revert: Update @aws-sdk client libraries (#16839)"

[lodmfjord]

This reverts commit 94f3f89.

...

Attach a link to issue if relevant

What

Specify what you're trying to achieve

Why

Specify why you need to achieve this

Screenshots / Gifs

Attach Screenshots / Gifs to help reviewers understand the scope of the pull request

Checklist:

• I have performed a self-review of my own code
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• Formatting passes locally with my changes
• I have rebased against main before asking for a review

Summary by CodeRabbit

• Chores
  • Downgraded versions of several AWS SDK packages to improve compatibility:
    • @aws-sdk/client-s3, @aws-sdk/client-sqs, @aws-sdk/credential-provider-node, @aws-sdk/lib-storage, @aws-sdk/s3-presigned-post, and @aws-sdk/s3-request-presigner from 3.687.0 to 3.662.0.
    • @aws-sdk/client-ses and @aws-sdk/client-ssm from 3.687.0 to 3.145.0.

[coderabbitai]

Walkthrough

The pull request involves modifications to the package.json files for two projects, infra and the main project. The changes primarily consist of downgrading various AWS SDK package versions, including @aws-sdk/client-s3, @aws-sdk/client-sqs, @aws-sdk/client-ses, and @aws-sdk/client-ssm. The versions for these packages have been reduced from 3.687.0 to lower versions, with @aws-sdk/client-ssm specifically downgraded to 3.145.0. Other dependencies remain unchanged.

Changes

File	Change Summary
infra/package.json	Downgraded @aws-sdk/client-ssm from 3.687.0 to 3.145.0.
package.json	Downgraded multiple AWS SDK packages: @aws-sdk/client-s3 from 3.687.0 to 3.662.0, @aws-sdk/client-sqs from 3.687.0 to 3.662.0, @aws-sdk/credential-provider-node from 3.687.0 to 3.662.0, @aws-sdk/lib-storage from 3.687.0 to 3.662.0, @aws-sdk/s3-presigned-post from 3.687.0 to 3.662.0, @aws-sdk/s3-request-presigner from 3.687.0 to 3.662.0, and @aws-sdk/client-ses from 3.687.0 to 3.145.0. Removed previous versions of these packages.

Possibly related PRs

• chore(deps): Update @aws-sdk client libraries #16839: This PR updates the @aws-sdk/client-ssm package from 3.145.0 to 3.687.0, which is directly related to the version change of the same package in the main PR.

Suggested labels

automerge

Suggested reviewers

• AndesKrrrrrrrrrrr
• robertaandersen
• svanaeinars
• baering

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

🧹 Outside diff range and nitpick comments (2)

infra/package.json (2)

28-28: Document the reason for dependency downgrade

This is a significant version downgrade that's part of reverting PR #16839. Please document:

1. What issues were encountered with version 3.687.0?
2. Are there any breaking changes that necessitated this revert?
3. Is this a temporary fix or a long-term solution?

---

28-31: Consider AWS SDK version consistency

The project is using a mix of AWS SDK v2 (aws-sdk: ^2.1003.0) and v3 clients. This could lead to:

1. Inconsistent behavior between different AWS service clients
2. Increased bundle size from including both SDK versions
3. Maintenance overhead from managing two SDK versions

Consider:

1. Standardizing on either v2 or v3 across the project
2. If v3 is preferred, migrate remaining v2 usage to v3
3. If v2 is preferred, consider reverting other v3 clients

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between d06732d and 9678d84.

⛔ Files ignored due to path filters (2)

• infra/yarn.lock is excluded by !**/yarn.lock, !**/*.lock
• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (2)

• infra/package.json (1 hunks)
• package.json (2 hunks)

🔇 Additional comments (3)

infra/package.json (1)

28-28: Verify security implications of downgrading @aws-sdk/client-ssm

The downgrade from 3.687.0 to 3.145.0 is significant. Let's verify there are no known security vulnerabilities in this version.

✅ Verification successful

Let me gather more information about the AWS SDK usage in the codebase to understand the impact better.

---

Let me check the actual SSM client usage in the identified files to understand the implementation details.

---

Downgrading @aws-sdk/client-ssm is safe for this implementation

The codebase uses basic SSM client functionality (getParameters) that has remained stable across versions. Based on the verification:

• No security vulnerabilities found for version 3.145.0
• Implementation uses only core features (initialization and getParameters)
• No breaking changes that would affect the current usage
• Test mocks confirm simple parameter fetching patterns

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check for security advisories for @aws-sdk/client-ssm
gh api graphql -f query='
{
  securityVulnerabilities(first: 5, ecosystem: NPM, package: "@aws-sdk/client-ssm") {
    nodes {
      advisory {
        summary
        severity
        publishedAt
      }
      vulnerableVersionRange
      firstPatchedVersion {
        identifier
      }
    }
  }
}'

# Check the changelog between versions for breaking changes
curl -s "https://raw.githubusercontent.com/aws/aws-sdk-js-v3/main/clients/client-ssm/CHANGELOG.md" | grep -A 5 "3.145.0"

Length of output: 625

---

Script:

#!/bin/bash
# Check for AWS SDK v3 SSM client usage
rg -l "client-ssm|SSMClient" -g "!package*.json"

# Check for other AWS SDK v3 client versions in package.json
rg "@aws-sdk/client-" infra/package.json

# Check for AWS SDK v2 SSM usage
rg "require.*aws-sdk.*SSM|import.*aws-sdk.*SSM" -g "!package*.json"

Length of output: 292

---

Script:

#!/bin/bash
# Check SSM client implementation in the identified files
cat infra/src/dsl/adapters/get-ssm-params.ts
cat infra/src/cli/cli.spec.ts

# Check for any AWS SDK version-specific features being used
rg -A 5 "new SSMClient|SSMClient\." infra/src/

Length of output: 5633

package.json (2)

72-77: Verify AWS SDK v2 and v3 compatibility.

The project uses both AWS SDK v2 ([email protected]) and v3 packages. While this is supported, the significant version differences between v3 packages might cause issues.

Also applies to: 322-323

✅ Verification successful

Based on the search results, I can now generate the final response as we have sufficient information about AWS SDK usage patterns in the codebase.

AWS SDK v2 to v3 migration in progress - No immediate compatibility issues

The codebase shows a controlled transition from AWS SDK v2 to v3, with clear separation of concerns:

• V2 SDK is used primarily in older services for SES, CloudFront, and Elasticsearch connectivity
• V3 SDK is consistently used in newer implementations, particularly for S3 and SQS operations
• No instances found where both SDK versions are used for the same AWS service within a single module

The version differences between v3 packages (all at 3.662.0) are not a concern as they are synchronized.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for AWS SDK v2 and v3 usage patterns to identify potential compatibility issues
rg -A 5 "require\('aws-sdk'\)" || rg -A 5 "from 'aws-sdk'"
rg -A 5 "from '@aws-sdk/"

Length of output: 16778

---

322-323: Security concern: Significantly older versions detected.

The AWS SDK packages client-ses and client-ssm are being downgraded to a much older version (3.145.0). This could potentially expose security vulnerabilities.

[coderabbitai]

⚠️ Potential issue

Version mismatch detected in AWS SDK packages.

Most AWS SDK packages are set to version 3.662.0, but some packages in devDependencies are set to 3.145.0. This inconsistency might lead to compatibility issues.

Consider aligning all AWS SDK package versions to 3.662.0:

 "@aws-sdk/client-s3": "3.662.0",
 "@aws-sdk/client-sqs": "3.662.0",
 "@aws-sdk/credential-provider-node": "3.662.0",
 "@aws-sdk/lib-storage": "3.662.0",
 "@aws-sdk/s3-presigned-post": "3.662.0",
 "@aws-sdk/s3-request-presigner": "3.662.0",

Committable suggestion skipped: line range outside the PR's diff.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 36.44%. Comparing base (d06732d) to head (9678d84).
Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main   #16884   +/-   ##
=======================================
  Coverage   36.44%   36.44%           
=======================================
  Files        6851     6851           
  Lines      143569   143569           
  Branches    40980    40980           
=======================================
  Hits        52330    52330           
  Misses      91239    91239           

Flag	Coverage Δ
api	3.34% <ø> (ø)
portals-admin-regulations-admin	1.85% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update d06732d...9678d84. Read the comment docs.

[datadog-island-is]

Datadog Report

All test runs 66f6590 🔗

✅ 2 Total Test Services: 0 Failed, 2 Passed
➡️ Test Sessions change in coverage: 4 no change

Test Services

Service Name	Failed	Known Flaky	New Flaky	Passed	Skipped	Total Time	Code Coverage Change	Test Service View
api	0	0	0	4	0	3.23s	1 no change	Link
portals-admin-regulations-admin	0	0	0	24	0	16.68s	1 no change	Link