Skip to content

Bump the dependencies group with 4 updates#88

Merged
amrabed merged 1 commit into
mainfrom
dependabot/uv/dependencies-71a2877962
Jul 3, 2026
Merged

Bump the dependencies group with 4 updates#88
amrabed merged 1 commit into
mainfrom
dependabot/uv/dependencies-71a2877962

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 3, 2026

Copy link
Copy Markdown
Contributor

Bumps the dependencies group with 4 updates: aws-lambda-powertools, boto3, aws-cdk-lib and coverage.

Updates aws-lambda-powertools from 3.30.0 to 3.31.0

Release notes

Sourced from aws-lambda-powertools's releases.

v3.31.0

Summary

This release adds a new Circuit Breaker utility (in alpha) that stops your Lambda from sending requests to an unhealthy downstream and gives it time to recover. We also made parameter validation in the Event Handler more flexible, so any Pydantic Field annotation now works with any parameter type.

A huge thanks to everyone who helped shape the Circuit Breaker RFC and reviewed this release!

Circuit Breaker (alpha)

Docs

When a downstream service is failing, retries and Lambda's scaling only make it worse: more clients sending requests to something that is already down. The Circuit Breaker stops sending traffic to an unhealthy dependency, then probes it to see when it is safe to resume.

It ships as circuit_breaker_alpha on purpose. We want about a month of real-world feedback before we lock the public API and promote it to GA.

The smallest setup is a persistence store and a name. You wrap the function that makes the downstream call:

from aws_lambda_powertools.utilities.circuit_breaker_alpha import circuit_breaker
from aws_lambda_powertools.utilities.circuit_breaker_alpha.persistence import (
    CircuitBreakerDynamoDBPersistence,
)
from aws_lambda_powertools.utilities.typing import LambdaContext
persistence = CircuitBreakerDynamoDBPersistence(table_name="CircuitBreakerState")
@​circuit_breaker(name="payment-backend", persistence_store=persistence)
def charge(order: dict) -> dict:
return payment_api.charge(order)
def lambda_handler(event: dict, context: LambdaContext) -> dict:
return charge(event)

With no config, sensible defaults apply: open after 5 failures in a row, probe after 30s, close after 3 successes, and treat any exception as a failure. A few things make it a good fit for Lambda:

  • It's free when healthy. The failure counter lives in memory, so a healthy circuit writes nothing. We only save state when it changes, so you pay during an incident, which is when you want to.
  • State is shared across environments. Circuit state lives in DynamoDB, so the first environment that opens the circuit protects all the others.
  • It fails open. If the state store can't be reached, the request goes through. A circuit breaker should never become the outage it's meant to prevent.
  • One probe on recovery. When the timer is up, only one environment is selected to test the backend, instead of all of them sending requests at the same time.

When the circuit is open, you decide what happens to the rejected request with an on_circuit_open callback (buffer it, drop it, return a cached value), or let it raise CircuitBreakerOpenError. You can also watch state changes with an on_transition hook to emit your own metrics.

import json
from uuid import uuid4
from aws_lambda_powertools.utilities.circuit_breaker_alpha import circuit_breaker
</tr></table>

... (truncated)

Changelog

Sourced from aws-lambda-powertools's changelog.

[v3.31.0] - 2026-06-29

Features

  • event_handler: support any Pydantic Field annotation in parameter (#8305)

Maintenance

  • version bump

Commits

Updates boto3 from 1.43.36 to 1.43.40

Commits
  • dd59a59 Merge branch 'release-1.43.40'
  • b416ca0 Bumping version to 1.43.40
  • b228d05 Add changelog entries from botocore
  • 121db7a Merge branch 'release-1.43.39'
  • 00141f6 Merge branch 'release-1.43.39' into develop
  • 310317d Bumping version to 1.43.39
  • ff7c1cf Add changelog entries from botocore
  • 805c683 Update CODEOWNERS to shared Python SDK and CLI team (#4809)
  • efcfb65 Merge branch 'release-1.43.38'
  • d7aa957 Merge branch 'release-1.43.38' into develop
  • Additional commits viewable in compare view

Updates aws-cdk-lib from 2.260.0 to 2.261.0

Release notes

Sourced from aws-cdk-lib's releases.

v2.261.0

⚠ BREAKING CHANGES

  • ** L1 resources are automatically generated from public CloudFormation Resource Schemas. They are built to closely reflect the real state of CloudFormation. Sometimes these updates can contain changes that are incompatible with previous types, but more accurately reflect reality. In this release we have changed:
  • aws-cloudwatch: AWS::CloudWatch::LogAlarm: QueryLanguage property has been removed from the ScheduledQueryConfiguration type.
  • aws-elasticloadbalancing: AWS::ElasticLoadBalancing::LoadBalancer: Id attribute has been removed and the primary identifier is now LoadBalancerName.

Features

  • update L1 CloudFormation resource definitions (#38189) (5aabd32)
  • core: add git source metadata to CloudFormation templates (#37368) (765271b)
  • rds: support native Secrets Manager integration for RDS Cluster and Instance (#35734) (07d5623), closes #29239

Bug Fixes


Alpha modules (2.261.0-alpha.0)

Features

  • metrics-facade-alpha: generate metrics facades (#37334) (aa9beb0)
Changelog

Sourced from aws-cdk-lib's changelog.

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

2.261.0-alpha.0 (2026-07-02)

Features

  • metrics-facade-alpha: generate metrics facades (#37334) (aa9beb0)

2.260.0-alpha.0 (2026-06-16)

2.259.0-alpha.0 (2026-06-11)

2.258.1-alpha.0 (2026-06-08)

2.258.0-alpha.0 (2026-06-04)

Features

  • integ-tests-alpha: add option to set the provider log level (#38005) (c634a79)

Bug Fixes

  • custom-resource-handlers: deterministic asset hashes for generated lambdas (#37634) (6c3d5bc), closes #34307
  • glue-alpha: deprecate Ray Jobs (#38055) (3fa428b)
  • glue-alpha: restore notifyDelayAfter to PySpark and Scala Spark ETL jobs (#37815) (05be88a), closes #33839
  • integ-tests-alpha: assertion failures print too much unnecessary information (#37974) (bc0de1d)
  • mediapackagev2-alpha: cdnAuth on OriginEndpoint now generates the required policy (#38013) (1d56b46)

2.257.0-alpha.0 (2026-05-21)

2.256.1-alpha.0 (2026-05-20)

2.256.0-alpha.0 (2026-05-19)

2.255.0-alpha.0 (2026-05-18)

Features

  • bedrock-agentcore-alpha: Graduation of the library to stable. The Policy submodule is the only submodule that remains in alpha. All other constructs have graduated to stable in aws-cdk-lib/aws-bedrockagentcore and we recommend migrating to the stable versions (#37876) (00cf601)

2.254.0-alpha.0 (2026-05-13)

Features

... (truncated)

Commits
  • f3c62b6 chore(release): 2.261.0 (#38237)
  • 65fdd58 chore(release): document L1 breaking changes for 2.261.0
  • 1be62ae chore: update analytics metadata blueprints
  • ee07ddf chore(release): 2.261.0
  • a5da749 chore(aws-cdk-lib): remove unused table dependency (CVE-2026-13676) (#38235)
  • 5aabd32 feat: update L1 CloudFormation resource definitions (#38189)
  • ea153ff chore: refactor some integ tests to not use deprecated APIs (#38146)
  • 96508bd chore: update Contributors File (#38224)
  • 2c6988d chore(ec2): add g7e instance class (NVIDIA Blackwell B200) (#37971)
  • aa9beb0 feat(metrics-facade-alpha): generate metrics facades (#37334)
  • Additional commits viewable in compare view

Updates coverage from 7.14.3 to 7.15.0

Changelog

Sourced from coverage's changelog.

Version 7.15.0 — 2026-07-02

  • Since 7.14.0, reporting commands implicitly combine parallel data files. Now those commands have a new option --keep-combined to retain the data files after combining them instead of the default, which is to delete them. Finishes issue 2198_.

  • Fix: the LCOV report would incorrectly count excluded functions as uncovered, as described in issue 2205. This is now fixed thanks to Martin Kuntz Jacobsen <pull 2206_>.

  • When running your program, coverage now correctly sets yourmodule.__spec__.loader as strongly recommended <--loader--_>, avoiding the deprecation warning described in issue 2208. Thanks, A5rocks <pull 2209_>_.

  • Fix: with Python 3.10, running with the -I (isolated mode) option didn't correctly omit the current directory from the module search path, as described in issue 2103. That is now fixed thanks to Ilia Sorokin <pull 2211_>.

.. --loader--: https://docs.python.org/3/reference/datamodel.html#module.__loader_ .. _issue 2103: coveragepy/coveragepy#2103 .. _issue 2198: coveragepy/coveragepy#2198 .. _issue 2205: coveragepy/coveragepy#2205 .. _pull 2206: coveragepy/coveragepy#2206 .. _issue 2208: coveragepy/coveragepy#2208 .. _pull 2209: coveragepy/coveragepy#2209 .. _pull 2211: coveragepy/coveragepy#2211

.. _changes_7-14-3:

Commits
  • c8c8020 docs: sample HTML for 7.15.0
  • ae19db1 docs: prep for 7.15.0
  • 17b45a1 docs: --keep-combined in the man page
  • 6f9fa1e fix: preserve isolated sys.path on Python 3.10 (#2211)
  • 787af5f chore: bump actions/checkout in the action-dependencies group (#2210)
  • 1ed3998 fix: start attaching the loader on __spec__ #2208 (#2209)
  • 1ab1122 docs: remove stray comma
  • f24a91f feat: --keep-combined for reporting commands. #2198
  • 5e70751 test: canonicalize mock calls in test_cmdline to reduce diff noise
  • 65979cc fix: skip excluded functions in LCOV function totals (#2206)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the dependencies group with 4 updates: [aws-lambda-powertools](https://github.com/aws-powertools/powertools-lambda-python), [boto3](https://github.com/boto/boto3), [aws-cdk-lib](https://github.com/aws/aws-cdk) and [coverage](https://github.com/coveragepy/coveragepy).


Updates `aws-lambda-powertools` from 3.30.0 to 3.31.0
- [Release notes](https://github.com/aws-powertools/powertools-lambda-python/releases)
- [Changelog](https://github.com/aws-powertools/powertools-lambda-python/blob/develop/CHANGELOG.md)
- [Commits](aws-powertools/powertools-lambda-python@v3.30.0...v3.31.0)

Updates `boto3` from 1.43.36 to 1.43.40
- [Release notes](https://github.com/boto/boto3/releases)
- [Commits](boto/boto3@1.43.36...1.43.40)

Updates `aws-cdk-lib` from 2.260.0 to 2.261.0
- [Release notes](https://github.com/aws/aws-cdk/releases)
- [Changelog](https://github.com/aws/aws-cdk/blob/main/CHANGELOG.v2.alpha.md)
- [Commits](aws/aws-cdk@v2.260.0...v2.261.0)

Updates `coverage` from 7.14.3 to 7.15.0
- [Release notes](https://github.com/coveragepy/coveragepy/releases)
- [Changelog](https://github.com/coveragepy/coveragepy/blob/main/CHANGES.rst)
- [Commits](coveragepy/coveragepy@7.14.3...7.15.0)

---
updated-dependencies:
- dependency-name: aws-lambda-powertools
  dependency-version: 3.31.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: boto3
  dependency-version: 1.43.40
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: aws-cdk-lib
  dependency-version: 2.261.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: coverage
  dependency-version: 7.15.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jul 3, 2026
@dependabot dependabot Bot requested a review from amrabed as a code owner July 3, 2026 02:06
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jul 3, 2026
@amrabed amrabed merged commit f503aef into main Jul 3, 2026
1 check passed
@amrabed amrabed deleted the dependabot/uv/dependencies-71a2877962 branch July 3, 2026 02:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant