p6-cdk-s3-protector 0.0.31 → 0.0.32

package/.jsii

@@ -8,9 +8,9 @@
     ]
   },
   "bundled": {
-    "@aws-sdk/client-s3": "^3.919.0",
-    "@aws-sdk/client-s3-control": "^3.919.0",
-    "@aws-sdk/client-sts": "^3.919.0",
+    "@aws-sdk/client-s3": "^3.920.0",
+    "@aws-sdk/client-s3-control": "^3.920.0",
+    "@aws-sdk/client-sts": "^3.920.0",
     "@types/aws-lambda": "^8.10.157",
     "aws-sdk": "^2.1692.0",
     "cdk-iam-floyd": "^0.728.0",
@@ -4172,6 +4172,6 @@
       "symbolId": "src/p6cdks3protector:P6CDKS3Protector"
     }
   },
-  "version": "0.0.31",
-  "fingerprint": "xQO2QUNG2oeqCG/QscAqvoZhIJMEnAZQuHjkqzTvsMo="
+  "version": "0.0.32",
+  "fingerprint": "hVO/2e0zBCkBejpHTB0mvHOocgoMYkAWnb+7sVfKK8A="
 }

package/lib/p6cdks3protector.js

@@ -41,7 +41,7 @@ const lambdajs = __importStar(require("aws-cdk-lib/aws-lambda-nodejs"));
 const cr = __importStar(require("aws-cdk-lib/custom-resources"));
 const floyd = __importStar(require("cdk-iam-floyd"));
 class P6CDKS3Protector extends cdk.Resource {
-    static [JSII_RTTI_SYMBOL_1] = { fqn: "p6-cdk-s3-protector.P6CDKS3Protector", version: "0.0.31" };
+    static [JSII_RTTI_SYMBOL_1] = { fqn: "p6-cdk-s3-protector.P6CDKS3Protector", version: "0.0.32" };
     constructor(scope, id) {
         super(scope, id);
         const policy = new floyd.Statement.S3().allow().toPutObject().toPutObjectAcl();

package/node_modules/@aws-sdk/client-s3/dist-types/runtimeConfig.d.ts

@@ -9,7 +9,7 @@ export declare const getRuntimeConfig: (config: S3ClientConfig) => {
     defaultsMode: import("@aws-sdk/types").Provider<import("@smithy/smithy-client").ResolvedDefaultsMode>;
     authSchemePreference: string[] | import("@aws-sdk/types").Provider<string[]>;
     bodyLengthChecker: import("@aws-sdk/types").BodyLengthCalculator;
-    credentialDefaultProvider: ((input: any) => import("@aws-sdk/types").AwsCredentialIdentityProvider) | ((init?: import("@aws-sdk/credential-provider-node").DefaultProviderInit) => import("@aws-sdk/types").MemoizedProvider<import("@aws-sdk/types").AwsCredentialIdentity>);
+    credentialDefaultProvider: ((input: any) => import("@aws-sdk/types").AwsCredentialIdentityProvider) | ((init?: import("@aws-sdk/credential-provider-node").DefaultProviderInit) => import("@aws-sdk/credential-provider-node/dist-types/runtime/memoize-chain").MemoizedRuntimeConfigAwsCredentialIdentityProvider);
     defaultUserAgentProvider: (config?: import("@aws-sdk/util-user-agent-node").PreviouslyResolved) => Promise<import("@aws-sdk/types").UserAgent>;
     disableS3ExpressSessionAuth: boolean | import("@aws-sdk/types").Provider<boolean | undefined>;
     eventStreamSerdeProvider: import("@aws-sdk/types").EventStreamSerdeProvider;

package/node_modules/@aws-sdk/client-s3/dist-types/ts3.4/runtimeConfig.d.ts

@@ -12,9 +12,7 @@ export declare const getRuntimeConfig: (config: S3ClientConfig) => {
     | ((input: any) => import("@aws-sdk/types").AwsCredentialIdentityProvider)
     | ((
         init?: import("@aws-sdk/credential-provider-node").DefaultProviderInit
-      ) => import("@aws-sdk/types").MemoizedProvider<
-        import("@aws-sdk/types").AwsCredentialIdentity
-      >);
+      ) => import("@aws-sdk/credential-provider-node/dist-types/runtime/memoize-chain").MemoizedRuntimeConfigAwsCredentialIdentityProvider);
   defaultUserAgentProvider: (
     config?: import("@aws-sdk/util-user-agent-node").PreviouslyResolved
   ) => Promise<import("@aws-sdk/types").UserAgent>;

package/node_modules/@aws-sdk/client-s3/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@aws-sdk/client-s3",
   "description": "AWS SDK for JavaScript S3 Client for Node.js, Browser and React Native",
-  "version": "3.919.0",
+  "version": "3.920.0",
   "scripts": {
     "build": "concurrently 'yarn:build:cjs' 'yarn:build:es' 'yarn:build:types'",
     "build:cjs": "node ../../scripts/compilation/inline client-s3",
@@ -29,24 +29,24 @@
     "@aws-crypto/sha1-browser": "5.2.0",
     "@aws-crypto/sha256-browser": "5.2.0",
     "@aws-crypto/sha256-js": "5.2.0",
-    "@aws-sdk/core": "3.916.0",
-    "@aws-sdk/credential-provider-node": "3.919.0",
-    "@aws-sdk/middleware-bucket-endpoint": "3.914.0",
-    "@aws-sdk/middleware-expect-continue": "3.917.0",
-    "@aws-sdk/middleware-flexible-checksums": "3.919.0",
-    "@aws-sdk/middleware-host-header": "3.914.0",
-    "@aws-sdk/middleware-location-constraint": "3.914.0",
-    "@aws-sdk/middleware-logger": "3.914.0",
-    "@aws-sdk/middleware-recursion-detection": "3.919.0",
-    "@aws-sdk/middleware-sdk-s3": "3.916.0",
-    "@aws-sdk/middleware-ssec": "3.914.0",
-    "@aws-sdk/middleware-user-agent": "3.916.0",
-    "@aws-sdk/region-config-resolver": "3.914.0",
-    "@aws-sdk/signature-v4-multi-region": "3.916.0",
-    "@aws-sdk/types": "3.914.0",
-    "@aws-sdk/util-endpoints": "3.916.0",
-    "@aws-sdk/util-user-agent-browser": "3.914.0",
-    "@aws-sdk/util-user-agent-node": "3.916.0",
+    "@aws-sdk/core": "3.920.0",
+    "@aws-sdk/credential-provider-node": "3.920.0",
+    "@aws-sdk/middleware-bucket-endpoint": "3.920.0",
+    "@aws-sdk/middleware-expect-continue": "3.920.0",
+    "@aws-sdk/middleware-flexible-checksums": "3.920.0",
+    "@aws-sdk/middleware-host-header": "3.920.0",
+    "@aws-sdk/middleware-location-constraint": "3.920.0",
+    "@aws-sdk/middleware-logger": "3.920.0",
+    "@aws-sdk/middleware-recursion-detection": "3.920.0",
+    "@aws-sdk/middleware-sdk-s3": "3.920.0",
+    "@aws-sdk/middleware-ssec": "3.920.0",
+    "@aws-sdk/middleware-user-agent": "3.920.0",
+    "@aws-sdk/region-config-resolver": "3.920.0",
+    "@aws-sdk/signature-v4-multi-region": "3.920.0",
+    "@aws-sdk/types": "3.920.0",
+    "@aws-sdk/util-endpoints": "3.920.0",
+    "@aws-sdk/util-user-agent-browser": "3.920.0",
+    "@aws-sdk/util-user-agent-node": "3.920.0",
     "@aws-sdk/xml-builder": "3.914.0",
     "@smithy/config-resolver": "^4.4.0",
     "@smithy/core": "^3.17.1",
@@ -85,7 +85,7 @@
     "tslib": "^2.6.2"
   },
   "devDependencies": {
-    "@aws-sdk/signature-v4-crt": "3.916.0",
+    "@aws-sdk/signature-v4-crt": "3.920.0",
     "@tsconfig/node18": "18.2.4",
     "@types/node": "^18.19.69",
     "concurrently": "7.0.0",

package/node_modules/@aws-sdk/client-s3-control/dist-types/runtimeConfig.d.ts

@@ -8,7 +8,7 @@ export declare const getRuntimeConfig: (config: S3ControlClientConfig) => {
     defaultsMode: import("@smithy/types").Provider<import("@smithy/smithy-client").ResolvedDefaultsMode>;
     authSchemePreference: string[] | import("@smithy/types").Provider<string[]>;
     bodyLengthChecker: import("@smithy/types").BodyLengthCalculator;
-    credentialDefaultProvider: ((input: any) => import("@smithy/types").AwsCredentialIdentityProvider) | ((init?: import("@aws-sdk/credential-provider-node").DefaultProviderInit) => import("@smithy/types").MemoizedProvider<import("@smithy/types").AwsCredentialIdentity>);
+    credentialDefaultProvider: ((input: any) => import("@smithy/types").AwsCredentialIdentityProvider) | ((init?: import("@aws-sdk/credential-provider-node").DefaultProviderInit) => import("@aws-sdk/credential-provider-node/dist-types/runtime/memoize-chain").MemoizedRuntimeConfigAwsCredentialIdentityProvider);
     defaultUserAgentProvider: (config?: import("@aws-sdk/util-user-agent-node").PreviouslyResolved) => Promise<import("@smithy/types").UserAgent>;
     maxAttempts: number | import("@smithy/types").Provider<number>;
     md5: import("@smithy/types").HashConstructor;

package/node_modules/@aws-sdk/client-s3-control/dist-types/ts3.4/runtimeConfig.d.ts

@@ -11,9 +11,7 @@ export declare const getRuntimeConfig: (config: S3ControlClientConfig) => {
     | ((input: any) => import("@smithy/types").AwsCredentialIdentityProvider)
     | ((
         init?: import("@aws-sdk/credential-provider-node").DefaultProviderInit
-      ) => import("@smithy/types").MemoizedProvider<
-        import("@smithy/types").AwsCredentialIdentity
-      >);
+      ) => import("@aws-sdk/credential-provider-node/dist-types/runtime/memoize-chain").MemoizedRuntimeConfigAwsCredentialIdentityProvider);
   defaultUserAgentProvider: (
     config?: import("@aws-sdk/util-user-agent-node").PreviouslyResolved
   ) => Promise<import("@smithy/types").UserAgent>;

package/node_modules/@aws-sdk/client-s3-control/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@aws-sdk/client-s3-control",
   "description": "AWS SDK for JavaScript S3 Control Client for Node.js, Browser and React Native",
-  "version": "3.919.0",
+  "version": "3.920.0",
   "scripts": {
     "build": "concurrently 'yarn:build:cjs' 'yarn:build:es' 'yarn:build:types'",
     "build:cjs": "node ../../scripts/compilation/inline client-s3-control",
@@ -22,19 +22,19 @@
   "dependencies": {
     "@aws-crypto/sha256-browser": "5.2.0",
     "@aws-crypto/sha256-js": "5.2.0",
-    "@aws-sdk/core": "3.916.0",
-    "@aws-sdk/credential-provider-node": "3.919.0",
-    "@aws-sdk/middleware-bucket-endpoint": "3.914.0",
-    "@aws-sdk/middleware-host-header": "3.914.0",
-    "@aws-sdk/middleware-logger": "3.914.0",
-    "@aws-sdk/middleware-recursion-detection": "3.919.0",
-    "@aws-sdk/middleware-sdk-s3-control": "3.916.0",
-    "@aws-sdk/middleware-user-agent": "3.916.0",
-    "@aws-sdk/region-config-resolver": "3.914.0",
-    "@aws-sdk/types": "3.914.0",
-    "@aws-sdk/util-endpoints": "3.916.0",
-    "@aws-sdk/util-user-agent-browser": "3.914.0",
-    "@aws-sdk/util-user-agent-node": "3.916.0",
+    "@aws-sdk/core": "3.920.0",
+    "@aws-sdk/credential-provider-node": "3.920.0",
+    "@aws-sdk/middleware-bucket-endpoint": "3.920.0",
+    "@aws-sdk/middleware-host-header": "3.920.0",
+    "@aws-sdk/middleware-logger": "3.920.0",
+    "@aws-sdk/middleware-recursion-detection": "3.920.0",
+    "@aws-sdk/middleware-sdk-s3-control": "3.920.0",
+    "@aws-sdk/middleware-user-agent": "3.920.0",
+    "@aws-sdk/region-config-resolver": "3.920.0",
+    "@aws-sdk/types": "3.920.0",
+    "@aws-sdk/util-endpoints": "3.920.0",
+    "@aws-sdk/util-user-agent-browser": "3.920.0",
+    "@aws-sdk/util-user-agent-node": "3.920.0",
     "@aws-sdk/xml-builder": "3.914.0",
     "@smithy/config-resolver": "^4.4.0",
     "@smithy/core": "^3.17.1",

package/node_modules/@aws-sdk/client-sso/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@aws-sdk/client-sso",
   "description": "AWS SDK for JavaScript Sso Client for Node.js, Browser and React Native",
-  "version": "3.919.0",
+  "version": "3.920.0",
   "scripts": {
     "build": "concurrently 'yarn:build:cjs' 'yarn:build:es' 'yarn:build:types'",
     "build:cjs": "node ../../scripts/compilation/inline client-sso",
@@ -20,16 +20,16 @@
   "dependencies": {
     "@aws-crypto/sha256-browser": "5.2.0",
     "@aws-crypto/sha256-js": "5.2.0",
-    "@aws-sdk/core": "3.916.0",
-    "@aws-sdk/middleware-host-header": "3.914.0",
-    "@aws-sdk/middleware-logger": "3.914.0",
-    "@aws-sdk/middleware-recursion-detection": "3.919.0",
-    "@aws-sdk/middleware-user-agent": "3.916.0",
-    "@aws-sdk/region-config-resolver": "3.914.0",
-    "@aws-sdk/types": "3.914.0",
-    "@aws-sdk/util-endpoints": "3.916.0",
-    "@aws-sdk/util-user-agent-browser": "3.914.0",
-    "@aws-sdk/util-user-agent-node": "3.916.0",
+    "@aws-sdk/core": "3.920.0",
+    "@aws-sdk/middleware-host-header": "3.920.0",
+    "@aws-sdk/middleware-logger": "3.920.0",
+    "@aws-sdk/middleware-recursion-detection": "3.920.0",
+    "@aws-sdk/middleware-user-agent": "3.920.0",
+    "@aws-sdk/region-config-resolver": "3.920.0",
+    "@aws-sdk/types": "3.920.0",
+    "@aws-sdk/util-endpoints": "3.920.0",
+    "@aws-sdk/util-user-agent-browser": "3.920.0",
+    "@aws-sdk/util-user-agent-node": "3.920.0",
     "@smithy/config-resolver": "^4.4.0",
     "@smithy/core": "^3.17.1",
     "@smithy/fetch-http-handler": "^5.3.4",

package/node_modules/@aws-sdk/client-sts/dist-cjs/index.js

@@ -8,6 +8,7 @@ var EndpointParameters = require('./endpoint/EndpointParameters');
 var core = require('@aws-sdk/core');
 var protocolHttp = require('@smithy/protocol-http');
 var client = require('@aws-sdk/core/client');
+var regionConfigResolver = require('@aws-sdk/region-config-resolver');
 
 class STSServiceException extends smithyClient.ServiceException {
     constructor(options) {
@@ -1247,7 +1248,6 @@ class STS extends STSClient.STSClient {
 }
 smithyClient.createAggregatedClient(commands, STS);
 
-const ASSUME_ROLE_DEFAULT_REGION = "us-east-1";
 const getAccountIdFromAssumedRoleUser = (assumedRoleUser) => {
     if (typeof assumedRoleUser?.Arn === "string") {
         const arnComponents = assumedRoleUser.Arn.split(":");
@@ -1257,11 +1257,12 @@ const getAccountIdFromAssumedRoleUser = (assumedRoleUser) => {
     }
     return undefined;
 };
-const resolveRegion = async (_region, _parentRegion, credentialProviderLogger) => {
+const resolveRegion = async (_region, _parentRegion, credentialProviderLogger, loaderConfig = {}) => {
     const region = typeof _region === "function" ? await _region() : _region;
     const parentRegion = typeof _parentRegion === "function" ? await _parentRegion() : _parentRegion;
-    credentialProviderLogger?.debug?.("@aws-sdk/client-sts::resolveRegion", "accepting first of:", `${region} (provider)`, `${parentRegion} (parent client)`, `${ASSUME_ROLE_DEFAULT_REGION} (STS default)`);
-    return region ?? parentRegion ?? ASSUME_ROLE_DEFAULT_REGION;
+    const stsDefaultRegion = await regionConfigResolver.stsRegionDefaultResolver(loaderConfig)();
+    credentialProviderLogger?.debug?.("@aws-sdk/client-sts::resolveRegion", "accepting first of:", `${region} (credential provider clientConfig)`, `${parentRegion} (contextual client)`, `${stsDefaultRegion} (STS default: AWS_REGION, profile region, or us-east-1)`);
+    return region ?? parentRegion ?? stsDefaultRegion;
 };
 const getDefaultRoleAssumer$1 = (stsOptions, STSClient) => {
     let stsClient;
@@ -1270,7 +1271,10 @@ const getDefaultRoleAssumer$1 = (stsOptions, STSClient) => {
         closureSourceCreds = sourceCreds;
         if (!stsClient) {
             const { logger = stsOptions?.parentClientConfig?.logger, profile = stsOptions?.parentClientConfig?.profile, region, requestHandler = stsOptions?.parentClientConfig?.requestHandler, credentialProviderLogger, } = stsOptions;
-            const resolvedRegion = await resolveRegion(region, stsOptions?.parentClientConfig?.region, credentialProviderLogger);
+            const resolvedRegion = await resolveRegion(region, stsOptions?.parentClientConfig?.region, credentialProviderLogger, {
+                logger,
+                profile,
+            });
             const isCompatibleRequestHandler = !isH2(requestHandler);
             stsClient = new STSClient({
                 ...stsOptions,
@@ -1303,7 +1307,10 @@ const getDefaultRoleAssumerWithWebIdentity$1 = (stsOptions, STSClient) => {
     return async (params) => {
         if (!stsClient) {
             const { logger = stsOptions?.parentClientConfig?.logger, profile = stsOptions?.parentClientConfig?.profile, region, requestHandler = stsOptions?.parentClientConfig?.requestHandler, credentialProviderLogger, } = stsOptions;
-            const resolvedRegion = await resolveRegion(region, stsOptions?.parentClientConfig?.region, credentialProviderLogger);
+            const resolvedRegion = await resolveRegion(region, stsOptions?.parentClientConfig?.region, credentialProviderLogger, {
+                logger,
+                profile,
+            });
             const isCompatibleRequestHandler = !isH2(requestHandler);
             stsClient = new STSClient({
                 ...stsOptions,

package/node_modules/@aws-sdk/client-sts/dist-es/defaultStsRoleAssumers.js

@@ -1,7 +1,7 @@
 import { setCredentialFeature } from "@aws-sdk/core/client";
+import { stsRegionDefaultResolver } from "@aws-sdk/region-config-resolver";
 import { AssumeRoleCommand } from "./commands/AssumeRoleCommand";
 import { AssumeRoleWithWebIdentityCommand, } from "./commands/AssumeRoleWithWebIdentityCommand";
-const ASSUME_ROLE_DEFAULT_REGION = "us-east-1";
 const getAccountIdFromAssumedRoleUser = (assumedRoleUser) => {
     if (typeof assumedRoleUser?.Arn === "string") {
         const arnComponents = assumedRoleUser.Arn.split(":");
@@ -11,11 +11,12 @@ const getAccountIdFromAssumedRoleUser = (assumedRoleUser) => {
     }
     return undefined;
 };
-const resolveRegion = async (_region, _parentRegion, credentialProviderLogger) => {
+const resolveRegion = async (_region, _parentRegion, credentialProviderLogger, loaderConfig = {}) => {
     const region = typeof _region === "function" ? await _region() : _region;
     const parentRegion = typeof _parentRegion === "function" ? await _parentRegion() : _parentRegion;
-    credentialProviderLogger?.debug?.("@aws-sdk/client-sts::resolveRegion", "accepting first of:", `${region} (provider)`, `${parentRegion} (parent client)`, `${ASSUME_ROLE_DEFAULT_REGION} (STS default)`);
-    return region ?? parentRegion ?? ASSUME_ROLE_DEFAULT_REGION;
+    const stsDefaultRegion = await stsRegionDefaultResolver(loaderConfig)();
+    credentialProviderLogger?.debug?.("@aws-sdk/client-sts::resolveRegion", "accepting first of:", `${region} (credential provider clientConfig)`, `${parentRegion} (contextual client)`, `${stsDefaultRegion} (STS default: AWS_REGION, profile region, or us-east-1)`);
+    return region ?? parentRegion ?? stsDefaultRegion;
 };
 export const getDefaultRoleAssumer = (stsOptions, STSClient) => {
     let stsClient;
@@ -24,7 +25,10 @@ export const getDefaultRoleAssumer = (stsOptions, STSClient) => {
         closureSourceCreds = sourceCreds;
         if (!stsClient) {
             const { logger = stsOptions?.parentClientConfig?.logger, profile = stsOptions?.parentClientConfig?.profile, region, requestHandler = stsOptions?.parentClientConfig?.requestHandler, credentialProviderLogger, } = stsOptions;
-            const resolvedRegion = await resolveRegion(region, stsOptions?.parentClientConfig?.region, credentialProviderLogger);
+            const resolvedRegion = await resolveRegion(region, stsOptions?.parentClientConfig?.region, credentialProviderLogger, {
+                logger,
+                profile,
+            });
             const isCompatibleRequestHandler = !isH2(requestHandler);
             stsClient = new STSClient({
                 ...stsOptions,
@@ -57,7 +61,10 @@ export const getDefaultRoleAssumerWithWebIdentity = (stsOptions, STSClient) => {
     return async (params) => {
         if (!stsClient) {
             const { logger = stsOptions?.parentClientConfig?.logger, profile = stsOptions?.parentClientConfig?.profile, region, requestHandler = stsOptions?.parentClientConfig?.requestHandler, credentialProviderLogger, } = stsOptions;
-            const resolvedRegion = await resolveRegion(region, stsOptions?.parentClientConfig?.region, credentialProviderLogger);
+            const resolvedRegion = await resolveRegion(region, stsOptions?.parentClientConfig?.region, credentialProviderLogger, {
+                logger,
+                profile,
+            });
             const isCompatibleRequestHandler = !isH2(requestHandler);
             stsClient = new STSClient({
                 ...stsOptions,

package/node_modules/@aws-sdk/client-sts/dist-types/runtimeConfig.d.ts

@@ -10,7 +10,7 @@ export declare const getRuntimeConfig: (config: STSClientConfig) => {
     defaultsMode: import("@smithy/types").Provider<import("@smithy/smithy-client").ResolvedDefaultsMode>;
     authSchemePreference: string[] | import("@smithy/types").Provider<string[]>;
     bodyLengthChecker: import("@smithy/types").BodyLengthCalculator;
-    credentialDefaultProvider: ((input: any) => import("@smithy/types").AwsCredentialIdentityProvider) | ((init?: import("@aws-sdk/credential-provider-node").DefaultProviderInit) => import("@smithy/types").MemoizedProvider<import("@smithy/types").AwsCredentialIdentity>);
+    credentialDefaultProvider: ((input: any) => import("@smithy/types").AwsCredentialIdentityProvider) | ((init?: import("@aws-sdk/credential-provider-node").DefaultProviderInit) => import("@aws-sdk/credential-provider-node/dist-types/runtime/memoize-chain").MemoizedRuntimeConfigAwsCredentialIdentityProvider);
     defaultUserAgentProvider: (config?: import("@aws-sdk/util-user-agent-node").PreviouslyResolved) => Promise<import("@smithy/types").UserAgent>;
     httpAuthSchemes: import("@smithy/types").HttpAuthScheme[] | {
         schemeId: string;

package/node_modules/@aws-sdk/client-sts/dist-types/ts3.4/runtimeConfig.d.ts

@@ -13,9 +13,7 @@ export declare const getRuntimeConfig: (config: STSClientConfig) => {
     | ((input: any) => import("@smithy/types").AwsCredentialIdentityProvider)
     | ((
         init?: import("@aws-sdk/credential-provider-node").DefaultProviderInit
-      ) => import("@smithy/types").MemoizedProvider<
-        import("@smithy/types").AwsCredentialIdentity
-      >);
+      ) => import("@aws-sdk/credential-provider-node/dist-types/runtime/memoize-chain").MemoizedRuntimeConfigAwsCredentialIdentityProvider);
   defaultUserAgentProvider: (
     config?: import("@aws-sdk/util-user-agent-node").PreviouslyResolved
   ) => Promise<import("@smithy/types").UserAgent>;

package/node_modules/@aws-sdk/client-sts/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@aws-sdk/client-sts",
   "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native",
-  "version": "3.919.0",
+  "version": "3.920.0",
   "scripts": {
     "build": "concurrently 'yarn:build:cjs' 'yarn:build:es' 'yarn:build:types'",
     "build:cjs": "node ../../scripts/compilation/inline client-sts",
@@ -22,17 +22,17 @@
   "dependencies": {
     "@aws-crypto/sha256-browser": "5.2.0",
     "@aws-crypto/sha256-js": "5.2.0",
-    "@aws-sdk/core": "3.916.0",
-    "@aws-sdk/credential-provider-node": "3.919.0",
-    "@aws-sdk/middleware-host-header": "3.914.0",
-    "@aws-sdk/middleware-logger": "3.914.0",
-    "@aws-sdk/middleware-recursion-detection": "3.919.0",
-    "@aws-sdk/middleware-user-agent": "3.916.0",
-    "@aws-sdk/region-config-resolver": "3.914.0",
-    "@aws-sdk/types": "3.914.0",
-    "@aws-sdk/util-endpoints": "3.916.0",
-    "@aws-sdk/util-user-agent-browser": "3.914.0",
-    "@aws-sdk/util-user-agent-node": "3.916.0",
+    "@aws-sdk/core": "3.920.0",
+    "@aws-sdk/credential-provider-node": "3.920.0",
+    "@aws-sdk/middleware-host-header": "3.920.0",
+    "@aws-sdk/middleware-logger": "3.920.0",
+    "@aws-sdk/middleware-recursion-detection": "3.920.0",
+    "@aws-sdk/middleware-user-agent": "3.920.0",
+    "@aws-sdk/region-config-resolver": "3.920.0",
+    "@aws-sdk/types": "3.920.0",
+    "@aws-sdk/util-endpoints": "3.920.0",
+    "@aws-sdk/util-user-agent-browser": "3.920.0",
+    "@aws-sdk/util-user-agent-node": "3.920.0",
     "@smithy/config-resolver": "^4.4.0",
     "@smithy/core": "^3.17.1",
     "@smithy/fetch-http-handler": "^5.3.4",

package/node_modules/@aws-sdk/core/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aws-sdk/core",
-  "version": "3.916.0",
+  "version": "3.920.0",
   "description": "Core functions & classes shared by multiple AWS SDK clients.",
   "scripts": {
     "build": "yarn lint && concurrently 'yarn:build:cjs' 'yarn:build:es' 'yarn:build:types'",
@@ -81,7 +81,7 @@
   },
   "license": "Apache-2.0",
   "dependencies": {
-    "@aws-sdk/types": "3.914.0",
+    "@aws-sdk/types": "3.920.0",
     "@aws-sdk/xml-builder": "3.914.0",
     "@smithy/core": "^3.17.1",
     "@smithy/node-config-provider": "^4.3.3",

package/node_modules/@aws-sdk/credential-provider-node/dist-cjs/index.js

@@ -21,17 +21,73 @@ const remoteProvider = async (init) => {
     return fromInstanceMetadata(init);
 };
 
+function memoizeChain(providers, treatAsExpired) {
+    const chain = internalCreateChain(providers);
+    let activeLock;
+    let passiveLock;
+    let credentials;
+    const provider = async (options) => {
+        if (options?.forceRefresh) {
+            return await chain(options);
+        }
+        if (credentials?.expiration) {
+            if (credentials?.expiration?.getTime() < Date.now()) {
+                credentials = undefined;
+            }
+        }
+        if (activeLock) {
+            await activeLock;
+        }
+        else if (!credentials || treatAsExpired?.(credentials)) {
+            if (credentials) {
+                if (!passiveLock) {
+                    passiveLock = chain(options).then((c) => {
+                        credentials = c;
+                        passiveLock = undefined;
+                    });
+                }
+            }
+            else {
+                activeLock = chain(options).then((c) => {
+                    credentials = c;
+                    activeLock = undefined;
+                });
+                return provider(options);
+            }
+        }
+        return credentials;
+    };
+    return provider;
+}
+const internalCreateChain = (providers) => async (awsIdentityProperties) => {
+    let lastProviderError;
+    for (const provider of providers) {
+        try {
+            return await provider(awsIdentityProperties);
+        }
+        catch (err) {
+            lastProviderError = err;
+            if (err?.tryNextLink) {
+                continue;
+            }
+            throw err;
+        }
+    }
+    throw lastProviderError;
+};
+
 let multipleCredentialSourceWarningEmitted = false;
-const defaultProvider = (init = {}) => propertyProvider.memoize(propertyProvider.chain(async () => {
-    const profile = init.profile ?? process.env[sharedIniFileLoader.ENV_PROFILE];
-    if (profile) {
-        const envStaticCredentialsAreSet = process.env[credentialProviderEnv.ENV_KEY] && process.env[credentialProviderEnv.ENV_SECRET];
-        if (envStaticCredentialsAreSet) {
-            if (!multipleCredentialSourceWarningEmitted) {
-                const warnFn = init.logger?.warn && init.logger?.constructor?.name !== "NoOpLogger"
-                    ? init.logger.warn.bind(init.logger)
-                    : console.warn;
-                warnFn(`@aws-sdk/credential-provider-node - defaultProvider::fromEnv WARNING:
+const defaultProvider = (init = {}) => memoizeChain([
+    async () => {
+        const profile = init.profile ?? process.env[sharedIniFileLoader.ENV_PROFILE];
+        if (profile) {
+            const envStaticCredentialsAreSet = process.env[credentialProviderEnv.ENV_KEY] && process.env[credentialProviderEnv.ENV_SECRET];
+            if (envStaticCredentialsAreSet) {
+                if (!multipleCredentialSourceWarningEmitted) {
+                    const warnFn = init.logger?.warn && init.logger?.constructor?.name !== "NoOpLogger"
+                        ? init.logger.warn.bind(init.logger)
+                        : console.warn;
+                    warnFn(`@aws-sdk/credential-provider-node - defaultProvider::fromEnv WARNING:
     Multiple credential sources detected: 
     Both AWS_PROFILE and the pair AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY static credentials are set.
     This SDK will proceed with the AWS_PROFILE value.
@@ -40,45 +96,52 @@ const defaultProvider = (init = {}) => propertyProvider.memoize(propertyProvider
     Please ensure that your environment only sets either the AWS_PROFILE or the
     AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY pair.
 `);
-                multipleCredentialSourceWarningEmitted = true;
+                    multipleCredentialSourceWarningEmitted = true;
+                }
             }
+            throw new propertyProvider.CredentialsProviderError("AWS_PROFILE is set, skipping fromEnv provider.", {
+                logger: init.logger,
+                tryNextLink: true,
+            });
+        }
+        init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromEnv");
+        return credentialProviderEnv.fromEnv(init)();
+    },
+    async (awsIdentityProperties) => {
+        init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromSSO");
+        const { ssoStartUrl, ssoAccountId, ssoRegion, ssoRoleName, ssoSession } = init;
+        if (!ssoStartUrl && !ssoAccountId && !ssoRegion && !ssoRoleName && !ssoSession) {
+            throw new propertyProvider.CredentialsProviderError("Skipping SSO provider in default chain (inputs do not include SSO fields).", { logger: init.logger });
         }
-        throw new propertyProvider.CredentialsProviderError("AWS_PROFILE is set, skipping fromEnv provider.", {
+        const { fromSSO } = await import('@aws-sdk/credential-provider-sso');
+        return fromSSO(init)(awsIdentityProperties);
+    },
+    async (awsIdentityProperties) => {
+        init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromIni");
+        const { fromIni } = await import('@aws-sdk/credential-provider-ini');
+        return fromIni(init)(awsIdentityProperties);
+    },
+    async (awsIdentityProperties) => {
+        init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromProcess");
+        const { fromProcess } = await import('@aws-sdk/credential-provider-process');
+        return fromProcess(init)(awsIdentityProperties);
+    },
+    async (awsIdentityProperties) => {
+        init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromTokenFile");
+        const { fromTokenFile } = await import('@aws-sdk/credential-provider-web-identity');
+        return fromTokenFile(init)(awsIdentityProperties);
+    },
+    async () => {
+        init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::remoteProvider");
+        return (await remoteProvider(init))();
+    },
+    async () => {
+        throw new propertyProvider.CredentialsProviderError("Could not load credentials from any providers", {
+            tryNextLink: false,
             logger: init.logger,
-            tryNextLink: true,
         });
-    }
-    init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromEnv");
-    return credentialProviderEnv.fromEnv(init)();
-}, async () => {
-    init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromSSO");
-    const { ssoStartUrl, ssoAccountId, ssoRegion, ssoRoleName, ssoSession } = init;
-    if (!ssoStartUrl && !ssoAccountId && !ssoRegion && !ssoRoleName && !ssoSession) {
-        throw new propertyProvider.CredentialsProviderError("Skipping SSO provider in default chain (inputs do not include SSO fields).", { logger: init.logger });
-    }
-    const { fromSSO } = await import('@aws-sdk/credential-provider-sso');
-    return fromSSO(init)();
-}, async () => {
-    init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromIni");
-    const { fromIni } = await import('@aws-sdk/credential-provider-ini');
-    return fromIni(init)();
-}, async () => {
-    init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromProcess");
-    const { fromProcess } = await import('@aws-sdk/credential-provider-process');
-    return fromProcess(init)();
-}, async () => {
-    init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::fromTokenFile");
-    const { fromTokenFile } = await import('@aws-sdk/credential-provider-web-identity');
-    return fromTokenFile(init)();
-}, async () => {
-    init.logger?.debug("@aws-sdk/credential-provider-node - defaultProvider::remoteProvider");
-    return (await remoteProvider(init))();
-}, async () => {
-    throw new propertyProvider.CredentialsProviderError("Could not load credentials from any providers", {
-        tryNextLink: false,
-        logger: init.logger,
-    });
-}), credentialsTreatedAsExpired, credentialsWillNeedRefresh);
+    },
+], credentialsTreatedAsExpired);
 const credentialsWillNeedRefresh = (credentials) => credentials?.expiration !== undefined;
 const credentialsTreatedAsExpired = (credentials) => credentials?.expiration !== undefined && credentials.expiration.getTime() - Date.now() < 300000;