Skip to content

chore(deps): bump the aws group across 1 directory with 8 updates#25281

Closed
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/cargo/aws-6fa7246a0e
Closed

chore(deps): bump the aws group across 1 directory with 8 updates#25281
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/cargo/aws-6fa7246a0e

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 27, 2026

Copy link
Copy Markdown
Contributor

Bumps the aws group with 3 updates in the / directory: aws-runtime, aws-sdk-kms and aws-sdk-secretsmanager.

Updates aws-runtime from 1.7.2 to 1.7.4

Changelog

Sourced from aws-runtime's changelog.

May 19th, 2026

New this release:

  • 🐛 (server, smithy-rs#4634, @​jlizen) Strip trailing whitespace from generated Rust code. Smithy's AbstractCodeWriter adds indentation to blank lines, producing whitespace-only lines that cause cargo fmt to fail with error[internal]: left behind trailing whitespace.
  • 🐛 (client, smithy-rs#4614, @​lnj) Fix ProfileFileCredentialsProvider so that profile-level use_fips_endpoint and use_dualstack_endpoint settings are propagated to the internal STS client used during assume-role credential chaining. Previously these settings were only applied when the provider was built through aws_config::ConfigLoader::load, so users constructing ProfileFileCredentialsProvider directly via its builder would see STS requests go to non-FIPS / non-dual-stack endpoints even when the selected profile enabled them.
  • 🐛 (client, smithy-rs#4632) Fix adaptive retry rate limiter to never allow negative token bucket capacity. Previously, acquire_permission_to_send_a_request unconditionally deducted the request cost even when returning a delay, causing capacity to go negative. With multiple concurrent tasks, this produced cascading sleep times proportional to the number of tasks (e.g., task 50 sleeping 100s), leading to near-zero request rates that never recovered after a throttling event. Now, capacity is only deducted when a token is actually granted, and the orchestrator re-acquires after sleeping to account for concurrent state changes.
  • (client, @​lnj) Optimized BDD endpoint resolution performance by replacing HashMap-based auth schemes with a typed EndpointAuthScheme struct, inlining the BDD evaluation loop, and adding a single-entry endpoint cache. The BDD resolver is now up to 49% faster than the original implementation and outperforms the tree-based resolver on most benchmarks.

Contributors Thank you for your contributions! ❤

April 16th, 2026

Breaking Changes:

  • 🐛⚠️ (client) Now files written by the SDK (like credential caches) are created with file permissions 0o600 on unix systems. This could break customers who were relying on the visibility of those files to other users on the system.

New this release:

  • 🎉 (client, smithy-rs#4521) Add sigv4a_signing_region_set client configuration. Supports programmatic, environment variable (AWS_SIGV4A_SIGNING_REGION_SET), and shared config file (sigv4a_signing_region_set) configuration. User-provided values now take priority over endpoint-resolved values.
  • 🐛 (client, smithy-rs#4340, @​ysaito) Prevent memory leak in identity cache when overriding credentials via config_override. Each config_override that sets a credentials provider now uses an operation-scoped identity cache instead of the shared client-level cache, preventing unbounded partition growth. Additionally, the client-level identity cache now enforces a configurable max_partitions cap (default: 64) as a safety net.
  • 🐛 (client, smithy-rs#4596, aws-sdk-rust#1423, @​annahay4) Fix TokenBucket::is_full() and TokenBucket::is_empty() to convert fractional tokens into whole permits before checking availability. Previously, accumulated fractional tokens from success rewards were not accounted for, causing these methods to return incorrect results.
  • 🐛 (client, smithy-rs#4587) Upgrade sha2 from 0.10.x to 0.11.x. The previous version defaulted to software-based compression instead of hardware-accelerated compression, resulting in lower throughput. The new version automatically detects and uses hardware-accelerated instructions when available.
  • (client, smithy-rs#4591) Optimize Encoder::str() and Encoder::blob() by collapsing multiple write_all calls into a single buffer operation. This bypasses minicbor's generic writer to write the CBOR type+length header and payload directly into the underlying Vec<u8>, improving performance on serialization-heavy hot paths.
  • 🐛 (all, smithy-rs#4572, @​jlizen) Re-export EventStreamSender from generated SDK crates when the service uses event streams, so users do not need a direct dependency on aws-smithy-http to construct event stream responses.
  • 🐛 (client, smithy-rs#4599) Fix waiter codegen failure when JMESPath && or || expressions have non-boolean operands (e.g., a list field used as a truthiness check). Non-boolean types are now coerced to booleans using JMESPath truthiness rules: arrays and strings check !is_empty(), all other non-null types are truthy.
  • 🐛 (client, smithy-rs#4431, @​jlizen) Add missing EventOrInitial, EventOrInitialMarshaller, and EventStreamSender::into_inner to aws-smithy-legacy-http event_stream module, fixing compilation failures in generated SDKs that reference these types.

Contributors Thank you for your contributions! ❤

March 16th, 2026

New this release:

  • 🐛 (client) Fix null value handling in dense collections: SDK now correctly rejects null values in non-sparse collections instead of silently dropping them.

March 2nd, 2026

New this release:

  • 🐛 (client, smithy-rs#4429) Fix bug where initial-request messages in event stream operations are not signed.

... (truncated)

Commits

Updates aws-sdk-kms from 1.99.0 to 1.106.0

Commits

Updates aws-sdk-secretsmanager from 1.99.0 to 1.104.0

Commits

Updates aws-types from 1.3.14 to 1.3.16

Commits

Updates aws-sigv4 from 1.4.2 to 1.4.4

Commits

Updates aws-smithy-runtime from 1.10.3 to 1.11.3

Commits

Updates aws-smithy-runtime-api from 1.11.6 to 1.12.1

Commits

Updates aws-smithy-types from 1.4.6 to 1.4.8

Commits

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot Bot added domain: deps Anything related to Vector's dependencies no-changelog Changes in this PR do not need user-facing explanations in the release changelog labels Apr 27, 2026
@dependabot dependabot Bot requested a review from a team as a code owner April 27, 2026 14:55
@dependabot dependabot Bot added domain: deps Anything related to Vector's dependencies no-changelog Changes in this PR do not need user-facing explanations in the release changelog labels Apr 27, 2026
@dependabot dependabot Bot force-pushed the dependabot/cargo/aws-6fa7246a0e branch from 645e2ec to e4e3bb1 Compare April 28, 2026 15:55
@dependabot @github

dependabot Bot commented on behalf of github Apr 28, 2026

Copy link
Copy Markdown
Contributor Author

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot recreate.

@dependabot dependabot Bot force-pushed the dependabot/cargo/aws-6fa7246a0e branch 6 times, most recently from 704f0e8 to f7c92d4 Compare May 5, 2026 00:12
@dependabot dependabot Bot force-pushed the dependabot/cargo/aws-6fa7246a0e branch from f7c92d4 to 646b9c7 Compare May 6, 2026 16:18
@chatgpt-codex-connector

Copy link
Copy Markdown

💡 Codex Review

vector/Cargo.lock

Lines 1731 to 1735 in 646b9c7

[[package]]
name = "aws-smithy-runtime-api-macros"
version = "1.0.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8d7396fd9500589e62e460e987ecb671bad374934e55ec3b5f498cc7a8a8a7b7"

P2 Badge Regenerate the third-party license inventory

This lockfile update adds new transitive crates (for example this new aws-smithy-runtime-api-macros package, plus cmov, ctutils, and hybrid-array), but LICENSE-3rdparty.csv was not updated and rg finds no entries for those crates there. The repo’s dependency workflow runs make check-licenses for dependency changes (.github/workflows/test.yml lines 97-110), and CONTRIBUTING.md says dependency changes may need the generated third-party inventory refreshed, so the packaged license inventory is now stale; please run make build-licenses and commit the generated CSV update.

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

@dependabot dependabot Bot force-pushed the dependabot/cargo/aws-6fa7246a0e branch 4 times, most recently from da9e295 to 8f07b25 Compare May 8, 2026 15:38

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 8f07b25f9f

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

Comment thread Cargo.lock
]

[[package]]
name = "aws-smithy-runtime-api-macros"

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Regenerate third-party license inventory

This lockfile adds new third-party crates (for example aws-smithy-runtime-api-macros here, and also cmov, ctutils, and hybrid-array in the same diff), but LICENSE-3rdparty.csv was not updated; I checked that these new component names are absent from the CSV. Since make check-licenses runs dd-rust-license-tool check, the dependency bump will fail the license check and omit required license metadata from packaging until cargo vdev build licenses/make build-licenses regenerates the inventory.

Useful? React with 👍 / 👎.

@dependabot dependabot Bot force-pushed the dependabot/cargo/aws-6fa7246a0e branch 6 times, most recently from eea9ac4 to 13cb146 Compare May 14, 2026 21:18
@dependabot dependabot Bot force-pushed the dependabot/cargo/aws-6fa7246a0e branch 4 times, most recently from b845a84 to eae90cb Compare May 20, 2026 14:54
@dependabot dependabot Bot force-pushed the dependabot/cargo/aws-6fa7246a0e branch 4 times, most recently from 6bb26e2 to a4cde89 Compare May 27, 2026 14:41
Bumps the aws group with 3 updates in the / directory: [aws-runtime](https://github.com/smithy-lang/smithy-rs), [aws-sdk-kms](https://github.com/awslabs/aws-sdk-rust) and [aws-sdk-secretsmanager](https://github.com/awslabs/aws-sdk-rust).


Updates `aws-runtime` from 1.7.2 to 1.7.4
- [Release notes](https://github.com/smithy-lang/smithy-rs/releases)
- [Changelog](https://github.com/smithy-lang/smithy-rs/blob/main/CHANGELOG.md)
- [Commits](https://github.com/smithy-lang/smithy-rs/commits)

Updates `aws-sdk-kms` from 1.99.0 to 1.106.0
- [Release notes](https://github.com/awslabs/aws-sdk-rust/releases)
- [Commits](https://github.com/awslabs/aws-sdk-rust/commits)

Updates `aws-sdk-secretsmanager` from 1.99.0 to 1.104.0
- [Release notes](https://github.com/awslabs/aws-sdk-rust/releases)
- [Commits](https://github.com/awslabs/aws-sdk-rust/commits)

Updates `aws-types` from 1.3.14 to 1.3.16
- [Release notes](https://github.com/smithy-lang/smithy-rs/releases)
- [Changelog](https://github.com/smithy-lang/smithy-rs/blob/main/CHANGELOG.md)
- [Commits](https://github.com/smithy-lang/smithy-rs/commits)

Updates `aws-sigv4` from 1.4.2 to 1.4.4
- [Release notes](https://github.com/smithy-lang/smithy-rs/releases)
- [Changelog](https://github.com/smithy-lang/smithy-rs/blob/main/CHANGELOG.md)
- [Commits](https://github.com/smithy-lang/smithy-rs/commits)

Updates `aws-smithy-runtime` from 1.10.3 to 1.11.3
- [Release notes](https://github.com/smithy-lang/smithy-rs/releases)
- [Changelog](https://github.com/smithy-lang/smithy-rs/blob/main/CHANGELOG.md)
- [Commits](https://github.com/smithy-lang/smithy-rs/commits)

Updates `aws-smithy-runtime-api` from 1.11.6 to 1.12.1
- [Release notes](https://github.com/smithy-lang/smithy-rs/releases)
- [Changelog](https://github.com/smithy-lang/smithy-rs/blob/main/CHANGELOG.md)
- [Commits](https://github.com/smithy-lang/smithy-rs/commits)

Updates `aws-smithy-types` from 1.4.6 to 1.4.8
- [Release notes](https://github.com/smithy-lang/smithy-rs/releases)
- [Changelog](https://github.com/smithy-lang/smithy-rs/blob/main/CHANGELOG.md)
- [Commits](https://github.com/smithy-lang/smithy-rs/commits)

---
updated-dependencies:
- dependency-name: aws-runtime
  dependency-version: 1.7.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: aws
- dependency-name: aws-sdk-kms
  dependency-version: 1.105.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: aws
- dependency-name: aws-sdk-secretsmanager
  dependency-version: 1.104.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: aws
- dependency-name: aws-sigv4
  dependency-version: 1.4.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: aws
- dependency-name: aws-smithy-runtime
  dependency-version: 1.11.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: aws
- dependency-name: aws-smithy-runtime-api
  dependency-version: 1.12.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: aws
- dependency-name: aws-smithy-types
  dependency-version: 1.4.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: aws
- dependency-name: aws-types
  dependency-version: 1.3.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: aws
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/cargo/aws-6fa7246a0e branch from a4cde89 to 595e029 Compare June 1, 2026 07:20
@dependabot @github

dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor Author

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Jul 1, 2026
@dependabot dependabot Bot deleted the dependabot/cargo/aws-6fa7246a0e branch July 1, 2026 04:09
@github-actions github-actions Bot locked and limited conversation to collaborators Jul 1, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

domain: deps Anything related to Vector's dependencies no-changelog Changes in this PR do not need user-facing explanations in the release changelog

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants