diff --git a/.github/workflows/check-common-cdk.yml b/.github/workflows/check-common-cdk.yml index a7dc34bd8..a017e2c91 100644 --- a/.github/workflows/check-common-cdk.yml +++ b/.github/workflows/check-common-cdk.yml @@ -17,12 +17,12 @@ jobs: LintPython: runs-on: ubuntu-latest steps: - - uses: actions/setup-python@v5 + - uses: actions/setup-python@v6 with: - python-version: '3.12' + python-version: '3.14' # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - - uses: actions/checkout@v2 + - uses: actions/checkout@v5 - name: Install dev dependencies run: "pip install -r backend/common-cdk/requirements-dev.in" @@ -38,12 +38,12 @@ jobs: runs-on: ubuntu-latest steps: # Checks-out the repository under $GITHUB_WORKSPACE - - uses: actions/checkout@v2 + - uses: actions/checkout@v5 - name: Setup Python - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: - python-version: '3.12' + python-version: '3.14' - name: Install dev dependencies run: "pip install -r backend/common-cdk/requirements-dev.in" diff --git a/.github/workflows/check-compact-connect-ui-app.yml b/.github/workflows/check-compact-connect-ui-app.yml index aaa478073..f544e5907 100644 --- a/.github/workflows/check-compact-connect-ui-app.yml +++ b/.github/workflows/check-compact-connect-ui-app.yml @@ -17,12 +17,12 @@ jobs: LintPython: runs-on: ubuntu-latest steps: - - uses: actions/setup-python@v5 + - uses: actions/setup-python@v6 with: - python-version: '3.12' + python-version: '3.14' # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - - uses: actions/checkout@v2 + - uses: actions/checkout@v5 - name: Install dev dependencies run: "pip install -r backend/compact-connect-ui-app/requirements-dev.txt" @@ -39,16 +39,16 @@ jobs: steps: # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - - uses: actions/checkout@v2 + - uses: actions/checkout@v5 - run: echo "💡 The ${{ github.repository }} repository has been cloned to the runner." - run: echo "🖥️ The workflow is now ready to test your code on the runner." # Setup Node - name: Setup Node - uses: actions/setup-node@v1 + uses: actions/setup-node@v6 with: - node-version: '22.1.0' + node-version: '24.11.1' # Use any cached yarn dependencies (saves build time) - uses: actions/cache@v4 @@ -75,18 +75,18 @@ jobs: runs-on: ubuntu-latest steps: # Checks-out the repository under $GITHUB_WORKSPACE - - uses: actions/checkout@v2 + - uses: actions/checkout@v5 - name: Setup Python - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: - python-version: '3.12' + python-version: '3.14' # Setup Node - name: Setup Node - uses: actions/setup-node@v1 + uses: actions/setup-node@v6 with: - node-version: '22.1.0' + node-version: '24.11.1' # Use any cached yarn dependencies (saves build time) - uses: actions/cache@v4 diff --git a/.github/workflows/check-compact-connect.yml b/.github/workflows/check-compact-connect.yml index 0b69755da..ad776b5ae 100644 --- a/.github/workflows/check-compact-connect.yml +++ b/.github/workflows/check-compact-connect.yml @@ -17,12 +17,12 @@ jobs: LintPython: runs-on: ubuntu-latest steps: - - uses: actions/setup-python@v5 + - uses: actions/setup-python@v6 with: - python-version: '3.12' + python-version: '3.14' # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - - uses: actions/checkout@v2 + - uses: actions/checkout@v5 - name: Install dev dependencies run: "pip install -r backend/compact-connect/requirements-dev.txt" @@ -39,16 +39,16 @@ jobs: steps: # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - - uses: actions/checkout@v2 + - uses: actions/checkout@v5 - run: echo "💡 The ${{ github.repository }} repository has been cloned to the runner." - run: echo "🖥️ The workflow is now ready to test your code on the runner." # Setup Node - name: Setup Node - uses: actions/setup-node@v1 + uses: actions/setup-node@v6 with: - node-version: '22.1.0' + node-version: '24.11.1' # Use any cached yarn dependencies (saves build time) - uses: actions/cache@v4 @@ -75,18 +75,18 @@ jobs: runs-on: ubuntu-latest steps: # Checks-out the repository under $GITHUB_WORKSPACE - - uses: actions/checkout@v2 + - uses: actions/checkout@v5 - name: Setup Python - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: - python-version: '3.12' + python-version: '3.14' # Setup Node - name: Setup Node - uses: actions/setup-node@v1 + uses: actions/setup-node@v6 with: - node-version: '22.1.0' + node-version: '24.11.1' # Use any cached yarn dependencies (saves build time) - uses: actions/cache@v4 @@ -109,3 +109,31 @@ jobs: - name: Test backend run: "cd backend/compact-connect; bin/run_tests.sh -l all -no" + + # The purchases lambda Python version has to be held back because of its Authorize.net dependency + # so we will check it separately + TestAndLintPurchases: + runs-on: ubuntu-latest + steps: + # Checks-out the repository under $GITHUB_WORKSPACE + - uses: actions/checkout@v5 + + - uses: actions/setup-python@v6 + with: + python-version: '3.12' + + - name: Install dependencies + run: "cd backend/compact-connect/lambdas/python/purchases; pip install -r requirements.txt" + + - name: Install dev dependencies + run: "cd backend/compact-connect/lambdas/python/purchases; pip install -r requirements-dev.txt" + + - name: Lint Code + run: "cd backend/compact-connect/lambdas/python/purchases; ruff check $(git ls-files '*.py')" + + - name: Check Dependencies + # Ignore pip vulnerability that does not affect Python 3.12+ + run: "pip-audit --ignore-vuln GHSA-4xh5-x5gv-qwph" + + - name: Test backend + run: "cd backend/compact-connect/lambdas/python/purchases; PYTHONPATH=../common pytest tests --cov --cov-fail-under=90" diff --git a/.github/workflows/check-for-external-state-api-spec-update.yml b/.github/workflows/check-for-external-state-api-spec-update.yml index ae59031d9..9b743e747 100644 --- a/.github/workflows/check-for-external-state-api-spec-update.yml +++ b/.github/workflows/check-for-external-state-api-spec-update.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Setup Python - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: '3.12' diff --git a/.github/workflows/check-for-internal-api-spec-update.yml b/.github/workflows/check-for-internal-api-spec-update.yml index 152d631e2..3d49bd9ff 100644 --- a/.github/workflows/check-for-internal-api-spec-update.yml +++ b/.github/workflows/check-for-internal-api-spec-update.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Setup Python - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: '3.12' diff --git a/.github/workflows/check-multi-account.yml b/.github/workflows/check-multi-account.yml index 2b0e4b619..e055f502f 100644 --- a/.github/workflows/check-multi-account.yml +++ b/.github/workflows/check-multi-account.yml @@ -17,7 +17,7 @@ jobs: LintPython: runs-on: ubuntu-latest steps: - - uses: actions/setup-python@v5 + - uses: actions/setup-python@v6 with: python-version: '3.12' @@ -41,7 +41,7 @@ jobs: - uses: actions/checkout@v2 - name: Setup Python - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: '3.12' diff --git a/.github/workflows/zap-scan-test.yml b/.github/workflows/zap-scan-test.yml index 68b6b6b81..83281b150 100644 --- a/.github/workflows/zap-scan-test.yml +++ b/.github/workflows/zap-scan-test.yml @@ -34,7 +34,7 @@ jobs: - run: echo "🖥️ The workflow is now ready to test your code on the runner." - name: Setup Node - uses: actions/setup-node@v1 + uses: actions/setup-node@v6 with: node-version: '22.1.0' diff --git a/backend/compact-connect-ui-app/lambdas/nodejs/README.md b/backend/compact-connect-ui-app/lambdas/nodejs/README.md index 20ed86c09..c2d18d152 100644 --- a/backend/compact-connect-ui-app/lambdas/nodejs/README.md +++ b/backend/compact-connect-ui-app/lambdas/nodejs/README.md @@ -4,7 +4,7 @@ This folder contains all lambda runtimes that are written with NodeJS/JavaScript ## Prerequisites -* **[Node](https://github.com/creationix/nvm#installation) `22.X`** +* **[Node](https://github.com/creationix/nvm#installation) `24.X`** * **[Yarn](https://yarnpkg.com/en/) `1.22.22`** * `npm install --global yarn@1.22.22` diff --git a/backend/compact-connect-ui-app/lambdas/nodejs/cloudfront-csp/README.md b/backend/compact-connect-ui-app/lambdas/nodejs/cloudfront-csp/README.md index 38238c536..cc153ca77 100644 --- a/backend/compact-connect-ui-app/lambdas/nodejs/cloudfront-csp/README.md +++ b/backend/compact-connect-ui-app/lambdas/nodejs/cloudfront-csp/README.md @@ -8,7 +8,7 @@ --- ## Prerequisites -* **[Node](https://github.com/creationix/nvm#installation) `22.X`** +* **[Node](https://github.com/creationix/nvm#installation) `24.X`** * **[Yarn](https://yarnpkg.com/en/) `1.22.22`** * `npm install --global yarn@1.22.22` * **[Mocha](https://mochajs.org/) `10.x.x`+** diff --git a/backend/compact-connect-ui-app/lambdas/nodejs/package.json b/backend/compact-connect-ui-app/lambdas/nodejs/package.json index 1c355f7b4..d5b458edd 100644 --- a/backend/compact-connect-ui-app/lambdas/nodejs/package.json +++ b/backend/compact-connect-ui-app/lambdas/nodejs/package.json @@ -29,7 +29,6 @@ "@aws-sdk/client-dynamodb": "^3.682.0", "@aws-sdk/client-s3": "^3.682.0", "@aws-sdk/util-dynamodb": "^3.682.0", - "aws-lambda": "1.0.7", "zod": "^3.23.8" } } diff --git a/backend/compact-connect-ui-app/lambdas/nodejs/yarn.lock b/backend/compact-connect-ui-app/lambdas/nodejs/yarn.lock index 793afb090..ba6e6914d 100644 --- a/backend/compact-connect-ui-app/lambdas/nodejs/yarn.lock +++ b/backend/compact-connect-ui-app/lambdas/nodejs/yarn.lock @@ -1672,13 +1672,6 @@ anymatch@~3.1.2: normalize-path "^3.0.0" picomatch "^2.0.4" -argparse@^1.0.7: - version "1.0.10" - resolved "https://registry.yarnpkg.com/argparse/-/argparse-1.0.10.tgz#bcd6791ea5ae09725e17e5ad988134cd40b3d911" - integrity sha512-o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg== - dependencies: - sprintf-js "~1.0.2" - argparse@^2.0.1: version "2.0.1" resolved "https://registry.yarnpkg.com/argparse/-/argparse-2.0.1.tgz#246f50f3ca78a3240f6c997e8a9bd1eac49e4b38" @@ -1699,23 +1692,6 @@ async@^3.2.3: resolved "https://registry.yarnpkg.com/async/-/async-3.2.6.tgz#1b0728e14929d51b85b449b7f06e27c1145e38ce" integrity sha512-htCUDlxyyCLMgaM3xXg0C0LW2xqfuQ6p05pCEIsXuyQ+a1koYKTuBMzRNwmybfLgvJDMd0r1LTn4+E0Ti6C2AA== -available-typed-arrays@^1.0.7: - version "1.0.7" - resolved "https://registry.yarnpkg.com/available-typed-arrays/-/available-typed-arrays-1.0.7.tgz#a5cc375d6a03c2efc87a553f3e0b1522def14846" - integrity sha512-wvUjBtSGN7+7SjNpq/9M2Tg350UZD3q62IFZLbRAR1bSMlCo1ZaeW+BJ+D090e4hIIZLBcTDWe4Mh4jvUDajzQ== - dependencies: - possible-typed-array-names "^1.0.0" - -aws-lambda@1.0.7: - version "1.0.7" - resolved "https://registry.yarnpkg.com/aws-lambda/-/aws-lambda-1.0.7.tgz#c6b674df47458b5ecd43ab734899ad2e2d457013" - integrity sha512-9GNFMRrEMG5y3Jvv+V4azWvc+qNWdWLTjDdhf/zgMlz8haaaLWv0xeAIWxz9PuWUBawsVxy0zZotjCdR3Xq+2w== - dependencies: - aws-sdk "^2.814.0" - commander "^3.0.2" - js-yaml "^3.14.1" - watchpack "^2.0.0-beta.10" - aws-sdk-client-mock-jest@^4.1.0: version "4.1.0" resolved "https://registry.yarnpkg.com/aws-sdk-client-mock-jest/-/aws-sdk-client-mock-jest-4.1.0.tgz#40a3bdedd8d551cf2a836b77239038c0ca10e25c" @@ -1734,32 +1710,11 @@ aws-sdk-client-mock@^4.1.0: sinon "^18.0.1" tslib "^2.1.0" -aws-sdk@^2.814.0: - version "2.1692.0" - resolved "https://registry.yarnpkg.com/aws-sdk/-/aws-sdk-2.1692.0.tgz#9dac5f7bfcc5ab45825cc8591b12753aa7d2902c" - integrity sha512-x511uiJ/57FIsbgUe5csJ13k3uzu25uWQE+XqfBis/sB0SFoiElJWXRkgEAUh0U6n40eT3ay5Ue4oPkRMu1LYw== - dependencies: - buffer "4.9.2" - events "1.1.1" - ieee754 "1.1.13" - jmespath "0.16.0" - querystring "0.2.0" - sax "1.2.1" - url "0.10.3" - util "^0.12.4" - uuid "8.0.0" - xml2js "0.6.2" - balanced-match@^1.0.0: version "1.0.2" resolved "https://registry.yarnpkg.com/balanced-match/-/balanced-match-1.0.2.tgz#e83e3a7e3f300b34cb9d87f615fa0cbf357690ee" integrity sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw== -base64-js@^1.0.2: - version "1.5.1" - resolved "https://registry.yarnpkg.com/base64-js/-/base64-js-1.5.1.tgz#1b1b440160a5bf7ad40b650f095963481903930a" - integrity sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA== - binary-extensions@^2.0.0: version "2.3.0" resolved "https://registry.yarnpkg.com/binary-extensions/-/binary-extensions-2.3.0.tgz#f6e14a97858d327252200242d4ccfe522c445522" @@ -1797,33 +1752,6 @@ browser-stdout@^1.3.1: resolved "https://registry.yarnpkg.com/browser-stdout/-/browser-stdout-1.3.1.tgz#baa559ee14ced73452229bad7326467c61fabd60" integrity sha512-qhAVI1+Av2X7qelOfAIYwXONood6XlZE/fXaBSmW/T5SzLAmCgzi+eiWE7fUvbHaeNBQH13UftjpXxsfLkMpgw== -buffer@4.9.2: - version "4.9.2" - resolved "https://registry.yarnpkg.com/buffer/-/buffer-4.9.2.tgz#230ead344002988644841ab0244af8c44bbe3ef8" - integrity sha512-xq+q3SRMOxGivLhBNaUdC64hDTQwejJ+H0T/NB1XMtTVEwNTrfFF3gAxiyW0Bu/xWEGhjVKgUcMhCrUy2+uCWg== - dependencies: - base64-js "^1.0.2" - ieee754 "^1.1.4" - isarray "^1.0.0" - -call-bind-apply-helpers@^1.0.0: - version "1.0.1" - resolved "https://registry.yarnpkg.com/call-bind-apply-helpers/-/call-bind-apply-helpers-1.0.1.tgz#32e5892e6361b29b0b545ba6f7763378daca2840" - integrity sha512-BhYE+WDaywFg2TBWYNXAE+8B1ATnThNBqXHP5nQu0jWJdVvY2hvkpyB3qOmtmDePiS5/BDQ8wASEWGMWRG148g== - dependencies: - es-errors "^1.3.0" - function-bind "^1.1.2" - -call-bind@^1.0.2, call-bind@^1.0.7: - version "1.0.8" - resolved "https://registry.yarnpkg.com/call-bind/-/call-bind-1.0.8.tgz#0736a9660f537e3388826f440d5ec45f744eaa4c" - integrity sha512-oKlSFMcMwpUg2ednkhQ454wfWiU/ul3CkJe/PEHcTKuiX6RpbehUiFMXu13HalGZxfUwCQzZG747YXBn1im9ww== - dependencies: - call-bind-apply-helpers "^1.0.0" - es-define-property "^1.0.0" - get-intrinsic "^1.2.4" - set-function-length "^1.2.2" - callsites@^3.0.0: version "3.1.0" resolved "https://registry.yarnpkg.com/callsites/-/callsites-3.1.0.tgz#b3630abd8943432f54b3f0519238e33cd7df2f73" @@ -1975,11 +1903,6 @@ commander@^10.0.1: resolved "https://registry.yarnpkg.com/commander/-/commander-10.0.1.tgz#881ee46b4f77d1c1dccc5823433aa39b022cbe06" integrity sha512-y4Mg2tXshplEbSGzx7amzPwKKOCGuoSRP/CjEdwwk0FOGlUbq6lKuoyDZTNZkmxHdJtp54hdfY/JUrdL7Xfdug== -commander@^3.0.2: - version "3.0.2" - resolved "https://registry.yarnpkg.com/commander/-/commander-3.0.2.tgz#6837c3fb677ad9933d1cfba42dd14d5117d6b39e" - integrity sha512-Gar0ASD4BDyKC4hl4DwHqDrmvjoxWKZigVnAbn5H1owvm4CxCPdb0HQDehwNYMJpla5+M2tPmPARzhtYuwpHow== - concat-map@0.0.1: version "0.0.1" resolved "https://registry.yarnpkg.com/concat-map/-/concat-map-0.0.1.tgz#d8a96bd77fd68df7793a73036a3ba0d5405d477b" @@ -2023,15 +1946,6 @@ deep-is@^0.1.3: resolved "https://registry.yarnpkg.com/deep-is/-/deep-is-0.1.4.tgz#a6f2dce612fadd2ef1f519b73551f17e85199831" integrity sha512-oIPzksmTg4/MriiaYGO+okXDT7ztn/w3Eptv/+gSIdMdKsJo0u4CfYNFJPy+4SKMuCqGw2wxnA+URMg3t8a/bQ== -define-data-property@^1.1.4: - version "1.1.4" - resolved "https://registry.yarnpkg.com/define-data-property/-/define-data-property-1.1.4.tgz#894dc141bb7d3060ae4366f6a0107e68fbe48c5e" - integrity sha512-rBMvIzlpA8v6E+SJZoo++HAYqsLrkg7MSfIinMPFhmkorw7X+dOXVJQs+QT69zGkzMyfDnIMN2Wid1+NbL3T+A== - dependencies: - es-define-property "^1.0.0" - es-errors "^1.3.0" - gopd "^1.0.1" - diff-sequences@^29.6.3: version "29.6.3" resolved "https://registry.yarnpkg.com/diff-sequences/-/diff-sequences-29.6.3.tgz#4deaf894d11407c51efc8418012f9e70b84ea921" @@ -2047,15 +1961,6 @@ dotenv@^16.3.1: resolved "https://registry.yarnpkg.com/dotenv/-/dotenv-16.4.7.tgz#0e20c5b82950140aa99be360a8a5f52335f53c26" integrity sha512-47qPchRCykZC03FhkYAhrvwU4xDBFIj1QPqaarj6mdM/hgUzfPHcpkHJOn3mJAufFeeAxAzeGsr5X0M4k6fLZQ== -dunder-proto@^1.0.0: - version "1.0.0" - resolved "https://registry.yarnpkg.com/dunder-proto/-/dunder-proto-1.0.0.tgz#c2fce098b3c8f8899554905f4377b6d85dabaa80" - integrity sha512-9+Sj30DIu+4KvHqMfLUGLFYL2PkURSYMVXJyXe92nFRvlYq5hBjLEhblKB+vkd/WVlUYMWigiY07T91Fkk0+4A== - dependencies: - call-bind-apply-helpers "^1.0.0" - es-errors "^1.3.0" - gopd "^1.2.0" - eastasianwidth@^0.2.0: version "0.2.0" resolved "https://registry.yarnpkg.com/eastasianwidth/-/eastasianwidth-0.2.0.tgz#696ce2ec0aa0e6ea93a397ffcf24aa7840c827cb" @@ -2076,16 +1981,6 @@ enabled@2.0.x: resolved "https://registry.yarnpkg.com/enabled/-/enabled-2.0.0.tgz#f9dd92ec2d6f4bbc0d5d1e64e21d61cd4665e7c2" integrity sha512-AKrN98kuwOzMIdAizXGI86UFBoo26CL21UM763y1h/GMSJ4/OHU9k2YlsmBpyScFo/wbLzWQJBMCW4+IO3/+OQ== -es-define-property@^1.0.0, es-define-property@^1.0.1: - version "1.0.1" - resolved "https://registry.yarnpkg.com/es-define-property/-/es-define-property-1.0.1.tgz#983eb2f9a6724e9303f61addf011c72e09e0b0fa" - integrity sha512-e3nRfgfUZ4rNGL232gUgX06QNyyez04KdjFrF+LTRoOXmrOgFKDg4BCdsjW8EnT69eqdYGmRpJwiPVYNrCaW3g== - -es-errors@^1.3.0: - version "1.3.0" - resolved "https://registry.yarnpkg.com/es-errors/-/es-errors-1.3.0.tgz#05f75a25dab98e4fb1dcd5e1472c0546d5057c8f" - integrity sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw== - esbuild@0.24.0: version "0.24.0" resolved "https://registry.yarnpkg.com/esbuild/-/esbuild-0.24.0.tgz#f2d470596885fcb2e91c21eb3da3b3c89c0b55e7" @@ -2198,11 +2093,6 @@ espree@^10.0.1, espree@^10.3.0: acorn-jsx "^5.3.2" eslint-visitor-keys "^4.2.0" -esprima@^4.0.0: - version "4.0.1" - resolved "https://registry.yarnpkg.com/esprima/-/esprima-4.0.1.tgz#13b04cdb3e6c5d19df91ab6987a8695619b0aa71" - integrity sha512-eGuFFw7Upda+g4p+QHvnW0RyTX/SVeJBDM/gCtMARO0cLuT2HcEKnTPvhjV6aGeqrCB/sbNop0Kszm0jsaWU4A== - esquery@^1.5.0: version "1.6.0" resolved "https://registry.yarnpkg.com/esquery/-/esquery-1.6.0.tgz#91419234f804d852a82dceec3e16cdc22cf9dae7" @@ -2227,11 +2117,6 @@ esutils@^2.0.2: resolved "https://registry.yarnpkg.com/esutils/-/esutils-2.0.3.tgz#74d2eb4de0b8da1293711910d50775b9b710ef64" integrity sha512-kVscqXk4OCp68SZ0dkgEKVi6/8ij300KBWTJq32P/dYeWTSwK41WyTxalN1eRmA5Z9UU/LX9D7FWSmV9SAYx6g== -events@1.1.1: - version "1.1.1" - resolved "https://registry.yarnpkg.com/events/-/events-1.1.1.tgz#9ebdb7635ad099c70dcc4c2a1f5004288e8bd924" - integrity sha512-kEcvvCBByWXGnZy6JUlgAp2gBIUjfCAV6P6TgT1/aaQKcmuAEC4OZTV1I4EWQLz2gxZw76atuVyvHhTxvi0Flw== - expect@>28.1.3: version "29.7.0" resolved "https://registry.yarnpkg.com/expect/-/expect-29.7.0.tgz#578874590dcb3214514084c08115d8aee61e11bc" @@ -2315,13 +2200,6 @@ fn.name@1.x.x: resolved "https://registry.yarnpkg.com/fn.name/-/fn.name-1.1.0.tgz#26cad8017967aea8731bc42961d04a3d5988accc" integrity sha512-GRnmB5gPyJpAhTQdSZTSp9uaPSvl09KoYcMQtsB9rQoOmzs9dH6ffeccH+Z+cv6P68Hu5bC6JjRh4Ah/mHSNRw== -for-each@^0.3.3: - version "0.3.3" - resolved "https://registry.yarnpkg.com/for-each/-/for-each-0.3.3.tgz#69b447e88a0a5d32c3e7084f3f1710034b21376e" - integrity sha512-jqYfLp7mo9vIyQf8ykW2v7A+2N4QjeCeI5+Dz9XraiO1ign81wjiH7Fb9vSOWvQfNtmSa4H2RoQTrrXivdUZmw== - dependencies: - is-callable "^1.1.3" - foreground-child@^3.1.0: version "3.3.0" resolved "https://registry.yarnpkg.com/foreground-child/-/foreground-child-3.3.0.tgz#0ac8644c06e431439f8561db8ecf29a7b5519c77" @@ -2335,11 +2213,6 @@ fsevents@~2.3.2: resolved "https://registry.yarnpkg.com/fsevents/-/fsevents-2.3.3.tgz#cac6407785d03675a2a5e1a5305c697b347d90d6" integrity sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw== -function-bind@^1.1.2: - version "1.1.2" - resolved "https://registry.yarnpkg.com/function-bind/-/function-bind-1.1.2.tgz#2c02d864d97f3ea6c8830c464cbd11ab6eab7a1c" - integrity sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA== - get-caller-file@^2.0.5: version "2.0.5" resolved "https://registry.yarnpkg.com/get-caller-file/-/get-caller-file-2.0.5.tgz#4f94412a82db32f36e3b0b9741f8a97feb031f7e" @@ -2350,20 +2223,6 @@ get-func-name@^2.0.1, get-func-name@^2.0.2: resolved "https://registry.yarnpkg.com/get-func-name/-/get-func-name-2.0.2.tgz#0d7cf20cd13fda808669ffa88f4ffc7a3943fc41" integrity sha512-8vXOvuE167CtIc3OyItco7N/dpRtBbYOsPsXCz7X/PMnlGjYjSGuZJgM1Y7mmew7BKf9BqvLX2tnOVy1BBUsxQ== -get-intrinsic@^1.2.4: - version "1.2.5" - resolved "https://registry.yarnpkg.com/get-intrinsic/-/get-intrinsic-1.2.5.tgz#dfe7dd1b30761b464fe51bf4bb00ac7c37b681e7" - integrity sha512-Y4+pKa7XeRUPWFNvOOYHkRYrfzW07oraURSvjDmRVOJ748OrVmeXtpE4+GCEHncjCjkTxPNRt8kEbxDhsn6VTg== - dependencies: - call-bind-apply-helpers "^1.0.0" - dunder-proto "^1.0.0" - es-define-property "^1.0.1" - es-errors "^1.3.0" - function-bind "^1.1.2" - gopd "^1.2.0" - has-symbols "^1.1.0" - hasown "^2.0.2" - glob-parent@^6.0.2: version "6.0.2" resolved "https://registry.yarnpkg.com/glob-parent/-/glob-parent-6.0.2.tgz#6d237d99083950c79290f24c7642a3de9a28f9e3" @@ -2378,11 +2237,6 @@ glob-parent@~5.1.2: dependencies: is-glob "^4.0.1" -glob-to-regexp@^0.4.1: - version "0.4.1" - resolved "https://registry.yarnpkg.com/glob-to-regexp/-/glob-to-regexp-0.4.1.tgz#c75297087c851b9a578bd217dd59a92f59fe546e" - integrity sha512-lkX1HJXwyMcprw/5YUZc2s7DrpAiHB21/V+E1rHUrVNokkvB6bqMzT0VfV6/86ZNabt1k14YOIaT7nDvOX3Iiw== - glob@^10.4.5: version "10.4.5" resolved "https://registry.yarnpkg.com/glob/-/glob-10.4.5.tgz#f4d9f0b90ffdbab09c9d77f5f29b4262517b0956" @@ -2400,12 +2254,7 @@ globals@^14.0.0: resolved "https://registry.yarnpkg.com/globals/-/globals-14.0.0.tgz#898d7413c29babcf6bafe56fcadded858ada724e" integrity sha512-oahGvuMGQlPw/ivIYBjVSrWAfWLBeku5tpPE2fOPLi+WHffIWbuh2tCjhyQhTBPMf5E9jDEH4FOmTYgYwbKwtQ== -gopd@^1.0.1, gopd@^1.2.0: - version "1.2.0" - resolved "https://registry.yarnpkg.com/gopd/-/gopd-1.2.0.tgz#89f56b8217bdbc8802bd299df6d7f1081d7e51a1" - integrity sha512-ZUKRh6/kUFoAiTAtTYPZJ3hw9wNxx+BIBOijnlG9PnrJsCcSjs1wyyD6vJpaYtgnzDrKYRSqf3OO6Rfa93xsRg== - -graceful-fs@^4.1.2, graceful-fs@^4.2.9: +graceful-fs@^4.2.9: version "4.2.11" resolved "https://registry.yarnpkg.com/graceful-fs/-/graceful-fs-4.2.11.tgz#4183e4e8bf08bb6e05bbb2f7d2e0c8f712ca40e3" integrity sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ== @@ -2415,47 +2264,11 @@ has-flag@^4.0.0: resolved "https://registry.yarnpkg.com/has-flag/-/has-flag-4.0.0.tgz#944771fd9c81c81265c4d6941860da06bb59479b" integrity sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ== -has-property-descriptors@^1.0.2: - version "1.0.2" - resolved "https://registry.yarnpkg.com/has-property-descriptors/-/has-property-descriptors-1.0.2.tgz#963ed7d071dc7bf5f084c5bfbe0d1b6222586854" - integrity sha512-55JNKuIW+vq4Ke1BjOTjM2YctQIvCT7GFzHwmfZPGo5wnrgkid0YQtnAleFSqumZm4az3n2BS+erby5ipJdgrg== - dependencies: - es-define-property "^1.0.0" - -has-symbols@^1.0.3, has-symbols@^1.1.0: - version "1.1.0" - resolved "https://registry.yarnpkg.com/has-symbols/-/has-symbols-1.1.0.tgz#fc9c6a783a084951d0b971fe1018de813707a338" - integrity sha512-1cDNdwJ2Jaohmb3sg4OmKaMBwuC48sYni5HUw2DvsC8LjGTLK9h+eb1X6RyuOHe4hT0ULCW68iomhjUoKUqlPQ== - -has-tostringtag@^1.0.0, has-tostringtag@^1.0.2: - version "1.0.2" - resolved "https://registry.yarnpkg.com/has-tostringtag/-/has-tostringtag-1.0.2.tgz#2cdc42d40bef2e5b4eeab7c01a73c54ce7ab5abc" - integrity sha512-NqADB8VjPFLM2V0VvHUewwwsw0ZWBaIdgo+ieHtK3hasLz4qeCRjYcqfB6AQrBggRKppKF8L52/VqdVsO47Dlw== - dependencies: - has-symbols "^1.0.3" - -hasown@^2.0.2: - version "2.0.2" - resolved "https://registry.yarnpkg.com/hasown/-/hasown-2.0.2.tgz#003eaf91be7adc372e84ec59dc37252cedb80003" - integrity sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ== - dependencies: - function-bind "^1.1.2" - he@^1.2.0: version "1.2.0" resolved "https://registry.yarnpkg.com/he/-/he-1.2.0.tgz#84ae65fa7eafb165fddb61566ae14baf05664f0f" integrity sha512-F/1DnUGPopORZi0ni+CvrCgHQ5FyEAHRLSApuYWMmrbSwoN2Mn/7k+Gl38gJnR7yyDZk6WLXwiGod1JOWNDKGw== -ieee754@1.1.13: - version "1.1.13" - resolved "https://registry.yarnpkg.com/ieee754/-/ieee754-1.1.13.tgz#ec168558e95aa181fd87d37f55c32bbcb6708b84" - integrity sha512-4vf7I2LYV/HaWerSo3XmlMkp5eZ83i+/CDluXi/IGTs/O1sejBNhTtnxzmRZfvOUqj7lZjqHkeTvpgSFDlWZTg== - -ieee754@^1.1.4: - version "1.2.1" - resolved "https://registry.yarnpkg.com/ieee754/-/ieee754-1.2.1.tgz#8eb7a10a63fff25d15a57b001586d177d1b0d352" - integrity sha512-dcyqhDvX1C46lXZcVqCpK+FtMRQVdIMN6/Df5js2zouUsqG7I6sFxitIC+7KYK29KdXOLHdu9zL4sFnoVQnqaA== - ignore@^5.2.0: version "5.3.2" resolved "https://registry.yarnpkg.com/ignore/-/ignore-5.3.2.tgz#3cd40e729f3643fd87cb04e50bf0eb722bc596f5" @@ -2479,14 +2292,6 @@ inherits@^2.0.1, inherits@^2.0.3: resolved "https://registry.yarnpkg.com/inherits/-/inherits-2.0.4.tgz#0fa2c64f932917c3433a0ded55363aae37416b7c" integrity sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ== -is-arguments@^1.0.4: - version "1.1.1" - resolved "https://registry.yarnpkg.com/is-arguments/-/is-arguments-1.1.1.tgz#15b3f88fda01f2a97fec84ca761a560f123efa9b" - integrity sha512-8Q7EARjzEnKpt/PCD7e1cgUS0a6X8u5tdSiMqXhojOdoV9TsMsiO+9VLC5vAmO8N7/GmXn7yjR8qnA6bVAEzfA== - dependencies: - call-bind "^1.0.2" - has-tostringtag "^1.0.0" - is-arrayish@^0.3.1: version "0.3.2" resolved "https://registry.yarnpkg.com/is-arrayish/-/is-arrayish-0.3.2.tgz#4574a2ae56f7ab206896fb431eaeed066fdf8f03" @@ -2499,11 +2304,6 @@ is-binary-path@~2.1.0: dependencies: binary-extensions "^2.0.0" -is-callable@^1.1.3: - version "1.2.7" - resolved "https://registry.yarnpkg.com/is-callable/-/is-callable-1.2.7.tgz#3bc2a85ea742d9e36205dcacdd72ca1fdc51b055" - integrity sha512-1BC0BVFhS/p0qtw6enp8e+8OD0UrK0oFLztSjNzhcKA3WDuJxxAPXzPuPtKkjEY9UUoEWlX/8fgKeu2S8i9JTA== - is-extglob@^2.1.1: version "2.1.1" resolved "https://registry.yarnpkg.com/is-extglob/-/is-extglob-2.1.1.tgz#a88c02535791f02ed37c76a1b9ea9773c833f8c2" @@ -2514,13 +2314,6 @@ is-fullwidth-code-point@^3.0.0: resolved "https://registry.yarnpkg.com/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz#f116f8064fe90b3f7844a38997c0b75051269f1d" integrity sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg== -is-generator-function@^1.0.7: - version "1.0.10" - resolved "https://registry.yarnpkg.com/is-generator-function/-/is-generator-function-1.0.10.tgz#f1558baf1ac17e0deea7c0415c438351ff2b3c72" - integrity sha512-jsEjy9l3yiXEQ+PsXdmBwEPcOxaXWLspKdplFUVI9vq1iZgIekeC0L167qeu86czQaxed3q/Uzuw0swL0irL8A== - dependencies: - has-tostringtag "^1.0.0" - is-glob@^4.0.0, is-glob@^4.0.1, is-glob@^4.0.3, is-glob@~4.0.1: version "4.0.3" resolved "https://registry.yarnpkg.com/is-glob/-/is-glob-4.0.3.tgz#64f61e42cbbb2eec2071a9dac0b28ba1e65d5084" @@ -2543,23 +2336,11 @@ is-stream@^2.0.0: resolved "https://registry.yarnpkg.com/is-stream/-/is-stream-2.0.1.tgz#fac1e3d53b97ad5a9d0ae9cef2389f5810a5c077" integrity sha512-hFoiJiTl63nn+kstHGBtewWSKnQLpyb155KHheA1l39uvtO9nWIop1p3udqPcUd/xbF1VLMO4n7OI6p7RbngDg== -is-typed-array@^1.1.3: - version "1.1.13" - resolved "https://registry.yarnpkg.com/is-typed-array/-/is-typed-array-1.1.13.tgz#d6c5ca56df62334959322d7d7dd1cca50debe229" - integrity sha512-uZ25/bUAlUY5fR4OKT4rZQEBrzQWYV9ZJYGGsUmEJ6thodVJ1HX64ePQ6Z0qPWP+m+Uq6e9UugrE38jeYsDSMw== - dependencies: - which-typed-array "^1.1.14" - is-unicode-supported@^0.1.0: version "0.1.0" resolved "https://registry.yarnpkg.com/is-unicode-supported/-/is-unicode-supported-0.1.0.tgz#3f26c76a809593b52bfa2ecb5710ed2779b522a7" integrity sha512-knxG2q4UC3u8stRGyAVJCOdxFmv5DZiRcdlIaAQXAbSfJya+OhopNotLQrstBhququ4ZpuKbDc/8S6mgXgPFPw== -isarray@^1.0.0: - version "1.0.0" - resolved "https://registry.yarnpkg.com/isarray/-/isarray-1.0.0.tgz#bb935d48582cba168c06834957a54a3e07124f11" - integrity sha512-VLghIWNM6ELQzo7zwmcg0NmTVyWKYjvIeM83yjp0wRDTmUnrM678fQbcKBo6n2CJEF0szoG//ytg+TKla89ALQ== - isexe@^2.0.0: version "2.0.0" resolved "https://registry.yarnpkg.com/isexe/-/isexe-2.0.0.tgz#e8fbf374dc556ff8947a10dcb0572d633f2cfa10" @@ -2626,24 +2407,11 @@ jest-util@^29.7.0: graceful-fs "^4.2.9" picomatch "^2.2.3" -jmespath@0.16.0: - version "0.16.0" - resolved "https://registry.yarnpkg.com/jmespath/-/jmespath-0.16.0.tgz#b15b0a85dfd4d930d43e69ed605943c802785076" - integrity sha512-9FzQjJ7MATs1tSpnco1K6ayiYE3figslrXA72G2HQ/n76RzvYlofyi5QM+iX4YRs/pu3yzxlVQSST23+dMDknw== - js-tokens@^4.0.0: version "4.0.0" resolved "https://registry.yarnpkg.com/js-tokens/-/js-tokens-4.0.0.tgz#19203fb59991df98e3a287050d4647cdeaf32499" integrity sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ== -js-yaml@^3.14.1: - version "3.14.1" - resolved "https://registry.yarnpkg.com/js-yaml/-/js-yaml-3.14.1.tgz#dae812fdb3825fa306609a8717383c50c36a0537" - integrity sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g== - dependencies: - argparse "^1.0.7" - esprima "^4.0.0" - js-yaml@^4.1.0: version "4.1.0" resolved "https://registry.yarnpkg.com/js-yaml/-/js-yaml-4.1.0.tgz#c1fb65f8f5017901cdd2c951864ba18458a10602" @@ -2962,11 +2730,6 @@ picomatch@^2.0.4, picomatch@^2.2.1, picomatch@^2.2.3, picomatch@^2.3.1: resolved "https://registry.yarnpkg.com/picomatch/-/picomatch-2.3.1.tgz#3ba3833733646d9d3e4995946c1365a67fb07a42" integrity sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA== -possible-typed-array-names@^1.0.0: - version "1.0.0" - resolved "https://registry.yarnpkg.com/possible-typed-array-names/-/possible-typed-array-names-1.0.0.tgz#89bb63c6fada2c3e90adc4a647beeeb39cc7bf8f" - integrity sha512-d7Uw+eZoloe0EHDIYoe+bQ5WXnGMOpmiZFTuMWCwpjzzkL2nTjcKiAk4hh8TjnGye2TwWOk3UXucZ+3rbmBa8Q== - prelude-ls@^1.2.1: version "1.2.1" resolved "https://registry.yarnpkg.com/prelude-ls/-/prelude-ls-1.2.1.tgz#debc6489d7a6e6b0e7611888cec880337d316396" @@ -2981,21 +2744,11 @@ pretty-format@^29.7.0: ansi-styles "^5.0.0" react-is "^18.0.0" -punycode@1.3.2: - version "1.3.2" - resolved "https://registry.yarnpkg.com/punycode/-/punycode-1.3.2.tgz#9653a036fb7c1ee42342f2325cceefea3926c48d" - integrity sha512-RofWgt/7fL5wP1Y7fxE7/EmTLzQVnB0ycyibJ0OOHIlJqTNzglYFxVwETOcIoJqJmpDXJ9xImDv+Fq34F/d4Dw== - punycode@^2.1.0: version "2.3.1" resolved "https://registry.yarnpkg.com/punycode/-/punycode-2.3.1.tgz#027422e2faec0b25e1549c3e1bd8309b9133b6e5" integrity sha512-vYt7UD1U9Wg6138shLtLOvdAu+8DsC/ilFtEVHcH+wydcSpNE20AfSOduf6MkRFahL5FY7X1oU7nKVZFtfq8Fg== -querystring@0.2.0: - version "0.2.0" - resolved "https://registry.yarnpkg.com/querystring/-/querystring-0.2.0.tgz#b209849203bb25df820da756e747005878521620" - integrity sha512-X/xY82scca2tau62i9mDyU9K+I+djTMUsvwf7xnUX5GLvVzgJybOJf4Y6o9Zx3oJK/LSXg5tTZBjwzqVPaPO2g== - randombytes@^2.1.0: version "2.1.0" resolved "https://registry.yarnpkg.com/randombytes/-/randombytes-2.1.0.tgz#df6f84372f0270dc65cdf6291349ab7a473d4f2a" @@ -3044,16 +2797,6 @@ safe-stable-stringify@^2.3.1: resolved "https://registry.yarnpkg.com/safe-stable-stringify/-/safe-stable-stringify-2.5.0.tgz#4ca2f8e385f2831c432a719b108a3bf7af42a1dd" integrity sha512-b3rppTKm9T+PsVCBEOUR46GWI7fdOs00VKZ1+9c1EWDaDMvjQc6tUwuFyIprgGgTcWoVHSKrU8H31ZHA2e0RHA== -sax@1.2.1: - version "1.2.1" - resolved "https://registry.yarnpkg.com/sax/-/sax-1.2.1.tgz#7b8e656190b228e81a66aea748480d828cd2d37a" - integrity sha512-8I2a3LovHTOpm7NV5yOyO8IHqgVsfK4+UuySrXU8YXkSRX7k6hCV9b3HrkKCr3nMpgj+0bmocaJJWpvp1oc7ZA== - -sax@>=0.6.0: - version "1.4.1" - resolved "https://registry.yarnpkg.com/sax/-/sax-1.4.1.tgz#44cc8988377f126304d3b3fc1010c733b929ef0f" - integrity sha512-+aWOz7yVScEGoKNd4PA10LZ8sk0A/z5+nXQG5giUO5rprX9jgYsTdov9qCchZiPIZezbZH+jRut8nPodFAX4Jg== - serialize-javascript@^6.0.2: version "6.0.2" resolved "https://registry.yarnpkg.com/serialize-javascript/-/serialize-javascript-6.0.2.tgz#defa1e055c83bf6d59ea805d8da862254eb6a6c2" @@ -3061,18 +2804,6 @@ serialize-javascript@^6.0.2: dependencies: randombytes "^2.1.0" -set-function-length@^1.2.2: - version "1.2.2" - resolved "https://registry.yarnpkg.com/set-function-length/-/set-function-length-1.2.2.tgz#aac72314198eaed975cf77b2c3b6b880695e5449" - integrity sha512-pgRc4hJ4/sNjWCSS9AmnS40x3bNMDTknHgL5UaMBTMyJnU90EgWh1Rz+MC9eFu4BuN/UwZjKQuY/1v3rM7HMfg== - dependencies: - define-data-property "^1.1.4" - es-errors "^1.3.0" - function-bind "^1.1.2" - get-intrinsic "^1.2.4" - gopd "^1.0.1" - has-property-descriptors "^1.0.2" - shebang-command@^2.0.0: version "2.0.0" resolved "https://registry.yarnpkg.com/shebang-command/-/shebang-command-2.0.0.tgz#ccd0af4f8835fbdc265b82461aaf0c36663f34ea" @@ -3114,11 +2845,6 @@ slash@^3.0.0: resolved "https://registry.yarnpkg.com/slash/-/slash-3.0.0.tgz#6539be870c165adbd5240220dbe361f1bc4d4634" integrity sha512-g9Q1haeby36OSStwb4ntCGGGaKsaVSjQ68fBxoQcutl5fS1vuY18H3wSt3jFyFtrkx+Kz0V1G85A4MyAdDMi2Q== -sprintf-js@~1.0.2: - version "1.0.3" - resolved "https://registry.yarnpkg.com/sprintf-js/-/sprintf-js-1.0.3.tgz#04e6926f662895354f3dd015203633b857297e2c" - integrity sha512-D9cPgkvLlV3t3IzL0D0YLvGA9Ahk4PcvVwUbN0dSGr1aP0Nrt4AEnTUbuGvquEC0mA64Gqt1fzirlRs5ibXx8g== - stack-trace@0.0.x: version "0.0.10" resolved "https://registry.yarnpkg.com/stack-trace/-/stack-trace-0.0.10.tgz#547c70b347e8d32b4e108ea1a2a159e5fdde19c0" @@ -3271,59 +2997,16 @@ uri-js@^4.2.2: dependencies: punycode "^2.1.0" -url@0.10.3: - version "0.10.3" - resolved "https://registry.yarnpkg.com/url/-/url-0.10.3.tgz#021e4d9c7705f21bbf37d03ceb58767402774c64" - integrity sha512-hzSUW2q06EqL1gKM/a+obYHLIO6ct2hwPuviqTTOcfFVc61UbfJ2Q32+uGL/HCPxKqrdGB5QUwIe7UqlDgwsOQ== - dependencies: - punycode "1.3.2" - querystring "0.2.0" - util-deprecate@^1.0.1: version "1.0.2" resolved "https://registry.yarnpkg.com/util-deprecate/-/util-deprecate-1.0.2.tgz#450d4dc9fa70de732762fbd2d4a28981419a0ccf" integrity sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw== -util@^0.12.4: - version "0.12.5" - resolved "https://registry.yarnpkg.com/util/-/util-0.12.5.tgz#5f17a6059b73db61a875668781a1c2b136bd6fbc" - integrity sha512-kZf/K6hEIrWHI6XqOFUiiMa+79wE/D8Q+NCNAWclkyg3b4d2k7s0QGepNjiABc+aR3N1PAyHL7p6UcLY6LmrnA== - dependencies: - inherits "^2.0.3" - is-arguments "^1.0.4" - is-generator-function "^1.0.7" - is-typed-array "^1.1.3" - which-typed-array "^1.1.2" - -uuid@8.0.0: - version "8.0.0" - resolved "https://registry.yarnpkg.com/uuid/-/uuid-8.0.0.tgz#bc6ccf91b5ff0ac07bbcdbf1c7c4e150db4dbb6c" - integrity sha512-jOXGuXZAWdsTH7eZLtyXMqUb9EcWMGZNbL9YcGBJl4MH4nrxHmZJhEHvyLFrkxo+28uLb/NYRcStH48fnD0Vzw== - uuid@^9.0.1: version "9.0.1" resolved "https://registry.yarnpkg.com/uuid/-/uuid-9.0.1.tgz#e188d4c8853cc722220392c424cd637f32293f30" integrity sha512-b+1eJOlsR9K8HJpow9Ok3fiWOWSIcIzXodvv0rQjVoOVNpWMpxf1wZNpt4y9h10odCNrqnYp1OBzRktckBe3sA== -watchpack@^2.0.0-beta.10: - version "2.4.2" - resolved "https://registry.yarnpkg.com/watchpack/-/watchpack-2.4.2.tgz#2feeaed67412e7c33184e5a79ca738fbd38564da" - integrity sha512-TnbFSbcOCcDgjZ4piURLCbJ3nJhznVh9kw6F6iokjiFPl8ONxe9A6nMDVXDiNbrSfLILs6vB07F7wLBrwPYzJw== - dependencies: - glob-to-regexp "^0.4.1" - graceful-fs "^4.1.2" - -which-typed-array@^1.1.14, which-typed-array@^1.1.2: - version "1.1.16" - resolved "https://registry.yarnpkg.com/which-typed-array/-/which-typed-array-1.1.16.tgz#db4db429c4706feca2f01677a144278e4a8c216b" - integrity sha512-g+N+GAWiRj66DngFwHvISJd+ITsyphZvD1vChfVg6cEdnzy53GzB3oy0fUNlvhz7H7+MiqhYr26qxQShCpKTTQ== - dependencies: - available-typed-arrays "^1.0.7" - call-bind "^1.0.7" - for-each "^0.3.3" - gopd "^1.0.1" - has-tostringtag "^1.0.2" - which@^2.0.1: version "2.0.2" resolved "https://registry.yarnpkg.com/which/-/which-2.0.2.tgz#7c6a8dd0a636a0327e10b59c9286eee93f3f51b1" @@ -3394,19 +3077,6 @@ wrap-ansi@^8.1.0: string-width "^5.0.1" strip-ansi "^7.0.1" -xml2js@0.6.2: - version "0.6.2" - resolved "https://registry.yarnpkg.com/xml2js/-/xml2js-0.6.2.tgz#dd0b630083aa09c161e25a4d0901e2b2a929b499" - integrity sha512-T4rieHaC1EXcES0Kxxj4JWgaUQHDk+qwHcYOCFHfiwKz7tOVPLq7Hjq9dM1WCMhylqMEfP7hMcOIChvotiZegA== - dependencies: - sax ">=0.6.0" - xmlbuilder "~11.0.0" - -xmlbuilder@~11.0.0: - version "11.0.1" - resolved "https://registry.yarnpkg.com/xmlbuilder/-/xmlbuilder-11.0.1.tgz#be9bae1c8a046e76b31127726347d0ad7002beb3" - integrity sha512-fDlsI/kFEx7gLvbecc0/ohLG50fugQp8ryHzMTuW9vSa1GJ0XYWKnhsUx7oie3G98+r56aTQIUB4kht42R3JvA== - y18n@^5.0.5: version "5.0.8" resolved "https://registry.yarnpkg.com/y18n/-/y18n-5.0.8.tgz#7f4934d0f7ca8c56f95314939ddcd2dd91ce1d55" diff --git a/backend/compact-connect-ui-app/pipeline/frontend_pipeline.py b/backend/compact-connect-ui-app/pipeline/frontend_pipeline.py index 580932da7..a394322b1 100644 --- a/backend/compact-connect-ui-app/pipeline/frontend_pipeline.py +++ b/backend/compact-connect-ui-app/pipeline/frontend_pipeline.py @@ -145,7 +145,7 @@ def __init__( { 'phases': { 'install': { - 'runtime-versions': {'python': '3.12', 'nodejs': '22.x'}, + 'runtime-versions': {'python': '3.13', 'nodejs': '22.x'}, } } } diff --git a/backend/compact-connect-ui-app/requirements-dev.txt b/backend/compact-connect-ui-app/requirements-dev.txt index 8a13d2148..a8d4c0ea1 100644 --- a/backend/compact-connect-ui-app/requirements-dev.txt +++ b/backend/compact-connect-ui-app/requirements-dev.txt @@ -1,38 +1,36 @@ # -# This file is autogenerated by pip-compile with Python 3.12 +# This file is autogenerated by pip-compile with Python 3.14 # by the following command: # -# pip-compile --no-emit-index-url compact-connect/requirements-dev.in +# pip-compile --no-emit-index-url --no-strip-extras requirements-dev.in # boolean-py==5.0 # via license-expression build==1.3.0 # via pip-tools -cachecontrol[filecache]==0.14.3 +cachecontrol[filecache]==0.14.4 # via # cachecontrol # pip-audit -certifi==2025.8.3 +certifi==2025.11.12 # via requests -charset-normalizer==3.4.3 +charset-normalizer==3.4.4 # via requests -click==8.2.1 +click==8.3.1 # via pip-tools -coverage[toml]==7.10.5 +coverage[toml]==7.12.0 # via - # -r compact-connect/requirements-dev.in + # -r requirements-dev.in # pytest-cov cyclonedx-python-lib==9.1.0 # via pip-audit defusedxml==0.7.1 # via py-serializable -faker==28.4.1 - # via -r compact-connect/requirements-dev.in -filelock==3.19.1 +filelock==3.20.0 # via cachecontrol -idna==3.10 +idna==3.11 # via requests -iniconfig==2.1.0 +iniconfig==2.3.0 # via pytest license-expression==30.4.4 # via cyclonedx-python-lib @@ -40,7 +38,7 @@ markdown-it-py==4.0.0 # via rich mdurl==0.1.2 # via markdown-it-py -msgpack==1.1.1 +msgpack==1.1.2 # via cachecontrol packageurl-python==0.17.5 # via cyclonedx-python-lib @@ -53,12 +51,12 @@ packaging==25.0 pip-api==0.0.34 # via pip-audit pip-audit==2.9.0 - # via -r compact-connect/requirements-dev.in + # via -r requirements-dev.in pip-requirements-parser==32.0.1 # via pip-audit -pip-tools==7.5.0 - # via -r compact-connect/requirements-dev.in -platformdirs==4.4.0 +pip-tools==7.5.2 + # via -r requirements-dev.in +platformdirs==4.5.0 # via pip-audit pluggy==1.6.0 # via @@ -70,30 +68,26 @@ pygments==2.19.2 # via # pytest # rich -pyparsing==3.2.3 +pyparsing==3.2.5 # via pip-requirements-parser pyproject-hooks==1.2.0 # via # build # pip-tools -pytest==8.4.1 +pytest==9.0.1 # via - # -r compact-connect/requirements-dev.in + # -r requirements-dev.in # pytest-cov -pytest-cov==6.2.1 - # via -r compact-connect/requirements-dev.in -python-dateutil==2.9.0.post0 - # via faker +pytest-cov==7.0.0 + # via -r requirements-dev.in requests==2.32.5 # via # cachecontrol # pip-audit -rich==14.1.0 +rich==14.2.0 # via pip-audit -ruff==0.12.10 - # via -r compact-connect/requirements-dev.in -six==1.17.0 - # via python-dateutil +ruff==0.14.6 + # via -r requirements-dev.in sortedcontainers==2.4.0 # via cyclonedx-python-lib toml==0.10.2 diff --git a/backend/compact-connect-ui-app/requirements.txt b/backend/compact-connect-ui-app/requirements.txt index 681812b16..260804a65 100644 --- a/backend/compact-connect-ui-app/requirements.txt +++ b/backend/compact-connect-ui-app/requirements.txt @@ -1,10 +1,10 @@ # -# This file is autogenerated by pip-compile with Python 3.12 +# This file is autogenerated by pip-compile with Python 3.14 # by the following command: # -# pip-compile --no-emit-index-url compact-connect/requirements.in +# pip-compile --no-emit-index-url --no-strip-extras requirements.in # -attrs==25.3.0 +attrs==25.4.0 # via # cattrs # jsii @@ -12,28 +12,28 @@ aws-cdk-asset-awscli-v1==2.2.242 # via aws-cdk-lib aws-cdk-asset-node-proxy-agent-v6==2.1.0 # via aws-cdk-lib -aws-cdk-aws-lambda-python-alpha==2.212.0a0 - # via -r compact-connect/requirements.in -aws-cdk-cloud-assembly-schema==48.5.0 +aws-cdk-aws-lambda-python-alpha==2.227.0a0 + # via -r requirements.in +aws-cdk-cloud-assembly-schema==48.20.0 # via aws-cdk-lib -aws-cdk-lib==2.212.0 +aws-cdk-lib==2.227.0 # via - # -r compact-connect/requirements.in + # -r requirements.in # aws-cdk-aws-lambda-python-alpha # cdk-nag -cattrs==25.1.1 +cattrs==25.3.0 # via jsii -cdk-nag==2.37.9 - # via -r compact-connect/requirements.in -constructs==10.4.2 +cdk-nag==2.37.55 + # via -r requirements.in +constructs==10.4.3 # via - # -r compact-connect/requirements.in + # -r requirements.in # aws-cdk-aws-lambda-python-alpha # aws-cdk-lib # cdk-nag importlib-resources==6.5.2 # via jsii -jsii==1.113.0 +jsii==1.119.0 # via # aws-cdk-asset-awscli-v1 # aws-cdk-asset-node-proxy-agent-v6 @@ -54,11 +54,11 @@ publication==0.0.3 # jsii python-dateutil==2.9.0.post0 # via jsii -pyyaml==6.0.2 - # via -r compact-connect/requirements.in +pyyaml==6.0.3 + # via -r requirements.in six==1.17.0 # via python-dateutil -typeguard==2.13.3 +typeguard==4.2.1 # via # aws-cdk-asset-awscli-v1 # aws-cdk-asset-node-proxy-agent-v6 diff --git a/backend/compact-connect-ui-app/stacks/frontend_deployment_stack/distribution.py b/backend/compact-connect-ui-app/stacks/frontend_deployment_stack/distribution.py index b06fd7c41..ce1bff8e0 100644 --- a/backend/compact-connect-ui-app/stacks/frontend_deployment_stack/distribution.py +++ b/backend/compact-connect-ui-app/stacks/frontend_deployment_stack/distribution.py @@ -124,7 +124,7 @@ def __init__( scope, 'CSPFunction', code=Code.from_inline(csp_function_code), - runtime=Runtime.NODEJS_22_X, + runtime=Runtime.NODEJS_24_X, handler='index.handler', ) diff --git a/backend/compact-connect-ui-app/tests/resources/snapshots/BetaFrontend-FrontendDeploymentStack-UI_DISTRIBUTION.json b/backend/compact-connect-ui-app/tests/resources/snapshots/BetaFrontend-FrontendDeploymentStack-UI_DISTRIBUTION.json index 56fa0cb43..dfa9bf6bc 100644 --- a/backend/compact-connect-ui-app/tests/resources/snapshots/BetaFrontend-FrontendDeploymentStack-UI_DISTRIBUTION.json +++ b/backend/compact-connect-ui-app/tests/resources/snapshots/BetaFrontend-FrontendDeploymentStack-UI_DISTRIBUTION.json @@ -39,7 +39,7 @@ { "EventType": "viewer-response", "LambdaFunctionARN": { - "Ref": "CSPFunctionCurrentVersionB61A661136983e644924321ed4f8e5d335164454" + "Ref": "CSPFunctionCurrentVersionB61A66110cf6f5eb1eee31df1d009e18023c5c92" } } ], diff --git a/backend/compact-connect-ui-app/tests/resources/snapshots/BetaFrontend-FrontendDeploymentStack-UI_DISTRIBUTION_LAMBDA_FUNCTION.json b/backend/compact-connect-ui-app/tests/resources/snapshots/BetaFrontend-FrontendDeploymentStack-UI_DISTRIBUTION_LAMBDA_FUNCTION.json index f63e54984..b5ec5e8a0 100644 --- a/backend/compact-connect-ui-app/tests/resources/snapshots/BetaFrontend-FrontendDeploymentStack-UI_DISTRIBUTION_LAMBDA_FUNCTION.json +++ b/backend/compact-connect-ui-app/tests/resources/snapshots/BetaFrontend-FrontendDeploymentStack-UI_DISTRIBUTION_LAMBDA_FUNCTION.json @@ -11,7 +11,7 @@ "Arn" ] }, - "Runtime": "nodejs22.x" + "Runtime": "nodejs24.x" }, "DependsOn": [ "CSPFunctionServiceRoleF0056565" diff --git a/backend/compact-connect-ui-app/tests/resources/snapshots/ProdFrontend-FrontendDeploymentStack-UI_DISTRIBUTION.json b/backend/compact-connect-ui-app/tests/resources/snapshots/ProdFrontend-FrontendDeploymentStack-UI_DISTRIBUTION.json index cc4099360..cd574ec64 100644 --- a/backend/compact-connect-ui-app/tests/resources/snapshots/ProdFrontend-FrontendDeploymentStack-UI_DISTRIBUTION.json +++ b/backend/compact-connect-ui-app/tests/resources/snapshots/ProdFrontend-FrontendDeploymentStack-UI_DISTRIBUTION.json @@ -39,7 +39,7 @@ { "EventType": "viewer-response", "LambdaFunctionARN": { - "Ref": "CSPFunctionCurrentVersionB61A661136983e644924321ed4f8e5d335164454" + "Ref": "CSPFunctionCurrentVersionB61A66110cf6f5eb1eee31df1d009e18023c5c92" } } ], diff --git a/backend/compact-connect-ui-app/tests/resources/snapshots/ProdFrontend-FrontendDeploymentStack-UI_DISTRIBUTION_LAMBDA_FUNCTION.json b/backend/compact-connect-ui-app/tests/resources/snapshots/ProdFrontend-FrontendDeploymentStack-UI_DISTRIBUTION_LAMBDA_FUNCTION.json index f63e54984..b5ec5e8a0 100644 --- a/backend/compact-connect-ui-app/tests/resources/snapshots/ProdFrontend-FrontendDeploymentStack-UI_DISTRIBUTION_LAMBDA_FUNCTION.json +++ b/backend/compact-connect-ui-app/tests/resources/snapshots/ProdFrontend-FrontendDeploymentStack-UI_DISTRIBUTION_LAMBDA_FUNCTION.json @@ -11,7 +11,7 @@ "Arn" ] }, - "Runtime": "nodejs22.x" + "Runtime": "nodejs24.x" }, "DependsOn": [ "CSPFunctionServiceRoleF0056565" diff --git a/backend/compact-connect-ui-app/tests/resources/snapshots/SandboxUI-FrontendDeploymentStack-UI_DISTRIBUTION.json b/backend/compact-connect-ui-app/tests/resources/snapshots/SandboxUI-FrontendDeploymentStack-UI_DISTRIBUTION.json index 89ed7d619..a69e9382b 100644 --- a/backend/compact-connect-ui-app/tests/resources/snapshots/SandboxUI-FrontendDeploymentStack-UI_DISTRIBUTION.json +++ b/backend/compact-connect-ui-app/tests/resources/snapshots/SandboxUI-FrontendDeploymentStack-UI_DISTRIBUTION.json @@ -39,7 +39,7 @@ { "EventType": "viewer-response", "LambdaFunctionARN": { - "Ref": "CSPFunctionCurrentVersionB61A661136983e644924321ed4f8e5d335164454" + "Ref": "CSPFunctionCurrentVersionB61A66110cf6f5eb1eee31df1d009e18023c5c92" } } ], diff --git a/backend/compact-connect-ui-app/tests/resources/snapshots/SandboxUI-FrontendDeploymentStack-UI_DISTRIBUTION_LAMBDA_FUNCTION.json b/backend/compact-connect-ui-app/tests/resources/snapshots/SandboxUI-FrontendDeploymentStack-UI_DISTRIBUTION_LAMBDA_FUNCTION.json index f63e54984..b5ec5e8a0 100644 --- a/backend/compact-connect-ui-app/tests/resources/snapshots/SandboxUI-FrontendDeploymentStack-UI_DISTRIBUTION_LAMBDA_FUNCTION.json +++ b/backend/compact-connect-ui-app/tests/resources/snapshots/SandboxUI-FrontendDeploymentStack-UI_DISTRIBUTION_LAMBDA_FUNCTION.json @@ -11,7 +11,7 @@ "Arn" ] }, - "Runtime": "nodejs22.x" + "Runtime": "nodejs24.x" }, "DependsOn": [ "CSPFunctionServiceRoleF0056565" diff --git a/backend/compact-connect-ui-app/tests/resources/snapshots/TestFrontend-FrontendDeploymentStack-UI_DISTRIBUTION.json b/backend/compact-connect-ui-app/tests/resources/snapshots/TestFrontend-FrontendDeploymentStack-UI_DISTRIBUTION.json index 8cea33776..f0d59c275 100644 --- a/backend/compact-connect-ui-app/tests/resources/snapshots/TestFrontend-FrontendDeploymentStack-UI_DISTRIBUTION.json +++ b/backend/compact-connect-ui-app/tests/resources/snapshots/TestFrontend-FrontendDeploymentStack-UI_DISTRIBUTION.json @@ -39,7 +39,7 @@ { "EventType": "viewer-response", "LambdaFunctionARN": { - "Ref": "CSPFunctionCurrentVersionB61A661136983e644924321ed4f8e5d335164454" + "Ref": "CSPFunctionCurrentVersionB61A66110cf6f5eb1eee31df1d009e18023c5c92" } } ], diff --git a/backend/compact-connect-ui-app/tests/resources/snapshots/TestFrontend-FrontendDeploymentStack-UI_DISTRIBUTION_LAMBDA_FUNCTION.json b/backend/compact-connect-ui-app/tests/resources/snapshots/TestFrontend-FrontendDeploymentStack-UI_DISTRIBUTION_LAMBDA_FUNCTION.json index f63e54984..b5ec5e8a0 100644 --- a/backend/compact-connect-ui-app/tests/resources/snapshots/TestFrontend-FrontendDeploymentStack-UI_DISTRIBUTION_LAMBDA_FUNCTION.json +++ b/backend/compact-connect-ui-app/tests/resources/snapshots/TestFrontend-FrontendDeploymentStack-UI_DISTRIBUTION_LAMBDA_FUNCTION.json @@ -11,7 +11,7 @@ "Arn" ] }, - "Runtime": "nodejs22.x" + "Runtime": "nodejs24.x" }, "DependsOn": [ "CSPFunctionServiceRoleF0056565" diff --git a/backend/compact-connect/README.md b/backend/compact-connect/README.md index 54bf694c1..11d4d1c6e 100644 --- a/backend/compact-connect/README.md +++ b/backend/compact-connect/README.md @@ -23,9 +23,17 @@ This is an [AWS-CDK](https://aws.amazon.com/cdk/) based project for the backend To deploy this app, you will need: 1) Access to an AWS account -2) Python>=3.13 installed on your machine, preferably through a virtual environment management tool like +2) Python>=3.14 installed on your machine, preferably through a virtual environment management tool like [pyenv](https://github.com/pyenv/pyenv), for clean management of virtual environments across multiple Python versions. + > Note: The [purchases lambda](./lambdas/python/purchases) depends on the + > [Authorize.Net python sdk](https://github.com/AuthorizeNet/sdk-python/issues/164), which is barely maintained at + > present, and is not yet compatible with Python 3.13. Due to that restriction, we have to hold back the python + > version of just this lambda package, so that the entire project is not impacted. For local development, this means + > that, at least for lambdas that use this package, developers will have to have a dedicated python environment, held + > back at Python 3.12. That environment and its dependencies will have to be maintained separately from those of the + > rest of the project, which can all share a common virtual environment and common dependencies, without excessive risk of + > version conflicts. 3) Otherwise, follow the [Prerequisites section](https://cdkworkshop.com/15-prerequisites.html) of the CDK workshop to prepare your system to work with AWS-CDK, including a NodeJS install. 4) Follow the steps in the [Installing Dependencies](#installing-dependencies) section. @@ -70,6 +78,18 @@ For development work there are additional requirements in `requirements-dev.txt` To add additional dependencies, for example other CDK libraries, just add them to the `requirements.in` file and rerun `pip-compile requirements.in`, then `pip install -r requirements.txt` command. +### Convenience scripts + +To simplify dependency installation in this project, which includes many runtimes with similar dependencies, maintain +the dependency files with two convenience scripts, which manage the file contents for _most_ runtimes (See Note below), +[compile_requirements.sh](./bin/compile_requirements.sh), and installs the defined dependencies, +[sync_deps.sh](./bin/sync_deps.sh). + +> Note: Due to its dependency on the Authorize.Net python sdk, the [purchases lambda](./lambdas/python/purchases) +> dependencies have to be maintained separately from the rest of the project. You can update the requirements files for +> that lambda directly with the `pip-compile` command, and install dependencies into your python enviornment dedicated +> to that lambda with the `pip-sync` command. + ## Local Development [Back to top](#compact-connect---backend-developer-documentation) diff --git a/backend/compact-connect/app_clients/.gitignore b/backend/compact-connect/app_clients/.gitignore new file mode 100644 index 000000000..94060587e --- /dev/null +++ b/backend/compact-connect/app_clients/.gitignore @@ -0,0 +1,2 @@ +*.pem +*.pub diff --git a/backend/compact-connect/bin/compile_requirements.sh b/backend/compact-connect/bin/compile_requirements.sh index 2a818994b..0706a9062 100755 --- a/backend/compact-connect/bin/compile_requirements.sh +++ b/backend/compact-connect/bin/compile_requirements.sh @@ -16,8 +16,11 @@ pip-compile --no-emit-index-url --upgrade --no-strip-extras lambdas/python/disas pip-compile --no-emit-index-url --upgrade --no-strip-extras lambdas/python/disaster-recovery/requirements.in pip-compile --no-emit-index-url --upgrade --no-strip-extras lambdas/python/provider-data-v1/requirements-dev.in pip-compile --no-emit-index-url --upgrade --no-strip-extras lambdas/python/provider-data-v1/requirements.in -pip-compile --no-emit-index-url --upgrade --no-strip-extras lambdas/python/purchases/requirements-dev.in -pip-compile --no-emit-index-url --upgrade --no-strip-extras lambdas/python/purchases/requirements.in +# The purchases lambda requires Python<=3.12, which is older than everything else in this project, so we have +# to install that separately, if we want to be developing with Python>=3.13 for the rest of the project, to +# avoid installation failures +# pip-compile --no-emit-index-url --upgrade --no-strip-extras lambdas/python/purchases/requirements-dev.in +# pip-compile --no-emit-index-url --upgrade --no-strip-extras lambdas/python/purchases/requirements.in pip-compile --no-emit-index-url --upgrade --no-strip-extras lambdas/python/staff-user-pre-token/requirements-dev.in pip-compile --no-emit-index-url --upgrade --no-strip-extras lambdas/python/staff-user-pre-token/requirements.in pip-compile --no-emit-index-url --upgrade --no-strip-extras lambdas/python/staff-users/requirements-dev.in diff --git a/backend/compact-connect/bin/run_python_tests.py b/backend/compact-connect/bin/run_python_tests.py index 2f28afb39..2d35ad977 100755 --- a/backend/compact-connect/bin/run_python_tests.py +++ b/backend/compact-connect/bin/run_python_tests.py @@ -33,8 +33,8 @@ 'lambdas/python/staff-user-pre-token', 'lambdas/python/staff-users', '.', # CDK tests - # Save Authorize.net tests for last, since special dependencies make that runtime different - 'lambdas/python/purchases', + # Exclude Authorize.net tests, since special dependencies make that runtime different + # 'lambdas/python/purchases', ) diff --git a/backend/compact-connect/bin/sync_deps.sh b/backend/compact-connect/bin/sync_deps.sh index 46835a8cd..1656a985a 100755 --- a/backend/compact-connect/bin/sync_deps.sh +++ b/backend/compact-connect/bin/sync_deps.sh @@ -20,9 +20,11 @@ pip-sync \ lambdas/python/disaster-recovery/requirements.txt \ lambdas/python/provider-data-v1/requirements-dev.txt \ lambdas/python/provider-data-v1/requirements.txt \ - lambdas/python/purchases/requirements-dev.txt \ - lambdas/python/purchases/requirements.txt \ lambdas/python/staff-user-pre-token/requirements-dev.txt \ lambdas/python/staff-user-pre-token/requirements.txt \ lambdas/python/staff-users/requirements-dev.txt \ lambdas/python/staff-users/requirements.txt +# We have to manage the purchases lambda Python environment separately +# because it is held back to an older version than the rest of the project +# lambdas/python/purchases/requirements-dev.txt \ +# lambdas/python/purchases/requirements.txt \ diff --git a/backend/compact-connect/common_constructs/nodejs_function.py b/backend/compact-connect/common_constructs/nodejs_function.py index b36034e4b..127b16a85 100644 --- a/backend/compact-connect/common_constructs/nodejs_function.py +++ b/backend/compact-connect/common_constructs/nodejs_function.py @@ -75,7 +75,7 @@ def __init__( super().__init__( scope, construct_id, - runtime=Runtime.NODEJS_22_X, + runtime=Runtime.NODEJS_24_X, entry=os.path.join(lambda_dir, 'handler.ts'), deps_lock_file_path=os.path.join(nodejs_dir, 'yarn.lock'), bundling=BundlingOptions( diff --git a/backend/compact-connect/common_constructs/python_function.py b/backend/compact-connect/common_constructs/python_function.py index c587d6cac..0dbcf7828 100644 --- a/backend/compact-connect/common_constructs/python_function.py +++ b/backend/compact-connect/common_constructs/python_function.py @@ -29,7 +29,7 @@ def __init__( construct_id: str, *, lambda_dir: str, - runtime: Runtime = Runtime.PYTHON_3_13, + runtime: Runtime = Runtime.PYTHON_3_14, log_retention: RetentionDays = RetentionDays.INFINITE, alarm_topic: ITopic = None, role: IRole = None, diff --git a/backend/compact-connect/common_constructs/user_pool.py b/backend/compact-connect/common_constructs/user_pool.py index 2fa9c8921..7b63501f9 100644 --- a/backend/compact-connect/common_constructs/user_pool.py +++ b/backend/compact-connect/common_constructs/user_pool.py @@ -214,6 +214,10 @@ def add_custom_app_client_domain( stack, f'{stack.node.path}/AWS679f53fac002430cb0da5b7982bd2287/Resource', suppressions=[ + { + 'id': 'AwsSolutions-L1', + 'reason': 'We do not maintain this lambda runtime. It will be updated with future CDK versions' + }, { 'id': 'HIPAA.Security-LambdaDLQ', 'reason': 'This is an AWS-managed custom resource Lambda used only during deployment.' diff --git a/backend/compact-connect/docs/client_signature_auth.md b/backend/compact-connect/docs/client_signature_auth.md index ac1a7545a..86928cb10 100644 --- a/backend/compact-connect/docs/client_signature_auth.md +++ b/backend/compact-connect/docs/client_signature_auth.md @@ -139,11 +139,10 @@ for *both required and optional signature auth endpoints*). ### Example Signature Implementation -#### Python Example - We maintain an example implementation, which we use to test and validate our own authentication mechanism -[here](../lambdas/python/common/common_test/sign_request.py). You can use this as a reference for your own -implementation. +[here](../lambdas/python/common/common_test/sign_request.py) and some example HTTP request data in a text file +[here](./signature_auth_examples.txt). You can use this as a reference for your +own implementation. ### Key Management diff --git a/backend/compact-connect/docs/signature_auth_examples.txt b/backend/compact-connect/docs/signature_auth_examples.txt new file mode 100644 index 000000000..b64a3905e --- /dev/null +++ b/backend/compact-connect/docs/signature_auth_examples.txt @@ -0,0 +1,149 @@ +================================================================================ +Signature Authentication Examples +================================================================================ + +This document provides example HTTP requests demonstrating the +CompactConnect signature authentication scheme. + +Each example includes: + 1. The raw HTTP request with signature headers + 2. The plaintext string that was signed + 3. The base64-encoded string that was signed + +================================================================================ + +Example 1: GET /v1/compacts/aslp/jurisdictions/al/providers/query +-------------------------------------------------------------------------------- + +Raw HTTP Request: + +GET /v1/compacts/aslp/jurisdictions/al/providers/query?limit=10&offset=0&status=active HTTP/1.1 +Host: api.example.com +Content-Type: application/json +User-Agent: CompactConnect-Client/1.0 +Authorization: Bearer +X-Algorithm: ECDSA-SHA256 +X-Timestamp: 2025-11-19T21:21:21.242166Z +X-Nonce: d34b90dd39e64c739f9b22070d0433bf +X-Key-Id: test-key-001 +X-Signature: MEYCIQDxGk8KYQskZaiD2XCCvZJBlLz7TXPM8nW7BqcfTTO5ygIhAPtLd+oBgdMHfskhlCjFf/dc2fFzz9jcgaxsxXdA5Ddg + + +Plaintext String to Sign: + +GET +/v1/compacts/aslp/jurisdictions/al/providers/query +limit=10&offset=0&status=active +2025-11-19T21:21:21.242166Z +d34b90dd39e64c739f9b22070d0433bf +test-key-001 + + +Base64-Encoded String to Sign: + +R0VUCi92MS9jb21wYWN0cy9hc2xwL2p1cmlzZGljdGlvbnMvYWwvcHJvdmlkZXJzL3F1ZXJ5CmxpbWl0PTEwJm9mZnNldD0wJnN0YXR1cz1hY3RpdmUKMjAyNS0xMS0xOVQyMToyMToyMS4yNDIxNjZaCmQzNGI5MGRkMzllNjRjNzM5ZjliMjIwNzBkMDQzM2JmCnRlc3Qta2V5LTAwMQ== + + +================================================================================ + +Example 2: POST /v1/compacts/aslp/jurisdictions/al/providers +-------------------------------------------------------------------------------- + +Raw HTTP Request: + +POST /v1/compacts/aslp/jurisdictions/al/providers?validate=true HTTP/1.1 +Host: api.example.com +Content-Type: application/json +User-Agent: CompactConnect-Client/1.0 +Authorization: Bearer +X-Algorithm: ECDSA-SHA256 +X-Timestamp: 2025-11-19T21:21:21.245504Z +X-Nonce: 26cd4a44b74f425d8630d1ea9c98127e +X-Key-Id: test-key-002 +X-Signature: MEUCIQDoIo1XqJo6X6HTt2CbZTWN1RI5Jex0EFwb9MoLXrKVnQIgV883LXq3fKdiv1hwU98Kt7hBQKO+2hyt8D3bL6GJlDw= + + +Plaintext String to Sign: + +POST +/v1/compacts/aslp/jurisdictions/al/providers +validate=true +2025-11-19T21:21:21.245504Z +26cd4a44b74f425d8630d1ea9c98127e +test-key-002 + + +Base64-Encoded String to Sign: + +UE9TVAovdjEvY29tcGFjdHMvYXNscC9qdXJpc2RpY3Rpb25zL2FsL3Byb3ZpZGVycwp2YWxpZGF0ZT10cnVlCjIwMjUtMTEtMTlUMjE6MjE6MjEuMjQ1NTA0WgoyNmNkNGE0NGI3NGY0MjVkODYzMGQxZWE5Yzk4MTI3ZQp0ZXN0LWtleS0wMDI= + + +================================================================================ + +Example 3: GET /v1/compacts/aslp/jurisdictions/al/providers/12345 +-------------------------------------------------------------------------------- + +Raw HTTP Request: + +GET /v1/compacts/aslp/jurisdictions/al/providers/12345 HTTP/1.1 +Host: api.example.com +Content-Type: application/json +User-Agent: CompactConnect-Client/1.0 +Authorization: Bearer +X-Algorithm: ECDSA-SHA256 +X-Timestamp: 2025-11-19T21:21:21.245591Z +X-Nonce: 3e1aa862e0ee4c1e94e44f2ce35a89a7 +X-Key-Id: test-key-003 +X-Signature: MEYCIQChYjYNjARVQZx53V551i2x6acWcvOF7ipe8pu/tHYwKQIhAISUX+oxCtPBKLOc2tqpJg6FTKX7pR8ULWXSWKO2Ira5 + + +Plaintext String to Sign: + +GET +/v1/compacts/aslp/jurisdictions/al/providers/12345 + +2025-11-19T21:21:21.245591Z +3e1aa862e0ee4c1e94e44f2ce35a89a7 +test-key-003 + + +Base64-Encoded String to Sign: + +R0VUCi92MS9jb21wYWN0cy9hc2xwL2p1cmlzZGljdGlvbnMvYWwvcHJvdmlkZXJzLzEyMzQ1CgoyMDI1LTExLTE5VDIxOjIxOjIxLjI0NTU5MVoKM2UxYWE4NjJlMGVlNGMxZTk0ZTQ0ZjJjZTM1YTg5YTcKdGVzdC1rZXktMDAz + + +================================================================================ + +Example 4: POST /path +-------------------------------------------------------------------------------- + +Raw HTTP Request: + +POST /path?a=1&b=value%20two HTTP/1.1 +Host: api.example.com +Content-Type: application/json +User-Agent: CompactConnect-Client/1.0 +Authorization: Bearer +X-Algorithm: ECDSA-SHA256 +X-Timestamp: 2025-11-11T19:09:53Z +X-Nonce: 54ebdc56-4eae-4627-94e1-11ff27a3ec88 +X-Key-Id: eLicenseKey +X-Signature: MEQCIFed8UTChmWcKS6yNtjn5KRNVXbRgwn3RC6NZBMUMKOoAiB2xtyQlPft8Dq24rjz28rK8D7hwsZ3BDy4SYQZrmeeTw== + + +Plaintext String to Sign: + +POST +/path +a=1&b=value%20two +2025-11-11T19:09:53Z +54ebdc56-4eae-4627-94e1-11ff27a3ec88 +eLicenseKey + + +Base64-Encoded String to Sign: + +UE9TVAovcGF0aAphPTEmYj12YWx1ZSUyMHR3bwoyMDI1LTExLTExVDE5OjA5OjUzWgo1NGViZGM1Ni00ZWFlLTQ2MjctOTRlMS0xMWZmMjdhM2VjODgKZUxpY2Vuc2VLZXk= + + +================================================================================ diff --git a/backend/compact-connect/lambdas/nodejs/README.md b/backend/compact-connect/lambdas/nodejs/README.md index 2d27942eb..5b6ca8230 100644 --- a/backend/compact-connect/lambdas/nodejs/README.md +++ b/backend/compact-connect/lambdas/nodejs/README.md @@ -4,7 +4,7 @@ This folder contains all lambda runtimes that are written with NodeJS/TypeScript ## Prerequisites -* **[Node](https://github.com/creationix/nvm#installation) `22.X`** +* **[Node](https://github.com/creationix/nvm#installation) `24.X`** * **[Yarn](https://yarnpkg.com/en/) `1.22.22`** * `npm install --global yarn@1.22.22` diff --git a/backend/compact-connect/lambdas/python/cognito-backup/requirements-dev.txt b/backend/compact-connect/lambdas/python/cognito-backup/requirements-dev.txt index ccf9009a7..f94e5cec9 100644 --- a/backend/compact-connect/lambdas/python/cognito-backup/requirements-dev.txt +++ b/backend/compact-connect/lambdas/python/cognito-backup/requirements-dev.txt @@ -1,22 +1,22 @@ # -# This file is autogenerated by pip-compile with Python 3.13 +# This file is autogenerated by pip-compile with Python 3.14 # by the following command: # # pip-compile --no-emit-index-url --no-strip-extras lambdas/python/cognito-backup/requirements-dev.in # -aws-lambda-powertools==3.22.0 +aws-lambda-powertools==3.23.0 # via -r lambdas/python/cognito-backup/requirements-dev.in -boto3==1.40.56 +boto3==1.41.0 # via # -r lambdas/python/cognito-backup/requirements-dev.in # moto -botocore==1.40.56 +botocore==1.41.0 # via # -r lambdas/python/cognito-backup/requirements-dev.in # boto3 # moto # s3transfer -certifi==2025.10.5 +certifi==2025.11.12 # via requests cffi==2.0.0 # via cryptography @@ -37,25 +37,25 @@ jmespath==1.0.1 # aws-lambda-powertools # boto3 # botocore -joserfc==1.4.0 +joserfc==1.4.3 # via moto markupsafe==3.0.3 # via # jinja2 # werkzeug -moto[cognitoidp,s3]==5.1.15 +moto[cognitoidp,s3]==5.1.17 # via -r lambdas/python/cognito-backup/requirements-dev.in packaging==25.0 # via pytest pluggy==1.6.0 # via pytest -py-partiql-parser==0.6.1 +py-partiql-parser==0.6.3 # via moto pycparser==2.23 # via cffi pygments==2.19.2 # via pytest -pytest==8.4.2 +pytest==9.0.1 # via -r lambdas/python/cognito-backup/requirements-dev.in python-dateutil==2.9.0.post0 # via diff --git a/backend/compact-connect/lambdas/python/cognito-backup/requirements.txt b/backend/compact-connect/lambdas/python/cognito-backup/requirements.txt index a9ee3d599..a58094bd4 100644 --- a/backend/compact-connect/lambdas/python/cognito-backup/requirements.txt +++ b/backend/compact-connect/lambdas/python/cognito-backup/requirements.txt @@ -1,14 +1,14 @@ # -# This file is autogenerated by pip-compile with Python 3.13 +# This file is autogenerated by pip-compile with Python 3.14 # by the following command: # # pip-compile --no-emit-index-url --no-strip-extras lambdas/python/cognito-backup/requirements.in # -aws-lambda-powertools==3.22.0 +aws-lambda-powertools==3.23.0 # via -r lambdas/python/cognito-backup/requirements.in -boto3==1.40.56 +boto3==1.41.0 # via -r lambdas/python/cognito-backup/requirements.in -botocore==1.40.56 +botocore==1.41.0 # via # -r lambdas/python/cognito-backup/requirements.in # boto3 diff --git a/backend/compact-connect/lambdas/python/common/common_test/sign_request.py b/backend/compact-connect/lambdas/python/common/common_test/sign_request.py index d456bad83..759237942 100644 --- a/backend/compact-connect/lambdas/python/common/common_test/sign_request.py +++ b/backend/compact-connect/lambdas/python/common/common_test/sign_request.py @@ -46,13 +46,8 @@ def sign_request( :param private_key_pem: PEM-encoded ECDSA private key :return: Dictionary containing headers to add to request """ - # Sort and URL-encode query parameters - sorted_params = '&'.join( - f'{quote(str(k), safe="")}={quote(str(v), safe="")}' for k, v in sorted(query_params.items()) - ) - # Create signature string - signature_string = '\n'.join([method, path, sorted_params, timestamp, nonce, key_id]) + signature_string = get_string_to_sign(method, path, query_params, timestamp, nonce, key_id) # Load private key private_key = serialization.load_pem_private_key(private_key_pem.encode(), password=None) @@ -68,3 +63,16 @@ def sign_request( 'X-Key-Id': key_id, 'X-Signature': base64.b64encode(signature).decode(), } + + +def get_string_to_sign(method: str, path: str, query_params: dict, timestamp: str, nonce: str, key_id: str) -> str: + """ + Get the string to sign for a request. + """ + # Sort and URL-encode query parameters + sorted_params = '&'.join( + f'{quote(str(k), safe="")}={quote(str(v), safe="")}' for k, v in sorted(query_params.items()) + ) + + # Create signature string + return '\n'.join([method, path, sorted_params, timestamp, nonce, key_id]) diff --git a/backend/compact-connect/lambdas/python/common/requirements-dev.txt b/backend/compact-connect/lambdas/python/common/requirements-dev.txt index 65f18cb4d..4dbfbec7e 100644 --- a/backend/compact-connect/lambdas/python/common/requirements-dev.txt +++ b/backend/compact-connect/lambdas/python/common/requirements-dev.txt @@ -1,5 +1,5 @@ # -# This file is autogenerated by pip-compile with Python 3.13 +# This file is autogenerated by pip-compile with Python 3.14 # by the following command: # # pip-compile --no-emit-index-url --no-strip-extras lambdas/python/common/requirements-dev.in @@ -12,31 +12,31 @@ attrs==25.4.0 # via # jsonschema # referencing -aws-sam-translator==1.101.0 +aws-sam-translator==1.102.0 # via cfn-lint -aws-xray-sdk==2.14.0 +aws-xray-sdk==2.15.0 # via moto -boto3==1.40.56 +boto3==1.41.0 # via # aws-sam-translator # moto -boto3-stubs[full]==1.40.56 +boto3-stubs[full]==1.40.76 # via -r lambdas/python/common/requirements-dev.in -boto3-stubs-full==1.40.56 +boto3-stubs-full==1.40.76 # via boto3-stubs -botocore==1.40.56 +botocore==1.41.0 # via # aws-xray-sdk # boto3 # moto # s3transfer -botocore-stubs==1.40.56 +botocore-stubs==1.40.76 # via boto3-stubs -certifi==2025.10.5 +certifi==2025.11.12 # via requests cffi==2.0.0 # via cryptography -cfn-lint==1.40.2 +cfn-lint==1.41.0 # via moto charset-normalizer==3.4.4 # via requests @@ -47,9 +47,9 @@ cryptography==46.0.3 # moto docker==7.1.0 # via moto -faker==28.4.1 +faker==37.12.0 # via -r lambdas/python/common/requirements-dev.in -graphql-core==3.2.6 +graphql-core==3.2.7 # via moto idna==3.11 # via requests @@ -59,7 +59,7 @@ jmespath==1.0.1 # via # boto3 # botocore -joserfc==1.4.0 +joserfc==1.4.3 # via moto jsonpatch==1.33 # via cfn-lint @@ -85,7 +85,7 @@ markupsafe==3.0.3 # via # jinja2 # werkzeug -moto[all]==5.1.15 +moto[all]==5.1.17 # via -r lambdas/python/common/requirements-dev.in mpmath==1.3.0 # via sympy @@ -101,20 +101,19 @@ pathable==0.4.4 # via jsonschema-path ply==3.11 # via jsonpath-ng -py-partiql-parser==0.6.1 +py-partiql-parser==0.6.3 # via moto pycparser==2.23 # via cffi -pydantic==2.12.3 +pydantic==2.12.4 # via aws-sam-translator -pydantic-core==2.41.4 +pydantic-core==2.41.5 # via pydantic pyparsing==3.2.5 # via moto python-dateutil==2.9.0.post0 # via # botocore - # faker # moto pyyaml==6.0.3 # via @@ -127,7 +126,7 @@ referencing==0.36.2 # jsonschema # jsonschema-path # jsonschema-specifications -regex==2025.10.23 +regex==2025.11.3 # via cfn-lint requests==2.32.5 # via @@ -139,7 +138,7 @@ responses==0.25.8 # via moto rfc3339-validator==0.1.4 # via openapi-schema-validator -rpds-py==0.27.1 +rpds-py==0.29.0 # via # jsonschema # referencing @@ -151,7 +150,7 @@ six==1.17.0 # rfc3339-validator sympy==1.14.0 # via cfn-lint -types-awscrt==0.28.2 +types-awscrt==0.28.4 # via botocore-stubs types-s3transfer==0.14.0 # via boto3-stubs @@ -164,6 +163,8 @@ typing-extensions==4.15.0 # typing-inspection typing-inspection==0.4.2 # via pydantic +tzdata==2025.2 + # via faker urllib3==2.5.0 # via # botocore @@ -172,7 +173,7 @@ urllib3==2.5.0 # responses werkzeug==3.1.3 # via moto -wrapt==2.0.0 +wrapt==2.0.1 # via aws-xray-sdk xmltodict==1.0.2 # via moto diff --git a/backend/compact-connect/lambdas/python/common/requirements.txt b/backend/compact-connect/lambdas/python/common/requirements.txt index ce0d0029d..6f49c3833 100644 --- a/backend/compact-connect/lambdas/python/common/requirements.txt +++ b/backend/compact-connect/lambdas/python/common/requirements.txt @@ -1,5 +1,5 @@ # -# This file is autogenerated by pip-compile with Python 3.13 +# This file is autogenerated by pip-compile with Python 3.14 # by the following command: # # pip-compile --no-emit-index-url --no-strip-extras lambdas/python/common/requirements.in @@ -8,15 +8,15 @@ argon2-cffi==25.1.0 # via -r lambdas/python/common/requirements.in argon2-cffi-bindings==25.1.0 # via argon2-cffi -aws-lambda-powertools==3.22.0 +aws-lambda-powertools==3.23.0 # via -r lambdas/python/common/requirements.in -boto3==1.40.56 +boto3==1.41.0 # via -r lambdas/python/common/requirements.in -botocore==1.40.56 +botocore==1.41.0 # via # boto3 # s3transfer -certifi==2025.10.5 +certifi==2025.11.12 # via requests cffi==2.0.0 # via diff --git a/backend/compact-connect/lambdas/python/common/tests/unit/test_provider_record_util.py b/backend/compact-connect/lambdas/python/common/tests/unit/test_provider_record_util.py index 324f5ff23..dae17ee88 100644 --- a/backend/compact-connect/lambdas/python/common/tests/unit/test_provider_record_util.py +++ b/backend/compact-connect/lambdas/python/common/tests/unit/test_provider_record_util.py @@ -242,7 +242,7 @@ def test_enrich_privilege_history_with_expiration_event_if_expired(self): 'compact': 'octp', 'createDate': datetime.fromisoformat('2024-02-02T04:00:00+00:00'), 'dateOfUpdate': datetime.fromisoformat('2024-02-02T04:00:00+00:00'), - 'effectiveDate': datetime.fromisoformat('2024-02-02T03:59:59:999999+00:00'), + 'effectiveDate': datetime.fromisoformat('2024-02-02T03:59:59.999999+00:00'), 'jurisdiction': 'al', 'licenseType': 'occupational therapy assistant', 'previous': {}, @@ -299,7 +299,7 @@ def test_enrich_privilege_history_with_expiration_event_if_first_second_of_expir 'compact': 'octp', 'createDate': datetime.fromisoformat('2024-02-02T04:00:00+00:00'), 'dateOfUpdate': datetime.fromisoformat('2024-02-02T04:00:00+00:00'), - 'effectiveDate': datetime.fromisoformat('2024-02-02T03:59:59:999999+00:00'), + 'effectiveDate': datetime.fromisoformat('2024-02-02T03:59:59.999999+00:00'), 'jurisdiction': 'al', 'licenseType': 'occupational therapy assistant', 'previous': {}, @@ -548,7 +548,7 @@ def test_enrich_privilege_history_adds_expiration_events_in_correct_spots(self): 'compact': 'octp', 'createDate': datetime.fromisoformat('2025-06-16T04:00:00+00:00'), 'dateOfUpdate': datetime.fromisoformat('2025-06-16T04:00:00+00:00'), - 'effectiveDate': datetime.fromisoformat('2025-06-16T03:59:59:999999+00:00'), + 'effectiveDate': datetime.fromisoformat('2025-06-16T03:59:59.999999+00:00'), 'jurisdiction': 'al', 'licenseType': 'occupational therapy assistant', 'previous': {}, @@ -789,7 +789,7 @@ def test_enrich_privilege_history_does_inject_expiration_if_renewed_on_second_of 'compact': 'octp', 'dateOfUpdate': datetime.fromisoformat('2025-06-16T04:00:00+00:00'), 'createDate': datetime.fromisoformat('2025-06-16T04:00:00+00:00'), - 'effectiveDate': datetime.fromisoformat('2025-06-16T03:59:59:999999+00:00'), + 'effectiveDate': datetime.fromisoformat('2025-06-16T03:59:59.999999+00:00'), 'jurisdiction': 'al', 'licenseType': 'occupational therapy assistant', 'previous': {}, diff --git a/backend/compact-connect/lambdas/python/compact-configuration/requirements-dev.txt b/backend/compact-connect/lambdas/python/compact-configuration/requirements-dev.txt index c741541bc..043ab6de2 100644 --- a/backend/compact-connect/lambdas/python/compact-configuration/requirements-dev.txt +++ b/backend/compact-connect/lambdas/python/compact-configuration/requirements-dev.txt @@ -1,17 +1,17 @@ # -# This file is autogenerated by pip-compile with Python 3.13 +# This file is autogenerated by pip-compile with Python 3.14 # by the following command: # # pip-compile --no-emit-index-url --no-strip-extras lambdas/python/compact-configuration/requirements-dev.in # -boto3==1.40.56 +boto3==1.41.0 # via moto -botocore==1.40.56 +botocore==1.41.0 # via # boto3 # moto # s3transfer -certifi==2025.10.5 +certifi==2025.11.12 # via requests cffi==2.0.0 # via cryptography @@ -33,9 +33,9 @@ markupsafe==3.0.3 # via # jinja2 # werkzeug -moto[dynamodb,s3]==5.1.15 +moto[dynamodb,s3]==5.1.17 # via -r lambdas/python/compact-configuration/requirements-dev.in -py-partiql-parser==0.6.1 +py-partiql-parser==0.6.3 # via moto pycparser==2.23 # via cffi diff --git a/backend/compact-connect/lambdas/python/compact-configuration/requirements.txt b/backend/compact-connect/lambdas/python/compact-configuration/requirements.txt index 4e0089cfc..79d227dbe 100644 --- a/backend/compact-connect/lambdas/python/compact-configuration/requirements.txt +++ b/backend/compact-connect/lambdas/python/compact-configuration/requirements.txt @@ -1,5 +1,5 @@ # -# This file is autogenerated by pip-compile with Python 3.13 +# This file is autogenerated by pip-compile with Python 3.14 # by the following command: # # pip-compile --no-emit-index-url --no-strip-extras lambdas/python/compact-configuration/requirements.in diff --git a/backend/compact-connect/lambdas/python/custom-resources/requirements-dev.txt b/backend/compact-connect/lambdas/python/custom-resources/requirements-dev.txt index 0ac54cfb6..db56d974e 100644 --- a/backend/compact-connect/lambdas/python/custom-resources/requirements-dev.txt +++ b/backend/compact-connect/lambdas/python/custom-resources/requirements-dev.txt @@ -1,17 +1,17 @@ # -# This file is autogenerated by pip-compile with Python 3.13 +# This file is autogenerated by pip-compile with Python 3.14 # by the following command: # # pip-compile --no-emit-index-url --no-strip-extras lambdas/python/custom-resources/requirements-dev.in # -boto3==1.40.56 +boto3==1.41.0 # via moto -botocore==1.40.56 +botocore==1.41.0 # via # boto3 # moto # s3transfer -certifi==2025.10.5 +certifi==2025.11.12 # via requests cffi==2.0.0 # via cryptography @@ -33,9 +33,9 @@ markupsafe==3.0.3 # via # jinja2 # werkzeug -moto[dynamodb,s3]==5.1.15 +moto[dynamodb,s3]==5.1.17 # via -r lambdas/python/custom-resources/requirements-dev.in -py-partiql-parser==0.6.1 +py-partiql-parser==0.6.3 # via moto pycparser==2.23 # via cffi diff --git a/backend/compact-connect/lambdas/python/custom-resources/requirements.txt b/backend/compact-connect/lambdas/python/custom-resources/requirements.txt index a4578b969..2a8810a14 100644 --- a/backend/compact-connect/lambdas/python/custom-resources/requirements.txt +++ b/backend/compact-connect/lambdas/python/custom-resources/requirements.txt @@ -1,5 +1,5 @@ # -# This file is autogenerated by pip-compile with Python 3.13 +# This file is autogenerated by pip-compile with Python 3.14 # by the following command: # # pip-compile --no-emit-index-url --no-strip-extras lambdas/python/custom-resources/requirements.in diff --git a/backend/compact-connect/lambdas/python/data-events/requirements-dev.txt b/backend/compact-connect/lambdas/python/data-events/requirements-dev.txt index e081f34c9..22a836bd7 100644 --- a/backend/compact-connect/lambdas/python/data-events/requirements-dev.txt +++ b/backend/compact-connect/lambdas/python/data-events/requirements-dev.txt @@ -1,17 +1,17 @@ # -# This file is autogenerated by pip-compile with Python 3.13 +# This file is autogenerated by pip-compile with Python 3.14 # by the following command: # # pip-compile --no-emit-index-url --no-strip-extras lambdas/python/data-events/requirements-dev.in # -boto3==1.40.56 +boto3==1.41.0 # via moto -botocore==1.40.56 +botocore==1.41.0 # via # boto3 # moto # s3transfer -certifi==2025.10.5 +certifi==2025.11.12 # via requests cffi==2.0.0 # via cryptography @@ -33,9 +33,9 @@ markupsafe==3.0.3 # via # jinja2 # werkzeug -moto[dynamodb,s3]==5.1.15 +moto[dynamodb,s3]==5.1.17 # via -r lambdas/python/data-events/requirements-dev.in -py-partiql-parser==0.6.1 +py-partiql-parser==0.6.3 # via moto pycparser==2.23 # via cffi diff --git a/backend/compact-connect/lambdas/python/data-events/requirements.txt b/backend/compact-connect/lambdas/python/data-events/requirements.txt index 7df16379d..7a1fc37aa 100644 --- a/backend/compact-connect/lambdas/python/data-events/requirements.txt +++ b/backend/compact-connect/lambdas/python/data-events/requirements.txt @@ -1,5 +1,5 @@ # -# This file is autogenerated by pip-compile with Python 3.13 +# This file is autogenerated by pip-compile with Python 3.14 # by the following command: # # pip-compile --no-emit-index-url --no-strip-extras lambdas/python/data-events/requirements.in diff --git a/backend/compact-connect/lambdas/python/disaster-recovery/requirements-dev.txt b/backend/compact-connect/lambdas/python/disaster-recovery/requirements-dev.txt index 050970754..44d9a0022 100644 --- a/backend/compact-connect/lambdas/python/disaster-recovery/requirements-dev.txt +++ b/backend/compact-connect/lambdas/python/disaster-recovery/requirements-dev.txt @@ -1,17 +1,17 @@ # -# This file is autogenerated by pip-compile with Python 3.13 +# This file is autogenerated by pip-compile with Python 3.14 # by the following command: # # pip-compile --no-emit-index-url --no-strip-extras lambdas/python/disaster-recovery/requirements-dev.in # -boto3==1.40.56 +boto3==1.41.0 # via moto -botocore==1.40.56 +botocore==1.41.0 # via # boto3 # moto # s3transfer -certifi==2025.10.5 +certifi==2025.11.12 # via requests cffi==2.0.0 # via cryptography @@ -33,9 +33,9 @@ markupsafe==3.0.3 # via # jinja2 # werkzeug -moto[dynamodb,s3]==5.1.15 +moto[dynamodb,s3]==5.1.17 # via -r lambdas/python/disaster-recovery/requirements-dev.in -py-partiql-parser==0.6.1 +py-partiql-parser==0.6.3 # via moto pycparser==2.23 # via cffi diff --git a/backend/compact-connect/lambdas/python/disaster-recovery/requirements.txt b/backend/compact-connect/lambdas/python/disaster-recovery/requirements.txt index ffc3ccb09..9ad49d395 100644 --- a/backend/compact-connect/lambdas/python/disaster-recovery/requirements.txt +++ b/backend/compact-connect/lambdas/python/disaster-recovery/requirements.txt @@ -1,5 +1,5 @@ # -# This file is autogenerated by pip-compile with Python 3.13 +# This file is autogenerated by pip-compile with Python 3.14 # by the following command: # # pip-compile --no-emit-index-url --no-strip-extras lambdas/python/disaster-recovery/requirements.in diff --git a/backend/compact-connect/lambdas/python/provider-data-v1/requirements-dev.txt b/backend/compact-connect/lambdas/python/provider-data-v1/requirements-dev.txt index 62531f73c..35825ad72 100644 --- a/backend/compact-connect/lambdas/python/provider-data-v1/requirements-dev.txt +++ b/backend/compact-connect/lambdas/python/provider-data-v1/requirements-dev.txt @@ -1,17 +1,17 @@ # -# This file is autogenerated by pip-compile with Python 3.13 +# This file is autogenerated by pip-compile with Python 3.14 # by the following command: # # pip-compile --no-emit-index-url --no-strip-extras lambdas/python/provider-data-v1/requirements-dev.in # -boto3==1.40.56 +boto3==1.41.0 # via moto -botocore==1.40.56 +botocore==1.41.0 # via # boto3 # moto # s3transfer -certifi==2025.10.5 +certifi==2025.11.12 # via requests cffi==2.0.0 # via cryptography @@ -21,7 +21,7 @@ cryptography==46.0.3 # via moto docker==7.1.0 # via moto -faker==28.4.1 +faker==37.12.0 # via -r lambdas/python/provider-data-v1/requirements-dev.in idna==3.11 # via requests @@ -35,16 +35,15 @@ markupsafe==3.0.3 # via # jinja2 # werkzeug -moto[dynamodb,s3]==5.1.15 +moto[dynamodb,s3]==5.1.17 # via -r lambdas/python/provider-data-v1/requirements-dev.in -py-partiql-parser==0.6.1 +py-partiql-parser==0.6.3 # via moto pycparser==2.23 # via cffi python-dateutil==2.9.0.post0 # via # botocore - # faker # moto pyyaml==6.0.3 # via @@ -61,6 +60,8 @@ s3transfer==0.14.0 # via boto3 six==1.17.0 # via python-dateutil +tzdata==2025.2 + # via faker urllib3==2.5.0 # via # botocore diff --git a/backend/compact-connect/lambdas/python/provider-data-v1/requirements.txt b/backend/compact-connect/lambdas/python/provider-data-v1/requirements.txt index 5060b3544..f9665c63b 100644 --- a/backend/compact-connect/lambdas/python/provider-data-v1/requirements.txt +++ b/backend/compact-connect/lambdas/python/provider-data-v1/requirements.txt @@ -1,5 +1,5 @@ # -# This file is autogenerated by pip-compile with Python 3.13 +# This file is autogenerated by pip-compile with Python 3.14 # by the following command: # # pip-compile --no-emit-index-url --no-strip-extras lambdas/python/provider-data-v1/requirements.in diff --git a/backend/compact-connect/lambdas/python/purchases/.coveragerc b/backend/compact-connect/lambdas/python/purchases/.coveragerc new file mode 100644 index 000000000..911bb4766 --- /dev/null +++ b/backend/compact-connect/lambdas/python/purchases/.coveragerc @@ -0,0 +1,14 @@ +[run] + +omit = + */site-packages/* + */smoke-test/* + */tests/* + */bin/* + */lambdas/python/common/* + +[report] +skip_empty = true + +[html] +directory = coverage diff --git a/backend/compact-connect/lambdas/python/purchases/requirements-dev.in b/backend/compact-connect/lambdas/python/purchases/requirements-dev.in index 3093094b6..11892d0b0 100644 --- a/backend/compact-connect/lambdas/python/purchases/requirements-dev.in +++ b/backend/compact-connect/lambdas/python/purchases/requirements-dev.in @@ -6,3 +6,11 @@ ruff pip-tools pip-audit Faker>=37, <38 + +# Dependencies normally provided via the common lambda layer +argon2-cffi>=25.1.0, <26.0.0 +aws-lambda-powertools>=3.5.0, <4 +boto3>=1.34.33, <2 +cryptography>=46, <47 +marshmallow>=3.21.3, <4.0.0 +requests>=2.31.0, <3.0.0 diff --git a/backend/compact-connect/lambdas/python/purchases/requirements-dev.txt b/backend/compact-connect/lambdas/python/purchases/requirements-dev.txt index 0468753c3..7c95681ce 100644 --- a/backend/compact-connect/lambdas/python/purchases/requirements-dev.txt +++ b/backend/compact-connect/lambdas/python/purchases/requirements-dev.txt @@ -1,46 +1,58 @@ # -# This file is autogenerated by pip-compile with Python 3.13 +# This file is autogenerated by pip-compile with Python 3.12 # by the following command: # -# pip-compile --no-emit-index-url --no-strip-extras lambdas/python/purchases/requirements-dev.in +# pip-compile requirements-dev.in # +argon2-cffi==25.1.0 + # via -r requirements-dev.in +argon2-cffi-bindings==25.1.0 + # via argon2-cffi +aws-lambda-powertools==3.23.0 + # via -r requirements-dev.in boolean-py==5.0 # via license-expression -boto3==1.40.56 - # via moto -botocore==1.40.56 +boto3==1.40.76 + # via + # -r requirements-dev.in + # moto +botocore==1.40.76 # via # boto3 # moto # s3transfer build==1.3.0 # via pip-tools -cachecontrol[filecache]==0.14.3 +cachecontrol[filecache]==0.14.4 # via # cachecontrol # pip-audit -certifi==2025.10.5 +certifi==2025.11.12 # via requests cffi==2.0.0 - # via cryptography + # via + # argon2-cffi-bindings + # cryptography charset-normalizer==3.4.4 # via requests -click==8.3.0 +click==8.3.1 # via pip-tools -coverage[toml]==7.11.0 +coverage[toml]==7.12.0 # via - # -r lambdas/python/purchases/requirements-dev.in + # -r requirements-dev.in # pytest-cov cryptography==46.0.3 - # via moto + # via + # -r requirements-dev.in + # moto cyclonedx-python-lib==9.1.0 # via pip-audit defusedxml==0.7.1 # via py-serializable docker==7.1.0 # via moto -faker==28.4.1 - # via -r lambdas/python/purchases/requirements-dev.in +faker==37.12.0 + # via -r requirements-dev.in filelock==3.20.0 # via cachecontrol idna==3.11 @@ -51,6 +63,7 @@ jinja2==3.1.6 # via moto jmespath==1.0.1 # via + # aws-lambda-powertools # boto3 # botocore license-expression==30.4.4 @@ -61,10 +74,12 @@ markupsafe==3.0.3 # via # jinja2 # werkzeug +marshmallow==3.26.1 + # via -r requirements-dev.in mdurl==0.1.2 # via markdown-it-py -moto[dynamodb,s3]==5.1.15 - # via -r lambdas/python/purchases/requirements-dev.in +moto[dynamodb,s3]==5.1.17 + # via -r requirements-dev.in msgpack==1.1.2 # via cachecontrol packageurl-python==0.17.5 @@ -72,24 +87,25 @@ packageurl-python==0.17.5 packaging==25.0 # via # build + # marshmallow # pip-audit # pip-requirements-parser # pytest pip-api==0.0.34 # via pip-audit pip-audit==2.9.0 - # via -r lambdas/python/purchases/requirements-dev.in + # via -r requirements-dev.in pip-requirements-parser==32.0.1 # via pip-audit -pip-tools==7.5.1 - # via -r lambdas/python/purchases/requirements-dev.in +pip-tools==7.5.2 + # via -r requirements-dev.in platformdirs==4.5.0 # via pip-audit pluggy==1.6.0 # via # pytest # pytest-cov -py-partiql-parser==0.6.1 +py-partiql-parser==0.6.3 # via moto py-serializable==2.1.0 # via cyclonedx-python-lib @@ -105,16 +121,15 @@ pyproject-hooks==1.2.0 # via # build # pip-tools -pytest==8.4.2 +pytest==9.0.1 # via - # -r lambdas/python/purchases/requirements-dev.in + # -r requirements-dev.in # pytest-cov pytest-cov==7.0.0 - # via -r lambdas/python/purchases/requirements-dev.in + # via -r requirements-dev.in python-dateutil==2.9.0.post0 # via # botocore - # faker # moto pyyaml==6.0.3 # via @@ -122,6 +137,7 @@ pyyaml==6.0.3 # responses requests==2.32.5 # via + # -r requirements-dev.in # cachecontrol # docker # moto @@ -131,8 +147,8 @@ responses==0.25.8 # via moto rich==14.2.0 # via pip-audit -ruff==0.14.1 - # via -r lambdas/python/purchases/requirements-dev.in +ruff==0.14.5 + # via -r requirements-dev.in s3transfer==0.14.0 # via boto3 six==1.17.0 @@ -141,6 +157,10 @@ sortedcontainers==2.4.0 # via cyclonedx-python-lib toml==0.10.2 # via pip-audit +typing-extensions==4.15.0 + # via aws-lambda-powertools +tzdata==2025.2 + # via faker urllib3==2.5.0 # via # botocore diff --git a/backend/compact-connect/lambdas/python/purchases/requirements.txt b/backend/compact-connect/lambdas/python/purchases/requirements.txt index 2718af8b8..6141bed67 100644 --- a/backend/compact-connect/lambdas/python/purchases/requirements.txt +++ b/backend/compact-connect/lambdas/python/purchases/requirements.txt @@ -1,12 +1,12 @@ # -# This file is autogenerated by pip-compile with Python 3.13 +# This file is autogenerated by pip-compile with Python 3.12 # by the following command: # -# pip-compile --no-emit-index-url --no-strip-extras lambdas/python/purchases/requirements.in +# pip-compile requirements.in # authorizenet==1.1.6 - # via -r lambdas/python/purchases/requirements.in -certifi==2025.10.5 + # via -r requirements.in +certifi==2025.11.12 # via requests charset-normalizer==3.4.4 # via requests diff --git a/backend/compact-connect/lambdas/python/staff-user-pre-token/requirements-dev.txt b/backend/compact-connect/lambdas/python/staff-user-pre-token/requirements-dev.txt index afffac437..fa4f50392 100644 --- a/backend/compact-connect/lambdas/python/staff-user-pre-token/requirements-dev.txt +++ b/backend/compact-connect/lambdas/python/staff-user-pre-token/requirements-dev.txt @@ -1,17 +1,17 @@ # -# This file is autogenerated by pip-compile with Python 3.13 +# This file is autogenerated by pip-compile with Python 3.14 # by the following command: # # pip-compile --no-emit-index-url --no-strip-extras lambdas/python/staff-user-pre-token/requirements-dev.in # -boto3==1.40.56 +boto3==1.41.0 # via moto -botocore==1.40.56 +botocore==1.41.0 # via # boto3 # moto # s3transfer -certifi==2025.10.5 +certifi==2025.11.12 # via requests cffi==2.0.0 # via cryptography @@ -33,9 +33,9 @@ markupsafe==3.0.3 # via # jinja2 # werkzeug -moto[dynamodb,s3]==5.1.15 +moto[dynamodb,s3]==5.1.17 # via -r lambdas/python/staff-user-pre-token/requirements-dev.in -py-partiql-parser==0.6.1 +py-partiql-parser==0.6.3 # via moto pycparser==2.23 # via cffi diff --git a/backend/compact-connect/lambdas/python/staff-user-pre-token/requirements.txt b/backend/compact-connect/lambdas/python/staff-user-pre-token/requirements.txt index 43cf8504b..e7cabe5cb 100644 --- a/backend/compact-connect/lambdas/python/staff-user-pre-token/requirements.txt +++ b/backend/compact-connect/lambdas/python/staff-user-pre-token/requirements.txt @@ -1,5 +1,5 @@ # -# This file is autogenerated by pip-compile with Python 3.13 +# This file is autogenerated by pip-compile with Python 3.14 # by the following command: # # pip-compile --no-emit-index-url --no-strip-extras lambdas/python/staff-user-pre-token/requirements.in diff --git a/backend/compact-connect/lambdas/python/staff-users/requirements-dev.txt b/backend/compact-connect/lambdas/python/staff-users/requirements-dev.txt index 378def7bb..54e10b15f 100644 --- a/backend/compact-connect/lambdas/python/staff-users/requirements-dev.txt +++ b/backend/compact-connect/lambdas/python/staff-users/requirements-dev.txt @@ -1,17 +1,17 @@ # -# This file is autogenerated by pip-compile with Python 3.13 +# This file is autogenerated by pip-compile with Python 3.14 # by the following command: # # pip-compile --no-emit-index-url --no-strip-extras lambdas/python/staff-users/requirements-dev.in # -boto3==1.40.56 +boto3==1.41.0 # via moto -botocore==1.40.56 +botocore==1.41.0 # via # boto3 # moto # s3transfer -certifi==2025.10.5 +certifi==2025.11.12 # via requests cffi==2.0.0 # via cryptography @@ -23,7 +23,7 @@ cryptography==46.0.3 # moto docker==7.1.0 # via moto -faker==28.4.1 +faker==37.12.0 # via -r lambdas/python/staff-users/requirements-dev.in idna==3.11 # via requests @@ -33,22 +33,21 @@ jmespath==1.0.1 # via # boto3 # botocore -joserfc==1.4.0 +joserfc==1.4.3 # via moto markupsafe==3.0.3 # via # jinja2 # werkzeug -moto[cognitoidp,dynamodb,s3]==5.1.15 +moto[cognitoidp,dynamodb,s3]==5.1.17 # via -r lambdas/python/staff-users/requirements-dev.in -py-partiql-parser==0.6.1 +py-partiql-parser==0.6.3 # via moto pycparser==2.23 # via cffi python-dateutil==2.9.0.post0 # via # botocore - # faker # moto pyyaml==6.0.3 # via @@ -65,6 +64,8 @@ s3transfer==0.14.0 # via boto3 six==1.17.0 # via python-dateutil +tzdata==2025.2 + # via faker urllib3==2.5.0 # via # botocore diff --git a/backend/compact-connect/lambdas/python/staff-users/requirements.txt b/backend/compact-connect/lambdas/python/staff-users/requirements.txt index ac407fa42..d32dda42a 100644 --- a/backend/compact-connect/lambdas/python/staff-users/requirements.txt +++ b/backend/compact-connect/lambdas/python/staff-users/requirements.txt @@ -1,5 +1,5 @@ # -# This file is autogenerated by pip-compile with Python 3.13 +# This file is autogenerated by pip-compile with Python 3.14 # by the following command: # # pip-compile --no-emit-index-url --no-strip-extras lambdas/python/staff-users/requirements.in diff --git a/backend/compact-connect/requirements-dev.txt b/backend/compact-connect/requirements-dev.txt index 6b3eed0b4..6ea674de6 100644 --- a/backend/compact-connect/requirements-dev.txt +++ b/backend/compact-connect/requirements-dev.txt @@ -1,5 +1,5 @@ # -# This file is autogenerated by pip-compile with Python 3.13 +# This file is autogenerated by pip-compile with Python 3.14 # by the following command: # # pip-compile --no-emit-index-url --no-strip-extras requirements-dev.in @@ -8,17 +8,17 @@ boolean-py==5.0 # via license-expression build==1.3.0 # via pip-tools -cachecontrol[filecache]==0.14.3 +cachecontrol[filecache]==0.14.4 # via # cachecontrol # pip-audit -certifi==2025.10.5 +certifi==2025.11.12 # via requests charset-normalizer==3.4.4 # via requests -click==8.3.0 +click==8.3.1 # via pip-tools -coverage[toml]==7.11.0 +coverage[toml]==7.12.0 # via # -r requirements-dev.in # pytest-cov @@ -26,7 +26,7 @@ cyclonedx-python-lib==9.1.0 # via pip-audit defusedxml==0.7.1 # via py-serializable -faker==28.4.1 +faker==37.12.0 # via -r requirements-dev.in filelock==3.20.0 # via cachecontrol @@ -56,7 +56,7 @@ pip-audit==2.9.0 # via -r requirements-dev.in pip-requirements-parser==32.0.1 # via pip-audit -pip-tools==7.5.1 +pip-tools==7.5.2 # via -r requirements-dev.in platformdirs==4.5.0 # via pip-audit @@ -76,28 +76,26 @@ pyproject-hooks==1.2.0 # via # build # pip-tools -pytest==8.4.2 +pytest==9.0.1 # via # -r requirements-dev.in # pytest-cov pytest-cov==7.0.0 # via -r requirements-dev.in -python-dateutil==2.9.0.post0 - # via faker requests==2.32.5 # via # cachecontrol # pip-audit rich==14.2.0 # via pip-audit -ruff==0.14.1 +ruff==0.14.5 # via -r requirements-dev.in -six==1.17.0 - # via python-dateutil sortedcontainers==2.4.0 # via cyclonedx-python-lib toml==0.10.2 # via pip-audit +tzdata==2025.2 + # via faker urllib3==2.5.0 # via requests wheel==0.45.1 diff --git a/backend/compact-connect/requirements.txt b/backend/compact-connect/requirements.txt index 512097dfd..7ead839a2 100644 --- a/backend/compact-connect/requirements.txt +++ b/backend/compact-connect/requirements.txt @@ -1,5 +1,5 @@ # -# This file is autogenerated by pip-compile with Python 3.13 +# This file is autogenerated by pip-compile with Python 3.14 # by the following command: # # pip-compile --no-emit-index-url --no-strip-extras requirements.in @@ -12,11 +12,11 @@ aws-cdk-asset-awscli-v1==2.2.242 # via aws-cdk-lib aws-cdk-asset-node-proxy-agent-v6==2.1.0 # via aws-cdk-lib -aws-cdk-aws-lambda-python-alpha==2.220.0a0 +aws-cdk-aws-lambda-python-alpha==2.225.0a0 # via -r requirements.in -aws-cdk-cloud-assembly-schema==48.16.0 +aws-cdk-cloud-assembly-schema==48.20.0 # via aws-cdk-lib -aws-cdk-lib==2.220.0 +aws-cdk-lib==2.225.0 # via # -r requirements.in # aws-cdk-aws-lambda-python-alpha @@ -25,7 +25,7 @@ cattrs==25.3.0 # via jsii cdk-nag==2.37.55 # via -r requirements.in -constructs==10.4.2 +constructs==10.4.3 # via # -r requirements.in # aws-cdk-aws-lambda-python-alpha @@ -33,7 +33,7 @@ constructs==10.4.2 # cdk-nag importlib-resources==6.5.2 # via jsii -jsii==1.117.0 +jsii==1.119.0 # via # aws-cdk-asset-awscli-v1 # aws-cdk-asset-node-proxy-agent-v6 @@ -58,7 +58,7 @@ pyyaml==6.0.3 # via -r requirements.in six==1.17.0 # via python-dateutil -typeguard==2.13.3 +typeguard==4.2.1 # via # aws-cdk-asset-awscli-v1 # aws-cdk-asset-node-proxy-agent-v6 diff --git a/backend/compact-connect/stacks/api_lambda_stack/provider_users.py b/backend/compact-connect/stacks/api_lambda_stack/provider_users.py index ce2fcdca7..c8aabc816 100644 --- a/backend/compact-connect/stacks/api_lambda_stack/provider_users.py +++ b/backend/compact-connect/stacks/api_lambda_stack/provider_users.py @@ -556,7 +556,7 @@ def _create_dummy_provider_registration_handler(self, scope: Construct): description='Provider registration handler dummy function', handler='handler', code=Code.from_inline('def handler(*args, **kwargs):\n return'), - runtime=Runtime.PYTHON_3_13, + runtime=Runtime.PYTHON_3_14, log_retention=RetentionDays.ONE_DAY, # Triggers creation of the LogRetention custom resource ) # Pin the exports here until the ApiStack clears it from its template diff --git a/backend/compact-connect/stacks/persistent_stack/__init__.py b/backend/compact-connect/stacks/persistent_stack/__init__.py index e6653f802..4909c69bd 100644 --- a/backend/compact-connect/stacks/persistent_stack/__init__.py +++ b/backend/compact-connect/stacks/persistent_stack/__init__.py @@ -64,7 +64,7 @@ def __init__( self.python_common_layer_versions = PythonCommonLayerVersions( self, 'PythonCommonLayerVersions', - compatible_runtimes=[Runtime.PYTHON_3_12, Runtime.PYTHON_3_13], + compatible_runtimes=[Runtime.PYTHON_3_12, Runtime.PYTHON_3_14], ) self.shared_encryption_key = Key( diff --git a/backend/compact-connect/stacks/persistent_stack/ssn_table.py b/backend/compact-connect/stacks/persistent_stack/ssn_table.py index 0afec31b9..5fc11514e 100644 --- a/backend/compact-connect/stacks/persistent_stack/ssn_table.py +++ b/backend/compact-connect/stacks/persistent_stack/ssn_table.py @@ -161,8 +161,6 @@ def __init__( actions=[ 'dynamodb:GetItem', 'dynamodb:Query', - 'dynamodb:DescribeTable', - 'dynamodb:GetRecords', 'dynamodb:ConditionCheckItem', ], principals=[StarPrincipal()], @@ -174,7 +172,9 @@ def __init__( region=stack.region, account=stack.account, resource='table', - resource_name=f'{self.table_name}/index/{self.ssn_index_name}', + # We have to use the constant here, because using `self.table_name` here creates a circular + # reference in the resulting template. + resource_name=f'{SSN_TABLE_NAME}/index/{self.ssn_index_name}', ), ], ) diff --git a/backend/compact-connect/tests/app/base.py b/backend/compact-connect/tests/app/base.py index 7d6ff3a54..439537908 100644 --- a/backend/compact-connect/tests/app/base.py +++ b/backend/compact-connect/tests/app/base.py @@ -228,9 +228,9 @@ def _inspect_persistent_stack( self.assertEqual(staff_users_user_pool_app_client['ReadAttributes'], ['email']) self.assertEqual(staff_users_user_pool_app_client['WriteAttributes'], ['email']) - self._inspect_data_events_table(persistent_stack, persistent_stack_template) - self._inspect_ssn_table(persistent_stack, persistent_stack_template) - self._inspect_backup_resources(persistent_stack, persistent_stack_template) + self._inspect_data_events_table(persistent_stack, persistent_stack_template) + self._inspect_ssn_table(persistent_stack, persistent_stack_template) + self._inspect_backup_resources(persistent_stack, persistent_stack_template) def _inspect_ssn_table(self, persistent_stack: PersistentStack, persistent_stack_template: Template): ssn_key_logical_id = persistent_stack.get_logical_id(persistent_stack.ssn_table.key.node.default_child) @@ -249,84 +249,115 @@ def _inspect_ssn_table(self, persistent_stack: PersistentStack, persistent_stack disaster_recovery_step_function_role_logical_id = persistent_stack.get_logical_id( persistent_stack.ssn_table.disaster_recovery_step_function_role.node.default_child ) - ssn_table_template = self.get_resource_properties_by_logical_id( - persistent_stack.get_logical_id(persistent_stack.ssn_table.node.default_child), - persistent_stack_template.find_resources(CfnTable.CFN_RESOURCE_TYPE_NAME), - ) - ssn_key_template = self.get_resource_properties_by_logical_id( - ssn_key_logical_id, persistent_stack_template.find_resources(CfnKey.CFN_RESOURCE_TYPE_NAME) - ) - # This naming convention is important for opting into future CloudTrail organization access logging - self.assertTrue(ssn_table_template['TableName'].endswith('-DataEventsLog')) - # Ensure our SSN Key is locked down by resource policy + + # Build the expected PrincipalArn array - always includes 5 roles, plus optional backup role # Note: SSN backup role reference may be a nested stack output, so we use Match.any_value() for flexibility - expected_policy = { - 'Statement': [ - { - 'Action': 'kms:*', - 'Effect': 'Allow', - 'Principal': {'AWS': f'arn:aws:iam::{persistent_stack.account}:root'}, - 'Resource': '*', - }, - { - 'Action': ['kms:Decrypt', 'kms:Encrypt', 'kms:GenerateDataKey*', 'kms:ReEncrypt*'], - 'Condition': { - 'StringNotEquals': { - 'aws:PrincipalArn': [ - {'Fn::GetAtt': [ingest_role_logical_id, 'Arn']}, - {'Fn::GetAtt': [license_upload_role_logical_id, 'Arn']}, - {'Fn::GetAtt': [api_query_role_logical_id, 'Arn']}, - {'Fn::GetAtt': [disaster_recovery_lambda_role_logical_id, 'Arn']}, - {'Fn::GetAtt': [disaster_recovery_step_function_role_logical_id, 'Arn']}, - Match.any_value(), # SSN backup role reference (may be nested stack output) - ], - 'aws:PrincipalServiceName': ['dynamodb.amazonaws.com', 'events.amazonaws.com'], - } - }, - 'Effect': 'Deny', - 'Principal': '*', - 'Resource': '*', - }, - ], - 'Version': '2012-10-17', - } - - # Validate the key policy structure matches our expected pattern - actual_policy = ssn_key_template['KeyPolicy'] - self.assertEqual(len(expected_policy['Statement']), len(actual_policy['Statement'])) - - # Check first statement (admin access) exactly - self.assertEqual(expected_policy['Statement'][0], actual_policy['Statement'][0]) - - # Check second statement structure (with flexible backup role reference) - actual_second_stmt = actual_policy['Statement'][1] - self.assertEqual(expected_policy['Statement'][1]['Action'], actual_second_stmt['Action']) - self.assertEqual(expected_policy['Statement'][1]['Effect'], actual_second_stmt['Effect']) - self.assertEqual(expected_policy['Statement'][1]['Principal'], actual_second_stmt['Principal']) - self.assertEqual(expected_policy['Statement'][1]['Resource'], actual_second_stmt['Resource']) - - # Check condition structure but allow flexible backup role reference - self.assertIn('StringNotEquals', actual_second_stmt['Condition']) - self.assertIn('aws:PrincipalArn', actual_second_stmt['Condition']['StringNotEquals']) + principal_arn_array = [ + {'Fn::GetAtt': [ingest_role_logical_id, 'Arn']}, + {'Fn::GetAtt': [license_upload_role_logical_id, 'Arn']}, + {'Fn::GetAtt': [api_query_role_logical_id, 'Arn']}, + {'Fn::GetAtt': [disaster_recovery_lambda_role_logical_id, 'Arn']}, + {'Fn::GetAtt': [disaster_recovery_step_function_role_logical_id, 'Arn']}, + ] if persistent_stack.environment_context['backup_enabled']: - # if backup is enabled, we add an additional principle arn for the backup role to the SSN policy to + # if backup is enabled, we add an additional principal arn for the backup role to the SSN policy to # perform backups on data - self.assertEqual(6, len(actual_second_stmt['Condition']['StringNotEquals']['aws:PrincipalArn'])) - else: - self.assertEqual(5, len(actual_second_stmt['Condition']['StringNotEquals']['aws:PrincipalArn'])) - self.assertEqual( - expected_policy['Statement'][1]['Condition']['StringNotEquals']['aws:PrincipalServiceName'], - actual_second_stmt['Condition']['StringNotEquals']['aws:PrincipalServiceName'], - ) - # Ensure we're using our locked down KMS key for encryption - self.assertEqual( - ssn_table_template['SSESpecification'], - {'KMSMasterKeyId': {'Fn::GetAtt': [ssn_key_logical_id, 'Arn']}, 'SSEEnabled': True, 'SSEType': 'KMS'}, + principal_arn_array.append(Match.any_value()) # SSN backup role reference (may be nested stack output) + + # Ensure our SSN Key is locked down by resource policy + persistent_stack_template.has_resource( + CfnKey.CFN_RESOURCE_TYPE_NAME, + { + 'Properties': { + 'KeyPolicy': { + 'Statement': Match.array_with([ + { + 'Action': 'kms:*', + 'Effect': 'Allow', + 'Principal': {'AWS': f'arn:aws:iam::{persistent_stack.account}:root'}, + 'Resource': '*', + }, + { + 'Action': ['kms:Decrypt', 'kms:Encrypt', 'kms:GenerateDataKey*', 'kms:ReEncrypt*'], + 'Condition': { + 'StringNotEquals': { + 'aws:PrincipalArn': principal_arn_array, + 'aws:PrincipalServiceName': ['dynamodb.amazonaws.com', 'events.amazonaws.com'], + } + }, + 'Effect': 'Deny', + 'Principal': '*', + 'Resource': '*', + }, + ]), + 'Version': '2012-10-17', + } + } + }, ) - self.compare_snapshot( - ssn_table_template['ResourcePolicy']['PolicyDocument'], - 'SSN_TABLE_RESOURCE_POLICY', - overwrite_snapshot=False, + + persistent_stack_template.has_resource( + CfnTable.CFN_RESOURCE_TYPE_NAME, + { + 'Properties': { + # This naming convention is important for opting into future CloudTrail organization access logging + # don't remove the -DateEventsLog suffix + 'TableName': 'ssn-table-DataEventsLog', + 'ResourcePolicy': { + 'PolicyDocument': { + 'Statement': Match.array_with([ + { + 'Effect': 'Deny', + 'Principal': '*', + 'Resource': '*', + 'Action': 'dynamodb:CreateBackup', + 'Condition': { + 'StringNotEquals': { + 'aws:PrincipalServiceName': 'dynamodb.amazonaws.com' + } + } + }, + { + 'Effect': 'Deny', + 'Principal': '*', + 'Resource': '*', + 'Action': [ + 'dynamodb:BatchGetItem', + 'dynamodb:BatchWriteItem', + 'dynamodb:PartiQL*', + 'dynamodb:Scan', + ], + 'Condition': { + 'StringNotEquals': { + 'aws:PrincipalServiceName': 'dynamodb.amazonaws.com', + 'aws:PrincipalArn': Match.any_value(), + } + }, + }, + { + "Action": [ + "dynamodb:ConditionCheckItem", + "dynamodb:GetItem", + "dynamodb:Query" + ], + "Effect": "Deny", + "Principal": "*", + "NotResource": Match.string_like_regexp( + f"arn:aws:dynamodb:{persistent_stack.region}:{persistent_stack.account}:table/ssn-table-DataEventsLog/index/ssnIndex" + ) + }, + ]) + } + }, + 'SSESpecification': { + 'KMSMasterKeyId': { + 'Fn::GetAtt': [ssn_key_logical_id, 'Arn'] + }, + 'SSEEnabled': True, + 'SSEType': 'KMS', + } + } + } ) def _inspect_backup_resources(self, persistent_stack: PersistentStack, persistent_stack_template: Template): diff --git a/backend/compact-connect/tests/app/test_pipeline.py b/backend/compact-connect/tests/app/test_pipeline.py index 52c915a19..9004d069a 100644 --- a/backend/compact-connect/tests/app/test_pipeline.py +++ b/backend/compact-connect/tests/app/test_pipeline.py @@ -283,7 +283,7 @@ def test_synth_generates_python_lambda_layer_with_ssm_parameter(self): persistent_stack_template = Template.from_stack(persistent_stack) # Ensure we have a layer and parameter referencing that layer for each expected runtime - for runtime in ['python3.12', 'python3.13']: + for runtime in ['python3.12', 'python3.14']: layers = persistent_stack_template.find_resources( type=CfnLayerVersion.CFN_RESOURCE_TYPE_NAME, props={ diff --git a/backend/compact-connect/tests/common_constructs/test_cognito_user_backup.py b/backend/compact-connect/tests/common_constructs/test_cognito_user_backup.py index 2d4732f6e..135d42dda 100644 --- a/backend/compact-connect/tests/common_constructs/test_cognito_user_backup.py +++ b/backend/compact-connect/tests/common_constructs/test_cognito_user_backup.py @@ -43,7 +43,7 @@ def setUpClass(cls): PythonCommonLayerVersions( common_stack, 'CommonLayers', - compatible_runtimes=[Runtime.PYTHON_3_13], + compatible_runtimes=[Runtime.PYTHON_3_14], ) cls.stack = Stack(cls.app, 'TestStack') @@ -141,7 +141,7 @@ def test_creates_lambda_function(self): lambda_props = lambda_functions[lambda_logical_id]['Properties'] # Verify function configuration - self.assertEqual(lambda_props['Runtime'], 'python3.13') + self.assertEqual(lambda_props['Runtime'], 'python3.14') self.assertEqual(lambda_props['Timeout'], 900) # 15 minutes self.assertEqual(lambda_props['MemorySize'], 512) diff --git a/backend/compact-connect/tests/common_constructs/test_data_migration.py b/backend/compact-connect/tests/common_constructs/test_data_migration.py index c907c48cf..aa002bd35 100644 --- a/backend/compact-connect/tests/common_constructs/test_data_migration.py +++ b/backend/compact-connect/tests/common_constructs/test_data_migration.py @@ -29,7 +29,7 @@ def test_data_migration_synthesizes(self): PythonCommonLayerVersions( common_stack, 'CommonLayers', - compatible_runtimes=[Runtime.PYTHON_3_13], + compatible_runtimes=[Runtime.PYTHON_3_14], ) stack = Stack(app, 'Stack') diff --git a/backend/compact-connect/tests/common_constructs/test_queue_event_listener.py b/backend/compact-connect/tests/common_constructs/test_queue_event_listener.py index 4ad5dbba1..ae2fc0d6e 100644 --- a/backend/compact-connect/tests/common_constructs/test_queue_event_listener.py +++ b/backend/compact-connect/tests/common_constructs/test_queue_event_listener.py @@ -25,7 +25,7 @@ def setUp(self): self.stack, 'TestFunction', handler='handle', - runtime=Runtime.PYTHON_3_13, + runtime=Runtime.PYTHON_3_14, code=Code.from_inline("""def handle(*args): return"""), ) diff --git a/backend/compact-connect/tests/common_constructs/test_queued_lambda_processor.py b/backend/compact-connect/tests/common_constructs/test_queued_lambda_processor.py index 5bb9df254..40ad20111 100644 --- a/backend/compact-connect/tests/common_constructs/test_queued_lambda_processor.py +++ b/backend/compact-connect/tests/common_constructs/test_queued_lambda_processor.py @@ -21,7 +21,7 @@ def test_creates_queues_and_event_source(self): stack, 'Function', handler='handle', - runtime=Runtime.PYTHON_3_13, + runtime=Runtime.PYTHON_3_14, code=Code.from_inline("""def handle(*args): return"""), ) processor = QueuedLambdaProcessor( diff --git a/backend/compact-connect/tests/resources/snapshots/SSN_TABLE_RESOURCE_POLICY.json b/backend/compact-connect/tests/resources/snapshots/SSN_TABLE_RESOURCE_POLICY.json deleted file mode 100644 index 965db8448..000000000 --- a/backend/compact-connect/tests/resources/snapshots/SSN_TABLE_RESOURCE_POLICY.json +++ /dev/null @@ -1,40 +0,0 @@ -{ - "Statement": [ - { - "Action": "dynamodb:CreateBackup", - "Condition": { - "StringNotEquals": { - "aws:PrincipalServiceName": "dynamodb.amazonaws.com" - } - }, - "Effect": "Deny", - "Principal": "*", - "Resource": "*" - }, - { - "Action": [ - "dynamodb:BatchGetItem", - "dynamodb:BatchWriteItem", - "dynamodb:PartiQL*", - "dynamodb:Scan" - ], - "Condition": { - "StringNotEquals": { - "aws:PrincipalServiceName": "dynamodb.amazonaws.com", - "aws:PrincipalArn": [ - { - "Fn::GetAtt": [ - "DisasterRecoveryLambdaRole4BDEAE6F", - "Arn" - ] - } - ] - } - }, - "Effect": "Deny", - "Principal": "*", - "Resource": "*" - } - ], - "Version": "2012-10-17" -}