chore(deps): update backend

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update
Authlib	==0.14.3 -> ==1.4.1						major
Flask (changelog)	>=2.2.3, <3 -> >=3.1, <4						major
boto3	~=1.34.114 -> ~=1.36.12						minor
cellxgene-ontology-guide (changelog)	~=1.0.0 -> ~=1.4.1						minor
connexion	==2.14.2 -> ==3.2.0						major
connexion	~=2.14.2 -> ~=3.2.0						major
dataclasses-json (changelog)	==0.6.6 -> ==0.6.7						patch
datadog	==0.49.1 -> ==0.51.0						minor
ddtrace (changelog)	~=2.8.5 -> ~=2.20.0						minor
gunicorn (changelog)	==22.0.0 -> ==23.0.0						major
gunicorn (changelog)	~=22.0.0 -> ~=23.0.0						major
matplotlib	>=3.6.3, <3.7 -> >=3.10, <3.11						minor
numba	~=0.59.1 -> ~=0.61.0						minor
psutil	~=5.9.8 -> ~=6.1.1						major
psutil	>=5.9.5, <6 -> >=6.1.1, <7						major
pyarrow	==16.0.0 -> ==19.0.0						major
pydantic (changelog)	~=1.10.7 -> ~=2.10.6						major
pydantic (changelog)	>=1.10.7, <2 -> >=2.10.6, <3						major
scipy	~=1.13.1 -> ~=1.15.1						minor
swagger-ui (source)	3.23.11 -> 5.18.2						major
swagger-ui (source)	3.0.13 -> 5.18.2						major
ubuntu	22.04 -> 24.04					final	major

---

Release Notes

lepture/authlib (Authlib)

v1.4.1: Version 1.4.1

Compare Source

• Improve garbage collection on OAuth clients. #​698
• Fix client parameters for httpx. #​694

v1.4.0

Compare Source

v1.3.2: Version 1.3.2

Compare Source

• Prevent ever-growing session size for OAuth clients.
• Revert quote client id and secret.
• unquote basic auth header for authorization server.

v1.3.1: Version 1.3.1

Compare Source

Prevent OctKey to import ssh and PEM strings.

v1.3.0: Version 1.3.0

Compare Source

Bug fixes

• Restore AuthorizationServer.create_authorization_response behavior, via #​558 by @​TurnrDev
• Include leeway in validate_iat() for JWT, via #​565 by @​dhallam
• Fix encode_client_secret_basic, via #​594 by @​Prilkop
• Use single key in JWK if JWS does not specify kid, via #​596 by @​dklimpel
• Fix error when RFC9068 JWS has no scope field, via #​598 by @​tanguilp
• Get werkzeug version using importlib, via #​591 by @​Sparrow0hawk

Breaking changes

• RFC9068 implementation, via #​586 by @​azmeuk.

v1.2.1: Version 1.2.1

Compare Source

• Apply headers in ClientSecretJWT.sign method, via #​552
• Allow falsy but non-None grant uri params, via #​544
• Fixed authorize_redirect for Starlette v0.26.0, via #​533
• Removed has_client_secret method and documentation, via #​513
• Removed request_invalid and token_revoked remaining occurences
  and documentation. #​514
• Fixed RFC7591 grant_types and response_types default values, via #​509
• Add support for python 3.12, via #​590

v1.2.0: Version 1.2.0

Compare Source

• Not passing request.body to ResourceProtector, #​485.
• Use flask.g instead of _app_ctx_stack, #​482.
• Add headers parameter back to ClientSecretJWT, #​457.
• Always passing realm parameter in OAuth 1 clients, #​339.
• Implemented RFC7592 Dynamic Client Registration Management Protocol, #​505`
• Add default_timeout for requests OAuth2Session and AssertionSession.
• Deprecate jwk.loads and jwk.dumps

v1.1.0: Version 1.1.0

Compare Source

This release contains breaking changes and security fixes.

• Allow to pass claims_options to Framework OpenID Connect clients, via #​446 by @​Galaxy102
• Fix .stream with context for HTTPX OAuth clients, via #​465 by @​bjoernmeier
• Fix Starlette OAuth client for cache store, via #​478 by @​haggen

Breaking changes:

• Raise InvalidGrantError for invalid code, redirect_uri and no user errors in OAuth 2.0 server.
• The default authlib.jose.jwt would only work with JSON Web Signature algorithms, if you would like to use JWT with JWE algorithms, please pass the algorithms parameter:

jwt = JsonWebToken(['A128KW', 'A128GCM', 'DEF'])

Security fixes for JOSE module

• CVE-2022-39175
• CVE-2022-39174

v1.0.1: Version 1.0.1

Compare Source

• Fix authenticate_none method, via #​438.
• Allow to pass in alternative signing algorithm to RFC7523 authentication methods via #​447.
• Fix missing_token for Flask OAuth client, via #​448.
• Allow openid in any place of the scope, via #​449.
• Security fix for validating essential value on blank value in JWT, via #​445.

v1.0.0: Version 1.0.0

Compare Source

We have dropped support for Python 2 in this release. We have removed
built-in SQLAlchemy integration.

OAuth Client Changes:

The whole framework client integrations have been restructured, if you are
using the client properly, e.g. oauth.register(...), it would work as
before.

OAuth Provider Changes:

In Flask OAuth 2.0 provider, we have removed the deprecated
OAUTH2_JWT_XXX configuration, instead, developers should define
.get_jwt_config on OpenID extensions and grant types.

SQLAlchemy integrations has been removed from Authlib. Developers
should define the database by themselves.

JOSE Changes

• JWS has been renamed to JsonWebSignature
• JWE has been renamed to JsonWebEncryption
• JWK has been renamed to JsonWebKey
• JWT has been renamed to JsonWebToken

The "Key" model has been re-designed, checkout the JSON Web Key for updates.

Added ES256K algorithm for JWS and JWT.

Breaking Changes: find how to solve the deprecate issues via https://git.io/JkY4f

v0.15.6

Compare Source

v0.15.5: Version 0.15.5

Compare Source

• Make Authlib compatible with latest httpx
• Make Authlib compatible with latest werkzeug
• Allow customize RFC7523 alg value

v0.15.4: Version 0.15.4

Compare Source

Security fix when JWT claims is None.

For example, JWT payload has iss=None:

{
  "iss": None,
  ...
}

But we need to decode it with claims:

claims_options = {
  'iss': {'essential': True, 'values': ['required']}
}
jwt.decode(token, key, claims_options=claims_options)

It didn't raise an error before this fix.

v0.15.3: Version 0.15.3

Compare Source

Fixed .authorize_access_token for OAuth 1.0 services, via https://github.com/lepture/authlib/issues/308

v0.15.2: Version 0.15.2

Compare Source

Fixed httpx authentication bug via #​283

v0.15.1: Version 0.15.1

Compare Source

Backward compitable fix for using JWKs in JWT, via #​280.

v0.15: Version 0.15

Compare Source

This is the last release before v1.0. In this release, we added more RFCs
implementations and did some refactors for JOSE:

• RFC8037: CFRG Elliptic Curve Diffie-Hellman (ECDH) and Signatures in JSON Object Signing and Encryption (JOSE)
• RFC7638: JSON Web Key (JWK) Thumbprint

We also fixed bugs for integrations:

• Fixed support for HTTPX>=0.14.3
• Added OAuth clients of HTTPX back via #​270
• Fixed parallel token refreshes for HTTPX async OAuth 2 client
• Raise OAuthError when callback contains errors via #​275

Breaking Change:

1. The parameter algorithms in JsonWebSignature and JsonWebEncryption
   are changed. Usually you don't have to care about it since you won't use it directly.
2. Whole JSON Web Key is refactored, please check JSON Web Key (JWK)

pallets/flask (Flask)

v3.1.0

Compare Source

Released 2024-11-13

• Drop support for Python 3.8. :pr:5623
• Update minimum dependency versions to latest feature releases.
  Werkzeug >= 3.1, ItsDangerous >= 2.2, Blinker >= 1.9. :pr:5624,5633
• Provide a configuration option to control automatic option
  responses. :pr:5496
• Flask.open_resource/open_instance_resource and
  Blueprint.open_resource take an encoding parameter to use when
  opening in text mode. It defaults to utf-8. :issue:5504
• Request.max_content_length can be customized per-request instead of only
  through the MAX_CONTENT_LENGTH config. Added
  MAX_FORM_MEMORY_SIZE and MAX_FORM_PARTS config. Added documentation
  about resource limits to the security page. :issue:5625
• Add support for the Partitioned cookie attribute (CHIPS), with the
  SESSION_COOKIE_PARTITIONED config. :issue:5472
• -e path takes precedence over default .env and .flaskenv files.
  load_dotenv loads default files in addition to a path unless
  load_defaults=False is passed. :issue:5628
• Support key rotation with the SECRET_KEY_FALLBACKS config, a list of old
  secret keys that can still be used for unsigning. Extensions will need to
  add support. :issue:5621
• Fix how setting host_matching=True or subdomain_matching=False
  interacts with SERVER_NAME. Setting SERVER_NAME no longer restricts
  requests to only that domain. :issue:5553
• Request.trusted_hosts is checked during routing, and can be set through
  the TRUSTED_HOSTS config. :issue:5636

v3.0.3

Compare Source

Released 2024-04-07

• The default hashlib.sha1 may not be available in FIPS builds. Don't
  access it at import time so the developer has time to change the default.
  :issue:5448
• Don't initialize the cli attribute in the sansio scaffold, but rather in
  the Flask concrete class. :pr:5270

v3.0.2

Compare Source

Released 2024-02-03

• Correct type for jinja_loader property. :issue:5388
• Fix error with --extra-files and --exclude-patterns CLI options.
  :issue:5391

v3.0.1

Compare Source

Released 2024-01-18

• Correct type for path argument to send_file. :issue:5230
• Fix a typo in an error message for the flask run --key option. :pr:5344
• Session data is untagged without relying on the built-in json.loads
object_hook. This allows other JSON providers that don't implement that.
  :issue:5381
• Address more type findings when using mypy strict mode. :pr:5383

v3.0.0

Compare Source

Released 2023-09-30

• Remove previously deprecated code. :pr:5223
• Deprecate the __version__ attribute. Use feature detection, or
  importlib.metadata.version("flask"), instead. :issue:5230
• Restructure the code such that the Flask (app) and Blueprint
  classes have Sans-IO bases. :pr:5127
• Allow self as an argument to url_for. :pr:5264
• Require Werkzeug >= 3.0.0.

boto/boto3 (boto3)

v1.36.12

Compare Source

=======

• api-change:mediatailor: [botocore] Add support for CloudWatch Vended Logs which allows for delivery of customer logs to CloudWatch Logs, S3, or Firehose.

v1.36.11

Compare Source

=======

• api-change:amp: [botocore] Add support for sending metrics to cross account and CMCK AMP workspaces through RoleConfiguration on Create/Update Scraper.
• api-change:bedrock-agent-runtime: [botocore] This change is to deprecate the existing citation field under RetrieveAndGenerateStream API response in lieu of GeneratedResponsePart and RetrievedReferences
• api-change:codebuild: [botocore] Added support for CodeBuild self-hosted Buildkite runner builds
• api-change:geo-routes: [botocore] The OptimizeWaypoints API now supports 50 waypoints per request (20 with constraints like AccessHours or AppointmentTime). It adds waypoint clustering via Clustering and ClusteringIndex for better optimization. Also, total distance validation is removed for greater flexibility.
• api-change:rds: [botocore] Updates to Aurora MySQL and Aurora PostgreSQL API pages with instance log type in the create and modify DB Cluster.
• api-change:sagemaker: [botocore] This release introduces a new valid value in InstanceType parameter: p5en.48xlarge, in ProductionVariant.

v1.36.10

Compare Source

=======

• api-change:appstream: [botocore] Add support for managing admin consent requirement on selected domains for OneDrive Storage Connectors in AppStream2.0.
• api-change:bedrock-agent-runtime: [botocore] Add a 'reason' field to InternalServerException
• api-change:ecr: [botocore] Temporarily updating dualstack endpoint support
• api-change:ecr-public: [botocore] Temporarily updating dualstack endpoint support
• api-change:mediatailor: [botocore] Adds options for configuring how MediaTailor conditions ads before inserting them into the content stream. Based on the new settings, MediaTailor will either transcode ads to match the content stream as it has in the past, or it will insert ads without first transcoding them.
• api-change:qbusiness: [botocore] Added APIs to manage QBusiness user subscriptions
• api-change:s3tables: [botocore] You can now use the CreateTable API operation to create tables with schemas by adding an optional metadata argument.
• api-change:verifiedpermissions: [botocore] Adds Cedar JSON format support for entities and context data in authorization requests
• enhancement:AWSCRT: [botocore] Update awscrt version to 0.23.8

v1.36.9

Compare Source

======

• api-change:bcm-pricing-calculator: [botocore] Added ConflictException error type in DeleteBillScenario, BatchDeleteBillScenarioCommitmentModification, BatchDeleteBillScenarioUsageModification, BatchUpdateBillScenarioUsageModification, and BatchUpdateBillScenarioCommitmentModification API operations.
• api-change:ecr: [botocore] Add support for Dualstack and Dualstack-with-FIPS Endpoints
• api-change:ecr-public: [botocore] Add support for Dualstack Endpoints
• api-change:mailmanager: [botocore] This release includes a new feature for Amazon SES Mail Manager which allows customers to specify known addresses and domains and make use of those in traffic policies and rules actions to distinguish between known and unknown entries.
• api-change:s3: [botocore] Change the type of MpuObjectSize in CompleteMultipartUploadRequest from int to long.

v1.36.8

Compare Source

======

• api-change:appsync: [botocore] Add stash and outErrors to EvaluateCode/EvaluateMappingTemplate response
• api-change:datasync: [botocore] AWS DataSync now supports the Kerberos authentication protocol for SMB locations.
• api-change:deadline: [botocore] feature: Deadline: Add support for limiting the concurrent usage of external resources, like floating licenses, using limits and the ability to constrain the maximum number of workers that work on a job
• api-change:ec2: [botocore] This release changes the CreateFleet CLI and SDK's such that if you do not specify a client token, a randomly generated token is used for the request to ensure idempotency.
• api-change:firehose: [botocore] For AppendOnly streams, Firehose will automatically scale to match your throughput.
• api-change:timestream-influxdb: [botocore] Adds 'allocatedStorage' parameter to UpdateDbInstance API that allows increasing the database instance storage size and 'dbStorageType' parameter to UpdateDbInstance API that allows changing the storage type of the database instance

v1.36.7

Compare Source

======

• api-change:bedrock-agent: [botocore] Add support for the prompt caching feature for Bedrock Prompt Management
• api-change:iot: [botocore] Raised the documentParameters size limit to 30 KB for AWS IoT Device Management - Jobs.
• api-change:mediaconvert: [botocore] This release adds support for dynamic audio configuration and the ability to disable the deblocking filter for h265 encodes.
• api-change:s3control: [botocore] Minor fix to ARN validation for Lambda functions passed to S3 Batch Operations
• bugfix:Signing: [botocore] No longer sign transfer-encoding header for SigV4

v1.36.6

Compare Source

======

• api-change:cloudtrail: [botocore] This release introduces the SearchSampleQueries API that allows users to search for CloudTrail Lake sample queries.
• api-change:eks: [botocore] Adds support for UpdateStrategies in EKS Managed Node Groups.
• api-change:healthlake: [botocore] Added new authorization strategy value 'SMART_ON_FHIR' for CreateFHIRDatastore API to support Smart App 2.0
• api-change:ssm: [botocore] Systems Manager doc-only update for January, 2025.
• api-change:sso-oidc: [botocore] Fixed typos in the descriptions.
• api-change:transfer: [botocore] Added CustomDirectories as a new directory option for storing inbound AS2 messages, MDN files and Status files.

v1.36.5

Compare Source

======

• api-change:ec2: [botocore] Added "future" allocation type for future dated capacity reservation

v1.36.4

Compare Source

======

• api-change:bedrock-agent-runtime: [botocore] Adds multi-turn input support for an Agent node in an Amazon Bedrock Flow
• api-change:glue: [botocore] Docs Update for timeout changes
• api-change:medialive: [botocore] AWS Elemental MediaLive adds a new feature, ID3 segment tagging, in CMAF Ingest output groups. It allows customers to insert ID3 tags into every output segment, controlled by a newly added channel schedule action Id3SegmentTagging.
• api-change:workspaces-thin-client: [botocore] Rename WorkSpaces Web to WorkSpaces Secure Browser

v1.36.3

Compare Source

======

• api-change:batch: [botocore] Documentation-only update: clarified the description of the shareDecaySeconds parameter of the FairsharePolicy data type, clarified the description of the priority parameter of the JobQueueDetail data type.
• api-change:cognito-idp: [botocore] corrects the dual-stack endpoint configuration for cognitoidp
• api-change:connect: [botocore] Added DeleteContactFlowVersion API and the CAMPAIGN flow type
• api-change:emr-serverless: [botocore] Increasing entryPoint in SparkSubmit to accept longer script paths. New limit is 4kb.
• api-change:iotsitewise: [botocore] AWS IoT SiteWise now supports ingestion and querying of Null (all data types) and NaN (double type) values of bad or uncertain data quality. New partial error handling prevents data loss during ingestion. Enabled by default for new customers; existing customers can opt-in.
• api-change:logs: [botocore] Documentation-only update to address doc errors
• api-change:quicksight: [botocore] Added DigitGroupingStyle in ThousandsSeparator to allow grouping by LAKH( Indian Grouping system ) currency. Support LAKH and CRORE currency types in Column Formatting.
• api-change:sns: [botocore] This release adds support for the topic attribute FifoThroughputScope for SNS FIFO topics. For details, see the documentation history in the Amazon Simple Notification Service Developer Guide.

v1.36.2

Compare Source

======

• api-change:bedrock-runtime: [botocore] Allow hyphens in tool name for Converse and ConverseStream APIs
• api-change:detective: [botocore] Doc only update for Detective documentation.
• api-change:ec2: [botocore] Release u7i-6tb.112xlarge, u7i-8tb.112xlarge, u7inh-32tb.480xlarge, p5e.48xlarge, p5en.48xlarge, f2.12xlarge, f2.48xlarge, trn2.48xlarge instance types.
• api-change:notifications: [botocore] Added support for Managed Notifications, integration with AWS Organization and added aggregation summaries for Aggregate Notifications
• api-change:sagemaker: [botocore] Correction of docs for "Added support for ml.trn1.32xlarge instance type in Reserved Capacity Offering"

v1.36.1

Compare Source

======

• api-change:ecs: [botocore] The release addresses Amazon ECS documentation tickets.
• api-change:sagemaker: [botocore] Added support for ml.trn1.32xlarge instance type in Reserved Capacity Offering

v1.36.0

Compare Source

======

• api-change:apigateway: [botocore] Documentation updates for Amazon API Gateway
• api-change:bedrock-agent-runtime: [botocore] Now supports streaming for inline agents.
• api-change:cognito-identity: [botocore] corrects the dual-stack endpoint configuration
• api-change:partnercentral-selling: [botocore] Add Tagging support for ResourceSnapshotJob resources
• api-change:s3: [botocore] This change enhances integrity protections for new SDK requests to S3. S3 SDKs now support the CRC64NVME checksum algorithm, full object checksums for multipart S3 objects, and new default integrity protections for S3 requests.
• api-change:security-ir: [botocore] Increase minimum length of Threat Actor IP 'userAgent' to 1.
• api-change:sesv2: [botocore] This release introduces a new recommendation in Virtual Deliverability Manager Advisor, which detects elevated complaint rates for customer sending identities.
• api-change:workspaces: [botocore] Added GeneralPurpose.4xlarge & GeneralPurpose.8xlarge ComputeTypes.
• api-change:workspaces-thin-client: [botocore] Mark type in MaintenanceWindow as required.
• enhancement:AWSCRT: [botocore] Update awscrt version to 0.23.4
• feature:s3: [botocore] The S3 client attempts to validate response checksums for all S3 API operations that support checksums. However, if the SDK has not implemented the specified checksum algorithm then this validation is skipped. Checksum validation behavior can be configured using the when_supported and when_required options - in code using the response_checksum_validation parameter for botocore.config.Config, in the shared AWS config file using response_checksum_validation, or as an env variable using AWS_RESPONSE_CHECKSUM_VALIDATION.
• feature:s3: [botocore] Added support for the CRC64NVME checksum algorithm in the S3 client through the optional AWS CRT (awscrt) dependency.
• feature:s3: [botocore] S3 client behavior is updated to always calculate a CRC32 checksum by default for operations that support it (such as PutObject or UploadPart), or require it (such as DeleteObjects). Checksum behavior can be configured using when_supported and when_required options - in code using the request_checksum_calculation parameter for botocore.config.Config, in the shared AWS config file using request_checksum_calculation, or as an env variable using AWS_REQUEST_CHECKSUM_CALCULATION. Note: Botocore will no longer automatically compute and populate the Content-MD5 header.

v1.35.99

Compare Source

=======

• api-change:gamelift: [botocore] Amazon GameLift releases a new game session placement feature: PriorityConfigurationOverride. You can now override how a game session queue prioritizes placement locations for a single StartGameSessionPlacement request.
• api-change:route53: [botocore] Amazon Route 53 now supports the Mexico (Central) Region (mx-central-1) for latency records, geoproximity records, and private DNS for Amazon VPCs in that region

v1.35.98

Compare Source

=======

• api-change:artifact: [botocore] Support resolving regional API calls to partition's leader region endpoint.
• api-change:bedrock: [botocore] With this release, Bedrock Evaluation will now support latency-optimized inference for foundation models.
• api-change:ec2: [botocore] Add support for DisconnectOnSessionTimeout flag in CreateClientVpnEndpoint and ModifyClientVpnEndpoint requests and DescribeClientVpnEndpoints responses
• api-change:kafkaconnect: [botocore] Support updating connector configuration via UpdateConnector API. Release Operations API to monitor the status of the connector operation.
• api-change:transcribe: [botocore] This update provides tagging support for Transcribe's Call Analytics Jobs and Call Analytics Categories.

v1.35.97

Compare Source

=======

• api-change:redshift: [botocore] Additions to the PubliclyAccessible and Encrypted parameters clarifying what the defaults are.
• api-change:securitylake: [botocore] Doc only update for ServiceName that fixes several customer-reported issues
• api-change:sts: [botocore] Fixed typos in the descriptions.

v1.35.96

Compare Source

=======

• api-change:codebuild: [botocore] AWS CodeBuild Now Supports BuildBatch in Reserved Capacity and Lambda
• api-change:compute-optimizer: [botocore] This release expands AWS Compute Optimizer rightsizing recommendation support for Amazon EC2 Auto Scaling groups to include those with scaling policies and multiple instance types.
• api-change:fms: [botocore] AWS Firewall Manager now lets you combine multiple resource tags using the logical AND operator or the logical OR operator.

v1.35.95

Compare Source

=======

• api-change:rds: [botocore] Updates Amazon RDS documentation to clarify the RestoreDBClusterToPointInTime description.
• api-change:route53: [botocore] Amazon Route 53 now supports the Asia Pacific (Thailand) Region (ap-southeast-7) for latency records, geoproximity records, and private DNS for Amazon VPCs in that region
• api-change:sagemaker: [botocore] Adds support for IPv6 for SageMaker HyperPod cluster nodes.

v1.35.94

Compare Source

=======

• api-change:cloudhsmv2: [botocore] Adds support to ModifyCluster for modifying a Cluster's Hsm Type.
• api-change:dynamodb: [botocore] This release makes Amazon DynamoDB point-in-time-recovery (PITR) to be configurable. You can set PITR recovery period for each table individually to between 1 and 35 days.
• api-change:imagebuilder: [botocore] This release adds support for importing images from ISO disk files. Added new ImportDiskImage API operation.

v1.35.93

Compare Source

=======

• api-change:iotsecuretunneling: [botocore] Adds dualstack endpoint support for IoT Secure Tunneling
• api-change:supplychain: [botocore] Allow vanity DNS domain when creating a new ASC instance

v1.35.92

Compare Source

=======

• api-change:ecs: [botocore] Adding SDK reference examples for Amazon ECS operations.
• api-change:route53domains: [botocore] Doc only update for Route 53 Domains that fixes several customer-reported issues
• api-change:s3: [botocore] This change is only for updating the model regexp of CopySource which is not for validation but only for documentation and user guide change.

v1.35.91

Compare Source

=======

• api-change:appsync: [botocore] Modify UpdateGraphQLAPI operation and flag authenticationType as required.
• api-change:gamelift: [botocore] Amazon GameLift releases a new game session shutdown feature. Use the Amazon GameLift console or AWS CLI to terminate an in-progress game session that's entered a bad state or is no longer needed.
• api-change:mediaconnect: [botocore] AWS Elemental MediaConnect now supports Content Quality Analysis for enhanced source stream monitoring. This enables you to track specific audio and video metrics in transport stream source flows, ensuring your content meets quality standards.
• api-change:mediaconvert: [botocore] This release adds support for the AVC3 codec and fixes an alignment issue with Japanese vertical captions.
• api-change:organizations: [botocore] Added ALL_FEATURES_MIGRATION_ORGANIZATION_SIZE_LIMIT_EXCEEDED to ConstraintViolationException for the EnableAllFeatures operation.
• api-change:sagemaker: [botocore] Adding ETag information with Model Artifacts for Model Registry
• api-change:sqs: [botocore] In-flight message typo fix from 20k to 120k.

v1.35.90

Compare Source

=======

• api-change:ecr: [botocore] Restoring custom endpoint functionality for ECR
• api-change:ecr-public: [botocore] Restoring custom endpoint functionality for ECR Public

v1.35.89

Compare Source

=======

• api-change:rds: [botocore] Updates Amazon RDS documentation to correct various descriptions.

v1.35.88

Compare Source

=======

• api-change:bcm-pricing-calculator: [botocore] Added ConflictException to DeleteBillEstimate.
• api-change:ecr: [botocore] Add support for Dualstack Endpoints
• api-change:network-firewall: [botocore] Dual-stack endpoints are now supported.
• api-change:securityhub: [botocore] Documentation updates for AWS Security Hub

v1.35.87

Compare Source

=======

• api-change:ecr: [botocore] Documentation update for ECR GetAccountSetting and PutAccountSetting APIs.
• api-change:ecr-public: [botocore] Add support for Dualstack endpoints
• api-change:eks: [botocore] This release adds support for DescribeClusterVersions API that provides important information about Kubernetes versions along with end of support dates
• api-change:glue: [botocore] Add IncludeRoot parameters to GetCatalogs API to return root catalog.

v1.35.86

Compare Source

=======

• api-change:bedrock-agent: [botocore] Support for custom user agent and max web pages crawled for web connector. Support app only credentials for SharePoint connector. Increase agents memory duration limit to 365 days. Support to specify max number of session summaries to include in agent invocation context.
• api-change:bedrock-agent-runtime: [botocore] bedrock agents now supports long term memory and performance configs. Invokeflow supports performance configs. RetrieveAndGenerate performance configs
• api-change:bedrock-data-automation: [botocore] Documentation update for Amazon Bedrock Data Automation
• api-change:bedrock-data-automation-runtime: [botocore] Documentation update for Amazon Bedrock Data Automation Runtime
• api-change:billing: [botocore] Added new API's for defining and fetching Billing Views.
• api-change:ce: [botocore] Support for retrieving cost, usage, and forecast for billing view.
• api-change:connect: [botocore] This release supports adding NotAttributeCondition and Range to the RoutingCriteria object.
• api-change:docdb: [botocore] Support AWS Secret Manager managed password for AWS DocumentDB instance-based cluster.
• api-change:eks: [botocore] This release expands the catalog of upgrade insight checks
• api-change:macie2: [botocore] This release adds support for identifying S3 general purpose buckets that exceed the Amazon Macie quota for preventative control monitoring.
• api-change:outposts: [botocore] Add CS8365C as a supported power connector for Outpost sites.
• api-change:sagemaker: [botocore] This release adds support for c6i, m6i and r6i instance on SageMaker Hyperpod and trn1 instances in batch

v1.35.85

Compare Source

=======

• api-change:appstream: [botocore] Added support for Rocky Linux 8 on Amazon AppStream 2.0
• api-change:mediaconvert: [botocore] This release adds support for inserting timecode tracks into MP4 container outputs.
• api-change:medialive: [botocore] MediaLive is releasing ListVersions api
• api-change:qconnect: [botocore] Amazon Q in Connect enables agents to ask Q for assistance in multiple languages and Q will provide answers and recommended step-by-step guides in those languages. Qs default language is English (United States) and you can switch this by setting the locale configuration on the AI Agent.
• api-change:ssm-sap: [botocore] AWS Systems Manager for SAP added support for registration and discovery of distributed ABAP applications
• api-change:workspaces: [botocore] Added AWS Global Accelerator (AGA) support for WorkSpaces Personal.

v1.35.84

Compare Source

=======

• api-change:amplify: [botocore] Added WAF Configuration to Amplify Apps
• api-change:budgets: [botocore] Releasing minor partition endpoint updates
• api-change:connect: [botocore] This release adds support for the UpdateParticipantAuthentication API used for customer authentication within Amazon Connect chats.
• api-change:connectparticipant: [botocore] This release adds support for the GetAuthenticationUrl and CancelParticipantAuthentication APIs used for customer authentication within Amazon Connect chats. There are also minor updates to the GetAttachment API.
• api-change:datasync: [botocore] AWS DataSync introduces the ability to update attributes for in-cloud locations.
• api-change:iot: [botocore] Release connectivity status query API which is a dedicated high throughput(TPS) API to query a specific device's most recent connectivity state and metadata.
• api-change:mwaa: [botocore] Added support for Apache Airflow version 2.10.3 to MWAA.
• api-change:quicksight: [botocore] Add support for PerformanceConfiguration attribute to Dataset entity. Allow PerformanceConfiguration specification in CreateDataset and UpdateDataset APIs.
• api-change:resiliencehub: [botocore] AWS Resilience Hub now automatically detects already configured CloudWatch alarms and FIS experiments as part of the assessment process and returns the discovered resources in the corresponding list API responses. It also allows you to include or exclude test recommendations for an AppComponent.
• api-change:transfer: [botocore] Added AS2 agreement configurations to control filename preservation and message signing enforcement. Added AS2 connector configuration to preserve content type from S3 objects.

v1.35.83

Compare Source

=======

• api-change:account: [botocore] Update endpoint configuration.
• api-change:backup: [botocore] Add Support for Backup Indexing
• api-change:backupsearch: [botocore] Add support for searching backups
• api-change:batch: [botocore] This feature allows AWS Batch on Amazon EKS to support configuration of Pod Annotations, overriding Namespace on which the Batch job's Pod runs on, and allows Subpath and Persistent Volume claim to be set for AWS Batch on Amazon EKS jobs.
• api-change:`cleanroom

---

Configuration

📅 Schedule: Branch creation - "every weekend" in timezone UTC, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Deployment Summary

• backend_url: https://pr-7096-backend.rdev.single-cell.czi.technology
• frontend_url: https://pr-7096-frontend.rdev.single-cell.czi.technology
• delete_db_task_definition_arn: arn:aws:ecs:us-west-2:***:task-definition/dp-rdev-pr-7096-deletion:1
• migrate_db_task_definition_arn: arn:aws:ecs:us-west-2:***:task-definition/dp-rdev-pr-7096-migration:1