Bump aws-actions/configure-aws-credentials from 4.3.1 to 6.2.0#217
Bump aws-actions/configure-aws-credentials from 4.3.1 to 6.2.0#217dependabot[bot] wants to merge 1 commit into
Conversation
Bumps [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials) from 4.3.1 to 6.2.0. - [Release notes](https://github.com/aws-actions/configure-aws-credentials/releases) - [Changelog](https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md) - [Commits](aws-actions/configure-aws-credentials@7474bc4...e7f100c) --- updated-dependencies: - dependency-name: aws-actions/configure-aws-credentials dependency-version: 6.2.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
Greptile SummaryThis PR bumps
Confidence Score: 4/5Safe to merge after verifying the IAM role trust policy allows sts:TagSession. The change is a routine dependabot bump with a properly pinned commit SHA. The only runtime concern is the new default session-tag behavior in v6.2.0, which requires sts:TagSession on the assumed role — if that permission is already present (common for OIDC roles), there is no impact. .github/workflows/cli-release.yml — confirm the IAM role trust policy at AWS_HOMEBREW_TAP_ROLE_ARN includes sts:TagSession. Important Files Changed
Reviews (1): Last reviewed commit: "Bump aws-actions/configure-aws-credentia..." | Re-trigger Greptile |
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
| - name: Configure AWS credentials | ||
| if: ${{ steps.version.outputs.changed == 'true' }} | ||
| uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1 | ||
| uses: aws-actions/configure-aws-credentials@e7f100cf4c008499ea8adda475de1042d6975c7b # v6.2.0 |
There was a problem hiding this comment.
sts:TagSession permission
v6.2.0 adds GitHub Actions context as session tags by default (PR #1775 in the upstream repo). If the IAM role at AWS_HOMEBREW_TAP_ROLE_ARN does not already have sts:TagSession in its trust policy, the AssumeRoleWithWebIdentity call will fail with an AccessDenied error. Worth verifying the role's trust policy before merging.
Bumps aws-actions/configure-aws-credentials from 4.3.1 to 6.2.0.
Release notes
Sourced from aws-actions/configure-aws-credentials's releases.
... (truncated)
Changelog
Sourced from aws-actions/configure-aws-credentials's changelog.
... (truncated)
Commits
e7f100cchore(main): release 6.2.0 (#1806)bbbffeachore: Update distd6f5dc3fix: assumeRole failing from session tag size too large (#1808)12014c0docs: fix typo in README.md (#1809)4ab3589chore: replay 6.2 devel changes onto main (#1807)99214aachore: Update dist217d179fix: allow kubelet token symlink (#1805)5548f34chore: Update dist77cd089chore: document container credentials provider support (and delete transitive...dbacf31chore: bump release version (#1801)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)