Skip to content

Update npm dependencies#57

Open
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/npm-dependencies
Open

Update npm dependencies#57
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/npm-dependencies

Conversation

@renovate
Copy link
Copy Markdown

@renovate renovate Bot commented Apr 24, 2026
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
@aws-sdk/client-cognito-identity (source) 3.991.03.1053.0 age confidence
@types/node (source) 25.2.325.9.1 age confidence
undici (source) 6.25.06.26.0 age confidence

Release Notes

aws/aws-sdk-js-v3 (@​aws-sdk/client-cognito-identity)

v3.1053.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1052.0

Compare Source

3.1052.0(2026-05-21)
Chores
Documentation Changes
  • client-batch: Clarified CreateComputeEnvironment parameter requirements - serviceRole is required for UNMANAGED compute environments, allocationStrategy is required for EKS compute environments, and compute environments must be created in the ENABLED state. (bc78cb3c)
New Features
  • client-translate: Adding new BDD representation of endpoint ruleset (4955d4a1)
  • client-sagemaker: Add support for disabling home EFS file system creation on SageMaker domains. (a9896a7a)
  • client-pricing: Adding new BDD representation of endpoint ruleset (01e82e58)
  • client-bedrock-agent: Adding new BDD representation of endpoint ruleset (a9a71958)
  • client-global-accelerator: Adding new BDD representation of endpoint ruleset (5e60c75c)
  • client-workmail: Adding new BDD representation of endpoint ruleset (0fc6a8a0)
  • client-fsx: Adding new BDD representation of endpoint ruleset (83c595a4)
  • client-quicksight: Adding new BDD representation of endpoint ruleset (7f5bcda1)
  • client-bedrock-runtime: Adding new BDD representation of endpoint ruleset (f09451b1)
  • client-datasync: Adding new BDD representation of endpoint ruleset (4b9532a1)
  • client-fms: Adding new BDD representation of endpoint ruleset (db519184)
  • client-qapps: Adding new BDD representation of endpoint ruleset (b1bb929f)
  • client-migrationhuborchestrator: Adding new BDD representation of endpoint ruleset (0bb854ff)
  • client-dlm: Adding new BDD representation of endpoint ruleset (b2dd6ba2)
  • client-securityhub: Adding new BDD representation of endpoint ruleset (d9edee64)
  • client-serverlessapplicationrepository: Adding new BDD representation of endpoint ruleset (2c5e6f6e)
  • client-healthlake: Adding new BDD representation of endpoint ruleset (1b33b0ea)
  • client-api-gateway: Adding new BDD representation of endpoint ruleset (26e618e8)
  • client-backup: Adding new BDD representation of endpoint ruleset (c809d3b9)
  • client-textract: Adding new BDD representation of endpoint ruleset (f1282b2d)
  • client-eks: Adding new BDD representation of endpoint ruleset (b194851e)
  • client-guardduty: Adding new BDD representation of endpoint ruleset (4aa7b6d2)
  • client-cloud9: Adding new BDD representation of endpoint ruleset (78d50c2e)
  • client-bedrock-agentcore-control: Adds dataset management APIs for creating, versioning, and managing evaluation datasets. (225ba345)
  • client-migrationhub-config: Adding new BDD representation of endpoint ruleset (ffe071b2)
  • client-signer: Adding new BDD representation of endpoint ruleset (6c786ca9)
  • client-service-catalog-appregistry: Adding new BDD representation of endpoint ruleset (45eb10a0)
  • client-sagemaker-metrics: Adding new BDD representation of endpoint ruleset (151bcd1d)
  • client-cleanroomsml: Collaboration creators can update payment configurations without recreating the collaboration. When multiple payer candidates are configured for a cost type, analysis runners can specify the actual payer at submission time, providing granular control over billing. (191561ce)
  • client-kendra-ranking: Adding new BDD representation of endpoint ruleset (209096f6)
  • client-evs: A new GetDepotUrl API has been added to retrieve a URL for accessing Amazon EVS custom addon packages. Customers can use this URL to configure vSphere Lifecycle Manager (vLCM) as an online depot source, enabling upgrades of addon components across ESXi hosts. (20d01571)
  • client-sso-admin: Adding new BDD representation of endpoint ruleset (b88345c2)
  • client-codeartifact: Adding new BDD representation of endpoint ruleset (7f5da314)
  • client-acm-pca: Adding new BDD representation of endpoint ruleset (73c5c7f0)
  • client-codeguruprofiler: Adding new BDD representation of endpoint ruleset (b94dfaaf)
  • client-kinesis-video-archived-media: Adding new BDD representation of endpoint ruleset (c286df48)
  • client-connect: Adding new BDD representation of endpoint ruleset (dafa111c)
  • client-mediaconnect: Adds support for controlling the timecode source of NDI flow outputs. (e1d3cfb0)
  • client-comprehendmedical: Adding new BDD representation of endpoint ruleset (101e2da8)
  • client-comprehend: Adding new BDD representation of endpoint ruleset (703f5fa6)
  • client-kafka: Adding new BDD representation of endpoint ruleset (69784609)
  • client-mediatailor: Adding new BDD representation of endpoint ruleset (73002630)
  • client-cleanrooms: Collaboration creators can update payment configurations without recreating the collaboration. When multiple payer candidates are configured for a cost type, analysis runners can specify the actual payer at submission time, providing granular control over billing. (1cee155c)
  • client-verifiedpermissions: Support hard deleting policy store aliases. Users can now delete an alias and immediately reassign it to a different policy store without waiting for the soft-delete retention period. (f8b7f31e)
  • client-transcribe: Adding new BDD representation of endpoint ruleset (f5ceb261)
  • client-iot-jobs-data-plane: Adding new BDD representation of endpoint ruleset (958ab819)
  • client-acm: Adding new BDD representation of endpoint ruleset (15634c51)
  • client-marketplace-entitlement-service: Adding new BDD representation of endpoint ruleset (ca50a366)
  • client-route53resolver: Adding new BDD representation of endpoint ruleset (71ea880f)
  • client-appstream: Adding new BDD representation of endpoint ruleset (ea9efafa)
  • client-apigatewayv2: Adding new BDD representation of endpoint ruleset (b218bd77)
  • client-networkmanager: Adding new BDD representation of endpoint ruleset (fdda3110)
Bug Fixes

For list of updated packages, view updated-packages.md in assets-3.1052.0.zip

v3.1051.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1050.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1049.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1048.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1047.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1046.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1045.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1044.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1043.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1042.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1041.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1040.0

Compare Source

3.1040.0(2026-04-30)
New Features
  • clients: update client endpoints as of 2026-04-30 (2620ccbd)
  • client-bedrock-agentcore-control: AgentCore Identity now supports on-behalf-of token exchange OAuth2. AgentCore Memory now supports metadata for LongTerm Memory Records. (6b9d13e3)
  • client-route53globalresolver: Adds support for regions in the UpdateGlobalResolver input. (84b15b2e)
  • client-sagemaker: Add InstancePools support to Endpoint for flexible provisioning across a prioritized list of instance types. Add Specifications support to InferenceComponent for per-instance-type model configurations. (05c49aa9)
  • client-sso-admin: Add InstanceArn and IdentityStoreArn in the response of CreateApplication API and IdentityStoreArn in the response of DescribeApplication API (d46aaf53)
  • client-payment-cryptography: Adds support for resource-based policies on AWS Payment Cryptography keys, enabling cross-account key sharing. Also adds Multi-Party Approval (MPA) team association APIs for protecting sensitive import root public key operations. (4d7fdfa8)
  • client-datazone: Adds support for asynchronous notebook runs (e562cc0f)
  • client-kafka: Adds support for ZookeeperAccess field to control the Client-Zookeeper connectivity. (34de26bd)
  • client-observabilityadmin: Observability Admin enablement launch for AWS Kafka, Bedrock Agent Core Workload Identity and OTel metric enablement. (8cea5eb6)
  • client-eks: Vended logs update param for capability vended logs feature (7741c8f5)
  • client-bedrock-agentcore: AgentCore Identity now supports on-behalf-of token exchange OAuth2. AgentCore Memory now supports metadata for LongTerm Memory Records. (948fd098)
Tests

For list of updated packages, view updated-packages.md in assets-3.1040.0.zip

v3.1039.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1038.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1037.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1036.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1035.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1034.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1033.0

Compare Source

Features
  • clients: use binary decision diagrams for endpoint resolution (#​7931) (ff1b2ba)

v3.1032.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1031.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1030.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1029.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1028.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1027.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1026.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1025.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1024.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1023.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1022.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1021.0

Compare Source

Bug Fixes
  • codegen: sync for adaptive retry throttling detection fix (#​7905) (03f108d)

v3.1020.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1019.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1018.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1017.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1016.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1015.0

Compare Source

Bug Fixes
  • core/protocols: use composite error registry for error handling, revert default error message to "UnknownError" (#​7877) (55f7726)

v3.1014.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1013.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1012.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1011.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1010.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1009.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1008.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1007.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1006.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1005.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1004.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1003.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1002.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1001.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.1000.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.999.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.998.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.997.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.996.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.995.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.994.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.993.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

v3.992.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-cognito-identity

nodejs/undici (undici)

v6.26.0

Compare Source

What's Changed

Full Changelog: nodejs/undici@v6.25.0...v6.26.0

Configuration

📅 Schedule: (in timezone Europe/Paris)

  • Branch creation
    • "after 7am every weekday,before 8pm every weekday"
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot requested a review from a team as a code owner April 24, 2026 09:43
@renovate
Copy link
Copy Markdown
Author

renovate Bot commented Apr 24, 2026
edited
Loading

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json
npm warn Unknown env config "store". This will stop working in the next major version of npm. See `npm help npmrc` for supported config options.
npm error code EOVERRIDE
npm error Override for undici@6.26.0 conflicts with direct dependency
npm error A complete log of this run can be found in: /runner/cache/others/npm/_logs/2026-05-30T20_01_52_497Z-debug-0.log

@sonarqube-cloud-us
Copy link
Copy Markdown

sonarqube-cloud-us Bot commented Apr 24, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues
0 New dependency risks

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@sonar-review-alpha
Copy link
Copy Markdown

sonar-review-alpha Bot commented Apr 24, 2026
edited
Loading

Summary

⚠️ The PR description exceeded the analysis limit and was truncated. The review may not reflect all context.

Renovate dependency update PR that bumps two packages in package.json:

  • @aws-sdk/client-cognito-identity: 3.750.0 → 3.1032.0 (significant jump, 282+ minor versions)
  • @types/node: 25.2.3 → 25.6.0 (minor patch update)

All changes are version updates in package.json with corresponding lock file entries updated. No code changes.

What reviewers should know

What to review:

  • The AWS SDK jump is substantial but uses caret versioning (^3.1032.0), indicating the new version is expected to be backward compatible
  • @types/node is a safe minor bump within the 25.x range
  • No source code changes, only dependency versions

Testing:

  • Verify the dependencies install without conflicts
  • The main value is ensuring AWS SDK compatibility with the action's usage of Cognito Identity client
  • Check that TypeScript types from updated @types/node don't break any existing code
  • Generate Walkthrough
  • Generate Diagram

🗣️ Give feedback

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Apr 24, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues
0 New dependency risks

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

sonar-review-alpha[bot]
sonar-review-alpha Bot reviewed Apr 24, 2026
View reviewed changes
Copy link
Copy Markdown

@sonar-review-alpha sonar-review-alpha Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is one blocking issue: the compiled dist bundles were not rebuilt, so the action runtime still uses the old SDK version despite the package.json update. The summary below covers the full picture.

The dist files (credential-setup/dist/index.js, credential-guard/dist/main/index.js, credential-guard/dist/post/index.js) are self-contained bundles produced by @vercel/ncc and committed to the repo. Inspecting the current HEAD bundle confirms it still embeds @aws-sdk/client-cognito-identity version 3.991.0 — the version this PR intends to replace. Until npm run build is run and the updated bundles are committed, this PR has no runtime effect.

🗣️ Give feedback

Comment thread package.json Outdated
"dependencies": {
"@actions/core": "^1.11.1",
"@aws-sdk/client-cognito-identity": "^3.750.0"
"@aws-sdk/client-cognito-identity": "^3.1032.0"
Copy link
Copy Markdown

@sonar-review-alpha sonar-review-alpha Bot Apr 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The dist bundles were not rebuilt. The action runs from the committed credential-setup/dist/ and credential-guard/dist/ files, which @vercel/ncc packages at build time — they are not regenerated during a GitHub Actions run.

Searching the current bundle for version strings confirms it still embeds @aws-sdk/client-cognito-identity@3.991.0. Run npm run build and commit the updated dist files for this change to have any runtime effect.

  • Mark as noise

Comment thread package-lock.json Outdated
"resolved": "https://repox.jfrog.io/artifactory/api/npm/npm/@aws-sdk/client-cognito-identity/-/client-cognito-identity-3.991.0.tgz",
"integrity": "sha512-U3Qh+SPWQQiK+ON6fCOC+SctNlsigATTnz1TkD28l35j6fs7+QAEjbtP07LpfZ926mx3ibBN3jMRDFsOKSXwRQ==",
"version": "3.1032.0",
"resolved": "https://registry.npmjs.org/@aws-sdk/client-cognito-identity/-/client-cognito-identity-3.1032.0.tgz",
Copy link
Copy Markdown

@sonar-review-alpha sonar-review-alpha Bot Apr 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The AWS SDK packages (and their transitive @smithy/* dependencies) now resolve from registry.npmjs.org, while all other unchanged packages (vitest, rollup, esbuild, @actions/*, etc.) still resolve from repox.jfrog.io — the private JFrog Artifactory mirror.

This mixed-registry state means npm install fetches from two different sources and could fail in environments that only have access to the private mirror. If Renovate ran without access to that mirror, all changed packages should ideally be re-mirrored into Artifactory and the lock file regenerated from there, as was done for the previous dependency versions.

  • Mark as noise

@renovate renovate Bot force-pushed the renovate/npm-dependencies branch from f8eb96e to fef5e38 Compare May 27, 2026 15:03
@renovate renovate Bot temporarily deployed to sca-checking May 27, 2026 15:03 Inactive
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented May 27, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues
0 New dependency risks

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@sonarqube-cloud-us
Copy link
Copy Markdown

sonarqube-cloud-us Bot commented May 27, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues
0 New dependency risks

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@sonar-review-alpha sonar-review-alpha[bot] sonar-review-alpha[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants