From 5956a1587b9f3ff45f84061b0a7b1a5461599992 Mon Sep 17 00:00:00 2001 From: Lucas Vieira Date: Tue, 28 Apr 2026 15:51:45 -0300 Subject: [PATCH] release(v0.13.2): supply-chain hardening for prebuilt RDS images MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Workspace + SDK version bump 0.13.1 -> 0.13.2 (Cargo, npm, PyPI, Maven, Go via tag). This is a follow-up release on the v0.13.x train shipping Trivy scanning + cosign keyless signing on prebuilt fakecloud-postgres / fakecloud-mysql / fakecloud-mariadb images, plus the Dockerfile hardening that was needed to make the scan policy (CRITICAL/HIGH, hard-fail) actually pass on a real publish: - Rebuild `gosu` from source with current Go (golang:1.25-bookworm builder stage). Eliminates 8 HIGH + 1 CRITICAL Go-stdlib CVEs that Trivy flagged on the upstream postgres/mysql/mariadb base images' bundled `/usr/local/bin/gosu` (statically linked against go1.24.6). - Strip `mysql-shell` + `/usr/lib/mysqlsh` from the mysql:8.0 image — its vendored Python ships pyOpenSSL 25.3.0 (CVE-2026-27459). The runtime drives the server over the wire from `mysql_async`, mysqlsh is never invoked. - `apt-get upgrade -y` during image build. Pulls patched debian packages (openssl, glibc, dirmngr, ...) when the upstream `:` tag lags the security DB by a refresh cycle. - Bump trivy-action to v0.36.0 — older v0.30.0 referenced `setup-trivy@v0.2.2` which upstream deleted. Validation: workflow_dispatch run on main published 8 dev-tagged images (postgres 13/14/15/16, mysql 8.0, mariadb 10.6/10.11/11.4) across linux/amd64 + linux/arm64. Trivy scan exits 0 on all. Cosign verify against the GitHub OIDC issuer succeeds (workflow `RDS support images`, repo `faiscadev/fakecloud`). Other changes that piggyback on the bump: - `aws_s3` postgres extension (`table_import_from_s3` / `query_export_to_s3` + `aws_commons.create_s3_uri`) — Aurora-PG parity, mirrors the `aws_lambda` extension shipped in v0.13.1. - Async `CreateDBInstance` — returns `creating` in <1s, container start runs as a tokio task. Drops the 180s SDK e2e timeout. - MySQL/MariaDB Aurora `mysql.lambda_async`/`mysql.lambda_sync` bridge (libcurl-backed UDF + bootstrap procedures), prebuilt images on ghcr.io for mysql 8.0 + mariadb 10.6/10.11/11.4. - mariadb 11.4 wired through the engine validator + parameter group routing. --- Cargo.lock | 86 +++++++++++++++---------------- Cargo.toml | 74 +++++++++++++------------- sdks/java/build.gradle.kts | 2 +- sdks/python/pyproject.toml | 2 +- sdks/typescript/package-lock.json | 4 +- sdks/typescript/package.json | 2 +- 6 files changed, 85 insertions(+), 85 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index e478667b..887ee3f8 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2319,7 +2319,7 @@ dependencies = [ [[package]] name = "fakecloud" -version = "0.13.1" +version = "0.13.2" dependencies = [ "axum", "base64 0.22.1", @@ -2376,7 +2376,7 @@ dependencies = [ [[package]] name = "fakecloud-acm" -version = "0.13.1" +version = "0.13.2" dependencies = [ "async-trait", "base64 0.22.1", @@ -2396,7 +2396,7 @@ dependencies = [ [[package]] name = "fakecloud-apigateway" -version = "0.13.1" +version = "0.13.2" dependencies = [ "async-trait", "base64 0.22.1", @@ -2417,7 +2417,7 @@ dependencies = [ [[package]] name = "fakecloud-apigatewayv2" -version = "0.13.1" +version = "0.13.2" dependencies = [ "async-trait", "base64 0.22.1", @@ -2438,7 +2438,7 @@ dependencies = [ [[package]] name = "fakecloud-application-autoscaling" -version = "0.13.1" +version = "0.13.2" dependencies = [ "async-trait", "chrono", @@ -2455,7 +2455,7 @@ dependencies = [ [[package]] name = "fakecloud-athena" -version = "0.13.1" +version = "0.13.2" dependencies = [ "async-trait", "chrono", @@ -2472,7 +2472,7 @@ dependencies = [ [[package]] name = "fakecloud-aws" -version = "0.13.1" +version = "0.13.2" dependencies = [ "bytes", "chrono", @@ -2490,7 +2490,7 @@ dependencies = [ [[package]] name = "fakecloud-bedrock" -version = "0.13.1" +version = "0.13.2" dependencies = [ "async-trait", "base64 0.22.1", @@ -2512,7 +2512,7 @@ dependencies = [ [[package]] name = "fakecloud-cloudformation" -version = "0.13.1" +version = "0.13.2" dependencies = [ "async-trait", "bytes", @@ -2541,7 +2541,7 @@ dependencies = [ [[package]] name = "fakecloud-cloudfront" -version = "0.13.1" +version = "0.13.2" dependencies = [ "async-trait", "base64 0.22.1", @@ -2563,7 +2563,7 @@ dependencies = [ [[package]] name = "fakecloud-cognito" -version = "0.13.1" +version = "0.13.2" dependencies = [ "async-trait", "base64 0.22.1", @@ -2584,7 +2584,7 @@ dependencies = [ [[package]] name = "fakecloud-conformance" -version = "0.13.1" +version = "0.13.2" dependencies = [ "aws-config", "aws-credential-types", @@ -2637,7 +2637,7 @@ dependencies = [ [[package]] name = "fakecloud-conformance-macros" -version = "0.13.1" +version = "0.13.2" dependencies = [ "proc-macro2", "quote", @@ -2648,7 +2648,7 @@ dependencies = [ [[package]] name = "fakecloud-core" -version = "0.13.1" +version = "0.13.2" dependencies = [ "async-trait", "axum", @@ -2671,7 +2671,7 @@ dependencies = [ [[package]] name = "fakecloud-dynamodb" -version = "0.13.1" +version = "0.13.2" dependencies = [ "async-trait", "base64 0.22.1", @@ -2693,7 +2693,7 @@ dependencies = [ [[package]] name = "fakecloud-e2e" -version = "0.13.1" +version = "0.13.2" dependencies = [ "aws-config", "aws-credential-types", @@ -2755,7 +2755,7 @@ dependencies = [ [[package]] name = "fakecloud-ecr" -version = "0.13.1" +version = "0.13.2" dependencies = [ "async-trait", "base64 0.22.1", @@ -2781,7 +2781,7 @@ dependencies = [ [[package]] name = "fakecloud-ecs" -version = "0.13.1" +version = "0.13.2" dependencies = [ "async-trait", "base64 0.22.1", @@ -2804,7 +2804,7 @@ dependencies = [ [[package]] name = "fakecloud-elasticache" -version = "0.13.1" +version = "0.13.2" dependencies = [ "async-trait", "bytes", @@ -2824,7 +2824,7 @@ dependencies = [ [[package]] name = "fakecloud-elbv2" -version = "0.13.1" +version = "0.13.2" dependencies = [ "async-trait", "bytes", @@ -2848,7 +2848,7 @@ dependencies = [ [[package]] name = "fakecloud-eventbridge" -version = "0.13.1" +version = "0.13.2" dependencies = [ "async-trait", "chrono", @@ -2870,7 +2870,7 @@ dependencies = [ [[package]] name = "fakecloud-iam" -version = "0.13.1" +version = "0.13.2" dependencies = [ "async-trait", "base64 0.22.1", @@ -2892,7 +2892,7 @@ dependencies = [ [[package]] name = "fakecloud-kinesis" -version = "0.13.1" +version = "0.13.2" dependencies = [ "async-trait", "base64 0.22.1", @@ -2911,7 +2911,7 @@ dependencies = [ [[package]] name = "fakecloud-kms" -version = "0.13.1" +version = "0.13.2" dependencies = [ "aes-gcm", "async-trait", @@ -2933,7 +2933,7 @@ dependencies = [ [[package]] name = "fakecloud-lambda" -version = "0.13.1" +version = "0.13.2" dependencies = [ "async-trait", "base64 0.22.1", @@ -2959,7 +2959,7 @@ dependencies = [ [[package]] name = "fakecloud-logs" -version = "0.13.1" +version = "0.13.2" dependencies = [ "async-trait", "base64 0.22.1", @@ -2982,7 +2982,7 @@ dependencies = [ [[package]] name = "fakecloud-organizations" -version = "0.13.1" +version = "0.13.2" dependencies = [ "async-trait", "bytes", @@ -2999,7 +2999,7 @@ dependencies = [ [[package]] name = "fakecloud-parity" -version = "0.13.1" +version = "0.13.2" dependencies = [ "aws-config", "aws-credential-types", @@ -3018,7 +3018,7 @@ dependencies = [ [[package]] name = "fakecloud-persistence" -version = "0.13.1" +version = "0.13.2" dependencies = [ "bytes", "chrono", @@ -3034,7 +3034,7 @@ dependencies = [ [[package]] name = "fakecloud-rds" -version = "0.13.1" +version = "0.13.2" dependencies = [ "async-trait", "base64 0.22.1", @@ -3058,7 +3058,7 @@ dependencies = [ [[package]] name = "fakecloud-route53" -version = "0.13.1" +version = "0.13.2" dependencies = [ "async-trait", "bytes", @@ -3079,7 +3079,7 @@ dependencies = [ [[package]] name = "fakecloud-s3" -version = "0.13.1" +version = "0.13.2" dependencies = [ "async-trait", "base64 0.22.1", @@ -3107,7 +3107,7 @@ dependencies = [ [[package]] name = "fakecloud-scheduler" -version = "0.13.1" +version = "0.13.2" dependencies = [ "async-trait", "bytes", @@ -3128,7 +3128,7 @@ dependencies = [ [[package]] name = "fakecloud-sdk" -version = "0.13.1" +version = "0.13.2" dependencies = [ "reqwest", "serde", @@ -3138,7 +3138,7 @@ dependencies = [ [[package]] name = "fakecloud-secretsmanager" -version = "0.13.1" +version = "0.13.2" dependencies = [ "async-trait", "bytes", @@ -3158,7 +3158,7 @@ dependencies = [ [[package]] name = "fakecloud-ses" -version = "0.13.1" +version = "0.13.2" dependencies = [ "async-trait", "base64 0.22.1", @@ -3180,7 +3180,7 @@ dependencies = [ [[package]] name = "fakecloud-sns" -version = "0.13.1" +version = "0.13.2" dependencies = [ "async-trait", "base64 0.22.1", @@ -3205,7 +3205,7 @@ dependencies = [ [[package]] name = "fakecloud-sqs" -version = "0.13.1" +version = "0.13.2" dependencies = [ "async-trait", "base64 0.22.1", @@ -3227,7 +3227,7 @@ dependencies = [ [[package]] name = "fakecloud-ssm" -version = "0.13.1" +version = "0.13.2" dependencies = [ "async-trait", "chrono", @@ -3250,7 +3250,7 @@ dependencies = [ [[package]] name = "fakecloud-stepfunctions" -version = "0.13.1" +version = "0.13.2" dependencies = [ "async-trait", "chrono", @@ -3270,7 +3270,7 @@ dependencies = [ [[package]] name = "fakecloud-testkit" -version = "0.13.1" +version = "0.13.2" dependencies = [ "aws-config", "aws-credential-types", @@ -3318,7 +3318,7 @@ dependencies = [ [[package]] name = "fakecloud-tfacc" -version = "0.13.1" +version = "0.13.2" dependencies = [ "fakecloud-testkit", "tokio", @@ -3326,7 +3326,7 @@ dependencies = [ [[package]] name = "fakecloud-wafv2" -version = "0.13.1" +version = "0.13.2" dependencies = [ "async-trait", "base64 0.22.1", diff --git a/Cargo.toml b/Cargo.toml index 1d9b9692..daaffda2 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -52,7 +52,7 @@ license = "AGPL-3.0-or-later" repository = "https://github.com/faiscadev/fakecloud" homepage = "https://fakecloud.dev" rust-version = "1.94" -version = "0.13.1" +version = "0.13.2" [workspace.dependencies] tokio = { version = "1", features = ["macros", "rt-multi-thread", "net", "io-util", "time", "signal", "sync", "process", "fs"] } @@ -93,39 +93,39 @@ regex = "1" tokio-postgres = "0.7" # Internal crates -fakecloud-core = { path = "crates/fakecloud-core", version = "0.13.1" } -fakecloud-aws = { path = "crates/fakecloud-aws", version = "0.13.1" } -fakecloud-sqs = { path = "crates/fakecloud-sqs", version = "0.13.1" } -fakecloud-sns = { path = "crates/fakecloud-sns", version = "0.13.1" } -fakecloud-eventbridge = { path = "crates/fakecloud-eventbridge", version = "0.13.1" } -fakecloud-iam = { path = "crates/fakecloud-iam", version = "0.13.1" } -fakecloud-organizations = { path = "crates/fakecloud-organizations", version = "0.13.1" } -fakecloud-ssm = { path = "crates/fakecloud-ssm", version = "0.13.1" } -fakecloud-s3 = { path = "crates/fakecloud-s3", version = "0.13.1" } -fakecloud-dynamodb = { path = "crates/fakecloud-dynamodb", version = "0.13.1" } -fakecloud-lambda = { path = "crates/fakecloud-lambda", version = "0.13.1" } -fakecloud-secretsmanager = { path = "crates/fakecloud-secretsmanager", version = "0.13.1" } -fakecloud-logs = { path = "crates/fakecloud-logs", version = "0.13.1" } -fakecloud-kms = { path = "crates/fakecloud-kms", version = "0.13.1" } -fakecloud-cloudformation = { path = "crates/fakecloud-cloudformation", version = "0.13.1" } -fakecloud-ses = { path = "crates/fakecloud-ses", version = "0.13.1" } -fakecloud-cognito = { path = "crates/fakecloud-cognito", version = "0.13.1" } -fakecloud-kinesis = { path = "crates/fakecloud-kinesis", version = "0.13.1" } -fakecloud-rds = { path = "crates/fakecloud-rds", version = "0.13.1" } -fakecloud-elasticache = { path = "crates/fakecloud-elasticache", version = "0.13.1" } -fakecloud-ecr = { path = "crates/fakecloud-ecr", version = "0.13.1" } -fakecloud-ecs = { path = "crates/fakecloud-ecs", version = "0.13.1" } -fakecloud-elbv2 = { path = "crates/fakecloud-elbv2", version = "0.13.1" } -fakecloud-cloudfront = { path = "crates/fakecloud-cloudfront", version = "0.13.1" } -fakecloud-route53 = { path = "crates/fakecloud-route53", version = "0.13.1" } -fakecloud-acm = { path = "crates/fakecloud-acm", version = "0.13.1" } -fakecloud-application-autoscaling = { path = "crates/fakecloud-application-autoscaling", version = "0.13.1" } -fakecloud-wafv2 = { path = "crates/fakecloud-wafv2", version = "0.13.1" } -fakecloud-athena = { path = "crates/fakecloud-athena", version = "0.13.1" } -fakecloud-stepfunctions = { path = "crates/fakecloud-stepfunctions", version = "0.13.1" } -fakecloud-scheduler = { path = "crates/fakecloud-scheduler", version = "0.13.1" } -fakecloud-apigateway = { path = "crates/fakecloud-apigateway", version = "0.13.1" } -fakecloud-apigatewayv2 = { path = "crates/fakecloud-apigatewayv2", version = "0.13.1" } -fakecloud-bedrock = { path = "crates/fakecloud-bedrock", version = "0.13.1" } -fakecloud-sdk = { path = "crates/fakecloud-sdk", version = "0.13.1" } -fakecloud-persistence = { path = "crates/fakecloud-persistence", version = "0.13.1" } +fakecloud-core = { path = "crates/fakecloud-core", version = "0.13.2" } +fakecloud-aws = { path = "crates/fakecloud-aws", version = "0.13.2" } +fakecloud-sqs = { path = "crates/fakecloud-sqs", version = "0.13.2" } +fakecloud-sns = { path = "crates/fakecloud-sns", version = "0.13.2" } +fakecloud-eventbridge = { path = "crates/fakecloud-eventbridge", version = "0.13.2" } +fakecloud-iam = { path = "crates/fakecloud-iam", version = "0.13.2" } +fakecloud-organizations = { path = "crates/fakecloud-organizations", version = "0.13.2" } +fakecloud-ssm = { path = "crates/fakecloud-ssm", version = "0.13.2" } +fakecloud-s3 = { path = "crates/fakecloud-s3", version = "0.13.2" } +fakecloud-dynamodb = { path = "crates/fakecloud-dynamodb", version = "0.13.2" } +fakecloud-lambda = { path = "crates/fakecloud-lambda", version = "0.13.2" } +fakecloud-secretsmanager = { path = "crates/fakecloud-secretsmanager", version = "0.13.2" } +fakecloud-logs = { path = "crates/fakecloud-logs", version = "0.13.2" } +fakecloud-kms = { path = "crates/fakecloud-kms", version = "0.13.2" } +fakecloud-cloudformation = { path = "crates/fakecloud-cloudformation", version = "0.13.2" } +fakecloud-ses = { path = "crates/fakecloud-ses", version = "0.13.2" } +fakecloud-cognito = { path = "crates/fakecloud-cognito", version = "0.13.2" } +fakecloud-kinesis = { path = "crates/fakecloud-kinesis", version = "0.13.2" } +fakecloud-rds = { path = "crates/fakecloud-rds", version = "0.13.2" } +fakecloud-elasticache = { path = "crates/fakecloud-elasticache", version = "0.13.2" } +fakecloud-ecr = { path = "crates/fakecloud-ecr", version = "0.13.2" } +fakecloud-ecs = { path = "crates/fakecloud-ecs", version = "0.13.2" } +fakecloud-elbv2 = { path = "crates/fakecloud-elbv2", version = "0.13.2" } +fakecloud-cloudfront = { path = "crates/fakecloud-cloudfront", version = "0.13.2" } +fakecloud-route53 = { path = "crates/fakecloud-route53", version = "0.13.2" } +fakecloud-acm = { path = "crates/fakecloud-acm", version = "0.13.2" } +fakecloud-application-autoscaling = { path = "crates/fakecloud-application-autoscaling", version = "0.13.2" } +fakecloud-wafv2 = { path = "crates/fakecloud-wafv2", version = "0.13.2" } +fakecloud-athena = { path = "crates/fakecloud-athena", version = "0.13.2" } +fakecloud-stepfunctions = { path = "crates/fakecloud-stepfunctions", version = "0.13.2" } +fakecloud-scheduler = { path = "crates/fakecloud-scheduler", version = "0.13.2" } +fakecloud-apigateway = { path = "crates/fakecloud-apigateway", version = "0.13.2" } +fakecloud-apigatewayv2 = { path = "crates/fakecloud-apigatewayv2", version = "0.13.2" } +fakecloud-bedrock = { path = "crates/fakecloud-bedrock", version = "0.13.2" } +fakecloud-sdk = { path = "crates/fakecloud-sdk", version = "0.13.2" } +fakecloud-persistence = { path = "crates/fakecloud-persistence", version = "0.13.2" } diff --git a/sdks/java/build.gradle.kts b/sdks/java/build.gradle.kts index a5943aab..a78b1374 100644 --- a/sdks/java/build.gradle.kts +++ b/sdks/java/build.gradle.kts @@ -8,7 +8,7 @@ plugins { } group = "dev.fakecloud" -version = "0.13.1" +version = "0.13.2" repositories { mavenCentral() diff --git a/sdks/python/pyproject.toml b/sdks/python/pyproject.toml index 9f218aff..27781ee9 100644 --- a/sdks/python/pyproject.toml +++ b/sdks/python/pyproject.toml @@ -4,7 +4,7 @@ build-backend = "hatchling.build" [project] name = "fakecloud" -version = "0.13.1" +version = "0.13.2" description = "Python SDK for fakecloud — local AWS cloud emulator" readme = "README.md" license = "AGPL-3.0-or-later" diff --git a/sdks/typescript/package-lock.json b/sdks/typescript/package-lock.json index e2df8918..49118a13 100644 --- a/sdks/typescript/package-lock.json +++ b/sdks/typescript/package-lock.json @@ -1,12 +1,12 @@ { "name": "fakecloud", - "version": "0.13.1", + "version": "0.13.2", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "fakecloud", - "version": "0.13.1", + "version": "0.13.2", "license": "AGPL-3.0-or-later", "devDependencies": { "@aws-sdk/client-cognito-identity-provider": "^3.750.0", diff --git a/sdks/typescript/package.json b/sdks/typescript/package.json index 747592f7..f8d3ac32 100644 --- a/sdks/typescript/package.json +++ b/sdks/typescript/package.json @@ -1,6 +1,6 @@ { "name": "fakecloud", - "version": "0.13.1", + "version": "0.13.2", "description": "Client SDK for fakecloud — local AWS cloud emulator", "main": "dist/index.js", "types": "dist/index.d.ts",