florian/foundry-hosting

Fork 0

Update dependency @pulumi/aws to v6.83.4 #5

Open

renovate wants to merge 1 commit from renovate/pulumi-aws-6.x-lockfile into main

renovate commented

2026-06-14 02:55:18 +02:00

Collaborator

This PR contains the following updates:

Package	Change	Age	Confidence
@pulumi/aws (source)	`6.83.0` → `6.83.4`

Release Notes

pulumi/pulumi-aws (@pulumi/aws)

`v6.83.4`

Compare Source

Address reported CVEs via Go toolchain and dependency bumps

Go toolchain -> 1.25.7 (provider/go.mod, sdk/go.mod) resolves the stdlib CVEs:
- CVE-2025-68121  crypto/tls session-resumption certificate validation bypass
- CVE-2025-61726  net/http Request.ParseForm unbounded query params (DoS)
- CVE-2025-61728  archive/zip super-linear filename indexing (DoS)
- CVE-2025-61730  crypto/tls 1.3 handshake cross-level info disclosure
- CVE-2025-61731  cmd/go cgo pkg-config --log-file arbitrary file write
- CVE-2025-61732  cmd/cgo doc-comment code smuggling

cloudflare/circl -> v1.6.3 resolves CVE-2026-1229 (CIRCL p384 CombinedMult).
go-git/go-git/v5 -> v5.16.5 resolves CVE-2026-25934 (go-git packfile integrity).

go-git v5.16.5 requires Go 1.24, so the sdk go directive rises 1.23.0 -> 1.24.0.

`v6.83.2`

Compare Source

What's Changed

Update GitHub Actions workflows. by @pulumi-bot in #5593
Upgrade pulumi-terraform-bridge to v3.110.0 by @pulumi-bot in #5598
Update GitHub Actions workflows. by @pulumi-bot in #5599
Upgrade terraform-provider-aws to v5.100.0 by @corymhall in #5605
Appending Pulumi APN 1.1 marketplace id to User Agent request header by @pose in #5920

Full Changelog: https://github.com/pulumi/pulumi-aws/compare/v6.82.1...v6.83.2

`v6.83.1`

Compare Source

This is a security fix for:

https://pkg.go.dev/vuln/GO-2025-3956
https://pkg.go.dev/vuln/GO-2025-3849

Full Changelog: https://github.com/pulumi/pulumi-aws/compare/v6.83.0...v6.83.1

Configuration

📅 Schedule: (UTC)

Branch creation
- At any time (no schedule defined)
Automerge
- At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [@pulumi/aws](https://pulumi.io) ([source](https://github.com/pulumi/pulumi-aws)) | [`6.83.0` → `6.83.4`](https://renovatebot.com/diffs/npm/@pulumi%2faws/6.83.0/6.83.4) | ![age](https://developer.mend.io/api/mc/badges/age/npm/@pulumi%2faws/6.83.4?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@pulumi%2faws/6.83.0/6.83.4?slim=true) | --- ### Release Notes <details> <summary>pulumi/pulumi-aws (@pulumi/aws)</summary> ### [`v6.83.4`](https://github.com/pulumi/pulumi-aws/releases/tag/v6.83.4) [Compare Source](https://github.com/pulumi/pulumi-aws/compare/v6.83.3...v6.83.4) Address reported CVEs via Go toolchain and dependency bumps ``` Go toolchain -> 1.25.7 (provider/go.mod, sdk/go.mod) resolves the stdlib CVEs: - CVE-2025-68121 crypto/tls session-resumption certificate validation bypass - CVE-2025-61726 net/http Request.ParseForm unbounded query params (DoS) - CVE-2025-61728 archive/zip super-linear filename indexing (DoS) - CVE-2025-61730 crypto/tls 1.3 handshake cross-level info disclosure - CVE-2025-61731 cmd/go cgo pkg-config --log-file arbitrary file write - CVE-2025-61732 cmd/cgo doc-comment code smuggling cloudflare/circl -> v1.6.3 resolves CVE-2026-1229 (CIRCL p384 CombinedMult). go-git/go-git/v5 -> v5.16.5 resolves CVE-2026-25934 (go-git packfile integrity). go-git v5.16.5 requires Go 1.24, so the sdk go directive rises 1.23.0 -> 1.24.0. ``` ### [`v6.83.3`](https://github.com/pulumi/pulumi-aws/releases/tag/v6.83.3) [Compare Source](https://github.com/pulumi/pulumi-aws/compare/v6.83.2...v6.83.3) Backport/security release ### [`v6.83.2`](https://github.com/pulumi/pulumi-aws/releases/tag/v6.83.2) [Compare Source](https://github.com/pulumi/pulumi-aws/compare/v6.83.1...v6.83.2) #### What's Changed - Update GitHub Actions workflows. by [@pulumi-bot](https://github.com/pulumi-bot) in [#5593](https://github.com/pulumi/pulumi-aws/pull/5593) - Upgrade pulumi-terraform-bridge to v3.110.0 by [@pulumi-bot](https://github.com/pulumi-bot) in [#5598](https://github.com/pulumi/pulumi-aws/pull/5598) - Update GitHub Actions workflows. by [@pulumi-bot](https://github.com/pulumi-bot) in [#5599](https://github.com/pulumi/pulumi-aws/pull/5599) - Upgrade terraform-provider-aws to v5.100.0 by [@corymhall](https://github.com/corymhall) in [#5605](https://github.com/pulumi/pulumi-aws/pull/5605) - Appending Pulumi APN 1.1 marketplace id to User Agent request header by [@pose](https://github.com/pose) in [#5920](https://github.com/pulumi/pulumi-aws/pull/5920) **Full Changelog**: <https://github.com/pulumi/pulumi-aws/compare/v6.82.1...v6.83.2> ### [`v6.83.1`](https://github.com/pulumi/pulumi-aws/releases/tag/v6.83.1) [Compare Source](https://github.com/pulumi/pulumi-aws/compare/v6.83.0...v6.83.1) This is a security fix for: <https://pkg.go.dev/vuln/GO-2025-3956> <https://pkg.go.dev/vuln/GO-2025-3849> **Full Changelog**: <https://github.com/pulumi/pulumi-aws/compare/v6.83.0...v6.83.1> </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate).

renovate added 1 commit

2026-06-14 02:55:18 +02:00

Update dependency @pulumi/aws to v6.83.4 acf10ca171

This pull request can be merged automatically.

You are not authorized to merge this pull request.

View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.

git fetch -u origin renovate/pulumi-aws-6.x-lockfile:renovate/pulumi-aws-6.x-lockfile

git switch renovate/pulumi-aws-6.x-lockfile

Merge

Merge the changes and update on Forgejo.

Warning: The "Autodetect manual merge" setting is not enabled for this repository, you will have to mark this pull request as manually merged afterwards.

git switch main

git merge --no-ff renovate/pulumi-aws-6.x-lockfile

git switch renovate/pulumi-aws-6.x-lockfile

git rebase main

git switch main

git merge --ff-only renovate/pulumi-aws-6.x-lockfile

git switch renovate/pulumi-aws-6.x-lockfile

git rebase main

git switch main

git merge --no-ff renovate/pulumi-aws-6.x-lockfile

git switch main

git merge --squash renovate/pulumi-aws-6.x-lockfile