Update to version v4.1.3 (#302)

Author: rharikak

CHANGELOG.md

@@ -4,11 +4,24 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [4.1.3] - 2026-04-09
+
+### Security
+
+- Updated cryptography to version 46.0.7 to address [CVE-2026-26007](https://avd.aquasec.com/nvd/2026/cve-2026-26007/), [CVE-2026-34073](https://nvd.nist.gov/vuln/detail/CVE-2026-34073), and [CVE-2026-39892](https://avd.aquasec.com/nvd/cve-2026-39892)
+- Updated werkzeug to version 3.1.6 to address [CVE-2026-27199](https://avd.aquasec.com/nvd/cve-2026-27199)
+- Updated minimatch to version 3.1.5 to address [CVE-2026-26996](https://avd.aquasec.com/nvd/cve-2026-26996)
+- Updated aws-cdk-lib to version 2.248.0 to address [CVE-2025-69873](https://avd.aquasec.com/nvd/cve-2025-69873), [CVE-2026-27903](https://nvd.nist.gov/vuln/detail/CVE-2026-27903), [CVE-2026-33532](https://nvd.nist.gov/vuln/detail/CVE-2026-33532), and [CVE-2026-33750](https://nvd.nist.gov/vuln/detail/CVE-2026-33750)
+- Updated flatted to version 3.4.2 to address [CVE-2026-32141](https://avd.aquasec.com/nvd/cve-2026-32141) and [CVE-2026-33228](https://nvd.nist.gov/vuln/detail/CVE-2026-33228)
+- Updated picomatch to versions 2.3.2 and 4.0.4 to address [CVE-2026-33671](https://nvd.nist.gov/vuln/detail/CVE-2026-33671) and [CVE-2026-33672](https://nvd.nist.gov/vuln/detail/CVE-2026-33672)
+- Updated brace-expansion to versions 1.1.13 and 5.0.5 to address [CVE-2026-33750](https://nvd.nist.gov/vuln/detail/CVE-2026-33750)
+- Updated requests to version 2.33.1 to address insecure temp file reuse in extract_zipped_paths()
+
 ## [4.1.2] - 2026-01-14
 
 ### Security
 
-- Updated urllib3 to version 2.6.3 to address [CVE-2026-21441 ](https://avd.aquasec.com/nvd/cve-2026-21441)
+- Updated urllib3 to version 2.6.3 to address [CVE-2026-21441](https://avd.aquasec.com/nvd/cve-2026-21441)
 - Updated werkzeug to version 3.1.5 to address [CVE-2026-21860](https://avd.aquasec.com/nvd/cve-2026-21860)
 
 ## [4.1.1] - 2025-12-29

NOTICE.txt

@@ -425,15 +425,19 @@ xml under the MIT license.
 prettier under the MIT license.
 ts-jest under the MIT license.
 bs-logger under the MIT license.
-ejs under the Apache-2.0 license.
-jake under the Apache-2.0 license.
-async under the MIT license.
-filelist under the Apache-2.0 license.
+handlebars under the MIT license.
+minimist under the MIT license.
+neo-async under the MIT license.
+wordwrap under the MIT license.
+uglify-js under the BSD-2-Clause license.
 lodash.memoize under the MIT license.
 certifi under the MPL-2.0 license.
 charset-normalizer under the MIT license.
 idna under the 0BSD license.
 requests under the Apache-2.0 license.
+@aws-cdk/cloud-assembly-api under the Apache-2.0 license.
+tinyglobby under the ISC license.
+fdir under the MIT license.
 
 ********************
 OPEN SOURCE LICENSES
@@ -448,4 +452,5 @@ BSD-3-Clause - https://spdx.org/licenses/BSD-3-Clause.html
 CC-BY-4.0 - https://spdx.org/licenses/CC-BY-4.0.html
 ISC - https://spdx.org/licenses/ISC.html
 MIT - https://spdx.org/licenses/MIT.html
+BlueOak-1.0.0 - https://spdx.org/licenses/BlueOak-1.0.0.html
 Python-2.0 - https://spdx.org/licenses/Python-2.0.html

source/custom_resource/poetry.lock

@@ -9,13 +9,13 @@ aws-lambda-powertools = "~3.2.0"
 jinja2 = "^3.1.6"
 aws-xray-sdk = "^2.14.0"
 urllib3 = "^2.6.3"
+cryptography = ">=46.0.7"
 
 
 [tool.poetry.group.dev.dependencies]
 moto = "^4.1.4"
 pytest = "^7.2.2"
 pytest-mock = "^3.12.0"
-pytest-runner = "^6.0.0"
 pytest-cov = "^4.0.0"
 pytest-env = "^0.8.1"
 boto3 = "^1.37.13"

source/custom_resource/pyproject.toml

@@ -9,14 +9,14 @@ aws-lambda-powertools = "~3.2.0"
 jinja2 = "^3.1.6"
 aws-xray-sdk = "^2.14.0"
 urllib3 = "^2.6.3"
+cryptography = ">=46.0.7"
 
 
 
 [tool.poetry.group.dev.dependencies]
 moto = "^4.1.4"
 pytest = "^7.2.2"
 pytest-mock = "^3.12.0"
-pytest-runner = "^6.0.0"
 pytest-cov = "^4.0.0"
 pytest-env = "^0.8.1"
 boto3 = "^1.37.13"