Skip to content

[Snyk] Upgrade @aws-sdk/client-s3 from 3.901.0 to 3.953.0 #897

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
shobhitupadhyayy wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Upgrade @aws-sdk/client-s3 from 3.901.0 to 3.953.0 #897

shobhitupadhyayy wants to merge 1 commit into from

Conversation

@shobhitupadhyayy
Copy link
Contributor

@shobhitupadhyayy shobhitupadhyayy commented Jan 7, 2026

snyk-top-banner

Snyk has created this PR to upgrade @aws-sdk/client-s3 from 3.901.0 to 3.953.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 35 versions ahead of your current version.

  • The recommended version was released 21 days ago.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Allocation of Resources Without Limits or Throttling
SNYK-JS-QS-14724253		 345 Proof of Concept
medium severity Allocation of Resources Without Limits or Throttling
SNYK-JS-BODYPARSER-14105059		 345 No Known Exploit
medium severity Prototype Pollution
SNYK-JS-JSYAML-13961110		 345 No Known Exploit
Release notes
Package name: @aws-sdk/client-s3
  • 3.953.0 - 2025-12-16

    3.953.0(2025-12-16)

    Chores
    New Features
    • clients:
      • update client endpoints as of 2025-12-16 (5c0fba3d)
      • allow protocol selection by class constructor (#7568) (5c5fd2e6)
    • client-iot: Add support for dynamic payloads in IoT Device Management Commands (991cba08)
    • client-timestream-influxdb: This release adds support for rebooting InfluxDB DbInstances and DbClusters (a8b712bb)

    For list of updated packages, view updated-packages.md in assets-3.953.0.zip

  • 3.952.0 - 2025-12-15

    3.952.0(2025-12-15)

    Chores
    Documentation Changes
    • client-bedrock-agentcore-control: This release updates broken links for AgentCore Policy APIs in the AWS CLI and SDK resources. (6207cfae)
    New Features
    • client-service-quotas: Add support for SQ Dashboard Api (bcc5261c)
    • client-entityresolution: Support Customer Profiles Integration for AWS Entity Resolution (32903b15)
    • client-health: Updating Health API endpoint generation for dualstack only regions (c8be328f)
    • client-s3: This release adds support for the new optional field 'LifecycleExpirationDate' in S3 Inventory configurations. (55955e01)
    • client-ec2: EC2 Capacity Manager now supports SpotTotalCount, SpotTotalInterruptions and SpotInterruptionRate metrics for both vCPU and instance units. (f5db7c3c)
    • client-cloudwatch-logs: This release allows you to import your historical CloudTrail Lake data into CloudWatch with a few steps, enabling you to easily consolidate operational, security, and compliance data in one place. (23d7db9d)
    • client-route53resolver: Adds support for enabling detailed metrics on Route 53 Resolver endpoints using RniEnhancedMetricsEnabled and TargetNameServerMetricsEnabled in the CreateResolverEndpoint and UpdateResolverEndpoint APIs, providing enhanced visibility into Resolver endpoint and target name server performance. (93737551)
    • client-glacier: Documentation updates for Amazon Glacier's maintenance mode (069dcf44)
    • client-connect: Amazon Connect now supports outbound WhatsApp contacts via the Send message block or StartOutboundChatContact API. Send proactive messages for surveys, reminders, and updates. Offer customers the option to switch to WhatsApp while in queue, eliminating hold time. (c9b56eb0)
    • client-mediatailor: Added support for Ad Decision Server Configuration enabling HTTP POST requests with custom bodies, headers, GZIP compression, and dynamic variables. No changes required for existing GET request configurations. (d0aae6dd)
    Bug Fixes
    • client-sts: warn sts default region only when used (#7579) (6512de50)
    • credential-provider-ini: pass requestHandler from client to login provider (#7577) (a0bd362c)

    For list of updated packages, view updated-packages.md in assets-3.952.0.zip

  • 3.948.0 - 2025-12-09

    3.948.0(2025-12-09)

    Chores
    • middleware-recursion-detection: upgrade lambda-invoke-store dependency (#7559) (dbc65195)
    New Features
    • clients: update client endpoints as of 2025-12-09 (012e1f9a)
    • client-mgn: Added parameters encryption, IPv4/IPv6 protocol configuration, and enhanced tagging support for replication operations. (a0a347c6)
    • client-guardduty: Adding support for Ec2LaunchTemplate Version field (4903763d)
    • client-appsync: Update Event API to require EventConfig parameter in creation and update requests. (6298ec44)
    • client-route-53: Amazon Route 53 now supports the EU (Germany) Region (eusc-de-east-1) for latency records, geoproximity records, and private DNS for Amazon VPCs in that region (c21e90bc)
    • client-account: This release adds a new API (GetGovCloudAccountInformation) used to retrieve information about a linked GovCloud account from the standard AWS partition. (ae9e6fce)
    • client-ivs-realtime: Token Exchange introduces seamless token exchange capabilities for IVS RTX, enabling customers to upgrade or downgrade token capabilities and update token attributes within the IVS client SDK without forcing clients to disconnect and reconnect. (db225910)

    For list of updated packages, view updated-packages.md in assets-3.948.0.zip

  • 3.947.0 - 2025-12-08

    3.947.0(2025-12-08)

    Chores
    • codegen: service closure knowledge index (#7554) (731dbfef)
    • core/client: emit warning for Node.js 18.x end-of-support (#7540) (fee7ba1d)
    Documentation Changes
    • add support policy section for Node.js/ECMAScript versions (#7556) (bf1f6e0b)
    New Features
    • clients: update client endpoints as of 2025-12-08 (7e0d61b2)
    • client-cost-explorer: Add support for Cost Category resource associations including filtering by resource type on ListCostCategoryDefinitions and new ListCostCategoryResourceAssociations API. (011b4f65)
    • client-sesv2: Update Mail Manager Archive ARN validation (18c203b2)
    • client-redshift-serverless: Added GetIdentityCenterAuthToken API to retrieve encrypted authentication tokens for Identity Center integrated serverless workgroups. This API enables programmatic access to secure Identity Center tokens with proper error handling and parameter validation across supported SDK languages. (c3d27769)
    • client-identitystore: Updating AWS Identity Store APIs to support Attribute Extensions capability, with the first release adding Enterprise Attributes. This launch aligns Identity Store APIs with SCIM for enterprise attributes, reducing cases when customers are forced to use SCIM due to lack of SigV4 API support. (14887fde)
    • client-rds: Adding support for tagging RDS Instance/Cluster Automated Backups (41b9a139)
    • client-partnercentral-selling: Deal Sizing Service for AI-based deal size estimation with AWS service-level breakdown, supporting Expansion and Migration deals across Technology, and Reseller partner cohorts, including Pricing Calculator AddOn for MAP deals and funding incentives. (867598e2)
    • client-rolesanywhere: Increases certificate string length for trust anchor source data to support ML-DSA certificates. (481b863e)
    • client-ec2: Amazon EC2 P6-B300 instances provide 8x NVIDIA Blackwell Ultra GPUs with 2.1 TB high bandwidth GPU memory, 6.4 Tbps EFA networking, 300 Gbps dedicated ENA throughput, and 4 TB of system memory. Amazon EC2 C8a instances are powered by 5th Gen AMD EPYC processors with a maximum frequency of 4.5 GHz. (229ff011)
    Tests
    • core/protocols: add test and additional condition for xml declaration (#7552) (c83c986a)

    For list of updated packages, view updated-packages.md in assets-3.947.0.zip

  • 3.946.0 - 2025-12-05

    3.946.0(2025-12-05)

    Chores
    Documentation Changes
    • client-ecs: Updating stop-task API to encapsulate containers with custom stop signal (d7a58e20)
    New Features
    • client-iam: Adding the ExpirationTime attribute to the delegation request resource. (2de73924)
    • client-inspector2: This release adds a new ScanStatus called "Unsupported Code Artifacts". This ScanStatus will be returned when a Lambda function was not code scanned because it has unsupported code artifacts. (30b100c9)
    • client-partnercentral-account: Adding Verification API's to Partner Central Account SDK. (b9bad198)
    • client-sesv2: Updating the desired url for PutEmailIdentityDkimSigningAttributes from v1 to v2 (4e8746ff)
    Bug Fixes
    • core/protocols:
    • ec2-metadata-service: discard response body stream on failed request (#7543) (2dc10c6f)

    For list of updated packages, view updated-packages.md in assets-3.946.0.zip

  • 3.943.0 - 2025-12-02
  • 3.940.0 - 2025-11-25
  • 3.939.0 - 2025-11-24
  • 3.937.0 - 2025-11-20
  • 3.936.0 - 2025-11-19
  • 3.935.0 - 2025-11-19
  • 3.934.0 - 2025-11-18
  • 3.933.0 - 2025-11-17
  • 3.932.0 - 2025-11-14
  • 3.931.0 - 2025-11-13
  • 3.930.0 - 2025-11-12
  • 3.929.0 - 2025-11-11
  • 3.928.0 - 2025-11-10
  • 3.927.0 - 2025-11-07
  • 3.926.0 - 2025-11-06
  • 3.925.0 - 2025-11-05
  • 3.922.0 - 2025-10-31
  • 3.921.0 - 2025-10-30
  • 3.920.0 - 2025-10-29
  • 3.919.0 - 2025-10-28
  • 3.918.0 - 2025-10-27
  • 3.917.0 - 2025-10-24
  • 3.916.0 - 2025-10-23
  • 3.914.0 - 2025-10-21
  • 3.913.0 - 2025-10-17
  • 3.911.0 - 2025-10-15
  • 3.910.0 - 2025-10-14
  • 3.908.0 - 2025-10-10
  • 3.907.0 - 2025-10-09
  • 3.906.0 - 2025-10-08
  • 3.901.0 - 2025-10-01
from @aws-sdk/client-s3 GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • Snyk has automatically assigned this pull request, set who gets assigned.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

@snyk-bot
fix: upgrade @aws-sdk/client-s3 from 3.901.0 to 3.953.0
9758981 
Snyk has created this PR to upgrade @aws-sdk/client-s3 from 3.901.0 to 3.953.0.

See this package in npm:
@aws-sdk/client-s3

See this project in Snyk:
https://app.snyk.io/org/shobhit.upadhyay/project/b2261392-196b-4069-a569-f3f831ff6517?utm_source=github&utm_medium=referral&page=upgrade-pr
@shobhitupadhyayy shobhitupadhyayy requested a review from a team as a code owner January 7, 2026 08:29
@umeshmore45 umeshmore45 force-pushed the snyk-upgrade-dbe455714bdf65a69a661f975cd11b4f branch from 8317c68 to 9758981 Compare January 7, 2026 11:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@sayalijoshi27 sayalijoshi27

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@shobhitupadhyayy @sayalijoshi27 @snyk-bot