What's Changed
- Update
@aws/durable-execution-sdk-jsto v2 - May cause Type breaking change - Update core to use new SDK for improved executionMode detection
Security hardening
- http-response-serializer — caps media-type length at 128 chars and validates against a media-type grammar before reflecting into Content-Type. Stops ReDoS via attacker-supplied media types and prevents echoing untrusted input.
Bug fixes / edge cases
- Added missing defaults, plus small fixes across http-header-normalizer, http-multipart-body-parser, glue-schema-registry, validator, http-content-negotiation, event-batch-response, http-x402.
Performance
- core/index.js reworked across standard/durable/streamify execution modes.
Tooling / CI (not user-facing)
- Biome → 2.5.0 + config migration; fuzz-test fixes (event-normalizer); mutation-coverage improvements; provenance-attestation source fix.
Docs
- WAF alternative note; typo fixes.
- Deps: bump github/codeql-action 4.35.5 → 4.36.0 (#1656)
Full Changelog: 7.6.8...7.7.0