Bump github.com/aws/aws-sdk-go-v2 from 1.33.0 to 1.36.3

Bumps [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) from 1.33.0 to 1.36.3.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.33.0...v1.36.3)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

go.mod

@@ -5,7 +5,7 @@ go 1.22
 require (
 	github.com/DATA-DOG/go-sqlmock v1.5.2
 	github.com/alicebob/miniredis v2.5.0+incompatible
-	github.com/aws/aws-sdk-go-v2 v1.33.0
+	github.com/aws/aws-sdk-go-v2 v1.36.3
 	github.com/aws/aws-sdk-go-v2/config v1.29.0
 	github.com/aws/aws-sdk-go-v2/credentials v1.17.53
 	github.com/aws/aws-sdk-go-v2/feature/dynamodb/attributevalue v1.15.27

go.sum

@@ -7,8 +7,8 @@ github.com/alicebob/gopher-json v0.0.0-20200520072559-a9ecdc9d1d3a/go.mod h1:SGn
 github.com/alicebob/miniredis v2.5.0+incompatible h1:yBHoLpsyjupjz3NL3MhKMVkR41j82Yjf3KFv7ApYzUI=
 github.com/alicebob/miniredis v2.5.0+incompatible/go.mod h1:8HZjEj4yU0dwhYHky+DxYx+6BMjkBbe5ONFIF1MXffk=
 github.com/aws/aws-sdk-go-v2 v1.9.0/go.mod h1:cK/D0BBs0b/oWPIcX/Z/obahJK1TT7IPVjy53i/mX/4=
-github.com/aws/aws-sdk-go-v2 v1.33.0 h1:Evgm4DI9imD81V0WwD+TN4DCwjUMdc94TrduMLbgZJs=
+github.com/aws/aws-sdk-go-v2 v1.36.3 h1:mJoei2CxPutQVxaATCzDUjcZEjVRdpsiiXi2o38yqWM=
-github.com/aws/aws-sdk-go-v2 v1.33.0/go.mod h1:P5WJBrYqqbWVaOxgH0X/FYYD47/nooaPOZPlQdmiN2U=
+github.com/aws/aws-sdk-go-v2 v1.36.3/go.mod h1:LLXuLpgzEbD766Z5ECcRmi8AzSwfZItDtmABVkRLGzg=
 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.7 h1:lL7IfaFzngfx0ZwUGOZdsFFnQ5uLvR0hWqqhyE7Q9M8=
 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.7/go.mod h1:QraP0UcVlQJsmHfioCrveWOC1nbiWUl3ej08h4mXWoc=
 github.com/aws/aws-sdk-go-v2/config v1.29.0 h1:Vk/u4jof33or1qAQLdofpjKV7mQQT7DcUpnYx8kdmxY=

vendor/github.com/aws/aws-sdk-go-v2/aws/credential_cache.go

@@ -172,6 +172,17 @@ func (p *CredentialsCache) getCreds() (Credentials, bool) {
 	return *c, true
 }
 
+// ProviderSources returns a list of where the underlying credential provider
+// has been sourced, if available. Returns empty if the provider doesn't implement
+// the interface
+func (p *CredentialsCache) ProviderSources() []CredentialSource {
+	asSource, ok := p.provider.(CredentialProviderSource)
+	if !ok {
+		return []CredentialSource{}
+	}
+	return asSource.ProviderSources()
+}
+
 // Invalidate will invalidate the cached credentials. The next call to Retrieve
 // will cause the provider's Retrieve method to be called.
 func (p *CredentialsCache) Invalidate() {

vendor/github.com/aws/aws-sdk-go-v2/aws/credentials.go

@@ -70,6 +70,56 @@ func (AnonymousCredentials) Retrieve(context.Context) (Credentials, error) {
 		fmt.Errorf("the AnonymousCredentials is not a valid credential provider, and cannot be used to sign AWS requests with")
 }
 
+// CredentialSource is the source of the credential provider.
+// A provider can have multiple credential sources: For example, a provider that reads a profile, calls ECS to
+// get credentials and then assumes a role using STS will have all these as part of its provider chain.
+type CredentialSource int
+
+const (
+	// CredentialSourceUndefined is the sentinel zero value
+	CredentialSourceUndefined CredentialSource = iota
+	// CredentialSourceCode credentials resolved from code, cli parameters, session object, or client instance
+	CredentialSourceCode
+	// CredentialSourceEnvVars credentials resolved from environment variables
+	CredentialSourceEnvVars
+	// CredentialSourceEnvVarsSTSWebIDToken credentials resolved from environment variables for assuming a role with STS using a web identity token
+	CredentialSourceEnvVarsSTSWebIDToken
+	// CredentialSourceSTSAssumeRole credentials resolved from STS using AssumeRole
+	CredentialSourceSTSAssumeRole
+	// CredentialSourceSTSAssumeRoleSaml credentials resolved from STS using assume role with SAML
+	CredentialSourceSTSAssumeRoleSaml
+	// CredentialSourceSTSAssumeRoleWebID credentials resolved from STS using assume role with web identity
+	CredentialSourceSTSAssumeRoleWebID
+	// CredentialSourceSTSFederationToken credentials resolved from STS using a federation token
+	CredentialSourceSTSFederationToken
+	// CredentialSourceSTSSessionToken credentials resolved from STS using a session token 	S
+	CredentialSourceSTSSessionToken
+	// CredentialSourceProfile  credentials resolved from a config file(s) profile with static credentials
+	CredentialSourceProfile
+	// CredentialSourceProfileSourceProfile credentials resolved from a source profile in a config file(s) profile
+	CredentialSourceProfileSourceProfile
+	// CredentialSourceProfileNamedProvider credentials resolved from a named provider in a config file(s) profile (like EcsContainer)
+	CredentialSourceProfileNamedProvider
+	// CredentialSourceProfileSTSWebIDToken  credentials resolved from configuration for assuming a role with STS using web identity token in a config file(s) profile
+	CredentialSourceProfileSTSWebIDToken
+	// CredentialSourceProfileSSO credentials resolved from an SSO session in a config file(s) profile
+	CredentialSourceProfileSSO
+	// CredentialSourceSSO credentials resolved from an SSO session
+	CredentialSourceSSO
+	// CredentialSourceProfileSSOLegacy credentials resolved from an SSO session in a config file(s) profile using legacy format
+	CredentialSourceProfileSSOLegacy
+	// CredentialSourceSSOLegacy credentials resolved from an SSO session using legacy format
+	CredentialSourceSSOLegacy
+	// CredentialSourceProfileProcess credentials resolved from a process in a config file(s) profile
+	CredentialSourceProfileProcess
+	// CredentialSourceProcess credentials resolved from a process
+	CredentialSourceProcess
+	// CredentialSourceHTTP credentials resolved from an HTTP endpoint
+	CredentialSourceHTTP
+	// CredentialSourceIMDS credentials resolved from the instance metadata service (IMDS)
+	CredentialSourceIMDS
+)
+
 // A Credentials is the AWS credentials value for individual credential fields.
 type Credentials struct {
 	// AWS Access key ID
@@ -125,6 +175,13 @@ type CredentialsProvider interface {
 	Retrieve(ctx context.Context) (Credentials, error)
 }
 
+// CredentialProviderSource allows any credential provider to track
+// all providers where a credential provider were sourced. For example, if the credentials came from a
+// call to a role specified in the profile, this method will give the whole breadcrumb trail
+type CredentialProviderSource interface {
+	ProviderSources() []CredentialSource
+}
+
 // CredentialsProviderFunc provides a helper wrapping a function value to
 // satisfy the CredentialsProvider interface.
 type CredentialsProviderFunc func(context.Context) (Credentials, error)

vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go

@@ -3,4 +3,4 @@
 package aws
 
 // goModuleVersion is the tagged release for this module
-const goModuleVersion = "1.33.0"
+const goModuleVersion = "1.36.3"

vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/user_agent.go

@@ -77,18 +77,29 @@ type UserAgentFeature string
 // Enumerates UserAgentFeature.
 const (
 	UserAgentFeatureResourceModel UserAgentFeature = "A" // n/a (we don't generate separate resource types)
+
 	UserAgentFeatureWaiter    = "B"
 	UserAgentFeaturePaginator = "C"
+
 	UserAgentFeatureRetryModeLegacy   = "D" // n/a (equivalent to standard)
 	UserAgentFeatureRetryModeStandard = "E"
 	UserAgentFeatureRetryModeAdaptive = "F"
+
 	UserAgentFeatureS3Transfer      = "G"
 	UserAgentFeatureS3CryptoV1N     = "H" // n/a (crypto client is external)
 	UserAgentFeatureS3CryptoV2      = "I" // n/a
 	UserAgentFeatureS3ExpressBucket = "J"
 	UserAgentFeatureS3AccessGrants  = "K" // not yet implemented
+
 	UserAgentFeatureGZIPRequestCompression = "L"
+
 	UserAgentFeatureProtocolRPCV2CBOR = "M"
+
+	UserAgentFeatureAccountIDEndpoint      = "O" // DO NOT IMPLEMENT: rules output is not currently defined. SDKs should not parse endpoints for feature information.
+	UserAgentFeatureAccountIDModePreferred = "P"
+	UserAgentFeatureAccountIDModeDisabled  = "Q"
+	UserAgentFeatureAccountIDModeRequired  = "R"
+
 	UserAgentFeatureRequestChecksumCRC32          = "U"
 	UserAgentFeatureRequestChecksumCRC32C         = "V"
 	UserAgentFeatureRequestChecksumCRC64          = "W"
@@ -98,8 +109,57 @@ const (
 	UserAgentFeatureRequestChecksumWhenRequired   = "a"
 	UserAgentFeatureResponseChecksumWhenSupported = "b"
 	UserAgentFeatureResponseChecksumWhenRequired  = "c"
+
+	UserAgentFeatureDynamoDBUserAgent = "d" // not yet implemented
+
+	UserAgentFeatureCredentialsCode                 = "e"
+	UserAgentFeatureCredentialsJvmSystemProperties  = "f" // n/a (this is not a JVM sdk)
+	UserAgentFeatureCredentialsEnvVars              = "g"
+	UserAgentFeatureCredentialsEnvVarsStsWebIDToken = "h"
+	UserAgentFeatureCredentialsStsAssumeRole        = "i"
+	UserAgentFeatureCredentialsStsAssumeRoleSaml    = "j" // not yet implemented
+	UserAgentFeatureCredentialsStsAssumeRoleWebID   = "k"
+	UserAgentFeatureCredentialsStsFederationToken   = "l" // not yet implemented
+	UserAgentFeatureCredentialsStsSessionToken      = "m" // not yet implemented
+	UserAgentFeatureCredentialsProfile              = "n"
+	UserAgentFeatureCredentialsProfileSourceProfile = "o"
+	UserAgentFeatureCredentialsProfileNamedProvider = "p"
+	UserAgentFeatureCredentialsProfileStsWebIDToken = "q"
+	UserAgentFeatureCredentialsProfileSso           = "r"
+	UserAgentFeatureCredentialsSso                  = "s"
+	UserAgentFeatureCredentialsProfileSsoLegacy     = "t"
+	UserAgentFeatureCredentialsSsoLegacy            = "u"
+	UserAgentFeatureCredentialsProfileProcess       = "v"
+	UserAgentFeatureCredentialsProcess              = "w"
+	UserAgentFeatureCredentialsBoto2ConfigFile      = "x" // n/a (this is not boto/Python)
+	UserAgentFeatureCredentialsAwsSdkStore          = "y" // n/a (this is used by .NET based sdk)
+	UserAgentFeatureCredentialsHTTP                 = "z"
+	UserAgentFeatureCredentialsIMDS                 = "0"
 )
 
+var credentialSourceToFeature = map[aws.CredentialSource]UserAgentFeature{
+	aws.CredentialSourceCode:                 UserAgentFeatureCredentialsCode,
+	aws.CredentialSourceEnvVars:              UserAgentFeatureCredentialsEnvVars,
+	aws.CredentialSourceEnvVarsSTSWebIDToken: UserAgentFeatureCredentialsEnvVarsStsWebIDToken,
+	aws.CredentialSourceSTSAssumeRole:        UserAgentFeatureCredentialsStsAssumeRole,
+	aws.CredentialSourceSTSAssumeRoleSaml:    UserAgentFeatureCredentialsStsAssumeRoleSaml,
+	aws.CredentialSourceSTSAssumeRoleWebID:   UserAgentFeatureCredentialsStsAssumeRoleWebID,
+	aws.CredentialSourceSTSFederationToken:   UserAgentFeatureCredentialsStsFederationToken,
+	aws.CredentialSourceSTSSessionToken:      UserAgentFeatureCredentialsStsSessionToken,
+	aws.CredentialSourceProfile:              UserAgentFeatureCredentialsProfile,
+	aws.CredentialSourceProfileSourceProfile: UserAgentFeatureCredentialsProfileSourceProfile,
+	aws.CredentialSourceProfileNamedProvider: UserAgentFeatureCredentialsProfileNamedProvider,
+	aws.CredentialSourceProfileSTSWebIDToken: UserAgentFeatureCredentialsProfileStsWebIDToken,
+	aws.CredentialSourceProfileSSO:           UserAgentFeatureCredentialsProfileSso,
+	aws.CredentialSourceSSO:                  UserAgentFeatureCredentialsSso,
+	aws.CredentialSourceProfileSSOLegacy:     UserAgentFeatureCredentialsProfileSsoLegacy,
+	aws.CredentialSourceSSOLegacy:            UserAgentFeatureCredentialsSsoLegacy,
+	aws.CredentialSourceProfileProcess:       UserAgentFeatureCredentialsProfileProcess,
+	aws.CredentialSourceProcess:              UserAgentFeatureCredentialsProcess,
+	aws.CredentialSourceHTTP:                 UserAgentFeatureCredentialsHTTP,
+	aws.CredentialSourceIMDS:                 UserAgentFeatureCredentialsIMDS,
+}
+
 // RequestUserAgent is a build middleware that set the User-Agent for the request.
 type RequestUserAgent struct {
 	sdkAgent, userAgent *smithyhttp.UserAgentBuilder
@@ -252,6 +312,14 @@ func (u *RequestUserAgent) AddSDKAgentKeyValue(keyType SDKAgentKeyType, key, val
 	u.userAgent.AddKeyValue(keyType.string(), strings.Map(rules, key)+"#"+strings.Map(rules, value))
 }
 
+// AddCredentialsSource adds the credential source as a feature on the User-Agent string
+func (u *RequestUserAgent) AddCredentialsSource(source aws.CredentialSource) {
+	x, ok := credentialSourceToFeature[source]
+	if ok {
+		u.AddUserAgentFeature(x)
+	}
+}
+
 // ID the name of the middleware.
 func (u *RequestUserAgent) ID() string {
 	return "UserAgent"

vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/query/array.go

@@ -1,8 +1,8 @@
 package query
 
 import (
-	"fmt"
 	"net/url"
+	"strconv"
 )
 
 // Array represents the encoding of Query lists and sets. A Query array is a
@@ -21,19 +21,8 @@ type Array struct {
 	// keys for each element in the list. For example, an entry might have the
 	// key "ParentStructure.ListName.member.MemberName.1".
 	//
-	// While this is currently represented as a string that gets added to, it
+	// When the array is not flat the prefix will contain the memberName otherwise the memberName is ignored
-	// could also be represented as a stack that only gets condensed into a
-	// string when a finalized key is created. This could potentially reduce
-	// allocations.
 	prefix string
-	// Whether the list is flat or not. A list that is not flat will produce the
-	// following entry to the url.Values for a given entry:
-	//     ListName.MemberName.1=value
-	// A list that is flat will produce the following:
-	//     ListName.1=value
-	flat bool
-	// The location name of the member. In most cases this should be "member".
-	memberName string
 	// Elements are stored in values, so we keep track of the list size here.
 	size int32
 	// Empty lists are encoded as "<prefix>=", if we add a value later we will
@@ -45,11 +34,14 @@ func newArray(values url.Values, prefix string, flat bool, memberName string) *A
 	emptyValue := newValue(values, prefix, flat)
 	emptyValue.String("")
 
+	if !flat {
+		// This uses string concatenation in place of fmt.Sprintf as fmt.Sprintf has a much higher resource overhead
+		prefix = prefix + keySeparator + memberName
+	}
+
 	return &Array{
 		values:     values,
 		prefix:     prefix,
-		flat:       flat,
-		memberName: memberName,
 		emptyValue: emptyValue,
 	}
 }
@@ -63,10 +55,7 @@ func (a *Array) Value() Value {
 
 	// Query lists start a 1, so adjust the size first
 	a.size++
-	prefix := a.prefix
-	if !a.flat {
-		prefix = fmt.Sprintf("%s.%s", prefix, a.memberName)
-	}
 	// Lists can't have flat members
-	return newValue(a.values, fmt.Sprintf("%s.%d", prefix, a.size), false)
+	// This uses string concatenation in place of fmt.Sprintf as fmt.Sprintf has a much higher resource overhead
+	return newValue(a.values, a.prefix+keySeparator+strconv.FormatInt(int64(a.size), 10), false)
 }

vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/query/object.go

@@ -1,9 +1,6 @@
 package query
 
-import (
+import "net/url"
-	"fmt"
-	"net/url"
-)
 
 // Object represents the encoding of Query structures and unions. A Query
 // object is a representation of a mapping of string keys to arbitrary
@@ -56,14 +53,16 @@ func (o *Object) FlatKey(name string) Value {
 
 func (o *Object) key(name string, flatValue bool) Value {
 	if o.prefix != "" {
-		return newValue(o.values, fmt.Sprintf("%s.%s", o.prefix, name), flatValue)
+		// This uses string concatenation in place of fmt.Sprintf as fmt.Sprintf has a much higher resource overhead
+		return newValue(o.values, o.prefix+keySeparator+name, flatValue)
 	}
 	return newValue(o.values, name, flatValue)
 }
 
 func (o *Object) keyWithValues(name string, flatValue bool) Value {
 	if o.prefix != "" {
-		return newAppendValue(o.values, fmt.Sprintf("%s.%s", o.prefix, name), flatValue)
+		// This uses string concatenation in place of fmt.Sprintf as fmt.Sprintf has a much higher resource overhead
+		return newAppendValue(o.values, o.prefix+keySeparator+name, flatValue)
 	}
 	return newAppendValue(o.values, name, flatValue)
 }

vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/query/value.go

@@ -7,6 +7,8 @@ import (
 	"github.com/aws/smithy-go/encoding/httpbinding"
 )
 
+const keySeparator = "."
+
 // Value represents a Query Value type.
 type Value struct {
 	// The query values to add the value to.

vendor/github.com/aws/aws-sdk-go-v2/aws/signer/internal/v4/headers.go

@@ -8,6 +8,7 @@ var IgnoredHeaders = Rules{
 			"User-Agent":        struct{}{},
 			"X-Amzn-Trace-Id":   struct{}{},
 			"Expect":            struct{}{},
+			"Transfer-Encoding": struct{}{},
 		},
 	},
 }

vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partitions.json

@@ -92,6 +92,9 @@
       "me-south-1" : {
         "description" : "Middle East (Bahrain)"
       },
+      "mx-central-1" : {
+        "description" : "Mexico (Central)"
+      },
       "sa-east-1" : {
         "description" : "South America (Sao Paulo)"
       },
@@ -220,7 +223,17 @@
       "supportsFIPS" : true
     },
     "regionRegex" : "^us\\-isof\\-\\w+\\-\\d+$",
-    "regions" : { }
+    "regions" : {
+      "aws-iso-f-global" : {
+        "description" : "AWS ISOF global region"
+      },
+      "us-isof-east-1" : {
+        "description" : "US ISOF EAST"
+      },
+      "us-isof-south-1" : {
+        "description" : "US ISOF SOUTH"
+      }
+    }
   } ],
   "version" : "1.1"
 }

vendor/modules.txt

@@ -12,8 +12,8 @@ github.com/alicebob/gopher-json
 ## explicit
 github.com/alicebob/miniredis
 github.com/alicebob/miniredis/server
-# github.com/aws/aws-sdk-go-v2 v1.33.0
+# github.com/aws/aws-sdk-go-v2 v1.36.3
-## explicit; go 1.21
+## explicit; go 1.22
 github.com/aws/aws-sdk-go-v2/aws
 github.com/aws/aws-sdk-go-v2/aws/defaults
 github.com/aws/aws-sdk-go-v2/aws/middleware