Update dependency aws/aws-sdk-php to v3.372.3

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
aws/aws-sdk-php (source)	3.371.3 → 3.372.3

---

Release Notes

aws/aws-sdk-php (aws/aws-sdk-php)

v3.372.3

Compare Source

• Aws\ - Sorts presigned headers alphabetically.
• Aws\Kafka - Add dual stack endpoint to SDK
• Aws\ConnectCases - Added functionality for the Required and Hidden case rule types to be conditionally evaluated on up to 5 conditions.
• Aws\DatabaseMigrationService - Not need to include to any release notes. The only change is to correct LoadTimeout unit from milliseconds to seconds in RedshiftSettings
• Aws\BedrockAgentCoreControl - Adding first class support for AG-UI protocol in AgentCore Runtime.
• Aws\LexModelsV2 - This release introduces a new generative AI feature called Lex Bot Analyzer. This feature leverage AI to analyze the bot configuration against AWS Lex best practices to identify configuration issues and provides recommendations.

v3.372.2

Compare Source

• Aws\Multipart - Fixes bug in AbstractUploadManager where valid falsy values are excluded.
• Aws\OpenSearchService - This change enables cross-account and cross-region access for DataSources. Customers can now define access policies on their datasources to allow other AWS accounts to access and query their data.
• Aws\IAM - Added support for CloudWatch Logs long-term API keys, currently available in Preview
• Aws\Route53GlobalResolver - Adds support for dual stack Global Resolvers and Dictionary-based Domain Generation Firewall Advanced Protection.
• Aws\mgn - Adds support for new storeSnapshotOnLocalZone field in ReplicationConfiguration and updateReplicationConfiguration

v3.372.1

Compare Source

• Aws\SESv2 - Adds support for longer email message header values, increasing the maximum length from 870 to 995 characters for RFC 5322 compliance.
• Aws\BedrockAgentCoreControl - Adds support for streaming memory records in AgentCore Memory
• Aws\AppIntegrationsService - This release adds support for webhooks, allowing customers to create an Event Integration with a webhook source.
• Aws\Deadline - AWS Deadline Cloud now supports cost scale factors for farms, enabling studios to adjust reported costs to reflect their actual rendering economics. Adjusted costs are reflected in Deadline Cloud's Usage Explorer and Budgets.
• Aws\BCMDataExports - Fixed wrong endpoint resolutions in few regions. Added AWS CFN resource schema for BCM Data Exports. Added max value validation for pagination parameter. Fixed ARN format validation for BCM Data Exports resources. Updated size constraints for table properties. Added AccessDeniedException error.
• Aws\Connect - Amazon Connect now supports the ability to programmatically configure and run automated tests for contact center experiences for Chat. Integrate testing into CICD pipelines, run multiple tests at scale, and retrieve results via API to automate validation of chat interactions and workflows.
• Aws\Bedrock - Amazon Bedrock Guardrails account-level enforcement APIs now support lists for model inclusion and exclusion from guardrail enforcement.
• Aws\GameLiftStreams - Added new Gen6 stream classes based on the EC2 G6f instance family. These stream classes provide cost-optimized options for streaming well-optimized or lower-fidelity games on Windows environments.

v3.372.0

Compare Source

• Aws\Api - Adds support for the Smithy RPC V2 CBOR protocol.
• Aws\EC2 - Added metadata field to CapacityAllocation.
• Aws\MPA - Updates to multi-party approval (MPA) service to add support for approval team baseline operations.
• Aws\ConnectHealth - Connect-Health SDK is AWS's unified SDK for the Amazon Connect Health offering. It allows healthcare developers to integrate purpose-built agents - such as patient insights, ambient documentation, and medical coding - into their existing applications, including EHRs, telehealth, and revenue cycle.
• Aws\SageMaker - Adds support for S3 Bucket Ownership validation for SageMaker Managed MLflow.
• Aws\SavingsPlans - Added support for OpenSearch and Neptune Analytics to Database Savings Plans.
• Aws\GuardDuty - Added MALICIOUS FILE to IndicatorType enum in MDC Sequence

v3.371.5

Compare Source

• Aws\ - Fixes how response with empty bodies for non-seekable streams are handled and adds streaming flag automatically based on the operation.
• Aws\QuickSight - Added several new values for Capabilities, increased visual limit per sheet from previous limit to 75, renamed Quick Suite to Quick in several places.
• Aws\OpenSearchService - Adding support for DeploymentStrategyOptions
• Aws\ElasticsearchService - Adds support for DeploymentStrategyOptions.
• Aws\GameLift - Amazon GameLift Servers now offers DDoS protection for Linux-based EC2 and Container Fleets on SDKv5. The player gateway proxy relay network provides traffic validation, per-player rate limiting, and game server IP address obfuscation all with negligible added latency and no additional cost.
• Aws\Connect - Added support for configuring additional email addresses on queues in Amazon Connect. Agents can now select an outbound email address and associate additional email addresses for replying to or initiating emails.
• Aws\ElasticBeanstalk - As part of this release, Beanstalk introduce a new info type - analyze for request environment info and retrieve environment info operations. When customers request an Al analysis, Elastic Beanstalk runs a script on an instance in their environment and returns an analysis of events, health and logs.

v3.371.4

Compare Source

• Aws\ - Add a validation for custom policies to make sure the property Resource has not a non allowed character.
• Aws\PartnerCentralChannel - Adds the Resold Unified Operations support plan and removes the Resold Business support plan in the CreateRelationship and UpdateRelationship APIs
• Aws\SageMaker - This release adds b300 and g7e instance types for SageMaker inference endpoints.
• Aws\DataZone - Adding QueryGraph operation to DataZone SDK
• Aws\CloudWatchLogs - CloudWatch Logs updates- Added support for the PutBearerTokenAuthentication API to enable or disable bearer token authentication on a log group. For more information, see CloudWatch Logs API documentation.
• Aws\BedrockAgentCoreControl - Support for AgentCore Policy GA

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[deepsource-io]

DeepSource Code Review

We reviewed changes in 140c6c7...5b690cd on this pull request. Below is the summary for the review, and you can see the individual issues we found as inline review comments.

See full review on DeepSource ↗

PR Report Card

Overall Grade

Security   Reliability   Complexity   Hygiene

Feedback

• Origin canonicalization collapses scheme/port to host
  • URL-like inputs are reduced to host-only values, letting alternate schemes or ports bypass exact-origin checks; enforce strict Origin parsing (scheme+host+port), reject non-origin formats, or normalize with a vetted origin parser.
• Validation relies on naive string normalization
  • String-based normalization hides structural differences and enables equivalence-based bypasses; parse into structured origin objects and compare exact canonical triples instead of comparing or trimming raw strings.
• Configuration allows ambiguous origin formats
  • Accepting host-only or URL-like entries in allowed_origins creates mismatches between stored and incoming origins; require explicit scheme+host+port in config or canonicalize entries at write-time to remove ambiguity.

Code Review Summary

Analyzer	Status	Updated (UTC)	Details
PHP		Mar 10, 2026 10:57p.m.	Review ↗