Skip to content

fix(deps): update middy-js monorepo to ^7.6.2#117

Open
renovate[bot] wants to merge 1 commit into
sagafrom
renovate/middy-js-monorepo
Open

fix(deps): update middy-js monorepo to ^7.6.2#117
renovate[bot] wants to merge 1 commit into
sagafrom
renovate/middy-js-monorepo

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented Mar 7, 2026
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
@middy/core (source) ^7.1.2^7.6.2 age confidence
@middy/input-output-logger (source) ^7.1.2^7.6.2 age confidence

Release Notes

middyjs/middy (@​middy/core)

v7.6.2

Compare Source

What's Changed

  • [bug] http-content-encoding ignores encoder options for string/buffer responses #​1641

Full Changelog: middyjs/middy@7.6.1...7.6.2

v7.6.1

Compare Source

What's Changed

  • chore(deps): bump KineticCafe/actions-dco from 2.1.1 to 3.0.0 by @​dependabot[bot] in #​1637
  • update http-jwt to support multiple issuers, cognito support

Breaking changes (but no one is using packages yet)

@​middy/http-jwt

@​middy/http-paseto

  • Renamed cookieName → tokenCookieName.

Features

@​middy/http-jwt

  • New issuers option for multi-issuer JWKS verification: { [iss]: { jwksUri, audience?, algorithm? } }, with built-in caching, cooldown, and prefetch (cacheExpiry, cooldownDuration, disablePrefetch).
  • New token sources: tokenHeaderName, tokenQueryStringName (alongside tokenCookieName). Default is still Authorization: Bearer.
  • algorithm now accepts a string or array of strings; pinned at factory time to prevent alg-substitution attacks.
  • Expanded KMS keySpec compatibility table (now covers RS*/PS* for RSA, ES* for EC, EdDSA for Ed25519). Configured algorithm is validated against the keySpec and verification fails closed on mismatch.
  • New setToContext option to expose the verified payload on request.context (default false, internal-only).

@​middy/http-paseto

  • New tokenHeaderName and tokenQueryStringName sources.
  • New setToContext option (default false).

Full Changelog: middyjs/middy@7.6.0...7.6.1

v7.6.0

Compare Source

What's Changed

  • New Middleware: appconfig-extension by @​willfarrell in #​1270

  • New Middleware: ssm-extension by @​willfarrell in #​1270

  • New Middleware: secrets-manager-extension by @​willfarrell in #​1270

  • New Middleware: event-batch-parser by @​willfarrell in #​1627

  • New Middleware: event-batch-response by @​willfarrell in #​1627

  • New Middleware: event-batch-handler by @​willfarrell in #​1627

  • New Middleware: glue-schema-registry by @​willfarrell in #​1627

  • New Middleware: http-x402 by @​willfarrell in #​1633

  • New Middleware: http-jwt by @​willfarrell

  • New Middleware: http-paseto by @​willfarrell

  • New Middleware: kms by @​willfarrell

  • Update dsql to follow rds pattern, dsql-signer` required.

  • cloudformation-router — Narrowed Route.requestType from string to the union "Create" | "Update" | "Delete", matching the actual CloudFormation event types. Added type tests verifying the three valid values are accepted and invalid strings (including wrong casing like "create") are rejected.

  • cloudwatch-metrics — Added maxProperties: 30 to the dimension set JSON schema validation, enforcing CloudWatch's limit of 30 dimensions per metric.

  • event-normalizer — Added a new maxDecompressedBytes option (default 10 MiB) to guard against decompression bombs when parsing CloudWatch Logs events. The gunzipSync call for aws:cloudwatch events now passes maxOutputLength, and payloads exceeding the cap throw ERR_BUFFER_TOO_LARGE. Includes a test that confirms a 1 MiB gzipped payload fails against a 1 KiB cap.

  • error-logger — Exported the Options type and added type tests verifying that the logger callback receives a middy.Request and that the logger property is optional.

Full Changelog: middyjs/middy@7.5.0...7.6.0

v7.5.0

Compare Source

What's Changed

Full Changelog: middyjs/middy@7.4.0...7.5.0

v7.4.0

Compare Source

What's Changed
  • dsql-signer new middleware!
  • rds-signer to be aligned with dsql-signer, fetchData options can now default to PG* and DB* where they were required before.

Full Changelog: middyjs/middy@7.3.4...7.4.0

v7.3.4

Compare Source

What's Changed
  • event-normalizer: add in missing gunzip for CloudWatch events
  • core: export executionMode* to to be consistent with others

Full Changelog: middyjs/middy@7.3.3...7.3.4

v7.3.3

Compare Source

What's Changed

  • ajv security update

Full Changelog: middyjs/middy@7.3.2...7.3.3

v7.3.2

Compare Source

What's Changed

  • Improve duplicate route detection in option validate for http-router

Full Changelog: middyjs/middy@7.3.1...7.3.2

v7.3.1

Compare Source

What's Changed

  • Improve option validation to be more robust

Full Changelog: middyjs/middy@7.3.0...7.3.1

v7.3.0

Compare Source

What's Changed
  • Add in {name}ValideOptions to all packages to allow for easy testing or runtime checks on options
  • Removed package.json export requires that were left over cjs deprecation
  • Security and test improvements
  • chore(deps): bump github/codeql-action from 4.35.1 to 4.35.2 by @​dependabot[bot] in #​1619
  • chore(deps): bump cloudflare/wrangler-action from 3.14.1 to 3.15.0 by @​dependabot[bot] in #​1618
  • chore(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 by @​dependabot[bot] in #​1617
  • chore(deps): bump softprops/action-gh-release from 2.6.1 to 3.0.0 by @​dependabot[bot] in #​1616

Full Changelog: middyjs/middy@7.2.3...7.3.0

v7.2.3

Compare Source

What's Changed

Full Changelog: middyjs/middy@7.2.2...7.2.3

v7.2.2

Compare Source

What's Changed

Full Changelog: middyjs/middy@7.2.1...7.2.2

v7.2.1

Compare Source

What changed

Full Changelog: middyjs/middy@7.2.0...7.2.1

v7.2.0

Compare Source

What's Changed

  • event-normalizer: add support for rmq

Full Changelog: middyjs/middy@7.1.8...7.2.0

v7.1.8

Compare Source

What's Changed

  • fix appconfig: crash when Configuration absent in GetLatestConfiguration response (SDK >= 3.929.0) #​1600

Full Changelog: middyjs/middy@7.1.7...7.1.8

v7.1.7

Compare Source

What's Changed
  • @​middy/secrets-manager: Fixed crash when LastRotationDate or LastChangedDate is undefined during rotation-date-based cache expiry calculation. Previously, Math.max(undefined, ...) would produce NaN, breaking the cache logic. Now defaults to 0 when either date is missing.
  • @​middy/cloudformation-response: Auto-populate PhysicalResourceId from context.logStreamName when not explicitly set. This prevents CloudFormation custom resource responses from failing due to a missing required field.
  • @​middy/core (types): Widened the TErr generic in UseFn from Error to any, allowing middleware that uses custom error types to be passed to .use() without type errors.

Full Changelog: middyjs/middy@7.1.6...7.1.7

v7.1.6

Compare Source

What's Changed

Full Changelog: middyjs/middy@7.1.5...7.1.6

v7.1.5

Compare Source

What's Changed
  • httpResponseSerializer generates type error in Middy 7.1.4 #​1590
  • (http-event-normalizer): API Gateway Event v2 is not accepted #​1589
  • chore: update type test setup by @​mrazauskas in #​1588

Full Changelog: middyjs/middy@7.1.4...7.1.5

v7.1.4

Compare Source

What's Changed
  • 7.1.3 introduced type error "Argument not assignable to parameter of type Context" #​1585
  • chore(deps): bump github/codeql-action from 4.32.4 to 4.32.6 by @​dependabot[bot] in #​1582
  • chore(deps): bump actions/setup-node from 6.2.0 to 6.3.0 by @​dependabot[bot] in #​1583
  • chore(deps): bump aquasecurity/trivy-action from 0.34.1 to 0.34.2 by @​dependabot[bot] in #​1584

Full Changelog: middyjs/middy@7.1.3...7.1.4

v7.1.3

Compare Source

What's Changed
  • validator: Fix type definition regression (#​1580)
  • http-multipart-body-parser, http-urlencode-body-parser, http-urlencode-path-parser,
    http-security-headers: Fix HTTP status code handling in type definitions and runtime
  • Performance improvements across core and multiple middleware packages (core, event-normalizer,
    http-content-encoding, http-cors, http-error-handler, http-header-normalizer, http-security-headers,
    input-output-logger, secrets-manager, ssm, util, and others)
  • Add missing type definitions for http-content-negotiation, service-discovery, sts, secrets-manager,
    ws-router
  • Improve type definitions across core, cloudformation-router, http-router, http-event-normalizer,
    s3-object-response, sqs-partial-batch-failure, warmup, error-logger, and others
  • Simplify s3-object-response type definitions
  • Add comprehensive type tests across all packages

Full Changelog: middyjs/middy@7.1.2...7.1.3

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot added dependencies help wanted Extra attention is needed labels Mar 7, 2026
@renovate renovate Bot enabled auto-merge (squash) March 7, 2026 05:27
@renovate
Copy link
Copy Markdown
Contributor Author

renovate Bot commented Mar 7, 2026

Branch automerge failure

This PR was configured for branch automerge. However, this is not possible, so it has been raised as a PR instead.

  • Branch has one or more failed status checks

@socket-security
Copy link
Copy Markdown

socket-security Bot commented Mar 7, 2026
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updated@​middy/​input-output-logger@​7.1.2 ⏵ 7.6.210010084 +498 +1100
Updated@​middy/​core@​7.1.2 ⏵ 7.6.210010086 -298 +1100

View full report

@renovate renovate Bot force-pushed the renovate/middy-js-monorepo branch 11 times, most recently from 8377baa to 1871631 Compare March 14, 2026 01:26
@renovate renovate Bot changed the title fix(deps): update middy-js monorepo to ^7.1.3 fix(deps): update middy-js monorepo to ^7.1.4 Mar 14, 2026
@renovate renovate Bot force-pushed the renovate/middy-js-monorepo branch 4 times, most recently from c8c141c to 9dcd73f Compare March 15, 2026 21:30
@renovate renovate Bot changed the title fix(deps): update middy-js monorepo to ^7.1.4 fix(deps): update middy-js monorepo to ^7.1.5 Mar 15, 2026
@renovate renovate Bot force-pushed the renovate/middy-js-monorepo branch from 9dcd73f to 3d7c8c7 Compare March 16, 2026 13:31
@renovate renovate Bot changed the title fix(deps): update middy-js monorepo to ^7.1.5 fix(deps): update middy-js monorepo to ^7.1.6 Mar 16, 2026
@renovate renovate Bot force-pushed the renovate/middy-js-monorepo branch 5 times, most recently from 1b815b8 to ffc0710 Compare March 18, 2026 20:41
@renovate renovate Bot changed the title fix(deps): update middy-js monorepo to ^7.1.6 fix(deps): update middy-js monorepo to ^7.1.7 Mar 18, 2026
@renovate renovate Bot force-pushed the renovate/middy-js-monorepo branch 7 times, most recently from 5728db2 to 484ac68 Compare April 1, 2026 14:16
@renovate renovate Bot force-pushed the renovate/middy-js-monorepo branch 8 times, most recently from a986b4b to 9ec6c2b Compare April 8, 2026 12:49
@renovate renovate Bot force-pushed the renovate/middy-js-monorepo branch 8 times, most recently from 248ec92 to e015296 Compare April 15, 2026 04:26
@renovate renovate Bot changed the title fix(deps): update middy-js monorepo to ^7.2.1 fix(deps): update middy-js monorepo to ^7.2.2 Apr 15, 2026
@renovate renovate Bot force-pushed the renovate/middy-js-monorepo branch 5 times, most recently from 353f297 to d725354 Compare April 18, 2026 13:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants