From 13507f121cdb531a63d9dae2f1e0860c8899ab31 Mon Sep 17 00:00:00 2001
From: William Quan <wiq@amazon.com>
Date: Wed, 27 Sep 2023 10:38:42 -0700
Subject: [PATCH 1/3] Updated version to v2.6.3, update changelog CVE links.

---
 CHANGELOG.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 55a8525..a780f62 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,9 @@
  ### Fixed
  - Added the bugfix to skip the processing of the workspaces in error state.
  - Updated all the package versions to resolve security vulnerabilities.
+ - Patch Certifi vulnerability. Removal of e-Tugra root certificate [CVE-2023-37920](https://github.com/advisories/GHSA-xqr8-7jwr-rhp7)
+ - Patch Requests vulnerability. Leaking Proxy-Authorization headers [CVE-2023-32681](https://nvd.nist.gov/vuln/detail/CVE-2023-32681)
+ - Patch aws-cdk-lib vulnerability. EKS overly permissive trust policies [CVE-2023-35165](https://nvd.nist.gov/vuln/detail/CVE-2023-35165)
  - Updated the docker base image to the python 3.11.
  - Updated all the lambda runtimes to python 3.11.
 

From fb948faab2d1a18de6f52c2a8649d2db79f08591 Mon Sep 17 00:00:00 2001
From: William Quan <wiq@amazon.com>
Date: Wed, 27 Sep 2023 12:42:16 -0700
Subject: [PATCH 2/3] Updated to version v2.6.3. Update CVE links in changelog

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index a780f62..122832a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -11,6 +11,7 @@
  - Patch Certifi vulnerability. Removal of e-Tugra root certificate [CVE-2023-37920](https://github.com/advisories/GHSA-xqr8-7jwr-rhp7)
  - Patch Requests vulnerability. Leaking Proxy-Authorization headers [CVE-2023-32681](https://nvd.nist.gov/vuln/detail/CVE-2023-32681)
  - Patch aws-cdk-lib vulnerability. EKS overly permissive trust policies [CVE-2023-35165](https://nvd.nist.gov/vuln/detail/CVE-2023-35165)
+ - Patch ECR base image vulnerabilities, fixing the following: [CVE-2023-2650](https://nvd.nist.gov/vuln/detail/CVE-2023-2650) [CVE-2022-29458](https://nvd.nist.gov/vuln/detail/CVE-2022-29458) [CVE-2022-3821](https://nvd.nist.gov/vuln/detail/CVE-2022-3821) [CVE-2023-0465](https://nvd.nist.gov/vuln/detail/CVE-2023-0465) [CVE-2022-4415](https://nvd.nist.gov/vuln/detail/CVE-2022-4415) [CVE-2023-0464](https://nvd.nist.gov/vuln/detail/CVE-2023-0464)
  - Updated the docker base image to the python 3.11.
  - Updated all the lambda runtimes to python 3.11.
 

From 8bc11a5ea46cdc8581e585d403545c780e95426a Mon Sep 17 00:00:00 2001
From: William Quan <wiq@amazon.com>
Date: Wed, 27 Sep 2023 12:43:04 -0700
Subject: [PATCH 3/3] Updated to version v2.6.3. Update CVE links in changelog

---
 CHANGELOG.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 122832a..dd276d5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -11,7 +11,7 @@
  - Patch Certifi vulnerability. Removal of e-Tugra root certificate [CVE-2023-37920](https://github.com/advisories/GHSA-xqr8-7jwr-rhp7)
  - Patch Requests vulnerability. Leaking Proxy-Authorization headers [CVE-2023-32681](https://nvd.nist.gov/vuln/detail/CVE-2023-32681)
  - Patch aws-cdk-lib vulnerability. EKS overly permissive trust policies [CVE-2023-35165](https://nvd.nist.gov/vuln/detail/CVE-2023-35165)
- - Patch ECR base image vulnerabilities, fixing the following: [CVE-2023-2650](https://nvd.nist.gov/vuln/detail/CVE-2023-2650) [CVE-2022-29458](https://nvd.nist.gov/vuln/detail/CVE-2022-29458) [CVE-2022-3821](https://nvd.nist.gov/vuln/detail/CVE-2022-3821) [CVE-2023-0465](https://nvd.nist.gov/vuln/detail/CVE-2023-0465) [CVE-2022-4415](https://nvd.nist.gov/vuln/detail/CVE-2022-4415) [CVE-2023-0464](https://nvd.nist.gov/vuln/detail/CVE-2023-0464)
+ - Patch ECR base image vulnerabilities, fixing the following: [CVE-2023-2650](https://nvd.nist.gov/vuln/detail/CVE-2023-2650) [CVE-2022-29458](https://nvd.nist.gov/vuln/detail/CVE-2022-29458) [CVE-2022-3821](https://nvd.nist.gov/vuln/detail/CVE-2022-3821) [CVE-2023-0465](https://nvd.nist.gov/vuln/detail/CVE-2023-0465) [CVE-2022-4415](https://nvd.nist.gov/vuln/detail/CVE-2022-4415) [CVE-2023-0464](https://nvd.nist.gov/vuln/detail/CVE-2023-0464) [CVE-2023-0466](https://nvd.nist.gov/vuln/detail/CVE-2023-0466)
  - Updated the docker base image to the python 3.11.
  - Updated all the lambda runtimes to python 3.11.