Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

filter data is safe for tarfile extractall #1111

Merged

Conversation

etienneschalk
Copy link
Contributor

@etienneschalk etienneschalk commented Feb 22, 2024

Related to issue #1038

Currently the following line: tarfile.extractall(path=some_path, filter="data") raises an error. See comment #1038 (comment)

However, this should be safe according to comment #1038 (comment)

This PR does not attempt to fix issue #1038, but starts by making the line aforementioned legal. If filter="data" is detected, the rule is early exited.

cc @mattiasb

Closes: #1025

Copy link
Member

@ericwb ericwb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks mostly good. We should also consider adding TarFile.extract() as it is also vulnerable. But that doesn't need to be part of this PR.

tests/functional/test_functional.py Outdated Show resolved Hide resolved
bandit/plugins/tarfile_unsafe_members.py Outdated Show resolved Hide resolved
@etienneschalk etienneschalk force-pushed the eschalk/issue-1038-tarfile_unsafe_members branch from bc86707 to 349a344 Compare February 27, 2024 07:00
@etienneschalk
Copy link
Contributor Author

etienneschalk commented Feb 27, 2024

Hello, thanks for your review!
I removed the diff noise from formatting and rebased / squashed the commits.

To test locally I used

bandit tests/functional/test_functional.py 

Copy link
Member

@ericwb ericwb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you also add to the docstring:

.. versionchanged:: 1.7.8
    Added check for filter parameter

Copy link
Member

@ericwb ericwb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ericwb ericwb merged commit c8d5f77 into PyCQA:main Feb 27, 2024
13 checks passed
chouinar referenced this pull request in HHS/simpler-grants-gov Mar 12, 2024
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [APIFlask](https://apiflask.com)
([source](https://togithub.com/apiflask/apiflask),
[changelog](https://apiflask.com/changelog)) | `2.1.0` -> `2.1.1` |
[![age](https://developer.mend.io/api/mc/badges/age/pypi/APIFlask/2.1.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/APIFlask/2.1.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/APIFlask/2.1.0/2.1.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/APIFlask/2.1.0/2.1.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [SQLAlchemy](https://www.sqlalchemy.org)
([changelog](https://docs.sqlalchemy.org/en/latest/changelog/)) |
`2.0.27` -> `2.0.28` |
[![age](https://developer.mend.io/api/mc/badges/age/pypi/SQLAlchemy/2.0.28?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/SQLAlchemy/2.0.28?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/SQLAlchemy/2.0.27/2.0.28?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/SQLAlchemy/2.0.27/2.0.28?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [bandit](https://bandit.readthedocs.io/)
([source](https://togithub.com/PyCQA/bandit),
[changelog](https://togithub.com/PyCQA/bandit/releases)) | `1.7.7` ->
`1.7.8` |
[![age](https://developer.mend.io/api/mc/badges/age/pypi/bandit/1.7.8?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/bandit/1.7.8?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/bandit/1.7.7/1.7.8?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/bandit/1.7.7/1.7.8?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [boto3](https://togithub.com/boto/boto3) | `1.34.50` -> `1.34.60` |
[![age](https://developer.mend.io/api/mc/badges/age/pypi/boto3/1.34.60?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/boto3/1.34.60?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/boto3/1.34.50/1.34.60?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/boto3/1.34.50/1.34.60?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [botocore](https://togithub.com/boto/botocore) | `1.34.50` ->
`1.34.60` |
[![age](https://developer.mend.io/api/mc/badges/age/pypi/botocore/1.34.60?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/botocore/1.34.60?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/botocore/1.34.50/1.34.60?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/botocore/1.34.50/1.34.60?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [marshmallow](https://togithub.com/marshmallow-code/marshmallow)
([changelog](https://marshmallow.readthedocs.io/en/latest/changelog.html))
| `3.21.0` -> `3.21.1` |
[![age](https://developer.mend.io/api/mc/badges/age/pypi/marshmallow/3.21.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/marshmallow/3.21.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/marshmallow/3.21.0/3.21.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/marshmallow/3.21.0/3.21.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [mypy](https://www.mypy-lang.org/)
([source](https://togithub.com/python/mypy),
[changelog](https://mypy-lang.blogspot.com/)) | `1.8.0` -> `1.9.0` |
[![age](https://developer.mend.io/api/mc/badges/age/pypi/mypy/1.9.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/mypy/1.9.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/mypy/1.8.0/1.9.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/mypy/1.8.0/1.9.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [pydantic](https://togithub.com/pydantic/pydantic)
([changelog](https://docs.pydantic.dev/latest/changelog/)) | `2.6.2` ->
`2.6.4` |
[![age](https://developer.mend.io/api/mc/badges/age/pypi/pydantic/2.6.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/pydantic/2.6.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/pydantic/2.6.2/2.6.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/pydantic/2.6.2/2.6.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

---

### Release Notes

<details>
<summary>apiflask/apiflask (APIFlask)</summary>

###
[`v2.1.1`](https://togithub.com/apiflask/apiflask/blob/HEAD/CHANGES.md#Version-211)

[Compare
Source](https://togithub.com/apiflask/apiflask/compare/2.1.0...2.1.1)

Released: 2024/3/10

- Reuse the `File`, `Config` field, and file-related validators from
flask-marshmallow ([issue #&#8203;540][issue_540]).
- Add support for a `--quiet` option to the `flask spec` command ([issue
#&#8203;548][issue_548]).
- Fix the `flask spec` command for validators operating on complex data
types ([issue #&#8203;547][issue_547]).

[issue_540]: https://togithub.com/apiflask/apiflask/issues/540

[issue_548]: https://togithub.com/apiflask/apiflask/issues/548

[issue_547]: https://togithub.com/apiflask/apiflask/issues/547

</details>

<details>
<summary>PyCQA/bandit (bandit)</summary>

### [`v1.7.8`](https://togithub.com/PyCQA/bandit/releases/tag/1.7.8)

[Compare
Source](https://togithub.com/PyCQA/bandit/compare/1.7.7...1.7.8)

#### What's Changed

- Incorrect tag naming in readme by
[@&#8203;lukehinds](https://togithub.com/lukehinds) in
[https://github.com/PyCQA/bandit/pull/1105](https://togithub.com/PyCQA/bandit/pull/1105)
- Utilize PyPI's trusted publishing by
[@&#8203;ericwb](https://togithub.com/ericwb) in
[https://github.com/PyCQA/bandit/pull/1107](https://togithub.com/PyCQA/bandit/pull/1107)
- Bump sigstore/cosign-installer from 3.3.0 to 3.4.0 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/PyCQA/bandit/pull/1109](https://togithub.com/PyCQA/bandit/pull/1109)
- Add 1.7.7 to versions of bug template by
[@&#8203;ericwb](https://togithub.com/ericwb) in
[https://github.com/PyCQA/bandit/pull/1110](https://togithub.com/PyCQA/bandit/pull/1110)
- Use datetime to avoid updating copyright year by
[@&#8203;ericwb](https://togithub.com/ericwb) in
[https://github.com/PyCQA/bandit/pull/1112](https://togithub.com/PyCQA/bandit/pull/1112)
- filter data is safe for tarfile extractall by
[@&#8203;etienneschalk](https://togithub.com/etienneschalk) in
[https://github.com/PyCQA/bandit/pull/1111](https://togithub.com/PyCQA/bandit/pull/1111)
- Bump docker/setup-buildx-action from 3.0.0 to 3.1.0 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/PyCQA/bandit/pull/1115](https://togithub.com/PyCQA/bandit/pull/1115)
- \[B605] Add functions that are vulnerable to shell injection. by
[@&#8203;shihai1991](https://togithub.com/shihai1991) in
[https://github.com/PyCQA/bandit/pull/1116](https://togithub.com/PyCQA/bandit/pull/1116)
- Add a SARIF output formatter by
[@&#8203;ericwb](https://togithub.com/ericwb) in
[https://github.com/PyCQA/bandit/pull/1113](https://togithub.com/PyCQA/bandit/pull/1113)

#### New Contributors

- [@&#8203;etienneschalk](https://togithub.com/etienneschalk) made their
first contribution in
[https://github.com/PyCQA/bandit/pull/1111](https://togithub.com/PyCQA/bandit/pull/1111)
- [@&#8203;shihai1991](https://togithub.com/shihai1991) made their first
contribution in
[https://github.com/PyCQA/bandit/pull/1116](https://togithub.com/PyCQA/bandit/pull/1116)

**Full Changelog**:
PyCQA/bandit@1.7.7...1.7.8

</details>

<details>
<summary>boto/boto3 (boto3)</summary>

###
[`v1.34.60`](https://togithub.com/boto/boto3/blob/HEAD/CHANGELOG.rst#13460)

[Compare
Source](https://togithub.com/boto/boto3/compare/1.34.59...1.34.60)

\=======

- api-change:`codestar-connections`: \[`botocore`] Added a sync
configuration enum to disable publishing of deployment status to source
providers (PublishDeploymentStatus). Added a sync configuration enum
(TriggerStackUpdateOn) to only trigger changes.
- api-change:`elasticache`: \[`botocore`] Revisions to API text that are
now to be carried over to SDK text, changing usages of "SFO" in code
examples to "us-west-1", and some other typos.
- api-change:`mediapackagev2`: \[`botocore`] This release enables
customers to safely update their MediaPackage v2 channel groups,
channels and origin endpoints using entity tags.

###
[`v1.34.59`](https://togithub.com/boto/boto3/blob/HEAD/CHANGELOG.rst#13459)

[Compare
Source](https://togithub.com/boto/boto3/compare/1.34.58...1.34.59)

\=======

- api-change:`batch`: \[`botocore`] This release adds
JobStateTimeLimitActions setting to the Job Queue API. It allows you to
configure an action Batch can take for a blocking job in front of the
queue after the defined period of time. The new parameter applies for
ECS, EKS, and FARGATE Job Queues.
- api-change:`bedrock-agent-runtime`: \[`botocore`] Documentation update
for Bedrock Runtime Agent
- api-change:`cloudtrail`: \[`botocore`] Added exceptions to
CreateTrail, DescribeTrails, and ListImportFailures APIs.
- api-change:`codebuild`: \[`botocore`] This release adds support for a
new webhook event: PULL_REQUEST_CLOSED.
- api-change:`cognito-idp`: \[`botocore`] Add
ConcurrentModificationException to SetUserPoolMfaConfig
- api-change:`guardduty`: \[`botocore`] Add RDS Provisioned and
Serverless Usage types
- api-change:`transfer`: \[`botocore`] Added DES_EDE3\_CBC to the list
of supported encryption algorithms for messages sent with an AS2
connector.

###
[`v1.34.58`](https://togithub.com/boto/boto3/blob/HEAD/CHANGELOG.rst#13458)

[Compare
Source](https://togithub.com/boto/boto3/compare/1.34.57...1.34.58)

\=======

- api-change:`appconfig`: \[`botocore`] AWS AppConfig now supports
dynamic parameters, which enhance the functionality of AppConfig
Extensions by allowing you to provide parameter values to your
Extensions at the time you deploy your configuration.
- api-change:`ec2`: \[`botocore`] This release adds an optional
parameter to RegisterImage and CopyImage APIs to support tagging AMIs at
the time of creation.
- api-change:`grafana`: \[`botocore`] Adds support for the new
GrafanaToken as part of the Amazon Managed Grafana Enterprise plugins
upgrade to associate your AWS account with a Grafana Labs account.
- api-change:`lambda`: \[`botocore`] Documentation updates for AWS
Lambda
- api-change:`payment-cryptography-data`: \[`botocore`] AWS Payment
Cryptography EMV Decrypt Feature Release
- api-change:`rds`: \[`botocore`] Updates Amazon RDS documentation for
io2 storage for Multi-AZ DB clusters
- api-change:`snowball`: \[`botocore`] Doc-only update for change to
EKS-Anywhere ordering.
- api-change:`wafv2`: \[`botocore`] You can increase the max request
body inspection size for some regional resources. The size setting is in
the web ACL association config. Also, the
AWSManagedRulesBotControlRuleSet EnableMachineLearning setting now takes
a Boolean instead of a primitive boolean type, for languages like Java.
- api-change:`workspaces`: \[`botocore`] Added note for user decoupling

###
[`v1.34.57`](https://togithub.com/boto/boto3/blob/HEAD/CHANGELOG.rst#13457)

[Compare
Source](https://togithub.com/boto/boto3/compare/1.34.56...1.34.57)

\=======

- api-change:`dynamodb`: \[`botocore`] Doc only updates for DynamoDB
documentation
- api-change:`imagebuilder`: \[`botocore`] Add PENDING status to
Lifecycle Execution resource status. Add StartTime and EndTime to
ListLifecycleExecutionResource API response.
- api-change:`mwaa`: \[`botocore`] Amazon MWAA adds support for Apache
Airflow v2.8.1.
- api-change:`rds`: \[`botocore`] Updated the input of CreateDBCluster
and ModifyDBCluster to support setting CA certificates. Updated the
output of DescribeDBCluster to show current CA certificate setting
value.
- api-change:`redshift`: \[`botocore`] Update for documentation only.
Covers port ranges, definition updates for data sharing, and definition
updates to cluster-snapshot documentation.
- api-change:`verifiedpermissions`: \[`botocore`] Deprecating details in
favor of configuration for GetIdentitySource and ListIdentitySources
APIs.

###
[`v1.34.56`](https://togithub.com/boto/boto3/blob/HEAD/CHANGELOG.rst#13456)

[Compare
Source](https://togithub.com/boto/boto3/compare/1.34.55...1.34.56)

\=======

- api-change:`apigateway`: \[`botocore`] Documentation updates for
Amazon API Gateway
-   api-change:`chatbot`: \[`botocore`] Minor update to documentation.
- api-change:`organizations`: \[`botocore`] This release contains an
endpoint addition
- api-change:`sesv2`: \[`botocore`] Adds support for providing custom
headers within SendEmail and SendBulkEmail for SESv2.

###
[`v1.34.55`](https://togithub.com/boto/boto3/blob/HEAD/CHANGELOG.rst#13455)

[Compare
Source](https://togithub.com/boto/boto3/compare/1.34.54...1.34.55)

\=======

- api-change:`cloudformation`: \[`botocore`] Add DetailedStatus field to
DescribeStackEvents and DescribeStacks APIs
- api-change:`fsx`: \[`botocore`] Added support for creating FSx for
NetApp ONTAP file systems with up to 12 HA pairs, delivering up to 72
GB/s of read throughput and 12 GB/s of write throughput.
- api-change:`organizations`: \[`botocore`] Documentation update for AWS
Organizations

###
[`v1.34.54`](https://togithub.com/boto/boto3/blob/HEAD/CHANGELOG.rst#13454)

[Compare
Source](https://togithub.com/boto/boto3/compare/1.34.53...1.34.54)

\=======

- api-change:`accessanalyzer`: \[`botocore`] Fixed a typo in description
field.
- api-change:`autoscaling`: \[`botocore`] With this release, Amazon EC2
Auto Scaling groups, EC2 Fleet, and Spot Fleet improve the default price
protection behavior of attribute-based instance type selection of Spot
Instances, to consistently select from a wide range of instance types.
- api-change:`ec2`: \[`botocore`] With this release, Amazon EC2 Auto
Scaling groups, EC2 Fleet, and Spot Fleet improve the default price
protection behavior of attribute-based instance type selection of Spot
Instances, to consistently select from a wide range of instance types.

###
[`v1.34.53`](https://togithub.com/boto/boto3/blob/HEAD/CHANGELOG.rst#13453)

[Compare
Source](https://togithub.com/boto/boto3/compare/1.34.52...1.34.53)

\=======

- api-change:`docdb-elastic`: \[`botocore`] Launched Elastic Clusters
Readable Secondaries, Start/Stop, Configurable Shard Instance count,
Automatic Backups and Snapshot Copying
- api-change:`eks`: \[`botocore`] Added support for new AL2023 AMIs to
the supported AMITypes.
- api-change:`lexv2-models`: \[`botocore`] This release makes
AMAZON.QnAIntent generally available in Amazon Lex. This generative AI
feature leverages large language models available through Amazon Bedrock
to automate frequently asked questions (FAQ) experience for end-users.
- api-change:`migrationhuborchestrator`: \[`botocore`] Adds new
CreateTemplate, UpdateTemplate and DeleteTemplate APIs.
- api-change:`quicksight`: \[`botocore`] TooltipTarget for Combo chart
visuals; ColumnConfiguration limit increase to 2000; Documentation
Update
- api-change:`sagemaker`: \[`botocore`] Adds support for ModelDataSource
in Model Packages to support unzipped models. Adds support to specify
SourceUri for models which allows registration of models without
mandating a container for hosting. Using SourceUri, customers can
decouple the model from hosting information during registration.
- api-change:`securitylake`: \[`botocore`] Add capability to update the
Data Lake's MetaStoreManager Role in order to perform required data lake
updates to use Iceberg table format in their data lake or update the
role for any other reason.

###
[`v1.34.52`](https://togithub.com/boto/boto3/blob/HEAD/CHANGELOG.rst#13452)

[Compare
Source](https://togithub.com/boto/boto3/compare/1.34.51...1.34.52)

\=======

- api-change:`batch`: \[`botocore`] This release adds Batch support for
configuration of multicontainer jobs in ECS, Fargate, and EKS. This
support is available for all types of jobs, including both array jobs
and multi-node parallel jobs.
- api-change:`bedrock-agent-runtime`: \[`botocore`] This release adds
support to override search strategy performed by the Retrieve and
RetrieveAndGenerate APIs for Amazon Bedrock Agents
- api-change:`ce`: \[`botocore`] This release introduces the new API
'GetApproximateUsageRecords', which retrieves estimated usage records
for hourly granularity or resource-level data at daily granularity.
- api-change:`ec2`: \[`botocore`] This release increases the range of
MaxResults for GetNetworkInsightsAccessScopeAnalysisFindings to 1,000.
- api-change:`iot`: \[`botocore`] This release reduces the maximum
results returned per query invocation from 500 to 100 for the
SearchIndex API. This change has no implications as long as the API is
invoked until the nextToken is NULL.
- api-change:`wafv2`: \[`botocore`] AWS WAF now supports configurable
time windows for request aggregation with rate-based rules. Customers
can now select time windows of 1 minute, 2 minutes or 10 minutes, in
addition to the previously supported 5 minutes.

###
[`v1.34.51`](https://togithub.com/boto/boto3/blob/HEAD/CHANGELOG.rst#13451)

[Compare
Source](https://togithub.com/boto/boto3/compare/1.34.50...1.34.51)

\=======

- api-change:`amplifyuibuilder`: \[`botocore`] We have added the ability
to tag resources after they are created

</details>

<details>
<summary>boto/botocore (botocore)</summary>

###
[`v1.34.60`](https://togithub.com/boto/botocore/blob/HEAD/CHANGELOG.rst#13460)

[Compare
Source](https://togithub.com/boto/botocore/compare/1.34.59...1.34.60)

\=======

- api-change:`codestar-connections`: Added a sync configuration enum to
disable publishing of deployment status to source providers
(PublishDeploymentStatus). Added a sync configuration enum
(TriggerStackUpdateOn) to only trigger changes.
- api-change:`elasticache`: Revisions to API text that are now to be
carried over to SDK text, changing usages of "SFO" in code examples to
"us-west-1", and some other typos.
- api-change:`mediapackagev2`: This release enables customers to safely
update their MediaPackage v2 channel groups, channels and origin
endpoints using entity tags.

###
[`v1.34.59`](https://togithub.com/boto/botocore/blob/HEAD/CHANGELOG.rst#13459)

[Compare
Source](https://togithub.com/boto/botocore/compare/1.34.58...1.34.59)

\=======

- api-change:`batch`: This release adds JobStateTimeLimitActions setting
to the Job Queue API. It allows you to configure an action Batch can
take for a blocking job in front of the queue after the defined period
of time. The new parameter applies for ECS, EKS, and FARGATE Job Queues.
- api-change:`bedrock-agent-runtime`: Documentation update for Bedrock
Runtime Agent
- api-change:`cloudtrail`: Added exceptions to CreateTrail,
DescribeTrails, and ListImportFailures APIs.
- api-change:`codebuild`: This release adds support for a new webhook
event: PULL_REQUEST_CLOSED.
- api-change:`cognito-idp`: Add ConcurrentModificationException to
SetUserPoolMfaConfig
- api-change:`guardduty`: Add RDS Provisioned and Serverless Usage types
- api-change:`transfer`: Added DES_EDE3\_CBC to the list of supported
encryption algorithms for messages sent with an AS2 connector.

###
[`v1.34.58`](https://togithub.com/boto/botocore/blob/HEAD/CHANGELOG.rst#13458)

[Compare
Source](https://togithub.com/boto/botocore/compare/1.34.57...1.34.58)

\=======

- api-change:`appconfig`: AWS AppConfig now supports dynamic parameters,
which enhance the functionality of AppConfig Extensions by allowing you
to provide parameter values to your Extensions at the time you deploy
your configuration.
- api-change:`ec2`: This release adds an optional parameter to
RegisterImage and CopyImage APIs to support tagging AMIs at the time of
creation.
- api-change:`grafana`: Adds support for the new GrafanaToken as part of
the Amazon Managed Grafana Enterprise plugins upgrade to associate your
AWS account with a Grafana Labs account.
-   api-change:`lambda`: Documentation updates for AWS Lambda
- api-change:`payment-cryptography-data`: AWS Payment Cryptography EMV
Decrypt Feature Release
- api-change:`rds`: Updates Amazon RDS documentation for io2 storage for
Multi-AZ DB clusters
- api-change:`snowball`: Doc-only update for change to EKS-Anywhere
ordering.
- api-change:`wafv2`: You can increase the max request body inspection
size for some regional resources. The size setting is in the web ACL
association config. Also, the AWSManagedRulesBotControlRuleSet
EnableMachineLearning setting now takes a Boolean instead of a primitive
boolean type, for languages like Java.
-   api-change:`workspaces`: Added note for user decoupling

###
[`v1.34.57`](https://togithub.com/boto/botocore/blob/HEAD/CHANGELOG.rst#13457)

[Compare
Source](https://togithub.com/boto/botocore/compare/1.34.56...1.34.57)

\=======

-   api-change:`dynamodb`: Doc only updates for DynamoDB documentation
- api-change:`imagebuilder`: Add PENDING status to Lifecycle Execution
resource status. Add StartTime and EndTime to
ListLifecycleExecutionResource API response.
- api-change:`mwaa`: Amazon MWAA adds support for Apache Airflow v2.8.1.
- api-change:`rds`: Updated the input of CreateDBCluster and
ModifyDBCluster to support setting CA certificates. Updated the output
of DescribeDBCluster to show current CA certificate setting value.
- api-change:`redshift`: Update for documentation only. Covers port
ranges, definition updates for data sharing, and definition updates to
cluster-snapshot documentation.
- api-change:`verifiedpermissions`: Deprecating details in favor of
configuration for GetIdentitySource and ListIdentitySources APIs.

###
[`v1.34.56`](https://togithub.com/boto/botocore/blob/HEAD/CHANGELOG.rst#13456)

[Compare
Source](https://togithub.com/boto/botocore/compare/1.34.55...1.34.56)

\=======

- api-change:`apigateway`: Documentation updates for Amazon API Gateway
-   api-change:`chatbot`: Minor update to documentation.
- api-change:`organizations`: This release contains an endpoint addition
- api-change:`sesv2`: Adds support for providing custom headers within
SendEmail and SendBulkEmail for SESv2.

###
[`v1.34.55`](https://togithub.com/boto/botocore/blob/HEAD/CHANGELOG.rst#13455)

[Compare
Source](https://togithub.com/boto/botocore/compare/1.34.54...1.34.55)

\=======

- api-change:`cloudformation`: Add DetailedStatus field to
DescribeStackEvents and DescribeStacks APIs
- api-change:`fsx`: Added support for creating FSx for NetApp ONTAP file
systems with up to 12 HA pairs, delivering up to 72 GB/s of read
throughput and 12 GB/s of write throughput.
- api-change:`organizations`: Documentation update for AWS Organizations

###
[`v1.34.54`](https://togithub.com/boto/botocore/blob/HEAD/CHANGELOG.rst#13454)

[Compare
Source](https://togithub.com/boto/botocore/compare/1.34.53...1.34.54)

\=======

-   api-change:`accessanalyzer`: Fixed a typo in description field.
- api-change:`autoscaling`: With this release, Amazon EC2 Auto Scaling
groups, EC2 Fleet, and Spot Fleet improve the default price protection
behavior of attribute-based instance type selection of Spot Instances,
to consistently select from a wide range of instance types.
- api-change:`ec2`: With this release, Amazon EC2 Auto Scaling groups,
EC2 Fleet, and Spot Fleet improve the default price protection behavior
of attribute-based instance type selection of Spot Instances, to
consistently select from a wide range of instance types.

###
[`v1.34.53`](https://togithub.com/boto/botocore/blob/HEAD/CHANGELOG.rst#13453)

[Compare
Source](https://togithub.com/boto/botocore/compare/1.34.52...1.34.53)

\=======

- api-change:`docdb-elastic`: Launched Elastic Clusters Readable
Secondaries, Start/Stop, Configurable Shard Instance count, Automatic
Backups and Snapshot Copying
- api-change:`eks`: Added support for new AL2023 AMIs to the supported
AMITypes.
- api-change:`lexv2-models`: This release makes AMAZON.QnAIntent
generally available in Amazon Lex. This generative AI feature leverages
large language models available through Amazon Bedrock to automate
frequently asked questions (FAQ) experience for end-users.
- api-change:`migrationhuborchestrator`: Adds new CreateTemplate,
UpdateTemplate and DeleteTemplate APIs.
- api-change:`quicksight`: TooltipTarget for Combo chart visuals;
ColumnConfiguration limit increase to 2000; Documentation Update
- api-change:`sagemaker`: Adds support for ModelDataSource in Model
Packages to support unzipped models. Adds support to specify SourceUri
for models which allows registration of models without mandating a
container for hosting. Using SourceUri, customers can decouple the model
from hosting information during registration.
- api-change:`securitylake`: Add capability to update the Data Lake's
MetaStoreManager Role in order to perform required data lake updates to
use Iceberg table format in their data lake or update the role for any
other reason.

###
[`v1.34.52`](https://togithub.com/boto/botocore/blob/HEAD/CHANGELOG.rst#13452)

[Compare
Source](https://togithub.com/boto/botocore/compare/1.34.51...1.34.52)

\=======

- api-change:`batch`: This release adds Batch support for configuration
of multicontainer jobs in ECS, Fargate, and EKS. This support is
available for all types of jobs, including both array jobs and
multi-node parallel jobs.
- api-change:`bedrock-agent-runtime`: This release adds support to
override search strategy performed by the Retrieve and
RetrieveAndGenerate APIs for Amazon Bedrock Agents
- api-change:`ce`: This release introduces the new API
'GetApproximateUsageRecords', which retrieves estimated usage records
for hourly granularity or resource-level data at daily granularity.
- api-change:`ec2`: This release increases the range of MaxResults for
GetNetworkInsightsAccessScopeAnalysisFindings to 1,000.
- api-change:`iot`: This release reduces the maximum results returned
per query invocation from 500 to 100 for the SearchIndex API. This
change has no implications as long as the API is invoked until the
nextToken is NULL.
- api-change:`wafv2`: AWS WAF now supports configurable time windows for
request aggregation with rate-based rules. Customers can now select time
windows of 1 minute, 2 minutes or 10 minutes, in addition to the
previously supported 5 minutes.

###
[`v1.34.51`](https://togithub.com/boto/botocore/blob/HEAD/CHANGELOG.rst#13451)

[Compare
Source](https://togithub.com/boto/botocore/compare/1.34.50...1.34.51)

\=======

- api-change:`amplifyuibuilder`: We have added the ability to tag
resources after they are created

</details>

<details>
<summary>marshmallow-code/marshmallow (marshmallow)</summary>

###
[`v3.21.1`](https://togithub.com/marshmallow-code/marshmallow/compare/3.21.0...3.21.1)

[Compare
Source](https://togithub.com/marshmallow-code/marshmallow/compare/3.21.0...3.21.1)

</details>

<details>
<summary>python/mypy (mypy)</summary>

### [`v1.9.0`](https://togithub.com/python/mypy/compare/v1.8.0...1.9.0)

[Compare
Source](https://togithub.com/python/mypy/compare/v1.8.0...1.9.0)

</details>

<details>
<summary>pydantic/pydantic (pydantic)</summary>

###
[`v2.6.4`](https://togithub.com/pydantic/pydantic/blob/HEAD/HISTORY.md#v264-2024-03-12)

[Compare
Source](https://togithub.com/pydantic/pydantic/compare/v2.6.3...v2.6.4)

[GitHub
release](https://togithub.com/pydantic/pydantic/releases/tag/v2.6.4)

##### What's Changed

##### Fixes

- Fix usage of `AliasGenerator` with `computed_field` decorator by
[@&#8203;sydney-runkle](https://togithub.com/sydney-runkle) in
[#&#8203;8806](https://togithub.com/pydantic/pydantic/pull/8806)
- Fix nested discriminated union schema gen, pt 2 by
[@&#8203;sydney-runkle](https://togithub.com/sydney-runkle) in
[#&#8203;8932](https://togithub.com/pydantic/pydantic/pull/8932)
- Fix bug with no_strict_optional=True caused by API deferral by
[@&#8203;dmontagu](https://togithub.com/dmontagu) in
[#&#8203;8826](https://togithub.com/pydantic/pydantic/pull/8826)

###
[`v2.6.3`](https://togithub.com/pydantic/pydantic/blob/HEAD/HISTORY.md#v263-2024-02-27)

[Compare
Source](https://togithub.com/pydantic/pydantic/compare/v2.6.2...v2.6.3)

[GitHub
release](https://togithub.com/pydantic/pydantic/releases/tag/v2.6.3)

##### What's Changed

##### Packaging

- Update `pydantic-settings` version in the docs by
[@&#8203;hramezani](https://togithub.com/hramezani) in
[#&#8203;8906](https://togithub.com/pydantic/pydantic/pull/8906)

##### Fixes

- Fix discriminated union schema gen bug by
[@&#8203;sydney-runkle](https://togithub.com/sydney-runkle) in
[#&#8203;8904](https://togithub.com/pydantic/pydantic/pull/8904)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "on the 2nd and 4th day instance on
sunday after 9pm" in timezone America/New_York, Automerge - At any time
(no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/HHS/simpler-grants-gov).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4yMzAuMCIsInVwZGF0ZWRJblZlciI6IjM3LjIzOC4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Michael Chouinard <chouinar6@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Python 3.12 adds further protection for tarfile module
2 participants