Skip to content

fix(deps): bump @smithy/config-resolver to 4.4.10 (defense-in-depth)#1003

Open
sarayev wants to merge 1 commit intomainfrom
fix/dependabot-smithy-config-resolver
Open

fix(deps): bump @smithy/config-resolver to 4.4.10 (defense-in-depth)#1003
sarayev wants to merge 1 commit intomainfrom
fix/dependabot-smithy-config-resolver

Conversation

@sarayev
Copy link
Contributor

@sarayev sarayev commented Mar 6, 2026

Summary

Resolves Dependabot alert for @smithy/config-resolver — defense-in-depth region validation fix (4.4.9 → 4.4.10).

Changes

  • Added yarn resolution: "@smithy/config-resolver": "^4.4.10"

Strategy

Traced via yarn why: @aws-sdk/client-codebuild, @aws-sdk/client-s3, etc. → @smithy/config-resolver@^4.4.9. Lockfile was pinned to 4.4.9 — resolution forces upgrade to 4.4.10.

Verification

  • lerna run build
  • lerna run test
  • yarn extract-dependency-licenses ✅ (1 ins/1 del)
  • Cloud E2E: 29/30 passed (1 failure in cleanup_e2e_resources — infra cleanup, not a real test)

@sarayev sarayev requested review from a team as code owners March 6, 2026 15:42
@sarayev
fix: bump @smithy/config-resolver to ^4.4.0 for defense-in-depth regi…
36ac6dd 
…on validation

Adds a resolution to upgrade @smithy/config-resolver from 2.x to 4.x
to adopt defense-in-depth enhancement for region parameter value
validation in AWS SDK for JavaScript v3.

Resolves Dependabot alert #99.
@sarayev sarayev force-pushed the fix/dependabot-smithy-config-resolver branch from ff5e380 to 36ac6dd Compare March 6, 2026 19:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@sarayev