v3.3.20

[3.3.20] - 2025-11-25

Security

• Bumped glob to ^11.1.0 to mitigate CVE-2025-64756
• Bumped js-yaml to ^4.1.1 to mitigate CVE-2025-64718

v3.3.19

[3.3.19] - 2025-09-18

Security

• Bumped axios to 1.12.1 to mitigate CVE-2025-58754

Changed

• package-lock.json to address dependabot identified vulnerabilities

v3.3.18

What's Changed

• Release 3.3.18 by @rharikak in #156

Security

• Bump form-data to address [https://github.com/advisories/GHSA-fjxv-7rqg-78g4] (https://avd.aquasec.com/nvd/cve-2025-7783)
• Bump brace-expansion to address [https://github.com/advisories/GHSA-v6h2-p8h4-qcjw]
• Bump urllib3 to address [https://github.com/advisories/GHSA-pq67-6m6q-mj2v], [https://github.com/advisories/GHSA-48p4-8xcf-vxj5] (https://avd.aquasec.com/nvd/cve-2025-50181), (https://avd.aquasec.com/nvd/cve-2025-50182)

Removed

• AppRegistry application tags at resource level

Full Changelog: v3.3.17...v3.3.18

v3.3.17

What's Changed

• Release 3.3.17 by @gsingh04 in #152

Security

• Bump webpack-dev-server to mitigate CVE-2025-30360

Changed

• Remove requirements.txt in favor of poetry.lock for dependency management with poetry
• Refactor lambda as standard python package with poetry

Full Changelog: v3.3.16...v3.3.17

v3.3.16

What's Changed

• Release 3.3.16 by @gsingh04 in #151

Security

• Bump http-proxy-middleware to 2.0.9 to mitigate CVE-2025-32997

Fixed

• Remove setuptools and pkg_resources from lambda packaging
• Remove event verbose log at INFO level
• Respect tag case when copying vpc tags on TGW attachments
• Add dependency for CSP resource on DeployWebUiCondition

Full Changelog: v3.3.15...v3.3.16

v3.3.15

What's Changed

• Release 3.3.15 by @gsingh04 in #148

Security

• Bump aws-amplify to 5.3.27
• Allow only TLS requests on S3 bucket through bucket policy
• Add CSP security headers on CloudFront
• Enable MFA for authentication by default
• Add AWS Managed WAF rules to ACL
• Disable introspection queries on AppSync endpoint

Changed

• Disable verbose logging on the AppSync endpoint
• AppRegistry application tags at resource level

Fixed

• Remove unused http methods from cache behavior, Cloudfront only needs to process and forward GET/HEAD requests to S3 origin
• Improve error response for UpdateTransitNetworkOrchestratorTable API path

Full Changelog: v3.3.14...v3.3.15

v3.3.14

What's Changed

• Bump versions for 3.3.14 by @gsingh04 in #146

Security

• Bumped axios to 1.8.2 to mitigate CVE-2025-27152
• Bumped @babel/runtime, @babel/helpers to 7.26.10 to mitigate CVE-2025-27789

Full Changelog: v3.3.13...v3.3.14

v3.3.13

What's Changed

• Release 3.3.13 by @gsingh04 in #144

Security

• Bumped path-to-regexp to 0.1.12 to mitigate CVE-2024-52798
• Bumped nanoid to 3.3.8 to mitigate CVE-2024-55565

Full Changelog: v3.3.12...v3.3.13

v3.3.12

What's Changed

• Release 3.3.12 by @gsingh04 in #142

Security

• Bumped cross-spawn to 7.0.6 to mitigate CVE-2024-21538

Full Changelog: v3.3.11...v3.3.12

v3.3.11

What's Changed

• Release 3.3.11 by @gsingh04 in #139

[3.3.11] - 2024-10-31

Security

• Bumped http-proxy-middleware to 2.0.7 to mitigate CVE-2024-21536

Changed

• Moved spoke service linked role template as conditional nested stack under spoke stack

Full Changelog: v3.3.10...v3.3.11

Contributors

@cheng514
@nishikkr