SNOW-3287660 Bump AWS dependencies to address fast-xml-parser vulnerability (#1355)

sfc-gh-rsavenok · web-flow · commit 904d4d74188e · 2026-03-25T15:41:00.000+01:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,12 @@
 
 ## Upcoming Release
 
+Changes:
+
+- Bumped `@aws-sdk/*` dependencies to address `fast-xml-parser` vulnerability (snowflakedb/snowflake-connector-nodejs#1355)
+
+## 2.3.5
+
 New features:
 
 - `connect()` now supports every authenticator type (including external browser and Okta), matching `connectAsync()` (snowflakedb/snowflake-connector-nodejs#1342)
diff --git a/package.json b/package.json
@@ -7,10 +7,10 @@
   },
   "dependencies": {
     "@aws-crypto/sha256-js": "^5.2.0",
-    "@aws-sdk/client-s3": "^3.983.0",
-    "@aws-sdk/client-sts": "^3.983.0",
-    "@aws-sdk/credential-provider-node": "^3.972.5",
-    "@aws-sdk/ec2-metadata-service": "^3.983.0",
+    "@aws-sdk/client-s3": "^3.1016.0",
+    "@aws-sdk/client-sts": "^3.1016.0",
+    "@aws-sdk/credential-provider-node": "^3.972.25",
+    "@aws-sdk/ec2-metadata-service": "^3.1016.0",
     "@azure/identity": "^4.10.1",
     "@azure/storage-blob": "12.26.x",
     "@smithy/node-http-handler": "^4.4.9",
