From 7b0cc7b61f507b32be3f61665dbf991684b15486 Mon Sep 17 00:00:00 2001
From: "J. Casalino" <casalino@adobe.com>
Date: Fri, 8 May 2026 15:51:16 -0400
Subject: [PATCH] bump aws-sdk/client-s3 to 3.1045.0
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Resolves critical CVE-2026-25128 (GHSA-37qj-frw5-hhjh) — a RangeError DoS via malformed numeric entities in fast-xml-parser, affecting versions < 5.3.4.
---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index 3465d12..abf767b 100644
--- a/package.json
+++ b/package.json
@@ -32,7 +32,7 @@
     "@adobe/aio-lib-core-config": "^5",
     "@adobe/aio-lib-core-logging": "^3",
     "@adobe/aio-lib-core-tvm": "^4",
-    "@aws-sdk/client-s3": "^3.624.0",
+    "@aws-sdk/client-s3": "^3.1045.0",
     "@smithy/node-http-handler": "^4.0.2",
     "core-js": "^3.25.1",
     "fs-extra": "^11",