Skip to content

fix transitive vulnerability in smithy, via aws-sdk #1081

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
eschultink merged 1 commit into from
Jan 13, 2026
Merged

fix transitive vulnerability in smithy, via aws-sdk #1081

eschultink merged 1 commit into from
Jan 13, 2026

Conversation

@eschultink
Copy link
Member

@eschultink eschultink commented Jan 12, 2026
edited by cursor bot
Loading

Fixes

  • vulnerabilty in smithy, transitive dep under aws-sdk

Change implications

  • dependencies added/changed? yes
    • Updated the AWS SDK dependency to a newer version to fix issues related to Smithy.
  • something important to note in future release notes?
    • Ensure to check compatibility with existing infrastructure setups as the updated AWS SDK may introduce changes in how services are handled.
    • Check for any new requirements or configuration changes needed due to the SDK update.
    • No direct breaking changes anticipated, but thorough testing is recommended to ensure smooth integration.

Note

Addresses security concerns in transitive @smithy/* by upgrading AWS SDK dependencies.

  • Bumps @aws-sdk/client-* and @aws-sdk/credential-providers to ^3.966.0 in tools/psoxy-test/package.json
  • Regenerates lockfile with widespread @smithy/* updates and compatibility bumps
  • Adds new transitive modules like @aws-sdk/crc64-nvme and @aws-sdk/credential-provider-login; minor bumps to bowser, strnum
  • No application code changes

Written by Cursor Bugbot for commit 4fe6adf. This will update automatically on new commits. Configure here.

@eschultink eschultink self-assigned this Jan 12, 2026
Copilot AI reviewed Jan 12, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates AWS SDK dependencies to address a transitive security vulnerability in the Smithy library. The fix involves upgrading all AWS SDK v3 packages from version 3.911.0 to 3.966.0.

Changes:

  • Updated four AWS SDK v3 packages to version 3.966.0 to resolve a Smithy vulnerability

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@eschultink eschultink merged commit 8b8457d into rc-v0.5.16 Jan 13, 2026
51 checks passed
@eschultink eschultink deleted the s216-dependabot-fix branch January 13, 2026 15:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@aperez-worklytics aperez-worklytics aperez-worklytics approved these changes

@jlorper jlorper Awaiting requested review from jlorper

Assignees

@eschultink eschultink

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@eschultink @aperez-worklytics