[Snyk] Security upgrade com.amazonaws:aws-java-sdk from 1.11.505 to 1.12.713

[rahulroycontractor]

User description

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • localstack/ext/java/pom.xml

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Upgrade	Breaking Change	Exploit Maturity	Reachability
	84/1000 Why? Confidentiality impact: High, Integrity impact: Low, Availability impact: None, Scope: Changed, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): Low, Attack Complexity: High, Attack Vector: Network, EPSS: 0.0005, Social Trends: No, Days since published: 655, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 7.86, Likelihood: 1.06, Score Version: V5	Directory Traversal SNYK-JAVA-COMAMAZONAWS-2952700	com.amazonaws:aws-java-sdk: 1.11.505 -> 1.12.713	No	No Known Exploit	No Path Found
	115/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00662, Social Trends: No, Days since published: 964, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 1.91, Score Version: V5	Denial of Service (DoS) SNYK-JAVA-IONETTY-1584063	com.amazonaws:aws-java-sdk: 1.11.505 -> 1.12.713	No	No Known Exploit	No Path Found
	115/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00662, Social Trends: No, Days since published: 964, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 1.91, Score Version: V5	Denial of Service (DoS) SNYK-JAVA-IONETTY-1584064	com.amazonaws:aws-java-sdk: 1.11.505 -> 1.12.713	No	No Known Exploit	No Path Found
	88/1000 Why? Confidentiality impact: None, Integrity impact: High, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00241, Social Trends: No, Days since published: 874, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.99, Likelihood: 1.45, Score Version: V5	HTTP Request Smuggling SNYK-JAVA-IONETTY-2314893	com.amazonaws:aws-java-sdk: 1.11.505 -> 1.12.713	No	No Known Exploit	No Path Found
	75/1000 Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: Low, Attack Vector: Local, EPSS: 0.00044, Social Trends: No, Days since published: 725, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.99, Likelihood: 1.24, Score Version: V5	Information Exposure SNYK-JAVA-IONETTY-2812456	com.amazonaws:aws-java-sdk: 1.11.505 -> 1.12.713	No	No Known Exploit	No Path Found
	114/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00059, Social Trends: No, Days since published: 316, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.99, Likelihood: 1.89, Score Version: V5	Denial of Service (DoS) SNYK-JAVA-IONETTY-5725787	com.amazonaws:aws-java-sdk: 1.11.505 -> 1.12.713	No	No Known Exploit	No Path Found
	67/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00045, Social Trends: No, Days since published: 37, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.81, Score Version: V5	Allocation of Resources Without Limits or Throttling SNYK-JAVA-IONETTY-6483812	com.amazonaws:aws-java-sdk: 1.11.505 -> 1.12.713	No	Proof of Concept	No Path Found

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Directory Traversal
🦉 Allocation of Resources Without Limits or Throttling
🦉 Denial of Service (DoS)

---

Type

Enhancement

---

Description

• This PR updates the aws-java-sdk version to 1.12.713 to address multiple security vulnerabilities.
• The update is applied in two sections of the pom.xml file, ensuring that the newer, secure version is used both generally and within specific profiles.

---

Changes walkthrough

	Relevant files
Dependencies	pom.xml Update AWS Java SDK to Resolve Vulnerabilities                      localstack/ext/java/pom.xml Updated the version of aws-java-sdk from 1.11.505 to 1.12.713 in two dependency declarations. +2/-2

---

✨ PR-Agent usage:
Comment /help on the PR to get a list of all available PR-Agent tools and their descriptions

[codiumai-pr-agent-pro]

PR Description updated to latest commit (04db2ef)

• Copy walkthrough table to "Files Changed" Tab

[codiumai-pr-agent-pro]

PR Review

⏱️ Estimated effort to review [1-5]	1, because the PR only involves updating the version number of a dependency in the pom.xml file. This is a straightforward change that does not require deep code review or understanding of complex logic.
🧪 Relevant tests	No
🔍 Possible issues	Possible Dependency Issues: Upgrading a library can introduce compatibility issues with other parts of the system. It's important to ensure that all functionalities depending on this library are tested to confirm that they still operate as expected.
🔒 Security concerns	No

---

✨ Review tool usage guide:

---

Overview:
The review tool scans the PR code changes, and generates a PR review which includes several types of feedbacks, such as possible PR issues, security threats and relevant test in the PR. More feedbacks can be added by configuring the tool.

The tool can be triggered automatically every time a new PR is opened, or can be invoked manually by commenting on any PR.

• When commenting, to edit configurations related to the review tool (pr_reviewer section), use the following template:

/review --pr_reviewer.some_config1=... --pr_reviewer.some_config2=...

• With a configuration file, use the following template:

[pr_reviewer]
some_config1=...
some_config2=...

See the review usage page for a comprehensive guide on using this tool.

[codiumai-pr-agent-pro]

PR Code Suggestions

Category	Suggestions
Best practice	Use a property for the AWS SDK version to maintain consistency and simplify management. Consider using a property for the AWS SDK version to ensure consistency across the project. This approach reduces the risk of version mismatches in multi-module projects and simplifies upgrades. localstack/ext/java/pom.xml [87] -<version>1.12.713</version> +<version>${aws.sdk.version}</version>
Maintainability	Verify and adjust the dependency scope of the AWS SDK if necessary. Ensure that the scope of the AWS SDK dependency is appropriate. If the SDK is required at runtime, consider changing the scope from 'provided' to 'compile' or another suitable scope depending on the deployment environment. localstack/ext/java/pom.xml [88] -<scope>provided</scope> +<scope>compile</scope>

---

✨ Improve tool usage guide:

---

Overview:
The improve tool scans the PR code changes, and automatically generates suggestions for improving the PR code. The tool can be triggered automatically every time a new PR is opened, or can be invoked manually by commenting on a PR.

• When commenting, to edit configurations related to the improve tool (pr_code_suggestions section), use the following template:

/improve --pr_code_suggestions.some_config1=... --pr_code_suggestions.some_config2=...

• With a configuration file, use the following template:

[pr_code_suggestions]
some_config1=...
some_config2=...

See the improve usage page for a comprehensive guide on using this tool.