From e2a5cfb1f33eb09727cce49ba2e3348994ce2f0f Mon Sep 17 00:00:00 2001 From: Tyler Hendrickson <1851017+TylerHendrickson@users.noreply.github.com> Date: Mon, 25 Nov 2024 12:34:04 -0600 Subject: [PATCH 1/3] Reduce automation noise (#3766) * Exclude js/missing-rate-limiting CodeQL queries * Disable Dependabot updates for cloudposse/* and terraform-aws-modules/* --- .github/dependabot.yml | 16 ++++++++++++++++ .github/workflows/code-scanning.yml | 4 ++++ 2 files changed, 20 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 287cc1dcf..b63f5080f 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -30,6 +30,9 @@ updates: timezone: "America/New_York" commit-message: prefix: 'Chore [deps:terraform]' + ignore: + - dependency-name: cloudposse/* + - dependency-name: terraform-aws-modules/* # Dependabot can't inspect nested directories so we need to list all local modules individually. # TODO: Consider switching to Rennovate. - package-ecosystem: "terraform" @@ -40,6 +43,10 @@ updates: timezone: "America/New_York" commit-message: prefix: 'Chore [deps:terraform]' + ignore: + # These should be un-ignored if/when the Terraform AWS provider is updated to a more recent version + - dependency-name: cloudposse/* + - dependency-name: terraform-aws-modules/* - package-ecosystem: "terraform" directory: "/terraform/modules/gost_consume_grants" schedule: @@ -48,6 +55,9 @@ updates: timezone: "America/New_York" commit-message: prefix: 'Chore [deps:terraform]' + ignore: + - dependency-name: cloudposse/* + - dependency-name: terraform-aws-modules/* - package-ecosystem: "terraform" directory: "/terraform/modules/gost_website" schedule: @@ -56,6 +66,9 @@ updates: timezone: "America/New_York" commit-message: prefix: 'Chore [deps:terraform]' + ignore: + - dependency-name: cloudposse/* + - dependency-name: terraform-aws-modules/* - package-ecosystem: "terraform" directory: "/terraform/modules/gost_postgres" schedule: @@ -64,6 +77,9 @@ updates: timezone: "America/New_York" commit-message: prefix: 'Chore [deps:terraform]' + ignore: + - dependency-name: cloudposse/* + - dependency-name: terraform-aws-modules/* - package-ecosystem: "terraform" directory: "/terraform/modules/scheduled_ecs_task" schedule: diff --git a/.github/workflows/code-scanning.yml b/.github/workflows/code-scanning.yml index a0bd1d68e..1cc4f4c77 100644 --- a/.github/workflows/code-scanning.yml +++ b/.github/workflows/code-scanning.yml @@ -55,6 +55,10 @@ jobs: with: languages: javascript-typescript queries: security-extended,security-and-quality + config: | + query-filters: + - exclude: + id: js/missing-rate-limiting # We manage this in our infra - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@8e0b1c74b1d5a0077b04d064c76ee714d3da7637 # v2.14.6 with: From b3a29a2c4cc544421f02a0f122b5b19ae53095f0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 25 Nov 2024 18:42:26 +0000 Subject: [PATCH 2/3] Chore [deps:npm]: bump @aws-sdk/client-ses from 3.696.0 to 3.699.0 (#3769) Bumps [@aws-sdk/client-ses](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-ses) from 3.696.0 to 3.699.0. - [Release notes](https://github.com/aws/aws-sdk-js-v3/releases) - [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-ses/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.699.0/clients/client-ses) --- updated-dependencies: - dependency-name: "@aws-sdk/client-ses" dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- yarn.lock | 164 ++---------------------------------------------------- 1 file changed, 6 insertions(+), 158 deletions(-) diff --git a/yarn.lock b/yarn.lock index c9147064d..ec896d471 100644 --- a/yarn.lock +++ b/yarn.lock @@ -190,16 +190,16 @@ tslib "^2.6.2" "@aws-sdk/client-ses@^3.312.0": - version "3.696.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/client-ses/-/client-ses-3.696.0.tgz#43826d9825403d285f5e393f7f88b9996f4f4ce7" - integrity sha512-KyC/u+vorfLosRMZSAeBjeKY3gas1TbjqNhPaUUM3zK0YbtvZvifaS16D3gbzyVu6EVpzcFzZAXkCK709Jc8+g== + version "3.699.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/client-ses/-/client-ses-3.699.0.tgz#b48d9c8865877b7baa4b1a90cb3e4c2d59c0c5e0" + integrity sha512-prpkr2jnhD2KsinQMBdX2wvSpNxFm9d02EUR4L78yxjg2oppXmu/cBjWdlVrSkqqE2EYfcHo0JV2WmRZZC1VyQ== dependencies: "@aws-crypto/sha256-browser" "5.2.0" "@aws-crypto/sha256-js" "5.2.0" - "@aws-sdk/client-sso-oidc" "3.696.0" - "@aws-sdk/client-sts" "3.696.0" + "@aws-sdk/client-sso-oidc" "3.699.0" + "@aws-sdk/client-sts" "3.699.0" "@aws-sdk/core" "3.696.0" - "@aws-sdk/credential-provider-node" "3.696.0" + "@aws-sdk/credential-provider-node" "3.699.0" "@aws-sdk/middleware-host-header" "3.696.0" "@aws-sdk/middleware-logger" "3.696.0" "@aws-sdk/middleware-recursion-detection" "3.696.0" @@ -286,51 +286,6 @@ "@smithy/util-utf8" "^3.0.0" tslib "^2.6.2" -"@aws-sdk/client-sso-oidc@3.696.0": - version "3.696.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.696.0.tgz#b6a92ae876d3fdaa986bd70bbb329dcbcd12ea2b" - integrity sha512-ikxQ3mo86d1mAq5zTaQAh8rLBERwL+I4MUYu/IVYW2hhl9J2SDsl0SgnKeXQG6S8zWuHcBO587zsZaRta1MQ/g== - dependencies: - "@aws-crypto/sha256-browser" "5.2.0" - "@aws-crypto/sha256-js" "5.2.0" - "@aws-sdk/core" "3.696.0" - "@aws-sdk/credential-provider-node" "3.696.0" - "@aws-sdk/middleware-host-header" "3.696.0" - "@aws-sdk/middleware-logger" "3.696.0" - "@aws-sdk/middleware-recursion-detection" "3.696.0" - "@aws-sdk/middleware-user-agent" "3.696.0" - "@aws-sdk/region-config-resolver" "3.696.0" - "@aws-sdk/types" "3.696.0" - "@aws-sdk/util-endpoints" "3.696.0" - "@aws-sdk/util-user-agent-browser" "3.696.0" - "@aws-sdk/util-user-agent-node" "3.696.0" - "@smithy/config-resolver" "^3.0.12" - "@smithy/core" "^2.5.3" - "@smithy/fetch-http-handler" "^4.1.1" - "@smithy/hash-node" "^3.0.10" - "@smithy/invalid-dependency" "^3.0.10" - "@smithy/middleware-content-length" "^3.0.12" - "@smithy/middleware-endpoint" "^3.2.3" - "@smithy/middleware-retry" "^3.0.27" - "@smithy/middleware-serde" "^3.0.10" - "@smithy/middleware-stack" "^3.0.10" - "@smithy/node-config-provider" "^3.1.11" - "@smithy/node-http-handler" "^3.3.1" - "@smithy/protocol-http" "^4.1.7" - "@smithy/smithy-client" "^3.4.4" - "@smithy/types" "^3.7.1" - "@smithy/url-parser" "^3.0.10" - "@smithy/util-base64" "^3.0.0" - "@smithy/util-body-length-browser" "^3.0.0" - "@smithy/util-body-length-node" "^3.0.0" - "@smithy/util-defaults-mode-browser" "^3.0.27" - "@smithy/util-defaults-mode-node" "^3.0.27" - "@smithy/util-endpoints" "^2.1.6" - "@smithy/util-middleware" "^3.0.10" - "@smithy/util-retry" "^3.0.10" - "@smithy/util-utf8" "^3.0.0" - tslib "^2.6.2" - "@aws-sdk/client-sso-oidc@3.699.0": version "3.699.0" resolved "https://registry.yarnpkg.com/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.699.0.tgz#a35665e681abd518b56330bc7dab63041fbdaf83" @@ -420,52 +375,6 @@ "@smithy/util-utf8" "^3.0.0" tslib "^2.6.2" -"@aws-sdk/client-sts@3.696.0": - version "3.696.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/client-sts/-/client-sts-3.696.0.tgz#58d820a6d6f62626fd3177e7c0dc90027f0c6c3c" - integrity sha512-eJOxR8/UyI7kGSRyE751Ea7MKEzllQs7eNveDJy9OP4t/jsN/P19HJ1YHeA1np40JRTUBfqa6WLAAiIXsk8rkg== - dependencies: - "@aws-crypto/sha256-browser" "5.2.0" - "@aws-crypto/sha256-js" "5.2.0" - "@aws-sdk/client-sso-oidc" "3.696.0" - "@aws-sdk/core" "3.696.0" - "@aws-sdk/credential-provider-node" "3.696.0" - "@aws-sdk/middleware-host-header" "3.696.0" - "@aws-sdk/middleware-logger" "3.696.0" - "@aws-sdk/middleware-recursion-detection" "3.696.0" - "@aws-sdk/middleware-user-agent" "3.696.0" - "@aws-sdk/region-config-resolver" "3.696.0" - "@aws-sdk/types" "3.696.0" - "@aws-sdk/util-endpoints" "3.696.0" - "@aws-sdk/util-user-agent-browser" "3.696.0" - "@aws-sdk/util-user-agent-node" "3.696.0" - "@smithy/config-resolver" "^3.0.12" - "@smithy/core" "^2.5.3" - "@smithy/fetch-http-handler" "^4.1.1" - "@smithy/hash-node" "^3.0.10" - "@smithy/invalid-dependency" "^3.0.10" - "@smithy/middleware-content-length" "^3.0.12" - "@smithy/middleware-endpoint" "^3.2.3" - "@smithy/middleware-retry" "^3.0.27" - "@smithy/middleware-serde" "^3.0.10" - "@smithy/middleware-stack" "^3.0.10" - "@smithy/node-config-provider" "^3.1.11" - "@smithy/node-http-handler" "^3.3.1" - "@smithy/protocol-http" "^4.1.7" - "@smithy/smithy-client" "^3.4.4" - "@smithy/types" "^3.7.1" - "@smithy/url-parser" "^3.0.10" - "@smithy/util-base64" "^3.0.0" - "@smithy/util-body-length-browser" "^3.0.0" - "@smithy/util-body-length-node" "^3.0.0" - "@smithy/util-defaults-mode-browser" "^3.0.27" - "@smithy/util-defaults-mode-node" "^3.0.27" - "@smithy/util-endpoints" "^2.1.6" - "@smithy/util-middleware" "^3.0.10" - "@smithy/util-retry" "^3.0.10" - "@smithy/util-utf8" "^3.0.0" - tslib "^2.6.2" - "@aws-sdk/client-sts@3.699.0": version "3.699.0" resolved "https://registry.yarnpkg.com/@aws-sdk/client-sts/-/client-sts-3.699.0.tgz#9419be6bbf3809008128117afea8b9129b5a959d" @@ -567,24 +476,6 @@ "@smithy/util-stream" "^3.3.1" tslib "^2.6.2" -"@aws-sdk/credential-provider-ini@3.696.0": - version "3.696.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.696.0.tgz#8b162db836c81582f249e24adff48f01cacca402" - integrity sha512-9WsZZofjPjNAAZhIh7c7FOhLK8CR3RnGgUm1tdZzV6ZSM1BuS2m6rdwIilRxAh3fxxKDkmW/r/aYmmCYwA+AYA== - dependencies: - "@aws-sdk/core" "3.696.0" - "@aws-sdk/credential-provider-env" "3.696.0" - "@aws-sdk/credential-provider-http" "3.696.0" - "@aws-sdk/credential-provider-process" "3.696.0" - "@aws-sdk/credential-provider-sso" "3.696.0" - "@aws-sdk/credential-provider-web-identity" "3.696.0" - "@aws-sdk/types" "3.696.0" - "@smithy/credential-provider-imds" "^3.2.6" - "@smithy/property-provider" "^3.1.9" - "@smithy/shared-ini-file-loader" "^3.1.10" - "@smithy/types" "^3.7.1" - tslib "^2.6.2" - "@aws-sdk/credential-provider-ini@3.699.0": version "3.699.0" resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.699.0.tgz#7919a454b05c5446d04a0d3270807046a029ee30" @@ -603,24 +494,6 @@ "@smithy/types" "^3.7.1" tslib "^2.6.2" -"@aws-sdk/credential-provider-node@3.696.0": - version "3.696.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-node/-/credential-provider-node-3.696.0.tgz#6d8d97a85444bfd3c5a1aded9ce894f68e6d3547" - integrity sha512-8F6y5FcfRuMJouC5s207Ko1mcVvOXReBOlJmhIwE4QH1CnO/CliIyepnAZrRQ659mo5wIuquz6gXnpYbitEVMg== - dependencies: - "@aws-sdk/credential-provider-env" "3.696.0" - "@aws-sdk/credential-provider-http" "3.696.0" - "@aws-sdk/credential-provider-ini" "3.696.0" - "@aws-sdk/credential-provider-process" "3.696.0" - "@aws-sdk/credential-provider-sso" "3.696.0" - "@aws-sdk/credential-provider-web-identity" "3.696.0" - "@aws-sdk/types" "3.696.0" - "@smithy/credential-provider-imds" "^3.2.6" - "@smithy/property-provider" "^3.1.9" - "@smithy/shared-ini-file-loader" "^3.1.10" - "@smithy/types" "^3.7.1" - tslib "^2.6.2" - "@aws-sdk/credential-provider-node@3.699.0": version "3.699.0" resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-node/-/credential-provider-node-3.699.0.tgz#6a1e32a49a7fa71d10c85a927267d1782444def1" @@ -651,20 +524,6 @@ "@smithy/types" "^3.7.1" tslib "^2.6.2" -"@aws-sdk/credential-provider-sso@3.696.0": - version "3.696.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.696.0.tgz#3e58608e7c330e08206af496a14764f82a776acf" - integrity sha512-4SSZ9Nk08JSu4/rX1a+dEac/Ims1HCXfV7YLUe5LGdtRLSKRoQQUy+hkFaGYoSugP/p1UfUPl3BuTO9Vv8z1pA== - dependencies: - "@aws-sdk/client-sso" "3.696.0" - "@aws-sdk/core" "3.696.0" - "@aws-sdk/token-providers" "3.696.0" - "@aws-sdk/types" "3.696.0" - "@smithy/property-provider" "^3.1.9" - "@smithy/shared-ini-file-loader" "^3.1.10" - "@smithy/types" "^3.7.1" - tslib "^2.6.2" - "@aws-sdk/credential-provider-sso@3.699.0": version "3.699.0" resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.699.0.tgz#515e2ecd407bace3141b8b192505631de415667e" @@ -903,17 +762,6 @@ "@smithy/types" "^3.7.1" tslib "^2.6.2" -"@aws-sdk/token-providers@3.696.0": - version "3.696.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/token-providers/-/token-providers-3.696.0.tgz#22ca7cf0901885d2f01aed6fe664e5162ae58108" - integrity sha512-fvTcMADrkwRdNwVmJXi2pSPf1iizmUqczrR1KusH4XehI/KybS4U6ViskRT0v07vpxwL7x+iaD/8fR0PUu5L/g== - dependencies: - "@aws-sdk/types" "3.696.0" - "@smithy/property-provider" "^3.1.9" - "@smithy/shared-ini-file-loader" "^3.1.10" - "@smithy/types" "^3.7.1" - tslib "^2.6.2" - "@aws-sdk/token-providers@3.699.0": version "3.699.0" resolved "https://registry.yarnpkg.com/@aws-sdk/token-providers/-/token-providers-3.699.0.tgz#354990dd52d651c1f7a64c4c0894c868cdc81de2" From dc8dfc2a7140a314f2a710aeb9b4068436d5ba5e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 25 Nov 2024 12:46:46 -0600 Subject: [PATCH 3/3] Chore [deps:github-actions]: bump zgosalvez/github-actions-ensure-sha-pinned-actions (#3765) Bumps [zgosalvez/github-actions-ensure-sha-pinned-actions](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions) from 3.0.16 to 3.0.17. - [Release notes](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/releases) - [Commits](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/compare/38608ef4fb69adae7f1eac6eeb88e67b7d083bfd...5d6ac37a4cef8b8df67f482a8e384987766f0213) --- updated-dependencies: - dependency-name: zgosalvez/github-actions-ensure-sha-pinned-actions dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Tyler Hendrickson <1851017+TylerHendrickson@users.noreply.github.com> --- .github/workflows/code-scanning.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/code-scanning.yml b/.github/workflows/code-scanning.yml index 1cc4f4c77..5a1ba100f 100644 --- a/.github/workflows/code-scanning.yml +++ b/.github/workflows/code-scanning.yml @@ -83,4 +83,4 @@ jobs: show-progress: 'false' persist-credentials: 'false' - name: Ensure GitHub action versions are pinned to SHAs - uses: zgosalvez/github-actions-ensure-sha-pinned-actions@38608ef4fb69adae7f1eac6eeb88e67b7d083bfd # v3.0.16 + uses: zgosalvez/github-actions-ensure-sha-pinned-actions@5d6ac37a4cef8b8df67f482a8e384987766f0213 # v3.0.17