fix(deps): update all non-major dependencies

[red-hat-konflux]

This PR contains the following updates:

Package	Type	Update	Change
aws (source)	required_provider	minor	5.82.2 -> 5.88.0
boto3	project.dependencies	patch	==1.37.0 -> ==1.37.2
boto3-stubs-lite	dependency-groups	patch	==1.37.0 -> ==1.37.2
ghcr.io/astral-sh/uv	final	minor	0.5.28 -> 0.6.3
ghcr.io/astral-sh/uv	stage	minor	0.5.28 -> 0.6.3
hashicorp/terraform	required_version	minor	1.6.6 -> 1.10.5

---

Release Notes

hashicorp/terraform-provider-aws (aws)

v5.88.0

Compare Source

NOTES:

• resource/aws_s3_bucket_lifecycle_configuration: A warning diagnostic has been added for configurations where rule.expiration.expired_object_delete_marker is set with either rule.expiration.date or rule.expiration.days. While historically the provider allowed this invalid configuration, the migration of this resource to the Terraform Plugin Framework in v5.86.0 resulted in this misconfiguration surfacing as a hard inconsistent result after apply error. This diagnostic aims to direct users how to resolve the issue at plan time. See this issue comment for additional context. (#​41462)

FEATURES:

• New Data Source: aws_cloudwatch_contributor_managed_insight_rules (#​41472)
• New Resource: aws_cloudwatch_contributor_managed_insight_rule (#​41449)
• New Resource: aws_qbusiness_application (#​35249)

ENHANCEMENTS:

• resource/aws_bedrock_model_invocation_logging_configuration: Add video_data_delivery_enabled argument (#​41317)
• resource/aws_db_instance: Add password_wo write-only attribute (#​41366)
• resource/aws_docdb_cluster: Add master_password_wo write-only attribute (#​41413)
• resource/aws_glue_partition: Add storage_descriptor.additional_locations argument (#​41434)
• resource/aws_redshift_cluster: Add master_password_wo write-only attribute (#​41411)
• resource/aws_redshiftserverless_namespace: Add admin_user_password_wo write-only attribute (#​41412)
• resource/aws_secretsmanager_secret_version: Add secret_string_wo write-only attribute (#​41371)

BUG FIXES:

• data-source/aws_codebuild_fleet: Prevents panic when scaling_configuration is not empty. (#​41377)
• resource/aws_amplify_domain_association: Prevents unexpected state error when creating with multiple sub_domain (#​36961)
• resource/aws_bedrock_model_invocation_logging_configuration: Set embedding_data_delivery_enabled, image_data_delivery_enabled, and text_data_delivery_enabled arguments as optional with default value of true (#​41317)
• resource/aws_cloudwatch_contributor_insight_rule: Fix enable/disable rule state (#​41449)
• resource/aws_dynamodb_table: Fixes long delay in creation of replicas (#​41451)

v5.87.0

Compare Source

FEATURES:

• New Resource: aws_cloudwatch_contributor_insight_rule (#​41373)

ENHANCEMENTS:

• resource/aws_dynamodb_table_export: Add export_type and incremental_export_specification arguments (#​41303)
• resource/aws_quicksight_data_source: Add parameters.s3.role_arn argument to allow override an account-wide role for a specific S3 data source (#​41284)
• resource/aws_rds_cluster: Add master_password_wo write-only attribute (#​41314)
• resource/aws_rekognition_stream_processor: Deprecates stream_processor_arn in favor of arn. (#​41271)
• resource/aws_ssm_parameter: Add value_wo write-only attribute (#​40952)
• resource/aws_vpclattice_access_log_subscription: Add service_network_log_type argument (#​41304)

BUG FIXES:

• data-source/aws_dynamodb_table: Add missing on_demand_throughput and global_secondary_index.*.on_demand_throughput attributes to resolve read error (#​41350)
• resource/aws_cloudformation_stack_set_instance: Prevents overly-long creation times and possible OperationInProgress errors (#​41388)
• resource/aws_detective_member: No longer fails with unexpected status when adding Organization member accounts. (#​41344)
• resource/aws_ec2_transit_gateway_route_table_association: Fix deleting and recreating resource when dependencies changes don't require the resource be recreated. (#​41292)
• resource/aws_internet_gateway: Fix to continue deletion when attachment is not found (#​41346)

v5.86.1

Compare Source

BUG FIXES:

• data-source/aws_vpclattice_service: Fix regression resulting in AccessDeniedError attempting to list tags (#​41295)
• data-source/aws_vpclattice_service_network: Fix regression resulting in AccessDeniedError attempting to list tags (#​41295)
• resource/aws_cloudtrail: Fix regression issue where sns_topic_name shows perpectual diff when an ARN of a SNS topic from a different region is specified (#​41279)
• resource/aws_s3_bucket_lifecycle_configuration: Fixes "inconsistent result" error when rule[*].prefix is an empty string. (#​41296)

v5.86.0

Compare Source

NOTES:

• resource/aws_s3_bucket_lifecycle_configuration: When upgrading existing resources with no defined prefix, the Terraform plan will show the removal of prefix from state. This is expected, and should not occur on subsequent plans. (#​41159)

ENHANCEMENTS:

• data-source/aws_rds_cluster: Add monitoring_interval and monitoring_role_arn attributes (#​41002)
• provider: Support us-isof-east-1 and us-isof-south-1 as valid AWS Regions (#​41243)
• resource/aws_fms_policy: Add security_service_policy_data.policy_option.network_acl_common_policy argument to allow creation of FMS-managed NACL rules (#​41219)
• resource/aws_rds_cluster: Add monitoring_interval and monitoring_role_arn arguments (#​41002)
• resource/aws_sqs_queue: Accommodate accounts that take longer to process with customizable timeouts. (#​41232)

BUG FIXES:

• resource/aws_gamelift_game_server_group: Correctly plan tags_all value (#​41256)
• resource/aws_instance: Properly cancel spot instance requests on destroy when instance_lifecycle is spot (#​41206)
• resource/aws_route53_zone: Fix panic: runtime error: invalid memory address or nil pointer dereference when deleting the resource would otherwise return an error (#​41260)
• resource/aws_s3_bucket_lifecycle_configuration: Properly handle default value of transition_default_minimum_object_size (#​41159)
• resource/aws_wafv2_web_acl: Properly set rule during import (#​41205)

v5.85.0

Compare Source

NOTES:

• resource/aws_macie2_invitation_accepter: Maintainers are unable to acceptance test the regression fix included in this release. This patch is best effort, and we ask for community help in assessing the change. (#​41163)

FEATURES:

• New Data Source: aws_vpc_ipam (#​40459)
• New Data Source: aws_vpc_ipams (#​40459)
• New Ephemeral Resource: aws_secretsmanager_random_password (#​41106)
• New Resource: aws_guardduty_member_detector_feature (#​35625)
• New Resource: aws_route53domains_domain (#​37885)
• New Resource: aws_timestreamquery_scheduled_query (#​41145)
• New Resource: aws_vpclattice_resource_configuration (#​41019)
• New Resource: aws_vpclattice_service_network_resource_association (#​41057)

ENHANCEMENTS:

• data-source/aws_ec2_transit_gateway_dx_gateway_attachment: Add arn attribute (#​41086)
• data-source/aws_ec2_transit_gateway_peering_attachment: Add arn attribute (#​41087)
• data-source/aws_ec2_transit_gateway_vpc_attachment: Add arn attribute (#​41084)
• data-source/aws_ecs_task_definition: Add missing attributes (#​41081)
• data-source/aws_launch_template: Add network_interfaces.connection_tracking_specification attribute (#​41184)
• resource/aws_appflow_connector_profile: Add connector_profile_config.connector_profile_properties.salesforce.use_privatelink_for_metadata_and_authorization argument (#​41175)
• resource/aws_autoscaling_policy: Add target_tracking_configuration.customized_metric_specification.metrics.metric_stat.period argument to support high-resolution metrics (#​41066)
• resource/aws_bedrockagent_data_source: Add data_source_configuration.confluence_configuration, data_source_configuration.salesforce_configuration, data_source_configuration.share_point_configuration, and data_source_configuration.web_configuration arguments (#​40711)
• resource/aws_bedrockagent_knowledge_base: Add knowledge_base_configuration.vector_knowledge_base_configuration.embedding_model_configuration and knowledge_base_configuration.vector_knowledge_base_configuration.supplemental_data_storage_configuration arguments (#​40737)
• resource/aws_bedrockagent_knowledge_base: Improve retry handling for IAM propagation and OpenSearch data access propagation errors (#​40737)
• resource/aws_cloudtrail : Add sns_topic_arn attribute (#​41168)
• resource/aws_cloudtrail_event_data_store: Add suspend argument (#​40607)
• resource/aws_cloudwatch_event_connection: Add invocation_connectivity_parameters argument (#​41144)
• resource/aws_ec2_transit_gateway_peering_attachment: Add arn attribute (#​41087)
• resource/aws_ec2_transit_gateway_vpc_attachment: Add arn attribute (#​41084)
• resource/aws_ecs_task_definition: Add enable_fault_injection argument (#​41078)
• resource/aws_launch_template: Add network_interfaces.connection_tracking_specification argument (#​41184)
• resource/aws_media_convert_queue: Add concurrent_jobs argument (#​41012)
• resource/aws_medialive_multiplex_program: Add configurable create timeout (#​40972)
• resource/aws_organizations_account: Add configurable timeouts for Create and Delete (#​41059)
• resource/aws_pinpoint_email_channel: Add orchestration_sending_role_arn argument (#​41043)
• resource/aws_pipes_pipe: Add kms_key_identifier argument (#​41082)
• resource/aws_rds_cluster: Support instance as a valid value for enabled_cloudwatch_logs_exports (#​41111)
• resource/aws_rekognition_project: Add tags argument and tags_all attribute (#​41192)
• resource/aws_vpc_endpoint: Add resource_configuration_arn and service_network_arn arguments to support creating VPC Endpoints of type Resource and ServiceNetwork (#​41116)
• resource/aws_vpc_endpoint_security_group_association: Add import support (#​41042)

BUG FIXES:

• data-source/aws_opensearchserverless_collection: Prevent errant AutoFlex errors when setting created_date and last_modified_date attributes (#​41105)
• resource/aws_ami_ids: Fix sort_ascending to sort in ascending order (#​40529)
• resource/aws_bedrockagent_knowledge_base: Remove ForceNew behavior from role_arn argument (#​41072)
• resource/aws_cloudwatch_log_delivery: Fix Provider produced inconsistent result after apply errors for s3_delivery_configuration.enable_hive_compatible_path (#​41122)
• resource/aws_cloudwatch_log_delivery: Mark field_delimiter as Computed (#​41122)
• resource/aws_cognito_identity_provider: Correct plan-time validation of provider_name to count UTF-8 characters properly (#​41187)
• resource/aws_cognito_user_group: Correct plan-time validation of name to count UTF-8 characters properly (#​41187)
• resource/aws_cognito_user_pool_client: Correct plan-time validation of callback_urls, default_redirect_uri, logout_urls, and supported_identity_providers` to count UTF-8 characters properly (#​41187)
• resource/aws_dms_replication_task: Fix panic: interface conversion: interface {} is float64, not string (#​41096)
• resource/aws_elasticache_serverless_cache: Fix InvalidParameterCombination error during update (#​40969)
• resource/aws_iam_server_certificate: Allow update of name, name_prefix, and path without forcing new resource (#​41186)
• resource/aws_macie2_invitation_accepter: Properly set invitation_id when calling the AcceptInvitation API (#​41163)

v5.84.0

Compare Source

NOTES:

• resource/aws_kms_custom_key_store: We cannot acceptance test the support for external key stores added in this release. The impementation is best effort and we ask for community help in testing. (#​40557)

FEATURES:

• New Ephemeral Resource: aws_eks_cluster_auth (#​40660)
• New Resource: aws_media_packagev2_channel_group (#​38406)

ENHANCEMENTS:

• data-source/aws_ami: Add uefi_data attribute (#​40210)
• data-source/aws_ec2_instance_type: Add bandwidth_weightings, boot_modes, default_network_card_index, efa_maximum_interfaces, ena_srd_supported, inference_accelerators.memory_size, media_accelerators, network_cards, neuron_devices, nitro_enclaves_support, nitro_tpm_support, nitro_tpm_supported_versions, phc_support, supported_cpu_features, total_inference_memory, total_media_memory, and total_neuron_device_memory attributes (#​40717)
• data-source/aws_elb_hosted_zone_id: Add hosted zone ID for mx-central-1 AWS Region (#​40940)
• data-source/aws_lb_hosted_zone_id: Add hosted zone IDs for mx-central-1 AWS Region (#​40940)
• data-source/aws_s3_bucket: Add hosted zone ID for mx-central-1 AWS Region (#​40940)
• provider: Support mx-central-1 as a valid AWS Region (#​40940)
• resource/aws_ami: Add uefi_data argument (#​40210)
• resource/aws_ami_copy: Add uefi_data attribute (#​40210)
• resource/aws_ami_from_instance: Add uefi_data attribute (#​40210)
• resource/aws_cloudtrail: Add userIdentity.arn to advanced_event_selector.field_selector (#​40629)
• resource/aws_elasticache_user: engine is now case insensitive (#​40794)
• resource/aws_elasticache_user_group: engine is now case insensitive (#​40794)
• resource/aws_globalaccelerator_accelerator: Add arn attribute (#​40930)
• resource/aws_globalaccelerator_custom_routing_accelerator: Add arn attribute (#​40930)
• resource/aws_globalaccelerator_custom_routing_listener: Add arn attribute (#​40930)
• resource/aws_globalaccelerator_listener: Add arn attribute (#​40930)
• resource/aws_kms_custom_key_store: Add support for external key stores (#​40557)
• resource/aws_lb_listener: Add routing_http_response_server_enabled, routing_http_response_strict_transport_security_header_value, routing_http_response_access_control_allow_origin_header_value, routing_http_response_access_control_allow_methods_header_value, routing_http_response_access_control_allow_headers_header_value, routing_http_response_access_control_allow_credentials_header_value, routing_http_response_access_control_expose_headers_header_value, routing_http_response_access_control_max_age_header_value, routing_http_response_content_security_policy_header_value, routing_http_response_x_content_type_options_header_value, routing_http_response_x_frame_options_header_value, routing_http_request_x_amzn_mtls_clientcert_serial_number_header_name, routing_http_request_x_amzn_mtls_clientcert_issuer_header_name, routing_http_request_x_amzn_mtls_clientcert_subject_header_name, routing_http_request_x_amzn_mtls_clientcert_validity_header_name, routing_http_request_x_amzn_mtls_clientcert_leaf_header_name, routing_http_request_x_amzn_mtls_clientcert_header_name, routing_http_request_x_amzn_tls_version_header_name, and routing_http_request_x_amzn_tls_cipher_suite_header_name arguments in support of HTTP header modification (#​40736)
• resource/aws_route53_health_check: Add triggers argument to support synchronization with upstream CloudWatch alarm changes (#​40918)
• resource/aws_sagemaker_endpoint_configuration: Support setting production_variants.managed_instance_scaling and shadow_production_variants.managed_instance_scaling to 0 (#​40882)

BUG FIXES:

• resource/aws_apprunner_vpc_ingress_connection: Change ingress_vpc_configuration, name, and service_arn to ForceNew (#​40927)
• resource/aws_datasync_location_s3: Fix location URI global ID and subdirectory (...) does not match pattern "..." errors on Read when s3_bucket_arn is an S3 on Outposts access point (#​40929)
• resource/aws_ecs_task_definition: Correctly detect differences in volume.configure_at_launch and volume.docker_volume_configuration (#​40853)
• resource/aws_lambda_invocation: Fix failed input transformations when upgrading from a version less than v5.1.0 with an input that cannot be marshaled into a map[string]interface{} (#​40958)
• resource/aws_lambda_invocation: Prevent a new invocation when upgrading from a version less than v5.1.0 with no configuration changes (#​40958)
• resource/aws_msk_cluster: Prevent persistent differences when broker_node_group_info.0.storage_info.0.ebs_storage_info.0.provisioned_throughput is unset (#​40910)
• resource/aws_msk_cluster: Properly disable provisioned throughput when a previously configured broker_node_group_info.0.storage_info.0.ebs_storage_info.0.provisioned_throughput block is removed (#​40910)
• resource/aws_ses_receipt_rule: Retry errors caused by IAM eventual consistency (#​40873)

v5.83.1

Compare Source

BUG FIXES:

• resource/aws_route53_record: Correct fdqn value if name is a wildcard domain name (the leftmost label is *). This fixes a regression introduced in v5.83.0 (#​40868)

v5.83.0

Compare Source

NOTES:

• provider: The retry handling in the apigatewayv2 client has been updated to more extensively match ConflictException error responses. This change should be transparent to users, but if any unexpected changes in behavior with apigatewayv2 resources occur following an upgrade to this release, please open a bug report. (#​40840)
• resource/aws_api_gateway_domain_name_access_association: Deprecates id in favor of arn. (#​40626)
• resource/aws_route53_cidr_location: Deprecates id. (#​40626)
• resource/aws_s3_directory_bucket: Deprecates id in favor of bucket. (#​40626)

FEATURES:

• New Data Source: aws_cloudwatch_event_buses (#​40662)
• New Data Source: aws_ecs_clusters (#​40638)
• New Data Source: aws_route53_records (#​38186)
• New Ephemeral Resource: aws_cognito_identity_openid_token_for_developer_identity (#​40763)
• New Resource: aws_bedrockagent_agent_collaborator (#​40559)
• New Resource: aws_cleanrooms_membership (#​35165)
• New Resource: aws_cloudwatch_log_delivery (#​40731)
• New Resource: aws_cloudwatch_log_delivery_destination (#​40731)
• New Resource: aws_cloudwatch_log_delivery_destination_policy (#​40731)
• New Resource: aws_cloudwatch_log_delivery_source (#​40731)
• New Resource: aws_cloudwatch_log_index_policy (#​40594)
• New Resource: aws_vpclattice_resource_gateway (#​40821)

ENHANCEMENTS:

• data-source/aws_codebuild_fleet: Add compute_configuration attribute (#​40752)
• data-source/aws_dms_endpoint: Add kafka_settings.sasl_mechanism attribute (#​36918)
• data-source/aws_elb_hosted_zone_id: Add hosted zone ID for ap-southeast-7 AWS Region (#​40850)
• data-source/aws_lb_hosted_zone_id: Add hosted zone IDs for ap-southeast-7 AWS Region (#​40850)
• data-source/aws_rds_certificate: Add default_for_new_launches attribute (#​40536)
• data-source/aws_rds_engine_version: Add supports_certificate_rotation_without_restart, supports_integrations, and supports_local_write_forwarding attributes (#​40700)
• data-source/aws_s3_bucket: Add hosted zone ID for ap-southeast-7 AWS Region (#​40850)
• data-source/aws_vpc_endpoint_service: Add region attribute (#​40795)
• data-source/aws_vpc_endpoint_service: Add service_regions argument (#​40795)
• provider: Support ap-southeast-7 as a valid AWS Region (#​40849)
• resource/aws_appflow_flow: Add data_transfer_api attribute to destination_flow_config_list.destination_connector_properties.salesforce (#​34937)
• resource/aws_cloudfront_distribution: Add grpc_config argument to default_cache_behavior and ordered_cache_behavior configuration blocks (#​40762)
• resource/aws_codebuild_fleet: Add compute_configuration argument (#​40752)
• resource/aws_cognito_user_pool: Add email_mfa_configuration argument (#​40734)
• resource/aws_cognito_user_pool: Add sign_in_policy and web_authn_configuration arguments (#​40765)
• resource/aws_cognito_user_pool: Add user_pool_tier argument (#​40633)
• resource/aws_dms_endpoint: Add kafka_settings.sasl_mechanism argument (#​36918)
• resource/aws_ecr_account_setting: Add valid values for registry policy scope to name and value arguments (#​40772)
• resource/aws_eip_association: Adds validation to only allow one of instance_id or network_interface_id (#​40769)
• resource/aws_eks_node_group: Add node_repair_config configuration block (#​40698)
• resource/aws_elasticache_user: Add VALKEY as supported value for 'engine' argument (#​40764)
• resource/aws_elasticache_user_group: Add VALKEY as supported value for 'engine' argument (#​40764)
• resource/aws_emr_studio: Add encryption_key_arn argument (#​40771)
• resource/aws_quicksight_user: Add user_invitation_url attribute (#​40775)
• resource/aws_rds_cluster: Support iam-db-auth-error as a valid value for enabled_cloudwatch_logs_exports (#​40789)
• resource/aws_rds_integration: Add data_filter argument (#​40816)
• resource/aws_s3_object_copy: Add override_provider configuration block, allowing tags inherited from the provider default_tags configuration block to be ignored (#​40689)

BUG FIXES:

• resource/aws_api_gateway_domain_name: Fixed error when adding policy to existing private domain name (#​40708)
• resource/aws_apigatewayv2_api: Don't overwrite the configured values of description, name or version if they are not present in the OpenAPI definition body (#​40707)
• resource/aws_apigatewayv2_route: Fix retry handling of ConflictException error responses (#​40840)
• resource/aws_cloudfront_cache_policy: Fix panic: interface conversion: interface {} is nil, not map[string]interface {} when parameters_in_cache_key_and_forwarded_to_origin.cookies_config, parameters_in_cache_key_and_forwarded_to_origin.headers_config, or parameters_in_cache_key_and_forwarded_to_origin.query_strings_config are empty (#​40815)
• resource/aws_codebuild_fleet: Allow scaling_configuration to be removed on Update (#​40773)
• resource/aws_codebuild_project: Allow file_system_locations to be removed on Update (#​40842)
• resource/aws_ec2_instance_connect_endpoint: Set fips_dns_name to an empty value ("") when no value is returned from the EC2 API. This fixes known-after-apply loops in Regions that don't support FIPS endpoints (#​37939)
• resource/aws_emr_studio: Fix issue with IAM/KMS policy eventual consistency handling not working (#​40771)
• resource/aws_glue_catalog_database: Fix crash when expanding create_table_default_permission with a nil principal block (#​40761)
• resource/aws_instance: Always set http_tokens when metadata_options is updated (#​40727)
• resource/aws_instance: Set new computed value for public_dns and public_ip attributes when changing instance_type, user_data, or user_data_base64 (#​40710)
• resource/aws_internet_gateway: Handle operation error EC2: DetachInternetGateway, ..., api error InvalidInternetGatewayID.NotFound: ... errors on delete for resources deleted out-of-band (#​40790)
• resource/aws_internet_gateway_attachment: Handle operation error EC2: DetachInternetGateway, ..., api error InvalidInternetGatewayID.NotFound: ... errors on delete for resources deleted out-of-band (#​40790)
• resource/aws_quicksight_data_set: Correctly expand logical_table_map.tag_column_operation.tags.column_description (#​40713)
• resource/aws_rds_instance Fix manage_master_user_password being updated in state when update errors (#​40538)
• resource/aws_route53_record: Fix perpetual diff if alias.name contains characters that the Route 53 API escapes (#​40154)
• resource/aws_route53_zone: Fix perpetual diff if name contains characters that the Route 53 API escapes (#​40154)
• resource/aws_ses_identity_notification_topic: Prevent destroy failure when resource is already deleted outside of Terraform (#​40684)
• resource/aws_sesv2_configuration_set: Fix handling of delivery_options.max_delivery_seconds when not configured (#​40670)
• resource/aws_sesv2_configuration_set_event_destination: Retry IAM eventual consistency errors (#​40843)
• resource/aws_sqs_queue: Fix timeout error on creation if sqs_managed_sse_enabled=true and kms_data_key_reuse_period_seconds is configured (#​40729)

boto/boto3 (boto3)

v1.37.2

Compare Source

======

• api-change:application-signals: [botocore] This release adds API support for reading Service Level Objectives and Services from monitoring accounts, from SLO and Service-scoped operations, including ListServices and ListServiceLevelObjectives.
• api-change:batch: [botocore] AWS Batch: Resource Aware Scheduling feature support
• api-change:chime: [botocore] Removes the Amazon Chime SDK APIs from the "chime" namespace. Amazon Chime SDK APIs continue to be available in the AWS SDK via the dedicated Amazon Chime SDK namespaces: chime-sdk-identity, chime-sdk-mediapipelines, chime-sdk-meetings, chime-sdk-messaging, and chime-sdk-voice.
• api-change:cloudfront: [botocore] Documentation update for VPC origin config.
• api-change:ec2: [botocore] Amazon EC2 Fleet customers can now override the Block Device Mapping specified in the Launch Template when creating a new Fleet request, saving the effort of creating and associating new Launch Templates to customize the Block Device Mapping.
• api-change:iotfleetwise: [botocore] This release adds an optional listResponseScope request parameter in certain list API requests to limit the response to metadata only.
• api-change:oam: [botocore] This release adds support for sharing AWS::ApplicationSignals::Service and AWS::ApplicationSignals::ServiceLevelObjective resources.
• api-change:sagemaker: [botocore] AWS SageMaker InferenceComponents now support rolling update deployments for Inference Components.
• enhancement:Protocol: [botocore] Adds support for the smithy-rpc-v2-cbor protocol. If a service supports smithy-rpc-v2-cbor, this protocol will automatically be used. For more information, see https://smithy.io/2.0/additional-specs/protocols/smithy-rpc-v2.html

v1.37.1

Compare Source

======

• api-change:codebuild: [botocore] Adding "reportArns" field in output of BatchGetBuildBatches API. "reportArns" is an array that contains the ARNs of reports created by merging reports from builds associated with the batch build.
• api-change:devicefarm: [botocore] Add an optional configuration to the ScheduleRun and CreateRemoteAccessSession API to set a device level http/s proxy.
• api-change:ec2: [botocore] Adds support for time-based EBS-backed AMI copy operations. Time-based copy ensures that EBS-backed AMIs are copied within and across Regions in a specified timeframe.
• api-change:iot: [botocore] AWS IoT - AWS IoT Device Defender adds support for a new Device Defender Audit Check that monitors device certificate age and custom threshold configurations for both the new device certificate age check and existing device certificate expiry check.
• api-change:taxsettings: [botocore] PutTaxRegistration API changes for Egypt, Greece, Vietnam countries

astral-sh/uv (ghcr.io/astral-sh/uv)

v0.6.3

Compare Source

Enhancements

• Allow quotes around command-line options in requirement.txt files (#​11644)
• Initialize PEP 723 script in uv lock --script (#​11717)

Configuration

• Accept multiple .env files in UV_ENV_FILE (#​11665)

Performance

• Reduce overhead in converting resolutions (#​11660)
• Use SmallString on Hashes (#​11756)
• Use a Box for Yanked on File (#​11755)
• Use a SmallString for the Yanked enum (#​11715)
• Use boxed slices for hash vector (#​11714)
• Use install concurrency for bytecode compilation too (#​11615)

Bug fixes

• Avoid installing duplicate dependencies across conflicting groups (#​11653)
• Check subdirectory existence after cache heal (#​11719)
• Include uppercase platforms for Windows wheels (#​11681)
• Respect existing PEP 723 script settings in uv add (#​11716)
• Reuse refined interpreter to create tool environment (#​11680)
• Skip removed directories during bytecode compilation (#​11633)
• Support conflict markers in uv export (#​11643)
• Treat lockfile as outdated if (empty) extras are added (#​11702)
• Display path separators as backslashes on Windows (#​11667)
• Display the built file name instead of the canonicalized name in uv build (#​11593)
• Fix message when there are no buildable packages (#​11722)
• Re-allow HTTP schemes for Git dependencies (#​11687)

Documentation

• Add anchor links to arguments and options in the CLI reference (#​11754)
• Add link to environment marker specification (#​11748)
• Fix missing a closing bracket in the cache-keys setting (#​11669)
• Remove the last edited date from documentation pages (#​11753)
• Fix readme typo (#​11742)

v0.6.2

Compare Source

Enhancements

• Add support for constraining build dependencies with tool.uv.build-constraint-dependencies (#​11585)
• Sort dependency group keys when adding new group (#​11591)

Performance

• Use an Arc for index URLs (#​11586)

Bug fixes

• Allow use of x86-64 Python on ARM Windows (#​11625)
• Fix an issue where conflict markers could instigate a very large lock file (#​11293)
• Fix duplicate packages with multiple conflicting extras declared (#​11513)
• Respect color settings for log messages (#​11604)
• Eagerly reject unsupported Git schemes (#​11514)

Documentation

• Add documentation for specifying Python versions in tool commands (#​11598)

v0.6.1

Compare Source

Enhancements

• Allow users to mark platforms as "required" for wheel coverage (#​10067)
• Warn for builds in non-build and workspace root pyproject.toml (#​11394)

Bug fixes

• Add --all to uvx --reinstall message (#​11535)
• Fallback to GET on HTTP 400 when attempting to use range requests for wheel download (#​11539)
• Prefer local variants in preference selection (#​11546)
• Respect verbatim executable name in uvx (#​11524)

Documentation

• Add documentation for required environments (#​11542)
• Note that main.py used to be hello.py (#​11519)

v0.6.0

Compare Source

There have been 31 releases and 1135 pull requests since 0.5.0, our last release with breaking changes. As before, we've accumulated various changes that improve correctness and user experience, but could break some workflows. This release contains those changes; many have been marked as breaking out of an abundance of caution. We expect most users to be able to upgrade without making changes.

Breaking changes

• Create main.py instead of hello.py in uv init (#​10369)

  Previously, uv init created a hello.py sample file. Now, uv init will create main.py instead — which aligns with expectations from user feedback. The --bare option can be used to avoid creating the file altogether.

• Respect UV_PYTHON in uv python install (#​11487)

  Previously, uv python install did not read this environment variable; now it does. We believe this matches user expectations, however, this will take priority over .python-version files which could be considered breaking.

• Set UV to the uv executable path (#​11326)

  When uv spawns a subprocess, it will now have the UV environment variable set to the uv binary path. This change is breaking if you are setting the UV environment variable yourself, as we will overwrite its value.

  Additionally, this change requires marking the uv Rust entrypoint (uv::main) as unsafe to avoid unsoundness — this is only relevant if you are invoking uv using Rust. See the Rust documentation for details about the safety of updating a process' environment.

• Error on non-existent extras, e.g., in uv sync (#​11426)

  Previously, uv would silently ignore non-existent extras requested on the command-line (e.g., via uv sync --extra foo). This is generally correct behavior when resolving requests for package extras, because an extra may be present on one compatible version of a package but not another. However, this flexibility doesn't need to apply to the local project and it's less surprising to error here.

• Error on missing dependency groups when --frozen is provided (#​11499)

  Previously, uv would not validate that the requested dependency groups were present in the lockfile when the --frozen flag was used. Now, an error will be raised if a requested dependency group is not present.

• Change -p to a --python alias in uv pip compile (#​11486)

  In uv pip compile, -p was an alias for --python-version while everywhere else in uv's interface it is an alias for --python. Additionally, uv pip compile did not respect the UV_PYTHON environment variable. Now, the semantics of this flag have been updated for parity with the rest of the CLI.

  However, --python-version is unique: if we cannot find an interpreter with the given version, we will not fail. Instead, we'll use an alternative interpreter and override its version tags with the requested version during package resolution. This behavior is retained here for backwards compatibility, --python <version> / -p <version> will not fail if the version cannot be found. However, if a specific interpreter is requested, e.g., with --python <path> or --python pypy, and cannot be found — uv will exit with an error.

  The breaking changes here are that UV_PYTHON is respected and --python <version> will no longer fail if the version cannot be found.

• Bump alpine default tag to 3.21 for derived Docker images (#​11157)

  Alpine 3.21 was released in Dec 2024 and is used in the official Alpine-based Python images. Our uv:python3.x-alpine images have been using 3.21 since uv v0.5.8. However, now the the uv:alpine image will use 3.21 instead of 3.20 and uv:alpine3.20 will no longer be updated.

• Use files instead of junctions on Windows (#​11269)

  Previously, we used junctions for atomic replacement of cache entries on Windows. Now, we use a file with a pointer to the cache entry instead. This resolves various edge-case behaviors with junctions. These files are only intended to be consumed by uv and the cache version has been bumped. We do not think this change will affect workflows.

Stabilizations

• uv publish is no longer in preview (#​11032)

  This does not come with any behavior changes. You will no longer see an experimental warning when using uv publish. See the linked pull request for a report on the stabilization.

Enhancements

• Support --active for PEP 723 script environments (#​11433)
• Add revision to the lockfile to allow backwards-compatible metadata changes (#​11500)

Bug fixes

• Avoid reading metadata from .egg-info files (#​11395)
• Include archive bucket version in archive pointers (#​11306)
• Omit lockfile version when additional fields are dynamic (#​11468)
• Respect executable name in uvx --from tool@latest (#​11465)

Documentation

• The CHANGELOG.md is now split into separate files for each "major" version to fix rendering (#​11510)

v0.5.31

Compare Source

Release Notes

Enhancements

• Add uv sync --script (#​11361)
• Allow PEP 508 requirements in tool requests (#​11337)
• Allow source distributions to produce wheels with +local suffixes (#​11429)
• Bring parity to uvx and uv tool install requests (#​11345)
• Use a stable directory for local, remote, and stdin script virtual environments (#​11347, #​11364)
• Detect infinite recursion in uv run (#​11386)

Python

The managed Python distributions have been updated, including:

• CPython 3.14.0a5, which includes a new tail calling interpreter for a sign