Skip to content

[Snyk] Upgrade @aws-sdk/client-s3 from 3.826.0 to 3.958.0 #70

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Sunwuyuan wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Upgrade @aws-sdk/client-s3 from 3.826.0 to 3.958.0 #70

Sunwuyuan wants to merge 1 commit into from

Conversation

@Sunwuyuan
Copy link
Member

@Sunwuyuan Sunwuyuan commented Jan 14, 2026

snyk-top-banner

Snyk has created this PR to upgrade @aws-sdk/client-s3 from 3.826.0 to 3.958.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 81 versions ahead of your current version.

  • The recommended version was released 21 days ago.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
medium severity Allocation of Resources Without Limits or Throttling
SNYK-JS-AXIOS-12613773		 666 Proof of Concept
medium severity Allocation of Resources Without Limits or Throttling
SNYK-JS-BODYPARSER-14105059		 666 No Known Exploit
low severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-BRACEEXPANSION-9789073		 666 Proof of Concept
low severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-BRACEEXPANSION-9789073		 666 Proof of Concept
critical severity Predictable Value Range from Previous Values
SNYK-JS-FORMDATA-10841150		 666 Proof of Concept
high severity Improper Verification of Cryptographic Signature
SNYK-JS-JWS-14188253		 666 No Known Exploit
high severity Improper Verification of Cryptographic Signature
SNYK-JS-JWS-14188253		 666 No Known Exploit
high severity Uncaught Exception
SNYK-JS-MULTER-10773732		 666 No Known Exploit
high severity Incomplete Filtering of One or More Instances of Special Elements
SNYK-JS-VALIDATOR-13653476		 666 Proof of Concept
medium severity Improper Handling of Unexpected Data Type
SNYK-JS-ONHEADERS-10773729		 666 No Known Exploit
medium severity Improper Validation of Specified Type of Input
SNYK-JS-VALIDATOR-13395830		 666 Proof of Concept
Release notes
Package name: @aws-sdk/client-s3
  • 3.958.0 - 2025-12-23

    3.958.0(2025-12-23)

    Chores
    • client-elastic-transcoder: remove elastic transcoder due to service shutdown (#7602) (4381b2dc)
    • build: generate clients without formatting prettier/eslint (#7599) (da9c913a)
    • codegen: bump codegen version to 0.40.0 (#7601) (4dc2bcb7)
    New Features
    • clients: update client endpoints as of 2025-12-23 (f5aa61b9)
    • client-s3: Add additional validation to Outpost bucket names. (2f30457f)
    • client-geo-places: Adds support for InferredSecondaryAddress place type, Designator in SecondaryAddressComponent and Heading in ReverseGeocode. (1c6374da)
    • client-pinpoint-sms-voice-v2: This release adds support for the Registration Reviewer feature, which provides generative AI feedback on a phone number or sender ID registration to ensure completeness before sending to downstream (carrier) review. (ac0c236b)
    Tests

    For list of updated packages, view updated-packages.md in assets-3.958.0.zip

  • 3.957.0 - 2025-12-22

    3.957.0(2025-12-22)

    Chores
    • move crc64NvmeCrtContainer to '@ aws-sdk/crc64-nvme' (#7600) (69196b71)
    • move e2e tests from cucumber to vitest (#7539) (561b8900)
    • build: replace lerna partial-tree build with turbo (#7597) (04bdba3e)
    Documentation Changes
    • client-pcs: Change API Reference Documentation for default Mode in Accounting and SlurmRest (966f60ac)
    New Features
    • client-config-service: Added supported resourceTypes for Config from July to November 2025 (2c7dab27)
    • client-ec2: Adds support for linkedGroupId on the CreatePlacementGroup and DescribePlacementGroups APIs. The linkedGroupId parameter is reserved for future use. (a492f734)
    • client-guardduty: Make accountIds a required field in GetRemainingFreeTrialDays API to reflect service behavior. (53e59c65)
    • middleware-flexible-checksums: use CRC64NVME JS implementation if CRT is not available (#7595) (4c6ad409)
    Bug Fixes
    • middleware-flexible-checksums: advise user on InvalidChunkSizeError (#7598) (6fa3b4cc)

    For list of updated packages, view updated-packages.md in assets-3.957.0.zip

  • 3.956.0 - 2025-12-19

    3.956.0(2025-12-19)

    Chores
    Documentation Changes
    New Features
    • clients: update client endpoints as of 2025-12-19 (e0360a8f)
    • client-wickr: AWS Wickr now provides a suite of admin APIs to allow you to programmatically manage secure communication for Wickr networks at scale. These APIs enable you to automate administrative workflows including user lifecycle management, network configuration, and security group administration. (d105e0ef)
    • client-arc-region-switch: Automatic Plan Execution Reports allow customers to maintain a concise record of their Region switch Plan executions. This enables customer SREs and leadership to have a clear view of their recovery posture based on the generated reports for their Plan executions. (33dbf8d8)
    • client-workspaces-web: Add support for WebAuthn under user settings. (a42b84c4)
    • client-iot: This release adds event-based logging feature that enables granular event logging controls for AWS IoT logs. (bbbf580b)
    • client-qbusiness: It is a internal bug fix for region expansion (42a80dd7)
    • client-connect: Adding support for Custom Metrics and Pre-Defined Attributes to GetCurrentMetricData API. (43dab925)
    • client-emr-serverless: Added JobLevelCostAllocationConfiguration field to enable cost allocation reporting at the job level, providing more granular visibility into EMR Serverless charges (e95db238)
    Bug Fixes
    • ec2-metadata-service: add configurable options for ttl and port precedence (#7584) (184cf70c)
    • core/protocols: $unknown union member support (#7593) (596fc405)

    For list of updated packages, view updated-packages.md in assets-3.956.0.zip

  • 3.955.0 - 2025-12-18

    3.955.0(2025-12-18)

    Chores
    New Features
    • clients: update client endpoints as of 2025-12-18 (11335218)
    • client-ec2: This release adds AvailabilityZoneId support for CreateFleet, ModifyFleet, DescribeFleets, RequestSpotFleet, ModifySpotFleetRequests and DescribeSpotFleetRequests APIs. (4d1a66b9)
    • client-ecs: Adding support for Event Windows via a new ECS account setting "fargateEventWindows". When enabled, ECS Fargate will use the configured event window for patching tasks. Introducing "CapacityOptionType" for CreateCapacityProvider API, allowing support for Spot capacity for ECS Managed Instances. (751c797f)
    • client-arc-region-switch: New API to list Route 53 health checks created by ARC region switch for a plan in a specific AWS Region using the Region switch Regional data plane. (406035c4)
    • client-bedrock-agentcore-control: Feature to support header exchanges between Bedrock AgentCore Gateway Targets and client, along with propagating query parameter to the configured targets. (800275ca)
    • client-appstream: Added support for new operating systems (1) Ubuntu 24.04 Pro LTS on Elastic fleets, and (2) Microsoft Server 2025 on Always-On and On-Demand fleets (a94e6d55)
    • client-cleanrooms: Adding support for collaboration change requests requiring an approval workflow. Adding support for change requests that grant or revoke results receiver ability and modifying auto approved change types in an existing collaboration. (26987932)
    • client-artifact: Add support for ListReportVersions API for the calling AWS account. (8247b183)
    • client-iot: This release adds message batching for the IoT Rules Engine HTTP action. (aa2dc069)
    • client-sesv2: Amazon SES introduces Email Validation feature which checks email addresses for syntax errors, domain validity, and risky addresses to help maintain deliverability and protect sender reputation. SES also adds resource tagging and ABAC support for EmailTemplates and CustomVerificationEmailTemplates. (7412e741)
    • client-bedrock-data-automation: Blueprint Optimization (BPO) is a new Amazon Bedrock Data Automation (BDA) capability that improves blueprint inference accuracy using example content assets and ground truth data. BPO works by generating better instructions for fields in the Blueprint using provided data. (3f901e7c)
    • client-ecr: Adds support for ECR Create On Push (620e820d)
    • client-opensearch: Amazon OpenSearch Service adds support for warm nodes, enabling new multi-tier architecture. (e574a591)
    • client-ssm-sap: Added "Stopping" for the HANA Database Status. (393a8516)

    For list of updated packages, view updated-packages.md in assets-3.955.0.zip

  • 3.954.0 - 2025-12-17

    3.954.0(2025-12-17)

    Chores
    Documentation Changes
    • core/protocols: add docs for schemas and protocols (#7583) (16628667)
    New Features
    • clients: update client endpoints as of 2025-12-17 (cf14f274)
    • client-mediapackagev2: This release adds support for SPEKE V2 content key encryption in MediaPackage v2 Origin Endpoints. (988aac9d)
    • client-inspector-scan: Adds an additional OutputFormat (fb2ca52a)
    • client-guardduty: Add support for dbiResourceId in finding. (50534058)
    • client-kafkaconnect: Support dual-stack network connectivity for connectors via NetworkType field. (04719ac2)
    • client-sagemaker: Adding the newly launched p6-b300.48xlarge ec2 instance support in Sagemaker(Hyperpod,Training and Sceptor) (9833262e)
    • client-payment-cryptography-data: Support for AS2805 standard. New API GenerateAs2805KekValidation and changes to translate pin, GenerateMac and VerifyMac to support AS2805 key variants. (fc2784b4)
    • client-payment-cryptography: Support for AS2805 standard. Modifications to import-key and export-key to support AS2805 variants. (1d7c22e4)
    • client-gameliftstreams: Added new stream group operation parameters for scale-on-demand capacity with automatic prewarming. Added new Gen6 stream classes based on the EC2 G6 instance family. Added new StartStreamSession parameter for exposure of real-time performance stats to clients. (94316515)
    • client-mediaconvert: Adds support for tile encoding in HEVC and audio for video overlays. (010a9f7d)
    • ec2-metadata-service: add retries for IMDS requests (#7569) (4b9a0ea9)

    For list of updated packages, view updated-packages.md in assets-3.954.0.zip

  • 3.953.0 - 2025-12-16

    3.953.0(2025-12-16)

    Chores
    New Features
    • clients:
      • update client endpoints as of 2025-12-16 (5c0fba3d)
      • allow protocol selection by class constructor (#7568) (5c5fd2e6)
    • client-iot: Add support for dynamic payloads in IoT Device Management Commands (991cba08)
    • client-timestream-influxdb: This release adds support for rebooting InfluxDB DbInstances and DbClusters (a8b712bb)

    For list of updated packages, view updated-packages.md in assets-3.953.0.zip

  • 3.952.0 - 2025-12-15

    3.952.0(2025-12-15)

    Chores
    Documentation Changes
    • client-bedrock-agentcore-control: This release updates broken links for AgentCore Policy APIs in the AWS CLI and SDK resources. (6207cfae)
    New Features
    • client-service-quotas: Add support for SQ Dashboard Api (bcc5261c)
    • client-entityresolution: Support Customer Profiles Integration for AWS Entity Resolution (32903b15)
    • client-health: Updating Health API endpoint generation for dualstack only regions (c8be328f)
    • client-s3: This release adds support for the new optional field 'LifecycleExpirationDate' in S3 Inventory configurations. (55955e01)
    • client-ec2: EC2 Capacity Manager now supports SpotTotalCount, SpotTotalInterruptions and SpotInterruptionRate metrics for both vCPU and instance units. (f5db7c3c)
    • client-cloudwatch-logs: This release allows you to import your historical CloudTrail Lake data into CloudWatch with a few steps, enabling you to easily consolidate operational, security, and compliance data in one place. (23d7db9d)
    • client-route53resolver: Adds support for enabling detailed metrics on Route 53 Resolver endpoints using RniEnhancedMetricsEnabled and TargetNameServerMetricsEnabled in the CreateResolverEndpoint and UpdateResolverEndpoint APIs, providing enhanced visibility into Resolver endpoint and target name server performance. (93737551)
    • client-glacier: Documentation updates for Amazon Glacier's maintenance mode (069dcf44)
    • client-connect: Amazon Connect now supports outbound WhatsApp contacts via the Send message block or StartOutboundChatContact API. Send proactive messages for surveys, reminders, and updates. Offer customers the option to switch to WhatsApp while in queue, eliminating hold time. (c9b56eb0)
    • client-mediatailor: Added support for Ad Decision Server Configuration enabling HTTP POST requests with custom bodies, headers, GZIP compression, and dynamic variables. No changes required for existing GET request configurations. (d0aae6dd)
    Bug Fixes
    • client-sts: warn sts default region only when used (#7579) (6512de50)
    • credential-provider-ini: pass requestHandler from client to login provider (#7577) (a0bd362c)

    For list of updated packages, view updated-packages.md in assets-3.952.0.zip

  • 3.948.0 - 2025-12-09
  • 3.947.0 - 2025-12-08
  • 3.946.0 - 2025-12-05
  • 3.943.0 - 2025-12-02
  • 3.940.0 - 2025-11-25
  • 3.939.0 - 2025-11-24
  • 3.937.0 - 2025-11-20
  • 3.936.0 - 2025-11-19
  • 3.935.0 - 2025-11-19
  • 3.934.0 - 2025-11-18
  • 3.933.0 - 2025-11-17
  • 3.932.0 - 2025-11-14
  • 3.931.0 - 2025-11-13
  • 3.930.0 - 2025-11-12
  • 3.929.0 - 2025-11-11
  • 3.928.0 - 2025-11-10
  • 3.927.0 - 2025-11-07
  • 3.926.0 - 2025-11-06
  • 3.925.0 - 2025-11-05
  • 3.922.0 - 2025-10-31
  • 3.921.0 - 2025-10-30
  • 3.920.0 - 2025-10-29
  • 3.919.0 - 2025-10-28
  • 3.918.0 - 2025-10-27
  • 3.917.0 - 2025-10-24
  • 3.916.0 - 2025-10-23
  • 3.914.0 - 2025-10-21
  • 3.913.0 - 2025-10-17
  • 3.911.0 - 2025-10-15
  • 3.910.0 - 2025-10-14
  • 3.908.0 - 2025-10-10
  • 3.907.0 - 2025-10-09
  • 3.906.0 - 2025-10-08
  • 3.901.0 - 2025-10-01
  • 3.899.0 - 2025-09-29
  • 3.896.0 - 2025-09-24
  • 3.895.0 - 2025-09-23
  • 3.894.0 - 2025-09-22
  • 3.893.0 - 2025-09-19
  • 3.892.0 - 2025-09-18
  • 3.891.0 - 2025-09-17
  • 3.890.0 - 2025-09-16
  • 3.888.0 - 2025-09-12
  • 3.887.0 - 2025-09-11
  • 3.886.0 - 2025-09-10
  • 3.884.0 - 2025-09-08
  • 3.883.0 - 2025-09-05
  • 3.882.0 - 2025-09-04
  • 3.879.0 - 2025-08-29
  • 3.878.0 - 2025-08-28
  • 3.876.0 - 2025-08-26
  • 3.873.0 - 2025-08-21
  • 3.872.0 - 2025-08-20
  • 3.864.0 - 2025-08-08
  • 3.863.0 - 2025-08-07
  • 3.862.0 - 2025-08-06
  • 3.859.0 - 2025-08-01
  • 3.858.0 - 2025-07-31
  • 3.857.0 - 2025-07-30
  • 3.856.0 - 2025-07-29
  • 3.855.0 - 2025-07-28
  • 3.850.0 - 2025-07-21
  • 3.848.0 - 2025-07-17
  • 3.846.0 - 2025-07-16
  • 3.845.0 - 2025-07-15
  • 3.844.0 - 2025-07-09
  • 3.842.0 - 2025-07-02
  • 3.840.0 - 2025-06-30
  • 3.839.0 - 2025-06-27
  • 3.837.0 - 2025-06-25
  • 3.835.0 - 2025-06-23
  • 3.832.0 - 2025-06-18
  • 3.830.0 - 2025-06-16
  • 3.828.0 - 2025-06-11
  • 3.826.0 - 2025-06-06
from @aws-sdk/client-s3 GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

@snyk-bot
fix: upgrade @aws-sdk/client-s3 from 3.826.0 to 3.958.0
fca4679 
Snyk has created this PR to upgrade @aws-sdk/client-s3 from 3.826.0 to 3.958.0.

See this package in npm:
@aws-sdk/client-s3

See this project in Snyk:
https://app.snyk.io/org/sunwuyuan/project/7f95d725-ca6f-4cce-ab56-8b055b9f632f?utm_source=github&utm_medium=referral&page=upgrade-pr
Copilot AI review requested due to automatic review settings January 14, 2026 04:00
@vercel
Copy link

vercel bot commented Jan 14, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Review Updated (UTC)
our-world Error Error Jan 14, 2026 4:00am

Copilot AI reviewed Jan 14, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR upgrades the @aws-sdk/client-s3 package from version 3.826.0 to 3.958.0 to address multiple security vulnerabilities identified by Snyk. The upgrade spans 81 versions but remains within the v3 major release, which maintains API compatibility.

Changes:

  • Upgrades @aws-sdk/client-s3 dependency from ^3.826.0 to ^3.958.0
  • Fixes 11 security vulnerabilities ranging from low to critical severity
  • Includes fixes for transitive dependencies (axios, body-parser, form-data, jws, multer, validator, etc.)

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Sunwuyuan @snyk-bot