chore(deps): update all dependencies (#1330)

This PR contains the following updates:

| Package | Type | Update | Change | Age | Confidence |
|---|---|---|---|---|---|
| [actions/cache](https://redirect.github.com/actions/cache) | action |
digest | `0400d5f` -> `0057852` | | |
| [actions/stale](https://redirect.github.com/actions/stale) | action |
digest | `3a9db7e` -> `5f858e3` | | |
| [aws](https://registry.terraform.io/providers/hashicorp/aws)
([source](https://redirect.github.com/hashicorp/terraform-provider-aws))
| required_provider | minor | `6.13.0` -> `6.15.0` |
[![age](https://developer.mend.io/api/mc/badges/age/terraform-provider/hashicorp%2faws/6.15.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/terraform-provider/hashicorp%2faws/6.13.0/6.15.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [boto3](https://redirect.github.com/boto/boto3) | | patch | `==
1.40.30` -> `==1.40.48` |
[![age](https://developer.mend.io/api/mc/badges/age/pypi/boto3/1.40.48?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/boto3/1.40.30/1.40.48?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [botocore](https://redirect.github.com/boto/botocore) | | patch | `==
1.40.30` -> `==1.40.48` |
[![age](https://developer.mend.io/api/mc/badges/age/pypi/botocore/1.40.48?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/botocore/1.40.30/1.40.48?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [checkmarx/kics](https://redirect.github.com/Checkmarx/kics) |
container | patch | `v2.1.13-debian` -> `v2.1.14-debian` |
[![age](https://developer.mend.io/api/mc/badges/age/docker/checkmarx%2fkics/v2.1.14?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/docker/checkmarx%2fkics/v2.1.13/v2.1.14?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
|
[github/codeql-action](https://redirect.github.com/github/codeql-action)
| action | major | `v3.30.3` -> `v4.30.7` |
[![age](https://developer.mend.io/api/mc/badges/age/github-tags/github%2fcodeql-action/v4.30.7?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/github-tags/github%2fcodeql-action/v3.30.3/v4.30.7?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
|
[oxsecurity/megalinter](https://redirect.github.com/oxsecurity/megalinter)
| action | major | `v8.8.0` -> `v9.1.0` |
[![age](https://developer.mend.io/api/mc/badges/age/github-tags/oxsecurity%2fmegalinter/v9.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/github-tags/oxsecurity%2fmegalinter/v8.8.0/v9.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
|
[terraform-linters/setup-tflint](https://redirect.github.com/terraform-linters/setup-tflint)
| action | major | `v5` -> `v6` |
[![age](https://developer.mend.io/api/mc/badges/age/github-tags/terraform-linters%2fsetup-tflint/v6?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/github-tags/terraform-linters%2fsetup-tflint/v5/v6?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
|
[terraform-linters/tflint-ruleset-aws](https://redirect.github.com/terraform-linters/tflint-ruleset-aws)
| plugin | minor | `0.42.0` -> `0.43.0` |
[![age](https://developer.mend.io/api/mc/badges/age/github-releases/terraform-linters%2ftflint-ruleset-aws/0.43.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/github-releases/terraform-linters%2ftflint-ruleset-aws/0.42.0/0.43.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

---

### Release Notes

<details>
<summary>hashicorp/terraform-provider-aws (aws)</summary>

###
[`v6.15.0`](https://redirect.github.com/hashicorp/terraform-provider-aws/blob/HEAD/CHANGELOG.md#6150-October-2-2025)

[Compare
Source](https://redirect.github.com/hashicorp/terraform-provider-aws/compare/v6.14.1...v6.15.0)

BREAKING CHANGES:

- resource/aws\_ecs\_service: Fix behavior when updating
`capacity_provider_strategy` to avoid ECS service recreation after
recent AWS changes
([#&#8203;43533](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/43533))

FEATURES:

- **New Action:** `aws_codebuild_start_build`
([#&#8203;44444](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44444))
- **New Action:** `aws_events_put_events`
([#&#8203;44487](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44487))
- **New Action:** `aws_sfn_start_execution`
([#&#8203;44464](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44464))
- **New Data Source:** `aws_appconfig_application`
([#&#8203;44168](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44168))
- **New Data Source:** `aws_odb_db_node`
([#&#8203;43792](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/43792))
- **New Data Source:** `aws_odb_db_nodes`
([#&#8203;43792](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/43792))
- **New Data Source:** `aws_odb_db_server`
([#&#8203;43792](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/43792))
- **New Data Source:** `aws_odb_db_servers`
([#&#8203;43792](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/43792))
- **New Data Source:** `aws_odb_db_system_shapes`
([#&#8203;43825](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/43825))
- **New Data Source:** `aws_odb_gi_versions`
([#&#8203;43825](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/43825))
- **New Resource:** `aws_lakeformation_lf_tag_expression`
([#&#8203;43883](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/43883))

ENHANCEMENTS:

- data-source/aws\_dms\_endpoint: Add `mysql_settings` attribute
([#&#8203;44516](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44516))
- data-source/aws\_ec2\_instance\_type\_offering: Add `location`
attribute
([#&#8203;44328](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44328))
- data-source/aws\_rds\_proxy: Add `default_auth_scheme` attribute
([#&#8203;44309](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44309))
- resource/aws\_cleanrooms\_configured\_table: Add resource identity
support
([#&#8203;44435](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44435))
- resource/aws\_cloudfront\_distribution: Add `ip_address_type` argument
to `origin.custom_origin_config` block
([#&#8203;44463](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44463))
- resource/aws\_connect\_instance: Add resource identity support
([#&#8203;44346](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44346))
- resource/aws\_connect\_phone\_number: Add resource identity support
([#&#8203;44365](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44365))
- resource/aws\_dms\_endpoint: Add `mysql_settings` configuration block
([#&#8203;44516](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44516))
- resource/aws\_dsql\_cluster: Adds attribute `force_destroy`.
([#&#8203;44406](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44406))
- resource/aws\_ebs\_volume: Update `throughput` maximum validation from
1000 to 2000 MiB/s for gp3 volumes
([#&#8203;44514](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44514))
- resource/aws\_ecs\_capacity\_provider: Add `cluster` and
`managed_instances_provider` arguments
([#&#8203;44509](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44509))
- resource/aws\_ecs\_capacity\_provider: Make
`auto_scaling_group_provider` optional
([#&#8203;44509](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44509))
- resource/aws\_iam\_service\_specific\_credential: Add support for
Bedrock API keys with `credential_age_days`, `service_credential_alias`,
`service_credential_secret`, `create_date`, and `expiration_date`
attributes
([#&#8203;44299](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44299))
- resource/aws\_networkfirewall\_logging\_configuration: Add
`enable_monitoring_dashboard` argument
([#&#8203;44515](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44515))
- resource/aws\_opensearch\_domain: Add `aiml_options` argument
([#&#8203;44417](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44417))
- resource/aws\_pinpointsmsvoicev2\_phone\_number: Update
`two_way_channel_arn` argument to accept
`connect.[region].amazonaws.com` in addition to ARNs
([#&#8203;44372](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44372))
- resource/aws\_rds\_proxy: Add `default_auth_scheme` argument
([#&#8203;44309](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44309))
- resource/aws\_rds\_proxy: Make `auth` configuration block optional
([#&#8203;44309](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44309))
- resource/aws\_route53recoverycontrolconfig\_cluster: Add
`network_type` argument
([#&#8203;44377](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44377))
- resource/aws\_route53recoverycontrolconfig\_cluster: Add tagging
support
([#&#8203;44473](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44473))
- resource/aws\_route53recoverycontrolconfig\_control\_panel: Add
tagging support
([#&#8203;44473](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44473))
- resource/aws\_route53recoverycontrolconfig\_safety\_rule: Add tagging
support
([#&#8203;44473](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44473))
- resource/aws\_s3control\_bucket: Add resource identity support
([#&#8203;44379](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44379))
- resource/aws\_sfn\_activity: Add `arn` argument
([#&#8203;44408](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44408))
- resource/aws\_sfn\_activity: Add resource identity support
([#&#8203;44408](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44408))
- resource/aws\_sfn\_alias: Add resource identity support
([#&#8203;44408](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44408))
- resource/aws\_ssmcontacts\_contact\_channel: Add resource identity
support
([#&#8203;44369](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44369))

BUG FIXES:

- data-source/aws\_lb: Fix `Invalid address to set:
[]string{"secondary_ips_auto_assigned_per_subnet"}` errors
([#&#8203;44485](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44485))
- data-source/aws\_networkfirewall\_firewall\_policy: Fix failure to
retrieve multiple `firewall_policy.stateful_rule_group_reference`
attributes
([#&#8203;44482](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44482))
- data-source/aws\_servicequotas\_service\_quota: Fixed a panic that
occurred when a non-existing `quota_name` was provided
([#&#8203;44449](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44449))
- resource/aws\_bedrock\_provisioned\_model\_throughput: Fix
`AttributeName("arn") still remains in the path: could not find
attribute or block "arn" in schema` errors when upgrading from a
pre-v6.0.0 provider version
([#&#8203;44434](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44434))
- resource/aws\_chatbot\_slack\_channel\_configuration: Force resource
replacement when `configuration_name` is modified
([#&#8203;43996](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/43996))
- resource/aws\_cloudwatch\_event\_rule: Do not retry on
`LimitExceededException`
([#&#8203;44489](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44489))
- resource/aws\_cloudwatch\_log\_resource\_policy: Do not retry on
`LimitExceededException`
([#&#8203;44522](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44522))
- resource/aws\_default\_vpc: Correctly set `ipv6_cidr_block` when the
VPC has multiple associated IPv6 CIDRs
([#&#8203;44362](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44362))
- resource/aws\_dms\_endpoint: Ensure that `postgres_settings` are
updated
([#&#8203;44389](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44389))
- resource/aws\_dsql\_cluster: Prevents error when optional attribute
`deletion_protection_enabled` not set.
([#&#8203;44406](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44406))
- resource/aws\_eks\_cluster: Change `compute_config`,
`kubernetes_network_config.elastic_load_balancing`, and
`storage_config.` to Optional and Computed, allowing EKS Auto Mode
settings to be enabled, disabled, and removed from configuration
([#&#8203;44334](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44334))
- resource/aws\_elastic\_beanstalk\_configuration\_template: Fix
`inconsistent final plan` error in some cases with `setting` elements.
([#&#8203;44461](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44461))
- resource/aws\_elastic\_beanstalk\_environment: Fix `inconsistent final
plan` error in some cases with `setting` elements.
([#&#8203;44461](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44461))
- resource/aws\_elasticache\_cluster: Fix `provider produced unexpected
value` for `cache_usage_limits` argument.
([#&#8203;43841](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/43841))
- resource/aws\_fsx\_lustre\_file\_system: Fixed to update
`metadata_configuration` first to allow simultaneous increase of
`metadata_configuration.iops` and `storage_capacity`
([#&#8203;44456](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44456))
- resource/aws\_instance: Fix `interface conversion: interface {} is
nil, not map[string]interface {}` panics when
`capacity_reservation_target` is empty
([#&#8203;44459](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44459))
- resource/aws\_kinesisanalyticsv2\_application: Ensure that configured
`application_configuration.run_configuration` values are respected
during update
([#&#8203;43490](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/43490))
- resource/aws\_odb\_cloud\_autonomous\_vm\_cluster : Fixed planmodifier
for computed attribute.
([#&#8203;44401](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44401))
- resource/aws\_odb\_cloud\_vm\_cluster : Fixed planmodifier for
computed attribute. Fixed planmodifier from display\_name attribute.
([#&#8203;44401](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44401))
- resource/aws\_odb\_cloud\_vm\_cluster : Fixed planmodifier for
data\_storage\_size\_in\_tbs. Marked it mandatory. Fixed gi-version
issue during creation
([#&#8203;44498](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44498))
- resource/aws\_odb\_network\_peering\_connection : Fixed planmodifier
for computed attribute.
([#&#8203;44401](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44401))
- resource/aws\_rds\_cluster: Fixes error when setting
`database_insights_mode` with `global_cluster_identifier`.
([#&#8203;44404](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44404))
- resource/aws\_route53\_health\_check: Fix `child_health_threshold` to
properly accept explicitly specified zero value
([#&#8203;44006](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44006))
- resource/aws\_s3\_bucket\_lifecycle\_configuration: Allows unsetting
`noncurrent_version_expiration.newer_noncurrent_versions` and
`noncurrent_version_transition.newer_noncurrent_versions`.
([#&#8203;44442](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44442))
- resource/aws\_s3\_bucket\_lifecycle\_configuration: Do not warn if no
filter element is set
([#&#8203;43590](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/43590))
- resource/aws\_vpc: Correctly set `ipv6_cidr_block` when the VPC has
multiple associated IPv6 CIDRs
([#&#8203;44362](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44362))

###
[`v6.14.1`](https://redirect.github.com/hashicorp/terraform-provider-aws/blob/HEAD/CHANGELOG.md#6141-September-22-2025)

[Compare
Source](https://redirect.github.com/hashicorp/terraform-provider-aws/compare/v6.14.0...v6.14.1)

NOTES:

- provider: This release contains both internal provider fixes and a
Terraform Plugin SDK V2 update related to a
[regression](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44366)
which may impact resources that support resource identity
([#&#8203;44375](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44375))

BUG FIXES:

- provider: Fix `Missing Resource Identity After Update` errors for
non-refreshed and failed updates
([#&#8203;44375](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44375))
- provider: Fix `Unexpected Identity Change` errors when fully-null
identity values in state are updated to valid values
([#&#8203;44375](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44375))

###
[`v6.14.0`](https://redirect.github.com/hashicorp/terraform-provider-aws/blob/HEAD/CHANGELOG.md#6140-September-18-2025)

[Compare
Source](https://redirect.github.com/hashicorp/terraform-provider-aws/compare/v6.13.0...v6.14.0)

FEATURES:

- **New Action:** `aws_cloudfront_create_invalidation`
([#&#8203;43955](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/43955))
- **New Action:** `aws_ec2_stop_instance`
([#&#8203;43700](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/43700))
- **New Action:** `aws_lambda_invoke`
([#&#8203;43972](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/43972))
- **New Action:** `aws_ses_send_email`
([#&#8203;44214](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44214))
- **New Action:** `aws_sns_publish`
([#&#8203;44232](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44232))
- **New Data Source:** `aws_billing_views`
([#&#8203;44272](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44272))
- **New Data Source:** `aws_odb_cloud_autonomous_vm_cluster`
([#&#8203;43809](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/43809))
- **New Data Source:** `aws_odb_cloud_exadata_infrastructure`
([#&#8203;43650](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/43650))
- **New Data Source:** `aws_odb_cloud_vm_cluster`
([#&#8203;43790](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/43790))
- **New Data Source:** `aws_odb_network`
([#&#8203;43715](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/43715))
- **New Data Source:** `aws_odb_network_peering_connection`
([#&#8203;43757](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/43757))
- **New Resource:** `aws_controltower_baseline`
([#&#8203;42397](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/42397))
- **New Resource:** `aws_odb_cloud_autonomous_vm_cluster`
([#&#8203;43809](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/43809))
- **New Resource:** `aws_odb_cloud_exadata_infrastructure`
([#&#8203;43650](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/43650))
- **New Resource:** `aws_odb_cloud_vm_cluster`
([#&#8203;43790](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/43790))
- **New Resource:** `aws_odb_network`
([#&#8203;43715](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/43715))
- **New Resource:** `aws_odb_network_peering_connection`
([#&#8203;43757](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/43757))

ENHANCEMENTS:

- resource/aws\_batch\_job\_queue: Adds List support
([#&#8203;43960](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/43960))
- resource/aws\_cloudwatch\_log\_group: Adds List support
([#&#8203;44129](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44129))
- resource/aws\_ecs\_service: Add
`deployment_configuration.lifecycle_hook.hook_details` argument
([#&#8203;44289](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44289))
- resource/aws\_iam\_role: Adds List support
([#&#8203;44129](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44129))
- resource/aws\_instance: Adds List support
([#&#8203;44129](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44129))
- resource/aws\_rds\_global\_cluster: Remove provider-side conflict
between `source_db_cluster_identifier` and `engine` arguments
([#&#8203;44252](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44252))
- resource/aws\_scheduler\_schedule: Add `action_after_completion`
argument
([#&#8203;44264](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44264))
- resource/aws\_sfn\_state\_machine: Add resource identity support
([#&#8203;44286](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44286))

BUG FIXES:

- resource/aws\_elasticache\_user\_group: Ignore `InvalidParameterValue:
User xxx is not a member of user group xxx` errors during group
modification
([#&#8203;43520](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/43520))
- resource/aws\_sagemaker\_endpoint\_configuration: Fix panic when empty
`async_inference_config.output_config.notification_config` block is
specified
([#&#8203;44310](https://redirect.github.com/hashicorp/terraform-provider-aws/issues/44310))

</details>

<details>
<summary>boto/boto3 (boto3)</summary>

###
[`v1.40.48`](https://redirect.github.com/boto/boto3/blob/HEAD/CHANGELOG.rst#14048)

[Compare
Source](https://redirect.github.com/boto/boto3/compare/1.40.47...1.40.48)

\=======

- api-change:`bedrock-agentcore-control`: \[`botocore`] Adding support
for authorizer type AWS\_IAM to AgentCore Control Gateway.
- api-change:`license-manager-user-subscriptions`: \[`botocore`]
Released support for IPv6 and dual-stack active directories
- api-change:`outposts`: \[`botocore`] This release adds the new
StartOutpostDecommission API, which starts the decommission process to
return Outposts racks or servers.
- api-change:`service-quotas`: \[`botocore`] introduces Service Quotas
Automatic Management. Users can opt-in to monitoring and managing
service quotas, receive notifications when quota usage reaches
thresholds, configure notification channels, subscribe to EventBridge
events for automation, and view notifications in the AWS Health
dashboard.

###
[`v1.40.47`](https://redirect.github.com/boto/boto3/blob/HEAD/CHANGELOG.rst#14047)

[Compare
Source](https://redirect.github.com/boto/boto3/compare/1.40.46...1.40.47)

\=======

- api-change:`proton`: \[`botocore`] Deprecating APIs in AWS Proton
namespace.

###
[`v1.40.46`](https://redirect.github.com/boto/boto3/blob/HEAD/CHANGELOG.rst#14046)

[Compare
Source](https://redirect.github.com/boto/boto3/compare/1.40.45...1.40.46)

\=======

- api-change:`backup`: \[`botocore`] Adds optional
MaxScheduledRunsPreview input to GetBackupPlan API to provide a preview
of up to 10 next scheduled backup plan runs in the GetBackupPlan
response.
- api-change:`bedrock-agentcore`: \[`botocore`] Add support for batch
memory management, agent card retrieval and session termination
- api-change:`bedrock-agentcore-control`: \[`botocore`] Add support for
VM lifecycle configuration parameters and A2A protocol
- api-change:`glue`: \[`botocore`] Adds labeling for
DataQualityRuleResult for GetDataQualityResult and
PublishDataQualityResult APIs
- api-change:`mediaconnect`: \[`botocore`] Enabling Tag-on-Create for
AWS Elemental MediaConnect flow-based resource types
- api-change:`memorydb`: \[`botocore`] Support for
DescribeMultiRegionParameterGroups and DescribeMultiRegionParameters
API.
- api-change:`quicksight`: \[`botocore`] Documentation improvements for
QuickSight API documentation to clarify that delete operation APIs are
global.
- api-change:`rds`: \[`botocore`] Documentation updates to the
CreateDBClusterMessage$PubliclyAccessible and
CreateDBInstanceMessage$PubliclyAccessible properties.
- api-change:`resource-explorer-2`: \[`botocore`] Add new AWS Resource
Explorer APIs

###
[`v1.40.45`](https://redirect.github.com/boto/boto3/blob/HEAD/CHANGELOG.rst#14045)

[Compare
Source](https://redirect.github.com/boto/boto3/compare/1.40.44...1.40.45)

\=======

- api-change:`cleanrooms`: \[`botocore`] Added support for reading data
sources across regions, and results delivery to allowedlisted regions.
- api-change:`medialive`: \[`botocore`] AWS Elemental MediaLive enables
Mediapackage V2 users to configure ID3, KLV, Nielsen ID3, and Segment
Length related parameters through the Mediapackage output group.
- api-change:`payment-cryptography-data`: \[`botocore`] Added a new API
- translateKeyMaterial; allows keys wrapped by ECDH derived keys to be
rewrapped under a static AES keyblock without first importing the key
into the service.
- api-change:`qconnect`: \[`botocore`] Updated Amazon Q in Connect APIs
to support Email Contact Recommendations.

###
[`v1.40.44`](https://redirect.github.com/boto/boto3/blob/HEAD/CHANGELOG.rst#14044)

[Compare
Source](https://redirect.github.com/boto/boto3/compare/1.40.43...1.40.44)

\=======

- api-change:`cloudformation`: \[`botocore`] Add new warning type
'EXCLUDED\_RESOURCES'
- api-change:`connectcases`: \[`botocore`] New Search All Related Items
API enables searching related items across cases
- api-change:`dynamodb`: \[`botocore`] Add support for dual-stack
account endpoint generation
- api-change:`endpoint-rules`: \[`botocore`] Update endpoint-rules
client to latest version
- api-change:`guardduty`: \[`botocore`] Updated descriptions for the
Location parameter in CreateTrustedEntitySet and CreateThreatEntitySet.
- api-change:`synthetics`: \[`botocore`] Adds support to configure
canaries with pre-configured blueprint code on supported runtime
versions. This behavior can be controlled via the new BlueprintTypes
property exposed in the CreateCanary and UpdateCanary APIs.

###
[`v1.40.43`](https://redirect.github.com/boto/boto3/blob/HEAD/CHANGELOG.rst#14043)

[Compare
Source](https://redirect.github.com/boto/boto3/compare/1.40.42...1.40.43)

\=======

- api-change:`chime-sdk-meetings`: \[`botocore`] Add support to receive
dual stack MediaPlacement URLs in Chime Meetings SDK
- api-change:`cleanrooms`: \[`botocore`] This release introduces data
access budgets to control how many times a table can be used for queries
and jobs in a collaboration.
- api-change:`cleanroomsml`: \[`botocore`] This release introduces data
access budgets to view how many times an input channel can be used for
ML jobs in a collaboration.
- api-change:`dms`: \[`botocore`] This is a doc-only update, revising
text for kms-key-arns.
- api-change:`ecs`: \[`botocore`] This is a documentation only Amazon
ECS release that adds additional information for health checks.
- api-change:`pcs`: \[`botocore`] Added the UpdateCluster API action to
modify cluster configurations, and Slurm custom settings for queues.

###
[`v1.40.42`](https://redirect.github.com/boto/boto3/blob/HEAD/CHANGELOG.rst#14042)

[Compare
Source](https://redirect.github.com/boto/boto3/compare/1.40.41...1.40.42)

\=======

- api-change:`application-signals`: \[`botocore`] Amazon CloudWatch
Application Signals is introducing the Application Map to give users a
more comprehensive view of their service health. Users will now be able
to group services, track their latest deployments, and view automated
audit findings concerning service performance.
- api-change:`bedrock-agentcore-control`: \[`botocore`] Tagging support
for AgentCore Gateway
- api-change:`chime-sdk-voice`: \[`botocore`] Added support for
IPv4-only and dual-stack network configurations for VoiceConnector and
CreateVoiceConnector API.
- api-change:`connectcases`: \[`botocore`] This release adds support for
two new related item types: ConnectCase for linking Amazon Connect cases
and Custom for user-defined related items with configurable fields.
- api-change:`customer-profiles`: \[`botocore`] This release introduces
ListProfileHistoryRecords and GetProfileHistoryRecord APIs for
comprehensive profile history tracking with complete audit trails of
creation, updates, merges, deletions, and data ingestion events.
- api-change:`datasync`: \[`botocore`] Added support for FIPS VPC
endpoints in FIPS-enabled AWS Regions.
- api-change:`datazone`: \[`botocore`] This release adds support for
creation of EMR on EKS Connections in Amazon DataZone.
- api-change:`ds`: \[`botocore`] AWS Directory service now supports
IPv6-native and dual-stack configurations for AWS Managed Microsoft AD,
AD Connector, and Simple AD (dual-stack only). Additionally, AWS Managed
Microsoft AD Standard Edition directories can be upgraded to Enterprise
Edition directories through a single API call.
- api-change:`ecs`: \[`botocore`] This release adds support for Managed
Instances on Amazon ECS.
- api-change:`fsx`: \[`botocore`] Add Dual-Stack support for Amazon FSx
for NetApp ONTAP and Windows File Server
- api-change:`mediatailor`: \[`botocore`] Adding TPS Traffic Shaping to
Prefetch Schedules
- api-change:`quicksight`: \[`botocore`] added warnings to a few CLI
pages
- api-change:`rds`: \[`botocore`] Enhanced RDS error handling: Added
DBProxyEndpointNotFoundFault, DBShardGroupNotFoundFault,
KMSKeyNotAccessibleFault for snapshots/restores/backups,
NetworkTypeNotSupported, StorageTypeNotSupportedFault for restores, and
granular state validation faults. Changed DBInstanceNotReadyFault to
HTTP 400.
- api-change:`transfer`: \[`botocore`] Add support for updating server
identity provider type

###
[`v1.40.41`](https://redirect.github.com/boto/boto3/blob/HEAD/CHANGELOG.rst#14041)

[Compare
Source](https://redirect.github.com/boto/boto3/compare/1.40.40...1.40.41)

\=======

- api-change:`bedrock`: \[`botocore`] Release for fixing
GetFoundationModel API behavior. Imported and custom models have their
own exclusive API and GetFM should not accept those ARNS as input
- api-change:`bedrock-runtime`: \[`botocore`] New stop reason for
Converse and ConverseStream
- api-change:`imagebuilder`: \[`botocore`] This release introduces
several new features and improvements to enhance pipeline management,
logging, and resource configuration.
- api-change:`vpc-lattice`: \[`botocore`] Adds support for specifying
the number of IPv4 addresses in each ENI for the resource gateway for
VPC Lattice.

###
[`v1.40.40`](https://redirect.github.com/boto/boto3/blob/HEAD/CHANGELOG.rst#14040)

[Compare
Source](https://redirect.github.com/boto/boto3/compare/1.40.39...1.40.40)

\=======

- api-change:`bedrock-agent-runtime`: \[`botocore`] This release
enhances the information provided through Flow Traces. New information
includes source/next node tracking, execution chains for complex nodes,
dependency action (operation) details, and dependency traces.
- api-change:`bedrock-data-automation`: \[`botocore`] Added support for
configurable Speaker Labeling and Channel Labeling features for Audio
modality.
- api-change:`billing`: \[`botocore`] Add ability to combine custom
billing views to create new consolidated views.
- api-change:`ce`: \[`botocore`] Support for payer account dimension and
billing view health status.
- api-change:`connect`: \[`botocore`] Adds supports for manual contact
picking (WorkList) operations on Routing Profiles, Agent Management and
SearchContacts APIs.
- api-change:`dynamodbstreams`: \[`botocore`] Added support for IPv6
compatible endpoints for DynamoDB Streams.
- api-change:`ec2`: \[`botocore`] This release includes documentation
updates for Amazon EBS General Purpose SSD (gp3) volumes with larger
size and higher IOPS and throughput.
- api-change:`endpoint-rules`: \[`botocore`] Update endpoint-rules
client to latest version
- api-change:`redshift`: \[`botocore`] Support tagging and tag
propagation to IAM Identity Center for Redshift Idc Applications

###
[`v1.40.39`](https://redirect.github.com/boto/boto3/blob/HEAD/CHANGELOG.rst#14039)

[Compare
Source](https://redirect.github.com/boto/boto3/compare/1.40.38...1.40.39)

\=======

- api-change:`glue`: \[`botocore`] Update GetConnection(s) API to return
KmsKeyArn & Add 63 missing connection types
- api-change:`lightsail`: \[`botocore`] Attribute HTTP binding update
for Get/Delete operations
- api-change:`network-firewall`: \[`botocore`] Network Firewall now
introduces Reject and Alert action support for stateful domain list rule
groups, providing customers with more granular control over their
network traffic.

###
[`v1.40.38`](https://redirect.github.com/boto/boto3/blob/HEAD/CHANGELOG.rst#14038)

[Compare
Source](https://redirect.github.com/boto/boto3/compare/1.40.37...1.40.38)

\=======

- api-change:`appstream`: \[`botocore`] G6f instance support for
AppStream 2.0
- api-change:`cloudwatch`: \[`botocore`] Fix default dualstack FIPS
endpoints in AWS GovCloud(US) regions
- api-change:`dax`: \[`botocore`] This release adds support for
IPv6-only, DUAL\_STACK DAX instances
- api-change:`endpoint-rules`: \[`botocore`] Update endpoint-rules
client to latest version
- api-change:`kms`: \[`botocore`] Documentation only updates for KMS.
- api-change:`neptune`: \[`botocore`] Doc-only update to address
customer use.

###
[`v1.40.37`](https://redirect.github.com/boto/boto3/blob/HEAD/CHANGELOG.rst#14037)

[Compare
Source](https://redirect.github.com/boto/boto3/compare/1.40.36...1.40.37)

\=======

- api-change:`cleanrooms`: \[`botocore`] Added support for running
incremental ID mapping for rule-based workflows.
- api-change:`ec2`: \[`botocore`] Add Amazon EC2 R8gn instance types
- api-change:`entityresolution`: \[`botocore`] Support incremental id
mapping workflow for AWS Entity Resolution
- api-change:`ssm`: \[`botocore`] Added Dualstack support to
GetDeployablePatchSnapshotForInstance
- api-change:`sso-admin`: \[`botocore`] Add support for encryption at
rest with Customer Managed KMS Key in AWS IAM Identity Center
- api-change:`sso-oidc`: \[`botocore`] This release includes exception
definition and documentation updates.

###
[`v1.40.36`](https://redirect.github.com/boto/boto3/blob/HEAD/CHANGELOG.rst#14036)

[Compare
Source](https://redirect.github.com/boto/boto3/compare/1.40.35...1.40.36)

\=======

- api-change:`batch`: \[`botocore`] Starting in JAN 2026, AWS Batch will
change the default AMI for new Amazon ECS compute environments from
Amazon Linux 2 to Amazon Linux 2023. We recommend migrating AWS Batch
Amazon ECS compute environments to Amazon Linux 2023 to maintain optimal
performance and security.
- api-change:`eks`: \[`botocore`] Adds support for RepairConfig
overrides and configurations in EKS Managed Node Groups.
- api-change:`imagebuilder`: \[`botocore`] Version ARNs are no longer
required for the EC2 Image Builder list-image-build-version,
list-component-build-version, and list-workflow-build-version APIs.
Calling these APIs without the ARN returns all build versions for the
given resource type in the requesting account.

###
[`v1.40.35`](https://redirect.github.com/boto/boto3/blob/HEAD/CHANGELOG.rst#14035)

[Compare
Source](https://redirect.github.com/boto/boto3/compare/1.40.34...1.40.35)

\=======

- api-change:`bedrock-agentcore-control`: \[`botocore`] Add tagging and
VPC support to AgentCore Runtime, Code Interpreter, and Browser
resources. Add support for configuring request headers in Runtime. Fix
AgentCore Runtime shape names.
- api-change:`config`: \[`botocore`] Add UNKNOWN state to
RemediationExecutionState and add IN\_PROGRESS/EXITED/UNKNOWN states to
RemediationExecutionStepState.
- api-change:`connect`: \[`botocore`] This release adds a persistent
connection field to UserPhoneConfig that maintains agent's softphone
media connection for faster call connections.
- api-change:`kendra-ranking`: \[`botocore`] Model whitespace change -
no client difference
- api-change:`license-manager-user-subscriptions`: \[`botocore`] Added
support for cross-account Active Directories.
- api-change:`medialive`: \[`botocore`] Add MinBitrate for QVBR mode
under H264/H265/AV1 output codec. Add GopBReference, GopNumBFrames,
SubGopLength fields under H265 output codec.
- api-change:`sms-voice`: \[`botocore`] Updated the `sms-voice` client
to the latest version. Note: this client is maintained only for
backwards compatibility and should not be used for new development. We
recommend using the `pinpoint-sms-voice` client for full support and
ongoing updates.
- api-change:`sqs`: \[`botocore`] Update invalid character handling
documentation for SQS SendMessage API

###
[`v1.40.34`](https://redirect.github.com/boto/boto3/blob/HEAD/CHANGELOG.rst#14034)

[Compare
Source](https://redirect.github.com/boto/boto3/compare/1.40.33...1.40.34)

\=======

- api-change:`bedrock`: \[`botocore`] Release includes an increase to
the maximum policy build document size, an update to
DeleteAutomatedReasoningPolicyBuildWorkflow to add
ResourceInUseException, and corrections to
UpdateAutomatedReasoningPolicyTestCaseRequest.
- api-change:`budgets`: \[`botocore`] Added BillingViewHealthStatus
Exception which is thrown when a Budget is created or updated with a
Billing View that is not in the HEALTHY status
- api-change:`chime-sdk-messaging`: \[`botocore`] Amazon Chime SDK
Messaging GetMessagingSessionEndpoint API now returns dual-stack
WebSocket endpoints supporting IPv4/IPv6.
- api-change:`ec2`: \[`botocore`] Allowed AMIs adds support for four new
parameters - marketplaceProductCodes, deprecationTimeCondition,
creationDateCondition and imageNames

###
[`v1.40.33`](https://redirect.github.com/boto/boto3/blob/HEAD/CHANGELOG.rst#14033)

[Compare
Source](https://redirect.github.com/boto/boto3/compare/1.40.32...1.40.33)

\=======

- api-change:`ec2`: \[`botocore`] Add mac-m4.metal and mac-m4pro.metal
instance types.
- api-change:`network-firewall`: \[`botocore`] Network Firewall now
prevents TLS handshakes with the target server until after the Server
Name Indication (SNI) has been seen and verified. The monitoring
dashboard now provides deeper insights into PrivateLink endpoint
candidates and offers filters based on IP addresses and protocol.
- api-change:`pcs`: \[`botocore`] Add support for Amazon EC2 Capacity
Blocks for ML

###
[`v1.40.32`](https://redirect.github.com/boto/boto3/blob/HEAD/CHANGELOG.rst#14032)

[Compare
Source](https://redirect.github.com/boto/boto3/compare/1.40.31...1.40.32)

\=======

- api-change:`budgets`: \[`botocore`] Add support for custom time
periods in budget configuration
- api-change:`ivs-realtime`: \[`botocore`] IVS now offers customers the
ability to control the positioning of participants in both grid and PiP
layouts based on custom attribute values in participant tokens.
- api-change:`logs`: \[`botocore`] Cloudwatch Logs added support for 2
new API parameters in metric and subscription filter APIs to filter log
events based on system field values and emit system field values as
dimensions and send them to customer destination as additional metadata.
- api-change:`osis`: \[`botocore`] Adds support for cross-account
ingestion for push-based sources. This includes resource policies for
sharing pipelines across accounts and features for managing pipeline
endpoints which enable accessing pipelines across different VPCs,
including VPCs in other accounts.

###
[`v1.40.31`](https://redirect.github.com/boto/boto3/blob/HEAD/CHANGELOG.rst#14031)

[Compare
Source](https://redirect.github.com/boto/boto3/compare/1.40.30...1.40.31)

\=======

- api-change:`ce`: \[`botocore`] Added endpoint support for
eusc-de-east-1 region.
- api-change:`medical-imaging`: \[`botocore`] Added support for OpenID
Connect (OIDC) custom authorizer
- api-change:`observabilityadmin`: \[`botocore`] CloudWatch
Observability Admin adds the ability to enable telemetry centralization
in customers' Organizations. The release introduces new APIs to manage
centralization rules, which define settings to replicate telemetry data
to a central destination in the customers' Organization.
- api-change:`s3control`: \[`botocore`] Introduce three new encryption
filters: EncryptionType (SSE-S3, SSE-KMS, DSSE-KMS, SSE-C, NOT-SSE),
KmsKeyArn (for SSE-KMS and DSSE-KMS), and BucketKeyEnabled (for
SSE-KMS).
- api-change:`sms`: \[`botocore`] The sms client has been removed
following the deprecation of the service.

</details>

<details>
<summary>boto/botocore (botocore)</summary>

###
[`v1.40.48`](https://redirect.github.com/boto/botocore/blob/HEAD/CHANGELOG.rst#14048)

[Compare
Source](https://redirect.github.com/boto/botocore/compare/1.40.47...1.40.48)

\=======

- api-change:`bedrock-agentcore-control`: Adding support for authorizer
type AWS\_IAM to AgentCore Control Gateway.
- api-change:`license-manager-user-subscriptions`: Released support for
IPv6 and dual-stack active directories
- api-change:`outposts`: This release adds the new
StartOutpostDecommission API, which starts the decommission process to
return Outposts racks or servers.
- api-change:`service-quotas`: introduces Service Quotas Automatic
Management. Users can opt-in to monitoring and managing service quotas,
receive notifications when quota usage reaches thresholds, configure
notification channels, subscribe to EventBridge events for automation,
and view notifications in the AWS Health dashboard.

###
[`v1.40.47`](https://redirect.github.com/boto/botocore/blob/HEAD/CHANGELOG.rst#14047)

[Compare
Source](https://redirect.github.com/boto/botocore/compare/1.40.46...1.40.47)

\=======

- api-change:`proton`: Deprecating APIs in AWS Proton namespace.

###
[`v1.40.46`](https://redirect.github.com/boto/botocore/blob/HEAD/CHANGELOG.rst#14046)

[Compare
Source](https://redirect.github.com/boto/botocore/compare/1.40.45...1.40.46)

\=======

- api-change:`backup`: Adds optional MaxScheduledRunsPreview input to
GetBackupPlan API to provide a preview of up to 10 next scheduled backup
plan runs in the GetBackupPlan response.
- api-change:`bedrock-agentcore`: Add support for batch memory
management, agent card retrieval and session termination
- api-change:`bedrock-agentcore-control`: Add support for VM lifecycle
configuration parameters and A2A protocol
- api-change:`glue`: Adds labeling for DataQualityRuleResult for
GetDataQualityResult and PublishDataQualityResult APIs
- api-change:`mediaconnect`: Enabling Tag-on-Create for AWS Elemental
MediaConnect flow-based resource types
- api-change:`memorydb`: Support for DescribeMultiRegionParameterGroups
and DescribeMultiRegionParameters API.
- api-change:`quicksight`: Documentation improvements for QuickSight API
documentation to clarify that delete operation APIs are global.
- api-change:`rds`: Documentation updates to the
CreateDBClusterMessage$PubliclyAccessible and
CreateDBInstanceMessage$PubliclyAccessible properties.
- api-change:`resource-explorer-2`: Add new AWS Resource Explorer APIs

###
[`v1.40.45`](https://redirect.github.com/boto/botocore/blob/HEAD/CHANGELOG.rst#14045)

[Compare
Source](https://redirect.github.com/boto/botocore/compare/1.40.44...1.40.45)

\=======

- api-change:`cleanrooms`: Added support for reading data sources across
regions, and results delivery to allowedlisted regions.
- api-change:`medialive`: AWS Elemental MediaLive enables Mediapackage
V2 users to configure ID3, KLV, Nielsen ID3, and Segment Length related
parameters through the Mediapackage output group.
- api-change:`payment-cryptography-data`: Added a new API -
translateKeyMaterial; allows keys wrapped by ECDH derived keys to be
rewrapped under a static AES keyblock without first importing the key
into the service.
- api-change:`qconnect`: Updated Amazon Q in Connect APIs to support
Email Contact Recommendations.

###
[`v1.40.44`](https://redirect.github.com/boto/botocore/blob/HEAD/CHANGELOG.rst#14044)

[Compare
Source](https://redirect.github.com/boto/botocore/compare/1.40.43...1.40.44)

\=======

- api-change:`cloudformation`: Add new warning type
'EXCLUDED\_RESOURCES'
- api-change:`connectcases`: New Search All Related Items API enables
searching related items across cases
- api-change:`dynamodb`: Add support for dual-stack account endpoint
generation
- api-change:`endpoint-rules`: Update endpoint-rules client to latest
version
- api-change:`guardduty`: Updated descriptions for the Location
parameter in CreateTrustedEntitySet and CreateThreatEntitySet.
- api-change:`synthetics`: Adds support to configure canaries with
pre-configured blueprint code on supported runtime versions. This
behavior can be controlled via the new BlueprintTypes property exposed
in the CreateCanary and UpdateCanary APIs.

###
[`v1.40.43`](https://redirect.github.com/boto/botocore/blob/HEAD/CHANGELOG.rst#14043)

[Compare
Source](https://redirect.github.com/boto/botocore/compare/1.40.42...1.40.43)

\=======

- api-change:`chime-sdk-meetings`: Add support to receive dual stack
MediaPlacement URLs in Chime Meetings SDK
- api-change:`cleanrooms`: This release introduces data access budgets
to control how many times a table can be used for queries and jobs in a
collaboration.
- api-change:`cleanroomsml`: This release introduces data access budgets
to view how many times an input channel can be used for ML jobs in a
collaboration.
- api-change:`dms`: This is a doc-only update, revising text for
kms-key-arns.
- api-change:`ecs`: This is a documentation only Amazon ECS release that
adds additional information for health checks.
- api-change:`pcs`: Added the UpdateCluster API action to modify cluster
configurations, and Slurm custom settings for queues.

###
[`v1.40.42`](https://redirect.github.com/boto/botocore/blob/HEAD/CHANGELOG.rst#14042)

[Compare
Source](https://redirect.github.com/boto/botocore/compare/1.40.41...1.40.42)

\=======

- api-change:`application-signals`: Amazon CloudWatch Application
Signals is introducing the Application Map to give users a more
comprehensive view of their service health. Users will now be able to
group services, track their latest deployments, and view automated audit
findings concerning service performance.
- api-change:`bedrock-agentcore-control`: Tagging support for AgentCore
Gateway
- api-change:`chime-sdk-voice`: Added support for IPv4-only and
dual-stack network configurations for VoiceConnector and
CreateVoiceConnector API.
- api-change:`connectcases`: This release adds support for two new
related item types: ConnectCase for linking Amazon Connect cases and
Custom for user-defined related items with configurable fields.
- api-change:`customer-profiles`: This release introduces
ListProfileHistoryRecords and GetProfileHistoryRecord APIs for
comprehensive profile history tracking with complete audit trails of
creation, updates, merges, deletions, and data ingestion events.
- api-change:`datasync`: Added support for FIPS VPC endpoints in
FIPS-enabled AWS Regions.
- api-change:`datazone`: This release adds support for creation of EMR
on EKS Connections in Amazon DataZone.
- api-change:`ds`: AWS Directory service now supports IPv6-native and
dual-stack configurations for AWS Managed Microsoft AD, AD Connector,
and Simple AD (dual-stack only). Additionally, AWS Managed Microsoft AD
Standard Edition directories can be upgraded to Enterprise Edition
directories through a single API call.
- api-change:`ecs`: This release adds support for Managed Instances on
Amazon ECS.
- api-change:`fsx`: Add Dual-Stack support for Amazon FSx for NetApp
ONTAP and Windows File Server
- api-change:`mediatailor`: Adding TPS Traffic Shaping to Prefetch
Schedules
- api-change:`quicksight`: added warnings to a few CLI pages
- api-change:`rds`: Enhanced RDS error handling: Added
DBProxyEndpointNotFoundFault, DBShardGroupNotFoundFault,
KMSKeyNotAccessibleFault for snapshots/restores/backups,
NetworkTypeNotSupported, StorageTypeNotSupportedFault for restores, and
granular state validation faults. Changed DBInstanceNotReadyFault to
HTTP 400.
- api-change:`transfer`: Add support for updating server identity
provider type

###
[`v1.40.41`](https://redirect.github.com/boto/botocore/blob/HEAD/CHANGELOG.rst#14041)

[Compare
Source](https://redirect.github.com/boto/botocore/compare/1.40.40...1.40.41)

\=======

- api-change:`bedrock`: Release for fixing GetFoundationModel API
behavior. Imported and custom models have their own exclusive API and
GetFM should not accept those ARNS as input
- api-change:`bedrock-runtime`: New stop reason for Converse and
ConverseStream
- api-change:`imagebuilder`: This release introduces several new
features and improvements to enhance pipeline management, logging, and
resource configuration.
- api-change:`vpc-lattice`: Adds support for specifying the number of
IPv4 addresses in each ENI for the resource gateway for VPC Lattice.

###
[`v1.40.40`](https://redirect.github.com/boto/botocore/blob/HEAD/CHANGELOG.rst#14040)

[Compare
Source](https://redirect.github.com/boto/botocore/compare/1.40.39...1.40.40)

\=======

- api-change:`bedrock-agent-runtime`: This release enhances the
information provided through Flow Traces. New information includes
source/next node tracking, execution chains for complex nodes,
dependency action (operation) details, and dependency traces.
- api-change:`bedrock-data-automation`: Added support for configurable
Speaker Labeling and Channel Labeling features for Audio modality.
- api-change:`billing`: Add ability to combine custom billing views to
create new consolidated views.
- api-change:`ce`: Support for payer account dimension and billing view
health status.
- api-change:`connect`: Adds supports for manual contact picking
(WorkList) operations on Routing Profiles, Agent Management and
SearchContacts APIs.
- api-change:`dynamodbstreams`: Added support for IPv6 compatible
endpoints for DynamoDB Streams.
- api-change:`ec2`: This release includes documentation updates for
Amazon EBS General Purpose SSD (gp3) volumes with larger size and higher
IOPS and throughput.
- api-change:`endpoint-rules`: Update endpoint-rules client to latest
version
- api-change:`redshift`: Support tagging and tag propagation to IAM
Identity Center for Redshift Idc Applications

###
[`v1.40.39`](https://redirect.github.com/boto/botocore/blob/HEAD/CHANGELOG.rst#14039)

[Compare
Source](https://redirect.github.com/boto/botocore/compare/1.40.38...1.40.39)

\=======

- api-change:`glue`: Update GetConnection(s) API to return KmsKeyArn &
Add 63 missing connection types
- api-change:`lightsail`: Attribute HTTP binding update for Get/Delete
operations
- api-change:`network-firewall`: Network Firewall now introduces Reject
and Alert action support for stateful domain list rule groups, providing
customers with more granular control over their network traffic.

###
[`v1.40.38`](https://redirect.github.com/boto/botocore/blob/HEAD/CHANGELOG.rst#14038)

[Compare
Source](https://redirect.github.com/boto/botocore/compare/1.40.37...1.40.38)

\=======

- api-change:`appstream`: G6f instance support for AppStream 2.0
- api-change:`cloudwatch`: Fix default dualstack FIPS endpoints in AWS
GovCloud(US) regions
- api-change:`dax`: This release adds support for IPv6-only, DUAL\_STACK
DAX instances
- api-change:`endpoint-rules`: Update endpoint-rules client to latest
version
- api-change:`kms`: Documentation only updates for KMS.
- api-change:`neptune`: Doc-only update to address customer use.

###
[`v1.40.37`](https://redirect.github.com/boto/botocore/blob/HEAD/CHANGELOG.rst#14037)

[Compare
Source](https://redirect.github.com/boto/botocore/compare/1.40.36...1.40.37)

\=======

- api-change:`cleanrooms`: Added support for running incremental ID
mapping for rule-based workflows.
- api-change:`ec2`: Add Amazon EC2 R8gn instance types
- api-change:`entityresolution`: Support incremental id mapping workflow
for AWS Entity Resolution
- api-change:`ssm`: Added Dualstack support to
GetDeployablePatchSnapshotForInstance
- api-change:`sso-admin`: Add support for encryption at rest with
Customer Managed KMS Key in AWS IAM Identity Center
- api-change:`sso-oidc`: This release includes exception definition and
documentation updates.

###
[`v1.40.36`](https://redirect.github.com/boto/botocore/blob/HEAD/CHANGELOG.rst#14036)

[Compare
Source](https://redirect.github.com/boto/botocore/compare/1.40.35...1.40.36)

\=======

- api-change:`batch`: Starting in JAN 2026, AWS Batch will change the
default AMI for new Amazon ECS compute environments from Amazon Linux 2
to Amazon Linux 2023. We recommend migrating AWS Batch Amazon ECS
compute environments to Amazon Linux 2023 to maintain optimal
performance and security.
- api-change:`eks`: Adds support for RepairConfig overrides and
configurations in EKS Managed Node Groups.
- api-change:`imagebuilder`: Version ARNs are no longer required for the
EC2 Image Builder list-image-build-version,
list-component-build-version, and list-workflow-build-version APIs.
Calling these APIs without the ARN returns all build versions for the
given resource type in the requesting account.

###
[`v1.40.35`](https://redirect.github.com/boto/botocore/blob/HEAD/CHANGELOG.rst#14035)

[Compare
Source](https://redirect.github.com/boto/botocore/compare/1.40.34...1.40.35)

\=======

- api-change:`bedrock-agentcore-control`: Add tagging and VPC support to
AgentCore Runtime, Code Interpreter, and Browser resources. Add support
for configuring request headers in Runtime. Fix AgentCore Runtime shape
names.
- api-change:`config`: Add UNKNOWN state to RemediationExecutionState
and add IN\_PROGRESS/EXITED/UNKNOWN states to
RemediationExecutionStepState.
- api-change:`connect`: This release adds a persistent connection field
to UserPhoneConfig that maintains agent's softphone media connection for
faster call connections.
- api-change:`kendra-ranking`: Model whitespace change - no client
difference
- api-change:`license-manager-user-subscriptions`: Added support for
cross-account Active Directories.
- api-change:`medialive`: Add MinBitrate for QVBR mode under
H264/H265/AV1 output codec. Add GopBReference, GopNumBFrames,
SubGopLength fields under H265 output codec.
- api-change:`sms-voice`: Updated the `sms-voice` client to the latest
version. Note: this client is maintained only for backwards
compatibility and should not be used for new development. We recommend
using the `pinpoint-sms-voice` client for full support and ongoing
updates.
- api-change:`sqs`: Update invalid character handling documentation for
SQS SendMessage API

###
[`v1.40.34`](https://redirect.github.com/boto/botocore/blob/HEAD/CHANGELOG.rst#14034)

[Compare
Source](https://redirect.github.com/boto/botocore/compare/1.40.33...1.40.34)

\=======

- api-change:`bedrock`: Release includes an increase to the maximum
policy build document size, an update to
DeleteAutomatedReasoningPolicyBuildWorkflow to add
ResourceInUseException, and corrections to
UpdateAutomatedReasoningPolicyTestCaseRequest.
- api-change:`budgets`: Added BillingViewHealthStatus Exception which is
thrown when a Budget is created or updated with a Billing View that is
not in the HEALTHY status
- api-change:`chime-sdk-messaging`: Amazon Chime SDK Messaging
GetMessagingSessionEndpoint API now returns dual-stack WebSocket
endpoints supporting IPv4/IPv6.
- api-change:`ec2`: Allowed AMIs adds support for four new parameters -
marketplaceProductCodes, deprecationTimeCondition, creationDateCondition
and imageNames

###
[`v1.40.33`](https://redirect.github.com/boto/botocore/blob/HEAD/CHANGELOG.rst#14033)

[Compare
Source](https://redirect.github.com/boto/botocore/compare/1.40.32...1.40.33)

\=======

- api-change:`ec2`: Add mac-m4.metal and mac-m4pro.metal instance types.
- api-change:`network-firewall`: Network Firewall now prevents TLS
handshakes with the target server until after the Server Name Indication
(SNI) has been seen and verified. The monitoring dashboard now provides
deeper insights into PrivateLink endpoint candidates and offers filters
based on IP addresses and protocol.
- api-change:`pcs`: Add support for Amazon EC2 Capacity Blocks for ML

###
[`v1.40.32`](https://redirect.github.com/boto/botocore/blob/HEAD/CHANGELOG.rst#14032)

[Compare
Source](https://redirect.github.com/boto/botocore/compare/1.40.31...1.40.32)

\=======

- api-change:`budgets`: Add support for custom time periods in budget
configuration
- api-change:`ivs-realtime`: IVS now offers customers the ability

</details>

---

### Configuration

📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM, only on
Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule
defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/cattle-ops/terraform-aws-gitlab-runner).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS45Ny4xMCIsInVwZGF0ZWRJblZlciI6IjQxLjEzMS45IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Matthias Kay <[email protected]>

Author: renovate[bot]

.cspell.json

@@ -93,6 +93,7 @@
     "cpu",
     "cpus",
     "cpuset",
+    "exfiltration",
     "gitter",
     "imds",
     "netsh",

.github/workflows/ci.yml

@@ -59,7 +59,7 @@ jobs:
   kics:
     runs-on: ubuntu-latest
     container:
-      image: checkmarx/kics:v2.1.13-debian@sha256:5dcabefe00678cdb539f6ddbc60e47304d7f7c4ee35b21e183156ec69c0bbafc
+      image: checkmarx/kics:v2.1.14-debian@sha256:65bbc05cc9531e3cd6485c407c2f07f04516bb8fb7a6cfeb5f84bc6b78598e2f
     steps:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
       # ignore: "tags not used", "access analyzer not used", "shield advanced not used"
@@ -72,13 +72,13 @@ jobs:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
         name: Checkout source code
 
-      - uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4
+      - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
         name: Cache plugin dir
         with:
           path: ~/.tflint.d/plugins
           key: tflint-${{ hashFiles('.tflint.hcl') }}
 
-      - uses: terraform-linters/setup-tflint@ae78205cfffec9e8d93fd2b3115c7e9d3166d4b6 # v5
+      - uses: terraform-linters/setup-tflint@acd1575d3c037258ce5b2dd01379dc49ce24c6b7 # v6
         name: Setup TFLint
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/feature_branch-megalinter.yml

@@ -30,7 +30,7 @@ jobs:
         id: ml
         # You can override MegaLinter flavor used to have faster performances
         # More info at https://megalinter.io/flavors/
-        uses: oxsecurity/megalinter@e08c2b05e3dbc40af4c23f41172ef1e068a7d651 # v8.8.0
+        uses: oxsecurity/megalinter@62c799d895af9bcbca5eacfebca29d527f125a57 # v9.1.0
         env:
           # All available variables are described in documentation
           # https://megalinter.io/configuration/

.github/workflows/stale.yml

@@ -14,7 +14,7 @@ jobs:
       issues: write
       pull-requests: write
     steps:
-      - uses: actions/stale@3a9db7e6a41a89f618792c92c0e97cc736e1b13f # v10
+      - uses: actions/stale@5f858e3efba33a5ca4407a664cc011ad407f2008 # v10
         with:
           stale-issue-message: 'This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 15 days.'
           stale-pr-message: 'This PR is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 15 days.'

.github/workflows/tfsec.yml

@@ -34,7 +34,7 @@ jobs:
           sarif_file: tfsec.sarif
 
       - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@192325c86100d080feab897ff886c34abd4c83a3 # v3.30.3
+        uses: github/codeql-action/upload-sarif@e296a935590eb16afc0c0108289f68c87e2a89a5 # v4.30.7
         with:
           # Path to SARIF file relative to the root of the repository
           sarif_file: tfsec.sarif

.terraform.lock.hcl

@@ -5,6 +5,6 @@ plugin "terraform" {
 
 plugin "aws" {
     enabled = true
-    version = "0.42.0"
+    version = "0.43.0"
     source  = "github.com/terraform-linters/tflint-ruleset-aws"
 }

.tflint.hcl

@@ -357,8 +357,11 @@ resource "aws_iam_instance_profile" "instance" {
   tags = local.tags
 }
 
+# "AWS EIP not attached to any instance": we attach it via user-data script
+# kics-scan ignore-block
 resource "aws_eip" "gitlab_runner" {
   # checkov:skip=CKV2_AWS_19:We can't use NAT gateway here as we are contacted from the outside.
+  # checkov:skip=CKV2_AWS_20:We can't use NAT gateway here as we are contacted from the outside.
   count = var.runner_instance.use_eip ? 1 : 0
 
   tags = local.tags

main.tf

@@ -132,6 +132,8 @@ data "aws_iam_policy_document" "docker_machine_cache_policy" {
     sid       = "allowGitLabRunnersAccessCache"
     effect    = "Allow"
     resources = ["${aws_s3_bucket.build_cache.arn}/*"] # tfsec:ignore:aws-iam-no-policy-wildcards # allows full access to the own bucket
+    # "IAM policy allows for data exfiltration": resources are specified below, so we can't access any other objects
+    # kics-scan ignore-line
     actions = [
       "s3:PutObject",
       "s3:PutObjectAcl",

modules/cache/main.tf

@@ -1,2 +1,2 @@
-boto3 == 1.40.30
-botocore == 1.40.30
+boto3 ==1.40.48
+botocore ==1.40.48