chore(deps): bump @aws-sdk/client-s3 from 3.1045.0 to 3.1060.0 in /paaster

[dependabot]

Bumps @aws-sdk/client-s3 from 3.1045.0 to 3.1060.0.

Release notes

Sourced from @​aws-sdk/client-s3's releases.

v3.1060.0

3.1060.0(2026-06-03)

Chores

• yarn dedupe (#8070) (7db9cd96)

New Features

• clients: update client endpoints as of 2026-06-03 (8e6cc9f1)
• client-geo-routes: Add "standardRegionalEndpoints" back to fix 'Could not connect to the endpoint URL' (324aa6ad)

Bug Fixes

• client-dynamodb: dynamodb special retry config fixed to be merge-compatible with user-supplied retry config (#8068) (a569d9c4)

---

For list of updated packages, view updated-packages.md in assets-3.1060.0.zip

v3.1059.0

3.1059.0(2026-06-02)

Chores

• codegen:
  • improve formatting of generated lib-dynamodb files (#8069) (0d0ddc0f)
  • sync for adaptive retry fix, EAI_AGAIN transient error (#8067) (6b082a65)

Documentation Changes

• client-iot: Fleet indexing documentation update (6151ac25)

New Features

• clients: update client endpoints as of 2026-06-02 (164aa659)
• client-waf: Adding new BDD representation of endpoint ruleset (4d90e8eb)
• client-personalize-runtime: Adding new BDD representation of endpoint ruleset (e578bf91)
• client-sqs: Adding new BDD representation of endpoint ruleset (d2a45936)
• client-service-catalog: Adding new BDD representation of endpoint ruleset (a14dfb22)
• client-rekognition: Adding new BDD representation of endpoint ruleset (fdbac926)
• client-resource-groups-tagging-api: Adding new BDD representation of endpoint ruleset (3f935495)
• client-snowball: Adding new BDD representation of endpoint ruleset (2be7cb1c)
• client-lex-runtime-service: Adding new BDD representation of endpoint ruleset (e47af6bd)
• client-medialive: Adding new BDD representation of endpoint ruleset (fc6eaf60)
• client-storage-gateway: Adding new BDD representation of endpoint ruleset (7953156c)
• client-swf: Adding new BDD representation of endpoint ruleset (875e3740)
• client-s3: Adding new BDD representation of endpoint ruleset (c2610606)
• client-xray: Adding new BDD representation of endpoint ruleset (37c36561)

... (truncated)

Changelog

Sourced from @​aws-sdk/client-s3's changelog.

3.1060.0 (2026-06-03)

Note: Version bump only for package @​aws-sdk/client-s3

3.1059.0 (2026-06-02)

Note: Version bump only for package @​aws-sdk/client-s3

3.1058.0 (2026-06-01)

Note: Version bump only for package @​aws-sdk/client-s3

3.1057.0 (2026-05-29)

Note: Version bump only for package @​aws-sdk/client-s3

3.1056.0 (2026-05-28)

Note: Version bump only for package @​aws-sdk/client-s3

3.1055.0 (2026-05-27)

Note: Version bump only for package @​aws-sdk/client-s3

3.1054.0 (2026-05-26)

... (truncated)

Commits

• 8aeb92d Publish v3.1060.0
• 75bb4fc Publish v3.1059.0
• 6b082a6 chore(codegen): sync for adaptive retry fix, EAI_AGAIN transient error (#8067)
• d7602d4 Publish v3.1058.0
• e836d5c Publish v3.1057.0
• e55a387 chore(codegen): sync for smithy 1.71.0 and snapshot-testing fix (#8053)
• 4b03542 Publish v3.1056.0
• 7ae617c chore(codegen): sync for cyclic file dependency fixes (#8051)
• 2981565 Publish v3.1055.0
• d999d57 Publish v3.1054.0
• Additional commits viewable in compare view

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​aws-sdk/​client-s3@​3.1060.0

View full report

[socket-security]

Caution

Review the following alerts detected in dependencies.

According to your organization's Security Policy, you must resolve all "Block" alerts before proceeding. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Block		Trivial package: npm @smithy/eventstream-serde-config-resolver has 9 lines of code Location: Package overview From: paaster/package-lock.json → npm/@aws-sdk/s3-presigned-post@3.1045.0 → npm/@smithy/eventstream-serde-config-resolver@4.4.6 ℹ Read more on: This package | This alert | What are trivial packages? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Removing this package as a dependency and implementing its logic will reduce supply chain risk. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@smithy/eventstream-serde-config-resolver@4.4.6. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Trivial package: npm @smithy/eventstream-serde-node has 10 lines of code Location: Package overview From: paaster/package-lock.json → npm/@aws-sdk/s3-presigned-post@3.1045.0 → npm/@smithy/eventstream-serde-node@4.3.6 ℹ Read more on: This package | This alert | What are trivial packages? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Removing this package as a dependency and implementing its logic will reduce supply chain risk. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@smithy/eventstream-serde-node@4.3.6. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Trivial package: npm @smithy/hash-blob-browser has 8 lines of code Location: Package overview From: paaster/package-lock.json → npm/@aws-sdk/s3-presigned-post@3.1045.0 → npm/@smithy/hash-blob-browser@4.3.6 ℹ Read more on: This package | This alert | What are trivial packages? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Removing this package as a dependency and implementing its logic will reduce supply chain risk. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@smithy/hash-blob-browser@4.3.6. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Trivial package: npm @smithy/hash-node has 8 lines of code Location: Package overview From: paaster/package-lock.json → npm/@aws-sdk/s3-presigned-post@3.1045.0 → npm/@smithy/hash-node@4.3.6 ℹ Read more on: This package | This alert | What are trivial packages? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Removing this package as a dependency and implementing its logic will reduce supply chain risk. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@smithy/hash-node@4.3.6. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Trivial package: npm @smithy/invalid-dependency has 9 lines of code Location: Package overview From: paaster/package-lock.json → npm/@aws-sdk/s3-presigned-post@3.1045.0 → npm/@smithy/invalid-dependency@4.3.6 ℹ Read more on: This package | This alert | What are trivial packages? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Removing this package as a dependency and implementing its logic will reduce supply chain risk. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@smithy/invalid-dependency@4.3.6. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Trivial package: npm @smithy/middleware-content-length has 10 lines of code Location: Package overview From: paaster/package-lock.json → npm/@aws-sdk/s3-presigned-post@3.1045.0 → npm/@smithy/middleware-content-length@4.3.6 ℹ Read more on: This package | This alert | What are trivial packages? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Removing this package as a dependency and implementing its logic will reduce supply chain risk. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@smithy/middleware-content-length@4.3.6. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Trivial package: npm @smithy/util-body-length-browser has 8 lines of code Location: Package overview From: paaster/package-lock.json → npm/@aws-sdk/s3-presigned-post@3.1045.0 → npm/@smithy/util-body-length-browser@4.3.6 ℹ Read more on: This package | This alert | What are trivial packages? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Removing this package as a dependency and implementing its logic will reduce supply chain risk. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@smithy/util-body-length-browser@4.3.6. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Trivial package: npm @smithy/util-body-length-node has 8 lines of code Location: Package overview From: paaster/package-lock.json → npm/@aws-sdk/s3-presigned-post@3.1045.0 → npm/@smithy/util-body-length-node@4.3.6 ℹ Read more on: This package | This alert | What are trivial packages? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Removing this package as a dependency and implementing its logic will reduce supply chain risk. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@smithy/util-body-length-node@4.3.6. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Trivial package: npm @smithy/util-defaults-mode-browser has 9 lines of code Location: Package overview From: paaster/package-lock.json → npm/@aws-sdk/s3-presigned-post@3.1045.0 → npm/@smithy/util-defaults-mode-browser@4.4.6 ℹ Read more on: This package | This alert | What are trivial packages? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Removing this package as a dependency and implementing its logic will reduce supply chain risk. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@smithy/util-defaults-mode-browser@4.4.6. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Trivial package: npm @smithy/util-defaults-mode-node has 9 lines of code Location: Package overview From: paaster/package-lock.json → npm/@aws-sdk/s3-presigned-post@3.1045.0 → npm/@smithy/util-defaults-mode-node@4.3.6 ℹ Read more on: This package | This alert | What are trivial packages? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Removing this package as a dependency and implementing its logic will reduce supply chain risk. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@smithy/util-defaults-mode-node@4.3.6. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Potential code anomaly (AI signal): npm @smithy/core is 100.0% likely to have a medium risk anomaly Notes: The code implements a conventional, well-structured event-stream unmarshalling pipeline with explicit handling for error, exception, and event message types. The primary security considerations are: potential exposure of header/body content through thrown errors, reliance on the deserializer contract (notably the $unknown flag), and ensuring that downstream consumers appropriately trust the deserialized payloads. In a supply-chain context, ensure that eventStreamCodec, deserializer implementations, and error handling are trusted and audited to avoid leaking sensitive metadata, and consider sanitizing error messages in production. Confidence: 1.00 Severity: 0.60 From: paaster/package-lock.json → npm/@aws-sdk/s3-presigned-post@3.1045.0 → npm/@aws-sdk/s3-request-presigner@3.1045.0 → npm/@aws-sdk/client-s3@3.1060.0 → npm/@smithy/core@3.24.6 ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@smithy/core@3.24.6. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[dependabot]

Superseded by #1171.