[Snyk] Security upgrade com.amazonaws:aws-java-sdk from 1.11.505 to 1.12.730

[rahulroycontractor]

User description

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix 7 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

• localstack/ext/java/pom.xml

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score	Upgrade
	Denial of Service (DoS) SNYK-JAVA-IONETTY-1584063	115	com.amazonaws:aws-java-sdk: 1.11.505 -> 1.12.730 No Path Found No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-IONETTY-1584064	115	com.amazonaws:aws-java-sdk: 1.11.505 -> 1.12.730 No Path Found No Known Exploit
	Denial of Service (DoS) SNYK-JAVA-IONETTY-5725787	114	com.amazonaws:aws-java-sdk: 1.11.505 -> 1.12.730 No Path Found No Known Exploit
	HTTP Request Smuggling SNYK-JAVA-IONETTY-2314893	88	com.amazonaws:aws-java-sdk: 1.11.505 -> 1.12.730 No Path Found No Known Exploit
	Directory Traversal SNYK-JAVA-COMAMAZONAWS-2952700	84	com.amazonaws:aws-java-sdk: 1.11.505 -> 1.12.730 No Path Found No Known Exploit
	Information Exposure SNYK-JAVA-IONETTY-2812456	75	com.amazonaws:aws-java-sdk: 1.11.505 -> 1.12.730 No Path Found No Known Exploit
	Allocation of Resources Without Limits or Throttling SNYK-JAVA-IONETTY-6483812	67	com.amazonaws:aws-java-sdk: 1.11.505 -> 1.12.730 No Path Found Proof of Concept

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Directory Traversal
🦉 Allocation of Resources Without Limits or Throttling
🦉 Denial of Service (DoS)

---

PR Type

Bug fix, Enhancement

---

Description

• Upgraded aws-java-sdk dependency version from 1.11.505 to 1.12.730 in localstack/ext/java/pom.xml.
• Addressed multiple vulnerabilities related to aws-java-sdk:
  • Denial of Service (DoS) vulnerabilities (SNYK-JAVA-IONETTY-1584063, SNYK-JAVA-IONETTY-1584064, SNYK-JAVA-IONETTY-5725787, SNYK-JAVA-IONETTY-2314893, SNYK-JAVA-IONETTY-2812456, SNYK-JAVA-IONETTY-6483812)
  • Vulnerability SNYK-JAVA-COMAMAZONAWS-2952700

---

Changes walkthrough 📝

	Relevant files
Dependencies	pom.xml Upgrade `aws-java-sdk` dependency to fix vulnerabilities  localstack/ext/java/pom.xml Upgraded aws-java-sdk dependency version from 1.11.505 to 1.12.730 Addressed multiple vulnerabilities related to aws-java-sdk +2/-2

---

💡 PR-Agent usage:
Comment /help on the PR to get a list of all available PR-Agent tools and their descriptions

[codiumai-pr-agent-pro]

PR Review 🔍

⏱️ Estimated effort to review [1-5]	1, because the PR involves a straightforward version upgrade of a dependency to address security vulnerabilities. The changes are minimal and localized to version numbers in the pom.xml file.
🧪 Relevant tests	No
⚡ Possible issues	No
🔒 Security concerns	No

[codiumai-pr-agent-pro]

PR Code Suggestions ✨

Category	Suggestion	Score
Compatibility	Ensure the new library version is compatible with other project dependencies Verify that the new version 1.12.730 of aws-java-sdk is compatible with other dependencies in your project. Sometimes, upgrading a library can introduce compatibility issues with other libraries or parts of the codebase. localstack/ext/java/pom.xml [87] +<version>1.12.730</version> - Suggestion importance[1-10]: 7 Why: This is a valid and important suggestion because compatibility issues can arise with version upgrades. It directly relates to the updated version in the PR.	7
Best practice	Review the release notes for the new library version for potential impacts Consider checking the release notes or changelog for version 1.12.730 of aws-java-sdk to understand any new features, deprecations, or breaking changes that might affect your project. localstack/ext/java/pom.xml [87] +<version>1.12.730</version> - Suggestion importance[1-10]: 7 Why: Reviewing release notes is a good practice to anticipate potential issues from new versions, directly relevant to the changes made in the PR.	7
Testing	Run tests to verify that the library upgrade does not introduce new issues After upgrading the aws-java-sdk version, run your project's test suite to ensure that all tests pass and that the upgrade does not introduce any new issues. localstack/ext/java/pom.xml [87] +<version>1.12.730</version> - Suggestion importance[1-10]: 7 Why: Running tests after an upgrade is crucial to ensure stability, making this suggestion relevant and practical for the changes in the PR.	7
Enhancement	Use a dependency management tool to handle version upgrades automatically If possible, use a dependency management tool to handle version upgrades automatically and ensure that all dependencies are compatible with each other. localstack/ext/java/pom.xml [87] +<version>1.12.730</version> - Suggestion importance[1-10]: 6 Why: While using a dependency management tool is beneficial, this suggestion is slightly less direct to the specific PR changes but still offers a good enhancement for managing dependencies.	6