[v3.2.5] - 2026-07-10
Security
- Upgrade joserfc to 1.7.2 in the app and cli development dependencies to resolve CVE-2026-49852 and CVE-2026-48990, where HMAC verification could accept an empty key. This is a development-only transitive dependency of the moto test library and is not included in any runtime or release artifact.
Changed
- Updated NOTICE.txt with corrected and complete third party license attribution.