Changes for v3.0.9 (#276)

Author: yq-yang-qin

CHANGELOG.md

@@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [3.0.9] - 2025-03-03
+
+### Security
+
+- Updated python and npm dependencies
+
 ## [3.0.8] - 2024-11-25
 
 ### Security
@@ -47,11 +53,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 - Remove Android (AAID) and iOS (IDFA) options for Mobile Ad Id (MAID) because MAID now supersedes AAID and IDFA.
 
-### Fixed 
+### Fixed
 
-- Avoid dropping Country Code when LiveRamp, Experian, or Mobile Ad IDs are used for identity resolution instead of hashed PII.  
-- Upload with manifest files rather than individual files so that the partitions of large files do not overwrite each other when using the FULL_REPLACE update strategy. 
-- Fix error parsing the Glue ETL parameter for timestamp_column when country_code parameter is unspecified
+- Avoid dropping Country Code when LiveRamp, Experian, or Mobile Ad IDs are used for identity resolution instead of hashed PII.
+- Upload with manifest files rather than individual files so that the partitions of large files do not overwrite each other when using the FULL_REPLACE update strategy.
+- Fix error parsing the Glue ETL parameter for timestamp_column when country_code parameter is unspecified.
 
 ## [3.0.1] - 2024-06-21
 
@@ -67,7 +73,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Changed
 
-- Migrated all AMC requests to use OAuth and the AMC API provided by Amazon Ads instead of instance-level APIs. 
+- Migrated all AMC requests to use OAuth and the AMC API provided by Amazon Ads instead of instance-level APIs.
 - Migrated the front-end to align with the AMC API provided by Amazon Ads.
 - Migrated the front-end to use the Amazon Cognito hosted user interface for login instead of AWS Amplify.
 - Replaced time-series based file partitioning (which the AMC API no longer requires) with a strategy based on file size so that pseudonymized files will not exceed 500MB (compressed).
@@ -85,7 +91,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [2.3.0] - 2024-02-29
 
 ### Changed
- 
+
 - Provide country code when creating dataset in AMC.  
 
 ### Security

CONTRIBUTING.md

@@ -6,24 +6,23 @@ documentation, we greatly value feedback and contributions from our community.
 Please read through this document before submitting any issues or pull requests to ensure we have all the necessary
 information to effectively respond to your bug report or contribution.
 
-
 ## Reporting Bugs/Feature Requests
 
 We welcome you to use the GitHub issue tracker to report bugs or suggest features.
 
 When filing an issue, please check [existing open](https://github.com/aws-solutions/amazon-marketing-cloud-uploader-from-aws/issues), or [recently closed](https://github.com/aws-solutions/amazon-marketing-cloud-uploader-from-aws/issues?utf8=%E2%9C%93&q=is%3Aissue%20is%3Aclosed%20), issues to make sure somebody else hasn't already
 reported the issue. Please try to include as much information as you can. Details like these are incredibly useful:
 
-* A reproducible test case or series of steps
-* The version of our code being used
-* Any modifications you've made relevant to the bug
-* Anything unusual about your environment or deployment
-
+- A reproducible test case or series of steps
+- The version of our code being used
+- Any modifications you've made relevant to the bug
+- Anything unusual about your environment or deployment
 
 ## Contributing via Pull Requests
+
 Contributions via pull requests are much appreciated. Before sending us a pull request, please ensure that:
 
-1. You are working against the latest source on the *main* branch.
+1. You are working against the latest source on the _main_ branch.
 2. You check existing open, and recently merged, pull requests to make sure someone else hasn't addressed the problem already.
 3. You open an issue to discuss any significant work - we would hate for your time to be wasted.
 
@@ -39,24 +38,22 @@ To send us a pull request, please:
 GitHub provides additional document on [forking a repository](https://help.github.com/articles/fork-a-repo/) and
 [creating a pull request](https://help.github.com/articles/creating-a-pull-request/).
 
-
 ## Finding contributions to work on
-Looking at the existing issues is a great way to find something to contribute on. As our projects, by default, use the default GitHub issue labels ((enhancement/bug/duplicate/help wanted/invalid/question/wontfix), looking at any ['help wanted'](https://github.com/aws-solutions/amazon-marketing-cloud-uploader-from-aws/labels/help%20wanted) issues is a great place to start.
 
+Looking at the existing issues is a great way to find something to contribute on. As our projects, by default, use the default GitHub issue labels ((enhancement/bug/duplicate/help wanted/invalid/question/wontfix), looking at any ['help wanted'](https://github.com/aws-solutions/amazon-marketing-cloud-uploader-from-aws/labels/help%20wanted) issues is a great place to start.
 
 ## Code of Conduct
+
 This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct).
 For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact
 [email protected] with any additional questions or comments.
 
-
 ## Security issue notifications
-If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public github issue.
 
+If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public github issue.
 
 ## Licensing
 
 See the [LICENSE](https://github.com/aws-solutions/amazon-marketing-cloud-uploader-from-aws/blob/main/LICENSE.txt) file for our project's licensing. We will ask you to confirm the licensing of your contribution.
 
-We may ask you to sign a [Contributor License Agreement (CLA)](http://en.wikipedia.org/wiki/Contributor_License_Agreement) for larger changes.
-
+We may ask you to sign a [Contributor License Agreement (CLA)](https://en.wikipedia.org/wiki/Contributor_License_Agreement) for larger changes.

NOTICE.txt

@@ -91,7 +91,7 @@ tzdata under the Apache License Version 2.0
 wrapt under the BSD license
 xmltodict under the Massachusetts Institute of Technology license
 
-docker/library/alpine license unknown or missing
+docker/library/alpine license under the MIT license.
 @ampproject/remapping under the Apache-2.0 license.
 @jridgewell/gen-mapping under the MIT license.
 @jridgewell/set-array under the MIT license.

SECURITY.md

@@ -1,6 +1,11 @@
-Reporting Security Issues
-----------------------------------------------------------------------------------------------------------
-We take all security reports seriously. When we receive such reports, we will investigate and
-subsequently address any potential vulnerabilities as quickly as possible. If you discover a potential
-security issue in this project, please notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/) or
-directly via email to [AWS Security](mailto:[email protected]). Please do not create a public GitHub issue in this project.
+# Reporting Security Issues
+
+We take all security reports seriously.
+When we receive such reports,
+we will investigate and subsequently address
+any potential vulnerabilities as quickly as possible.
+If you discover a potential security issue in this project,
+please notify AWS/Amazon Security via our
+[vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/)
+or directly via email to [AWS Security](mailto:[email protected]).
+Please do *not* create a public GitHub issue in this project.

deployment/lambda_layer_factory/requirements.txt

@@ -1 +1 @@
-aws-xray-sdk==2.12.0
+aws-xray-sdk==2.13.0

solution-manifest.yaml

@@ -1,7 +1,7 @@
 ---
 id: SO0222 # Solution Id
 name: amazon-marketing-cloud-uploader-from-aws # trademarked name
-version: v3.0.8 # current version of the solution. Used to verify template headers
+version: v3.0.9 # current version of the solution. Used to verify template headers
 cloudformation_templates: # This list should match with AWS CloudFormation templates section of IG
   - template: amazon-marketing-cloud-uploader-from-aws.template
     main_template: true

source/requirements-dev.txt

@@ -1,15 +1,15 @@
 -e amc_uploader
-aws-xray-sdk==2.12.0
+aws-xray-sdk==2.13.0
 awswrangler==3.9.1
-boto3==1.26.158 
-botocore==1.29.158
-moto[s3,cognitoidp]==5.0.2
-pandas==2.0.2
-phonenumbers==8.13.14
-pytest==7.3.2
-pytest-cov==4.1.0
-regex==2023.6.3
+boto3==1.34.101
+botocore==1.34.101
+moto[s3,cognitoidp]==5.0.6
+pandas==2.2.2
+phonenumbers==8.13.36
+pytest==8.2.0
+pytest-cov==5.0.0
+regex==2024.4.28
 requests>=2.32.2
 requests_aws4auth==1.2.3
 selenium==4.10.0
-webdriver-manager==3.8.6
+webdriver-manager==4.0.1

source/share/tasks.py

@@ -268,7 +268,7 @@ def process_request(self, **kwargs):
             "Authorization": f'Bearer {kwargs["access_token"]}',
             "Content-Type": "application/json",
             "x-amzn-service-name": "amazon-marketing-cloud-uploader-from-aws",
-            "x-amzn-service-version": "v3.0.8"
+            "x-amzn-service-version": "v3.0.9"
         }
 
         if kwargs.get("advertiser_id"):

source/tests/requirements-test.txt

@@ -1,11 +1,11 @@
-aws-xray-sdk>=2.12.0
+aws-xray-sdk>=2.13.0
 awswrangler==3.9.1
-boto3==1.26.158
+boto3==1.34.101
 chalice==1.31.0
-moto[s3,cognitoidp]==5.0.2
-pyparsing==3.1.0
-pytest==7.3.2
-pytest-mock==3.12.0
+moto[s3,cognitoidp]==5.0.6
+pyparsing==3.1.2
+pytest==8.2.0
+pytest-mock==3.14.0
 pytest-ordering==0.6
 pytest-dependency==0.6.0
 requests>=2.32.2