Update to version v4.0.3

### Security

- Upgraded langchain-core to `0.3.81` to mitigate [CVE-2025-68664](https://avd.aquasec.com/nvd/2025/cve-2025-68664/)
- Upgraded qs to `6.14.1` to mitigate [CVE-2025-15284](https://avd.aquasec.com/nvd/2025/cve-2025-15284/)

### Changed

- Parallelized execution of chat and custom resource lambda tests in unit test script.

Author: tabdunabi

CHANGELOG.md

@@ -5,6 +5,17 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [4.0.3] - 2025-12-31
+
+### Security
+
+- Upgraded langchain-core to `0.3.81` to mitigate [CVE-2025-68664](https://avd.aquasec.com/nvd/2025/cve-2025-68664/)
+- Upgraded qs to `6.14.1` to mitigate [CVE-2025-15284](https://avd.aquasec.com/nvd/2025/cve-2025-15284/)
+
+### Changed
+
+- Parallelized execution of chat and custom resource lambda tests in unit test script.
+
 ## [4.0.2] - 2025-12-11
 
 ### Security

NOTICE.txt

@@ -953,6 +953,7 @@ diff-sequences under the MIT license.
 dijkstrajs under the MIT license.
 dir-glob under the MIT license.
 dlv under the MIT license.
+docker/library/python under the MIT license.
 doctrine under the Apache-2.0 license.
 docutils under the BSD license.
 dom-accessibility-api under the MIT license.
@@ -1033,6 +1034,7 @@ event-target-shim under the MIT license.
 eventemitter2 under the MIT license.
 events under the MIT license.
 execa under the MIT license.
+execnet under the MIT license.
 executable under the MIT license.
 exit under the MIT license.
 expect under the MIT license.
@@ -1285,7 +1287,7 @@ json-stringify-safe under the ISC license.
 json5 under the MIT license.
 jsonc-parser under the MIT license.
 jsonfile under the MIT license.
-jsonify under the Public Domain license.
+jsonify under the MIT license.
 jsonpatch under the 0BSD license.
 jsonpath-ng under the Apache-2.0 license.
 jsonpath-plus under the MIT license.
@@ -1455,7 +1457,7 @@ normalize-path under the MIT license.
 npm-run-path under the MIT license.
 npmlog under the ISC license.
 nullthrows under the MIT license.
-numpy under the Apache-2.0 license.
+numpy under the BSD-3-Clause license.
 nwsapi under the MIT license.
 ob1 under the MIT license.
 object-assign under the MIT license.
@@ -1549,12 +1551,12 @@ pyasn1 under the BSD-2-Clause license.
 pycparser under the 0BSD license.
 pydantic under the MIT license.
 pydantic-core under the MIT license.
-PyJWT under the MIT license.
-PyJWT under the MIT license.
+pyjwt under the MIT license.
 pytest under the MIT license.
 pytest-asyncio under the Apache-2.0 license.
 pytest-cov under the MIT license.
 pytest-env under the MIT license.
+pytest-xdist under the MIT license.
 python-dateutil under the Dual License license(s).
 pyyaml under the MIT license.
 qrcode under the MIT license.
@@ -1854,7 +1856,7 @@ webidl-conversions under the BSD-2-Clause license.
 webpack under the MIT license.
 webpack-sources under the MIT license.
 weekstart under the MIT license.
-werkzeug under the 0BSD license.
+werkzeug under the BSD-3-Clause license.
 whatwg-encoding under the MIT license.
 whatwg-fetch under the MIT license.
 whatwg-mimetype under the MIT license.

deployment/ecr/gaab-strands-agent/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "gaab-strands-agent"
-version = "4.0.0"
+version = "4.0.3"
 description = "GAAB Strands Agent Runtime for Amazon Bedrock AgentCore"
 readme = "README.md"
 requires-python = ">=3.13"

deployment/ecr/gaab-strands-agent/uv.lock

@@ -37,7 +37,7 @@ setup_uv() {
 	echo "Installing UV for ECR container tests..."
 
 	if command -v pip3 &> /dev/null; then
-		pip3 install uv>=0.5.0
+		pip3 install "uv>=0.5.0"
 
 		# Verify installation
 		if command -v uv &> /dev/null; then
@@ -91,8 +91,13 @@ run_python_lambda_test() {
 	coverage_report_path=$source_dir/test/coverage-reports/$lambda_name.coverage.xml
 	echo "coverage report path set to $coverage_report_path"
 
-	# Use -vv for debugging
-	poetry run pytest -sv -vv --cov --cov-report=term-missing --cov-report "xml:$coverage_report_path"
+	if poetry install --dry-run | grep "pytest-xdist"; then
+		echo "Parallelism supported. Running poetry tests in parallel."
+		poetry run pytest -sv -vv --cov --cov-report=term-missing --cov-report "xml:$coverage_report_path" -n auto
+	else
+		echo "Parallelism not supported. Running poetry tests sequentially."
+		poetry run pytest -sv -vv --cov --cov-report=term-missing --cov-report "xml:$coverage_report_path"
+	fi
 	if [ "$?" = "1" ]; then
 		echo "(source/run-all-tests.sh) ERROR: there is likely output above." 1>&2
 		exit 1

deployment/ecr/gaab-strands-common/uv.lock

@@ -64,7 +64,7 @@
     "@custom-bundler/unit-test": false,
     "solution_id": "SO0276",
     "solution_name": "generative-ai-application-builder-on-aws",
-    "solution_version": "v4.0.2",
+    "solution_version": "v4.0.3",
     "app_registry_name": "GAAB",
     "application_type": "AWS-Solutions",
     "application_trademark_name": "Generative AI Application Builder on AWS",

deployment/ecr/gaab-strands-workflow-agent/uv.lock

@@ -1,6 +1,6 @@
 {
   "name": "@amzn/gen-ai-app-builder-on-aws-infrastructure",
-  "version": "4.0.2",
+  "version": "4.0.3",
   "bin": {
     "infrastructure": "bin/gen-ai-app-builder.js"
   },