Skip to content

build(deps): bump the patches group across 1 directory with 4 updates#87

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/lambda/patches-7bd790250c
Closed

build(deps): bump the patches group across 1 directory with 4 updates#87
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/lambda/patches-7bd790250c

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 22, 2026

Copy link
Copy Markdown
Contributor

Bumps the patches group with 4 updates in the /lambda directory: boto3, botocore, pydantic-settings and wrapt.

Updates boto3 from 1.43.31 to 1.43.36

Commits
  • 1d26f21 Merge branch 'release-1.43.36'
  • 111333b Bumping version to 1.43.36
  • 9d1fa23 Add changelog entries from botocore
  • 6d7f3c2 Update security docs to use newer versions of openssl and python (#4796)
  • c5b26ca Merge branch 'release-1.43.35'
  • c3750ac Merge branch 'release-1.43.35' into develop
  • 46e77cd Bumping version to 1.43.35
  • 9919ede Add changelog entries from botocore
  • 1820b7d Merge branch 'release-1.43.34'
  • 0065dbe Merge branch 'release-1.43.34' into develop
  • Additional commits viewable in compare view

Updates botocore from 1.43.31 to 1.43.36

Commits
  • 7a5b506 Merge branch 'release-1.43.36'
  • 9f214f1 Bumping version to 1.43.36
  • 32ea3d9 Update to latest models
  • d33e4c5 Merge branch 'release-1.43.35'
  • 7f8e97a Merge branch 'release-1.43.35' into develop
  • 833cf6e Bumping version to 1.43.35
  • 8b3f215 Update to latest models
  • 377d566 Merge customizations for Application Signals
  • 67d724c Merge branch 'release-1.43.34'
  • 10f696e Merge branch 'release-1.43.34' into develop
  • Additional commits viewable in compare view

Updates pydantic-settings from 2.14.1 to 2.14.2

Release notes

Sourced from pydantic-settings's releases.

v2.14.2

What's Changed

This is a security patch release.

Security

Fixes GHSA-4xgf-cpjx-pc3j: NestedSecretsSettingsSource with secrets_nested_subdir=True could follow a symbolic link inside secrets_dir pointing outside it, reading out-of-tree files into settings values and bypassing the secrets_dir_max_size cap. Affected versions: >= 2.12.0, < 2.14.2.

Full Changelog: pydantic/pydantic-settings@v2.14.1...v2.14.2

Commits

Updates wrapt from 2.2.1 to 2.2.2

Release notes

Sourced from wrapt's releases.

wrapt 2.2.2

Full release notes: https://wrapt.readthedocs.io/en/latest/changes.html#version-2-2-2

Install from PyPi (recommended):

pip install wrapt==2.2.2

PyPi uploads follow each GitHub release; if pip reports the version is unavailable, the matching PyPi upload may not have happened yet.

Pre-built wheels are provided for a range of Python versions and platforms (Linux x86_64/aarch64/riscv64, macOS x86_64 and arm64, Windows x86_64 and arm64, plus PyPy and free-threaded builds). The source distribution is also attached together with SHA256SUMS for verification.

wrapt 2.2.2rc3

Release candidate. Release notes for the upcoming 2.2.2 final (work in progress): https://wrapt.readthedocs.io/en/latest/changes.html#version-2-2-2

May be installable from PyPi:

pip install wrapt==2.2.2rc3

If pip reports the version is unavailable, this candidate either has not been uploaded yet or is not being published to PyPi. Use the attached wheels or build from the source distribution instead:

tar xf wrapt-2.2.2rc3.tar.gz
cd wrapt-2.2.2rc3
pip install .

SHA256SUMS is attached for verification of the archives.

wrapt 2.2.2rc2

Release candidate. Release notes for the upcoming 2.2.2 final (work in progress): https://wrapt.readthedocs.io/en/latest/changes.html#version-2-2-2

May be installable from PyPi:

pip install wrapt==2.2.2rc2

If pip reports the version is unavailable, this candidate either has not been uploaded yet or is not being published to PyPi. Use the attached wheels or build from the source distribution instead:

tar xf wrapt-2.2.2rc2.tar.gz

... (truncated)

Changelog

Sourced from wrapt's changelog.

Version 2.2.2

Bugs Fixed

  • When @wrapt.lru_cache was applied to an instance method that was overridden in a subclass, and the subclass method called the base class method via super(), a RecursionError was raised instead of the base class method being invoked. The per-instance cache for each method was stored as an attribute on the instance whose name was derived only from the method __name__, so the base and derived methods shared a single cache slot. The subclass cache was therefore found again when the base method was reached through super(), re-entering the subclass body and recursing without end. The cache attribute name now incorporates a unique identifier for each decorated method so that a base method and a method that overrides it use distinct per-instance caches. With thanks to the reporter of issue [#342](https://github.com/GrahamDumpleton/wrapt/issues/342) <https://github.com/GrahamDumpleton/wrapt/issues/342>_.

  • When @wrapt.lru_cache was applied to a method of a class deriving from wrapt.ObjectProxy, the per-instance cache was stored on the wrapped object rather than on the proxy. This is because the proxy __setattr__ forwards attribute assignment to the wrapped object for any name that is not a recognised proxy attribute, and the cache attribute name was not one. Storing the cache on the wrapped object had several consequences: the wrapped object was polluted with cache attributes it never defined; the cache held a reference back to the proxy through the bound method it wrapped, so a wrapped object that outlived the proxy kept the proxy alive and prevented its collection; wrapping an object that does not accept arbitrary attributes, such as one using __slots__, caused the first cached call to fail with an AttributeError; and two proxies sharing a single wrapped object shared one cache and could return results computed for the wrong proxy. The cache attribute is now stored on the proxy itself using the proxy __self_setattr__ method when the instance is a wrapt object proxy, falling back to setattr for ordinary instances.

Commits
  • 0ae09fd Merge branch 'release/2.2.2'
  • 86db7a9 Update to 2.2.2 for final release.
  • 6deda43 Update to 2.2.2rc3.
  • 9c48a1e Constrain lru_cache proxy detection to BaseObjectProxy subclasses.
  • 4053838 Update version to 2.2.2rc2.
  • 99bf4ef Store lru_cache per-instance cache on object proxy not wrapped object.
  • 0e862fb Document pickling instances with lru_cache decorated methods.
  • 73dca57 Add lru_cache tests for overridden methods calling super().
  • beead5c Fix lru_cache recursion for overridden methods calling super().
  • fbf2fc1 Document pure Python failure mode for ObjectProxy + ABCMeta mixin.
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Jun 22, 2026
@github-actions github-actions Bot enabled auto-merge (squash) June 22, 2026 13:10
@github-actions

github-actions Bot commented Jun 22, 2026

Copy link
Copy Markdown

🏗️ CDK infra diff — PR vs main

ServerlessApp-us-east-1-stage/ServerlessAppBackend-us-east-1
Stack ServerlessApp-us-east-1-stage/ServerlessAppBackend-us-east-1 (ServerlessAppBackend-us-east-1)
Resources
[-] AWS::Lambda::Version ServerlessAppBackend-us-east-1/App/ApiFunction/CurrentVersion AppApiFunctionCurrentVersion01C510ACe225f8dec15fe8e1d3ff813224b615e2 destroy
[+] AWS::Lambda::Version ServerlessAppBackend-us-east-1/App/ApiFunction/CurrentVersion AppApiFunctionCurrentVersion01C510AC969e84ee36d9c7585189193960a2bf1f
[~] AWS::Lambda::Function ServerlessAppBackend-us-east-1/App/ApiFunction AppApiFunctionDE515850
 ├─ [~] Code
 │   └─ [~] .S3Key:
 │       ├─ [-] db3e8398dd1aa03ba9a4a39eab0146bfc1c7f183d62c1a42fdd3399e1ca2842c.zip
 │       └─ [+] 77ce8bb8d2ed8b670e9f2b2c1b7ed0eefc30a80e5c5b7384017f317daa0fb431.zip
 └─ [~] Metadata
     └─ [~] .aws:asset:path:
         ├─ [-] ../asset.db3e8398dd1aa03ba9a4a39eab0146bfc1c7f183d62c1a42fdd3399e1ca2842c
         └─ [+] ../asset.77ce8bb8d2ed8b670e9f2b2c1b7ed0eefc30a80e5c5b7384017f317daa0fb431
[~] AWS::Lambda::Alias ServerlessAppBackend-us-east-1/App/LiveAlias AppLiveAlias3872472E
 └─ [~] FunctionVersion
     └─ [~] .Fn::GetAtt:
         └─ @@ -1,4 +1,4 @@
            [ ] [
            [-]   "AppApiFunctionCurrentVersion01C510ACe225f8dec15fe8e1d3ff813224b615e2",
            [+]   "AppApiFunctionCurrentVersion01C510AC969e84ee36d9c7585189193960a2bf1f",
            [ ]   "Version"
            [ ] ]



✨  Number of stacks with differences: 1

Bumps the patches group with 4 updates in the /lambda directory: [boto3](https://github.com/boto/boto3), [botocore](https://github.com/boto/botocore), [pydantic-settings](https://github.com/pydantic/pydantic-settings) and [wrapt](https://github.com/GrahamDumpleton/wrapt).


Updates `boto3` from 1.43.31 to 1.43.36
- [Release notes](https://github.com/boto/boto3/releases)
- [Commits](boto/boto3@1.43.31...1.43.36)

Updates `botocore` from 1.43.31 to 1.43.36
- [Commits](boto/botocore@1.43.31...1.43.36)

Updates `pydantic-settings` from 2.14.1 to 2.14.2
- [Release notes](https://github.com/pydantic/pydantic-settings/releases)
- [Commits](pydantic/pydantic-settings@v2.14.1...v2.14.2)

Updates `wrapt` from 2.2.1 to 2.2.2
- [Release notes](https://github.com/GrahamDumpleton/wrapt/releases)
- [Changelog](https://github.com/GrahamDumpleton/wrapt/blob/develop/docs/changes.rst)
- [Commits](GrahamDumpleton/wrapt@2.2.1...2.2.2)

---
updated-dependencies:
- dependency-name: boto3
  dependency-version: 1.43.34
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patches
- dependency-name: botocore
  dependency-version: 1.43.34
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patches
- dependency-name: pydantic-settings
  dependency-version: 2.14.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patches
- dependency-name: wrapt
  dependency-version: 2.2.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patches
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title build(deps): bump the patches group in /lambda with 4 updates build(deps): bump the patches group across 1 directory with 4 updates Jun 29, 2026
@dependabot dependabot Bot force-pushed the dependabot/pip/lambda/patches-7bd790250c branch from 4775cf4 to 101a0c3 Compare June 29, 2026 13:09
@dependabot @github

dependabot Bot commented on behalf of github Jul 3, 2026

Copy link
Copy Markdown
Contributor Author

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Jul 3, 2026
auto-merge was automatically disabled July 3, 2026 02:34

Pull request was closed

@dependabot dependabot Bot deleted the dependabot/pip/lambda/patches-7bd790250c branch July 3, 2026 02:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants