npm - @aws-mdaa/dataops-job-l3-construct - Versions diffs - 1.4.0 → 1.6.0 - Mend

@aws-mdaa/dataops-job-l3-construct 1.4.0 → 1.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (78) hide show

package/node_modules/lodash/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "lodash",
-  "version": "4.17.23",
+  "version": "4.18.1",
   "description": "Lodash modular utilities.",
   "keywords": "modules, stdlib, util",
   "homepage": "https://lodash.com/",
@@ -13,5 +13,7 @@
     "John-David Dalton <john.david.dalton@gmail.com>",
     "Mathias Bynens <mathias@qiwi.be>"
   ],
-  "scripts": { "test": "echo \"See https://travis-ci.org/lodash-archive/lodash-cli for testing details.\"" }
+  "scripts": {
+    "test": "echo \"See https://travis-ci.org/lodash-archive/lodash-cli for testing details.\""
+  }
 }

package/node_modules/lodash/random.js CHANGED Viewed

@@ -18,6 +18,8 @@ var nativeMin = Math.min,
  * **Note:** JavaScript follows the IEEE-754 standard for resolving
  * floating-point values which can produce unexpected results.
  *
+ * **Note:** If `lower` is greater than `upper`, the values are swapped.
+ *
  * @static
  * @memberOf _
  * @since 0.7.0
@@ -31,9 +33,16 @@ var nativeMin = Math.min,
  * _.random(0, 5);
  * // => an integer between 0 and 5
  *
+ * // when lower is greater than upper the values are swapped
+ * _.random(5, 0);
+ * // => an integer between 0 and 5
+ *
  * _.random(5);
  * // => also an integer between 0 and 5
  *
+ * _.random(-5);
+ * // => an integer between -5 and 0
+ *
  * _.random(5, true);
  * // => a floating-point number between 0 and 5
  *

package/node_modules/lodash/template.js CHANGED Viewed

@@ -1,4 +1,5 @@
-var assignInWith = require('./assignInWith'),
+var arrayEach = require('./_arrayEach'),
+    assignWith = require('./assignWith'),
     attempt = require('./attempt'),
     baseValues = require('./_baseValues'),
     customDefaultsAssignIn = require('./_customDefaultsAssignIn'),
@@ -11,7 +12,8 @@ var assignInWith = require('./assignInWith'),
     toString = require('./toString');
 /** Error message constants. */
-var INVALID_TEMPL_VAR_ERROR_TEXT = 'Invalid `variable` option passed into `_.template`';
+var INVALID_TEMPL_VAR_ERROR_TEXT = 'Invalid `variable` option passed into `_.template`',
+    INVALID_TEMPL_IMPORTS_ERROR_TEXT = 'Invalid `imports` option passed into `_.template`';
 /** Used to match empty string literals in compiled template source. */
 var reEmptyStringLeading = /\b__p \+= '';/g,
@@ -55,6 +57,10 @@ var hasOwnProperty = objectProto.hasOwnProperty;
  * properties may be accessed as free variables in the template. If a setting
  * object is given, it takes precedence over `_.templateSettings` values.
  *
+ * **Security:** `_.template` is insecure and should not be used. It will be
+ * removed in Lodash v5. Avoid untrusted input. See
+ * [threat model](https://github.com/lodash/lodash/blob/main/threat-model.md).
+ *
  * **Note:** In the development build `_.template` utilizes
  * [sourceURLs](http://www.html5rocks.com/en/tutorials/developertools/sourcemaps/#toc-sourceurl)
  * for easier debugging.
@@ -162,12 +168,18 @@ function template(string, options, guard) {
     options = undefined;
   }
   string = toString(string);
-  options = assignInWith({}, options, settings, customDefaultsAssignIn);
+  options = assignWith({}, options, settings, customDefaultsAssignIn);
-  var imports = assignInWith({}, options.imports, settings.imports, customDefaultsAssignIn),
+  var imports = assignWith({}, options.imports, settings.imports, customDefaultsAssignIn),
       importsKeys = keys(imports),
       importsValues = baseValues(imports, importsKeys);
+  arrayEach(importsKeys, function(key) {
+    if (reForbiddenIdentifierChars.test(key)) {
+      throw new Error(INVALID_TEMPL_IMPORTS_ERROR_TEXT);
+    }
+  });
   var isEscaping,
       isEvaluating,
       index = 0,

package/node_modules/lodash/templateSettings.js CHANGED Viewed

@@ -8,6 +8,10 @@ var escape = require('./escape'),
  * embedded Ruby (ERB) as well as ES2015 template strings. Change the
  * following template settings to use alternative delimiters.
  *
+ * **Security:** See
+ * [threat model](https://github.com/lodash/lodash/blob/main/threat-model.md)
+ * — `_.template` is insecure and will be removed in v5.
+ *
  * @static
  * @memberOf _
  * @type {Object}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@aws-mdaa/dataops-job-l3-construct",
-  "version": "1.4.0",
+  "version": "1.6.0",
   "description": "MDAA DataOps Job L3 Construct",
   "license": "Apache-2.0",
   "author": {
@@ -16,15 +16,15 @@
     "watch": "jsii -w  --project-references",
     "package": "jsii-pacmak --npmignore=false",
     "test": "jest --passWithNoTests --coverage",
-    "lint": "eslint --max-warnings 0 -c ../../../../../.eslintrc.json '**/*.{ts,tsx}' --ignore-pattern 'dist/*' --ignore-pattern 'node_modules/*' --ignore-pattern \"*.d.ts\" ",
-    "test-coverage": "jest --passWithNoTests --coverage"
+    "lint": "eslint --max-warnings 0 -c ../../../../../eslint.config.mjs",
+    "test:package-docs": "../../../../../scripts/generate_docs/test_package_docs.sh"
   },
   "main": "lib/index.js",
   "types": "lib/index.d.ts",
   "devDependencies": {
-    "@aws-mdaa/construct": "1.4.0",
-    "@aws-mdaa/l3-construct": "1.4.0",
-    "@aws-mdaa/testing": "1.4.0",
+    "@aws-mdaa/construct": "1.6.0",
+    "@aws-mdaa/l3-construct": "1.6.0",
+    "@aws-mdaa/testing": "1.6.0",
     "@types/jest": "29.5.14",
     "@types/node": "22.9.0",
     "@types/prettier": "2.6.0",
@@ -32,40 +32,33 @@
     "constructs": "10.0.96",
     "jest": "29.7.0",
     "source-map-support": "0.5.21",
-    "ts-jest": "29.4.6",
+    "ts-jest": "29.4.9",
     "ts-node": "10.9.2",
     "typescript": "5.9.3",
-    "typescript-json-schema": "0.67.1"
+    "typescript-json-schema": "0.67.4"
   },
-  "bundledDependencies": [
-    "@aws-mdaa/s3-bucketpolicy-helper",
-    "@aws-mdaa/s3-inventory-helper",
-    "lodash"
-  ],
   "peerDependencies": {
-    "@aws-mdaa/construct": "1.4.0",
-    "@aws-mdaa/l3-construct": "1.4.0",
+    "@aws-mdaa/construct": "1.6.0",
+    "@aws-mdaa/l3-construct": "1.6.0",
     "aws-cdk-lib": "2.220.0",
     "constructs": "10.0.96"
   },
   "dependencies": {
-    "@aws-mdaa/cloudwatch-constructs": "1.4.0",
-    "@aws-mdaa/construct": "1.4.0",
-    "@aws-mdaa/dataops-project-l3-construct": "1.4.0",
-    "@aws-mdaa/eventbridge-helper": "1.4.0",
-    "@aws-mdaa/glue-constructs": "1.4.0",
-    "@aws-mdaa/iam-constructs": "1.4.0",
-    "@aws-mdaa/iam-role-helper": "1.4.0",
-    "@aws-mdaa/l3-construct": "1.4.0",
-    "@aws-mdaa/naming": "1.4.0",
-    "@aws-mdaa/s3-bucketpolicy-helper": "1.4.0",
-    "@aws-mdaa/s3-constructs": "1.4.0",
-    "@aws-mdaa/s3-inventory-helper": "1.4.0",
-    "@aws-mdaa/sns-constructs": "1.4.0",
+    "@aws-mdaa/cloudwatch-constructs": "1.6.0",
+    "@aws-mdaa/config": "1.6.0",
+    "@aws-mdaa/construct": "1.6.0",
+    "@aws-mdaa/dataops-project-l3-construct": "1.6.0",
+    "@aws-mdaa/eventbridge-helper": "1.6.0",
+    "@aws-mdaa/glue-constructs": "1.6.0",
+    "@aws-mdaa/iam-constructs": "1.6.0",
+    "@aws-mdaa/iam-role-helper": "1.6.0",
+    "@aws-mdaa/l3-construct": "1.6.0",
+    "@aws-mdaa/s3-constructs": "1.6.0",
+    "@aws-mdaa/sns-constructs": "1.6.0",
     "aws-cdk-lib": "2.220.0",
     "cdk-nag": "2.37.55",
     "constructs": "10.0.96",
-    "lodash": "4.17.23"
+    "lodash": "4.18.1"
   },
   "gitHead": "ade1ce5962dee1fa47a3668c8e35d130c686ad35",
   "stability": "experimental",
@@ -73,5 +66,9 @@
     "outdir": "jsii-dist",
     "versionFormat": "full",
     "targets": {}
-  }
+  },
+  "bundledDependencies": [
+    "@aws-mdaa/config",
+    "lodash"
+  ]
 }

package/node_modules/@aws-mdaa/s3-bucketpolicy-helper/README.md DELETED Viewed

@@ -1,185 +0,0 @@
-# S3 Bucket Policy Helper
-This is a helper class that helps construct working S3 Bucket policy statements that can be added to a bucket construct.
-## Class RestrictObjectPrefixToRoles
-This helper class helps construct a working policy that allows a group of Roles to access to an object prefix in S3.
-Depending on the values provided, it will produce two PolicyStatement types accessible by methods.
-One for Read access to an object prefix that generally resolves to:
-```yaml
-- Action: s3:GetObject*
-  Condition:
-    StringLike:
-      aws:userId:
-        - AROA12345678:*
-  Effect: Allow
-  Principal: "*"
-  Resource:
-    Fn::Join:
-      - ""
-      - - Fn::GetAtt:
-            - BuckettransformedCbdgadDatalakeTransformedPrototype20210115E093F710
-            - Arn
-        - /inventory/*
-  Sid: inventory/Read
-```
-One for write access to an object prefix that generally resolves to:
-```yaml
-- Action:
-    - s3:GetObject*
-    - s3:PutObject*
-    - s3:DeleteObject*
-  Condition:
-    StringLike:
-      aws:userId:
-        - AROA12345678:*
-  Effect: Allow
-  Principal: "*"
-  Resource:
-    Fn::Join:
-      - ""
-      - - Fn::GetAtt:
-            - BuckettransformedCbdgadDatalakeTransformedPrototype20210115E093F710
-            - Arn
-        - /inventory/*
-  Sid: inventory/ReadWrite
-```
-Conditionals against `aws:userId` are used to support federated roles.  The `@aws-mdaa/iam-role-helper` is used to resolve the requested ARNs to AROA IDs.
-## RestrictObjectPrefixToRoles example
-```typescript
-import {MdaaRoleResolver} from '@aws-mdaa/am-role-helper'
-import {RestrictObjectPrefixToRoles} from '@aws-mdaa/3-bucketpolicy-helper'
-const roleResolver = new MdaaRoleResolver({
-    roleArns: [
-        'arn:{{partition}}:iam::{{account}}:role/application_abc/component_xyz/S3Access',
-        'arn:{{partition}}:iam::{{account}}:role/service-role/QuickSightAction'
-    ]
-})
-roleResolver.init().then(() => {
-    const RestrictPrefix = new RestrictObjectPrefixToRoles({
-        // bucket in this context is a constructed s3.Bucket class
-        s3Bucket: bucket,
-        s3Prefix: '/protected',
-        readRoles: [
-            'arn:{{partition}}:iam::{{account}}:role/application_abc/component_xyz/S3Access',
-            'arn:{{partition}}:iam::{{account}}:role/service-role/QuickSightAction'
-        ],
-        readWriteRoles: [
-            'arn:{{partition}}:iam::{{account}}:role/application_abc/component_xyz/S3Access'
-        ],
-        roleAroaResolver: roleResolver
-    })
-    bucket.addToResourcePolicy(RestrictPrefix.readStatement())
-    bucket.addToResourcePolicy(RestrictPrefix.readWriteStatement())
-})
-```
-## Class RestrictBucketToRoles
-Helper class to construct a policy that will restrict a bucket to a set of roles.  This is realized through a Deny where source role is not on the list, and an Allow where source role is.
-Depending on the values provided, it will produce two PolicyStatement types accessible by methods.
-One for general bucket access that resolves to:
-```yaml
-          - Action:
-              - s3:List*
-              - s3:GetBucket*
-            Condition:
-              StringLike:
-                aws:userId:
-                  - AROA12345678:*
-            Effect: Allow
-            Principal: "*"
-            Resource:
-              - Fn::Join:
-                  - ""
-                  - - Fn::GetAtt:
-                        - BuckettransformedCbdgadDatalakeTransformedPrototype20210115E093F710
-                        - Arn
-                    - /*
-              - Fn::GetAtt:
-                  - BuckettransformedCbdgadDatalakeTransformedPrototype20210115E093F710
-                  - Arn
-            Sid: BucketAllow
-```
-One that denies access to the bucket that resolves to:
-NOTE: To permit things like inventory we exclude the s3 service from the Deny statements.  Also since we're using a NotPrincipal statement, we also include the root account to assure access to the bucket isn't lost if the Roles are deleted.
-```yaml
-          - Action:
-              - s3:PutObject*
-              - s3:GetObject*
-              - s3:List*
-              - s3:GetBucket*
-            Condition:
-              StringNotLike:
-                aws:userId:
-                  - AROA12345678:*
-            Effect: Deny
-            NotPrincipal:
-              Service: s3.amazonaws.com
-              AWS:
-                Fn::Join:
-                  - ""
-                  - - "arn:"
-                    - Ref: AWS::Partition
-                    - ":iam::"
-                    - Ref: AWS::AccountId
-                    - :root
-            Resource:
-              - Fn::Join:
-                  - ""
-                  - - Fn::GetAtt:
-                        - BuckettransformedCbdgadDatalakeTransformedPrototype20210115E093F710
-                        - Arn
-                    - /*
-              - Fn::GetAtt:
-                  - BuckettransformedCbdgadDatalakeTransformedPrototype20210115E093F710
-                  - Arn
-            Sid: BucketDeny
-```
-## RestrictBucketToRoles example
-```typescript
-import {MdaaRoleResolver} from '@aws-mdaa/am-role-helper'
-import {RestrictBucketToRoles} from '@aws-mdaa/3-bucketpolicy-helper'
-const roleResolver = new MdaaRoleResolver({
-    roleArns: [
-        'arn:{{partition}}:iam::{{account}}:role/application_abc/component_xyz/S3Access',
-        'arn:{{partition}}:iam::{{account}}:role/service-role/QuickSightAction'
-    ]
-})
-roleResolver.init().then(() => {
-    const RestrictBucket = new RestrictBucketToRoles({
-        // bucket in this context is a constructed s3.Bucket class
-        s3Bucket: bucket,
-        roles: [
-            'arn:{{partition}}:iam::{{account}}:role/application_abc/component_xyz/S3Access',
-            'arn:{{partition}}:iam::{{account}}:role/service-role/QuickSightAction'
-        ],
-        roleAroaResolver: roleResolver
-    })
-    bucket.addToResourcePolicy(RestrictBucket.allowStatement())
-    bucket.addToResourcePolicy(RestrictBucket.denyStatement())
-})
-```

package/node_modules/@aws-mdaa/s3-bucketpolicy-helper/lib/index.d.ts DELETED Viewed

@@ -1,57 +0,0 @@
-/*!
- * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
- * SPDX-License-Identifier: Apache-2.0
- */
-import { IPrincipal, PolicyStatement } from 'aws-cdk-lib/aws-iam';
-import { IBucket } from 'aws-cdk-lib/aws-s3';
-export interface IRestrictObjectPrefixToRoles {
-    readonly s3Bucket: IBucket;
-    readonly s3Prefix: string;
-    readonly readRoleIds?: string[];
-    readonly readWriteRoleIds?: string[];
-    readonly readWriteSuperRoleIds?: string[];
-    readonly readPrincipals?: IPrincipal[];
-    readonly readWritePrincipals?: IPrincipal[];
-    readonly readWriteSuperPrincipals?: IPrincipal[];
-}
-export interface IRestrictBucketToRoles {
-    readonly s3Bucket: IBucket;
-    readonly roleExcludeIds: string[];
-    readonly principalExcludes?: string[];
-    readonly prefixExcludes?: string[];
-    readonly prefixIncludes?: string[];
-}
-/** Helper class for generating S3 bucket policy statements which grant access to specific object prefixes */
-export declare class RestrictObjectPrefixToRoles {
-    static readonly READ_ACTIONS: string[];
-    static readonly READ_WRITE_ACTIONS: string[];
-    static readonly READ_WRITE_SUPER_ACTIONS: string[];
-    static readonly BUCKET_ALLOW_ACTIONS: string[];
-    static readonly BUCKET_DENY_ACTIONS: string[];
-    private _readStatements;
-    private _readWriteStatements;
-    private _readWriteSuperStatements;
-    private _formattedPrefix;
-    constructor(props: IRestrictObjectPrefixToRoles);
-    private _readStatementScaffold;
-    private _readWriteStatementScaffold;
-    private _readWriteSuperStatementScaffold;
-    readStatements(): PolicyStatement[];
-    readWriteStatements(): PolicyStatement[];
-    readWriteSuperStatements(): PolicyStatement[];
-    statements(): PolicyStatement[];
-    formatS3Prefix(prefix: string): string;
-}
-/** Helper class for generating bucket policy statements
- * which allow or deny access to an entire bucket. Used to
- * create bucket-level default deny statements to block accesses
- * not granted in the bucket policy. */
-export declare class RestrictBucketToRoles {
-    readonly denyStatement: PolicyStatement;
-    readonly allowStatement: PolicyStatement;
-    private resource;
-    private notResource;
-    private denyConditionalNotEquals;
-    constructor(props: IRestrictBucketToRoles);
-    private formatS3Prefix;
-}