Skip to content

build(deps): bump github.com/pulumi/pulumi-aws/sdk/v6 from 6.72.0 to 6.83.4#2

Merged
grokify merged 1 commit into
mainfrom
dependabot/go_modules/github.com/pulumi/pulumi-aws/sdk/v6-6.83.4
Jun 22, 2026
Merged

build(deps): bump github.com/pulumi/pulumi-aws/sdk/v6 from 6.72.0 to 6.83.4#2
grokify merged 1 commit into
mainfrom
dependabot/go_modules/github.com/pulumi/pulumi-aws/sdk/v6-6.83.4

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 22, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps github.com/pulumi/pulumi-aws/sdk/v6 from 6.72.0 to 6.83.4.

Release notes

Sourced from github.com/pulumi/pulumi-aws/sdk/v6's releases.

v6.83.4

Address reported CVEs via Go toolchain and dependency bumps

Go toolchain -> 1.25.7 (provider/go.mod, sdk/go.mod) resolves the stdlib CVEs:
- CVE-2025-68121  crypto/tls session-resumption certificate validation bypass
- CVE-2025-61726  net/http Request.ParseForm unbounded query params (DoS)
- CVE-2025-61728  archive/zip super-linear filename indexing (DoS)
- CVE-2025-61730  crypto/tls 1.3 handshake cross-level info disclosure
- CVE-2025-61731  cmd/go cgo pkg-config --log-file arbitrary file write
- CVE-2025-61732  cmd/cgo doc-comment code smuggling

cloudflare/circl -> v1.6.3 resolves CVE-2026-1229 (CIRCL p384 CombinedMult).

go-git/go-git/v5 -> v5.16.5 resolves CVE-2026-25934 (go-git packfile integrity).


go-git v5.16.5 requires Go 1.24, so the sdk go directive rises 1.23.0 -> 1.24.0.

v6.83.3

Backport/security release

v6.83.2

What's Changed

Full Changelog: pulumi/pulumi-aws@v6.82.1...v6.83.2

v6.83.1

This is a security fix for:

https://pkg.go.dev/vuln/GO-2025-3956 https://pkg.go.dev/vuln/GO-2025-3849

Full Changelog: pulumi/pulumi-aws@v6.83.0...v6.83.1

v6.83.0

Does the PR have any schema changes?

Looking good! No breaking changes found.

New resources:

  • amp/workspaceConfiguration.WorkspaceConfiguration
  • dsql/cluster.Cluster
  • dsql/clusterPeering.ClusterPeering
  • s3control/directoryBucketAccessPointScope.DirectoryBucketAccessPointScope
  • vpc/routeServer.RouteServer

... (truncated)

Commits
  • 32b77a0 Address reported CVEs via Go toolchain and dependency bumps
  • e3c8398 Disable flaky integration tests on v6 backport branch
  • 0ca3121 Get tokens from ESC
  • 6355f4e Update Go toolchain to 1.25.5 (security backport) (#6251)
  • 0a9228d Appending Pulumi APN 1.1 marketplace id to User Agent request header (#5920)
  • 520b551 Ensure we set up go version for build sdk so we can load the right pulumi ver...
  • 8f2872f Pin Pulumi version for CI
  • 34201f1 Update go toolchain to 1.23.12
  • a2b15e7 Upgrade terraform-provider-aws to v5.100.0 (#5605)
  • d08a0bc Update GitHub Actions workflows. (#5599)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Jun 22, 2026
@dependabot
build(deps): bump github.com/pulumi/pulumi-aws/sdk/v6
758df68 
Bumps [github.com/pulumi/pulumi-aws/sdk/v6](https://github.com/pulumi/pulumi-aws) from 6.72.0 to 6.83.4.
- [Release notes](https://github.com/pulumi/pulumi-aws/releases)
- [Changelog](https://github.com/pulumi/pulumi-aws/blob/master/CHANGELOG_OLD.md)
- [Commits](pulumi/pulumi-aws@v6.72.0...v6.83.4)

---
updated-dependencies:
- dependency-name: github.com/pulumi/pulumi-aws/sdk/v6
  dependency-version: 6.83.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/go_modules/github.com/pulumi/pulumi-aws/sdk/v6-6.83.4 branch from 3de718f to 758df68 Compare June 22, 2026 08:06
@grokify grokify merged commit 74cd12f into main Jun 22, 2026
4 of 5 checks passed
@dependabot dependabot Bot deleted the dependabot/go_modules/github.com/pulumi/pulumi-aws/sdk/v6-6.83.4 branch June 22, 2026 08:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@grokify