aws-lambda-powertools 2.20.0

v2.20.0

on Python PyPI

Summary

This release introduces signed and verifiable builds for PyPi, and a new documentation section to make our automation practices, maintainers playbook, and soon a re-imagined contributing guide more visible.

Love automation and CI/CD? We did an interview to walk through what's now documented under our new Automation section:

• Walkthrough - Continuous Integration
• Walkthrough - Release Pipeline

Verifying signed builds

Docs

As of today's release, you can now publicly verify our builds came from a trusted source to further strengthen supply chain security. We created a new Security section in our documentation with steps you can take to verify releases.

You can skip this part if you're not interested in the supply chain security space

For the past few months, we've been working hard to improve our operational and security posture. The biggest chunk of work was introducing Open Source Security Foundation (OSSF) Scorecard project to generate security health metrics, proactive security alerts, and attest we've been following OSSF Best Practices.

We couldn't be happier with the results.

Through the research, we've learned about SLSA as a framework to produce verifiable reproducible builds within our release pipeline. This enables our more security conscious customers to guarantee our releases came from this repository and every step can be publicly traced back.

Provenance step within our release pipeline to attest its reproducibility and authenticity

Changes

• refactor(parser): convert functional tests to unit tests (#2656) by @leandrodamascena

🌟New features and non-breaking changes

• feat(metrics): support to set default dimension in EphemeralMetrics (#2748) by @leandrodamascena

📜 Documentation updates

• docs(process): explain our integration automated checks; revamp navigation (#2764) by @heitorlessa
• chore(ci): introduce provenance and attestation in release (#2746) by @heitorlessa
• feat(metrics): support to set default dimension in EphemeralMetrics (#2748) by @leandrodamascena
• docs(batch): fix custom batch processor example (#2714) by @heitorlessa
• docs(maintainers): add cicd pipeline diagram (#2692) by @heitorlessa
• docs(contributing): add code integration journey graph (#2685) by @heitorlessa
• chore(ci): enforce pip --require-hashes to maybe satistify scorecard (#2679) by @heitorlessa
• chore(deps): bump squidfunk/mkdocs-material from 3837c0f to a28ed81 in /docs (#2669) by @dependabot
• chore(ci): use deps sha for docs and gitpod images based on ossf findings (#2662) by @heitorlessa

🐛 Bug and hot fixes

• fix(logger): ensure logs stream to stdout by default, not stderr (#2736) by @heitorlessa
• fix(docs): ensure alias is applied to versioned releases (#2644) by @sthulb
• fix(docs): ensure version alias is in an array to prevent "you're not viewing the latest version" incorrect message (#2629) by @sthulb

🔧 Maintenance

• chore(deps-dev): bump mypy-boto3-secretsmanager from 1.28.0 to 1.28.3 (#2773) by @dependabot
• chore(deps): bump github.com/aws/aws-sdk-go-v2/service/lambda from 1.37.0 to 1.37.1 in /layer/scripts/layer-balancer (#2769) by @dependabot
• chore(deps-dev): bump sentry-sdk from 1.28.0 to 1.28.1 (#2772) by @dependabot
• chore(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.18.27 to 1.18.28 in /layer/scripts/layer-balancer (#2770) by @dependabot
• chore(deps): bump actions/setup-python from 4.6.1 to 4.7.0 (#2768) by @dependabot
• chore(deps): bump github.com/aws/aws-sdk-go-v2 from 1.18.1 to 1.19.0 in /layer/scripts/layer-balancer (#2771) by @dependabot
• chore(deps-dev): bump mypy-boto3-s3 from 1.28.0 to 1.28.3 (#2774) by @dependabot
• docs(process): explain our integration automated checks; revamp navigation (#2764) by @heitorlessa
• chore(deps-dev): bump cfn-lint from 0.77.10 to 0.78.1 (#2757) by @dependabot
• chore(deps): bump pypa/gh-action-pypi-publish from 1.8.7 to 1.8.8 (#2754) by @dependabot
• chore(deps-dev): bump pytest-asyncio from 0.21.0 to 0.21.1 (#2756) by @dependabot
• chore(deps): bump docker/setup-buildx-action from 2.9.0 to 2.9.1 (#2755) by @dependabot
• chore(deps-dev): bump ruff from 0.0.277 to 0.0.278 (#2758) by @dependabot
• chore(streaming): replace deprecated Version classes from distutils (#2752) by @leandrodamascena
• chore(ci): introduce provenance and attestation in release (#2746) by @heitorlessa
• chore(deps-dev): bump sentry-sdk from 1.27.1 to 1.28.0 (#2741) by @dependabot
• chore(deps-dev): bump mypy-boto3-secretsmanager from 1.27.0 to 1.28.0 (#2739) by @dependabot
• chore(deps-dev): bump mypy-boto3-dynamodb from 1.27.0 to 1.28.0 (#2740) by @dependabot
• chore(deps): bump zgosalvez/github-actions-ensure-sha-pinned-actions from 2.1.3 to 2.1.4 (#2738) by @dependabot
• chore(deps-dev): bump mypy-boto3-xray from 1.27.0 to 1.28.0 (#2720) by @dependabot
• chore(deps-dev): bump mypy-boto3-ssm from 1.27.0 to 1.28.0 (#2724) by @dependabot
• chore(deps-dev): bump mypy-boto3-logs from 1.27.0 to 1.28.1 (#2723) by @dependabot
• chore(deps-dev): bump mypy-boto3-s3 from 1.27.0 to 1.28.0 (#2721) by @dependabot
• chore(deps-dev): bump mypy-boto3-appconfig from 1.27.0 to 1.28.0 (#2722) by @dependabot
• chore(deps): bump docker/setup-buildx-action from 2.8.0 to 2.9.0 (#2718) by @dependabot
• chore(governance): update active maintainers list (#2715) by @heitorlessa
• chore(ci): prevent sast codeql to run in forks (#2711) by @heitorlessa
• chore(user-agent): support patching botocore session (#2614) by @roger-zhangg
• chore(deps-dev): bump mypy-boto3-cloudwatch from 1.27.0 to 1.28.0 (#2697) by @dependabot
• chore(deps-dev): bump aws-cdk from 2.86.0 to 2.87.0 (#2696) by @dependabot
• chore(deps-dev): bump mypy-boto3-lambda from 1.27.0 to 1.28.0 (#2698) by @dependabot
• chore(deps-dev): bump mypy-boto3-appconfigdata from 1.27.0 to 1.28.0 (#2699) by @dependabot
• chore(deps-dev): bump mypy-boto3-cloudformation from 1.27.0 to 1.28.0 (#2700) by @dependabot
• chore(deps-dev): bump sentry-sdk from 1.27.0 to 1.27.1 (#2701) by @dependabot
• chore(ci): address ossf scorecard findings on npm, pip, and top-level permission leftover (#2694) by @heitorlessa
• docs(maintainers): add cicd pipeline diagram (#2692) by @heitorlessa
• chore(deps): bump actions/setup-node from 3.6.0 to 3.7.0 (#2689) by @dependabot
• docs(contributing): add code integration journey graph (#2685) by @heitorlessa
• chore(deps-dev): bump ruff from 0.0.276 to 0.0.277 (#2682) by @dependabot
• chore(ci): enforce pip --require-hashes to maybe satistify scorecard (#2679) by @heitorlessa
• chore(ci): add gitleaks in pre-commit hooks as an extra safety measure (#2677) by @step-security-bot
• chore(deps): bump pydantic from 1.10.10 to 1.10.11 (#2671) by @dependabot
• chore(deps-dev): bump typed-ast from 1.5.4 to 1.5.5 (#2670) by @dependabot
• chore(deps): bump squidfunk/mkdocs-material from 3837c0f to a28ed81 in /docs (#2669) by @dependabot
• chore(deps-dev): bump ruff from 0.0.275 to 0.0.276 (#2655) by @dependabot
• chore(deps-dev): bump sentry-sdk from 1.26.0 to 1.27.0 (#2652) by @dependabot
• chore(deps): migrate from retry to retry2 to address CVE-2022-42969 (#2665) by @heitorlessa
• chore(ci): use sast on every commit on any supported language (#2646) by @heitorlessa
• chore(ci): use deps sha for docs and gitpod images based on ossf findings (#2662) by @heitorlessa
• chore(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.17.8 to 1.18.27 in /layer/scripts/layer-balancer (#2651) by @dependabot
• chore(deps): bump github.com/aws/aws-sdk-go-v2/service/lambda from 1.24.6 to 1.37.0 in /layer/scripts/layer-balancer (#2653) by @dependabot
• chore(deps): bump golang.org/x/sync from 0.1.0 to 0.3.0 in /layer/scripts/layer-balancer (#2649) by @dependabot
• chore(deps): bump actions/dependency-review-action from 2.5.1 to 3.0.6 (#2650) by @dependabot
• chore(deps): bump github.com/aws/aws-sdk-go-v2 from 1.16.16 to 1.18.1 in /layer/scripts/layer-balancer (#2654) by @dependabot
• chore(ci): improves dependabot based on ossf scorecard recommendations (#2647) by @step-security-bot
• chore(ci): propagate checkout permission to nested workflows (#2642) by @heitorlessa
• chore(ci): enforce top-level permission to minimum fail-safe permission as per openssf (#2638) by @step-security-bot
• chore(ci): prevent merging PRs that do not meet minimum requirements (#2639) by @heitorlessa
• chore(deps-dev): bump mypy-boto3-appconfigdata from 1.26.70 to 1.27.0 (#2636) by @dependabot
• chore(deps): bump pydantic from 1.10.9 to 1.10.10 (#2624) by @dependabot
• chore(deps-dev): bump mypy-boto3-dynamodb from 1.26.158 to 1.26.164 (#2622) by @dependabot

This release was made possible by the following contributors:

@dependabot, @dependabot[bot], @github-actions, @github-actions[bot], @heitorlessa, @leandrodamascena, @roger-zhangg, @step-security-bot and @sthulb