[Snyk] Upgrade @aws-sdk/client-s3 from 3.826.0 to 3.940.0 #66
Conversation
Snyk has created this PR to upgrade @aws-sdk/client-s3 from 3.826.0 to 3.940.0. See this package in npm: @aws-sdk/client-s3 See this project in Snyk: https://app.snyk.io/org/sunwuyuan/project/7f95d725-ca6f-4cce-ab56-8b055b9f632f?utm_source=github&utm_medium=referral&page=upgrade-pr
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
There was a problem hiding this comment.
Pull request overview
This PR upgrades the AWS SDK S3 client package from version 3.826.0 to 3.940.0 to address multiple security vulnerabilities in transitive dependencies while maintaining compatibility with the existing codebase.
Key Changes:
- Updates @aws-sdk/client-s3 dependency by 70 versions (approximately 5 months of updates)
- Patches 11 security vulnerabilities including critical, high, medium, and low severity issues in dependencies like axios, body-parser, form-data, jws, multer, and validator
- Brings in performance improvements and bug fixes from the AWS SDK releases between June and November 2025
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Pull Request Review: AWS SDK S3 Client UpgradeSummaryThis PR upgrades Security Assessment ✅Positive: This upgrade addresses 11 security vulnerabilities including:
Recommendation: ✅ Approve from security perspective - These are important fixes that should be merged. Code Quality & Best PracticesWhat's Good ✅
Areas of Concern
|
Snyk has created this PR to upgrade @aws-sdk/client-s3 from 3.826.0 to 3.940.0.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 70 versions ahead of your current version.
The recommended version was released 21 days ago.
Issues fixed by the recommended upgrade:
SNYK-JS-AXIOS-12613773
SNYK-JS-BODYPARSER-14105059
SNYK-JS-BRACEEXPANSION-9789073
SNYK-JS-BRACEEXPANSION-9789073
SNYK-JS-FORMDATA-10841150
SNYK-JS-JWS-14188253
SNYK-JS-JWS-14188253
SNYK-JS-MULTER-10773732
SNYK-JS-VALIDATOR-13653476
SNYK-JS-ONHEADERS-10773729
SNYK-JS-VALIDATOR-13395830
Release notes
Package name: @aws-sdk/client-s3
-
3.940.0 - 2025-11-25
- clients: update client endpoints as of 2025-11-25 (e2770904)
- client-network-firewall: Network Firewall release of the Proxy feature. (0eb20e88)
- client-organizations: Add support for policy operations on the S3_POLICY and BEDROCK_POLICY policy type. (75e196ee)
- client-route-53: Adds support for new route53 feature: accelerated recovery. (dbe0a58f)
- client-ec2: This release adds support to view Network firewall proxy appliances attached to an existing NAT Gateway via DescribeNatGateways API NatGatewayAttachedAppliance structure. (7d70b063)
- core/protocols: performance improvements for shape serde traversal (#7523) (b20a25ea)
- codegen: update codegen unit tests (#7525) (e43ff44c)
-
3.939.0 - 2025-11-24
- scripts: reduce api validation to packages/lib only (#7519) (eb74d6a0)
- client-cloudwatch-logs: New CloudWatch Logs feature - LogGroup Deletion Protection, a capability that allows customers to safeguard their critical CloudWatch log groups from accidental or unintended deletion. (02360329)
- client-cloudfront: Add TrustStore, ConnectionFunction APIs to CloudFront SDK (168505ee)
- clients: export enum objects for string shapes (#7521) (62f648df)
- cloudfront-signer: skip extended encoding for query parameters in the base url (#7515) (954d411e)
- increase beforeAll hook timeouts (#7518) (720ba4cd)
-
3.937.0 - 2025-11-20
- api record update (#7514) (8109474f)
- client-kinesis: Kinesis Data Streams now supports up to 50 Enhance Fan-out consumers for On-demand Advantage Streams. On-demand Standard and Provisioned streams will continue with the existing limit of 20 consumers for Enhanced Fan-out. (dc1ec575)
- clients: update client endpoints as of 2025-11-20 (a15a5b22)
- client-dsql: Added clusterVpcEndpoint field to GetVpcEndpointServiceName API response, returning the VPC connection endpoint for the cluster (9fe2380d)
- client-bedrock-data-automation: Added support for Synchronous project type and PII Detection and Redaction (fe8bca9f)
- client-budgets: Add BillingViewHealthStatusException to DescribeBudgetPerformanceHistory and ServiceQuotaExceededException to UpdateBudget for improved error handling with Billing Views. (bdce2a67)
- client-s3: Enable / Disable ABAC on a general purpose bucket. (9816b260)
- client-networkmanager: This release adds support for Cloud WAN Routing Policy providing customers sophisticated routing controls to better manage their global networks (14daa70a)
- client-redshift-data: Increasing the length limit of Statement Name from 500 to 2048. (3091e42a)
- client-elastic-load-balancing-v2: This release adds the target optimizer feature in ALB, enabling strict concurrency enforcement on targets. (3da0b3fc)
- client-lakeformation: Added ServiceIntegrations as a request parameter for CreateLakeFormationIdentityCenterConfigurationRequest and UpdateLakeFormationIdentityCenterConfigurationRequest and response parameter for DescribeLakeFormationIdentityCenterConfigurationResponse (7615a8bc)
- client-braket: Add support for Braket spending limits. (13f6f508)
- client-sagemaker: Added training plan support for inference endpoints. Added HyperPod task governance with accelerator partition-based quota allocation. Added BatchRebootClusterNodes and BatchReplaceClusterNodes APIs. Updated ListClusterNodes to include privateDnsHostName. (859f793a)
- client-ec2: This release adds support for multiple features including: VPC Encryption Control for the status of traffic flow; S2S VPN BGP Logging; TGW Flexible Costs; IPAM allocation of static IPs from IPAM pools to CF Anycast IP lists used on CloudFront distribution; and EBS Volume Integration with Recycle Bin (6fdcb506)
- client-cloudtrail: AWS launches CloudTrail aggregated events to simplify monitoring of data events at scale. This feature delivers both granular and summarized data events for resources like S3/Lambda, helping security teams identify patterns without custom aggregation logic. (d7c651c8)
- client-emr: Add support for configuring S3 destination for step logs on a per-step basis. (b24d79f6)
- client-datasync: The partition value "aws-eusc" is now permitted for ARN (Amazon Resource Name) fields. (8a6adcf7)
- client-connect: Add optional ability to exclude users from send notification actions for Contact Lens Rules. (15d923a3)
- client-ecs: Launching Amazon ECS Express Mode - a new feature that enables developers to quickly launch highly available, scalable containerized applications with a single command. (f77f87ba)
- client-quicksight: Introducing comprehensive theme styling controls. New features include border customization (radius, width, color), flexible padding controls, background styling for cards and sheets, centralized typography management, and visual-level override support across layouts. (cd0d876d)
- client-rbin: Add support for EBS volume in Recycle Bin (7fdeb129)
- client-auto-scaling: This release adds support for three new features: 1) Image ID overrides in mixed instances policy, 2) Replace Root Volume - a new strategy for Instance Refresh, and 3) Instance Lifecycle Policy for enhanced instance lifecycle management. (fff870ea)
- client-imagebuilder: EC2 Image Builder now enables the distribution of existing AMIs, retry distribution, and define distribution workflows. It also supports automatic versioning for recipes and components, allowing automatic version increments and dynamic referencing in pipelines. (0d2985c2)
- client-bedrock-agentcore: Bedrock AgentCore Memory release for redriving memory extraction jobs (StartMemoryExtractionJob and ListMemoryExtractionJob) (e5cc06e3)
- client-rds: Add support for VPC Encryption Controls. (e91f3548)
- client-cloudfront: This release adds support for bring your own IP (BYOIP) to CloudFront's CreateAnycastIpList API through an optional IpamCidrConfigs field. (aa047c72)
- client-bedrock-data-automation-runtime: Bedrock Data Automation Runtime Sync API (f14c750f)
- client-license-manager: Added cross-account resource aggregation via license asset groups and expiry tracking for Self-Managed Licenses. Extended Org-Wide View to Self-Managed Licenses, added reporting for license asset groups, and removed Athena/Glue dependencies for cross-account resource discovery in commercial regions. (54276060)
- client-glue: Added FunctionType parameter to Glue GetuserDefinedFunctions. (db36a145)
- client-securityhub: Release Findings and Resources Trends APIs- GetFindingsTrendsV2 and GetResourcesTrendsV2. This supports time-series aggregated counts with composite filtering for 1-year of historical data analysis of Findings and Resources. (82511def)
- client-application-signals: Amazon CloudWatch Application Signals now supports un-instrumented services discovery, cross-account views, and change history, helping SRE and DevOps teams monitor and troubleshoot their large-scale distributed applications. (0da48ba7)
- client-database-migration-service: Added support for customer-managed KMS key (CMK) for encryption for import private key certificate. Additionally added Amazon SageMaker Lakehouse endpoint used for zero-ETL integrations with data warehouses. (7edb9744)
- client-device-farm: Add support for environment variables and an IAM execution role. (3476f4df)
- client-organizations: Added new APIs for Billing Transfer, new policy type INSPECTOR_POLICY, and allow an account to transfer between organizations (674519a3)
-
3.936.0 - 2025-11-19
- credential-provider-login: add login credential provider (#7512) (2c08b1e0)
-
3.935.0 - 2025-11-19
- codegen: update for smithy/core serde fixes (#7511) (ac2be518)
- clients: update client endpoints as of 2025-11-19 (d7b51c49)
- client-sts: IAM now supports outbound identity federation via the STS GetWebIdentityToken API, enabling AWS workloads to securely authenticate with external services using short-lived JSON Web Tokens. (f9fed01c)
- client-dynamodb: Extended Global Secondary Index (GSI) composite keys to support up to 8 attributes. (622ef038)
- client-medialive: MediaLive is adding support for MediaConnect Router by supporting a new input type called MEDIACONNECT_ROUTER. This new input type will provide seamless encrypted transport between MediaConnect Router and your MediaLive channel. (1667189e)
- client-bcm-pricing-calculator: Add GroupSharingPreference, CostCategoryGroupSharingPreferenceArn, and CostCategoryGroupSharingPreferenceEffectiveDate to Bill Estimate. Add GroupSharingPreference and CostCategoryGroupSharingPreferenceArn to Bill Scenario. (e0dc140c)
- client-backup: Amazon GuardDuty Malware Protection now supports AWS Backup, extending malware detection capabilities to EC2, EBS, and S3 backups. (498dcf3d)
- client-connectcampaignsv2: This release added support for ring timer configuration for campaign calls. (1155c3c4)
- client-ecs: Added support for Amazon ECS Managed Instances infrastructure optimization configuration. (2ee0c3f3)
- client-ecr: Add support for ECR archival storage class and Inspector org policy for scanning (ed5e232d)
- client-sagemaker: Added support for enhanced metrics for SageMaker AI Endpoints. This features provides Utilization Metrics at instance and container granularity and also provides easy configuration of metric publish frequency from 10 sec -> 5 mins (ad2587c7)
- client-apigatewayv2: Support for API Gateway portals and portal products. (fc064256)
- client-billingconductor: This release adds support for Billing Transfers, enabling management of billing transfers with billing groups on AWS Billing Conductor. (4e32b65d)
- client-cloudwatch-logs: Adding support for ocsf version 1.5, add optional parameter MappingVersion (2a15be86)
- client-api-gateway: API Gateway now supports response streaming and new security policies for REST APIs and custom domain names. (e1d2d6b1)
- client-cost-optimization-hub: Release ListEfficiencyMetrics API (2b031582)
- client-bedrock-runtime: This release includes support for Search Results. (40ffa77a)
- client-cloudtrail: AWS CloudTrail now supports Insights for data events, expanding beyond management events to automatically detect unusual activity on data plane operations. (f8570665)
- client-health: Adds actionability and personas properties to Health events exposed through DescribeEvents, DescribeEventsForOrganization, DescribeEventDetails, and DescribeEventTypes APIs. Adds filtering by actionabilities and personas in EventFilter, OrganizationEventFilter, EventTypeFilter. (c754b242)
- client-networkflowmonitor: Added new enum value (AWS::EKS::Cluster) for type field under MonitorLocalResource (66729787)
- client-invoicing: Add support for adding Billing transfers in Invoice configuration (2e493490)
- client-s3: Adds support for blocking SSE-C writes to general purpose buckets. (cee2e72f)
- client-network-firewall: Partner Managed Rulegroup feature support (2e8472d6)
- client-emr: Add CloudWatch Logs integration for Spark driver, executor and step logs (7e6e1684)
- client-fsx: Adding File Server Resource Manager configuration to FSx Windows (2e3c0c96)
- client-guardduty: Add support for scanning and viewing scan results for backup resource types (231cf06b)
- client-sfn: Adds support to TestState for mocked results and exceptions, along with additional inspection data. (1b18be75)
- client-partnercentral-channel: Initial GA launch of Partner Central Channel (b77d1682)
- client-secrets-manager: Adds support to create, update, retrieve, rotate, and delete managed external secrets. (c13b6f97)
- client-iam: Added the EnableOutboundWebIdentityFederation, DisableOutboundWebIdentityFederation and GetOutboundWebIdentityFederationInfo APIs for the IAM outbound federation feature. (5774faa2)
- client-cost-explorer: Add support for COST_CATEGORY, TAG, and LINKED_ACCOUNT AWS managed cost anomaly detection monitors (ab1e44d9)
- client-mediaconnect: This release adds support for global routing in AWS Elemental MediaConnect. You can now use router inputs and router outputs to manage global video and audio routing workflows both within the AWS-Cloud and over the public internet. (4a372d33)
- client-billing: Added name filtering support to ListBillingViews API through the new names parameter to efficiently filter billing views by name. (8c6af8c2)
- client-ec2: This launch adds support for two new features: Regional NAT Gateway and IPAM Policies. IPAM policies offers customers central control for public IPv4 assignments across AWS services. Regional NAT is a single NAT Gateway that automatically expands across AZs in a VPC to maintain high availability. (e6ed3823)
- client-signin: AWS Sign-In manages authentication for AWS services. This service provides secure authentication flows for accessing AWS resources from the console and developer tools. This release adds the CreateOAuth2Token API, which can be used to fetch OAuth2 access tokens and refresh tokens from Sign-In. (21a4dff3)
- client-inspector2: This release introduces BLOCKED_BY_ORGANIZATION_POLICY error code and IMAGE_ARCHIVED scanStatusReason. BLOCKED_BY_ORGANIZATION_POLICY error code is returned when an operation is blocked by an AWS Organizations policy. IMAGE_ARCHIVED scanStatusReason is returned when an Image is archived in ECR. (ccaf51bb)
- client-lambda: Added support for creating and invoking Tenant Isolated functions in AWS Lambda APIs. (fc517d86)
- client-datazone: Amazon DataZone now supports business metadata (readme and metadata forms) at the individual attribute (column) level, a new rule type for glossary terms, and the ability to update the owner of the root domain unit. (21f12b43)
- client-rum: CloudWatch RUM now supports mobile application monitoring for Android and iOS platforms (6513bd2a)
- client-route-53: Add dual-stack endpoint support for Route53 (6fbbbd3c)
- client-transcribe-streaming: This release adds support for additional locales in AWS transcribe streaming. (52dd1e7b)
-
3.934.0 - 2025-11-18
- clients: update client endpoints as of 2025-11-18 (0f989254)
- client-connect: This release added support for ring timer configuration for campaign calls. (ae3d7600)
- client-cloudwatch-logs: CloudWatch Logs updates: Added capability to setup a recurring schedule for log insights queries. Logs introduced Scheduled Queries (managed through Create/Update/Get/Delete/List/History Scheduled Query APIs). For more information, see CloudWatch Logs API documentation. (467947d4)
- client-wafv2: AssociateWebACL, UpdateWebACL and PutLoggingConfiguration will now throw WAFFeatureNotIncludedInPricingPlanException when the request contains a feature that is not included in the CloudFront pricing plan of the WebACL. (6da7a3db)
- client-storage-gateway: Adds support for European Sovereign Cloud ARNs in Storage Gateway API parameters. (c7dd6fd7)
- client-cloudformation: New CloudFormation DescribeEvents API with operation ID tracking and failure filtering capabilities to quickly identify root causes of deployment failures. Also, a DeploymentMode parameter for the CreateChangeSet API that enables creation of drift-aware change sets for safe drift management. (04624df2)
- client-kafka: Amazon MSK adds three new APIs, ListTopics, DescribeTopic, and DescribeTopicPartitions for viewing Kafka topics in your MSK clusters. (12ad701d)
- client-backup: AWS Backup now supports a low-cost warm storage tier for Amazon S3 backup data. (0b0c9b8f)
- client-iam: Added the AssociateDelegationRequest, GetDelegationRequest, AcceptDelegationRequest, RejectDelegatonRequest, ListDelegationRequests, UpdateDelegationRequest, SendDelegationToken and GetHumanReadableSummary APIs for the IAM temporary delegation feature. (b200679b)
- client-resource-groups-tagging-api: Add support for new ListRequiredTags API used to retrieve the required tags specified in a customer's effective tag policy. (fa505515)
- client-ec2: AWS Site-to-Site VPN now supports VPN Concentrator, a new feature that enables customers to connect multiple low-bandwidth sites connections through a single attachment, simplifying multi-site connectivity for distributed enterprises. (b94cadfd)
- client-bedrock-runtime: Amazon Bedrock Runtime Service Tier Support Launch (ea418df5)
- client-auto-scaling: This release adds the new LaunchInstances API, which can launch instances synchronously in an AutoScaling group. The API also returns instances info and launch error back immediately. (5d96b688)
- core/protocols: add json rpc perf baseline (#7505) (114920c6)
-
3.933.0 - 2025-11-17
- middleware-recursion-detection: upgrade aws/lambda-invoke-store to 0.2.0 (#7506) (7454bd81)
- clients: update client endpoints as of 2025-11-17 (a9869e99)
- client-bedrock: Automated Reasoning checks in Amazon Bedrock Guardrails now automatically generate Q&A tests for new Automated Reasoning policies. The GetAutomatedReasoningPolicyBuildWorkflowResultAssets API adds GENERATED_TEST_CASES asset type, allowing customers to retrieve tests generated by the build workflow. (0e347c45)
- client-database-migration-service: This release introduces the SAP ASE(Sybase) Data Provider for AWS Data Migration Service (DMS). In addition, DMS Schema Conversion now supports this provider, enabling customers to migrate SAP ASE(Sybase) databases to Amazon RDS for PostgreSQL or Aurora PostgreSQL seamlessly. (c44cfad0)
- client-mwaa-serverless: Amazon MWAA now offers serverless deployment, eliminating operational overhead while optimizing costs. The service supports YAML and Python-based workflows, with 80+ AWS Operators. It provides isolated execution, IAM permissions, and automatic scaling with pay-per-use pricing. (53dbffc3)
- client-device-farm: This release adds support for interacting with devices during a remote access session using the remoteDriverEndpoint interface (574b1897)
- client-ec2: This release introduces new APIs: DescribeInstanceSqlHaStates, DescribeInstanceSqlHaHistoryStates, EnableInstanceSqlHaStandbyDetections and DisableInstanceSqlHaStandbyDetections on Amazon EC2, allowing customers to enroll and monitor SQL Server licensing fee savings for their SQL HA EC2 instances. (c0076d8e)
- client-appstream: Adding support for additional instances and extended storage (ec6111c8)
- client-route53resolver: Adding DICTIONARY_DGA to dns-threat-protection as a new enum type. Customers can now set rules for dictionary dga protection (adec304c)
- client-medialive: Adds configurations for spatial/temporal adaptive quantization in AV1 codec, and conversion to HLG output color space in H265 codec. (d994f74e)
- client-opensearch: This release adds index operation APIs to support Automatic Semantic Enrichment feature (8e96aa9a)
- client-backup: AWS Backup now supports specifying a logically air-gapped backup vault as a primary backup target in backup plans and on-demand backup jobs. (8223f6d1)
- client-guardduty: Add S3 On-Demand Object Scanning (0d0b1aea)
- client-pcs: Added support for the managed Slurm REST API endpoint (2557db0f)
- client-lex-models-v2: Adds support for LLM as Primary, allowing usage of LLMs as the default NLU system. (f2bcb725)
- client-mediapackagev2: Add support for SCTE messages in Segment file output (67d2919f)
- client-glue: Amazon Glue Releasing 2 the new API ListIntegrationResourceProperties and DeleteIntegrationResourceProperty along with minor improvement on existing API(s). (266572c5)
- client-elastictranscoder: remove tests (#7508) (089081ad)
-
3.932.0 - 2025-11-14
-
3.931.0 - 2025-11-13
-
3.930.0 - 2025-11-12
-
3.929.0 - 2025-11-11
-
3.928.0 - 2025-11-10
-
3.927.0 - 2025-11-07
-
3.926.0 - 2025-11-06
-
3.925.0 - 2025-11-05
-
3.922.0 - 2025-10-31
-
3.921.0 - 2025-10-30
-
3.920.0 - 2025-10-29
-
3.919.0 - 2025-10-28
-
3.918.0 - 2025-10-27
-
3.917.0 - 2025-10-24
-
3.916.0 - 2025-10-23
-
3.914.0 - 2025-10-21
-
3.913.0 - 2025-10-17
-
3.911.0 - 2025-10-15
-
3.910.0 - 2025-10-14
-
3.908.0 - 2025-10-10
-
3.907.0 - 2025-10-09
-
3.906.0 - 2025-10-08
-
3.901.0 - 2025-10-01
-
3.899.0 - 2025-09-29
-
3.896.0 - 2025-09-24
-
3.895.0 - 2025-09-23
-
3.894.0 - 2025-09-22
-
3.893.0 - 2025-09-19
-
3.892.0 - 2025-09-18
-
3.891.0 - 2025-09-17
-
3.890.0 - 2025-09-16
-
3.888.0 - 2025-09-12
-
3.887.0 - 2025-09-11
-
3.886.0 - 2025-09-10
-
3.884.0 - 2025-09-08
-
3.883.0 - 2025-09-05
-
3.882.0 - 2025-09-04
-
3.879.0 - 2025-08-29
-
3.878.0 - 2025-08-28
-
3.876.0 - 2025-08-26
-
3.873.0 - 2025-08-21
-
3.872.0 - 2025-08-20
-
3.864.0 - 2025-08-08
-
3.863.0 - 2025-08-07
-
3.862.0 - 2025-08-06
-
3.859.0 - 2025-08-01
-
3.858.0 - 2025-07-31
-
3.857.0 - 2025-07-30
-
3.856.0 - 2025-07-29
-
3.855.0 - 2025-07-28
-
3.850.0 - 2025-07-21
-
3.848.0 - 2025-07-17
-
3.846.0 - 2025-07-16
-
3.845.0 - 2025-07-15
-
3.844.0 - 2025-07-09
-
3.842.0 - 2025-07-02
-
3.840.0 - 2025-06-30
-
3.839.0 - 2025-06-27
-
3.837.0 - 2025-06-25
-
3.835.0 - 2025-06-23
-
3.832.0 - 2025-06-18
-
3.830.0 - 2025-06-16
-
3.828.0 - 2025-06-11
-
3.826.0 - 2025-06-06
from @aws-sdk/client-s3 GitHub release notes3.940.0(2025-11-25)
New Features
Bug Fixes
Tests
For list of updated packages, view updated-packages.md in assets-3.940.0.zip
3.939.0(2025-11-24)
Chores
New Features
Bug Fixes
Tests
For list of updated packages, view updated-packages.md in assets-3.939.0.zip
3.937.0(2025-11-20)
Chores
Documentation Changes
New Features
For list of updated packages, view updated-packages.md in assets-3.937.0.zip
3.936.0(2025-11-19)
New Features
For list of updated packages, view updated-packages.md in assets-3.936.0.zip
3.935.0(2025-11-19)
Chores
New Features
For list of updated packages, view updated-packages.md in assets-3.935.0.zip
3.934.0(2025-11-18)
New Features
Tests
For list of updated packages, view updated-packages.md in assets-3.934.0.zip
3.933.0(2025-11-17)
Chores
New Features
Tests
For list of updated packages, view updated-packages.md in assets-3.933.0.zip
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information: