chore(deps): update backend

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update
Authlib	==0.14.3 -> ==1.3.2						major
Flask (changelog)	>=2.2.3, <3 -> >=3.1, <4						major
boto3	~=1.34.114 -> ~=1.35.68						minor
cellxgene-ontology-guide (changelog)	~=1.0.0 -> ~=1.3.1						minor
connexion	==2.14.2 -> ==3.1.0						major
connexion	~=2.14.2 -> ~=3.1.0						major
dataclasses-json (changelog)	==0.6.6 -> ==0.6.7						patch
datadog	==0.49.1 -> ==0.50.2						minor
ddtrace (changelog)	~=2.8.5 -> ~=2.17.0						minor
gunicorn (changelog)	==22.0.0 -> ==23.0.0						major
gunicorn (changelog)	~=22.0.0 -> ~=23.0.0						major
matplotlib	>=3.6.3, <3.7 -> >=3.9.2, <3.10						minor
numba	~=0.59.1 -> ~=0.60.0						minor
psutil	~=5.9.8 -> ~=6.1.0						major
psutil	>=5.9.5, <6 -> >=6.1, <7						major
pyarrow	==16.0.0 -> ==18.0.0						major
pydantic (changelog)	~=1.10.7 -> ~=2.10.1						major
pydantic (changelog)	>=1.10.7, <2 -> >=2.10.1, <3						major
scipy (source)	~=1.13.1 -> ~=1.14.1						minor
swagger-ui (source)	3.23.11 -> 5.18.2						major
swagger-ui (source)	3.0.13 -> 5.18.2						major
ubuntu	22.04 -> 24.04					final	major

---

Release Notes

lepture/authlib (Authlib)

v1.3.2: Version 1.3.2

Compare Source

• Prevent ever-growing session size for OAuth clients.
• Revert quote client id and secret.
• unquote basic auth header for authorization server.

v1.3.1: Version 1.3.1

Compare Source

Prevent OctKey to import ssh and PEM strings.

v1.3.0: Version 1.3.0

Compare Source

Bug fixes

• Restore AuthorizationServer.create_authorization_response behavior, via #​558 by @​TurnrDev
• Include leeway in validate_iat() for JWT, via #​565 by @​dhallam
• Fix encode_client_secret_basic, via #​594 by @​Prilkop
• Use single key in JWK if JWS does not specify kid, via #​596 by @​dklimpel
• Fix error when RFC9068 JWS has no scope field, via #​598 by @​tanguilp
• Get werkzeug version using importlib, via #​591 by @​Sparrow0hawk

Breaking changes

• RFC9068 implementation, via #​586 by @​azmeuk.

v1.2.1: Version 1.2.1

Compare Source

• Apply headers in ClientSecretJWT.sign method, via #​552
• Allow falsy but non-None grant uri params, via #​544
• Fixed authorize_redirect for Starlette v0.26.0, via #​533
• Removed has_client_secret method and documentation, via #​513
• Removed request_invalid and token_revoked remaining occurences
  and documentation. #​514
• Fixed RFC7591 grant_types and response_types default values, via #​509
• Add support for python 3.12, via #​590

v1.2.0: Version 1.2.0

Compare Source

• Not passing request.body to ResourceProtector, #​485.
• Use flask.g instead of _app_ctx_stack, #​482.
• Add headers parameter back to ClientSecretJWT, #​457.
• Always passing realm parameter in OAuth 1 clients, #​339.
• Implemented RFC7592 Dynamic Client Registration Management Protocol, #​505`
• Add default_timeout for requests OAuth2Session and AssertionSession.
• Deprecate jwk.loads and jwk.dumps

v1.1.0: Version 1.1.0

Compare Source

This release contains breaking changes and security fixes.

• Allow to pass claims_options to Framework OpenID Connect clients, via #​446 by @​Galaxy102
• Fix .stream with context for HTTPX OAuth clients, via #​465 by @​bjoernmeier
• Fix Starlette OAuth client for cache store, via #​478 by @​haggen

Breaking changes:

• Raise InvalidGrantError for invalid code, redirect_uri and no user errors in OAuth 2.0 server.
• The default authlib.jose.jwt would only work with JSON Web Signature algorithms, if you would like to use JWT with JWE algorithms, please pass the algorithms parameter:

jwt = JsonWebToken(['A128KW', 'A128GCM', 'DEF'])

Security fixes for JOSE module

• CVE-2022-39175
• CVE-2022-39174

v1.0.1: Version 1.0.1

Compare Source

• Fix authenticate_none method, via #​438.
• Allow to pass in alternative signing algorithm to RFC7523 authentication methods via #​447.
• Fix missing_token for Flask OAuth client, via #​448.
• Allow openid in any place of the scope, via #​449.
• Security fix for validating essential value on blank value in JWT, via #​445.

v1.0.0: Version 1.0.0

Compare Source

We have dropped support for Python 2 in this release. We have removed
built-in SQLAlchemy integration.

OAuth Client Changes:

The whole framework client integrations have been restructured, if you are
using the client properly, e.g. oauth.register(...), it would work as
before.

OAuth Provider Changes:

In Flask OAuth 2.0 provider, we have removed the deprecated
OAUTH2_JWT_XXX configuration, instead, developers should define
.get_jwt_config on OpenID extensions and grant types.

SQLAlchemy integrations has been removed from Authlib. Developers
should define the database by themselves.

JOSE Changes

• JWS has been renamed to JsonWebSignature
• JWE has been renamed to JsonWebEncryption
• JWK has been renamed to JsonWebKey
• JWT has been renamed to JsonWebToken

The "Key" model has been re-designed, checkout the JSON Web Key for updates.

Added ES256K algorithm for JWS and JWT.

Breaking Changes: find how to solve the deprecate issues via https://git.io/JkY4f

v0.15.6

Compare Source

v0.15.5: Version 0.15.5

Compare Source

• Make Authlib compatible with latest httpx
• Make Authlib compatible with latest werkzeug
• Allow customize RFC7523 alg value

v0.15.4: Version 0.15.4

Compare Source

Security fix when JWT claims is None.

For example, JWT payload has iss=None:

{
  "iss": None,
  ...
}

But we need to decode it with claims:

claims_options = {
  'iss': {'essential': True, 'values': ['required']}
}
jwt.decode(token, key, claims_options=claims_options)

It didn't raise an error before this fix.

v0.15.3: Version 0.15.3

Compare Source

Fixed .authorize_access_token for OAuth 1.0 services, via https://github.com/lepture/authlib/issues/308

v0.15.2: Version 0.15.2

Compare Source

Fixed httpx authentication bug via #​283

v0.15.1: Version 0.15.1

Compare Source

Backward compitable fix for using JWKs in JWT, via #​280.

v0.15: Version 0.15

Compare Source

This is the last release before v1.0. In this release, we added more RFCs
implementations and did some refactors for JOSE:

• RFC8037: CFRG Elliptic Curve Diffie-Hellman (ECDH) and Signatures in JSON Object Signing and Encryption (JOSE)
• RFC7638: JSON Web Key (JWK) Thumbprint

We also fixed bugs for integrations:

• Fixed support for HTTPX>=0.14.3
• Added OAuth clients of HTTPX back via #​270
• Fixed parallel token refreshes for HTTPX async OAuth 2 client
• Raise OAuthError when callback contains errors via #​275

Breaking Change:

1. The parameter algorithms in JsonWebSignature and JsonWebEncryption
   are changed. Usually you don't have to care about it since you won't use it directly.
2. Whole JSON Web Key is refactored, please check JSON Web Key (JWK)

pallets/flask (Flask)

v3.1.0

Compare Source

Released 2024-11-13

• Drop support for Python 3.8. :pr:5623
• Update minimum dependency versions to latest feature releases.
  Werkzeug >= 3.1, ItsDangerous >= 2.2, Blinker >= 1.9. :pr:5624,5633
• Provide a configuration option to control automatic option
  responses. :pr:5496
• Flask.open_resource/open_instance_resource and
  Blueprint.open_resource take an encoding parameter to use when
  opening in text mode. It defaults to utf-8. :issue:5504
• Request.max_content_length can be customized per-request instead of only
  through the MAX_CONTENT_LENGTH config. Added
  MAX_FORM_MEMORY_SIZE and MAX_FORM_PARTS config. Added documentation
  about resource limits to the security page. :issue:5625
• Add support for the Partitioned cookie attribute (CHIPS), with the
  SESSION_COOKIE_PARTITIONED config. :issue:5472
• -e path takes precedence over default .env and .flaskenv files.
  load_dotenv loads default files in addition to a path unless
  load_defaults=False is passed. :issue:5628
• Support key rotation with the SECRET_KEY_FALLBACKS config, a list of old
  secret keys that can still be used for unsigning. Extensions will need to
  add support. :issue:5621
• Fix how setting host_matching=True or subdomain_matching=False
  interacts with SERVER_NAME. Setting SERVER_NAME no longer restricts
  requests to only that domain. :issue:5553
• Request.trusted_hosts is checked during routing, and can be set through
  the TRUSTED_HOSTS config. :issue:5636

v3.0.3

Compare Source

Released 2024-04-07

• The default hashlib.sha1 may not be available in FIPS builds. Don't
  access it at import time so the developer has time to change the default.
  :issue:5448
• Don't initialize the cli attribute in the sansio scaffold, but rather in
  the Flask concrete class. :pr:5270

v3.0.2

Compare Source

Released 2024-02-03

• Correct type for jinja_loader property. :issue:5388
• Fix error with --extra-files and --exclude-patterns CLI options.
  :issue:5391

v3.0.1

Compare Source

Released 2024-01-18

• Correct type for path argument to send_file. :issue:5230
• Fix a typo in an error message for the flask run --key option. :pr:5344
• Session data is untagged without relying on the built-in json.loads
object_hook. This allows other JSON providers that don't implement that.
  :issue:5381
• Address more type findings when using mypy strict mode. :pr:5383

v3.0.0

Compare Source

Released 2023-09-30

• Remove previously deprecated code. :pr:5223
• Deprecate the __version__ attribute. Use feature detection, or
  importlib.metadata.version("flask"), instead. :issue:5230
• Restructure the code such that the Flask (app) and Blueprint
  classes have Sans-IO bases. :pr:5127
• Allow self as an argument to url_for. :pr:5264
• Require Werkzeug >= 3.0.0.

boto/boto3 (boto3)

v1.35.68

Compare Source

=======

• api-change:autoscaling: [botocore] Now, Amazon EC2 Auto Scaling customers can enable target tracking policies to take quicker scaling decisions, enhancing their application performance and EC2 utilization. To get started, specify target tracking to monitor a metric that is available on Amazon CloudWatch at seconds-level interval.
• api-change:bcm-pricing-calculator: [botocore] Initial release of the AWS Billing and Cost Management Pricing Calculator API.
• api-change:bedrock-agent-runtime: [botocore] InvokeInlineAgent API release to help invoke runtime agents without any dependency on preconfigured agents.
• api-change:ce: [botocore] This release adds the Impact field(contains Contribution field) to the GetAnomalies API response under RootCause
• api-change:chatbot: [botocore] Adds support for programmatic management of custom actions and aliases which can be associated with channel configurations.
• api-change:codepipeline: [botocore] AWS CodePipeline V2 type pipelines now support ECRBuildAndPublish and InspectorScan actions.
• api-change:cognito-idp: [botocore] Add support for users to sign up and sign in without passwords, using email and SMS OTPs and Passkeys. Add support for Passkeys based on WebAuthn. Add support for enhanced branding customization for hosted authentication pages with Amazon Cognito Managed Login. Add feature tiers with new pricing.
• api-change:connect: [botocore] Amazon Connect Service Feature: Add APIs for Amazon Connect Email Channel
• api-change:elbv2: [botocore] This release adds support for advertising trusted CA certificate names in associated trust stores.
• api-change:emr: [botocore] Advanced Scaling in Amazon EMR Managed Scaling
• api-change:inspector2: [botocore] Extend inspector2 service model to include ServiceQuotaExceededException.
• api-change:lambda: [botocore] Add ProvisionedPollerConfig to Lambda event-source-mapping API.
• api-change:mailmanager: [botocore] Added new "DeliverToQBusiness" rule action to MailManager RulesSet for ingesting email data into Amazon Q Business customer applications
• api-change:neptune-graph: [botocore] Add 4 new APIs to support new Export features, allowing Parquet and CSV formats. Add new arguments in Import APIs to support Parquet import. Add a new query "neptune.read" to run algorithms without loading data into database
• api-change:omics: [botocore] This release adds support for resource policy based cross account S3 access to sequence store read sets.
• api-change:quicksight: [botocore] This release includes: Update APIs to support Image, Layer Map, font customization, and Plugin Visual. Add Identity center related information in ListNamsespace API. Update API for restrictedFolder support in topics and add API for SearchTopics, Describe/Update DashboardsQA Configration.
• api-change:sagemaker: [botocore] This release adds APIs for new features for SageMaker endpoint to scale down to zero instances, native support for multi-adapter inference, and endpoint scaling improvements.
• api-change:ses: [botocore] This release adds support for starting email contacts in your Amazon Connect instance as an email receiving action.
• api-change:sns: [botocore] ArchivePolicy attribute added to Archive and Replay feature
• api-change:stepfunctions: [botocore] Add support for variables and JSONata in TestState, GetExecutionHistory, DescribeStateMachine, and DescribeStateMachineForExecution
• api-change:workspaces: [botocore] While integrating WSP-DCV rebrand, a few mentions were erroneously renamed from WSP to DCV. This release reverts those mentions back to WSP.

v1.35.67

Compare Source

=======

• api-change:apigateway: [botocore] Added support for custom domain names for private APIs.
• api-change:application-autoscaling: [botocore] Application Auto Scaling now supports Predictive Scaling to proactively increase the desired capacity ahead of predicted demand, ensuring improved availability and responsiveness for customers' applications. This feature is currently only made available for Amazon ECS Service scalable targets.
• api-change:appsync: [botocore] Add support for the Amazon Bedrock Runtime.
• api-change:ce: [botocore] This release introduces three new APIs that enable you to estimate the cost, coverage, and utilization impact of Savings Plans you plan to purchase. The three APIs are StartCommitmentPurchaseAnalysis, GetCommitmentPurchaseAnalysis, and ListCommitmentPurchaseAnalyses.
• api-change:cloudfront: [botocore] Adds support for Origin Selection between EMPv2 origins based on media quality score.
• api-change:cloudtrail: [botocore] This release introduces new APIs for creating and managing CloudTrail Lake dashboards. It also adds support for resource-based policies on CloudTrail EventDataStore and Dashboard resource.
• api-change:ec2: [botocore] Adds support for requesting future-dated Capacity Reservations with a minimum commitment duration, enabling IPAM for organizational units within AWS Organizations, reserving EC2 Capacity Blocks that start in 30 minutes, and extending the end date of existing Capacity Blocks.
• api-change:elasticache: [botocore] Added support to modify the engine type for existing ElastiCache Users and User Groups. Customers can now modify the engine type from redis to valkey.
• api-change:elbv2: [botocore] This feature adds support for enabling zonal shift on cross-zone enabled Application Load Balancer, as well as modifying HTTP request and response headers.
• api-change:health: [botocore] Adds metadata property to an AffectedEntity.
• api-change:iot: [botocore] General Availability (GA) release of AWS IoT Device Management - Commands, to trigger light-weight remote actions on targeted devices
• api-change:iotfleetwise: [botocore] AWS IoT FleetWise now includes campaign parameters to store and forward data, configure MQTT topic as a data destination, and collect diagnostic trouble code data. It includes APIs for network agnostic data collection using custom decoding interfaces, and monitoring the last known state of vehicles.
• api-change:iot-jobs-data: [botocore] General Availability (GA) release of AWS IoT Device Management - Commands, to trigger light-weight remote actions on targeted devices
• api-change:lambda: [botocore] Adds support for metrics for event source mappings for AWS Lambda
• api-change:logs: [botocore] Adds "Create field indexes to improve query performance and reduce scan volume" and "Transform logs during ingestion". Updates documentation for "PutLogEvents with Entity".
• api-change:notifications: [botocore] This release adds support for AWS User Notifications. You can now configure and view notifications from AWS services in a central location using the AWS SDK.
• api-change:notificationscontacts: [botocore] This release adds support for AWS User Notifications Contacts. You can now configure and view email contacts for AWS User Notifications using the AWS SDK.
• api-change:resiliencehub: [botocore] AWS Resilience Hub's new summary view visually represents applications' resilience through charts, enabling efficient resilience management. It provides a consolidated view of the app portfolio's resilience state and allows data export for custom stakeholder reporting.
• api-change:s3: [botocore] Add support for conditional deletes for the S3 DeleteObject and DeleteObjects APIs. Add support for write offset bytes option used to append to objects with the S3 PutObject API.
• api-change:ssm: [botocore] Added support for providing high-level overviews of managed nodes and previewing the potential impact of a runbook execution.
• api-change:ssm-quicksetup: [botocore] Add methods that retrieve details about deployed configurations: ListConfigurations, GetConfiguration
• api-change:xray: [botocore] AWS X-Ray introduces Transaction Search APIs, enabling span ingestion into CloudWatch Logs for high-scale trace data indexing. These APIs support span-level queries, trace graph generation, and metric correlation for deeper application insights.

v1.35.66

Compare Source

=======

• api-change:autoscaling: [botocore] With this release, customers can prioritize launching instances into ODCRs using targets from ASGs or Launch Templates. Customers can express their baseline instances' CPU-performance in attribute-based Instance Requirements configuration by referencing an instance family that meets their needs.
• api-change:bedrock-agent-runtime: [botocore] Releasing new Prompt Optimization to enhance your prompts for improved performance
• api-change:cloudfront: [botocore] Add support for gRPC, VPC origins, and Anycast IP Lists. Allow LoggingConfig IncludeCookies to be set regardless of whether the LoggingConfig is enabled.
• api-change:compute-optimizer: [botocore] This release enables AWS Compute Optimizer to analyze and generate optimization recommendations for Amazon Aurora database instances. It also enables Compute Optimizer to identify idle Amazon EC2 instances, Amazon EBS volumes, Amazon ECS services running on Fargate, and Amazon RDS databases.
• api-change:controltower: [botocore] Adds support for child enabled baselines which allow you to see the enabled baseline status for individual accounts.
• api-change:cost-optimization-hub: [botocore] This release adds action type "Delete" to the GetRecommendation, ListRecommendations and ListRecommendationSummaries APIs to support new EBS and ECS recommendations with action type "Delete".
• api-change:datazone: [botocore] This release supports Metadata Enforcement Rule feature for Create Subscription Request action.
• api-change:discovery: [botocore] Add support to import data from commercially available discovery tools without file manipulation.
• api-change:ec2: [botocore] With this release, customers can express their desire to launch instances only in an ODCR or ODCR group rather than OnDemand capacity. Customers can express their baseline instances' CPU-performance in attribute-based Instance Requirements configuration by referencing an instance family.
• api-change:ecs: [botocore] This release adds support for the Availability Zone rebalancing feature on Amazon ECS.
• api-change:elbv2: [botocore] This release adds support for configuring Load balancer Capacity Unit reservations
• api-change:lambda: [botocore] Add Node 22.x (node22.x) support to AWS Lambda
• api-change:mediaconvert: [botocore] This release adds the ability to reconfigure concurrent job settings for existing queues and create queues with custom concurrent job settings.
• api-change:mediapackagev2: [botocore] MediaPackage v2 now supports the Media Quality Confidence Score (MQCS) published from MediaLive. Customers can control input switching based on the MQCS and publishing HTTP Headers for the MQCS via the API.
• api-change:omics: [botocore] Enabling call caching feature that allows customers to reuse previously computed results from a set of completed tasks in a new workflow run.
• api-change:rbin: [botocore] This release adds support for exclusion tags for Recycle Bin, which allows you to identify resources that are to be excluded, or ignored, by a Region-level retention rule.
• api-change:rds: [botocore] This release adds support for scale storage on the DB instance using a Blue/Green Deployment.
• api-change:timestream-query: [botocore] This release adds support for Provisioning Timestream Compute Units (TCUs), a new feature that allows provisioning dedicated compute resources for your queries, providing predictable and cost-effective query performance.
• api-change:workspaces: [botocore] Added support for Rocky Linux 8 on Amazon WorkSpaces Personal.
• api-change:workspaces-web: [botocore] Added data protection settings with support for inline data redaction.

v1.35.65

Compare Source

=======

• api-change:b2bi: [botocore] Add new X12 transactions sets and versions
• api-change:ec2: [botocore] This release adds VPC Block Public Access (VPC BPA), a new declarative control which blocks resources in VPCs and subnets that you own in a Region from reaching or being reached from the internet through internet gateways and egress-only internet gateways.
• api-change:ecs: [botocore] This release introduces support for configuring the version consistency feature for individual containers defined within a task definition. The configuration allows to specify whether ECS should resolve the container image tag specified in the container definition to an image digest.
• api-change:efs: [botocore] Add support for the new parameters in EFS replication APIs
• api-change:glue: [botocore] AWS Glue Data Catalog now enhances managed table optimizations of Apache Iceberg tables that can be accessed only from a specific Amazon Virtual Private Cloud (VPC) environment.
• api-change:keyspaces: [botocore] Amazon Keyspaces Multi-Region Replication: Adds support to add new regions to multi and single-region keyspaces.
• api-change:mwaa: [botocore] Amazon MWAA now supports a new environment class, mw1.micro, ideal for workloads requiring fewer resources than mw1.small. This class supports a single instance of each Airflow component: Scheduler, Worker, and Webserver.
• api-change:taxsettings: [botocore] Release Tax Inheritance APIs, Tax Exemption APIs, and functionality update for some existing Tax Registration APIs
• api-change:workspaces: [botocore] Releasing new ErrorCodes for Image Validation failure during CreateWorkspaceImage process

v1.35.64

Compare Source

=======

• api-change:appconfig: [botocore] AWS AppConfig has added a new extension action point, AT_DEPLOYMENT_TICK, to support third-party monitors to trigger an automatic rollback during a deployment.
• api-change:autoscaling: [botocore] Amazon EC2 Auto Scaling now supports Amazon Application Recovery Controller (ARC) zonal shift and zonal autoshift to help you quickly recover an impaired application from failures in an Availability Zone (AZ).
• api-change:cloudformation: [botocore] This release adds a new API, ListHookResults, that allows retrieving CloudFormation Hooks invocation results for hooks invoked during a create change set operation or Cloud Control API operation
• api-change:connect: [botocore] Adds CreateContactFlowVersion and ListContactFlowVersions APIs to create and view the versions of a contact flow.
• api-change:customer-profiles: [botocore] This release introduces Segmentation APIs and new Calculated Attribute Event Filters as part of Amazon Connect Customer Profiles service.
• api-change:ec2: [botocore] Adding request and response elements for managed resources.
• api-change:ecs: [botocore] This release adds support for adding VPC Lattice configurations in ECS CreateService/UpdateService APIs. The configuration allows for associating VPC Lattice target groups with ECS Services.
• api-change:iotsitewise: [botocore] The release introduces a generative AI Assistant in AWS IoT SiteWise. It includes: 1) InvokeAssistant API - Invoke the Assistant to get alarm summaries and ask questions. 2) Dataset APIs - Manage knowledge base configuration for the Assistant. 3) Portal APIs enhancement - Manage AI-aware dashboards.
• api-change:qconnect: [botocore] This release introduces MessageTemplate as a resource in Amazon Q in Connect, along with APIs to create, read, search, update, and delete MessageTemplate resources.
• api-change:rds: [botocore] Add support for the automatic pause/resume feature of Aurora Serverless v2.
• api-change:rds-data: [botocore] Add support for the automatic pause/resume feature of Aurora Serverless v2.

v1.35.63

Compare Source

=======

• api-change:cloudwatch: [botocore] Adds support for adding related Entity information to metrics ingested through PutMetricData.
• api-change:connectcampaignsv2: [botocore] Added Amazon Connect Outbound Campaigns V2 SDK.
• api-change:datasync: [botocore] Doc-only updates and enhancements related to creating DataSync tasks and describing task executions.
• api-change:ec2: [botocore] Remove non-functional enum variants for FleetCapacityReservationUsageStrategy
• api-change:iot: [botocore] This release allows AWS IoT Core users to enrich MQTT messages with propagating attributes, to associate a thing to a connection, and to enable Online Certificate Status Protocol (OCSP) stapling for TLS X.509 server certificates through private endpoints.
• api-change:outposts: [botocore] You can now purchase AWS Outposts rack or server capacity for a 5-year term with one of the following payment options: All Upfront, Partial Upfront, and No Upfront.
• api-change:pinpoint-sms-voice-v2: [botocore] Use rule overrides to always allow or always block messages to specific phone numbers. Use message feedback to monitor if a customer interacts with your message.
• api-change:route53resolver: [botocore] Route 53 Resolver DNS Firewall Advanced Rules allows you to monitor and block suspicious DNS traffic based on anomalies detected in the queries, such as DNS tunneling and Domain Generation Algorithms (DGAs).

v1.35.62

Compare Source

=======

• api-change:partnercentral-selling: [botocore] Announcing AWS Partner Central API for Selling: This service launch Introduces new APIs for co-selling opportunity management and related functions. Key features include notifications, a dynamic sandbox for testing, and streamlined validations.

v1.35.61

Compare Source

=======

• api-change:accessanalyzer: [botocore] Expand analyzer configuration capabilities for unused access analyzers. Unused access analyzer configurations now support the ability to exclude accounts and resource tags from analysis providing more granular control over the scope of analysis.
• api-change:cloudcontrol: [botocore] Added support for CloudFormation Hooks with Cloud Control API. The GetResourceRequestStatus API response now includes an optional HooksProgressEvent and HooksRequestToken parameter for Hooks Invocation Progress as part of resource operation with Cloud Control.
• api-change:deadline: [botocore] Adds support for select GPU accelerated instance types when creating new service-managed fleets.
• api-change:iam: [botocore] This release includes support for five new APIs and changes to existing APIs that give AWS Organizations customers the ability to use temporary root credentials, targeted to member accounts in the organization.
• api-change:iotwireless: [botocore] New FuotaTask resource type to enable logging for your FUOTA tasks. A ParticipatingGatewaysforMulticast parameter to choose the list of gateways to receive the multicast downlink message and the transmission interval between them. Descriptor field which will be sent to devices during FUOTA transfer.
• api-change:ivs: [botocore] IVS now offers customers the ability to stream multitrack video to Channels.
• api-change:license-manager-user-subscriptions: [botocore] New and updated API operations to support License Included User-based Subscription of Microsoft Remote Desktop Services (RDS).
• api-change:partnercentral-selling: [botocore] Announcing AWS Partner Central API for Selling: This service launch Introduces new APIs for co-selling opportunity management and related functions. Key features include notifications, a dynamic sandbox for testing, and streamlined validations.
• api-change:quicksight: [botocore] This release adds APIs for Custom Permissions management in QuickSight, and APIs to support QuickSight Branding.
• api-change:redshift: [botocore] Adds support for Amazon Redshift S3AccessGrants
• api-change:s3: [botocore] This release updates the ListBuckets API Reference documentation in support of the new 10,000 general purpose bucket default quota on all AWS accounts. To increase your bucket quota from 10,000 to up to 1 million buckets, simply request a quota increase via Service Quotas.
• api-change:sagemaker: [botocore] Add support for Neuron instance types [ trn1/trn1n/inf2 ] on SageMaker Notebook Instances Platform.
• api-change:sts: [botocore] This release introduces the new API 'AssumeRoot', which returns short-term credentials that you can use to perform privileged tasks.

v1.35.60

Compare Source

=======

• api-change:accessanalyzer: [botocore] This release adds support for policy validation and external access findings for resource control policies (RCP). IAM Access Analyzer helps you author functional and secure RCPs and awareness that a RCP may restrict external access. Updated service API, documentation, and paginators.
• api-change:application-signals: [botocore] Amazon CloudWatch Application Signals now supports creating Service Level Objectives with burn rates. Users can now create or update SLOs with burn rate configurations to meet their specific business requirements.
• api-change:b2bi: [botocore] This release adds a GenerateMapping API to allow generation of JSONata or XSLT transformer code based on input and output samples.
• api-change:billing: [botocore] Today, AWS announces the general availability of ListBillingViews API in the AWS SDKs, to enable AWS Billing Conductor (ABC) users to create proforma Cost and Usage Reports (CUR) programmatically.
• api-change:cloudtrail: [botocore] This release adds a new API GenerateQuery that generates a query from a natural language prompt about the event data in your event data store. This operation uses generative artificial intelligence (generative AI) to produce a ready-to-use SQL query from the prompt.
• api-change:dynamodb: [botocore] This release includes supports the new WarmThroughput feature for DynamoDB. You can now provide an optional WarmThroughput attribute for CreateTable or UpdateTable APIs to pre-warm your table or global secondary index. You can also use DescribeTable to see the latest WarmThroughput value.
• api-change:ec2: [botocore] This release adds the source AMI details in DescribeImages API
• api-change:internetmonitor: [botocore] Add new query type Routing_Suggestions regarding querying interface
• api-change:mediaconvert: [botocore] This release adds support for ARN inputs in the Kantar credentials secrets name field and the MSPR field to the manifests for PlayReady DRM protected outputs.
• api-change:organizations: [botocore] Add support for policy operations on the Resource Control Polices.

v1.35.59

Compare Source

=======

• api-change:codebuild: [botocore] AWS CodeBuild now supports non-containerized Linux and Windows builds on Reserved Capacity.
• api-change:controltower: [botocore] Added ResetEnabledControl API.
• api-change:fis: [botocore] This release adds support for generating experiment reports with the experiment report configuration
• api-change:gamelift: [botocore] Amazon GameLift releases container fleets support for general availability. Deploy Linux-based containerized game server software for hosting on Amazon GameLift.
• api-change:payment-cryptography: [botocore] Updated ListAliases API with KeyArn filter.
• api-change:rds: [botocore] Updates Amazon RDS documentation for Amazon RDS Extended Support for Amazon Aurora MySQL.

v1.35.58

Compare Source

=======

• api-change:cloudfront: [botocore] No API changes from previous release. This release migrated the model to Smithy keeping all features unchanged.
• api-change:inspector2: [botocore] Adds support for filePath filter.
• api-change:lambda: [botocore] Add Python 3.13 (python3.13) support to AWS Lambda
• api-change:opensearch: [botocore] Adds Support for new AssociatePackages and DissociatePackages API in Amazon OpenSearch Service that allows association and dissociation operations to be carried out on multiple packages at the same time.
• api-change:outposts: [botocore] This release updates StartCapacityTask to allow an active Outpost to be modified. It also adds a new API to list all running EC2 instances on the Outpost.

v1.35.57

Compare Source

=======

• api-change:batch: [botocore] This feature allows override LaunchTemplates to be specified in an AWS Batch Compute Environment.
• api-change:bedrock-agent-runtime: [botocore] This release adds trace functionality to Bedrock Prompt Flows
• api-change:chime-sdk-media-pipelines: [botocore] Added support for Media Capture Pipeline and Media Concatenation Pipeline for customer managed server side encryption. Now Media Capture Pipeline can use IAM sink role to get access to KMS key and encrypt/decrypt recorded artifacts. KMS key ID can also be supplied with encryption context.
• api-change:controlcatalog: [botocore] AWS Control Catalog GetControl public API returns additional data in output, including Implementation and Parameters
• api-change:eks: [botocore] Adds new error code Ec2InstanceTypeDoesNotExist for Amazon EKS managed node groups
• api-change:firehose: [botocore] Amazon Data Firehose / Features : Adds support for a new DeliveryStreamType, DatabaseAsSource. DatabaseAsSource hoses allow customers to stream CDC events from their RDS and Amazon EC2 hosted databases, running MySQL and PostgreSQL database engines, to Iceberg Table destinations.
• api-change:lambda: [botocore] This release adds support for using AWS KMS customer managed keys to encrypt AWS Lambda .zip deployment packages.
• api-change:pinpoint-sms-voice-v2: [botocore] Added the RequiresAuthenticationTimestamp field to the RegistrationVersionStatusHistory data type.
• api-change:qbusiness: [botocore] Adds S3 path option to pass group member list for PutGroup API.

v1.35.56

Compare Source

=======

• api-chang

---

Configuration

📅 Schedule: Branch creation - "every weekend" in timezone UTC, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Deployment Summary

• backend_url: https://pr-7096-backend.rdev.single-cell.czi.technology
• frontend_url: https://pr-7096-frontend.rdev.single-cell.czi.technology
• delete_db_task_definition_arn: arn:aws:ecs:us-west-2:***:task-definition/dp-rdev-pr-7096-deletion:1
• migrate_db_task_definition_arn: arn:aws:ecs:us-west-2:***:task-definition/dp-rdev-pr-7096-migration:1