go-v2/service/ssooidc	v1.28.7 -> v1.28.8
github.com/aws/aws-sdk-go-v2/service/sts	v1.33.3 -> v1.33.5
golang.org/x/net	v0.32.0 -> v0.34.0
golang.org/x/sys	v0.28.0 -> v0.29.0
golang.org/x/term	v0.27.0 -> v0.28.0

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 95.03%. Comparing base (74ca50c) to head (7717ea1).
Report is 2 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #1713   +/-   ##
=======================================
  Coverage   95.03%   95.03%           
=======================================
  Files         285      285           
  Lines       16328    16328           
=======================================
  Hits        15517    15517           
  Misses        641      641           
  Partials      170      170           

Flag	Coverage Δ
unittests	95.03% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.