Renovate Update Patch & Minor Updates

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update	Pending
@ministryofjustice/frontend	3.3.1 -> 3.7.0					dependencies	minor
actions/upload-artifact	v4.6.0 -> v4.6.1					action	patch
aws (source)	~> 5.88.0 -> ~> 5.89.0					required_provider	minor
codecov/codecov-action	v5.3.1 -> v5.4.0					action	minor
cypress (source)	14.0.3 -> 14.1.0					devDependencies	minor
docker/build-push-action	v6.14.0 -> v6.15.0					action	minor
docker/setup-buildx-action	v3.9.0 -> v3.10.0					action	minor
docker/setup-qemu-action	v3.4.0 -> v3.5.0					action	minor	v3.6.0
github.com/aws/aws-sdk-go-v2	v1.36.2 -> v1.36.3					require	patch
github.com/aws/aws-sdk-go-v2/config	v1.29.7 -> v1.29.8					require	patch
github.com/aws/aws-sdk-go-v2/credentials	v1.17.60 -> v1.17.61					require	patch
github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue	v1.18.5 -> v1.18.6					require	patch
github.com/aws/aws-sdk-go-v2/service/cloudwatch	v1.43.15 -> v1.44.0					require	minor
github.com/aws/aws-sdk-go-v2/service/dynamodb	v1.40.2 -> v1.41.0					require	minor
github.com/aws/aws-sdk-go-v2/service/eventbridge	v1.36.12 -> v1.37.0					require	minor
github.com/aws/aws-sdk-go-v2/service/s3	v1.77.1 -> v1.78.0					require	minor
github.com/aws/aws-sdk-go-v2/service/s3control	v1.53.5 -> v1.54.0					require	minor
github.com/aws/aws-sdk-go-v2/service/secretsmanager	v1.34.19 -> v1.35.0					require	minor
github.com/aws/aws-sdk-go-v2/service/sqs	v1.37.15 -> v1.38.0					require	minor
github.com/aws/aws-sdk-go-v2/service/ssm	v1.56.13 -> v1.57.0					require	minor	v1.57.1
github/codeql-action	v3.28.9 -> v3.28.10					action	patch
hashicorp/terraform	1.10.5 -> 1.11.0					required_version	minor
localstack/localstack	4.1.1 -> 4.2.0					final	minor
opensearchproject/opensearch	2.19.0 -> 2.19.1						patch
outofcoffee/imposter	4.5.7 -> 4.5.8					final	patch
sass	1.85.0 -> 1.85.1					dependencies	patch

---

Release Notes

ministryofjustice/moj-frontend (@​ministryofjustice/frontend)

v3.7.0

Compare Source

Bug Fixes

• ensure Dart Sass file:// sources use relative paths (11db6df)

Features

• add source map support (3c14da6)

3.6.3 (2025-02-26)

Bug Fixes

• ensure node_modules is added to Sass load paths (4c035f1)
• ensure peerDependencies are installed (69c8572)

3.6.2 (2025-02-25)

Bug Fixes

• revert to $ for jQuery external global (c722f15)

3.6.1 (2025-02-25)

Bug Fixes

• typo in status label comment (7078172)

v3.6.3

Compare Source

Bug Fixes

• ensure node_modules is added to Sass load paths (4c035f1)
• ensure peerDependencies are installed (69c8572)

v3.6.2

Compare Source

Bug Fixes

• revert to $ for jQuery external global (c722f15)

v3.6.1

Compare Source

Bug Fixes

• typo in status label comment (7078172)

v3.6.0

Compare Source

Bug Fixes

• ignore build output from jest (7f85d64)
• ignore test files from gulp watch (12494a3)

Features

• default to ES module sources (adab275)
• export to ES modules (8e8787a)
• swap JavaScript minifier from UglifyJS to terser (a0e165a)

v3.5.0

Compare Source

Features

• migrate to bundled modules using Rollup (#​1149) (411e8a3)

v3.4.0

Compare Source

Bug Fixes

• sortable table: improve sorting of strings with a number prefix (#​1108) (b424743)

Features

• alert: Add alert component, archive banner component (0f8c6a7)

3.3.1 (2025-01-09)

Bug Fixes

• text color in interruption card and initAll function updates (#​1062) (c8a3800), closes #​1059 #​1060 #​1061

actions/upload-artifact (actions/upload-artifact)

v4.6.1

Compare Source

What's Changed

• Update to use artifact 2.2.2 package by @​yacaovsnc in https://github.com/actions/upload-artifact/pull/673

Full Changelog: actions/upload-artifact@v4...v4.6.1

hashicorp/terraform-provider-aws (aws)

v5.89.0

Compare Source

FEATURES:

• New Resource: aws_macie2_organization_configuration (#​41475)
• New Resource: aws_neptunegraph_graph (#​41216)
• New Resource: aws_quicksight_role_membership (#​41589)
• New Resource: aws_rds_shard_group (#​41254)
• New Resource: aws_xray_resource_policy (#​41517)

ENHANCEMENTS:

• data-source/aws_cloudwatch_log_data_protection_policy_document: Add configuration argument (#​41524)
• data-source/aws_rds_cluster: Add cluster_scalability_type attribute (#​41254)
• data-source/aws_rds_cluster: Add database_insights_mode attribute (#​41254)
• data-source/aws_s3_bucket_object: Add application/yaml to the list of Content-Types that return a body (#​41443)
• data-source/aws_s3_object: Add application/yaml to the list of Content-Types that return a body (#​41443)
• data-source/aws_s3_object: Add checksum_crc64nvme attribute (#​41015)
• release/aws_dx_lag: Add 400Gbps as a supported connections_bandwidth value (#​41547)
• resource/aws_autoscaling_policy: Add target_tracking_configuration.customized_metric_specification.period argument to support high-resolution metrics (#​41385)
• resource/aws_db_instance: Add RequiredWith validation password_wo and password_wo_version. Remove PreferWriteOnlyAttribute validation (#​41562)
• resource/aws_docdb_cluster: Add RequiredWith validation master_password_wo and master_password_wo_version. Remove PreferWriteOnlyAttribute validation (#​41562)
• resource/aws_dx_connection: Add 25Gbps and 400Gbps as supported bandwidth values (#​41547)
• resource/aws_dx_hosted_connection: Add 25Gbps as a supported bandwidth value (#​41547)
• resource/aws_launch_template: Add network_interfaces.ena_srd_specification configuration block (#​41367)
• resource/aws_lb: Add enable_zonal_shift support for Application Load Balancers (#​41335)
• resource/aws_macie2_classification_job: Allow tags to be updated in-place (#​41266)
• resource/aws_macie2_custom_data_identifier: Allow tags to be updated in-place (#​41266)
• resource/aws_macie2_findings_filter: Allow tags to be updated in-place (#​41266)
• resource/aws_macie2_member: Allow tags to be updated in-place (#​41266)
• resource/aws_nat_gateway: Make it possible to move from secondary_private_ip_address_count to secondary_private_ip_addresses for private NAT Gateways (#​41403)
• resource/aws_rds_cluster: Add RequiredWith validation master_password_wo and master_password_wo_version. Remove PreferWriteOnlyAttribute validation (#​41562)
• resource/aws_rds_cluster: Add cluster_scalability_type argument (#​41254)
• resource/aws_rds_cluster: Add database_insights_mode argument (#​41254)
• resource/aws_rds_cluster: Support "" as a valid value for engine_mode (#​41254)
• resource/aws_rds_instance: Support iam-db-auth-error as a valid value for enabled_cloudwatch_logs_exports (#​41408)
• resource/aws_redshift_cluster: Add RequiredWith validation master_password_wo and master_password_wo_version. Remove PreferWriteOnlyAttribute validation (#​41562)
• resource/aws_redshiftseverless_namespace: Add RequiredWith validation admin_user_password_wo and admin_user_password_wo_version. Remove PreferWriteOnlyAttribute validation (#​41562)
• resource/aws_s3_directory_bucket: The default value for data_redundancy is SingleLocalZone if location.type is LocalZone (#​40944)
• resource/aws_s3_object: Add checksum_crc64nvme attribute (#​41015)
• resource/aws_s3_object_copy: Add checksum_crc64nvme attribute (#​41015)
• resource/aws_secretsmanager_secret_version: Add RequiredWith validation secret_string_wo and secret_string_wo_version. Remove PreferWriteOnlyAttribute validation (#​41562)
• resource/aws_ssm_parameter: Remove PreferWriteOnlyAttribute validation (#​41562)

BUG FIXES:

• resource/aws_cloudwatch_log_delivery: Fix Provider produced inconsistent result error on s3_delivery_configuration.suffix_path (#​41497)
• resource/aws_ec2_fleet: Add spot_options.max_total_price, spot_options.min_target_capacity, spot_options.single_instance_type, and spot_options.single_availability_zone arguments (#​41272)
• resource/aws_lb_listener: Ensure that routing_http_response_server_enabled, routing_http_response_strict_transport_security_header_value, routing_http_response_access_control_allow_origin_header_value, routing_http_response_access_control_allow_methods_header_value, routing_http_response_access_control_allow_headers_header_value, routing_http_response_access_control_allow_credentials_header_value, routing_http_response_access_control_expose_headers_header_value, routing_http_response_access_control_max_age_header_value, routing_http_response_content_security_policy_header_value, routing_http_response_x_content_type_options_header_value, routing_http_response_x_frame_options_header_value, routing_http_request_x_amzn_mtls_clientcert_serial_number_header_name, routing_http_request_x_amzn_mtls_clientcert_issuer_header_name, routing_http_request_x_amzn_mtls_clientcert_subject_header_name, routing_http_request_x_amzn_mtls_clientcert_validity_header_name, routing_http_request_x_amzn_mtls_clientcert_leaf_header_name, routing_http_request_x_amzn_mtls_clientcert_header_name, routing_http_request_x_amzn_tls_version_header_name, and routing_http_request_x_amzn_tls_cipher_suite_header_name are updated if tcp_idle_timeout_seconds does not change (#​41299)
• resource/aws_macie2_classification_job: Ensure that only status and tags can be updated in-place (#​41266)
• resource/aws_nat_gateway: Allow secondary_allocation_ids to be updated in-place (#​41403)
• resource/aws_redshift_cluster: Fix master_username validation (#​41556)
• resource/aws_s3_bucket_lifecycle_configuration: Prevents InvalidRequest error when rule.and.object_size_less_than not set. (#​41542)
• resource/aws_servicequotas_service_quota: Does not leave stuck resource in state when service quota not supported in current region. (#​41509)

codecov/codecov-action (codecov/codecov-action)

v5.4.0

Compare Source

What's Changed

• update wrapper submodule to 0.2.0, add recurse_submodules arg by @​matt-codecov in https://github.com/codecov/codecov-action/pull/1780
• build(deps): bump actions/upload-artifact from 4.6.0 to 4.6.1 by @​app/dependabot in https://github.com/codecov/codecov-action/pull/1775
• build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 by @​app/dependabot in https://github.com/codecov/codecov-action/pull/1776
• build(deps): bump github/codeql-action from 3.28.9 to 3.28.10 by @​app/dependabot in https://github.com/codecov/codecov-action/pull/1777
• Clarify in README that use_pypi bypasses integrity checks too by @​webknjaz in https://github.com/codecov/codecov-action/pull/1773
• Fix use of safe.directory inside containers by @​Flamefire in https://github.com/codecov/codecov-action/pull/1768
• Fix description for report_type input by @​craigscott-crascit in https://github.com/codecov/codecov-action/pull/1770
• build(deps): bump github/codeql-action from 3.28.8 to 3.28.9 by @​app/dependabot in https://github.com/codecov/codecov-action/pull/1765
• Fix a typo in the example by @​miranska in https://github.com/codecov/codecov-action/pull/1758
• build(deps): bump github/codeql-action from 3.28.5 to 3.28.8 by @​app/dependabot in https://github.com/codecov/codecov-action/pull/1757
• build(deps): bump github/codeql-action from 3.28.1 to 3.28.5 by @​app/dependabot in https://github.com/codecov/codecov-action/pull/1753

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.3.1..v5.4.0

cypress-io/cypress (cypress)

v14.1.0

Compare Source

Changelog: https://docs.cypress.io/app/references/changelog#14-1-0

docker/build-push-action (docker/build-push-action)

v6.15.0

Compare Source

• Bump @​docker/actions-toolkit from 0.55.0 to 0.56.0 in https://github.com/docker/build-push-action/pull/1330

Full Changelog: docker/build-push-action@v6.14.0...v6.15.0

docker/setup-buildx-action (docker/setup-buildx-action)

v3.10.0

Compare Source

• Bump @​docker/actions-toolkit from 0.54.0 to 0.56.0 in https://github.com/docker/setup-buildx-action/pull/408

Full Changelog: docker/setup-buildx-action@v3.9.0...v3.10.0

docker/setup-qemu-action (docker/setup-qemu-action)

v3.5.0

Compare Source

• Bump @​docker/actions-toolkit from 0.54.0 to 0.56.0 in https://github.com/docker/setup-qemu-action/pull/205

Full Changelog: docker/setup-qemu-action@v3.4.0...v3.5.0

aws/aws-sdk-go-v2 (github.com/aws/aws-sdk-go-v2)

v1.36.3

Compare Source

github/codeql-action (github/codeql-action)

v3.28.10

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.10 - 21 Feb 2025

• Update default CodeQL bundle version to 2.20.5. #​2772
• Address an issue where the CodeQL Bundle would occasionally fail to decompress on macOS. #​2768

See the full CHANGELOG.md for more information.

hashicorp/terraform (hashicorp/terraform)

v1.11.0

Compare Source

1.11.0 (February 27, 2025)

NEW FEATURES:

• Add write-only attributes to resources. Providers can specify that certain attributes are write-only. They are not persisted in state. You can use ephemeral values in write-only attributes. (#​36031)

• terraform test: The -junit-xml option for the terraform test command is now generally available. This option allows the command to create a test report in JUnit XML format. Feedback during the experimental phase helped map terraform test concepts to the JUnit XML format, and new additons may happen in future releases. (#​36324)

• S3 native state locking is now generally available. The use_lockfile argument enables users to adopt the S3-native mechanism for state locking. As part of this change, we've deprecated the DynamoDB-related arguments in favor of this new locking mechanism. While you can still use DynamoDB alongside S3-native state locking for migration purposes, we encourage migrating to the new state locking mechanism. (#​36338)

ENHANCEMENTS:

• init: Provider installation will utilise credentials configured in a .netrc file for the download and shasum URLs returned by provider registries. (#​35843)

• terraform test: Test runs now support using mocked or overridden values during unit test runs (e.g., with command = "plan"). Set override_during = plan in the test configuration to use the overridden values during the plan phase. The default value is override_during = apply. (#​36227)

• terraform test: Add new state_key attribute for run blocks, allowing test authors control over which internal state file should be used for the current test run. (#​36185)

• Updates the azure backend authentication to match the terraform-provider-azurermprovider authentication, in several ways:

  • github.com/hashicorp/go-azure-helpers: v0.43.0 -> v0.71.0
  • github.com/hashicorp/go-azure-sdk/[resource-manager/sdk]: v0.20241212.1154051. This replaces the deprecated Azure SDK used before
  • github.com/jackofallops/giovanni: v0.15.1 -> v0.27.0. Meanwhile, updating the azure storage API version from 2018-11-09 to 2023-11-03
  • Following new properties are added for the azure backend configuration:
    • use_cli
    • use_aks_workload_identity
    • client_id_file_path
    • client_certificate
    • client_id_file_path
    • client_secret_file_path
      (#​36258)

• Include ca-certificates package in our official Docker image to help with certificate handling by downstream (#​36486)

BUG FIXES:

• ephemeral values: correct error message when ephemeral values are included in provisioner output (#​36427)

• Attempting to override a variable during apply via TF_VAR_ environment variable will now yield warning instead of misleading error. (#​36435)

• backends: Fix crash when interrupting during interactive prompt for values (#​36448)

• Fixes hanging behavior seen when applying a saved plan with -auto-approve using the cloud backend (#​36453)

Previous Releases

For information on prior major and minor releases, refer to their changelogs:

• v1.10
• v1.9
• v1.8
• v1.7
• v1.6
• v1.5
• v1.4
• v1.3
• v1.2
• v1.1
• v1.0
• v0.15
• v0.14
• v0.13
• v0.12
• v0.11 and earlier

opensearch-project/OpenSearch (opensearchproject/opensearch)

v2.19.1

Compare Source

2025-02-27 Version 2.19.1 Release Notes

[2.19.1]

Added

• Add execution_hint to cardinality aggregator request (#17420)

Dependencies

• Bump netty from 4.1.117.Final to 4.1.118.Final (#​17320)
• Bump jetty version from 9.4.55.v20240627 to 9.4.57.v20241219

Changed

Deprecated

Fixed

• Fix HTTP API calls that hang with 'Accept-Encoding: zstd' (#​17408)

sass/dart-sass (sass)

v1.85.1

Compare Source

• Fix a bug where global Sass functions whose names overlap with CSS math
  functions could incorrectly be treated as CSS math functions even though they
  used Sass-only features, causing compilation failures. For example,
  round(-$var / 2) previously threw an error but now works as intended.

---

Configuration

📅 Schedule: Branch creation - "* 0-3 * * 1" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 12 additional dependencies were updated

Details:

Package	Change
github.com/aws/aws-sdk-go-v2/feature/ec2/imds	v1.16.29 -> v1.16.30
github.com/aws/aws-sdk-go-v2/internal/configsources	v1.3.33 -> v1.3.34
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2	v2.6.33 -> v2.6.34
github.com/aws/aws-sdk-go-v2/internal/v4a	v1.3.33 -> v1.3.34
github.com/aws/aws-sdk-go-v2/service/dynamodbstreams	v1.24.21 -> v1.25.0
github.com/aws/aws-sdk-go-v2/service/internal/checksum	v1.6.1 -> v1.6.2
github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery	v1.10.14 -> v1.10.15
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url	v1.12.14 -> v1.12.15
github.com/aws/aws-sdk-go-v2/service/internal/s3shared	v1.18.14 -> v1.18.15
github.com/aws/aws-sdk-go-v2/service/sso	v1.24.16 -> v1.25.0
github.com/aws/aws-sdk-go-v2/service/ssooidc	v1.28.15 -> v1.29.0
github.com/aws/aws-sdk-go-v2/service/sts	v1.33.15 -> v1.33.16

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 95.04%. Comparing base (abc537f) to head (9562ad3).
Report is 2 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1820      +/-   ##
==========================================
- Coverage   95.06%   95.04%   -0.02%     
==========================================
  Files         287      287              
  Lines       17036    17036              
==========================================
- Hits        16195    16192       -3     
- Misses        663      665       +2     
- Partials      178      179       +1     

Flag	Coverage Δ
unittests	95.04% <ø> (-0.02%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.