Renovate Update Patch & Minor Updates

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update	Pending
Flask (changelog)	==3.0.3 -> ==3.1.0						minor
Werkzeug (changelog)	==3.0.6 -> ==3.1.3						minor
aws (source)	5.70.0 -> 5.84.0					required_provider	minor
boto3	==1.34.98 -> ==1.36.1						minor	1.36.2
connexion	==3.0.6 -> ==3.2.0						minor
coverage	==7.5.0 -> ==7.6.10						minor
fakeredis	==2.22.0 -> ==2.26.2						minor
flake8 (changelog)	==7.0.0 -> ==7.1.1						minor
flask (changelog)	==3.0.3 -> ==3.1.0						minor
github.com/aws/aws-sdk-go	v1.52.2 -> v1.55.6					require	minor
github.com/terraform-aws-modules/terraform-aws-lambda	v7.4.0 -> v7.20.0					module	minor
github/codeql-action	v3.25.3 -> v3.28.1					action	minor
hashicorp/terraform	1.9.7 -> 1.10.4					required_version	minor
hypothesis (source, changelog)	==6.100.2 -> ==6.124.0						minor	6.124.1
importlib-metadata	==8.0.0 -> ==8.5.0						minor
jsonschema (changelog)	==4.22.0 -> ==4.23.0						minor
localstack-client	==2.5 -> ==2.7						minor
markupsafe (changelog)	==3.0.0 -> ==3.0.2						patch
ministryofjustice/opg-github-workflows	v3.1.0 -> v3.5.0					action	minor
moto (changelog)	==5.0.6 -> ==5.0.26						patch
public.ecr.aws/lambda/python	3.12 -> 3.13					final	minor
pytest (changelog)	==8.2.0 -> ==8.3.4						minor
pytest-env	==1.1.3 -> ==1.1.5						patch
python	3.12-slim -> 3.13-slim					final	minor
redis (changelog)	==5.0.4 -> ==5.2.1						minor
requests (source, changelog)	==2.32.0 -> ==2.32.3						patch
requests-aws4auth	==1.0.1 -> ==1.3.1						minor
requests_aws4auth	==1.2.3 -> ==1.3.1						minor
typing-extensions (changelog)	==4.11.0 -> ==4.12.2						minor
validators (changelog)	==0.28.1 -> ==0.34.0						minor
yarl	==1.9.4 -> ==1.18.3						minor

---

Release Notes

pallets/flask (Flask)

v3.1.0

Compare Source

Released 2024-11-13

• Drop support for Python 3.8. :pr:5623
• Update minimum dependency versions to latest feature releases.
  Werkzeug >= 3.1, ItsDangerous >= 2.2, Blinker >= 1.9. :pr:5624,5633
• Provide a configuration option to control automatic option
  responses. :pr:5496
• Flask.open_resource/open_instance_resource and
  Blueprint.open_resource take an encoding parameter to use when
  opening in text mode. It defaults to utf-8. :issue:5504
• Request.max_content_length can be customized per-request instead of only
  through the MAX_CONTENT_LENGTH config. Added
  MAX_FORM_MEMORY_SIZE and MAX_FORM_PARTS config. Added documentation
  about resource limits to the security page. :issue:5625
• Add support for the Partitioned cookie attribute (CHIPS), with the
  SESSION_COOKIE_PARTITIONED config. :issue:5472
• -e path takes precedence over default .env and .flaskenv files.
  load_dotenv loads default files in addition to a path unless
  load_defaults=False is passed. :issue:5628
• Support key rotation with the SECRET_KEY_FALLBACKS config, a list of old
  secret keys that can still be used for unsigning. Extensions will need to
  add support. :issue:5621
• Fix how setting host_matching=True or subdomain_matching=False
  interacts with SERVER_NAME. Setting SERVER_NAME no longer restricts
  requests to only that domain. :issue:5553
• Request.trusted_hosts is checked during routing, and can be set through
  the TRUSTED_HOSTS config. :issue:5636

hashicorp/terraform-provider-aws (aws)

v5.84.0

Compare Source

NOTES:

• resource/aws_kms_custom_key_store: We cannot acceptance test the support for external key stores added in this release. The impementation is best effort and we ask for community help in testing. (#​40557)

FEATURES:

• New Ephemeral Resource: aws_eks_cluster_auth (#​40660)
• New Resource: aws_media_packagev2_channel_group (#​38406)

ENHANCEMENTS:

• data-source/aws_ami: Add uefi_data attribute (#​40210)
• data-source/aws_ec2_instance_type: Add bandwidth_weightings, boot_modes, default_network_card_index, efa_maximum_interfaces, ena_srd_supported, inference_accelerators.memory_size, media_accelerators, network_cards, neuron_devices, nitro_enclaves_support, nitro_tpm_support, nitro_tpm_supported_versions, phc_support, supported_cpu_features, total_inference_memory, total_media_memory, and total_neuron_device_memory attributes (#​40717)
• data-source/aws_elb_hosted_zone_id: Add hosted zone ID for mx-central-1 AWS Region (#​40940)
• data-source/aws_lb_hosted_zone_id: Add hosted zone IDs for mx-central-1 AWS Region (#​40940)
• data-source/aws_s3_bucket: Add hosted zone ID for mx-central-1 AWS Region (#​40940)
• provider: Support mx-central-1 as a valid AWS Region (#​40940)
• resource/aws_ami: Add uefi_data argument (#​40210)
• resource/aws_ami_copy: Add uefi_data attribute (#​40210)
• resource/aws_ami_from_instance: Add uefi_data attribute (#​40210)
• resource/aws_cloudtrail: Add userIdentity.arn to advanced_event_selector.field_selector (#​40629)
• resource/aws_elasticache_user: engine is now case insensitive (#​40794)
• resource/aws_elasticache_user_group: engine is now case insensitive (#​40794)
• resource/aws_globalaccelerator_accelerator: Add arn attribute (#​40930)
• resource/aws_globalaccelerator_custom_routing_accelerator: Add arn attribute (#​40930)
• resource/aws_globalaccelerator_custom_routing_listener: Add arn attribute (#​40930)
• resource/aws_globalaccelerator_listener: Add arn attribute (#​40930)
• resource/aws_kms_custom_key_store: Add support for external key stores (#​40557)
• resource/aws_lb_listener: Add routing_http_response_server_enabled, routing_http_response_strict_transport_security_header_value, routing_http_response_access_control_allow_origin_header_value, routing_http_response_access_control_allow_methods_header_value, routing_http_response_access_control_allow_headers_header_value, routing_http_response_access_control_allow_credentials_header_value, routing_http_response_access_control_expose_headers_header_value, routing_http_response_access_control_max_age_header_value, routing_http_response_content_security_policy_header_value, routing_http_response_x_content_type_options_header_value, routing_http_response_x_frame_options_header_value, routing_http_request_x_amzn_mtls_clientcert_serial_number_header_name, routing_http_request_x_amzn_mtls_clientcert_issuer_header_name, routing_http_request_x_amzn_mtls_clientcert_subject_header_name, routing_http_request_x_amzn_mtls_clientcert_validity_header_name, routing_http_request_x_amzn_mtls_clientcert_leaf_header_name, routing_http_request_x_amzn_mtls_clientcert_header_name, routing_http_request_x_amzn_tls_version_header_name, and routing_http_request_x_amzn_tls_cipher_suite_header_name arguments in support of HTTP header modification (#​40736)
• resource/aws_route53_health_check: Add triggers argument to support synchronization with upstream CloudWatch alarm changes (#​40918)
• resource/aws_sagemaker_endpoint_configuration: Support setting production_variants.managed_instance_scaling and shadow_production_variants.managed_instance_scaling to 0 (#​40882)

BUG FIXES:

• resource/aws_apprunner_vpc_ingress_connection: Change ingress_vpc_configuration, name, and service_arn to ForceNew (#​40927)
• resource/aws_datasync_location_s3: Fix location URI global ID and subdirectory (...) does not match pattern "..." errors on Read when s3_bucket_arn is an S3 on Outposts access point (#​40929)
• resource/aws_ecs_task_definition: Correctly detect differences in volume.configure_at_launch and volume.docker_volume_configuration (#​40853)
• resource/aws_lambda_invocation: Fix failed input transformations when upgrading from a version less than v5.1.0 with an input that cannot be marshaled into a map[string]interface{} (#​40958)
• resource/aws_lambda_invocation: Prevent a new invocation when upgrading from a version less than v5.1.0 with no configuration changes (#​40958)
• resource/aws_msk_cluster: Prevent persistent differences when broker_node_group_info.0.storage_info.0.ebs_storage_info.0.provisioned_throughput is unset (#​40910)
• resource/aws_msk_cluster: Properly disable provisioned throughput when a previously configured broker_node_group_info.0.storage_info.0.ebs_storage_info.0.provisioned_throughput block is removed (#​40910)
• resource/aws_ses_receipt_rule: Retry errors caused by IAM eventual consistency (#​40873)

v5.83.1

Compare Source

BUG FIXES:

• resource/aws_route53_record: Correct fdqn value if name is a wildcard domain name (the leftmost label is *). This fixes a regression introduced in v5.83.0 (#​40868)

v5.83.0

Compare Source

NOTES:

• provider: The retry handling in the apigatewayv2 client has been updated to more extensively match ConflictException error responses. This change should be transparent to users, but if any unexpected changes in behavior with apigatewayv2 resources occur following an upgrade to this release, please open a bug report. (#​40840)
• resource/aws_api_gateway_domain_name_access_association: Deprecates id in favor of arn. (#​40626)
• resource/aws_route53_cidr_location: Deprecates id. (#​40626)
• resource/aws_s3_directory_bucket: Deprecates id in favor of bucket. (#​40626)

FEATURES:

• New Data Source: aws_cloudwatch_event_buses (#​40662)
• New Data Source: aws_ecs_clusters (#​40638)
• New Data Source: aws_route53_records (#​38186)
• New Ephemeral Resource: aws_cognito_identity_openid_token_for_developer_identity (#​40763)
• New Resource: aws_bedrockagent_agent_collaborator (#​40559)
• New Resource: aws_cleanrooms_membership (#​35165)
• New Resource: aws_cloudwatch_log_delivery (#​40731)
• New Resource: aws_cloudwatch_log_delivery_destination (#​40731)
• New Resource: aws_cloudwatch_log_delivery_destination_policy (#​40731)
• New Resource: aws_cloudwatch_log_delivery_source (#​40731)
• New Resource: aws_cloudwatch_log_index_policy (#​40594)
• New Resource: aws_vpclattice_resource_gateway (#​40821)

ENHANCEMENTS:

• data-source/aws_codebuild_fleet: Add compute_configuration attribute (#​40752)
• data-source/aws_dms_endpoint: Add kafka_settings.sasl_mechanism attribute (#​36918)
• data-source/aws_elb_hosted_zone_id: Add hosted zone ID for ap-southeast-7 AWS Region (#​40850)
• data-source/aws_lb_hosted_zone_id: Add hosted zone IDs for ap-southeast-7 AWS Region (#​40850)
• data-source/aws_rds_certificate: Add default_for_new_launches attribute (#​40536)
• data-source/aws_rds_engine_version: Add supports_certificate_rotation_without_restart, supports_integrations, and supports_local_write_forwarding attributes (#​40700)
• data-source/aws_s3_bucket: Add hosted zone ID for ap-southeast-7 AWS Region (#​40850)
• data-source/aws_vpc_endpoint_service: Add region attribute (#​40795)
• data-source/aws_vpc_endpoint_service: Add service_regions argument (#​40795)
• provider: Support ap-southeast-7 as a valid AWS Region (#​40849)
• resource/aws_appflow_flow: Add data_transfer_api attribute to destination_flow_config_list.destination_connector_properties.salesforce (#​34937)
• resource/aws_cloudfront_distribution: Add grpc_config argument to default_cache_behavior and ordered_cache_behavior configuration blocks (#​40762)
• resource/aws_codebuild_fleet: Add compute_configuration argument (#​40752)
• resource/aws_cognito_user_pool: Add email_mfa_configuration argument (#​40734)
• resource/aws_cognito_user_pool: Add sign_in_policy and web_authn_configuration arguments (#​40765)
• resource/aws_cognito_user_pool: Add user_pool_tier argument (#​40633)
• resource/aws_dms_endpoint: Add kafka_settings.sasl_mechanism argument (#​36918)
• resource/aws_ecr_account_setting: Add valid values for registry policy scope to name and value arguments (#​40772)
• resource/aws_eip_association: Adds validation to only allow one of instance_id or network_interface_id (#​40769)
• resource/aws_eks_node_group: Add node_repair_config configuration block (#​40698)
• resource/aws_elasticache_user: Add VALKEY as supported value for 'engine' argument (#​40764)
• resource/aws_elasticache_user_group: Add VALKEY as supported value for 'engine' argument (#​40764)
• resource/aws_emr_studio: Add encryption_key_arn argument (#​40771)
• resource/aws_quicksight_user: Add user_invitation_url attribute (#​40775)
• resource/aws_rds_cluster: Support iam-db-auth-error as a valid value for enabled_cloudwatch_logs_exports (#​40789)
• resource/aws_rds_integration: Add data_filter argument (#​40816)
• resource/aws_s3_object_copy: Add override_provider configuration block, allowing tags inherited from the provider default_tags configuration block to be ignored (#​40689)

BUG FIXES:

• resource/aws_api_gateway_domain_name: Fixed error when adding policy to existing private domain name (#​40708)
• resource/aws_apigatewayv2_api: Don't overwrite the configured values of description, name or version if they are not present in the OpenAPI definition body (#​40707)
• resource/aws_apigatewayv2_route: Fix retry handling of ConflictException error responses (#​40840)
• resource/aws_cloudfront_cache_policy: Fix panic: interface conversion: interface {} is nil, not map[string]interface {} when parameters_in_cache_key_and_forwarded_to_origin.cookies_config, parameters_in_cache_key_and_forwarded_to_origin.headers_config, or parameters_in_cache_key_and_forwarded_to_origin.query_strings_config are empty (#​40815)
• resource/aws_codebuild_fleet: Allow scaling_configuration to be removed on Update (#​40773)
• resource/aws_codebuild_project: Allow file_system_locations to be removed on Update (#​40842)
• resource/aws_ec2_instance_connect_endpoint: Set fips_dns_name to an empty value ("") when no value is returned from the EC2 API. This fixes known-after-apply loops in Regions that don't support FIPS endpoints (#​37939)
• resource/aws_emr_studio: Fix issue with IAM/KMS policy eventual consistency handling not working (#​40771)
• resource/aws_glue_catalog_database: Fix crash when expanding create_table_default_permission with a nil principal block (#​40761)
• resource/aws_instance: Always set http_tokens when metadata_options is updated (#​40727)
• resource/aws_instance: Set new computed value for public_dns and public_ip attributes when changing instance_type, user_data, or user_data_base64 (#​40710)
• resource/aws_internet_gateway: Handle operation error EC2: DetachInternetGateway, ..., api error InvalidInternetGatewayID.NotFound: ... errors on delete for resources deleted out-of-band (#​40790)
• resource/aws_internet_gateway_attachment: Handle operation error EC2: DetachInternetGateway, ..., api error InvalidInternetGatewayID.NotFound: ... errors on delete for resources deleted out-of-band (#​40790)
• resource/aws_quicksight_data_set: Correctly expand logical_table_map.tag_column_operation.tags.column_description (#​40713)
• resource/aws_rds_instance Fix manage_master_user_password being updated in state when update errors (#​40538)
• resource/aws_route53_record: Fix perpetual diff if alias.name contains characters that the Route 53 API escapes (#​40154)
• resource/aws_route53_zone: Fix perpetual diff if name contains characters that the Route 53 API escapes (#​40154)
• resource/aws_ses_identity_notification_topic: Prevent destroy failure when resource is already deleted outside of Terraform (#​40684)
• resource/aws_sesv2_configuration_set: Fix handling of delivery_options.max_delivery_seconds when not configured (#​40670)
• resource/aws_sesv2_configuration_set_event_destination: Retry IAM eventual consistency errors (#​40843)
• resource/aws_sqs_queue: Fix timeout error on creation if sqs_managed_sse_enabled=true and kms_data_key_reuse_period_seconds is configured (#​40729)

v5.82.2

Compare Source

BUG FIXES:

• data-source/aws_lb_listener: Add mutual_authentication.advertise_trust_store_ca_names attribute. This fixes a regression introduced in v5.82.0 causing setting mutual_authentication: Invalid address to set: []string{"mutual_authentication", "0", "advertise_trust_store_ca_names"} errors (#​40658)

v5.82.1

Compare Source

ENHANCEMENTS:

• resource/aws_autoscaling_group: Add availability_zone_distribution argument (#​40634)

BUG FIXES:

• data-source/aws_iam_policy_document: Reverts plan-time validation for statement sid (#​40639)

v5.82.0

Compare Source

NOTES:

• resource/aws_resourcegroups_resource: The format of the read-only id attribute has changed to prevent inconsistent parsing which resulted in provider crashes under certain conditions. The new format is a comma-delimited string combining group_arn and resource_arn in their entirety. Configuarations relying on the previous format may need to be updated to continue functioning correctly. (#​40579)

FEATURES:

• New Data Source: aws_servicecatalogappregistry_attribute_group_associations (#​38306)
• New Resource: aws_api_gateway_domain_name_access_association (#​40566)
• New Resource: aws_cloudfront_vpc_origin (#​40239)
• New Resource: aws_memorydb_multi_region_cluster (#​40376)
• New Resource: aws_networkmanager_dx_gateway_attachment (#​40546)
• New Resource: aws_rds_cluster_snapshot_copy (#​40398)

ENHANCEMENTS:

• data-source/aws_dx_gateway: Add arn attribute (#​40546)
• data-source/aws_iam_policy_document: Add plan-time validation that the statement sid is valid, including on alphanumeric characters (#​40562)
• data-source/aws_vpc_endpoint: Add service_region attribute (#​40583)
• resource/aws_bedrockagent_agent: Add agent_collaboration attribute to configure agent collaboration role (#​40543)
• resource/aws_cloudfront_distribution: Add origin.vpc_origin_config argument (#​40239)
• resource/aws_db_parameter_group: Support import of name_prefix argument (#​40622)
• resource/aws_dx_gateway: Add arn attribute (#​40546)
• resource/aws_fsx_lustre_file_system: Add efa_enabled argument (#​40381)
• resource/aws_lb_listener: Add advertise_trust_store_ca_names attribute to the mutual_authentication configuration block (#​40550)
• resource/aws_memorydb_cluster: Add multi_region_cluster_name argument (#​40376)
• resource/aws_networkmanager_attachment_accepter: Add edge_locations attribute (#​40546)
• resource/aws_resourcegroups_resource: Add import support (#​40579)
• resource/aws_vpc_endpoint: Add service_region argument (#​40583)

BUG FIXES:

• data-source/aws_acmpca_certificate_authority: Ignore AccessDeniedException: ... is not authorized to perform: acm-pca:GetCertificateAuthorityCsr on resource: ... errors for RAM-shared CAs (#​39952)
• data-source/aws_licensemanager_received_license: Fix setting entitlements: Invalid address to set: []string{"entitlements", "0", "overage"} errors (#​40621)
• resource/aws_amplify_domain_association: No longer ignores changes to certificate_settings when updating. (#​40589)
• resource/aws_amplify_domain_association: Prevent "unexpected state" error when setting certificate_settings.type to CUSTOM. (#​40589)
• resource/aws_amplify_domain_association: Prevent ValidationException when setting certificate_settings.type to AMPLIFY_MANAGED. (#​40589)
• resource/aws_amplify_domain_association: Prevent permanent diff when certificate_settings not set. (#​40589)
• resource/aws_amplify_domain_association: Prevents panic in some circumstances when certificate_settings is not set during update. (#​40589)
• resource/aws_api_gateway_domain_name: Correct arn for private custom domain names (#​40566)
• resource/aws_codeconnections_host: Mark vpc_configuration.tls_certificate as Optional (#​40574)
• resource/aws_elasticache_replication_group: Prevent perpetual diff which triggers resource replacement on at_rest_encryption_enabled when engine is valkey. (#​40514)
• resource/aws_lakeformation_permissions: Add support for IAMPrincipals principal group (#​38600)
• resource/aws_lakeformation_permissions: Fix refreshing state so order is not considered in permissions and permissions_with_grant_option attributes (#​38047)
• resource/aws_lakeformation_resource_lf_tag: Fix panic when resource tries to destroy a LFTag reference that does not exist (#​40584)
• resource/aws_lambda_invocation: Set new computed value for result attribute when changing input attribute, for lifecycle scope "CRUD" (#​34263)
• resource/aws_medialive_channel: Added missing teletext_destination_settings. (#​33797)
• resource/aws_rds_cluster: Fix issue with waiter when modifying allocated_storage (#​40601)
• resource/aws_resourcegroups_resource: Fix crash when parsing certain ARN formats (#​40579)
• resource/aws_s3_bucket: Destroying a bucket with force_destroy = true can now delete objects with non-XML-safe keys (#​40537)
• resource/aws_s3_directory_bucket: Destroying a directory bucket with force_destroy = true can now delete objects with non-XML-safe keys (#​40537)
• resource/aws_secretsmanager_secret_rotation: Fix bug where automatically_after_days was not being set properly when schedule_expression had been set previously (#​34295)
• resource/aws_secretsmanager_secret_rotation: Retry rotation in case it has not yet propagated when previously an error would occur: InvalidRequestException: A previous rotation isn't complete. That rotation will be reattempted. (#​34295)
• resource/aws_sqs_queue_redrive_allow_policy: Fix perpetual redrive_allow_policy diffs (#​40604)

v5.81.0

Compare Source

FEATURES:

• New Data Source: aws_servicecatalogappregistry_attribute_group (#​38188)
• New Ephemeral Resource: aws_ssm_parameter (#​40313)
• New Resource: aws_bedrock_inference_profile (#​40294)
• New Resource: aws_cloudwatch_log_anomaly_detector (#​40437)
• New Resource: aws_ecr_account_setting (#​40219)
• New Resource: aws_msk_single_scram_secret_association (#​37056)
• **New Resour

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.