chore(deps): bump @aws-sdk/client-sfn from 3.1036.0 to 3.1062.0#1622
chore(deps): bump @aws-sdk/client-sfn from 3.1036.0 to 3.1062.0#1622dependabot[bot] wants to merge 2 commits into
Conversation
Bumps [@aws-sdk/client-sfn](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-sfn) from 3.1036.0 to 3.1062.0. - [Release notes](https://github.com/aws/aws-sdk-js-v3/releases) - [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-sfn/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1062.0/clients/client-sfn) --- updated-dependencies: - dependency-name: "@aws-sdk/client-sfn" dependency-version: 3.1062.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Dependency Review✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.OpenSSF ScorecardScorecard details
Scanned Files
|
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #1622 +/- ##
=======================================
Coverage 88.73% 88.73%
=======================================
Files 77 77
Lines 11359 11359
Branches 1585 1585
=======================================
Hits 10079 10079
Misses 1250 1250
Partials 30 30
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
|
A newer version of @aws-sdk/client-sfn exists, but since this PR has been edited by someone other than Dependabot I haven't updated it. You'll get a PR for the updated version as normal once this PR is merged. |
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
In aws#1035, we added a dependabot configuration that adds an `auto-approve` label to NPM update PRs created by dependabot. This was done so that such PRs can be auto merged. However, we inadvertently also increased the scope of which PRs should depedabot create. **Prior to aws#1035 The `npm` package registry was missing - which means dependabot would **only** create PRs that resolve a security alert, as specified in our repository settings: <img width="781" height="153" alt="Screenshot 2026-06-21 at 7 13 00 PM" src="https://github.com/user-attachments/assets/ee10ad34-5266-48ef-89fe-ebd4e71d7a6a" /> **After aws#1035 Dependabot creates PRs for regular npm dependency upgrades, duplicating our custom [projen based workflow](https://github.com/aws/aws-cdk-cli/blob/main/.github/workflows/upgrade.yml). For example: - aws#1622 - aws#1621 - aws#1620 - aws#1619 - aws#1618 ---- According to [GitHub docs](https://docs.github.com/en/code-security/how-tos/secure-your-supply-chain/secure-your-dependencies/configure-security-updates#overriding-the-default-behavior-with-a-configuration-file): > If you only require security updates and want to exclude version updates, you can set open-pull-requests-limit to 0 in order to prevent version updates for a given package-ecosystem. We now use this mechanism in order to limit dependabot to security alerts but preserve the addition of the `auto-approve` lablel. ### Checklist - [ ] This change contains a major version upgrade for a dependency and I confirm all breaking changes are addressed - Release notes for the new version: --- By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license
Bumps @aws-sdk/client-sfn from 3.1036.0 to 3.1062.0.
Release notes
Sourced from @aws-sdk/client-sfn's releases.
... (truncated)
Changelog
Sourced from @aws-sdk/client-sfn's changelog.
... (truncated)
Commits
f5235bbPublish v3.1062.071df2ccPublish v3.1061.08aeb92dPublish v3.1060.075bb4fcPublish v3.1059.06b082a6chore(codegen): sync for adaptive retry fix, EAI_AGAIN transient error (#8067)d7602d4Publish v3.1058.0e836d5cPublish v3.1057.04b03542Publish v3.1056.07ae617cchore(codegen): sync for cyclic file dependency fixes (#8051)2981565Publish v3.1055.0Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)