Skip to content

build(deps): bump @aws-sdk/client-bedrock-runtime from 3.1064.0 to 3.1066.0#212

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/aws-sdk/client-bedrock-runtime-3.1065.0
Closed

build(deps): bump @aws-sdk/client-bedrock-runtime from 3.1064.0 to 3.1066.0#212
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/aws-sdk/client-bedrock-runtime-3.1065.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 10, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps @aws-sdk/client-bedrock-runtime from 3.1064.0 to 3.1066.0.

Release notes

Sourced from @​aws-sdk/client-bedrock-runtime's releases.

v3.1066.0

3.1066.0(2026-06-10)

New Features
  • client-amp: Adds supports for out-of-order sample ingestion (default 1-minute window) and a configurable rule query offset to reduce data loss and improve alerting accuracy. (7c5a6413)
  • client-medialive: Adding premixer settings to pid and track audio inputs in MediaLIve to allow greater control over mixing audio from multiple source streams including support for AudioPidSelectors made up of multiple audio PIDs. (82f4fa6a)
  • client-ec2: This release adds support for AMI Watermark which a structured identifier that helps in tracking AMI provenance (e4a7c0b8)
  • client-signin: AWS Sign-In now allows customers to control access to the AWS Management Console using resource-based policies. With this release customers can restrict console access based on network perimeters such as VPC IDs, VPC endpoints, and IP addresses. (7ac0cf5f)
  • client-ecs: Amazon ECS Managed Daemon task definitions now support pidMode and ipcMode parameters. Set shared to allow daemons to share PID or IPC namespaces with co-located tasks on Managed Instances, enabling process tracing and shared memory communication. (4a88904d)
  • client-lightsail: This release adds support for Asia Pacific (Hong Kong) (ap-east-1), Europe (Spain) (eu-south-2) and South America (Sao Paulo) (sa-east-1) Regions. (2d21213a)
  • client-sagemaker: Add support for G6e instances (ml.g6e.xlarge through ml.g6e.48xlarge) on Amazon SageMaker Notebook Instances. (1f9aaa5b)
  • client-connecthealth: Add support for MedicalScribeBinaryAudioEvent in the Medical Scribe streaming input. This new event type lets you send audio as a raw binary payload instead of a base64-encoded value (b53e6271)
  • undici-http-handler: re-export '@​smithy/undici-http-handler' (#8093) (7a1992b0)
Tests

For list of updated packages, view updated-packages.md in assets-3.1066.0.zip

v3.1065.0

3.1065.0(2026-06-09)

Chores
  • lib-transfer-manager: sort scripts alphabetically (#8087) (0441d8b7)
New Features
  • clients: update client endpoints as of 2026-06-09 (935d71be)
  • client-timestream-write: Adding new BDD representation of endpoint ruleset (45148681)
  • client-cloudwatch: This release adds the APIs (AssociateDatasetKmsKey, DisassociateDatasetKmsKey, GetDataset) to manage encryption at rest for OpenTelemetry metrics in CloudWatch using AWS KMS customer managed keys. (67566cd6)
  • client-marketplace-commerce-analytics: Adding new BDD representation of endpoint ruleset (0adb8bd9)
  • client-bedrock: Adds support for the Amazon Bedrock account-level data retention APIs PutAccountDataRetention and GetAccountDataRetention. (9acf4f7f)
  • client-odb: Releases Autonomous Database Serverless APIs, autonomousDatabaseOciIntegrationIamRoles, linkedOciTenancyId, linkedOciCompartmentId, and subscriptionErrors fields in GetOciOnboardingStatus API response. (fad7009c)
  • client-timestream-query: Adding new BDD representation of endpoint ruleset (878fc723)
  • client-dynamodb-streams: Adding new BDD representation of endpoint ruleset (eeaa7827)
  • client-ec2: Added TagFieldSpecifications to CreateFlowLogs and DescribeFlowLogs APIs. Customers can now specify tag keys in their Flow Logs subscriptions to capture associated EC2 resource tag values in their logs, enabling tag-based visibility. (6a382a8a)
  • client-bedrock-agentcore: Add RetryableConflictException (HTTP 409) to InvokeAgentRuntimeCommand and GetAgentCard to prevent orphaned VMs during concurrent session access. The SDK automatically retries this exception with backoff. Enforcement is not yet active and will be enabled in a future service update. (a9c4a0da)
  • client-outposts: Added AWS Outposts APIs for self-service Outposts quoting and ordering. New operations include CreateQuote, GetQuote, UpdateQuote, DeleteQuote, ListQuotes, and ListOrderableInstanceTypes. (bb1279ef)
  • client-iotsitewise: Adding new BDD representation of endpoint ruleset (b9314d4a)
Bug Fixes
  • credential-provider-sso: forward clientConfig to SSO token provider (#8089) (4bacac32)

... (truncated)

Changelog

Sourced from @​aws-sdk/client-bedrock-runtime's changelog.

3.1066.0 (2026-06-10)

Note: Version bump only for package @​aws-sdk/client-bedrock-runtime

3.1065.0 (2026-06-09)

Note: Version bump only for package @​aws-sdk/client-bedrock-runtime

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 10, 2026
@dependabot dependabot Bot requested a review from theagenticguy as a code owner June 10, 2026 08:16
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/aws-sdk/client-bedrock-runtime-3.1065.0 branch from 4481510 to 9798faf Compare June 10, 2026 16:06
@dependabot dependabot Bot changed the title build(deps): bump @aws-sdk/client-bedrock-runtime from 3.1064.0 to 3.1065.0 build(deps): bump @aws-sdk/client-bedrock-runtime from 3.1064.0 to 3.1066.0 Jun 10, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/aws-sdk/client-bedrock-runtime-3.1065.0 branch 5 times, most recently from d1446c5 to 4bca793 Compare June 11, 2026 17:24
@dependabot
build(deps): bump @aws-sdk/client-bedrock-runtime
fabee9d 
Bumps [@aws-sdk/client-bedrock-runtime](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-bedrock-runtime) from 3.1064.0 to 3.1066.0.
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases)
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-bedrock-runtime/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1066.0/clients/client-bedrock-runtime)

---
updated-dependencies:
- dependency-name: "@aws-sdk/client-bedrock-runtime"
  dependency-version: 3.1065.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/aws-sdk/client-bedrock-runtime-3.1065.0 branch from 4bca793 to fabee9d Compare June 11, 2026 17:31
@theagenticguy theagenticguy mentioned this pull request Jun 13, 2026
Merged
@theagenticguy

theagenticguy commented Jun 13, 2026

Copy link
Copy Markdown
Owner

Superseded by #230, which folds this bump into a single consolidated dependency-refresh branch (strict + linear-history branch protection makes 5 separate merges cascade lock-file rebases). This PR will be closed once #230 merges.

theagenticguy added a commit that referenced this pull request Jun 13, 2026
@theagenticguy
fix(deps): refresh dependencies + clear esbuild CVE (GHSA-g7r4-m6w7-qqqr
75b687f 
) (#230)

## Summary

Consolidated dependency refresh that clears the open esbuild CVE and
folds in all 5 open Dependabot PRs (#210#214) plus the remaining
outdated minors/patches.

**Why one branch instead of merging the 5 Dependabot PRs:** branch
protection on `main` is `strict` + linear-history + squash-only. Merging
the 5 PRs one at a time forces each survivor to rebase against a changed
`pnpm-lock.yaml` and re-run the full CI matrix — a 5-cycle cascade.
Folding them into one validated branch is a single CI cycle; the
Dependabot PRs then close as superseded.

## Security
- **esbuild → 0.28.1** via pnpm override (`>=0.27.3 <0.28.1` → `0.28.1`)
— clears **GHSA-g7r4-m6w7-qqqr** (LOW, dev-server path traversal via `\`
on Windows). Dependabot **could not** auto-fix this: `astro` pins
`esbuild@^0.27.3` and never widens it, so the security update returned
`security_update_not_possible`. Override follows the existing `devalue`
security-override pattern in `pnpm-workspace.yaml`. OSV scan after the
bump: **no issues**.

## Bumps (none breaking)
| Package | From | To | Covered Dependabot PR |
|---|---|---|---|
| astro | 6.4.4 | 6.4.6 | #210 |
| @astrojs/starlight | 0.39.3 | 0.40.0 | #211 |
| @aws-sdk/client-bedrock-runtime | 3.1064.0 | 3.1068.0 | #212 |
| @aws-sdk/client-sagemaker-runtime | 3.1064.0 | 3.1068.0 | #213 |
| starlight-page-actions | 0.6.0 | 0.6.1 | #214 |
| @biomejs/biome | 2.4.16 | 2.5.0 | — |
| @ladybugdb/core | 0.16.1 | 0.17.1 | — |
| piscina | 5.1.4 | 5.2.0 | — |
| sharp | 0.34.5 | 0.35.1 | — |
| starlight-links-validator | 0.24.0 | 0.24.1 | — |
| @types/node | 25.9.2 | 25.9.3 | — |
| commitizen | 4.3.1 | 4.3.2 | — |

Ran `biome migrate` for the 2.5.0 bump: `recommended: true` → `preset:
"recommended"`, schema → 2.5.0.

## Held — both require Node 24; repo is Node 22 + `engine-strict=true`
- **license-checker-rseidelsohn 4 → 5**: engines `node >=24`. Powers the
required `licenses` CI gate, which runs on Node 22 → install would fail.
**Hard blocker until the repo baselines to Node 24.**
- **write-file-atomic 7 → 8**: only change is narrowing the Node floor
to `^22.22.2`, conflicting with the declared `engines.node: >=22.12.0`;
no functional or security benefit.

## Validation (local, mirrors required CI checks)
| Gate | Result |
|---|---|
| frozen-lockfile install | ✅ no drift |
| build (all packages) | ✅ |
| lint (biome 2.5.0) | ✅ 0 infos |
| typecheck (CI-mirror, excl. docs) | ✅ |
| test (19 packages) | ✅ 0 fail, 0 `not ok` |
| banned-strings | ✅ |
| license allowlist | ✅ |
| OSV scan | ✅ no issues |
| astro docs build | ✅ 64 pages, links valid |

## After merge
Close #210#214 as superseded (the squash commit folds them all in). The
esbuild override resolves itself when astro widens its esbuild range
(likely 6.5+); revisit then.

🤖 Generated with [Bonk](https://github.com/theagenticguy/opencodehub) —
OpenCodeHub nightly maintenance
@theagenticguy

theagenticguy commented Jun 13, 2026

Copy link
Copy Markdown
Owner

Closing as superseded — this bump landed on main via #230 (merged), the consolidated dependency refresh. Dependabot will reconcile on its next run.

@theagenticguy theagenticguy deleted the dependabot/npm_and_yarn/aws-sdk/client-bedrock-runtime-3.1065.0 branch June 13, 2026 13:35
@dependabot @github

dependabot Bot commented on behalf of github Jun 13, 2026

Copy link
Copy Markdown
Contributor Author

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@theagenticguy theagenticguy Awaiting requested review from theagenticguy theagenticguy is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@theagenticguy