Renovate Update Patch & Minor Updates

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	Pending	Age	Adoption	Passing	Confidence
aws (source)	required_provider	minor	~> 5.32.0 -> ~> 5.33.0
boto3		patch	==1.34.17 -> ==1.34.23	1.34.27 (+3)
cypress (source)	devDependencies	patch	13.6.2 -> 13.6.3
github.com/aws/aws-lambda-go	require	minor	v1.44.0 -> v1.45.0
github.com/aws/aws-sdk-go-v2/config	require	patch	v1.26.3 -> v1.26.5	v1.26.6
github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue	require	patch	v1.12.14 -> v1.12.16
github.com/aws/aws-sdk-go-v2/service/dynamodb	require	minor	v1.26.8 -> v1.27.0
go.opentelemetry.io/contrib/detectors/aws/ecs	require	minor	v1.21.1 -> v1.22.0
go.opentelemetry.io/contrib/instrumentation/github.com/aws/aws-sdk-go-v2/otelaws	require	minor	v0.46.1 -> v0.47.0
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp	require	minor	v0.46.1 -> v0.47.0
go.opentelemetry.io/contrib/propagators/aws	require	minor	v1.21.1 -> v1.22.0
go.opentelemetry.io/otel	require	minor	v1.21.0 -> v1.22.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc	require	minor	v1.21.0 -> v1.22.0
go.opentelemetry.io/otel/sdk	require	minor	v1.21.0 -> v1.22.0
go.opentelemetry.io/otel/trace	require	minor	v1.21.0 -> v1.22.0
hashicorp/terraform	required_version	minor	1.6.6 -> 1.7.0	1.7.1
pagerduty (source)	required_provider	minor	~> 3.4.0 -> ~> 3.5.0	3.5.1
sass	dependencies	minor	1.69.7 -> 1.70.0

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

hashicorp/terraform-provider-aws (aws)

v5.33.0

Compare Source

FEATURES:

• New Data Source: aws_eks_access_entry (#​35037)
• New Resource: aws_eks_access_entry (#​35037)
• New Resource: aws_eks_access_policy_association (#​35037)
• New Resource: aws_lexv2models_intent (#​34891)

ENHANCEMENTS:

• data-source/aws_eks_cluster: Add access_config attribute (#​35037)
• data-source/aws_secretsmanager_secret: Add created_date and last_changed_date attributes (#​35117)
• data-source/aws_secretsmanager_secret_version: Add created_date attribute (#​35117)
• resource/aws_backup_plan: Add rule.lifecycle.opt_in_to_archive_for_supported_resources and rule.copy_action.lifecycle.opt_in_to_archive_for_supported_resources and arguments (#​34994)
• resource/aws_eks_cluster: Add access_config configuration block (#​35037)
• resource/aws_lakeformation_resource: Add use_service_linked_role argument (#​35284)
• resource/aws_secretsmanager_secret_rotation: Add rotate_immediately argument (#​35105)

BUG FIXES:

• resource/aws_datasync_task: Allow schedule to be removed successfully (#​35282)
• resource/aws_fis_experiment_template: Fix validation error when not using target.resource_arns or target.resource_tag attributes. (#​35254)
• resource/aws_lb_listener: Fix ValidationError: Mutual Authentication mode passthrough does not support ignoring certificate expiry errors when mutual_authentication.mode is set to passthrough (#​35289)
• resource/aws_secretsmanager_secret_version: Fix InvalidParameterException: The parameter RemoveFromVersionId can't be empty. Staging label AWSCURRENT is currently attached to version ..., so you must explicitly reference that version in RemoveFromVersionId errors when a secret is updated outside Terraform (#​19943)

boto/boto3 (boto3)

v1.34.23

Compare Source

=======

• api-change:athena: [botocore] Introducing new NotebookS3LocationUri parameter to Athena ImportNotebook API. Payload is no longer required and either Payload or NotebookS3LocationUri needs to be provided (not both) for a successful ImportNotebook API call. If both are provided, an InvalidRequestException will be thrown.
• api-change:codebuild: [botocore] Release CodeBuild Reserved Capacity feature
• api-change:dynamodb: [botocore] This release adds support for including ApproximateCreationDateTimePrecision configurations in EnableKinesisStreamingDestination API, adds the same as an optional field in the response of DescribeKinesisStreamingDestination, and adds support for a new UpdateKinesisStreamingDestination API.
• api-change:qconnect: [botocore] Increased Quick Response name max length to 100

v1.34.22

Compare Source

=======

• api-change:b2bi: [botocore] Increasing TestMapping inputFileContent file size limit to 5MB and adding file size limit 250KB for TestParsing input file. This release also includes exposing InternalServerException for Tag APIs.
• api-change:cloudtrail: [botocore] This release adds a new API ListInsightsMetricData to retrieve metric data from CloudTrail Insights.
• api-change:connect: [botocore] GetMetricDataV2 now supports 3 groupings
• api-change:drs: [botocore] Removed invalid and unnecessary default values.
• api-change:firehose: [botocore] Allow support for Snowflake as a Kinesis Data Firehose delivery destination.
• api-change:sagemaker-featurestore-runtime: [botocore] Increase BatchGetRecord limits from 10 items to 100 items

v1.34.21

Compare Source

=======

• api-change:dynamodb: [botocore] Updating note for enabling streams for UpdateTable.
• api-change:keyspaces: [botocore] This release adds support for Multi-Region Replication with provisioned tables, and Keyspaces auto scaling APIs

v1.34.20

Compare Source

=======

• api-change:iot: [botocore] Revert release of LogTargetTypes
• api-change:iotfleetwise: [botocore] Updated APIs: SignalNodeType query parameter has been added to ListSignalCatalogNodesRequest and ListVehiclesResponse has been extended with attributes field.
• api-change:macie2: [botocore] This release adds support for analyzing Amazon S3 objects that are encrypted using dual-layer server-side encryption with AWS KMS keys (DSSE-KMS). It also adds support for reporting DSSE-KMS details in statistics and metadata about encryption settings for S3 buckets and objects.
• api-change:payment-cryptography: [botocore] Provide an additional option for key exchange using RSA wrap/unwrap in addition to tr-34/tr-31 in ImportKey and ExportKey operations. Added new key usage (type) TR31_M1_ISO_9797_1_MAC_KEY, for use with Generate/VerifyMac dataplane operations with ISO9797 Algorithm 1 MAC calculations.
• api-change:personalize-runtime: [botocore] Documentation updates for Amazon Personalize
• api-change:personalize: [botocore] Documentation updates for Amazon Personalize.
• api-change:rekognition: [botocore] This release adds ContentType and TaxonomyLevel attributes to DetectModerationLabels and GetMediaAnalysisJob API responses.
• api-change:securityhub: [botocore] Documentation updates for AWS Security Hub

v1.34.19

Compare Source

=======

• api-change:sagemaker: [botocore] This release will have ValidationException thrown if certain invalid app types are provided. The release will also throw ValidationException if more than 10 account ids are provided in VpcOnlyTrustedAccounts.

v1.34.18

Compare Source

=======

• api-change:connect: [botocore] Supervisor Barge for Chat is now supported through the MonitorContact API.
• api-change:connectparticipant: [botocore] Introduce new Supervisor participant role
• api-change:location: [botocore] Location SDK documentation update. Added missing fonts to the MapConfiguration data type. Updated note for the SubMunicipality property in the place data type.
• api-change:mwaa: [botocore] This Amazon MWAA feature release includes new fields in CreateWebLoginToken response model. The new fields IamIdentity and AirflowIdentity will let you match identifications, as the Airflow identity length is currently hashed to 64 characters.
• api-change:s3control: [botocore] S3 On Outposts team adds dualstack endpoints support for S3Control and S3Outposts API calls.
• api-change:supplychain: [botocore] This release includes APIs CreateBillOfMaterialsImportJob and GetBillOfMaterialsImportJob.
• api-change:transfer: [botocore] AWS Transfer Family now supports static IP addresses for SFTP & AS2 connectors and for async MDNs on AS2 servers.
• api-change:endpoint-rules: [botocore] Update endpoint-rules client to latest version

cypress-io/cypress (cypress)

v13.6.3

Compare Source

Changelog: https://docs.cypress.io/guides/references/changelog#13-6-3

aws/aws-lambda-go (github.com/aws/aws-lambda-go)

v1.45.0

Compare Source

What's Changed

• lambdaurl: Populate RemoteAddr with SourceIP by @​lyoung-confluent in https://github.com/aws/aws-lambda-go/pull/546

Full Changelog: aws/aws-lambda-go@v1.44.0...v1.45.0

open-telemetry/opentelemetry-go-contrib (go.opentelemetry.io/contrib/detectors/aws/ecs)

v1.22.0: Release 1.22.0/0.47.0/0.16.0/0.2.0

Compare Source

Added

• Add SDK.Shutdown method in "go.opentelemetry.io/contrib/config". (#​4583)
• NewSDK in go.opentelemetry.io/contrib/config now returns a configured SDK with a valid TracerProvider. (#​4741)

Changed

• The semantic conventions used by go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful are upgraded to v1.20.0. (#​4320)
• The semantic conventions used by go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin are upgraded to v1.20.0. (#​4320)
• The semantic conventions used by go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux are upgraded to v1.20.0. (#​4320)
• The semantic conventions used by go.opentelemetry.io/contrib/instrumentation/github.com/labstack/echo/otelecho are upgraded to v1.20.0. (#​4320)
• The semantic conventions used by go.opentelemetry.io/contrib/instrumentation/gopkg.in/macaron.v1/otelmacaron are upgraded to v1.20.0. (#​4320)
• The semantic conventions used by go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace are upgraded to v1.20.0. (#​4320)
• The semantic conventions used by go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace/example are upgraded to v1.20.0. (#​4320)
• The semantic conventions used by go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/example are upgraded to v1.20.0. (#​4320)
• The semantic conventions used by go.opentelemetry.io/contrib/instrumentation/net/http/otelhttpare upgraded to v1.20.0. (#​4320)
• Updated configuration schema to include schema_url for resource definition and without_type_suffix and without_units for the Prometheus exporter. (#​4727)
• The semantic conventions used by the go.opentelemetry.io/contrib/detectors/aws/ecs resource detector are upgraded to v1.24.0. (#​4803)
• The semantic conventions used by the go.opentelemetry.io/contrib/detectors/aws/lambda resource detector are upgraded to v1.24.0. (#​4803)
• The semantic conventions used by the go.opentelemetry.io/contrib/detectors/aws/ec2 resource detector are upgraded to v1.24.0. (#​4803)
• The semantic conventions used by the go.opentelemetry.io/contrib/detectors/aws/eks resource detector are upgraded to v1.24.0. (#​4803)
• The semantic conventions used by the go.opentelemetry.io/contrib/detectors/gcp resource detector are upgraded to v1.24.0. (#​4803)
• The semantic conventions used in go.opentelemetry.io/contrib/instrumentation/github.com/aws/aws-lambda-go/otellambda/test are upgraded to v1.24.0. (#​4803)

Fixed

• Fix NewServerHandler in go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc to correctly set the span status depending on the gRPC status. (#​4587)
• The stats.Handler from go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc now does not crash when receiving an unexpected context. (#​4825)
• Update go.opentelemetry.io/contrib/detectors/aws/ecs to fix the task ARN when it is not valid. (#​3583)
• Do not panic in go.opentelemetry.io/contrib/detectors/aws/ecs when the container ARN is not valid. (#​3583)

open-telemetry/opentelemetry-go (go.opentelemetry.io/otel)

v1.22.0: /v0.45.0

Compare Source

Added

• The go.opentelemetry.io/otel/semconv/v1.22.0 package.
  The package contains semantic conventions from the v1.22.0 version of the OpenTelemetry Semantic Conventions. (#​4735)
• The go.opentelemetry.io/otel/semconv/v1.23.0 package.
  The package contains semantic conventions from the v1.23.0 version of the OpenTelemetry Semantic Conventions. (#​4746)
• The go.opentelemetry.io/otel/semconv/v1.23.1 package.
  The package contains semantic conventions from the v1.23.1 version of the OpenTelemetry Semantic Conventions. (#​4749)
• The go.opentelemetry.io/otel/semconv/v1.24.0 package.
  The package contains semantic conventions from the v1.24.0 version of the OpenTelemetry Semantic Conventions. (#​4770)
• Add WithResourceAsConstantLabels option to apply resource attributes for every metric emitted by the Prometheus exporter. (#​4733)
• Experimental cardinality limiting is added to the metric SDK.
  See metric documentation for more information about this feature and how to enable it. (#​4457)
• Add NewMemberRaw and NewKeyValuePropertyRaw in go.opentelemetry.io/otel/baggage. (#​4804)

Changed

• Upgrade all use of go.opentelemetry.io/otel/semconv to use v1.24.0. (#​4754)
• Update transformations in go.opentelemetry.io/otel/exporters/zipkin to follow v1.19.0 version of the OpenTelemetry specification. (#​4754)
• Record synchronous measurements when the passed context is canceled instead of dropping in go.opentelemetry.io/otel/sdk/metric.
  If you do not want to make a measurement when the context is cancelled, you need to handle it yourself (e.g if ctx.Err() != nil). (#​4671)
• Improve go.opentelemetry.io/otel/trace.TraceState's performance. (#​4722)
• Improve go.opentelemetry.io/otel/propagation.TraceContext's performance. (#​4721)
• Improve go.opentelemetry.io/otel/baggage performance. (#​4743)
• Improve performance of the (*Set).Filter method in go.opentelemetry.io/otel/attribute when the passed filter does not filter out any attributes from the set. (#​4774)
• Member.String in go.opentelemetry.io/otel/baggage percent-encodes only when necessary. (#​4775)
• Property.Value in go.opentelemetry.io/otel/baggage now returns a raw string instead of a percent-encoded value. (#​4804)

Fixed

• Fix Parse in go.opentelemetry.io/otel/baggage to validate member value before percent-decoding. (#​4755)
• Fix whitespace encoding of Member.String in go.opentelemetry.io/otel/baggage. (#​4756)
• Fix baggage item key so that it is not canonicalized in go.opentelemetry.io/otel/bridge/opentracing. (#​4776)
• Fix go.opentelemetry.io/otel/bridge/opentracing to properly handle baggage values that requires escaping during propagation. (#​4804)
• Fix a bug where using multiple readers resulted in incorrect asynchronous counter values in go.opentelemetry.io/otel/sdk/metric. (#​4742)

hashicorp/terraform (hashicorp/terraform)

v1.7.0

Compare Source

1.7.0 (January 17, 2024)

UPGRADE NOTES:

• Input validations are being restored to the state file in this version of Terraform. Due to a state interoperability issue (#​33770) in earlier versions, users that require interaction between different minor series should ensure they have upgraded to the following patches:

  • Users of Terraform prior to 1.3.0 are unaffected;
  • Terraform 1.3 series users should upgrade to 1.3.10;
  • Terraform 1.4 series users should upgrade to 1.4.7;
  • Terraform 1.5 series users should upgrade to 1.5.7;
  • Users of Terraform 1.6.0 and later are unaffected.
    This is important for users with terraform_remote_state data sources reading remote state across different versions of Terraform.

• nonsensitive function no longer raises an error when applied to a value that is already non-sensitive. (#​33856)

• terraform graph now produces a simplified graph describing only relationships between resources by default, for consistency with the granularity of information returned by other commands that emphasize resources as the main interesting object type and de-emphasize the other "glue" objects that connect them.

  The type of graph that earlier versions of Terraform produced by default is still available with explicit use of the -type=plan option, producing an approximation of the real dependency graph Terraform Core would use to construct a plan.

• terraform test: Simplify the ordering of destroy operations during test cleanup to simple reverse run block order. (#​34293)

• backend/s3: The use_legacy_workflow argument now defaults to false. The backend will now search for credentials in the same order as the default provider chain in the AWS SDKs and AWS CLI. To revert to the legacy credential provider chain ordering, set this value to true. This argument, and the ability to use the legacy workflow, is deprecated. To encourage consistency with the AWS SDKs, this argument will be removed in a future minor version.

NEW FEATURES:

• terraform test: Providers, modules, resources, and data sources can now be mocked during executions of terraform test. The following new blocks have been introduced within .tftest.hcl files:

  • mock_provider: Can replace provider instances with mocked providers, allowing tests to execute in command = apply mode without requiring a configured cloud provider account and credentials. Terraform will create fake resources for mocked providers and maintain them in state for the lifecycle of the given test file.
  • override_resource: Specific resources can be overridden so Terraform will create a fake resource with custom values instead of creating infrastructure for the overridden resource.
  • override_data: Specific data sources can be overridden so data can be imported into tests without requiring real infrastructure to be created externally first.
  • override_module: Specific modules can be overridden in their entirety to give greater control over the returned outputs without requiring in-depth knowledge of the module itself.

• removed block for refactoring modules: Module authors can now record in source code when a resource or module call has been removed from configuration, and can inform Terraform whether the corresponding object should be deleted or simply removed from state.

  This effectively provides a configuration-driven workflow to replace terraform state rm. Removing an object from state is a new type of action which is planned and applied like any other. The terraform state rm command will remain available for scenarios in which directly modifying the state file is appropriate.

BUG FIXES:

• Ignore potential remote terraform version mismatch when running force-unlock (#​28853)
• Exit Dockerfile build script early on cd failure. (#​34128)
• terraform test: Stop attempting to destroy run blocks that have no actual infrastructure to destroy. This fixes an issue where attempts to destroy "verification" run blocks that load only data sources would fail if the underlying infrastructure referenced by the run blocks had already been destroyed. (#​34331)
• terraform test: Improve error message for invalid run block names. (#​34469)
• terraform test: Fix bug where outputs in "empty" modules were not available to the assertions from Terraform test files. (#​34482)
• security: Upstream patch to mitigate the security advisory CVE-2023-48795, which potentially affects local-exec and file provisioners connecting to remote hosts using SSH. (#​34426)

ENHANCEMENTS:

• terraform test: Providers defined within test files can now reference variables from their configuration that are defined within the test file. (#​34069)
• terraform test: Providers defined within test files can now reference outputs from run blocks. (#​34118)
• terraform test: Terraform functions are now available within variables and provider blocks within test files. (#​34204)
• terraform test: Terraform will now load variables from any terraform.tfvars within the testing directory, and apply the variable values to tests within the same directory. (#​34341)
• terraform graph: Now produces a simplified resources-only graph by default. (#​34288)
• terraform console: Now supports a -plan option which allows evaluating expressions against the planned new state, rather than against the prior state. This provides a more complete set of values for use in console expressions, at the expense of a slower startup time due first calculating the plan. (#​34342)
• import: for_each can now be used to expand the import block to handle multiple resource instances (#​33932)
• If the proposed change for a resource instance is rejected either due to a postcondition block or a prevent_destroy setting, Terraform will now include that proposed change in the plan output alongside the relevant error, whereas before the error would replace the proposed change in the output. (#​34312)
• .terraformignore: improve performance when ignoring large directories (#​34400)

Previous Releases

For information on prior major and minor releases, see their changelogs:

• v1.6
• v1.5
• v1.4
• v1.3
• v1.2
• v1.1
• v1.0
• v0.15
• v0.14
• v0.13
• v0.12
• v0.11 and earlier

PagerDuty/terraform-provider-pagerduty (pagerduty)

v3.5.0

Compare Source

FEATURES:

• resource/*, data/*: feat: support for sourcing the provider service region from an env var (#​797)

IMPROVEMENTS:

• resource/*, data/*: Add API Client timeouts configuration for http transport (#​802)

sass/dart-sass (sass)

v1.70.0

Compare Source

JavaScript API

• Add a sass.initCompiler() function that returns a sass.Compiler object
  which supports compile() and compileString() methods with the same API as
  the global Sass object. On the Node.js embedded host, each sass.Compiler
  object uses a single long-lived subprocess, making compiling multiple
  stylesheets much more efficient.

• Add a sass.initAsyncCompiler() function that returns a sass.AsyncCompiler
  object which supports compileAsync() and compileStringAsync() methods with
  the same API as the global Sass object. On the Node.js embedded host, each
  sass.AsynCompiler object uses a single long-lived subprocess, making
  compiling multiple stylesheets much more efficient.

Embedded Sass

• Support the CompileRequest.silent field. This allows compilations with no
  logging to avoid unnecessary request/response cycles.

• The Dart Sass embedded compiler now reports its name as "dart-sass" rather
  than "Dart Sass", to match the JS API's info field.

---

Configuration

📅 Schedule: Branch creation - "before 4am on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (2c8f079) 91.92% compared to head (aa0cc86) 91.92%.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #973   +/-   ##
=======================================
  Coverage   91.92%   91.92%           
=======================================
  Files         180      180           
  Lines        9861     9861           
=======================================
  Hits         9065     9065           
  Misses        679      679           
  Partials      117      117           

Flag	Coverage Δ
unittests	91.92% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠ Warning: custom changes will be lost.

[andrewpearce-digital]

Ran into an issue where the shared replication role couldn't attach any more policies (max limit 10), so I've set it to create a role per env.

[andrewpearce-digital]

also specified the previous version of the pagerduty provider because the one it tried to use is broken.

[acsauk]