chore(deps): bump aws-lambda-powertools[aws-sdk] from 2.36.0 to 2.39.1 in /src

[dependabot]

Bumps aws-lambda-powertools[aws-sdk] from 2.36.0 to 2.39.1.

Release notes

Sourced from aws-lambda-powertools[aws-sdk]'s releases.

v2.39.1

Summary

The regression issue caused by PR aws-powertools/powertools-lambda-python#4421 is resolved in this patch release. The issue occurred due to static typing importing Pydantic, as it went undetected in our pipeline and code review.

To prevent from happening again, we will introduce dynamic tests for all optional dependencies. We will pause new releases until that is implemented and verified. For further improvement, we will look into making daily pre-releases to help create more complex canary tests.

Changes

🐛 Bug and hot fixes

• fix(event_handler): regression making pydantic required (it should not) (#4500) by @​leandrodamascena

This release was made possible by the following contributors:

@​github-actions, @​github-actions[bot] and @​leandrodamascena

v2.39.0

Summary

This release improves Event Handler with (a) better serialization error for unsupported data types, and (b) middlewares are now triggered when a route is not found (404). We also crushed OpenAPI bugs for a smoother experience 🪲.

Thanks to @knightmre, Event Source Data Classes now features (a) updates Cognito User Pool User Migration event with verification link, and (b) new Pre-token generation and custom sender events.

🌟 ⭐ A big thank you to our new contributors: @knightmre, @phipag, @keithrozario, and @stevenhoelscher.

Event Handler middlewares are now triggered even when a route is not found (404)

Docs

You can now run middlewares even when a route is not found. Before, Event Handler immediately returned a HTTP 404 (Not Found). However, we learned from customers that key middleware logic should always run regardless, hence the fix.

This allows you to consistently perform cross-cutting concerns like logging, header injection, authorization, etc. even for invalid routes.

New CloudFormation Custom Resource Event Source Data Class

Docs

You can now use CloudFormationCustomResourceEvent for a better experience with type hinting and code completion support.

NOTE. We recommend customers to use CloudFormation Custom Resource Helper library to author custom resources.

Better error message for unsupported data types in Event Handler

Docs

We now raise a SerializationError when trying to serialize unsupported data types. Before, Event Handler did not distinguish between unsupported type or object altogether, like SQLAlchemy models.

... (truncated)

Changelog

Sourced from aws-lambda-powertools[aws-sdk]'s changelog.

[v2.39.1] - 2024-06-13

Bug Fixes

• event_handler: regression making pydantic required (it should not) (#4500)

Maintenance

• version bump

[v2.39.0] - 2024-06-13

Bug Fixes

• event_handler: do not skip middleware and exception handlers on 404 error (#4492)
• event_handler: raise more specific SerializationError exception for unsupported types in data validation (#4415)
• event_handler: security scheme unhashable list when working with router (#4421)
• event_handler: CORS Origin for ALBResolver multi-headers (#4385)
• idempotency: POWERTOOLS_IDEMPOTENCY_DISABLED should respect truthy values (#4391)

Documentation

• homepage: Change installation to CDK v2 (#4351)
• public reference: add Recast as a public reference (#4491)

Features

• event_source: add CloudFormationCustomResourceEvent data class. (#4342)
• events: Update and Add Cognito User Pool Events (#4423)

Maintenance

• version bump
• deps: bump the layer-balancer group in /layer/scripts/layer-balancer with 3 updates (#4369)
• deps: bump the layer-balancer group in /layer/scripts/layer-balancer with 3 updates (#4468)
• deps: bump datadog-lambda from 5.94.0 to 6.95.0 (#4471)
• deps: bump redis from 5.0.4 to 5.0.5 (#4464)
• deps: bump aws-encryption-sdk from 3.2.0 to 3.3.0 (#4393)
• deps: bump codecov/codecov-action from 4.4.0 to 4.4.1 (#4376)
• deps: bump squidfunk/mkdocs-material from 8a87f05 to 96abcbb in /docs (#4461)
• deps: bump typing-extensions from 4.12.1 to 4.12.2 (#4470)
• deps: bump the layer-balancer group in /layer/scripts/layer-balancer with 2 updates (#4396)
• deps: bump aws-xray-sdk from 2.13.0 to 2.13.1 (#4379)
• deps: bump actions/dependency-review-action from 4.3.2 to 4.3.3 (#4456)
• deps: bump aws-xray-sdk from 2.13.1 to 2.14.0 (#4453)
• deps: bump typing-extensions from 4.11.0 to 4.12.0 (#4404)
• deps: bump squidfunk/mkdocs-material from 5358893 to 8a87f05 in /docs (#4408)
• deps: bump zgosalvez/github-actions-ensure-sha-pinned-actions from 3.0.6 to 3.0.7 (#4478)
• deps: bump squidfunk/mkdocs-material from 48d1914 to 5358893 in /docs (#4377)
• deps: bump the layer-balancer group in /layer/scripts/layer-balancer with 3 updates (#4444)

... (truncated)

Commits

• 38690f6 chore: version bump
• cb1b194 fix(event_handler): regression making pydantic required (it should not) (#4500)
• 1655ee5 chore(ci): layer docs update (#4496)
• 3e827c0 chore(ci): bump version to 2.39.0 (#4495)
• acc919f chore(ci): changelog rebuild (#4494)
• 242da37 chore(deps): bump actions/checkout from 4.1.6 to 4.1.7 (#4493)
• 463dd47 fix(event_handler): do not skip middleware and exception handlers on 404 erro...
• e8dfebf docs(public reference): add Recast as a public reference (#4491)
• 81892c1 feat(events): Update and Add Cognito User Pool Events (#4423)
• b767d30 chore(ci): changelog rebuild (#4490)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)