chore(deps): bump io.github.cdklabs:cdknag from 2.38.2 to 3.0.1 in /infra/cdk#914
Conversation
Bumps [io.github.cdklabs:cdknag](https://github.com/cdklabs/cdk-nag) from 2.38.2 to 3.0.1. - [Release notes](https://github.com/cdklabs/cdk-nag/releases) - [Commits](cdklabs/cdk-nag@v2.38.2...v3.0.1) --- updated-dependencies: - dependency-name: io.github.cdklabs:cdknag dependency-version: 3.0.1 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
913d572 to
68ec208
Compare
|
Holding this one: cdknag 3.0.1 is a major bump that removes |
|
Deferring cdk-nag 3.x. cdk-nag 3.0.1's NagPack is plugin-only (IPolicyValidationPlugin, no IAspect) and its findings can only be suppressed via CDK's native Validations.acknowledge(), which rejects rule ids containing '::' — i.e. every AWS managed-policy (IAM4) and ARN-based (IAM5) finding. So 3.x cannot suppress this stack's IAM findings and cannot run report-only. infra/cdk is instead moving to aws-cdk-lib 2.250.0 (highest before the native Validations framework in 2.251 breaks cdk-nag 2.x suppression) + cdk-nag 2.38.2 + the graduated stable eks_v2 module, with cdk synth passing with 0 findings. Rationale and the concrete re-adoption trigger are documented in infra/cdk/NAG.md. This PR will effectively re-appear (as a future cdk-nag 3.x bump) once upstream fixes acknowledge id parsing; that PR's build-infra check is the tripwire to switch. |
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
Bumps io.github.cdklabs:cdknag from 2.38.2 to 3.0.1.
Release notes
Sourced from io.github.cdklabs:cdknag's releases.
Commits
9c2d2cbfix: walk ancestor tree in isAcknowledged and WriteNagSuppressions (#2349)2c0175cfeat!: cdk nag v3 (#2348)e57a96echore(deps): upgrade dev dependencies (#2347)b0428bechore(deps): upgrade dev dependencies (#2346)ff87361chore(deps): upgrade dev dependencies (#2345)624c8ccchore(deps): upgrade dev dependencies (#2343)4bb8a89chore(deps): upgrade dev dependencies (#2342)ac378e7chore(deps): upgrade dev dependencies (#2340)23db1cfchore(deps): upgrade dev dependencies (#2339)