updates for release v1.0.5

knihit · knihit · commit 56eea9991509 · 2024-03-04T21:24:47.000-05:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,13 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.0.5] - 2024-03-05
+
+### Updated
+
+- Library upgrades to address security vulnerability related to `node-ip` (CVE-2023-42282)[https://github.com/advisories/GHSA-78xj-cgh5-2h22]
+- Add dependency between Amazon S3 bucket creation and S3 bucket policy to reduce failures with `Fn::GetAtt` when retrieving bucket arn to create bucket policy
+
 ## [1.0.4] - 2024-01-11
 
 ### Updated
diff --git a/source/infrastructure/lib/s3web/static-site.ts b/source/infrastructure/lib/s3web/static-site.ts
@@ -97,6 +97,12 @@ export class StaticWebsite extends Construct {
 
         const cloudFrontLogsLoggingPrefix = 'cloudfrontlogs-logging';
 
+        this.webS3Bucket.policy?.node.addDependency(cloudfrontToS3.cloudFrontWebDistribution);
+        cloudfrontToS3.cloudFrontLoggingBucket?.node
+            .tryFindChild('Policy')
+            ?.node.tryFindChild('Resource')
+            ?.node?.addDependency(cloudfrontToS3.cloudFrontLoggingBucket);
+
         const bucketPolicyUpdateCustomResource = new cdk.CustomResource(this, 'UpdateBucketPolicy', {
             resourceType: 'Custom::UpdateBucketPolicy',
             serviceToken: props.customResourceLambdaArn,
diff --git a/source/ui/package-lock.json b/source/ui/package-lock.json
