Changes for v4.0.12 (#303)

Author: JimTharioAmazon

CHANGELOG.md

@@ -5,6 +5,16 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [4.0.12] - 2026-03-19
+
+### Security
+
+- Updated Docker base image (amazonlinux:2023-minimal) to latest digest to incorporate latest OS-level security patches
+- Regenerated package-lock.json files to pull in latest dependency resolutions, including:
+  - Upgraded fast-xml-parser from 5.3.6 to 5.5.6 via npm overrides to address [GHSA-8gc5-j5rx-235r](https://github.com/advisories/GHSA-8gc5-j5rx-235r), [CVE-2026-27942](https://nvd.nist.gov/vuln/detail/CVE-2026-27942), [CVE-2026-25896](https://nvd.nist.gov/vuln/detail/CVE-2026-25896), and [CVE-2026-25128](https://nvd.nist.gov/vuln/detail/CVE-2026-25128)
+  - Upgraded undici from 7.20.0 to 7.24.4 to address [CVE-2026-22036](https://nvd.nist.gov/vuln/detail/CVE-2026-22036) and [CVE-2026-1525](https://nvd.nist.gov/vuln/detail/CVE-2026-1525)
+  - Upgraded @aws-sdk/xml-builder to 3.972.11 and @smithy/types to 4.13.1
+
 ## [4.0.11] - 2026-03-05
 
 ### Security

NOTICE

@@ -585,6 +585,7 @@ p-locate under the MIT license
 p-limit under the MIT license
 yocto-queue under the MIT license
 path-exists under the MIT license
+path-expression-matcher under the MIT license
 glob-parent under the ISC license
 is-glob under the MIT license
 is-extglob under the MIT license

VERSION.txt

@@ -1 +1 @@
-4.0.11
+4.0.12

deployment/ecr/distributed-load-testing-on-aws-load-tester/Dockerfile

@@ -1,4 +1,4 @@
-FROM public.ecr.aws/amazonlinux/amazonlinux:2023-minimal@sha256:6621917fc09ad8c935aa5ccc32c933c6dec250deafae54af86e154fcd19f5ed0
+FROM public.ecr.aws/amazonlinux/amazonlinux:2023-minimal@sha256:0051b1aa8e8023cd02ce41aace90dc05dcc68e9e85e44bb0abe46f25c3b2c962
 
 RUN dnf upgrade -y --refresh && \
     dnf install -y python3.11 python3.11-pip java-21-amazon-corretto bc procps jq findutils unzip && \

env.example

@@ -0,0 +1,11 @@
+# CDK Parameters
+TARGET_REGION=us-west-2
+MAIN_STACK_NAME=distributed-load-testing-on-aws # from distributed-load-test-on-aws.ts
+REGIONAL_STACK_NAME=distributed-load-testing-on-aws-regional # from distributed-load-test-on-aws.ts
+
+# Stack Parameters
+ADMIN_NAME=username_no_spaces
+ADMIN_EMAIL=email@example.com
+
+# Deployed Stack Parameters
+DLT_CONSOLE_BUCKET=change_me_after_deployment

solution-manifest.yaml

@@ -1,6 +1,6 @@
 id: SO0062
 name: distributed-load-testing-on-aws
-version: v4.0.11
+version: v4.0.12
 cloudformation_templates:
   - template: distributed-load-testing-on-aws.template
     main_template: true

source/api-services/package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "api-services",
-  "version": "4.0.11",
+  "version": "4.0.12",
   "description": "REST API micro services",
   "repository": {
     "type": "git",
@@ -48,6 +48,7 @@
   },
   "readme": "./README.md",
   "overrides": {
-    "form-data": "4.0.4"
+    "form-data": "4.0.4",
+    "fast-xml-parser": ">=5.5.6"
   }
 }

source/api-services/package.json

@@ -1,6 +1,6 @@
 {
   "name": "custom-resource",
-  "version": "4.0.11",
+  "version": "4.0.12",
   "description": "cfn custom resources for distributed load testing on AWS workflow",
   "repository": {
     "type": "git",
@@ -34,6 +34,7 @@
   },
   "readme": "./README.md",
   "overrides": {
-    "form-data": "4.0.4"
+    "form-data": "4.0.4",
+    "fast-xml-parser": ">=5.5.6"
   }
 }