Bumping deps to avoid CVE (15/01/2026)

[liranmauda]

Explain the Changes

• Bumping deps to avoid CVE (15/01/2026)

Summary by CodeRabbit

• Chores
  • Bumped AWS SDK v3 packages to latest patch release (3.969.0)
  • Updated PostgreSQL driver to 8.17.1
  • Updated YAML package to 2.8.2
  • No changes to public/exported APIs; dependency version updates only

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

📝 Walkthrough

Walkthrough

Bumped dependency versions in package.json: AWS SDK v3 clients/libs moved from 3.968.0 → 3.969.0, pg updated to 8.17.1, and yaml updated to 2.8.2. No public API changes.

Changes

Cohort / File(s)	Summary
Dependencies (package.json) package.json	Updated @aws-sdk/client-s3, @aws-sdk/client-sts, @aws-sdk/credential-providers, @aws-sdk/lib-storage, @aws-sdk/s3-request-presigner from 3.968.0 → 3.969.0; devDependency @aws-sdk/client-iam 3.968.0 → 3.969.0; pg 8.16.3 → 8.17.1; yaml 2.8.1 → 2.8.2. No code/API changes.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

• Bumping deps to avoid CVE (14/01/2026) #9377 — Sequential AWS SDK v3 version bumps (3.967→3.968→3.969) touching the same packages.
• Bumping deps to avoid CVE (21/09/2025) #9224 — Updates same AWS SDK v3 clients and related dependency entries in package.json.
• Bumping deps to avoid CVE (13/11/2025) (part 2) #9305 — Bumps the same AWS SDK v3 packages and @aws-sdk/client-iam in package.json.

Suggested labels

size/M

Suggested reviewers

• nimrod-becker
• dannyzaken
• jackyalbo

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly communicates the primary change: bumping dependencies to address CVE vulnerabilities, which aligns with the changeset containing only dependency version updates.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

---

📜 Recent review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4522c86 and 6c4aeb5.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (1)

• package.json

🚧 Files skipped from review as they are similar to previous changes (1)

• package.json

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: Build Noobaa Image
• GitHub Check: run-package-lock-validation
• GitHub Check: run-jest-unit-tests

_{✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}