Update to version v4.1.2

### Security

- Upgraded axios to `1.13.5` to mitigate [CVE-2026-25639](https://nvd.nist.gov/vuln/detail/CVE-2026-25639)
- Upgraded cryptography to `46.0.5` to mitigate [CVE-2026-26007](https://nvd.nist.gov/vuln/detail/CVE-2026-26007)
- Upgraded webpack to `5.105.1` to mitigate [CVE-2025-68157](https://nvd.nist.gov/vuln/detail/CVE-2025-68157) and [CVE-2025-68458](https://nvd.nist.gov/vuln/detail/CVE-2025-68458)
- Upgraded pip to `26.0.1` to mitigate [CVE-2026-1703](https://nvd.nist.gov/vuln/detail/CVE-2026-1703)
- Upgraded langchain-core to `1.2.11` to mitigate [CVE-2026-26013](https://nvd.nist.gov/vuln/detail/CVE-2026-26013)
- Upgraded pillow to `12.1.1` to mitigate [CVE-2026-25990](https://nvd.nist.gov/vuln/detail/CVE-2026-25990)
- Upgraded qs to `6.14.2` to mitigate [CVE-2026-2391](https://nvd.nist.gov/vuln/detail/CVE-2026-2391)

Author: tabdunabi

CHANGELOG.md

@@ -5,6 +5,18 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [4.1.2] - 2026-02-17
+
+### Security
+
+- Upgraded axios to `1.13.5` to mitigate [CVE-2026-25639](https://nvd.nist.gov/vuln/detail/CVE-2026-25639)
+- Upgraded cryptography to `46.0.5` to mitigate [CVE-2026-26007](https://nvd.nist.gov/vuln/detail/CVE-2026-26007)
+- Upgraded webpack to `5.105.1` to mitigate [CVE-2025-68157](https://nvd.nist.gov/vuln/detail/CVE-2025-68157) and [CVE-2025-68458](https://nvd.nist.gov/vuln/detail/CVE-2025-68458)
+- Upgraded pip to `26.0.1` to mitigate [CVE-2026-1703](https://nvd.nist.gov/vuln/detail/CVE-2026-1703)
+- Upgraded langchain-core to `1.2.11` to mitigate [CVE-2026-26013](https://nvd.nist.gov/vuln/detail/CVE-2026-26013)
+- Upgraded pillow to `12.1.1` to mitigate [CVE-2026-25990](https://nvd.nist.gov/vuln/detail/CVE-2026-25990)
+- Upgraded qs to `6.14.2` to mitigate [CVE-2026-2391](https://nvd.nist.gov/vuln/detail/CVE-2026-2391)
+
 ## [4.1.1] - 2026-02-05
 
 ### Security

NOTICE.txt

@@ -726,6 +726,7 @@ ace-builds under the BSD-3-Clause license.
 ace-code under the BSD-3-Clause license.
 acorn under the MIT license.
 acorn-import-attributes under the MIT license.
+acorn-import-phases under the MIT license.
 acorn-jsx under the MIT license.
 acorn-walk under the MIT license.
 agent-base under the MIT license.

deployment/cdk-solution-helper/package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "@amzn/cdk-solution-helper",
-  "version": "4.1.1",
+  "version": "4.1.2",
   "description": "This script performs token replacement as part of the build pipeline",
   "license": "Apache-2.0",
   "author": {

deployment/cdk-solution-helper/package.json

@@ -1,6 +1,6 @@
 [project]
 name = "gaab-strands-agent"
-version = "4.1.1"
+version = "4.1.2"
 description = "GAAB Strands Agent Runtime for Amazon Bedrock AgentCore"
 readme = "README.md"
 requires-python = ">=3.13"
@@ -73,7 +73,8 @@ dev-dependencies = [
     "pytest-mock>=3.12.0",
 ]
 override-dependencies = [
-    "protobuf>=6.33.5"
+    "protobuf>=6.33.5",
+    "pillow>=12.1.1"
 ]
 
 [tool.black]

deployment/ecr/gaab-strands-agent/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "gaab-strands-common"
-version = "4.1.1"
+version = "4.1.2"
 description = "Shared library for GAAB Strands agents"
 readme = "README.md"
 requires-python = ">=3.13"

deployment/ecr/gaab-strands-agent/uv.lock

@@ -1,6 +1,6 @@
 [project]
 name = "gaab-strands-workflow-agent"
-version = "4.1.1"
+version = "4.1.2"
 description = "GAAB Strands Workflow Agent Runtime for Amazon Bedrock AgentCore"
 readme = "README.md"
 requires-python = ">=3.13"
@@ -54,7 +54,8 @@ dev-dependencies = [
     "pytest-mock>=3.12.0",
 ]
 override-dependencies = [
-    "protobuf>=6.33.5"
+    "protobuf>=6.33.5",
+    "pillow>=12.1.1"
 ]
 
 [tool.uv.sources]