Release v7.0.5

.gitignore

@@ -23,6 +23,8 @@
 **/testem.log
 **/.vscode/settings.json
 demo-ui-config.js
+.temp_redpencil
+bom.json
 
 # System Files
 **/.DS_Store

CHANGELOG.md

@@ -5,7 +5,20 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-## [7.0.4] - 2025-06-10
+## [7.0.5] - 2025-07-07
+
+### Changed
+
+- Migrated to [AWS SDK for JavaScript v3](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/introduction/)
+- Bundling instruction for sharp module as per [cross-platform installation instruction](https://sharp.pixelplumbing.com/install/#npm-v10)
+- Bumped dependencies
+
+### Fixed
+
+- Return image metadata for all cases by default using [withMetadata()](https://sharp.pixelplumbing.com/api-output/#withmetadata)
+- In thumbor-styled requests, align `filters:rotate()` with sharp [rotate behavior](https://sharp.pixelplumbing.com/api-operation/#rotate), if no angle is provided `autoOrient()` will be called
+
+## [7.0.4] - 2025-06-09
 
 ### Security
 

VERSION.txt

@@ -1 +1 @@
-7.0.4
+7.0.5

deployment/cdk-solution-helper/package.json

@@ -1,6 +1,6 @@
 {
   "name": "cdk-solution-helper",
-  "version": "7.0.4",
+  "version": "7.0.5",
   "description": "helper to update references in cdk generated cfn template and package lambda assets",
   "main": "index.js",
   "scripts": {

deployment/cdk-solution-helper/tsconfig.json

@@ -1,3 +1,15 @@
 {
-  "extends": "ts-node/node16/tsconfig.json",
+  "compilerOptions": {
+    "target": "es2020",
+    "module": "commonjs",
+    "moduleResolution": "node",
+    "esModuleInterop": true,
+    "allowSyntheticDefaultImports": true,
+    "strict": true,
+    "skipLibCheck": true,
+    "forceConsistentCasingInFileNames": true
+  },
+  "ts-node": {
+    "esm": false
+  }
 }

source/constructs/cdk.json

@@ -2,7 +2,7 @@
   "app": "npx ts-node --prefer-ts-exts bin/constructs.ts",
   "context": {
     "solutionId": "SO0023",
-    "solutionVersion": "custom-v7.0.4",
+    "solutionVersion": "custom-v7.0.5",
     "solutionName": "dynamic-image-transformation-for-amazon-cloudfront"
   }
 }

source/constructs/lib/back-end/api-gateway-architecture.ts

@@ -161,6 +161,26 @@ export class ApiGatewayArchitecture {
           "AWS::ApiGateway::Method AuthorizationType is set to 'NONE' because API Gateway behind CloudFront does not support AWS_IAM authentication",
       },
     ]);
+    addCfnSuppressRules(imageHandlerCloudFrontApiGatewayLambda.apiGateway.deploymentStage, [
+      {
+        id: "W87",
+        reason: "Cache not enabled, using CloudFront for caching viewer response",
+      },
+    ]);
+    addCfnSuppressRules(imageHandlerCloudFrontApiGatewayLambda.apiGatewayCloudWatchRole, [
+      {
+        id: "F10",
+        reason: "Inline policy used in solutions construct",
+      },
+    ]);
+    imageHandlerCloudFrontApiGatewayLambda.apiGateway.methods.forEach((method) => {
+      addCfnSuppressRules(method, [
+        {
+          id: "W59",
+          reason: "No authorization currently on the API Gateway",
+        },
+      ]);
+    });
 
     imageHandlerCloudFrontApiGatewayLambda.apiGateway.node.tryRemoveChild("Endpoint"); // we don't need the RestApi endpoint in the outputs
     scope.domainName = Fn.conditionIf(

source/constructs/lib/back-end/back-end-construct.ts

@@ -132,7 +132,10 @@ export class BackEnd extends Construct {
             return [];
           },
           afterBundling(inputDir: string, outputDir: string): string[] {
-            return [`cd ${outputDir}`, "rm -rf node_modules/sharp && npm install --arch=x64 --platform=linux sharp"];
+            return [
+              `cd ${outputDir}`,
+              "rm -rf node_modules/sharp && npm install --cpu=x64 --os=linux --libc=glibc sharp", // npm 10.4.0+ --libc=glibc is needed for the platform-specific deps to be installed when cross-compiling sharp from mac to linux
+            ];
           },
         },
       },
@@ -155,6 +158,10 @@ export class BackEnd extends Construct {
         id: "W84",
         reason: "CloudWatch log group is always encrypted by default.",
       },
+      {
+        id: "W86",
+        reason: "Retention days are configured with property override",
+      },
     ]);
 
     const cachePolicy = new CachePolicy(this, "CachePolicy", {

source/constructs/lib/back-end/s3-object-lambda-architecture.ts

@@ -28,6 +28,7 @@ import { readFileSync } from "fs";
 import { BackEnd, BackEndProps } from "./back-end-construct";
 import { Effect, Policy, PolicyStatement, ServicePrincipal } from "aws-cdk-lib/aws-iam";
 import { S3ObjectLambdaOrigin } from "./s3-object-lambda-origin";
+import { addCfnSuppressRules } from "../../utils/utils";
 
 export interface S3ObjectLambdaArchitectureProps extends BackEndProps {
   originRequestPolicy: OriginRequestPolicy;
@@ -180,6 +181,13 @@ export class S3ObjectLambdaArchitecture {
         })
       )
     );
+    addCfnSuppressRules(this.imageHandlerCloudFrontDistribution, [
+      {
+        id: "W70",
+        reason:
+          "Since the distribution uses the CloudFront domain name, CloudFront automatically sets the security policy to TLSv1 regardless of the value of MinimumProtocolVersion",
+      },
+    ]);
 
     const conditionalCloudFrontDistributionId = Fn.conditionIf(
       props.conditions.useExistingCloudFrontDistributionCondition.logicalId,

source/constructs/lib/common-resources/custom-resources/custom-resource-construct.ts

@@ -203,6 +203,10 @@ export class CustomResourcesConstruct extends Construct {
         reason:
           "Allow '*' because it is required for making DescribeRegions API call as it doesn't support resource-level permissions and require to choose all resources.",
       },
+      {
+        id: "F10",
+        reason: "Using inline policy",
+      },
     ]);
 
     props.secretsManagerPolicy.attachToRole(this.customResourceRole);