From 06a130e62b7ac40ad4057e43944dace03b83ffbf Mon Sep 17 00:00:00 2001 From: Eesa Mahmood <73350153+eesa456@users.noreply.github.com> Date: Mon, 7 Aug 2023 10:37:40 +0100 Subject: [PATCH 1/5] spinecli 906 905 kms key rotation and s3bucket deny non https (#5) ## Description Pen Test Security Fixes: Enable KMS Key Rotation and S3 Deny on non-HTTPS traffic ## Context Pen Test Security Issues Resolved by this ## Type of changes - [x] Refactoring (non-breaking change) - [ ] New feature (non-breaking change which adds functionality) - [ ] Breaking change (fix or feature that would change existing functionality) - [ ] Bug fix (non-breaking change which fixes an issue) ## Checklist - [x] I am familiar with the [contributing guidelines](../docs/CONTRIBUTING.md) - [x] I have followed the code style of the project - [x] I have added tests to cover my changes - [x] I have updated the documentation accordingly - [ ] This PR is a result of pair or mob programming --- ## Sensitive Information Declaration To ensure the utmost confidentiality and protect your and others privacy, we kindly ask you to NOT including [PII (Personal Identifiable Information) / PID (Personal Identifiable Data)](https://digital.nhs.uk/data-and-information/keeping-data-safe-and-benefitting-the-public) or any other sensitive data in this PR (Pull Request) and the codebase changes. We will remove any PR that do contain any sensitive information. We really appreciate your cooperation in this matter. - [x] I confirm that neither PII/PID nor sensitive data are included in this PR and the codebase changes. --- modules/cloudfront-logs/kms.tf | 1 + modules/opennext-assets/s3.tf | 16 ++++++++++++++++ modules/opennext-revalidation-queue/kms.tf | 1 + 3 files changed, 18 insertions(+) diff --git a/modules/cloudfront-logs/kms.tf b/modules/cloudfront-logs/kms.tf index d4e1534..25c59b0 100644 --- a/modules/cloudfront-logs/kms.tf +++ b/modules/cloudfront-logs/kms.tf @@ -4,6 +4,7 @@ resource "aws_kms_key" "cloudwatch_logs_key" { description = "KMS Key for ${var.log_group_name} log group" deletion_window_in_days = 10 policy = data.aws_iam_policy_document.cloudwatch_logs_key_policy[0].json + enable_key_rotation = true } data "aws_iam_policy_document" "cloudwatch_logs_key_policy" { diff --git a/modules/opennext-assets/s3.tf b/modules/opennext-assets/s3.tf index e9cf56f..7c0668d 100644 --- a/modules/opennext-assets/s3.tf +++ b/modules/opennext-assets/s3.tf @@ -165,6 +165,22 @@ data "aws_iam_policy_document" "read_assets_bucket" { identifiers = [var.server_function_role_arn] } } + statement { + effect = "Deny" + actions = ["s3:*"] + resources = [aws_s3_bucket.assets.arn, "${aws_s3_bucket.assets.arn}/*"] + + condition { + test = "Bool" + values = ["false"] + variable = "aws:SecureTransport" + } + + principals { + type = "*" + identifiers = ["*"] + } + } } # Static Assets diff --git a/modules/opennext-revalidation-queue/kms.tf b/modules/opennext-revalidation-queue/kms.tf index fc566ad..8d6e247 100644 --- a/modules/opennext-revalidation-queue/kms.tf +++ b/modules/opennext-revalidation-queue/kms.tf @@ -10,6 +10,7 @@ resource "aws_kms_key" "revalidation_queue_key" { deletion_window_in_days = 10 policy = data.aws_iam_policy_document.revalidation_queue_key_policy[0].json + enable_key_rotation = true } data "aws_iam_policy_document" "revalidation_queue_key_policy" { From 06f37397fc2d672353add2596ead13cc09fbad0c Mon Sep 17 00:00:00 2001 From: Nicholas Carter Date: Fri, 4 Aug 2023 18:02:10 +0100 Subject: [PATCH 2/5] feat: adds default gzip and brotli compression, variables to allow disabling --- locals.tf | 8 +++++--- modules/opennext-cloudfront/cloudfront.tf | 4 +++- modules/opennext-cloudfront/variables.tf | 8 +++++--- variables.tf | 8 +++++--- 4 files changed, 18 insertions(+), 10 deletions(-) diff --git a/locals.tf b/locals.tf index 128ba87..0a6731e 100644 --- a/locals.tf +++ b/locals.tf @@ -30,9 +30,11 @@ locals { }, var.cloudfront.hsts) waf_logging_configuration = var.cloudfront.waf_logging_configuration cache_policy = { - default_ttl = coalesce(try(var.cloudfront.cache_policy.default_ttl, null), 0) - min_ttl = coalesce(try(var.cloudfront.cache_policy.min_ttl, null), 0) - max_ttl = coalesce(try(var.cloudfront.cache_policy.max_ttl, null), 31536000) + default_ttl = coalesce(try(var.cloudfront.cache_policy.default_ttl, null), 0) + min_ttl = coalesce(try(var.cloudfront.cache_policy.min_ttl, null), 0) + max_ttl = coalesce(try(var.cloudfront.cache_policy.max_ttl, null), 31536000) + enable_accept_encoding_brotli = try(var.cloudfront.cache_policy.enable_accept_encoding_brotli, true) + enable_accept_encoding_gzip = try(var.cloudfront.cache_policy.enable_accept_encoding_gzip, true) cookies_config = merge({ cookie_behavior = "all" }, try(var.cloudfront.cache_policy.cookies_config, {})) diff --git a/modules/opennext-cloudfront/cloudfront.tf b/modules/opennext-cloudfront/cloudfront.tf index d04f1ab..36a1a6c 100644 --- a/modules/opennext-cloudfront/cloudfront.tf +++ b/modules/opennext-cloudfront/cloudfront.tf @@ -60,8 +60,10 @@ resource "aws_cloudfront_cache_policy" "cache_policy" { min_ttl = var.cache_policy.min_ttl max_ttl = var.cache_policy.max_ttl - parameters_in_cache_key_and_forwarded_to_origin { + enable_accept_encoding_brotli = var.cache_policy.enable_accept_encoding_brotli + enable_accept_encoding_gzip = var.cache_policy.enable_accept_encoding_gzip + cookies_config { cookie_behavior = var.cache_policy.cookies_config.cookie_behavior diff --git a/modules/opennext-cloudfront/variables.tf b/modules/opennext-cloudfront/variables.tf index 63e2d58..d3cea54 100644 --- a/modules/opennext-cloudfront/variables.tf +++ b/modules/opennext-cloudfront/variables.tf @@ -135,9 +135,11 @@ variable "origin_request_policy" { variable "cache_policy" { type = object({ - default_ttl = number - min_ttl = number - max_ttl = number + default_ttl = number + min_ttl = number + max_ttl = number + enable_accept_encoding_gzip = bool + enable_accept_encoding_brotli = bool cookies_config = object({ cookie_behavior = string items = optional(list(string)) diff --git a/variables.tf b/variables.tf index a4e6a12..527a965 100644 --- a/variables.tf +++ b/variables.tf @@ -358,9 +358,11 @@ variable "cloudfront" { }))) })) cache_policy = optional(object({ - default_ttl = optional(number) - min_ttl = optional(number) - max_ttl = optional(number) + default_ttl = optional(number) + min_ttl = optional(number) + max_ttl = optional(number) + enable_accept_encoding_gzip = optional(bool) + enable_accept_encoding_brotli = optional(bool) cookies_config = optional(object({ cookie_behavior = string })) From aee2020695278a4ddbb42765005ea6b55ac3cd9b Mon Sep 17 00:00:00 2001 From: Eesa Mahmood <73350153+eesa456@users.noreply.github.com> Date: Tue, 29 Aug 2023 16:48:19 +0100 Subject: [PATCH 3/5] update response header policy (#8) ## Description Remove server and opennext header from cloudfront response ## Context NDOP Pen test ## Type of changes - [x] Refactoring (non-breaking change) - [x] New feature (non-breaking change which adds functionality) - [ ] Breaking change (fix or feature that would change existing functionality) - [ ] Bug fix (non-breaking change which fixes an issue) ## Checklist - [x] I am familiar with the [contributing guidelines](../docs/CONTRIBUTING.md) - [x] I have followed the code style of the project - [x] I have added tests to cover my changes - [x] I have updated the documentation accordingly - [x] This PR is a result of pair or mob programming --- ## Sensitive Information Declaration To ensure the utmost confidentiality and protect your and others privacy, we kindly ask you to NOT including [PII (Personal Identifiable Information) / PID (Personal Identifiable Data)](https://digital.nhs.uk/data-and-information/keeping-data-safe-and-benefitting-the-public) or any other sensitive data in this PR (Pull Request) and the codebase changes. We will remove any PR that do contain any sensitive information. We really appreciate your cooperation in this matter. - [x] I confirm that neither PII/PID nor sensitive data are included in this PR and the codebase changes. --- locals.tf | 3 +++ main.tf | 1 + modules/cloudfront-logs/kms.tf | 2 +- modules/opennext-assets/s3.tf | 10 +++++----- modules/opennext-cloudfront/cloudfront.tf | 13 +++++++++++++ modules/opennext-cloudfront/variables.tf | 8 ++++++++ modules/opennext-revalidation-queue/kms.tf | 2 +- variables.tf | 3 +++ 8 files changed, 35 insertions(+), 7 deletions(-) diff --git a/locals.tf b/locals.tf index 0a6731e..9e66c17 100644 --- a/locals.tf +++ b/locals.tf @@ -28,6 +28,9 @@ locals { override = true preload = true }, var.cloudfront.hsts) + remove_headers_config = merge({ + items : [] + }, var.cloudfront.remove_headers_config) waf_logging_configuration = var.cloudfront.waf_logging_configuration cache_policy = { default_ttl = coalesce(try(var.cloudfront.cache_policy.default_ttl, null), 0) diff --git a/main.tf b/main.tf index d31053b..06e12d6 100644 --- a/main.tf +++ b/main.tf @@ -217,4 +217,5 @@ module "cloudfront" { hsts = local.cloudfront.hsts waf_logging_configuration = local.cloudfront.waf_logging_configuration cache_policy = local.cloudfront.cache_policy + remove_headers_config = local.cloudfront.remove_headers_config } diff --git a/modules/cloudfront-logs/kms.tf b/modules/cloudfront-logs/kms.tf index 25c59b0..0addc89 100644 --- a/modules/cloudfront-logs/kms.tf +++ b/modules/cloudfront-logs/kms.tf @@ -4,7 +4,7 @@ resource "aws_kms_key" "cloudwatch_logs_key" { description = "KMS Key for ${var.log_group_name} log group" deletion_window_in_days = 10 policy = data.aws_iam_policy_document.cloudwatch_logs_key_policy[0].json - enable_key_rotation = true + enable_key_rotation = true } data "aws_iam_policy_document" "cloudwatch_logs_key_policy" { diff --git a/modules/opennext-assets/s3.tf b/modules/opennext-assets/s3.tf index 7c0668d..5146639 100644 --- a/modules/opennext-assets/s3.tf +++ b/modules/opennext-assets/s3.tf @@ -166,18 +166,18 @@ data "aws_iam_policy_document" "read_assets_bucket" { } } statement { - effect = "Deny" - actions = ["s3:*"] + effect = "Deny" + actions = ["s3:*"] resources = [aws_s3_bucket.assets.arn, "${aws_s3_bucket.assets.arn}/*"] condition { - test = "Bool" - values = ["false"] + test = "Bool" + values = ["false"] variable = "aws:SecureTransport" } principals { - type = "*" + type = "*" identifiers = ["*"] } } diff --git a/modules/opennext-cloudfront/cloudfront.tf b/modules/opennext-cloudfront/cloudfront.tf index 36a1a6c..80feb01 100644 --- a/modules/opennext-cloudfront/cloudfront.tf +++ b/modules/opennext-cloudfront/cloudfront.tf @@ -146,6 +146,19 @@ resource "aws_cloudfront_response_headers_policy" "response_headers_policy" { } } } + dynamic "remove_headers_config" { + for_each = length(var.remove_headers_config.items) > 0 ? [true] : [] + + content { + dynamic "items" { + for_each = toset(var.remove_headers_config.items) + + content { + header = items.value + } + } + } + } } resource "aws_cloudfront_distribution" "distribution" { diff --git a/modules/opennext-cloudfront/variables.tf b/modules/opennext-cloudfront/variables.tf index d3cea54..3a0a336 100644 --- a/modules/opennext-cloudfront/variables.tf +++ b/modules/opennext-cloudfront/variables.tf @@ -162,3 +162,11 @@ variable "geo_restriction" { locations = list(string) }) } + +variable "remove_headers_config" { + description = "Response header removal configuration for the CloudFront distribution" + type = object({ + items = list(string) + }) +} + diff --git a/modules/opennext-revalidation-queue/kms.tf b/modules/opennext-revalidation-queue/kms.tf index 8d6e247..80ae450 100644 --- a/modules/opennext-revalidation-queue/kms.tf +++ b/modules/opennext-revalidation-queue/kms.tf @@ -9,7 +9,7 @@ resource "aws_kms_key" "revalidation_queue_key" { description = "${var.prefix} Revalidation SQS Queue KMS Key" deletion_window_in_days = 10 - policy = data.aws_iam_policy_document.revalidation_queue_key_policy[0].json + policy = data.aws_iam_policy_document.revalidation_queue_key_policy[0].json enable_key_rotation = true } diff --git a/variables.tf b/variables.tf index 527a965..903a4f9 100644 --- a/variables.tf +++ b/variables.tf @@ -327,6 +327,9 @@ variable "cloudfront" { allow_origins = list(string) origin_override = bool })) + remove_headers_config = optional(object({ + items = list(string) + })) hsts = optional(object({ access_control_max_age_sec = number include_subdomains = bool From 2a28f929418cf9accec2e26444a132662c68ad5c Mon Sep 17 00:00:00 2001 From: leonchabbey Date: Fri, 20 Oct 2023 19:09:02 +0200 Subject: [PATCH 4/5] feat: custom waf and other fixes --- locals.tf | 12 +++-- main.tf | 21 +++++---- modules/opennext-cloudfront/cloudfront.tf | 4 +- modules/opennext-cloudfront/variables.tf | 11 +++++ modules/opennext-cloudfront/waf.tf | 6 ++- variables.tf | 53 +++++++++++++---------- 6 files changed, 66 insertions(+), 41 deletions(-) diff --git a/locals.tf b/locals.tf index 9e66c17..a261816 100644 --- a/locals.tf +++ b/locals.tf @@ -9,6 +9,7 @@ locals { cloudfront = { aliases = var.cloudfront.aliases acm_certificate_arn = var.cloudfront.acm_certificate_arn + comment = var.cloudfront.comment assets_paths = coalesce(var.cloudfront.assets_paths, []) custom_headers = coalesce(var.cloudfront.custom_headers, []) geo_restriction = coalesce(try(var.cloudfront.geo_restriction, null), { @@ -31,15 +32,15 @@ locals { remove_headers_config = merge({ items : [] }, var.cloudfront.remove_headers_config) - waf_logging_configuration = var.cloudfront.waf_logging_configuration cache_policy = { default_ttl = coalesce(try(var.cloudfront.cache_policy.default_ttl, null), 0) min_ttl = coalesce(try(var.cloudfront.cache_policy.min_ttl, null), 0) max_ttl = coalesce(try(var.cloudfront.cache_policy.max_ttl, null), 31536000) - enable_accept_encoding_brotli = try(var.cloudfront.cache_policy.enable_accept_encoding_brotli, true) - enable_accept_encoding_gzip = try(var.cloudfront.cache_policy.enable_accept_encoding_gzip, true) + enable_accept_encoding_brotli = coalesce(try(var.cloudfront.cache_policy.enable_accept_encoding_brotli, null), true) + enable_accept_encoding_gzip = coalesce(try(var.cloudfront.cache_policy.enable_accept_encoding_gzip, null), true) cookies_config = merge({ - cookie_behavior = "all" + cookie_behavior = "all", + items = [] }, try(var.cloudfront.cache_policy.cookies_config, {})) headers_config = merge({ header_behavior = "whitelist", @@ -51,6 +52,9 @@ locals { }, try(var.cloudfront.cache_policy.query_strings_config, {})) } origin_request_policy = try(var.cloudfront.origin_request_policy, null) + + custom_waf = var.cloudfront.custom_waf + waf_logging_configuration = var.cloudfront.waf_logging_configuration } /** diff --git a/main.tf b/main.tf index 06e12d6..af1fe60 100644 --- a/main.tf +++ b/main.tf @@ -199,6 +199,7 @@ module "cloudfront" { prefix = "${var.prefix}-cloudfront" default_tags = var.default_tags + comment = local.cloudfront.comment logging_bucket_domain_name = module.cloudfront_logs.logs_s3_bucket.bucket_regional_domain_name assets_origin_access_identity = module.assets.cloudfront_origin_access_identity.cloudfront_access_identity_path @@ -208,14 +209,16 @@ module "cloudfront" { image_optimization_function = "${module.image_optimization_function.lambda_function_url.url_id}.lambda-url.${data.aws_region.current.name}.on.aws" } - aliases = local.cloudfront.aliases - acm_certificate_arn = local.cloudfront.acm_certificate_arn - assets_paths = local.cloudfront.assets_paths - custom_headers = local.cloudfront.custom_headers - geo_restriction = local.cloudfront.geo_restriction - cors = local.cloudfront.cors - hsts = local.cloudfront.hsts + aliases = local.cloudfront.aliases + acm_certificate_arn = local.cloudfront.acm_certificate_arn + assets_paths = local.cloudfront.assets_paths + custom_headers = local.cloudfront.custom_headers + geo_restriction = local.cloudfront.geo_restriction + cors = local.cloudfront.cors + hsts = local.cloudfront.hsts + cache_policy = local.cloudfront.cache_policy + remove_headers_config = local.cloudfront.remove_headers_config + + custom_waf = local.cloudfront.custom_waf waf_logging_configuration = local.cloudfront.waf_logging_configuration - cache_policy = local.cloudfront.cache_policy - remove_headers_config = local.cloudfront.remove_headers_config } diff --git a/modules/opennext-cloudfront/cloudfront.tf b/modules/opennext-cloudfront/cloudfront.tf index 80feb01..e4f755d 100644 --- a/modules/opennext-cloudfront/cloudfront.tf +++ b/modules/opennext-cloudfront/cloudfront.tf @@ -166,9 +166,9 @@ resource "aws_cloudfront_distribution" "distribution" { price_class = "PriceClass_100" enabled = true is_ipv6_enabled = true - comment = "${var.prefix} - CloudFront Distribution for Next.js Application" + comment = coalesce(var.comment, "${var.prefix} - CloudFront Distribution for Next.js Application") aliases = var.aliases - web_acl_id = aws_wafv2_web_acl.cloudfront_waf.arn + web_acl_id = try(var.custom_waf.arn, aws_wafv2_web_acl.cloudfront_waf[0].arn, null) logging_config { include_cookies = false diff --git a/modules/opennext-cloudfront/variables.tf b/modules/opennext-cloudfront/variables.tf index 3a0a336..1ab6fe3 100644 --- a/modules/opennext-cloudfront/variables.tf +++ b/modules/opennext-cloudfront/variables.tf @@ -9,6 +9,10 @@ variable "default_tags" { default = {} } +variable "comment" { + type = string + description = "Comment to add to the CloudFront distribution" +} variable "acm_certificate_arn" { type = string @@ -85,6 +89,13 @@ variable "hsts" { } } +variable "custom_waf" { + description = "ARN value for an externally created AWS WAF" + type = object({ + arn = string + }) +} + variable "waf_logging_configuration" { description = "Logging Configuration for the WAF attached to CloudFront" type = object({ diff --git a/modules/opennext-cloudfront/waf.tf b/modules/opennext-cloudfront/waf.tf index 0df510a..658ac0b 100644 --- a/modules/opennext-cloudfront/waf.tf +++ b/modules/opennext-cloudfront/waf.tf @@ -1,4 +1,6 @@ resource "aws_wafv2_web_acl" "cloudfront_waf" { + count = var.custom_waf == null ? 1 : 0 + provider = aws.global name = "${var.prefix}-waf" scope = "CLOUDFRONT" @@ -120,9 +122,9 @@ resource "aws_wafv2_web_acl" "cloudfront_waf" { } resource "aws_wafv2_web_acl_logging_configuration" "waf_logging" { - count = var.waf_logging_configuration == null ? 0 : 1 + count = var.waf_logging_configuration == null || try(aws_wafv2_web_acl.cloudfront_waf[0], null) == null ? 0 : 1 - resource_arn = aws_wafv2_web_acl.cloudfront_waf.arn + resource_arn = aws_wafv2_web_acl.cloudfront_waf[0].arn log_destination_configs = var.waf_logging_configuration.log_destination_configs dynamic "logging_filter" { diff --git a/variables.tf b/variables.tf index 903a4f9..c11dbac 100644 --- a/variables.tf +++ b/variables.tf @@ -310,6 +310,7 @@ variable "cloudfront" { type = object({ aliases = list(string) acm_certificate_arn = string + comment = optional(string) assets_paths = optional(list(string)) custom_headers = optional(list(object({ header = string @@ -336,30 +337,6 @@ variable "cloudfront" { override = bool preload = bool })) - waf_logging_configuration = optional(object({ - log_destination_configs = list(string) - logging_filter = optional(object({ - default_behavior = string - filter = list(object({ - behavior = string - requirement = string - action_condition = optional(list(object({ - action = string - }))) - label_name_condition = optional(list(object({ - label_name = string - }))) - })) - })) - redacted_fields = optional(list(object({ - method = optional(bool) - query_string = optional(bool) - single_header = optional(object({ - name = string - })) - uri_path = optional(bool) - }))) - })) cache_policy = optional(object({ default_ttl = optional(number) min_ttl = optional(number) @@ -368,6 +345,7 @@ variable "cloudfront" { enable_accept_encoding_brotli = optional(bool) cookies_config = optional(object({ cookie_behavior = string + items = optional(list(string)) })) headers_config = optional(object({ header_behavior = string @@ -391,5 +369,32 @@ variable "cloudfront" { items = optional(list(string)) }) })) + custom_waf = optional(object({ + arn = string + })) + waf_logging_configuration = optional(object({ + log_destination_configs = list(string) + logging_filter = optional(object({ + default_behavior = string + filter = list(object({ + behavior = string + requirement = string + action_condition = optional(list(object({ + action = string + }))) + label_name_condition = optional(list(object({ + label_name = string + }))) + })) + })) + redacted_fields = optional(list(object({ + method = optional(bool) + query_string = optional(bool) + single_header = optional(object({ + name = string + })) + uri_path = optional(bool) + }))) + })) }) } From 08692b02ee710c7bd113379d2d489b3cbac90dcb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 20 Oct 2023 20:08:33 +0100 Subject: [PATCH 5/5] Bump word-wrap from 1.2.3 to 1.2.4 in /modules/cloudfront-logs/lambda (#4) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [word-wrap](https://github.com/jonschlinkert/word-wrap) from 1.2.3 to 1.2.4.
Release notes

Sourced from word-wrap's releases.

1.2.4

What's Changed

New Contributors

Full Changelog: https://github.com/jonschlinkert/word-wrap/compare/1.2.3...1.2.4

Commits
  • f64b188 run verb to generate README
  • 03ea082 Merge pull request #42 from jonschlinkert/chore/publish-workflow
  • 420dce9 Merge pull request #41 from jonschlinkert/fix/CVE-2023-26115-2
  • bfa694e Update .github/workflows/publish.yml
  • ace0b3c chore: bump version to 1.2.4
  • 6fd7275 chore: add publish workflow
  • 30d6daf chore: fix test
  • 655929c chore: remove package-lock
  • 49e08bb chore: added an additional testcase
  • 9f62693 fix: cve 2023-26115
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=word-wrap&package-manager=npm_and_yarn&previous-version=1.2.3&new-version=1.2.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/nhs-england-tools/terraform-aws-opennext/network/alerts).
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Thomas Judd-Cooper --- modules/cloudfront-logs/lambda/yarn.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/cloudfront-logs/lambda/yarn.lock b/modules/cloudfront-logs/lambda/yarn.lock index 4f3b215..2f7d53f 100644 --- a/modules/cloudfront-logs/lambda/yarn.lock +++ b/modules/cloudfront-logs/lambda/yarn.lock @@ -2932,9 +2932,9 @@ which@^2.0.1: isexe "^2.0.0" word-wrap@^1.2.3: - version "1.2.3" - resolved "https://registry.yarnpkg.com/word-wrap/-/word-wrap-1.2.3.tgz#610636f6b1f703891bd34771ccb17fb93b47079c" - integrity sha512-Hz/mrNwitNRh/HUAtM/VT/5VH+ygD6DV7mYKZAtHOrbs8U7lvPS6xf7EJKMF0uW1KJCl0H701g3ZGus+muE5vQ== + version "1.2.4" + resolved "https://registry.yarnpkg.com/word-wrap/-/word-wrap-1.2.4.tgz#cb4b50ec9aca570abd1f52f33cd45b6c61739a9f" + integrity sha512-2V81OA4ugVo5pRo46hAoD2ivUJx8jXmWXfUkY4KFNw0hEptvN0QfH3K4nHiwzGeKl5rFKedV48QVoqYavy4YpA== wrappy@1: version "1.0.2"