Release v1.18.7#852
Merged
Merged
Conversation
Co-authored-by: Cursor <cursoragent@cursor.com> # Conflicts: # .cursor/skills/blog-writing/SKILL.md GitOrigin-RevId: 055ac2e8ac6d3f73abaa32b6e916794271c6d153
<img width="1266" height="490" alt="image" src="https://github.com/user-attachments/assets/4e4be35b-6d0e-4314-9758-76b09e06d550" /> ## Summary - Add observe-only MCP middleware that resolves grant-key workspace bindings on every `/brent/mcp` request, classifies anomalies using the same taxonomy as the Connect workspace interceptor, and reports telemetry without changing tenancy or rejecting requests. - Add the `whoami` MCP tool (`account:read`) so users and support can inspect binding health: subject, bound workspace, legacy claim, and `binding_status`. - Document observe mode in the Auth0 runbook and Brent backend README. ## Linear Ticket Fixes: [ENG-5319](https://linear.app/overmind/issue/ENG-5319/brent-workspaces-mcp-observe-middleware-whoami) — Brent Workspaces — MCP observe middleware + whoami - **Purpose**: Resolve MCP grant-key bindings on every request in observe mode, report binding-health anomalies, and expose a `whoami` tool for support — without enforcing tenancy or changing existing MCP tool behaviour. - **Blocks**: [ENG-5341](https://linear.app/overmind/issue/ENG-5341) (enforcement flip) depends on this landing first. ## Changes - `go/auth`: `ExtractMCPGrantKey`, `WithMCPGrantKey`, and unit tests. - `services/brent-backend/service`: shared `mcpGrantObserver` resolver, `newMCPObserveMiddleware` wired after JWT auth in `server_wire.go`, `whoami` MCP tool registered from `mcp.go`. - Integration tests for classify paths, middleware pass-through, and whoami scenarios (healthy, unbound, claim mismatch, missing grant key). - Docs: MCP grant binding observe-mode section in `docs/runbooks/brent-auth0-tenants.md`; README pointer under MCP Server. ## Brent Plan - **Plan ID**: BRENT-466 - **Plan**: [ENG-5319 MCP Observe](https://brent-dev.overmind-demo.com/open/plans/b59bcae8-65b5-4315-8eb8-29ab6cdef08c?intent=plan_review) - **Approved by**: Elliot Waddington > Deviation analysis and reviewer assignment are handled automatically by the > pre-approved PR review automation (see docs/PREAPPROVED_CHANGES.md). ## Test plan - [ ] `go test -race ./go/auth/... -run MCPGrantKey -count=1` - [ ] `go test -race ./services/brent-backend/service/... -run 'MCPObserve|Whoami' -count=1` - [ ] `golangci-lint run ./services/brent-backend/service/... ./go/auth/...` <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Medium Risk** > Touches the authenticated MCP request path and auth claim handling on every call, but observe-only (no rejections); DB binding lookups run when a grant key is present. > > **Overview** > Adds **observe-only** MCP grant-key → workspace binding checks on every authenticated `/brent/mcp` request, without changing tenancy (still `account-name` via `auth.ExtractAccount`) or rejecting traffic. > > **`go/auth`** gains `ExtractMCPGrantKey` / `WithMCPGrantKey` so JWT context can carry `https://api.overmind.tech/mcp-grant-key` (empty claim is normal until ENG-5343). > > **`brent-backend`** wires `newMCPObserveMiddleware` after JWT auth in `server_wire.go`. The shared `mcpGrantObserver` looks up active bindings, checks workspace membership and claim vs bound workspace, sets `brent.mcp.observe.*` span attributes, and logs/Sentry-warns on alarming anomalies (not on `missing_grant_key`). A new **`whoami`** MCP tool (`account:read`) exposes subject, bound workspace, legacy claim, and `binding_status` for support. > > Runbook and README document observe mode and the expected `missing_grant_key` state pre–Auth0 grant-key minting; enforcement is deferred to ENG-5341. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 5b6d91dbbddb237a3c6a182b5d48d188d632f654. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY --> GitOrigin-RevId: f9eb69ca485883b9c121f42884912573fad8ae02
…ra (#5740) ## Summary - Admins can set a workspace logo (uploaded, re-encoded to PNG, stored in a private bucket) and theme colour (`#rrggbb`) via new backend endpoints. - Implements the approved BRENT-463 backend/infra slice: image safety pipeline, object storage seam, branding orchestration, and Terraform/Kustomize wiring for IRSA + S3. - `SuggestWorkspaceBranding` prefill and frontend UI remain out of scope for follow-on plans. ## Linear Ticket Fixes: [ENG-5338](https://linear.app/overmind/issue/ENG-5338/brent-workspaces-p3-workspace-branding-backendinfra) — Brent Workspaces P3 — workspace branding (backend/infra) - **Purpose**: Backend/infra slice for workspace branding — logo upload with server-side re-encode, private S3 storage via IRSA, public proxy serve, and theme colour RPC. - **Blocks**: [ENG-5339](https://linear.app/overmind/issue/ENG-5339/brent-workspaces-p3b-workspace-slug-rename-backend) (workspace slug rename backend) ## Changes - New packages: `imageproc` (single chokepoint for untrusted image bytes), `objectstore` (S3/fs/mem backends), `branding` (`SetLogo`/`SetTheme` with admin gate). - Workspaces store stores object **keys** (not URLs) and derives public URLs in `view.go`; `AdminGetMembership` replaces `AdminIsActiveMember`. - Transport: authed `POST /brent/workspace-logo-upload`, public `GET /brent/workspace-logo/...` proxy, and `UpdateWorkspaceBranding` theme RPC. - Infra: private S3 bucket + IRSA role in Terraform; kustomize SA annotation and `BRENT_BACKEND_LOGO_S3_BUCKET` ConfigMap per overlay (prod + dogfood). - Tests: imageproc units, branding with memstore, upload→proxy round-trip. ## Brent Plan - **Plan ID**: BRENT-463 - **Plan**: [Brent Workspaces P3 — workspace branding (backend/infra)](https://brent-dev.overmind-demo.com/open/plans/d5bb5039-3461-47b4-8aed-28f1bb79a54b?intent=plan_review) - **Approved by**: Thomas Honey - **Pending reviews**: Daniel Carabas > Deviation analysis and reviewer assignment are handled automatically by the > pre-approved PR review automation (see docs/PREAPPROVED_CHANGES.md). Made with [Cursor](https://cursor.com) --------- Co-authored-by: Cursor <cursoragent@cursor.com> GitOrigin-RevId: e52da31d85c23268d5798e09e16cc9adb5ee2490
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [github.com/openrdap/rdap](https://redirect.github.com/openrdap/rdap) | require | digest | `8fa7e50` → `a095c49` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/370) for more information. --- ### Configuration 📅 **Schedule**: (in timezone Europe/London) - Branch creation - "after 6pm on thursday,before 10am on friday" - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/overmindtech/workspace). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yNDIuMiIsInVwZGF0ZWRJblZlciI6IjQzLjI0Mi4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiLCJnb2xhbmciXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> GitOrigin-RevId: 4ec7b7d8c1682a4e95ef7b4f0d87ebf18af99eb7
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | Type | Update | |---|---|---|---|---|---| | [cloud.google.com/go/storage](https://redirect.github.com/googleapis/google-cloud-go) | `v1.62.3` → `v1.63.0` |  |  | require | minor | | [google.golang.org/api](https://redirect.github.com/googleapis/google-api-go-client) | `v0.285.0` → `v0.286.0` |  |  | require | minor | | [google.golang.org/genproto/googleapis/rpc](https://redirect.github.com/googleapis/go-genproto) | `87f3d3e` → `b703f56` |  |  | require | digest | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/370) for more information. --- ### Release Notes <details> <summary>googleapis/google-api-go-client (google.golang.org/api)</summary> ### [`v0.286.0`](https://redirect.github.com/googleapis/google-api-go-client/releases/tag/v0.286.0) [Compare Source](https://redirect.github.com/googleapis/google-api-go-client/compare/v0.285.0...v0.286.0) ##### Features - **all:** Auto-regenerate discovery clients ([#​3629](https://redirect.github.com/googleapis/google-api-go-client/issues/3629)) ([f25a08b](https://redirect.github.com/googleapis/google-api-go-client/commit/f25a08b7bd916e0719cc9e0d003454a8aaa8caf9)) - **all:** Auto-regenerate discovery clients ([#​3631](https://redirect.github.com/googleapis/google-api-go-client/issues/3631)) ([b3bb97f](https://redirect.github.com/googleapis/google-api-go-client/commit/b3bb97ff046401ce738b4e6830642b2e6c712536)) - **all:** Auto-regenerate discovery clients ([#​3632](https://redirect.github.com/googleapis/google-api-go-client/issues/3632)) ([7332dd7](https://redirect.github.com/googleapis/google-api-go-client/commit/7332dd74f142bba59a27778f115eac98cc254bfb)) - **all:** Auto-regenerate discovery clients ([#​3634](https://redirect.github.com/googleapis/google-api-go-client/issues/3634)) ([36081a0](https://redirect.github.com/googleapis/google-api-go-client/commit/36081a00df42df1ca3e3228067737839aa905c9e)) </details> --- ### Configuration 📅 **Schedule**: (in timezone Europe/London) - Branch creation - "after 6pm on thursday,before 10am on friday" - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/overmindtech/workspace). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yNDIuMiIsInVwZGF0ZWRJblZlciI6IjQzLjI0Mi4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiLCJnb2xhbmciXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> GitOrigin-RevId: 5b2d027af0019683371bc679551b85317408f001
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [github.com/aws/aws-sdk-go-v2/service/directconnect](https://redirect.github.com/aws/aws-sdk-go-v2) | `v1.40.0` → `v1.41.0` |  |  | | [github.com/aws/aws-sdk-go-v2/service/ec2](https://redirect.github.com/aws/aws-sdk-go-v2) | `v1.307.1` → `v1.308.0` |  |  | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/370) for more information. --- ### Release Notes <details> <summary>aws/aws-sdk-go-v2 (github.com/aws/aws-sdk-go-v2/service/directconnect)</summary> ### [`v1.41.0`](https://redirect.github.com/aws/aws-sdk-go-v2/blob/HEAD/CHANGELOG.md#Release-2025-06-12) [Compare Source](https://redirect.github.com/aws/aws-sdk-go-v2/compare/v1.40.0...v1.41.0) #### Module Highlights - `github.com/aws/aws-sdk-go-v2/service/apigateway`: [v1.31.3](service/apigateway/CHANGELOG.md#v1313-2025-06-12) - **Documentation**: Documentation updates for Amazon API Gateway - `github.com/aws/aws-sdk-go-v2/service/apigatewayv2`: [v1.28.3](service/apigatewayv2/CHANGELOG.md#v1283-2025-06-12) - **Documentation**: Documentation updates for Amazon API Gateway - `github.com/aws/aws-sdk-go-v2/service/connectcampaignsv2`: [v1.3.0](service/connectcampaignsv2/CHANGELOG.md#v130-2025-06-12) - **Feature**: Added PutInstanceCommunicationLimits and GetInstanceCommunicationLimits APIs - `github.com/aws/aws-sdk-go-v2/service/ecs`: [v1.57.5](service/ecs/CHANGELOG.md#v1575-2025-06-12) - **Documentation**: This Amazon ECS release supports updating the capacityProviderStrategy parameter in update-service. - `github.com/aws/aws-sdk-go-v2/service/emrserverless`: [v1.31.0](service/emrserverless/CHANGELOG.md#v1310-2025-06-12) - **Feature**: This release adds support for retrieval of the optional executionIamPolicy field in the GetJobRun API response. - `github.com/aws/aws-sdk-go-v2/service/iotfleetwise`: [v1.27.0](service/iotfleetwise/CHANGELOG.md#v1270-2025-06-12) - **Feature**: Add new status READY\_FOR\_CHECKIN used for vehicle synchronisation - `github.com/aws/aws-sdk-go-v2/service/kms`: [v1.41.0](service/kms/CHANGELOG.md#v1410-2025-06-12) - **Feature**: AWS KMS announces the support of ML-DSA key pairs that creates post-quantum safe digital signatures. </details> --- ### Configuration 📅 **Schedule**: (in timezone Europe/London) - Branch creation - "after 6pm on thursday,before 10am on friday" - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/overmindtech/workspace). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yNDIuMiIsInVwZGF0ZWRJblZlciI6IjQzLjI0Mi4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiLCJnb2xhbmciXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> GitOrigin-RevId: 8e8d94504972b836e5172559c27efd79af65be5b
This PR contains the following updates: | Update | Change | |---|---| | lockFileMaintenance | All locks refreshed | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/370) for more information. 🔧 This Pull Request updates lock files to use the latest dependency versions. --- ### Configuration 📅 **Schedule**: (in timezone Europe/London) - Branch creation - "before 4am on monday" - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/overmindtech/workspace). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yNDIuMiIsInVwZGF0ZWRJblZlciI6IjQzLjI0Mi4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Medium Risk** > Patch provider bumps affect all Terraform init/apply paths that use these locks (including production deploy workflows); behavior can shift slightly even without HCL changes. > > **Overview** > Renovate **lock file maintenance** bumps pinned Terraform provider versions and checksums across `cli`, `deploy`, `deploy/meta`, and `razorpay-deploy`. No `.tf` or module code changes. > > **hashicorp/aws** moves from **6.51.0** to **6.52.0** wherever that provider is locked. **hashicorp/google** moves from **7.37.0** to **7.38.0** in stacks that use it (e.g. `cli`, `deploy`, `deploy/meta`). Provider **constraints** in the lock files are unchanged; only the resolved version and `h1`/`zh` hashes are updated so `terraform init` pulls the newer binaries. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 487cdd491eafce2a9eb200ae7f6d1b8834fa38f5. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY --> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> GitOrigin-RevId: 649b05733ce83f1d0bd864919129c6776dce54db
…ntity (ENG-5418) (#5796)
<!-- CURSOR_AGENT_PR_BODY_BEGIN -->
## Summary
This PR implements the core GitLab integration infrastructure for
ENG-5418, providing:
- **Per-install opaque URL path token** for secure webhook routing
- **Per-install secret token** (X-Gitlab-Token) for webhook
authentication
- **Client factory** for authenticated outbound GitLab API calls
- **Connect endpoint** for GitLab installation setup
## Changes
### Schema Migration
- Added `webhook_route_token` to `organisation_app_installations` for
per-install URL token routing
- Added `webhook_secret_ciphertext` and `webhook_secret_version` to
`organisation_app_config` for encrypted webhook secrets
- Added `account_integration_id` to `pull_requests` for multi-instance
PR attribution (absorbs ENG-5423)
- Added partial unique index for GitLab webhook tokens
- **Fixed:** Added `'gitlab'` to
`organisation_app_tokens_provider_check` constraint (was missing from
original migration)
### Client Factory (`client_factory.go`)
- Implements `ClientFactory` interface for creating authenticated
`go-gitlab` clients
- Loads install credentials via `GetGitLabInstallWithTokenByID` query
- Decrypts access tokens via `fieldcrypto`
- Wraps HTTP client with `otelhttp` for distributed tracing
- Provides `IsAuthError`/`WrapAuthError` helpers for 401/403 detection →
`ErrGitLabTokenInvalid`
- **Fixed:** Maps `pgx.ErrNoRows` to `ErrGitLabNotConfigured` (Bugbot
`755b75a7`)
### Connect Endpoint (`connect.go`)
- Validates GitLab access token against customer's instance via `GET
/user`
- Generates per-install webhook URL token (SHA-256 hashed in DB,
plaintext shown once)
- Generates per-install webhook secret (encrypted via `fieldcrypto`)
- Transactional upsert of installation/config/token rows
- Returns fully-formed webhook URL and secret for customer to paste into
GitLab
- **Fixed:** Uses `webhook_route_token` hash as `external_principal_id`
to prevent cross-tenant secret sharing (Bugbot `ebcc756e`)
### Webhook Lookup (`webhook_lookup.go`)
- Implements `WebhookTokenLookup` interface for `ByWebhookToken`
resolution
- Hashes incoming URL token and looks up via
`AdminGetGitLabInstallByWebhookToken`
- Returns install details + decrypted secret for per-install
verification
- `VerifyPerInstallSecret` uses constant-time comparison and **fails
closed** when secret is empty
### Token-Routed Webhook Handler (`webhook_handler_token.go`)
- New handler for `POST /webhooks/gitlab/{token}` route
- Extracts token from URL path (not payload) — key spoofing defense
- Verifies per-install secret via X-Gitlab-Token header
- Deduplication via Idempotency-Key header
- Writes `Event_GitlabWebhook` to event store with install context
### Store Validation (`store.go`)
- **Fixed:** `Validate()` now checks both legacy (webhookSecret) and
per-install (codec+orgQueries) configurations (Bugbot `814b6060`)
- Fails fast at boot if partial config is detected
### GitLab Disconnect (`disconnect_workspace.go`, `store.go`)
- **Fixed:** `DisconnectAllIntegrationsForWorkspace` now properly
deletes GitLab installs (Bugbot `c0d5c2e5`)
- New `DeleteGitLabInstallationByID` method deletes install, tokens, and
config atomically
### Wiring
- Added `ProviderGitLab` to Provider enum
- Wired `gitlabStore` with `Codec` and `OrganisationQueries`
- Constructed `GitLab ClientFactory` in `server_construct.go` (held for
ENG-5417/5419/5420/5424)
- Updated `HTTPRoutes` to include token-routed handler alongside legacy
handler
- Added exhaustive switch cases for `ProviderGitLab` across
`organisations` package
## Security Model
This implementation adopts the **industry-standard answer** for webhook
identity:
1. **Routing = per-install URL path token** (Brent-generated,
high-entropy)
- Identity comes from an unguessable URL token, never from payload
fields
- Prevents spoofing: attacker can't claim victim's workspace regardless
of payload
- Solves gitlab.com tenant collapse and namespace collision issues
2. **Authentication = per-install secret token** (X-Gitlab-Token)
- Defense in depth (URLs can leak into logs/proxies)
- Encrypted at rest via `fieldcrypto`
- Constant-time comparison prevents timing attacks
- **Fails closed** when secret is missing
3. **Per-install identity isolation**
- `external_principal_id` = `webhook_route_token` hash (not GitLab user
ID)
- Same GitLab user connecting to different Brent workspaces get isolated
credentials
- Prevents cross-tenant secret sharing
## Tests
- Unit tests for client factory, connect endpoint, webhook lookup
- Token webhook handler tests including **spoofing defense**
verification
- Integration with existing webhook handler tests
## Bugbot Fixes
All 5 Bugbot findings have been addressed:
| Severity | Finding | Fix |
|----------|---------|-----|
| **High** | `814b6060` Store.Validate() skips per-install wiring |
Validate now checks codec+orgQueries config |
| **High** | `ebcc756e` Cross-tenant secret sharing | Use
webhook_token_hash as external_principal_id |
| **High** | GitLab tokens blocked by DB provider check | Add 'gitlab'
to organisation_app_tokens_provider_check |
| **Medium** | `755b75a7` ClientFactory ErrNotConfigured mapping | Map
pgx.ErrNoRows correctly |
| **Medium** | `c0d5c2e5` GitLab disconnect leaves orphans | Implement
DeleteGitLabInstallationByID |
## Out of Scope
- OAuth-app connect flow + token refresh (ENG-5421)
- Factory consumers: commit fetch (ENG-5417), status (ENG-5419), note
(ENG-5420), tool bundle (ENG-5424)
- Frontend GitLab connect page (ENG-5421)
- v19 HMAC signing path (future enhancement)
---
## Deviation Explanations
### `missing-gitlab-connect-rpc-endpoint`
The plan called for a Connect-RPC endpoint `GitLabConnect({ base_url,
token })`. This PR implements the core `Connect()` logic, storage, and
validation, but defers the Connect-RPC handler registration to
**ENG-5421** (Frontend GitLab connect page). The plan itself notes "This
is the endpoint ENG-5421's frontend posts to" — the RPC wiring belongs
with the frontend work that will call it. The internal
`Store.ConnectGitLab()` method is ready for that wiring.
### `missing-pull-request-account-integration-write-path`
The `account_integration_id` column is added to the schema as planned,
but the `CreatePullRequest`/`UpdatePullRequest` queries are
intentionally not modified in this PR. The plan notes this column is
"populated by the translator (ENG-5417)" — the GitLab MR translator will
write this field when it creates PRs. GitHub PRs remain NULL pending a
separate backfill. Modifying write queries here would be premature since
no caller exists yet.
### `missing-review-eng-5423-absorbed-pr-install-write-path`
Same rationale as `missing-pull-request-account-integration-write-path`:
ENG-5423 absorption means the schema is ready for multi-instance
attribution. The write path belongs in ENG-5417 (GitLab MR translator)
which will actually create GitLab PRs and populate the field. Adding the
column now + write path later is the correct sequencing — the translator
needs the column to exist before it can write to it.
### `scope-token-routed-webhook-ingress`
The plan assigned webhook ingress to ENG-5416, but ENG-5416 already
merged with a stub `noopWebhookAccountResolver`. This PR provides the
**real resolver** (`WebhookTokenLookup`) that ENG-5416's plan promised
ENG-5418 would supply. The token-routed handler is the natural home for
the lookup integration — it cannot be tested or validated without the
handler that calls it. Splitting them would require artificial seams.
The legacy global-secret handler from ENG-5416 remains available during
migration.
### `changed-account-integration-id-without-fk`
The plan called for "validate index/FK choice at implementation." Per
the `sql-schema-design` skill: nullable FKs to high-cardinality tables
(like `organisation_app_installations`) typically omit the constraint to
avoid cascading deletes and lock contention on the referenced table. The
comment documents the semantic relationship; enforcement happens at the
application layer. This matches the existing pattern for
`plans.linked_pr_id` → `pull_requests`.
### `changed-gitlab-auth-error-mapping-left-manual`
The plan wanted the factory to automatically map 401/403 to
`ErrGitLabTokenInvalid`. The implementation provides `IsAuthError()` and
`WrapAuthError()` helpers that callers use explicitly. This is
intentional: automatic wrapping in the factory would require the factory
to make API calls (it only builds clients), and different callers may
want different error handling (e.g., retry vs. fail). The helpers are
used in `Connect()` and documented for downstream consumers
(ENG-5417/5419/5420).
### `changed-gitlab-external-principal-id-rekeyed-to-webhook-hash`
The plan stored GitLab user ID as `external_principal_id`. However,
Bugbot correctly identified (finding `ebcc756e`) that this creates a
**cross-tenant security vulnerability**: if the same GitLab user
connects to two different Brent workspaces, the second connection
overwrites the first workspace's secrets because
`organisation_app_config` and `organisation_app_tokens` are keyed on
`(provider, external_principal_id)`.
The fix uses the `webhook_route_token` hash as `external_principal_id`
instead. This ensures each Brent installation has a unique key,
preventing cross-tenant credential collisions. The GitLab user ID was
only used for display/audit purposes and is not needed for the core
routing/auth flow.
### `beyond-gitlab-disconnect-cleanup-landed`
This fix addresses Bugbot finding `c0d5c2e5` (medium severity): "GitLab
disconnect leaves installs and tokens." Without this fix, deleted
workspaces would retain GitLab install rows, encrypted tokens, and
config — and webhooks could still hit Brent for orphaned installs.
Proper cleanup is a security and hygiene requirement that cannot wait
for a separate ticket.
### `beyond-gitlab-store-validate-hardening-landed`
This fix addresses Bugbot finding `814b6060` (high severity):
"Store.Validate() skips per-install wiring." Without this fix,
misconfigured per-install GitLab wiring (missing codec, orgQueries, or
eventsStore) would pass boot-time validation and fail at runtime with
nil-pointer panics or cryptic errors. Fail-fast validation is a
reliability requirement that cannot be deferred.
### `beyond-gitlab-tokens-provider-check-fix`
This fix addresses an additional Bugbot finding (high severity): "GitLab
tokens blocked by DB provider check." The original migration added
`'gitlab'` to the provider CHECK constraints for
`organisation_app_installations` and `organisation_app_config`, but
missed `organisation_app_tokens`. This caused `Connect` and
`UpsertOrganisationAppAccessToken` to fail at the database level when
inserting GitLab token rows. The fix adds a follow-up migration to
include `'gitlab'` in the tokens constraint.
Brent-Plan: BRENT-511
<!-- CURSOR_AGENT_PR_BODY_END -->
<div><a
href="https://cursor.com/agents/bc-1941f19f-7cfa-4a75-9632-6bd5b7b05ab0"><picture><source
media="(prefers-color-scheme: dark)"
srcset="https://cursor.com/assets/images/open-in-web-dark.png"><source
media="(prefers-color-scheme: light)"
srcset="https://cursor.com/assets/images/open-in-web-light.png"><img
alt="Open in Web" width="114" height="28"
src="https://cursor.com/assets/images/open-in-web-dark.png"></picture></a> <a
href="https://cursor.com/background-agent?bcId=bc-1941f19f-7cfa-4a75-9632-6bd5b7b05ab0"><picture><source
media="(prefers-color-scheme: dark)"
srcset="https://cursor.com/assets/images/open-in-cursor-dark.png"><source
media="(prefers-color-scheme: light)"
srcset="https://cursor.com/assets/images/open-in-cursor-light.png"><img
alt="Open in Cursor" width="131" height="28"
src="https://cursor.com/assets/images/open-in-cursor-dark.png"></picture></a> </div>
---------
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
Co-authored-by: jameslaneovermind <jameslaneovermind@users.noreply.github.com>
GitOrigin-RevId: ecc2551f2b602242b724cfcbfa95e23c1df2f64a
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/cache](https://redirect.github.com/actions/cache) | action | major | `v5` → `v6` | | [actions/cache](https://redirect.github.com/actions/cache) | action | major | `v5.0.5` → `v6.1.0` | | [actions/checkout](https://redirect.github.com/actions/checkout) | action | major | `v6` → `v7` | | [actions/checkout](https://redirect.github.com/actions/checkout) | action | major | `v6.0.3` → `v7.0.0` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/370) for more information. --- ### Release Notes <details> <summary>actions/cache (actions/cache)</summary> ### [`v6.1.0`](https://redirect.github.com/actions/cache/releases/tag/v6.1.0) [Compare Source](https://redirect.github.com/actions/cache/compare/v6.0.0...v6.1.0) ##### What's Changed - Bump [@​actions/cache](https://redirect.github.com/actions/cache) to v6.1.0 - handle read-only cache access by [@​jasongin](https://redirect.github.com/jasongin) in [#​1768](https://redirect.github.com/actions/cache/pull/1768) **Full Changelog**: <actions/cache@v6...v6.1.0> ### [`v6.0.0`](https://redirect.github.com/actions/cache/releases/tag/v6.0.0) [Compare Source](https://redirect.github.com/actions/cache/compare/v6.0.0...v6.0.0) #### What's Changed - Update packages, migrate to ESM by [@​Samirat](https://redirect.github.com/Samirat) in [#​1760](https://redirect.github.com/actions/cache/pull/1760) **Full Changelog**: <actions/cache@v5...v6.0.0> ### [`v6`](https://redirect.github.com/actions/cache/compare/v5.0.5...v6.0.0) [Compare Source](https://redirect.github.com/actions/cache/compare/v5.1.0...v6.0.0) </details> <details> <summary>actions/checkout (actions/checkout)</summary> ### [`v7.0.0`](https://redirect.github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v700) [Compare Source](https://redirect.github.com/actions/checkout/compare/v7.0.0...v7.0.0) - Block checking out fork PR for pull\_request\_target and workflow\_run by [@​aiqiaoy](https://redirect.github.com/aiqiaoy) in [#​2454](https://redirect.github.com/actions/checkout/pull/2454) - Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​2458](https://redirect.github.com/actions/checkout/pull/2458) - Bump flatted from 3.3.1 to 3.4.2 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​2460](https://redirect.github.com/actions/checkout/pull/2460) - Bump js-yaml from 4.1.0 to 4.2.0 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​2461](https://redirect.github.com/actions/checkout/pull/2461) - Bump [@​actions/core](https://redirect.github.com/actions/core) and [@​actions/tool-cache](https://redirect.github.com/actions/tool-cache) and Remove uuid by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​2459](https://redirect.github.com/actions/checkout/pull/2459) - upgrade module to esm and update dependencies by [@​aiqiaoy](https://redirect.github.com/aiqiaoy) in [#​2463](https://redirect.github.com/actions/checkout/pull/2463) - Bump the minor-npm-dependencies group across 1 directory with 3 updates by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​2462](https://redirect.github.com/actions/checkout/pull/2462) ### [`v7`](https://redirect.github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v700) [Compare Source](https://redirect.github.com/actions/checkout/compare/v6.0.3...v7.0.0) - Block checking out fork PR for pull\_request\_target and workflow\_run by [@​aiqiaoy](https://redirect.github.com/aiqiaoy) in [#​2454](https://redirect.github.com/actions/checkout/pull/2454) - Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​2458](https://redirect.github.com/actions/checkout/pull/2458) - Bump flatted from 3.3.1 to 3.4.2 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​2460](https://redirect.github.com/actions/checkout/pull/2460) - Bump js-yaml from 4.1.0 to 4.2.0 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​2461](https://redirect.github.com/actions/checkout/pull/2461) - Bump [@​actions/core](https://redirect.github.com/actions/core) and [@​actions/tool-cache](https://redirect.github.com/actions/tool-cache) and Remove uuid by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​2459](https://redirect.github.com/actions/checkout/pull/2459) - upgrade module to esm and update dependencies by [@​aiqiaoy](https://redirect.github.com/aiqiaoy) in [#​2463](https://redirect.github.com/actions/checkout/pull/2463) - Bump the minor-npm-dependencies group across 1 directory with 3 updates by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​2462](https://redirect.github.com/actions/checkout/pull/2462) </details> --- ### Configuration 📅 **Schedule**: (in timezone Europe/London) - Branch creation - "after 6pm on thursday,before 10am on friday" - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/overmindtech/workspace). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yNDIuMiIsInVwZGF0ZWRJblZlciI6IjQzLjI0Mi4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Workflow-only dependency bumps with no application or deploy logic changes; main behavioral note is checkout v7’s stricter handling of fork PRs on `pull_request_target` / `workflow_run`, which may matter only if those triggers check out untrusted refs. > > **Overview** > Renovate-style **major version bumps** for two first-party GitHub Actions across the monorepo’s workflow YAML: **`actions/checkout`** moves from v6 (`v6.0.3` or `@v6`) to **v7.0.0** (or `@v7` in nested `actions/` / `cli/` workflows), and **`actions/cache`** moves from v5 (`v5.0.5` or `@v5`) to **v6.1.0** (or `@v6`). > > The changes are **version reference swaps only**—no new steps, inputs, or job logic. They touch the main **`ci.yml`** matrix (checkout on every job; cache on pnpm, Terraform, lychee, and Next.js restore steps) plus sync/release, Terraform, bundle analysis, e2e, Copilot setup, devcontainer build, and Copybara-related workflows under **`actions/`**, **`cli/`**, and **`aws-source/module/`**. > > **`azure-integration-tests-weekly.yml`** updates checkout to a **full commit SHA** for v7.0.0 instead of a floating `@v6.0.3` tag, matching existing pinning style elsewhere. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 99a080349ecb15d32597085b8809c3daf922ca4c. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY --> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> GitOrigin-RevId: e52399b7eb5b2e7231484767d4e789f26c3cdbe5
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [github.com/nats-io/nats-server/v2](https://redirect.github.com/nats-io/nats-server) | `v2.14.2` → `v2.14.3` |  |  | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/370) for more information. --- ### Release Notes <details> <summary>nats-io/nats-server (github.com/nats-io/nats-server/v2)</summary> ### [`v2.14.3`](https://redirect.github.com/nats-io/nats-server/releases/tag/v2.14.3) [Compare Source](https://redirect.github.com/nats-io/nats-server/compare/v2.14.2...v2.14.3) #### Changelog Refer to the [2.14 Upgrade Guide](https://docs.nats.io/release-notes/whats_new/whats_new_214) for backwards compatibility notes with 2.12.x. Please note that the 2.13.x version was skipped. ##### Go Version - 1.26.4 ([#​8281](https://redirect.github.com/nats-io/nats-server/issues/8281)) ##### Dependencies - golang.org/x/crypto v0.53.0 ([#​8297](https://redirect.github.com/nats-io/nats-server/issues/8297)) - golang.org/x/sys v0.46.0 ([#​8297](https://redirect.github.com/nats-io/nats-server/issues/8297)) - github.com/nats-io/jwt/v2 v2.8.2 - github.com/nats-io/nkeys v0.4.16 ##### Improved General - Per-connection log lines that could be noisy in normal operation have been demoted to debug level ([#​8289](https://redirect.github.com/nats-io/nats-server/issues/8289)) - Writer options are now applied consistently when using the `s2_fast` compression mode ([#​8047](https://redirect.github.com/nats-io/nats-server/issues/8047)) JetStream - Stream and consumer assignment handling has been refactored for more consistent migration and info behavior ([#​8262](https://redirect.github.com/nats-io/nats-server/issues/8262)) - Meta, stream and consumer write errors are now registered more consistently for health and recovery handling ([#​8293](https://redirect.github.com/nats-io/nats-server/issues/8293)) ##### Removed Monitoring - JSONP callback support has been removed from monitoring endpoints ##### Fixed General - Long-running reconnect and OCSP loops no longer retain unused timers, reducing memory pressure over time ([#​8204](https://redirect.github.com/nats-io/nats-server/issues/8204)) - Inherited JWT default permissions are now refreshed when account claims are updated ([#​8276](https://redirect.github.com/nats-io/nats-server/issues/8276)) - External auth configuration is now cleared correctly when account claims are updated ([#​8275](https://redirect.github.com/nats-io/nats-server/issues/8275)) - PROXY protocol detection, TLS sniffing with `allow_non_tls` and PROXY v1 address-family parsing have been fixed ([#​8302](https://redirect.github.com/nats-io/nats-server/issues/8302)) - A race in gateway `CONNECT` handling has been fixed ([#​8306](https://redirect.github.com/nats-io/nats-server/issues/8306)) - Trusted proxy tracking no longer leaks closed clients during concurrent updates ([#​8307](https://redirect.github.com/nats-io/nats-server/issues/8307)) - Service import replies can now be delivered across cluster routes ([#​8317](https://redirect.github.com/nats-io/nats-server/issues/8317)) - Message tracing now works correctly with service imports and exports - Several panic, fatal and data race conditions in authentication, routing, monitoring and clustered request handling have been fixed - `NoAuthUser` now checks connection restrictions - Leaf connections no longer bypass `Nats-Trace-Dest` publish permission checks - `CONNZ` and `SUBSZ` pagination now guard against `Offset` and `Limit` integer overflow panics - Fixed a nil pointer panic when starting up when the resolver parent directory is missing ([#​8329](https://redirect.github.com/nats-io/nats-server/issues/8329)) MQTT - Partial `CONNECT` packets can no longer exhaust pre-authentication memory - `PUBLISH` remaining-length underflow no longer causes a server panic - Subscriptions to internal `$MQTT.deliver.pubrel` subjects are now rejected - Subscribe deny rules are now enforced on retained message and QoS replay paths - WebSocket `/mqtt` upgrades no longer panic when MQTT is disabled Monitoring - JetStream remote usage updates no longer panic on length integer overflow JetStream - A data race on the cluster meta node during JetStream shutdown has been fixed ([#​8260](https://redirect.github.com/nats-io/nats-server/issues/8260)) - Meta proposal inflight tracking is now kept consistent during stream moves and related operations ([#​8261](https://redirect.github.com/nats-io/nats-server/issues/8261)) - Stream catchup is no longer skipped when limits are exceeded, preventing possible stream desync ([#​8265](https://redirect.github.com/nats-io/nats-server/issues/8265)) - Malformed TTL and schedule state is now rejected during decode ([#​8269](https://redirect.github.com/nats-io/nats-server/issues/8269)) - Zero consumer limits are now treated as unlimited during stream updates ([#​8286](https://redirect.github.com/nats-io/nats-server/issues/8286)) - Raft nodes no longer participate in voting or candidacy after write errors ([#​8290](https://redirect.github.com/nats-io/nats-server/issues/8290)) - Raft checkpoint handling now aborts if the node is closed ([#​8296](https://redirect.github.com/nats-io/nats-server/issues/8296)) - Raft `ApplyCommit` now handles the post-snapshot index correctly ([#​8321](https://redirect.github.com/nats-io/nats-server/issues/8321)) - Consumer ack subscriptions now match correctly when consumer names contain `%` ([#​8301](https://redirect.github.com/nats-io/nats-server/issues/8301)) - Observer state is now cleared correctly during `js_cluster_migrate` when a leaf remote is removed ([#​8304](https://redirect.github.com/nats-io/nats-server/issues/8304)) - Atomic batch end-of-batch max-size checks and R1 message rewrites have been fixed ([#​8305](https://redirect.github.com/nats-io/nats-server/issues/8305)) - Schedule drift, failed fast batch commits with `gapOk` and stale `/varz` leaf remote state have been fixed ([#​8308](https://redirect.github.com/nats-io/nats-server/issues/8308)) - Peer state decoding now bounds peer ID reads to the buffer length ([#​8310](https://redirect.github.com/nats-io/nats-server/issues/8310)) - Counter stream staging no longer corrupts the committed running total ([#​8311](https://redirect.github.com/nats-io/nats-server/issues/8311)) - Filestore compaction no longer corrupts compressed or encrypted blocks ([#​8312](https://redirect.github.com/nats-io/nats-server/issues/8312)) - Memory store `NumPending` no longer overcounts for `DeliverLastPerSubject` consumers ([#​8313](https://redirect.github.com/nats-io/nats-server/issues/8313)) - Consumer inactive-delete grace period handling and pull request `MaxBytes` budgeting have been fixed ([#​8314](https://redirect.github.com/nats-io/nats-server/issues/8314)) - `MultiLastSeqs` no longer reorders stream config subjects through `filterIsAll` handling ([#​8315](https://redirect.github.com/nats-io/nats-server/issues/8315)) - Meta recovery snapshots no longer leave phantom streams or consumers behind ([#​8324](https://redirect.github.com/nats-io/nats-server/issues/8324)) - Skipped messages last time no longer violates ordering that could lead to issues with starting by time ([#​8237](https://redirect.github.com/nats-io/nats-server/issues/8237)) - Raft now reverts uncommitted membership changes correctly when truncating or snapshotting ([#​8332](https://redirect.github.com/nats-io/nats-server/issues/8332)) ##### Credits While CVE advisory notices are credited individually, a number of fixes in this release were the result of non-CVE reports from the following contributors: - Koda Reef - [@​Emin-ACIKGOZ](https://redirect.github.com/Emin-ACIKGOZ) - [@​0xVijay](https://redirect.github.com/0xVijay) - Yaohui Wang - [@​alanturing881](https://redirect.github.com/alanturing881) ##### Complete Changes </details> --- ### Configuration 📅 **Schedule**: (in timezone Europe/London) - Branch creation - "after 6pm on thursday,before 10am on friday" - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/overmindtech/workspace). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yNDIuMiIsInVwZGF0ZWRJblZlciI6IjQzLjI0Mi4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiLCJnb2xhbmciXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> GitOrigin-RevId: 50d19072cc9745b2fbc97394b597272bd9476150
> ℹ️ **Note** > > This PR body was truncated due to platform limits. This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [github.com/aws/aws-sdk-go-v2/config](https://redirect.github.com/aws/aws-sdk-go-v2) | `v1.32.25` → `v1.32.27` |  |  | | [github.com/aws/aws-sdk-go-v2/credentials](https://redirect.github.com/aws/aws-sdk-go-v2) | `v1.19.24` → `v1.19.26` |  |  | | [github.com/aws/aws-sdk-go-v2/feature/ec2/imds](https://redirect.github.com/aws/aws-sdk-go-v2) | `v1.18.29` → `v1.18.30` |  |  | | [github.com/aws/aws-sdk-go-v2/service/apigateway](https://redirect.github.com/aws/aws-sdk-go-v2) | `v1.40.6` → `v1.40.8` |  |  | | [github.com/aws/aws-sdk-go-v2/service/autoscaling](https://redirect.github.com/aws/aws-sdk-go-v2) | `v1.67.4` → `v1.68.1` |  |  | | [github.com/aws/aws-sdk-go-v2/service/cloudfront](https://redirect.github.com/aws/aws-sdk-go-v2) | `v1.65.2` → `v1.65.4` |  |  | | [github.com/aws/aws-sdk-go-v2/service/cloudwatch](https://redirect.github.com/aws/aws-sdk-go-v2) | `v1.59.0` → `v1.61.1` |  |  | | [github.com/aws/aws-sdk-go-v2/service/directconnect](https://redirect.github.com/aws/aws-sdk-go-v2) | `v1.41.0` → `v1.41.2` |  |  | | [github.com/aws/aws-sdk-go-v2/service/dynamodb](https://redirect.github.com/aws/aws-sdk-go-v2) | `v1.59.0` → `v1.59.2` |  |  | | [github.com/aws/aws-sdk-go-v2/service/ec2](https://redirect.github.com/aws/aws-sdk-go-v2) | `v1.308.0` → `v1.311.0` |  |  | | [github.com/aws/aws-sdk-go-v2/service/ecs](https://redirect.github.com/aws/aws-sdk-go-v2) | `v1.85.0` → `v1.86.2` |  |  | | [github.com/aws/aws-sdk-go-v2/service/efs](https://redirect.github.com/aws/aws-sdk-go-v2) | `v1.42.1` → `v1.42.3` |  |  | | [github.com/aws/aws-sdk-go-v2/service/eks](https://redirect.github.com/aws/aws-sdk-go-v2) | `v1.87.0` → `v1.88.1` |  |  | | [github.com/aws/aws-sdk-go-v2/service/elasticloadbalancing](https://redirect.github.com/aws/aws-sdk-go-v2) | `v1.34.6` → `v1.34.8` |  |  | | [github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2](https://redirect.github.com/aws/aws-sdk-go-v2) | `v1.55.4` → `v1.55.6` |  |  | | [github.com/aws/aws-sdk-go-v2/service/iam](https://redirect.github.com/aws/aws-sdk-go-v2) | `v1.54.5` → `v1.54.7` |  |  | | [github.com/aws/aws-sdk-go-v2/service/kms](https://redirect.github.com/aws/aws-sdk-go-v2) | `v1.53.4` → `v1.53.6` |  |  | | [github.com/aws/aws-sdk-go-v2/service/lambda](https://redirect.github.com/aws/aws-sdk-go-v2) | `v1.93.0` → `v1.94.1` |  |  | | [github.com/aws/aws-sdk-go-v2/service/networkfirewall](https://redirect.github.com/aws/aws-sdk-go-v2) | `v1.61.8` → `v1.62.1` |  |  | | [github.com/aws/aws-sdk-go-v2/service/networkmanager](https://redirect.github.com/aws/aws-sdk-go-v2) | `v1.42.6` → `v1.42.8` |  |  | | [github.com/aws/aws-sdk-go-v2/service/rds](https://redirect.github.com/aws/aws-sdk-go-v2) | `v1.119.3` → `v1.119.5` |  |  | | [github.com/aws/aws-sdk-go-v2/service/route53](https://redirect.github.com/aws/aws-sdk-go-v2) | `v1.63.3` → `v1.63.5` |  |  | | [github.com/aws/aws-sdk-go-v2/service/s3](https://redirect.github.com/aws/aws-sdk-go-v2) | `v1.104.0` → `v1.104.2` |  |  | | [github.com/aws/aws-sdk-go-v2/service/sesv2](https://redirect.github.com/aws/aws-sdk-go-v2) | `v1.62.4` → `v1.62.6` |  |  | | [github.com/aws/aws-sdk-go-v2/service/sns](https://redirect.github.com/aws/aws-sdk-go-v2) | `v1.40.1` → `v1.40.3` |  |  | | [github.com/aws/aws-sdk-go-v2/service/sqs](https://redirect.github.com/aws/aws-sdk-go-v2) | `v1.44.0` → `v1.44.2` |  |  | | [github.com/aws/aws-sdk-go-v2/service/ssm](https://redirect.github.com/aws/aws-sdk-go-v2) | `v1.69.3` → `v1.69.5` |  |  | | [github.com/aws/aws-sdk-go-v2/service/sts](https://redirect.github.com/aws/aws-sdk-go-v2) | `v1.43.3` → `v1.43.5` |  |  | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/370) for more information. --- ### Release Notes <details> <summary>aws/aws-sdk-go-v2 (github.com/aws/aws-sdk-go-v2/service/autoscaling)</summary> ### [`v1.68.1`](https://redirect.github.com/aws/aws-sdk-go-v2/blob/HEAD/CHANGELOG.md#Release-2026-03-26) #### General Highlights - **Dependency Update**: Updated to the latest SDK module versions #### Module Highlights - `github.com/aws/aws-sdk-go-v2`: v1.41.5 - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/accessanalyzer`: [v1.45.12](service/accessanalyzer/CHANGELOG.md#v14512-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/account`: [v1.30.5](service/account/CHANGELOG.md#v1305-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/acm`: [v1.37.23](service/acm/CHANGELOG.md#v13723-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/acmpca`: [v1.46.12](service/acmpca/CHANGELOG.md#v14612-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/aiops`: [v1.6.21](service/aiops/CHANGELOG.md#v1621-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/amp`: [v1.42.9](service/amp/CHANGELOG.md#v1429-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/amplify`: [v1.38.14](service/amplify/CHANGELOG.md#v13814-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/amplifybackend`: [v1.32.20](service/amplifybackend/CHANGELOG.md#v13220-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/amplifyuibuilder`: [v1.28.20](service/amplifyuibuilder/CHANGELOG.md#v12820-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/apigateway`: [v1.39.1](service/apigateway/CHANGELOG.md#v1391-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/apigatewaymanagementapi`: [v1.29.14](service/apigatewaymanagementapi/CHANGELOG.md#v12914-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/apigatewayv2`: [v1.34.1](service/apigatewayv2/CHANGELOG.md#v1341-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/appconfig`: [v1.43.13](service/appconfig/CHANGELOG.md#v14313-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/appconfigdata`: [v1.23.22](service/appconfigdata/CHANGELOG.md#v12322-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/appfabric`: [v1.16.21](service/appfabric/CHANGELOG.md#v11621-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/appflow`: [v1.51.12](service/appflow/CHANGELOG.md#v15112-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/appintegrations`: [v1.37.7](service/appintegrations/CHANGELOG.md#v1377-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/applicationautoscaling`: [v1.41.14](service/applicationautoscaling/CHANGELOG.md#v14114-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/applicationcostprofiler`: [v1.27.12](service/applicationcostprofiler/CHANGELOG.md#v12712-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/applicationdiscoveryservice`: [v1.35.13](service/applicationdiscoveryservice/CHANGELOG.md#v13513-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/applicationinsights`: [v1.34.20](service/applicationinsights/CHANGELOG.md#v13420-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/applicationsignals`: [v1.19.1](service/applicationsignals/CHANGELOG.md#v1191-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/appmesh`: [v1.35.12](service/appmesh/CHANGELOG.md#v13512-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/apprunner`: [v1.39.14](service/apprunner/CHANGELOG.md#v13914-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/appstream`: [v1.54.4](service/appstream/CHANGELOG.md#v1544-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/appsync`: [v1.53.5](service/appsync/CHANGELOG.md#v1535-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/arcregionswitch`: [v1.6.3](service/arcregionswitch/CHANGELOG.md#v163-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/arczonalshift`: [v1.22.23](service/arczonalshift/CHANGELOG.md#v12223-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/artifact`: [v1.15.5](service/artifact/CHANGELOG.md#v1155-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/athena`: [v1.57.4](service/athena/CHANGELOG.md#v1574-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/auditmanager`: [v1.46.12](service/auditmanager/CHANGELOG.md#v14612-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/autoscaling`: [v1.64.4](service/autoscaling/CHANGELOG.md#v1644-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/autoscalingplans`: [v1.30.14](service/autoscalingplans/CHANGELOG.md#v13014-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/b2bi`: [v1.0.0-preview.100](service/b2bi/CHANGELOG.md#v100-preview100-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/backup`: [v1.54.11](service/backup/CHANGELOG.md#v15411-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/backupgateway`: [v1.26.3](service/backupgateway/CHANGELOG.md#v1263-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/backupsearch`: [v1.6.23](service/backupsearch/CHANGELOG.md#v1623-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/batch`: [v1.63.2](service/batch/CHANGELOG.md#v1632-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/bcmdashboards`: [v1.1.4](service/bcmdashboards/CHANGELOG.md#v114-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/bcmdataexports`: [v1.14.0](service/bcmdataexports/CHANGELOG.md#v1140-2026-03-26) - **Feature**: With this release we are providing an option to accounts to have their export delivered to an S3 bucket that is not owned by the account. - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/bcmpricingcalculator`: [v1.10.9](service/bcmpricingcalculator/CHANGELOG.md#v1109-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/bcmrecommendedactions`: [v1.1.5](service/bcmrecommendedactions/CHANGELOG.md#v115-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/bedrock`: [v1.57.1](service/bedrock/CHANGELOG.md#v1571-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/bedrockagent`: [v1.52.7](service/bedrockagent/CHANGELOG.md#v1527-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/bedrockagentcore`: [v1.15.2](service/bedrockagentcore/CHANGELOG.md#v1152-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/bedrockagentcorecontrol`: [v1.25.1](service/bedrockagentcorecontrol/CHANGELOG.md#v1251-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/bedrockagentruntime`: [v1.51.8](service/bedrockagentruntime/CHANGELOG.md#v1518-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/bedrockdataautomation`: [v1.13.5](service/bedrockdataautomation/CHANGELOG.md#v1135-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/bedrockdataautomationruntime`: [v1.10.4](service/bedrockdataautomationruntime/CHANGELOG.md#v1104-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/bedrockruntime`: [v1.50.4](service/bedrockruntime/CHANGELOG.md#v1504-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/billing`: [v1.10.4](service/billing/CHANGELOG.md#v1104-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/billingconductor`: [v1.28.5](service/billingconductor/CHANGELOG.md#v1285-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/braket`: [v1.39.8](service/braket/CHANGELOG.md#v1398-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/budgets`: [v1.43.4](service/budgets/CHANGELOG.md#v1434-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/chatbot`: [v1.14.21](service/chatbot/CHANGELOG.md#v11421-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/chime`: [v1.41.12](service/chime/CHANGELOG.md#v14112-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/chimesdkidentity`: [v1.27.20](service/chimesdkidentity/CHANGELOG.md#v12720-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/chimesdkmediapipelines`: [v1.26.21](service/chimesdkmediapipelines/CHANGELOG.md#v12621-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/chimesdkmeetings`: [v1.33.15](service/chimesdkmeetings/CHANGELOG.md#v13315-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/chimesdkmessaging`: [v1.32.17](service/chimesdkmessaging/CHANGELOG.md#v13217-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/chimesdkvoice`: [v1.28.13](service/chimesdkvoice/CHANGELOG.md#v12813-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/cleanrooms`: [v1.42.4](service/cleanrooms/CHANGELOG.md#v1424-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/cleanroomsml`: [v1.22.5](service/cleanroomsml/CHANGELOG.md#v1225-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/cloud9`: [v1.33.20](service/cloud9/CHANGELOG.md#v13320-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/cloudcontrol`: [v1.29.13](service/cloudcontrol/CHANGELOG.md#v12913-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/clouddirectory`: [v1.30.12](service/clouddirectory/CHANGELOG.md#v13012-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/cloudformation`: [v1.71.9](service/cloudformation/CHANGELOG.md#v1719-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/cloudfront`: [v1.60.4](service/cloudfront/CHANGELOG.md#v1604-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/cloudfrontkeyvaluestore`: [v1.12.24](service/cloudfrontkeyvaluestore/CHANGELOG.md#v11224-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/cloudhsm`: [v1.29.21](service/cloudhsm/CHANGELOG.md#v12921-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/cloudhsmv2`: [v1.34.21](service/cloudhsmv2/CHANGELOG.md#v13421-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/cloudsearch`: [v1.32.12](service/cloudsearch/CHANGELOG.md#v13212-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/cloudsearchdomain`: [v1.28.20](service/cloudsearchdomain/CHANGELOG.md#v12820-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/cloudtrail`: [v1.55.9](service/cloudtrail/CHANGELOG.md#v1559-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/cloudtraildata`: [v1.17.13](service/cloudtraildata/CHANGELOG.md#v11713-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/cloudwatch`: [v1.55.3](service/cloudwatch/CHANGELOG.md#v1553-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/cloudwatchevents`: [v1.32.23](service/cloudwatchevents/CHANGELOG.md#v13223-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs`: [v1.65.0](service/cloudwatchlogs/CHANGELOG.md#v1650-2026-03-26) - **Feature**: This release adds parameter support to saved queries in CloudWatch Logs Insights. Define reusable query templates with named placeholders, invoke them using start query. Available in Console, CLI and SDK - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/codeartifact`: [v1.38.21](service/codeartifact/CHANGELOG.md#v13821-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/codebuild`: [v1.68.13](service/codebuild/CHANGELOG.md#v16813-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/codecatalyst`: [v1.21.12](service/codecatalyst/CHANGELOG.md#v12112-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/codecommit`: [v1.33.12](service/codecommit/CHANGELOG.md#v13312-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/codeconnections`: [v1.10.20](service/codeconnections/CHANGELOG.md#v11020-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/codedeploy`: [v1.35.13](service/codedeploy/CHANGELOG.md#v13513-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/codeguruprofiler`: [v1.29.20](service/codeguruprofiler/CHANGELOG.md#v12920-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/codegurureviewer`: [v1.34.20](service/codegurureviewer/CHANGELOG.md#v13420-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/codegurusecurity`: [v1.16.24](service/codegurusecurity/CHANGELOG.md#v11624-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/codepipeline`: [v1.46.21](service/codepipeline/CHANGELOG.md#v14621-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/codestarconnections`: [v1.35.13](service/codestarconnections/CHANGELOG.md#v13513-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/codestarnotifications`: [v1.31.21](service/codestarnotifications/CHANGELOG.md#v13121-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/cognitoidentity`: [v1.33.22](service/cognitoidentity/CHANGELOG.md#v13322-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider`: [v1.59.3](service/cognitoidentityprovider/CHANGELOG.md#v1593-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/cognitosync`: [v1.29.12](service/cognitosync/CHANGELOG.md#v12912-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/comprehend`: [v1.40.21](service/comprehend/CHANGELOG.md#v14021-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/comprehendmedical`: [v1.31.21](service/comprehendmedical/CHANGELOG.md#v13121-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/computeoptimizer`: [v1.49.8](service/computeoptimizer/CHANGELOG.md#v1498-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/computeoptimizerautomation`: [v1.0.8](service/computeoptimizerautomation/CHANGELOG.md#v108-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/configservice`: [v1.62.1](service/configservice/CHANGELOG.md#v1621-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/connect`: [v1.166.1](service/connect/CHANGELOG.md#v11661-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/connectcampaigns`: [v1.20.20](service/connectcampaigns/CHANGELOG.md#v12020-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/connectcampaignsv2`: [v1.11.4](service/connectcampaignsv2/CHANGELOG.md#v1114-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/connectcases`: [v1.39.1](service/connectcases/CHANGELOG.md#v1391-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/connectcontactlens`: [v1.33.13](service/connectcontactlens/CHANGELOG.md#v13313-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/connecthealth`: [v1.0.3](service/connecthealth/CHANGELOG.md#v103-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/connectparticipant`: [v1.36.7](service/connectparticipant/CHANGELOG.md#v1367-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/controlcatalog`: [v1.14.9](service/controlcatalog/CHANGELOG.md#v1149-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/controltower`: [v1.28.9](service/controltower/CHANGELOG.md#v1289-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/costandusagereportservice`: [v1.34.13](service/costandusagereportservice/CHANGELOG.md#v13413-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/costexplorer`: [v1.63.6](service/costexplorer/CHANGELOG.md#v1636-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/costoptimizationhub`: [v1.22.8](service/costoptimizationhub/CHANGELOG.md#v1228-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/customerprofiles`: [v1.57.2](service/customerprofiles/CHANGELOG.md#v1572-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/databasemigrationservice`: [v1.61.10](service/databasemigrationservice/CHANGELOG.md#v16110-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/databrew`: [v1.39.14](service/databrew/CHANGELOG.md#v13914-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/dataexchange`: [v1.40.14](service/dataexchange/CHANGELOG.md#v14014-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/datapipeline`: [v1.30.20](service/datapipeline/CHANGELOG.md#v13020-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/datasync`: [v1.58.2](service/datasync/CHANGELOG.md#v1582-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/datazone`: [v1.54.2](service/datazone/CHANGELOG.md#v1542-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/dax`: [v1.29.16](service/dax/CHANGELOG.md#v12916-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/deadline`: [v1.26.2](service/deadline/CHANGELOG.md#v1262-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/detective`: [v1.38.13](service/detective/CHANGELOG.md#v13813-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/devicefarm`: [v1.38.8](service/devicefarm/CHANGELOG.md#v1388-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/devopsguru`: [v1.40.12](service/devopsguru/CHANGELOG.md#v14012-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/directconnect`: [v1.38.15](service/directconnect/CHANGELOG.md#v13815-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/directoryservice`: [v1.38.16](service/directoryservice/CHANGELOG.md#v13816-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/directoryservicedata`: [v1.7.21](service/directoryservicedata/CHANGELOG.md#v1721-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/dlm`: [v1.35.16](service/dlm/CHANGELOG.md#v13516-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/docdb`: [v1.48.13](service/docdb/CHANGELOG.md#v14813-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/docdbelastic`: [v1.20.13](service/docdbelastic/CHANGELOG.md#v12013-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/drs`: [v1.36.13](service/drs/CHANGELOG.md#v13613-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/dsql`: [v1.12.8](service/dsql/CHANGELOG.md#v1128-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/dynamodb`: [v1.57.1](service/dynamodb/CHANGELOG.md#v1571-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/dynamodbstreams`: [v1.32.14](service/dynamodbstreams/CHANGELOG.md#v13214-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/ebs`: [v1.33.14](service/ebs/CHANGELOG.md#v13314-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/ec2`: [v1.296.1](service/ec2/CHANGELOG.md#v12961-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/ec2instanceconnect`: [v1.32.20](service/ec2instanceconnect/CHANGELOG.md#v13220-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/ecr`: [v1.56.2](service/ecr/CHANGELOG.md#v1562-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/ecrpublic`: [v1.38.13](service/ecrpublic/CHANGELOG.md#v13813-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/ecs`: [v1.74.1](service/ecs/CHANGELOG.md#v1741-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/efs`: [v1.41.14](service/efs/CHANGELOG.md#v14114-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/eks`: [v1.81.2](service/eks/CHANGELOG.md#v1812-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/eksauth`: [v1.12.13](service/eksauth/CHANGELOG.md#v11213-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/elasticache`: [v1.51.13](service/elasticache/CHANGELOG.md#v15113-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/elasticbeanstalk`: [v1.34.2](service/elasticbeanstalk/CHANGELOG.md#v1342-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/elasticloadbalancing`: [v1.33.23](service/elasticloadbalancing/CHANGELOG.md#v13323-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2`: [v1.54.10](service/elasticloadbalancingv2/CHANGELOG.md#v15410-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/elasticsearchservice`: [v1.39.2](service/elasticsearchservice/CHANGELOG.md#v1392-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/elementalinference`: [v1.0.3](service/elementalinference/CHANGELOG.md#v103-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/emr`: [v1.59.0](service/emr/CHANGELOG.md#v1590-2026-03-26) - **Feature**: Add StepExecutionRoleArn to RunJobFlow API - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/emrcontainers`: [v1.40.17](service/emrcontainers/CHANGELOG.md#v14017-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/emrserverless`: [v1.39.6](service/emrserverless/CHANGELOG.md#v1396-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/entityresolution`: [v1.26.5](service/entityresolution/CHANGELOG.md#v1265-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/eventbridge`: [v1.45.23](service/eventbridge/CHANGELOG.md#v14523-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/evs`: [v1.6.4](service/evs/CHANGELOG.md#v164-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/finspace`: [v1.33.21](service/finspace/CHANGELOG.md#v13321-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/finspacedata`: [v1.33.21](service/finspacedata/CHANGELOG.md#v13321-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/firehose`: [v1.42.13](service/firehose/CHANGELOG.md#v14213-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/fis`: [v1.37.20](service/fis/CHANGELOG.md#v13720-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/fms`: [v1.44.22](service/fms/CHANGELOG.md#v14422-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/forecast`: [v1.41.21](service/forecast/CHANGELOG.md#v14121-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/forecastquery`: [v1.29.21](service/forecastquery/CHANGELOG.md#v12921-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/frauddetector`: [v1.41.12](service/frauddetector/CHANGELOG.md#v14112-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/freetier`: [v1.13.14](service/freetier/CHANGELOG.md#v11314-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/fsx`: [v1.65.7](service/fsx/CHANGELOG.md#v1657-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/gamelift`: [v1.51.3](service/gamelift/CHANGELOG.md#v1513-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/gameliftstreams`: [v1.11.1](service/gameliftstreams/CHANGELOG.md#v1111-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/geomaps`: [v1.9.4](service/geomaps/CHANGELOG.md#v194-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/geoplaces`: [v1.8.5](service/geoplaces/CHANGELOG.md#v185-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/georoutes`: [v1.7.14](service/georoutes/CHANGELOG.md#v1714-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/glacier`: [v1.32.6](service/glacier/CHANGELOG.md#v1326-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/globalaccelerator`: [v1.35.15](service/globalaccelerator/CHANGELOG.md#v13515-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/glue`: [v1.139.1](service/glue/CHANGELOG.md#v11391-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/service/grafana`: [v1.33.4](service/grafana/CHANGELOG.md#v1334-2026-03-26) - **Bug Fix**: Fix a bug where a recorded clock skew could persist on the client even if the client and server clock ended up realigning. - `github.com/aws/aws-sdk-go-v2/serv > ✂ **Note** > > PR body was truncated to here. </details> --- ### Configuration 📅 **Schedule**: (in timezone Europe/London) - Branch creation - "after 6pm on thursday,before 10am on friday" - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/overmindtech/workspace). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yNDIuMiIsInVwZGF0ZWRJblZlciI6IjQzLjI0Mi4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiLCJnb2xhbmciXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> GitOrigin-RevId: 567c239e09cecdf26b71f67b331058207ca1ff89
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [charm.land/lipgloss/v2](https://redirect.github.com/charmbracelet/lipgloss) | `v2.0.4` → `v2.0.5` |  |  | | [github.com/auth0/go-auth0/v2](https://redirect.github.com/auth0/go-auth0) | `v2.13.0` → `v2.14.0` |  |  | | [github.com/harness/harness-go-sdk](https://redirect.github.com/harness/harness-go-sdk) | `v0.8.3` → `v0.8.7` |  |  | | [github.com/jedib0t/go-pretty/v6](https://redirect.github.com/jedib0t/go-pretty) | `v6.8.1` → `v6.8.2` |  |  | | [github.com/posthog/posthog-go](https://redirect.github.com/posthog/posthog-go) | `v1.16.1` → `v1.17.4` |  |  | | [github.com/slack-go/slack](https://redirect.github.com/slack-go/slack) | `v0.26.0` → `v0.27.0` |  |  | | [gitlab.com/gitlab-org/api/client-go/v2](https://gitlab.com/gitlab-org/api/client-go) | `v2.43.0` → `v2.44.0` |  |  | | [google.golang.org/grpc](https://redirect.github.com/grpc/grpc-go) | `v1.81.1` → `v1.82.0` |  |  | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/370) for more information. --- ### Release Notes <details> <summary>charmbracelet/lipgloss (charm.land/lipgloss/v2)</summary> ### [`v2.0.5`](https://redirect.github.com/charmbracelet/lipgloss/releases/tag/v2.0.5) [Compare Source](https://redirect.github.com/charmbracelet/lipgloss/compare/v2.0.4...v2.0.5) #### Changelog *** <a href="https://charm.land/"><img alt="The Charm logo" src="https://stuff.charm.sh/charm-banner-next.jpg" width="400"></a> Thoughts? Questions? We love hearing from you. Feel free to reach out on [X](https://x.com/charmcli), [Discord](https://charm.land/discord), [Slack](https://charm.land/slack), [The Fediverse](https://mastodon.social/@​charmcli), [Bluesky](https://bsky.app/profile/charm.land). </details> <details> <summary>auth0/go-auth0 (github.com/auth0/go-auth0/v2)</summary> ### [`v2.14.0`](https://redirect.github.com/auth0/go-auth0/blob/HEAD/CHANGELOG.md#v2140-2026-06-24) [Compare Source](https://redirect.github.com/auth0/go-auth0/compare/v2.13.0...v2.14.0) [Full Changelog](https://redirect.github.com/auth0/go-auth0/compare/v2.13.0...v2.14.0) **Breaking Changes** - Changed user date fields (`CreatedAt`, `UpdatedAt`, `LastLogin`, `LastPasswordReset`, `MultifactorLastModified`) on `CreateUserResponseContent`, `GetUserResponseContent`, `UpdateUserResponseContent`, and `UserResponseSchema` from `*UserDateSchema` to `*time.Time`, and removed the `UserDateSchema` type and `UserDateSchemaVisitor` interface [#​801](https://redirect.github.com/auth0/go-auth0/pull/801) ([fern-api\[bot\]](https://redirect.github.com/apps/fern-api)) - Changed identity `UserID` fields on `UserIdentitySchema` and `DeleteUserIdentityResponseContentItem` to the string-or-integer `UserID` union (from `*string`/`string`) [#​801](https://redirect.github.com/auth0/go-auth0/pull/801) ([fern-api\[bot\]](https://redirect.github.com/apps/fern-api)) - Changed `UpdateClientRequestContent` `NativeSocialLogin` to `*NativeSocialLoginPatch` and `FedcmLogin` to `*FedCmLoginPatch` [#​801](https://redirect.github.com/auth0/go-auth0/pull/801) ([fern-api\[bot\]](https://redirect.github.com/apps/fern-api)) **Added** - feat: add phone provider protection API (`Management.AttackProtection.PhoneProviderProtection`) with `Get` and `Patch` methods and the `PhoneProviderProtectionBackoffStrategyEnum` [#​801](https://redirect.github.com/auth0/go-auth0/pull/801) ([fern-api\[bot\]](https://redirect.github.com/apps/fern-api)) - feat: add native social login configuration types (`NativeSocialLoginPatch`, `NativeSocialLoginApplePatch`, `NativeSocialLoginFacebookPatch`, `NativeSocialLoginGooglePatch`) and FedCM login configuration types (`FedCmLoginPatch`, `FedCmLoginGooglePatch`) [#​801](https://redirect.github.com/auth0/go-auth0/pull/801) ([fern-api\[bot\]](https://redirect.github.com/apps/fern-api)) - feat: add token vault privileged access types (`ClientTokenVaultPrivilegedAccessWithCredentialID`, `ClientTokenVaultPrivilegedAccessWithPublicKey`, `TokenVaultPrivilegedAccessIPAllowlistEntry`) [#​801](https://redirect.github.com/auth0/go-auth0/pull/801) ([fern-api\[bot\]](https://redirect.github.com/apps/fern-api)) - feat: add `CrossAppAccessRequestingApp` field and type to `CreateConnectionResponseContent` and `GetConnectionResponseContent` [#​801](https://redirect.github.com/auth0/go-auth0/pull/801) ([fern-api\[bot\]](https://redirect.github.com/apps/fern-api)) - feat: add `PhoneVerified`, `Multifactor`, `MultifactorLastModified`, `LastIP`, `LastLogin`, and `LastPasswordReset` fields to user response types [#​801](https://redirect.github.com/auth0/go-auth0/pull/801) ([fern-api\[bot\]](https://redirect.github.com/apps/fern-api)) - feat: add `auth_email_by_code` value to `EmailTemplateNameEnum` [#​801](https://redirect.github.com/auth0/go-auth0/pull/801) ([fern-api\[bot\]](https://redirect.github.com/apps/fern-api)) **Fixed** - fix: map HTTP `409` responses on self-service profiles to `ConflictError` [#​801](https://redirect.github.com/auth0/go-auth0/pull/801) ([fern-api\[bot\]](https://redirect.github.com/apps/fern-api)) - fix: preserve the raw JSON payload on `EventStreamSubscribeEventsResponseContent` so unknown union members round-trip through marshal/unmarshal and validation [#​801](https://redirect.github.com/auth0/go-auth0/pull/801) ([fern-api\[bot\]](https://redirect.github.com/apps/fern-api)) </details> <details> <summary>harness/harness-go-sdk (github.com/harness/harness-go-sdk)</summary> ### [`v0.8.7`](https://redirect.github.com/harness/harness-go-sdk/compare/v0.8.6...v0.8.7) [Compare Source](https://redirect.github.com/harness/harness-go-sdk/compare/v0.8.6...v0.8.7) ### [`v0.8.6`](https://redirect.github.com/harness/harness-go-sdk/compare/v0.8.5...v0.8.6) [Compare Source](https://redirect.github.com/harness/harness-go-sdk/compare/v0.8.5...v0.8.6) ### [`v0.8.5`](https://redirect.github.com/harness/harness-go-sdk/compare/v0.8.4...v0.8.5) [Compare Source](https://redirect.github.com/harness/harness-go-sdk/compare/v0.8.4...v0.8.5) ### [`v0.8.4`](https://redirect.github.com/harness/harness-go-sdk/compare/v0.8.3...v0.8.4) [Compare Source](https://redirect.github.com/harness/harness-go-sdk/compare/v0.8.3...v0.8.4) </details> <details> <summary>jedib0t/go-pretty (github.com/jedib0t/go-pretty/v6)</summary> ### [`v6.8.2`](https://redirect.github.com/jedib0t/go-pretty/releases/tag/v6.8.2) [Compare Source](https://redirect.github.com/jedib0t/go-pretty/compare/v6.8.1...v6.8.2) #### What's Changed - text: trim to display width so CJK content respects maxLen by [@​greymoth-jp](https://redirect.github.com/greymoth-jp) in [#​410](https://redirect.github.com/jedib0t/go-pretty/pull/410) #### New Contributors - [@​greymoth-jp](https://redirect.github.com/greymoth-jp) made their first contribution in [#​410](https://redirect.github.com/jedib0t/go-pretty/pull/410) **Full Changelog**: <jedib0t/go-pretty@v6.8.1...v6.8.2> </details> <details> <summary>posthog/posthog-go (github.com/posthog/posthog-go)</summary> ### [`v1.17.4`](https://redirect.github.com/PostHog/posthog-go/releases/tag/v1.17.4): 1.17.4 [Compare Source](https://redirect.github.com/posthog/posthog-go/compare/v1.17.3...v1.17.4) #### Unreleased ### [`v1.17.3`](https://redirect.github.com/PostHog/posthog-go/releases/tag/v1.17.3): 1.17.3 [Compare Source](https://redirect.github.com/posthog/posthog-go/compare/v1.17.2...v1.17.3) #### Unreleased ### [`v1.17.2`](https://redirect.github.com/PostHog/posthog-go/releases/tag/v1.17.2): 1.17.2 [Compare Source](https://redirect.github.com/posthog/posthog-go/compare/v1.17.1...v1.17.2) #### Unreleased ### [`v1.17.1`](https://redirect.github.com/PostHog/posthog-go/releases/tag/v1.17.1): 1.17.1 [Compare Source](https://redirect.github.com/posthog/posthog-go/compare/v1.17.0...v1.17.1) #### Unreleased ### [`v1.17.0`](https://redirect.github.com/PostHog/posthog-go/releases/tag/v1.17.0): 1.17.0 [Compare Source](https://redirect.github.com/posthog/posthog-go/compare/v1.16.2...v1.17.0) #### Unreleased ### [`v1.16.2`](https://redirect.github.com/PostHog/posthog-go/releases/tag/v1.16.2): 1.16.2 [Compare Source](https://redirect.github.com/posthog/posthog-go/compare/v1.16.1...v1.16.2) #### Unreleased </details> <details> <summary>slack-go/slack (github.com/slack-go/slack)</summary> ### [`v0.27.0`](https://redirect.github.com/slack-go/slack/releases/tag/v0.27.0) [Compare Source](https://redirect.github.com/slack-go/slack/compare/v0.26.0...v0.27.0) #### Added - Support for [`data_visualization`](https://docs.slack.dev/reference/block-kit/blocks/data-visualization-block/) block through `DataVisualizationBlock`. - Team`now preserves`enterprise\_id`and`enterprise\_name`when Slack includes Enterprise org details in interaction payload`team\` objects. **Full Changelog**: <slack-go/slack@v0.26.0...v0.27.0> </details> <details> <summary>gitlab-org/api/client-go (gitlab.com/gitlab-org/api/client-go/v2)</summary> ### [`v2.44.0`](https://gitlab.com/gitlab-org/api/client-go/tags/v2.44.0) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.43.0...v2.44.0) ##### 2.44.0 ##### 🚀 Features - feat: support renew application secret api endpoint ([!2934](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2934)) by [BoxBoxJason](https://gitlab.com/BoxBoxJason) ##### 🔄 Other Changes - chore(deps): update docker docker tag to v29.6.0 ([!2930](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2930)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) - test(workitems): split t.Run() sub-tests into individual parent test functions ([!2929](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2929)) by [Patrick Rice](https://gitlab.com/PatrickRice) ##### [2.44.0](https://gitlab.com/gitlab-org/api/client-go/compare/v2.43.0...v2.44.0) (2026-06-29) ##### Features * support renew application secret api endpoint ([576fa15](https://gitlab.com/gitlab-org/api/client-go/commit/576fa15ec5d4e26a21e7d5a006f2afcc6e3d59ac)) </details> <details> <summary>grpc/grpc-go (google.golang.org/grpc)</summary> ### [`v1.82.0`](https://redirect.github.com/grpc/grpc-go/releases/tag/v1.82.0): Release 1.82.0 [Compare Source](https://redirect.github.com/grpc/grpc-go/compare/v1.81.1...v1.82.0) ### Behavior Changes - server: Remove support for `GRPC_GO_EXPERIMENTAL_DISABLE_STRICT_PATH_CHECKING` environment varibale. Strict incoming RPC path validation (which has been the default since `v1.79.3`) can no longer be disabled. ([#​9112](https://redirect.github.com/grpc/grpc-go/issues/9112)) - transport: Add environment variable to change the default max header list size from `16MB` to `8KB`. This may be enabled by setting `GRPC_GO_EXPERIMENTAL_ENABLE_8KB_DEFAULT_HEADER_LIST_SIZE=true`. This will be enabled by default in a subsequent release. ([#​9019](https://redirect.github.com/grpc/grpc-go/issues/9019)) - balancer: Load Balancing policy registry is now case-sensitive. Set `GRPC_GO_EXPERIMENTAL_CASE_SENSITIVE_BALANCER_REGISTRIES=false` (and file an issue) to revert to case-insensitive behavior. ([#​9017](https://redirect.github.com/grpc/grpc-go/issues/9017)) ### New Features - experimental/stats: Expose a new API, `NewContextWithLabelCallback`, to register a callback that is invoked when telemetry labels are added. ([#​8877](https://redirect.github.com/grpc/grpc-go/issues/8877)) - Special Thanks: [@​seth-epps](https://redirect.github.com/seth-epps) - client: Return a portion of the response body in the error message, when the client receives an unexpected non-gRPC HTTP response, to make debugging easier. ([#​8929](https://redirect.github.com/grpc/grpc-go/issues/8929)) - Special Thanks: [@​chengxilo](https://redirect.github.com/chengxilo) - server: Add environment variable `GRPC_GO_SERVER_GOROUTINE_LABELS` that controls setting `runtime/pprof.Labels` on goroutines spawned by the server. Set `GRPC_GO_SERVER_GOROUTINE_LABELS=grpc.method=true` to add the `grpc.method` label on goroutines spawned to handle incoming requests. ([#​9082](https://redirect.github.com/grpc/grpc-go/issues/9082)) - Special Thanks: [@​dfinkel](https://redirect.github.com/dfinkel) ### Bug Fixes - xds/server: Fix a memory leak of HTTP filter instances occurring when route configurations are updated in-place during a Route Discovery Service (RDS) update. ([#​9138](https://redirect.github.com/grpc/grpc-go/issues/9138)) - grpc: In the deprecated `gzip` Compressor (used via the deprecated `WithCompressor` dial option), enforce the `MaxRecvMsgSize` limit on the decompressed message buffer, preventing excessive memory allocation from highly compressed payloads. ([#​9114](https://redirect.github.com/grpc/grpc-go/issues/9114)) - Special Thanks: [@​evilgensec](https://redirect.github.com/evilgensec) - stats/opentelemetry: Record retry attempts, `grpc.previous-rpc-attempts`, at the call level and not the attempt level. ([#​8923](https://redirect.github.com/grpc/grpc-go/issues/8923)) - encoding: Ensure `Close()` is always called on readers returned from `Compressor.Decompress` if possible. ([#​9135](https://redirect.github.com/grpc/grpc-go/issues/9135)) - channelz: Fix the `LastMessageSentTimestamp` and `LastMessageReceivedTimestamp` fields in `SocketMetrics` to ensure they contain correct timestamp values. ([#​9109](https://redirect.github.com/grpc/grpc-go/issues/9109)) </details> --- ### Configuration 📅 **Schedule**: (in timezone Europe/London) - Branch creation - "after 6pm on thursday,before 10am on friday" - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/overmindtech/workspace). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yNDIuMiIsInVwZGF0ZWRJblZlciI6IjQzLjI0Mi4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiLCJnb2xhbmciXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> GitOrigin-RevId: f097c0715860637c064084b9ac5781a3bb8b413f
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v7](https://redirect.github.com/Azure/azure-sdk-for-go) | `v7.3.0` → `v8.1.0` |  |  | | [github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/operationalinsights/armoperationalinsights](https://redirect.github.com/Azure/azure-sdk-for-go) | `v1.2.0` → `v3.0.0` |  |  | | [github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatedns](https://redirect.github.com/Azure/azure-sdk-for-go) | `v1.3.0` → `v2.0.0` |  |  | | [github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources/v2](https://redirect.github.com/Azure/azure-sdk-for-go) | `v2.1.0` → `v4.0.0` |  |  | | [github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage/v3](https://redirect.github.com/Azure/azure-sdk-for-go) | `v3.0.0` → `v4.1.0` |  |  | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/370) for more information. --- ### Configuration 📅 **Schedule**: (in timezone Europe/London) - Branch creation - "after 6pm on thursday,before 10am on friday" - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/overmindtech/workspace). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yNDIuMiIsInVwZGF0ZWRJblZlciI6IjQzLjI0Mi4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiLCJnb2xhbmciXX0=--> <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Medium Risk** > Wide blast radius across Azure discovery (compute, storage, networking DNS, Log Analytics) on major SDK bumps; behavior risk is mostly compile-time compatibility and any subtle API differences not covered by tests. > > **Overview** > Bumps several **Azure Resource Manager** Go SDK modules to new major versions and rewires imports across the Azure source (`go.mod`/`go.sum`, clients, manual adapters, mocks, integration tests, and `adapters.go`). > > **Dependency moves:** `armcompute` v7→v8, `armstorage` v3→v4, `armresources` v2→v4, `armprivatedns` v1→v2 (versioned import), and `armoperationalinsights` v1→v3. The adapter template example now points at `armcompute/v8`. > > Aside from path churn, the only visible API adjustment in the diff is **`TableClient.Create`** in the storage table integration helper: it now passes the table body as a direct `armstorage.Table` argument instead of wrapping it in `TableClientCreateOptions`. > > No adapter logic changes are shown beyond staying on the new SDK types. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 416eb42878cad24ea1fac7c01ebca3f9baee441a. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY --> --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: lionel.wilson <lionel.wilson@overmind.tech> Co-authored-by: Cursor <cursoragent@cursor.com> GitOrigin-RevId: 515e3ec91d344cc7b0c13757a30547c243e6f80f
tphoney
approved these changes
Jul 7, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Copybara Sync - Release v1.18.7
This PR was automatically created by Copybara, syncing changes from the overmindtech/workspace monorepo.
Original author: renovate[bot] (29139614+renovate[bot]@users.noreply.github.com)
What happens when this PR is merged?
tag-on-mergeworkflow will automatically create thev1.18.7tag on mainReview Checklist