Pin moto to latest version 5.0.14

[pyup-bot]

This PR pins moto to the latest release 5.0.14.

Changelog

5.0.14

-----
Docker Digest for 5.0.14: _sha256:5399ffa0daadd1eb6c00250ec64453675f9635d0a210563f43c26b43e0dfd178_

 General:
     * All JSON files in the binary distribution are shipped compressed, significantly reducing the size on disk

 New Services:
     * Shield:
         * create_subscription()
         * describe_subscription()

     * TimestreamQuery:
         * create_scheduled_query()
         * delete_scheduled_query()
         * describe_endpoints()
         * describe_scheduled_query()
         * query()
         * update_scheduled_query()

 New Methods:
     * AppMesh:
         * create_virtual_node()
         * delete_virtual_node()
         * describe_virtual_node()
         * list_virtual_nodes()
         * update_virtual_node()
         * create_virtual_router()
         * delete_virtual_router()
         * describe_virtual_router()
         * list_virtual_routers()
         * update_virtual_router()
         * create_route()
         * delete_route()
         * describe_route()
         * list_routes()
         * update_route()

 Miscellaneous:
     * CloudFormation templates now support the Fn::Base64-function
     * CognitoIDP: Enhanced support for MFA flows/challenges
     * DynamoDB: update_item() now validates empty string sets
     * EC2: describe_snapshots() now supports the kms-key-id filter
     * EC2: run_instances() now supports the parameter Ipv6AddressCount
     * ECS: Tasks can now be created with unknown security groups
     * IAM: generate_credentials_report() now shows active certificates
     * KMS: sign() now supports Alias ARNs
     * Route53: list_resource_record_sets() now validates record names
     * S3: create_bucket() now has additional LocationConstraint-validation
     * S3: delete_objects() now respects BucketPolicy and ObjectLocks
     * S3: head_object() now handles Range-parameter correctly
     * SageMaker: search() now supports the CONTAINS filter
     * Sagemaker Runtime: invoke_endpoint_async() now supports failure responses
     * SNS: Signature of HTTP Messages are now valid
     * SSM: get_maintenance_window() now returns an exception if the window does not exist
     * SQS: delete_message_batch() now validates there's at least one entry

5.0.13

-----
Docker Digest for 5.0.13: _sha256:de97faba597d8f1bfb4dab1c7d562e1997ac5e0ba1186c4392430650b0f6bd4e_

 General:
     * Support for Python 3.13
     * Moto now supports whitelisting which services can be used

 New Services:
     * AppMesh:
         * create_mesh()
         * delete_mesh()
         * describe_mesh()
         * list_meshes()
         * list_tags_for_resource()
         * tag_resource()
         * update_mesh()

     * Transfer:
         * create_server()
         * create_user()
         * delete_server()
         * delete_ssh_public_key()
         * delete_user()
         * describe_server()
         * describe_user()
         * import_ssh_public_key()

 New Methods:
     * Athena:
         * delete_work_group()

     * CodeBuild:
         * batch_get_projects()

     * DynamoDB:
         * delete_resource_policy()
         * get_resource_policy()
         * put_resource_policy()

     * EMR:
         * get_block_public_access_configuration()
         * put_block_public_access_configuration()

     * QLDB:
         * create_ledger()
         * delete_ledger()
         * describe_ledger()
         * list_tags_for_resource()
         * tag_resource()
         * update_ledger()

     * SageMaker:
         * create_data_quality_job_definition()
         * create_model_bias_job_definition()
         * create_model_card()
         * delete_data_quality_job_definition()
         * delete_model_bias_job_definition()
         * delete_model_card()
         * describe_data_quality_job_definition()
         * describe_model_bias_job_definition()
         * describe_model_card()
         * list_data_quality_job_definitions()
         * list_model_bias_job_definitions()
         * list_model_cards()
         * list_model_card_versions()

 Miscellaneous:
     * ACM-PCA: create_certificate_authority() now uses the provided Subject
     * Athena: The default work group now has the correct configuration
     * ApplicationAutoscaling - put_scheduled_action() now allows multiple actions per Namespace/Dimension/Id
     * Autoscaling: update_group() now validates that the Group exists
     * Batch: now supports parameters in Job commands
     * CloudFormation: create_change_set() now validates the provided ChangeSetName
     * CloudFormation: describe_stacks() now returns export names in the Outputs
     * CloudFormation: AWS::Events::Rule's now also creates/deletes Targets 
     * CloudWatch: get_metric_data() now returns everything when querying for Metric Insights Queries
     * CodeBuild: create_project() now supports the parameter description, tags, cache, timeoutInMinutes, queuedTimeoutInMinutes, sourceVersion, logsConfig and vpcConfig
     * CognitoIDP: sign_up() now returns CodeDeliveryDetails
     * DynamoDB: export_table_to_point_in_time() now exports data in correct format
     * DynamoDB: update_item() now validates an empty ExpressionAttributeValues and UpdateExpression
     * DynamoDB: All applicable methods that accept a TableName-parameter now also accept the ARN of the table
     * EC2: describe_security_group_rules() now correctly exposes rules with duplicate port/protocol values
     * EC2: Terminating an instance now also terminates any NIC's
     * EventBridge: create_connection() now creates a KMS Secret
     * EventBridge: Messages are now formatted using the InputTemplate, if provided
     * KMS: describe_key() now exposes the MultiRegionConfiguration-attribute
     * Organizations: create_account() now comes preconfigured with an IAM role
     * RDS: update_db_instance() now supports the CloudwatchLogsExportConfiguration-parameter
     * ResourceGroupsTagging API now supports additional SageMaker resources
       (CompilationJobs, Domains, ModelExplainabilityJobDefinition, ModelQualityJobDefinition, HyperParameterTuningJob)
     * S3: copy_object() now respects the CopySourceIfNoneMatch-parameter
     * SageMaker: search() now supports ModelPackageGroups
     * StepFunctions now has improved JSONPath support
     * StepFunctions now supports MaxItem/MaxItemPath/MaxConcurrencyPath
     * StepFunctions now supports MaxAttempts with value 0

5.0.12

-----
Docker Digest for 5.0.12: _sha256:e1bde8f908f2fdf0878c8e4398561badd016b51b4d9fd8dcb9f4daef936a4427_

 General:
     * The MotoProxy can now be run on Windows

 New Services:
     * DirectConnect:
         * create_connection()
         * delete_connection()
         * describe_connections()
         * update_connection()

     * DynamoDB:
         * describe_export()
         * export_table_to_point_in_time()
         * list_export()

     * NetworkManager:
         * create_device()
         * create_link()
         * create_link()
         * delete_device()
         * delete_link()
         * delete_site()
         * get_devices()
         * get_links()
         * get_sites()
         * list_tags_for_resource()

     * SageMaker:
         * list_endpoints()
         * list_endpoint_configs()
         * create_auto_ml_job_v2()
         * describe_auto_ml_job_v2()
         * list_auto_ml_jobs()
         * stop_auto_ml_job()
         * create_compilation_job()
         * describe_compilation_job()
         * list_compilation_jobs()
         * delete_compilation_job()
         * create_domain()
         * describe_domain()
         * list_domains()
         * delete_domain()
         * create_model_explainability_job_definition()
         * describe_model_explainability_job_definition()
         * list_model_explainability_job_definitions()
         * delete_model_explainability_job_definition()
         * create_hyper_parameter_tuning_job()
         * describe_hyper_parameter_tuning_job()
         * list_hyper_parameter_tuning_jobs()
         * delete_hyper_parameter_tuning_job()
         * create_model_quality_job_definition()
         * describe_model_quality_job_definition()
         * list_model_quality_job_definitions()
         * delete_model_quality_job_definition()

     * Route53:
         * list_tags_for_resource()

 Miscellaneous:
     * ACM: export_certificate() now only allows exporting private certificates
     * ACM: DomainValidationOptions now have SUCCESS-status, fixing the `certificate_validated` waiter
     * Athena: QueryResults are now stored in S3
     * CloudFormation: update_stack() now persists the new parameters provided
     * CloudFormation: update_stack() now understands UsePreviousValue=False
     * CloudFormation: update_stack() now throws an exception when using UsePreviousValue=True and a new parameter value
     * CloudFormation: update_stack() is now able to update resources where only the parameters have changed
     * CloudFormation: AWS::S3::Bucket resources will now create/update Tags
     * CloudFormation: AWS::S3::Bucket resources are no longer recreated for every update
     * CognitoIDP: initiate_auth() now supports USERNAME_PASSWORD_AUTH and SMS/Software Token MFA
     * CognitoIDP: initiate_auth() now returns th email in the ID-token claims
     * DynamoDB: query() now sorts the results correctly when querying GSI data with identical hash keys 
     * EC2: describe_security_group_rules() now enumerates multiple rules correctly
     * EC2: run_instances() can now use $Default or $Latest launch template version
     * Events: list_targets_by_rule() now supports pagination
     * EventBridge Scheduler - get_schedule() now returns the ActionAfterCompletion
     * Firehose: create_delivery_stream() now creates S3 files with the correct filename if no prefix is provided
     * IOT: Certificates hashes can now be computed using the DER encoding, per the AWS spec
            This is an opt-in behaviour, and can be enabled with the following configuration:
            mock_aws(config={"iot": {"use_valid_cert": True}})
     * ResourceGroupsTaggingAPI: tag_resources() now supports SageMaker resources
     * S3: head_object()/get_object() now support the PartNumber-argument
     * S3: put_object() now correctly enforces the BucketPolicy when creating new objects
     * SESv2: send_email() now returns the MessageId

5.0.11

-----
Docker Digest for 5.0.11: _sha256:438f7fbb5fa1dff2cf0887c59466ff78bed5aaca9ea7b5cf54d6a41fc2418e28_

 New Methods:
     * ServiceDiscovery:
         * deregister_instance()
         * discover_instances()
         * discover_instances_revision()
         * get_instance()
         * get_instances_health_status()
         * list_instances()
         * register_instance()
         * update_http_namespace()
         * update_instance_custom_health_status()

 Miscellaneous:
     * DynamoDB: transact_write_items() no longer throws a ValidationException when passing multiple set actions, only when passing multiple set clauses
     * DynamoDB: transact_write_items() no longer throws an Exception when ExpressionAttributeNames are not provided
       (Both bugs were introduced in 5.0.10)

     * IOT-data: update_thing_shadow() now calculates the delta correctly
     * ResourceGroupsTagging: get_resources() now supports EFS resources

5.0.10

-----
Docker Digest for 5.0.10: _sha256:bfb9cd2a437fc7c754b3a6a66b7fb528ec1a53e0c683e8b75514bff81543cf55_

 General:
     * CloudFormation now supports cfn-lint v1, as well as v0

 New Services:

     * FSX:
         * create_file_system()
         * delete_file_system()
         * describe_file_systems()
         * tag_resource()
         * untag_resource()

     * OpenSearch Serverless:
         * batch_get_collection()
         * create_collection()
         * create_security_policy()
         * create_vpc_endpoint()
         * delete_collection()
         * get_security_policy()
         * list_collections()
         * list_security_policies()
         * list_tags_for_resource()
         * tag_resource()
         * untag_resource()
         * update_security_policy()

     * Shield:
         * create_protection()
         * delete_protection()
         * describe_protection()
         * list_protections()
         * list_tags_for_resource()
         * tag_resource()
         * untag_resource()

 New Methods:
     * Sagemaker:
         * create_cluster()
         * delete_cluster()
         * describe_cluster()
         * list_clusters()
         * list_cluster_nodes()

 Miscellaneous:
     * CognitoIDP: admin_list_groups_by_user() now supports pagination
     * DynamoDB: transact_write_items() now validates the number of SET expressions
     * DynamoDB: update_item() now validates unused ExpressionAttributeValues
     * DynamoDB: query() now supports pagination when querying Global Indexes
     * EC2: describe_images() - feat: support filtering images by ExecutableUsers=['self']
     * EC2: describe_route_tables() now supports the filter `route.transit-gateway-id`
     * EC2: update_security_group_rule_descriptions_ingress() now supports updating multiple descriptions
     * EKS: create_nodegroup() now supports the `taints`-parameter
     * ELBv2: add_listener_certificates() now validates when adding too many certificates (> 25)
     * ELBv2: describe_target_health() now handles unknown/deregistered/terminated instances better
     * ResourceGroupsTaggingAPI: get_resources() now supports ResourceType=s3:bucket
     * RDS: Clusters now have the `creating`-status on create, and `available` immediately after - in line with AWS
     * SSM: get_parameter() now supports ARN's for the Name-parameter

5.0.9

-----
Docker Digest for 5.0.9: _sha256:df61e4e76344017f6c82924a3dd1cdd4dcbac4095cf234c6d6fb0a0f800fbeff_

 General:
     * Fixed an InfiniteRecursion-bug when accessing S3-buckets that was introduced in 5.0.8

 New Methods:
     * SSO-Admin:
         * list_accounts_for_provisioned_permission_set()
         * list_instances()
         * list_permission_sets_provisioned_to_account()
         * provision_permission_set()
         * update_instance()

 Miscellaneous:
     * DynamoDB: query() now handles pagination correctly on a GSI without a range key
     * IAM: create_policy() now returns tags correctly
     * S3: list_objects(): The default value for MaxKeys can now be configured, using an environment variable:
       MOTO_S3_DEFAULT_MAX_KEYS=1

5.0.8

-----
Docker Digest for 5.0.8: _sha256:cfcd97074011bd563cdbeebac35ed710581a23cb2be07ab9b67aa00298fc3369_

 General:
     * Improved support for non-generic partitions (China, GovCloud, ISO-regions). 
       All ARN's now contain the correct partition for resources created in those regions.

 New Services:
     * NetworkManager:
         * create_global_network()
         * describe_global_networks()
         * create_core_network()
         * create_global_network()
         * delete_core_network()
         * list_core_networks()
         * get_core_network()
         * tag_resource()
         * untag_resource()

 Miscellaneous:
     * ResilienceHub: list_app_assessments() can now return pre-configured results
     * ResourceGroupTagging: get_resources() now returns results when filtering on "lambda:function"
     * S3: delete_object_tagging()/put_object_tagging() now send an EventBridge notification

5.0.7

-----
Docker Digest for 5.0.7: _sha256:81ac52ff74b0bf0f4957ee4260e6a7e75d66c9e5d040ed4f721a5500b873c88a_

 New Services:
     * Sagemaker Metrics:
         * batch_put_metrics()

 New Methods:
     * DynamoDB:
         * describe_import()
         * import_table()

     * EMR Serverless:
         * cancel_job_run()
         * get_job_run()
         * list_job_runs()
         * start_job_run()

     * IAM:
         * tag_instance_profile()
         * untag_instance_profile()

     * Panorama:
         * create_node_from_template_job()
         * describe_node_from_template_job()
         * list_nodes()

     * SSO-Admin:
         * describe_account_assignment_creation_status()
         * describe_account_assignment_deletion_status()

     * WAFv2:
         * create_ip_set()
         * delete_ip_set()
         * list_ip_sets()
         * get_ip_set()
         * update_ip_set()
         * put_logging_configuration()
         * get_logging_configuration()
         * list_logging_configurations()
         * delete_logging_configuration()

 Miscellaneous:
     * Athena: start_query_execution() now supports the ExecutionParameters-parameter
     * DynamoDB: Tables now support DeleteProtection
     * DynamoDB: update_item() no longer throws an error when deleting an item from an empty set
     * DynamoDB: update_item() no throws an error when adding an empty set
     * EC2: delete_network_acl() now throws an error when the ACL still has associations attached to it
     * EC2: describe_route_tables() now supports the `route.nat-gateway-id` filter
     * EC2: revoke_security_group_ingress/_egress() now throw an error when an unknown Security Group is passed

5.0.6

-----
Docker Digest for 5.0.6: _sha256:da919d3c1db07b378c413ed00a6c1c3e32ce1943a13671658c4db0f55dd49e42_

 New Services:
     * Bedrock:
         * create_model_customization_job()
         * delete_custom_model()
         * delete_model_invocation_logging_configuration()
         * get_custom_model()
         * get_model_customization_job()
         * get_model_invocation_logging_configuration()
         * list_custom_models()
         * list_model_customization_jobs()
         * list_tags_for_resource()
         * put_model_invocation_logging_configuration()
         * stop_model_customization_job()
         * tag_resource()
         * untag_resource()

     * BedrockAgent:
         * create_agent()
         * create_knowledge_base()
         * delete_agent()
         * delete_knowledge_base()
         * get_agent()
         * get_knowledge_base()
         * list_agents()
         * list_knowledge_bases()
         * list_tags_for_resource()
         * tag_resource()
         * untag_resource()

 New Methods:
     * EC2:
         * describe_addresses_attributes()

     * Rekognition:
         * detect_custom_labels()

     * Sagemaker:
         * update_trial_component()

 Miscellaneous:
     * CloudFront: update_distribution() now supports the CacheBehaviours-parameter
     * DynamoDB: query() now acts correctly when paginating GSI tables without range keys
     * EC2: RouteTables can now have multiple propagations
     * EC2: describe_instances() now now filter by product-code and product-code.type
     * EC2: describe_security_group_rules() now validates the format of the incoming security group id's
     * ECS: update_service() now supports the loadBalancers-parameter
     * Logs: describe_metric_filter() now has the correct validation for metricNamespaces
     * IOT: search_index() now supports thingTypeName
     * SFN: send_task_failure()/send_task_success() now work correctly when using the Parser
     * SNS: subscribe() now throws an exception if the endpoint doesn't exist
     * SQS: Improved queue name validation

5.0.5

-----
Docker Digest for 5.0.5: _sha256:b95cf0d65557475f29e7256938028eef352e23acafe8e07c071cd58b67c44708_

 General:
     * DynamoDB: scan() now returns items in a alphabetical order
 
 New Methods:
     * SecretsManager:
         * batch_get_secret_value()

 Miscellaneous:
     * ApplicationAutoscaling: put_scaling_policy() now generates CW alarms for DynamoDB and ECS
     * DynamoDB: Fix pagination for scan()/query()
     * DynamoDB: batch_write_item() now validates for duplicate DELETE or PUT requests
     * Events: put_events() now validates that input-values cannot be empty
     * IOT: create_topic_rule() now validates name-format
     * ResourceGroupsTaggingAPI: tag_resources() now supports RDS snapshots
     * SFN: Fixed a bug where the executionInput was double encoded

5.0.4

-----
Docker Digest for 5.0.4: _sha256:e13e917e563bd1e3bb745b0ce914bdcc3bd4577542e13e1468eac5078774b2aa_

 General:
     * Lambda: The results of a Dockerless invocation can now be configured.
       See http://docs.getmoto.org/en/latest/docs/services/lambda.html

     * StepFunctions can now execute the provided StepFunctionMachine (opt-in), instead of returning static data (still the default).
       See http://docs.getmoto.org/en/latest/docs/services/stepfunctions.html

 New Service:
     * ElastiCache:
         * list_tags_for_resource()

     * ResilienceHub:
         * create_app()
         * create_app_version_app_component()
         * create_app_version_resource()
         * create_resiliency_policy()
         * describe_app()
         * describe_resiliency_policy()
         * import_resources_to_draft_app_version()
         * list_app_assessments()
         * list_app_version_app_components()
         * list_app_version_resources()
         * list_app_versions()
         * list_apps()
         * list_resiliency_policies()
         * list_tags_for_resource()
         * publish_app_version()
         * tag_resource()
         * untag_resource()

     * Workspaces:
         * create_tags()
         * create_workspace_image()
         * create_workspaces()
         * deregister_workspace_directory()
         * describe_client_properties()
         * describe_tags()
         * describe_workspace_directories()
         * describe_workspace_image_permissions()
         * describe_workspace_images()
         * describe_workspaces()
         * modify_client_properties()
         * modify_selfservice_permissions()
         * modify_workspace_creation_properties()
         * register_workspace_directory()
         * update_workspace_image_permission()

 Miscellaneous:
     * APIGateway: update_usage_plan() now supports some remove-operations
     * Autoscaling: describe_auto_scaling_groups() now returns a dynamic CreatedTime
     * CloudFormation: Outputs now support Conditions
     * CloudFormation: Outputs now return Descriptions
     * CognitoIDP: admin_update_user_attributes() and admin_delete_user_attributes now correctly update the UserLastModifiedDate
     * DynamoDB: query() no longer requires the LastEvaluatedKey to exist
     * EC2: describe_vpc_endpoint_services() now supports all services
     * Kinesis: list_streams() now returns StreamSummaries
     * Lambda: get_policy() now throws an error when no statements exist
     * ResourceGroupsTaggingAPI now supports DynamoDB tables
     * ResourceGroupsTaggingAPI now supports SSM documents
     * S3: EventBridge notifications are now supported for ObjectRestore:Post
     * S3: restore_object() now contains limited validation when supplying both Days- and Type-argument
     * S3: select_object_content() now supports Compressed requests and CSV responses
     * SecretsManager: list_secrets() now handles negative matches correctly
     * SNS: delete_endpoint() is now an idempotent operation, just like AWS

5.0.3

-----
Docker Digest for 5.0.3: _sha256:032d8ead42f289d9700e9bc844c6d264575ad11b3f6c22cc76d65ff638c8c7bd_

 General:
     * New configuration options for:
       - Passing URL's through the proxy
       - Configuring DOcker-less services in ServerMode
       See http://docs.getmoto.org/en/latest/docs/configuration/index.html

 New Services:
     * Route53Domains:
         * delete_domain()
         * list_domains()
         * list_operations()
         * register_domain()
         * update_domain_nameservers()

 New Methods:
     * CostExplorer:
         * get_cost_and_usage()

     * ECR:
         * get_registry_scanning_configuration()

 Miscellaneous:
     * ApiGateway: update_usage_plan() now supports adding apiStages
     * Athena: get_query_execution() now returns exact OutputLocation file
     * Autoscaling: describe_auto_scaling_groups() now supports the filters-argument
     * CloudFront: create_distribution() now supports CustomHeaders
     * CloudFront: update_distribution() now handles updates to DistributionConfig correctly
     * CloudFormation - Now supports creation and deletion of AWS::EMR::Cluster
     * CloudFormation - Now supports creation and deletion of AWS::EMR::SecurityConfiguration
     * CloudFormation - Now supports creation and deletion of AWS::EFS::AccessPoint
     * CloudFormation - Now supports creation and deletion of AWS::EFS::FileSystem
     * CloudFormation - Now supports creation and deletion of AWS::EMR::InstanceGroupConfig
     * CloudFormation - Now supports deletion of AWS::Logs::LogGroup
     * CloudFormation: delete_stack() now handles resource dependencies better
     * CloudWatch: put_metric_data() now supports large (compressed) requests
     * CognitoIDP: admin_initiate_auth() and respond_to_auth_challenge() now support SMS_MFA
     * DynamoDB: transact_write_items() now raises ValidationException when putting and deleting the same item
     * EC2: authorize_security_group_egress/_ingress now support the TagSpecifications-argument
     * EC2: describe_security_group_rules() now supports Tag-filters
     * S3: EventBridge notifications are now supported for ObjectCreated:POST/COPY/MULTIPART_UPLOAD and ObjectDeleted
     * SNS: subscribe() now adds support the `$or`, `equals-ignore-case` and `suffix` features in a FilterPolicy 
     * SQS: send_message() should respect DelaySeconds of 0

5.0.2

-----
Docker Digest for 5.0.2: _sha256:89cc6c764d714bf76e592a61f0c06fd142f672085e1dd3a53eb734aaeb4e14e2_

 General:
     * Removed the `python-jose` and `sshpubkeys` dependencies in favor of `joserfc`. This removes a transitive dependency on `ecdsa`, which contains a open security vulnerability

 New Methods:
     * Autoscaling:
         * batch_put_scheduled_update_group_action()
         * batch_delete_scheduled_action()

     * RDS:
         * create_db_proxy()
         * describe_db_proxies()

 Miscellaneous:
     * AWSLambda: The ImageConfig.EntryPoint of a function is now used when invoking it in a Docker container
     * CognitoIDP now allows public actions even if IAM auth is enabled
     * DynamoDB: create_table() now validates the number of KeySchema-items
     * EC2: modify_image_attributes() now supports all LaunchPermissions
     * ECS: register_task_definition() now has improved validation around `memory`-parameters
     * Glue: create_database() now supports the `tags`-parameter
     * IAM: assume_user()/create_user()/get_caller_identity() now return the correct partition for China (aws-cn) when called from a Chinese region
     * ResourceGroupsTagging: get_resources() now supports ELB resources
     * Route53: list_hosted_zones() now supports pagination
     * S3: put_bucket_notification_configuration() now supports EventBridge-notifications
     * SES now returns errors in the correct format

5.0.1

-----
Docker Digest for 5.0.1: _sha256:b6004b2e112c0ba870b2103049548abecec476edeac7a724ed9c71249358e821_

 New Methods:
     * SecretsManager:
         * remove_regions_from_replication()
         * replicate_secret_to_regions()

 Miscellaneous:
     * AWSLambda: create_event_source_mapping() now supports Kinesis streams as targets
     * CloudFront: Removed error handling for InvalidOriginServer, as our validation was too strict
     * DynamoDB: batch_execute_statement() now supports for Update/Insert/Delete-statements
     * DynamoDB: query() now correctly handles calls where both Limit and ScanIndexForward are supplied
     * EC2: Now supports availability zones for eu-central-2 (Zurich)
     * S3: list_objects_v2() can now return more then 1000 results max (again)
     * S3: copy_object() now allows in-place copies when bucket versioning is enabled
     * SecretsManager: create_secrets() now supports the parameters AddReplicaRegions and ForceOverwriteReplicaSecret
     * SecretsManager: list_secrets() now supports the filters primary-region and owning-service

5.0.0

-----
Docker Digest for 5.0.0: _sha256:2faf2460a6446dfe472ac0d799e00341b1c84203d08540c247a6cc09be7c54e9_

 General:
     * All decorators have been replaced with a single decorator:
       `mock_aws`

     * The `mock_batch_simple` and `mock_lambda_simple` decorators can now be configured using the `config`-parameter:
       `mock_aws(config={"batch": {"use_docker": False}, "lambda": {"use_docker": False}})`

     * It is now possible to configure methods/services which should reach out to AWS.
       mock_aws(
           config={"core": {"mock_credentials": False, "passthrough": {"urls": [], "services": []}}}
       )

     * All requests now return a RequestId

 Miscellaneous:

     * IAM: The AWS managed Policies are no longer loaded by default.
       If your application depends on these policies, tell Moto explicitly to load them like so:

       mock_aws(config={"iam": {"load_aws_managed_policies": True}})

       Or by setting an environment variable:
       MOTO_IAM_LOAD_MANAGED_POLICIES=true

     * S3: list_objects() now returns a hashed ContinuationToken

5.0.0alpha3

-----------

 Miscellaneous:
     * IAM: The AWS managed Policies are no longer loaded by default.
       If your application depends on these policies, tell Moto explicitly to load them like so:

       mock_aws(config={"iam": {"load_aws_managed_policies": True}})

       Or by setting an environment variable:
       MOTO_IAM_LOAD_MANAGED_POLICIES=true

5.0.0alpha2

------------

 General:
     * It is now possible to configure methods/services which should reach out to AWS.
       mock_aws(
           config={"core": {"mock_credentials": False, "passthrough": {"urls": [], "services": []}}}
       )
     * All requests now return a RequestId

 Miscellaneous:
     * S3: list_objects() now returns a hashed ContinuationToken

5.0.0alpha1

------------

 General:
     * All decorators have been replaced with a single decorator:
       `mock_aws`
     * The `mock_batch_simple` and `mock_lambda_simple` decorators can now be configured using the `config`-parameter:
       `mock_aws(config={"batch": {"use_docker": False}, "lambda": {"use_docker": False}})`

4.2.14

-----
Docker Digest for 4.2.14: _sha256:2fa10aa48e32f85c63c62a7d437b8a4b320a56a8494bc25d45ced370bc159c23_

 New Services:
     * Backup:
         * create_backup_plan()
         * create_backup_vault()
         * get_backup_plan()
         * describe_backup_vault()
         * delete_backup_plan()
         * list_backup_plans()
         * list_backup_vaults()
         * list_tags()
         * tag_resource()
         * untag_resource()

 New Methods:
     * RDS:
         * describe_db_cluster_snapshot_attributes()
         * describe_db_snapshot_attributes()
         * modify_db_cluster_snapshot_attribute()
         * modify_db_snapshot_attribute()
         * restore_db_instance_to_point_in_time()

     * SageMaker:
         * create_feature_group()

     * SageMakerRuntime:
         * invoke_endpoint_async()

 Miscellaneous:
     * Cognito: The ID-token now contains custom attributes
     * DynamoDB: query() now returns the correct ScannedCount
     * EC2: Security Group Rules now have tag support 
     * LakeFormation: grant_permissions() now has better support for known principal-resource pairs
     * SNS: set_subscription_attributes() can now unset the FilterPolicy

4.2.13

-----
Docker Digest for 4.2.13: _sha256:20a2fdd4828b0ce1170ae26186ed28b64523cf6af83af892a74d9b3e23f84471_

 New Services:
     * Panorama:
         * delete_device()
         * describe_device()
         * list_devices()
         * provision_device()
         * update_device_metadata()

 New Methods:
     * CognitoIDP:
         * admin_respond_to_auth_challenge()

     * IdentityStore:
         *  list_group_memberships_for_member()

     * Rekognition:
         * compare_faces()
         * detect_labels()
         * detect_text()

     * SSO-Admin:
         * attach_customer_managed_policy_reference_to_permission_set()
         * attach_managed_policy_to_permission_set()
         * delete_inline_policy_from_permission_set()
         * detach_customer_managed_policy_reference_from_permission_set()
         * detach_managed_policy_from_permission_set()
         * get_inline_policy_for_permission_set()
         * list_account_assignments_for_principal()
         * list_customer_managed_policy_references_in_permission_set()
         * list_managed_policies_in_permission_set()
         * put_inline_policy_to_permission_set()

     * Textract:
         * detect_document_text()

 Miscellaneous:
     * ACM: describe_certificate() now returns a DomainValidationOption for each SN
     * CloudFormation: create_change_set() now longer throws an exception when supplying a YAML TemplateBody
     * CognitoIDP: create_resource_server() no longer crashes when the scope-parameter is not provided
     * DynamoDB: scan() now correctly handles the ScanFilter-attribute again (broken in 4.2.11)
     * EC2: launch templates created by CloudFormation now have a generated name if not provided
     * EC2: describe_instance_types() now handles unknown values for EnaSupport correctly
     * Sagemaker: create_model_package() nown supports Versioned packages
     * Scheduler: delete_scheduler() now throws the correct exception when a Schedule does not exist
     * SSO-Admin: list_account_assignments() now supports pagination

4.2.12

------

 Miscellaneous:
     * AWSLambda: list_functions() now returns a default PackageType (ZIP) if not specified
     * CloudFormation: AWS::EC2::LaunchTemplate resources now support Fn::GetAtt operations
     * CognitoIDP: admin_initiate_auth() now correctly returns a Challenge when 2FA is enabled
     * DynamoDB: execute_statement() now supports INSERT/UPDATE/DELETE queries
     * EC2: describe_availability_zones() now supports the ZoneNames/ZoneIds-parameters
     * KMS: encrypt() now validates payloads that are too large
     * ResourceGroupTaggingAPI: get_resources() now supports SQS queues
     * Route53: list_hosted_zone()/list_hosted_zones_by_name() now return the CallerReference
     * S3: copy() now respects the ExtraArgs-parameter when using MultiPart uploads
     * S3: list_object_versions() now supports pagination
     * S3: put_object_tagging() now validates the number of tags provided

4.2.11

-----
Docker Digest for 4.2.11: _sha256:f2a24d8a3440bf397705e461b33a032bbb6d3511cd9c643e71419dd962b3384e_

 New Methods:
     * Lambda:
         * DeleteFunctionEventInvokeConfig()
         * GetFunctionEventInvokeConfig()
         * ListFunctionEventInvokeConfigs()
         * PutFunctionEventInvokeConfig()
         * UpdateFunctionEventInvokeConfig()

     * Logs:
         * describe_export_tasks()

 Miscellaneous:
     * DynamoDB: put_item() now returns old item for ConditionalCheckFailed exceptions
     * DynamoDB: scan() now returns the correct ScannedCount when passing the Limit-parameter
     * DynamoDB: transact_write_items() now validates that Keys in Update-queries are not empty
     * IOT: create_thing()/describe_thing() now returns the thingId
     * Logs: create_export_task() now actually exports the data to S3
     * ResourceGroupsTaggingAPI: get_resources() now supports ACM certificates

4.2.10

-----
Docker Digest for 4.2.10: _sha256:f72acd62b994654d01bdec6f5cc779f4ab30083b441e2fb7eff0c13e0bbfdca7_

 New Methods:
     * CognitoIdentity: list_identity_pools()

 Miscellaneous:
     * Autoscaling: describe_tags() now supports the key/value filters
     * CloudFormation: AWS::Logs::LogGroup now supports tags
     * CloudWatch: get_metric_data() no longer throws an error when supplying >10 queries
     * CognitoIdentity: get_credentials_for_identity() now returns Expiration as a number, fixing compatibility with the GoLang SDK
     * EFS: describe_access_points() now supports the FileSystemId-parameter
     * LakeFormation: list_permissions() now supports the DataLocation-parameter
     * LakeFormation: register_resource() now throws an exception when registering an existing resource
     * SQS: Ensure all responses are in JSON-format when required, fixing compatibility with the Ruby SDK

4.2.9

-----
Docker Digest for 4.2.9: _sha256:4e9d89322b5ca9196fa7efda78b1269580be7aa6879894950e2728edc946573f_

 General:
     * Fix compatibility with botocore 1.32.1

 Miscellaneous:
     * ECS: Tagging is now supported for Tasks
     * LakeFormation: deregister_resource() now throws the correct error for unknown resources
     * LakeFormation: list_permissions() now supports Parameters
     * RDS: create_db_instance() now validates the engine parameter
     * Transcribe: TranscriptionJobs now support the Subtitles-parameter

4.2.8

-----
Docker Digest for 4.2.8: _sha256:937315c79dedcc86506fc22a60502fd73d0e6f3a6f3e5fc614dd3164740e1191_

 General:
     * Support for Python 3.12
     * Support for a Simple Lambda backend, that will mock functions without invoking a Docker container.
       Use the decorator `mock_lambda_simple` for this feature.

 New Methods:
     * IdentityStore:
         * describe_group()

     * Signer:
         * list_tags_by_resource()
         * tag_resource()
         * untag_resource()

 Miscellaneous:
     * DynamoDB: create_table() now throws an error when supplying an unknown KeyType
     * DynamoDB: query() now throws an error when supplying a ExpressionAttributeValue that doesn't start with a ':'
     * EC2: describe_hosts() now returns the AllocationTime-attribute
     * ECS: register_task_definition() now throws an exception if the ContainerDefinition has missing keys
     * ECR: describe_images() now returns the supplied imageDigest-values, instead of random values
     * EFS: AccessPoints now have the correct identifier format
     * Lambda: Various methods now support the FunctionName in the format 'name:qualifier'
     * MQ: create_configuration() is now possible for engine-type 'RABBITMQ'
     * RDS: create_db_cluster() now throws an error if the provided engine is not supported
     * RDS: create_db_instance() now throws an error if the provided engine does not match the cluster engine
     * RDS: delete_db_cluster() now throws an error if any instances are still active
     * SageMaker: list_model_packages() and list_model_package_groups() no longer throw an error on pagination

4.2.7

-----
Docker Digest for 4.2.7: _sha256:9149597856f5ce195ef451df1a1b96aa8db0692c4b8ed1f7952fc02952733103_

 New Services:
     * Inspector2:
         * associate_member()
         * batch_get_account_status()
         * create_filter()
         * delete_filter()
         * describe_organization_configuration()
         * disable()
         * disable_delegated_admin_account()
         * disassociate_member()
         * enable()
         * enable_delegated_admin_account()
         * get_member()
         * list_delegated_admin_accounts()
         * list_filters()
         * list_findings()
         * list_members()
         * list_tags_for_resource()
         * tag_resource()
         * untag_resource()
         * update_organization_configuration()

 New Methods:
     * ECR:
         * batch_get_repository_scanning_configuration()
         * put_registry_scanning_configuration()

 Miscellaneous:
     * Batch: submit_job() now returns the jobArn-attribute
     * DynamoDB: execute_statement() has now support for nested WHERE-clauses with functions
     * DynamoDB: update_item() now returns item for ConditionalCheckFailed-exceptions
     * EC2: create_key_pair() and describe_key_pair(s)() now support tags
     * Route53: get_hosted_zone() now returns the CallerReference
     * S3: get_object/put_object() now accepts AccessPoint ARN's
     * S3Control: create_access_point() now returns the correct Alias
     * SES: list_identities() now supports the IdentityType-parameter
     * SNS: create_platform_application has improved error handling

4.2.6

-----
Docker Digest for 4.2.6: _sha256:ad3265531405fd48489ddee7e1fa7301b4d0f46b55daca7ba5039e73eaf70ac1_

 New Services:
     * IVS:
         * batch_get_channel()
         * create_channel()
         * delete_channel()
         * get_channel()
         * list_channels()
         * update_channel()

 New Methods:
     * LakeFormation:
         * add_lf_tags_to_resource()
         * get_resource_lf_tags()
         * remove_lf_tags_from_resource()
         * update_lf_tag()

     * Sagemaker:
         * describe_model_package_group()
         * update_model_package()

 Miscellaneous:
     * Batch: submit_job() now behaves correctly when passing the arrayProperties-parameter
     * DynamoDB: Improved PartiQL parser, with support for different types (Decimals/Booleans) and queries with quoted table-names
     * EC2: TagSpecifications now throw an error if the ResourceType is not provided
     * EC2: run_instances()/describe_instances() now always return the same attributes (before, both operations were missing different fields)
     * EC2: associate_dhcp_options() now supports DhcpOptionsId=default
     * EC2: create_key_pair() now supports the KeyType-parameter
     * EC2: run_instances() now returns the Placement.HostId attribute
     * ELBv2: modify_target_group_attributes() now has additional validations
     * Events: put_events() now throws a warning when Detail field is not a dict
     * IOT: update_thing() now behaves correctly with empty attributes
     * S3: head_object() now raises a MethodNotAllowed for DeleteMarkers

4.2.5

-----
Docker Digest for 4.2.5: _sha256:076cecca9b8ba35b545d23eb5bf780902fbf23eb3610f332eef7adea1f4d2ef7_

 General:
     * Introducing: MotoProxy! An alternative to the MotoServer.
       See the docs: http://docs.getmoto.org/en/latest/docs/proxy_mode.html

 New Methods:
     * Sagemaker:
         * list_model_package_groups()

 Miscellaneous:
     * CognitoIDP: update_user_pool() no longer overrides default settings
     * CognitoIDP: set_user_mfa_preference() now allows the settings to be cleared
     * EC2: Transit Gateway Peering Attachments are now supported across accounts
     * EC2: delete_fleets() now sets the correct status
     * ECS: The Task-statuses now automatically advance
     * Glue: get_databases/get_tables() now return the CatalogId
     * IAM: list_groups() now returns the CreateDate-attribute
     * Redshift: describe_clusters() now returns the TotalStorageCapacityInMegabytes
     * SES: Templates now support if/else constructs

4.2.4

-----
Docker Digest for 4.2.4: _sha256:4cdda5b0245a28ae2ebf5f1d5d93425226fe00ace65819a9fa02c8aa77a7e0b6_

 New Methods:
     * OpenSearch:
         * list_domain_names()

 Miscellaneous:
     * DynamoDB: Fixed a bug where binary data could not be queried (introduced in 4.2.3)
     * EC2: VPC Peering Connections are now supported across accounts
     * ECS: register_task_definition() now validates the PidMode has the correct value
     * S3: put_bucket_notification_configuration() now supports SNS Topic targets

4.2.3

-----
Docker Digest for 4.2.3: <autopopulateddigest>

 New Services:
     * RoboMaker:
         * create_robot_application()
         * delete_robot_application()
         * describe_robot_application()
         * list_robot_applications()

 New Methods:
     * ElasticBeanstalk:
         * delete_application()

     * Events:
         * create_partner_event_source()
         * delete_partner_event_source()
         * describe_event_source()
         * describe_partner_event_source()
         * put_partner_events()

 Miscellaneous:
     * Core: The mocked ACCESS_KEY has been changed from `foobar_key` to `FOOBARKEY`, to align with AWS guidelines
     * Core: set_initial_no_auth_action_count() now supports SSM actions
     * Core: Fixed a memory leak when comparing requests (introduced in 4.1.13)
     * Athena: get_query_execution() now returns a StatementType dependent on the provided query
     * DynamoDB: query() now throws an exception when the KeyConditionExpression contains a literal value
     * EBS: put_snapshot_block() now supports random bytes
     * EC2: describe_transit_gateways() now supports filtering by tags
     * ELBv2: describe_target_groups() now throws an exception for invalid input parameters
     * ELBv2: describe_target_groups() now sorts the result before returning it
     * ELBv2: create_target_group() now has improved validation and default values
     * ELBv2: create_rule() now creates links between the TargetGroups and LoadBalancers
     * Events: put_events() now support HTTP targets
     * IAM policy validation now takes the provided Resource-argument into account when validating access to STS-resources
     * IAM: get_role() now returns the LastUsed-parameter, provided the role was assumed and used
     * KMS: sign/verify now uses the original message when signing, not the base64-version
     * Lambda: invoke() now loads any Layers provided in the create_function()
     * S3: put_bucket_logging() now supports bucket policies (as well as ACP's)
     * S3: Range requests are now more permissive (following AWS' behaviour)
     * SFN: list_executions() now returns the StopDate-attribute

4.2.2

------
Docker Digest for 4.2.2: <autopopulateddigest>

 See 4.2.1 - no functional changes.

4.2.1

------
Docker Digest for 4.2.1: <autopopulateddigest>

 New Services:
     * Sagemaker Runtime:
         * invoke_endpoint()

 New Methods:
     * CognitoIDP:
         * describe_resource_server()
         * list_resource_servers()

     * CognitoIDP:
         * create_cache_cluster()
         * delete_cache_cluster()
         * describe_cache_clusters()

     * IdentityStore:
         * list_users()

     * Logs:
         * describe_query_results()
         * get_query_results()
         * list_tags_for_resource()
         * tag_resource()
         * untag_resource()

     * Sagemaker:
         * list_notebook_instances()

 Miscellaneous:
     * EC2: describe_transit_gateways() now returns the ARN
     * IAM policies now allow S3 accesspoint arns
     * KMS: sign() now supports RSASSA_PSS_SHA_384, RSASSA_PSS_SHA_512 and RSASSA_PKCS1_* algorithms
     * Logs: Now supports two subscription filters
     * RDS: Clusters now support the ServerlessV2ScalingConfiguration parameter
     * ResourceGroupsTaggingAPI: tag_resource() now supports RDS resources
     * S3: CrossAccount access can now be disabled, using MOTO_S3_ALLOW_CROSSACCOUNT_ACCESS=false
     * SecretsManager: Allow creation/update of secrets without values
     * SES: set_identity_mail_from_domain() - the Identity can now also be an email

4.2.0

------
Docker Digest for 4.2.0: _sha256:92e59875783037b2558067d2d3f9dd2502c140881ff5c44c44ddbce6658a89b7_

 General:
     The Docker image is now based on Python 3.11 (instead of 3.7)

4.1.15

------
Docker Digest for 4.1.15: _sha256:eb63b1e0cbbd757e4596844e6ac1865660cbf8e358203b79e5404d57de94dd69_

 New Services:
     * APIGateway Management API:
         * delete_connection()
         * get_connection()
         * post_to_connection()

 New Methods:
     * Autoscaling:
         * delete_warm_pool()
         * describe_warm_pool()
         * put_warm_pool()

     * IdentityStore:
         * list_groups()

     * IOTData:
         * list_named_shadows_for_thing()

     * MQ:
         * list_tags()

     * ServiceDiscovery:
         * update_private_dns_namespace()
         * update_public_dns_namespace()

 Miscellaneous:
     * ACM-PCA: create_certificate_authority() now supports the KeyStorageSecurityStandard-parameter
     * Batch: create_job_definition() now returns more default fields in the containerProperties field
     * CloudTrail: get_trail_status now works with MultiRegion trails
     * CognitoIDP: UserPools now return the AccountRecoverySetting-field by default
     * DynamoDB: query() now throws an exception when providing empty ProjectionExpressions/FilterExpressions
     * EC2: describe_vpc_endpoint_services() now returns user-defined ones
     * EC2: run_instances() now supports the Monitoring-attribute
     * IOT: group names can now contain special characters
     * IOTData now supports named shadows
     * KMS: create_key() now supports KeySpecs RSA_3072 and RSA_4096
     * KMS: create_key() now validates the provided KeySpec
     * Lambda: create_function() now fails when creating a function with a name that already exists
     * Lambda: put_function_concurrency() now errors on a quota that exceeds the value set by MOTO_LAMBDA_CONCURRENCY_QUOTA
     * Lambda: update_function_code() now supports the ImageUri-attribute
     * RDS: describe_db_cluster_snapshots() now returns the TagList-property
     * ResourceTaggingsAPI: Now supports Glue resources
     * S3: Authentication now allows specific resources in the IAM access policy 
     * S3: select_object_content() now takes RecordDelimiter into account
     * Scheduler: create_scheduler() now errors on duplicate names
     * TimestreamWrite: create_table() now supports the Schema-attribute

4.1.14

------
Docker Digest for 4.1.14: _sha256:4cc82c0803c6b578d5c4146a8e38ff0387dec565483cfaa63eb238cb867e97e6_

 New Methods:
     * SageMaker:
         * create_model_package()
         * create_model_package_group()
         * describe_model_package()
         * list_model_packages()

 Miscellaneous:
     * CloudFormation: describe_stack_instances() now returns the StackInstanceStatus-attribute
     * CloudFront: update_distribution() now supports the DefaultRootObject-parameter
     * CloudWatch: get_metric_data() now support (simple) Expressions
     * CognitoIDP: initiate_auth() and admin_initiate_auth() now throw a NotAuthorizedError for disabled users
     * EC2 VPC's: Add CloudFront, Ground Station and Lattice prefix lists
     * IOT: search_index() now returns the connectivity-attribute
     * Organizations: Introduce more trusted service principals
     * RDS: create_db_cluster() now supports the VpcSecurityGroupIds-parameter
     * S3: Optional support for CRC32C checksums
     * SNS: publish_batch() now sends the required `MessageDeduplicationId` for FIFO queues
     * SQS: send_message_batch() now only throws a `BatchRequestTooLong` if the sum of all messages exceed the limit

4.1.13

------
Docker Digest for 4.1.13: _sha256:ec471bcfbf66def946466398f002e8edfbb667bde7b1d8033aedbdd4453fbb8e_

 General:
     * The ISO-regions introduced in 4.1.12 are now locked behind an environment variable: `MOTO_ENABLE_ISO_REGIONS`
     * General performance improvements in the URL matching logic - especially `mock_all` users should notice improvements

 New Methods:
     * APIGatewayV2:
         * create_stage()
         * delete_stage()
         * get_stage()
         * get_stages()

     * CloudFront:
         * create_origin_access_control()
         * delete_origin_access_control()
         * get_origin_access_control()
         * list_origin_access_controls()
         * update_origin_access_control()

     * Lambda:
         * list_aliases()

     * Logs:
         * delete_destination()
         * describe_destinations()
         * get_destination()
         * put_destination()
         * put_destination_policy()

     * Route53:
         * get_health_check_status()

     * SSM:
         * deregister_task_from_maintenance_window()
         * describe_maintenance_window_tasks()
         * register_task_with_maintenance_window()

 Miscellaneous:
     * Batch: create_compute_environment() now validates instanceRole and minvCpu
     * CloudFront: create_distribution() now correctly handles a single alias
     * CloudFront - CustomOrigins now have default timeouts if not supplied
     * DynamoDB: delete_item() now throws the correct error when the table is not found
     * EC2: describe_security_group_rules() now returns the GroupId
     * ECR: create_repository() now validates the repositoryName-parameter
     * Lambda: create_function() now returns the ImageConfigResponse and EphemeralStorage parameters
     * IOTData: publish() can now handle non-Unicode bytes
     * RDS: Automated snapshots now have the appropriate SnapshotType
     * Route53: create_hosted_zone() now returns the Location
     * Scheduler: get_schedule() now returns the CreationDate and LastModificationDate
     * SecretsManager: delete_secret() now throws an error when setting the Recovery to 0 days
     * StepFunctions: start_execution() now validates the name-length

4.1.12

------
Docker Digest for 4.1.12: _sha256:38e34a1ee4042fd52f15703c2e750780fe0fd809b2745fd263b2d1de33566590_

 General:
     * Support for ISO regions
     * The official Docker image now comes with curl pre-installed

 New Services:
     * AppConfig:
         * create_application()
         * create_configuration_profile()
         * create_hosted_configuration_version()
         * delete_application()
         * delete_configuration_profile()
         * delete_hosted_configuration_version()
         * get_application()
         * get_configuration_profile()
         * get_hosted_configuration_version()
         * list_configuration_profiles()
         * list_tags_for_resource()
         * tag_resource()
         * untag_resource()
         * update_application()
         * update_configuration_profile()

 New Methods:
     * IdentityStore:
         * create_user()
         * describe_user()
         * delete_user()
         * get_group_id()
         * delete_group()
         * create_group_membership()
         * get_group_memberships()
         * delete_group_membership()

     * SSM:
         * create_patch_baseline()
         * describe_patch_baselines()
         * delete_patch_baseline()
         * register_target_with_maintenance_window()
         * describe_maintenance_window_targets()
         * deregister_target_from_maintenance_window()


 Miscellaneous:
     * Moto Dashboard no longer fails to load after an S3 file is overwritten
     * CloudFormation: AWS:SSM::Parameter now exposes the PhysicalResourceId
     * CloudFront: create_invalidation() now behaves correctly when supplying a single Path
     * CloudWatch: get_metrics_data() now validates the provided start/end times
     * CodeBuild: create_project() now accepts all ServiceRole ARN's, not just ARN's that end in /service-role/
     * Config: put_configuration_recorder() now supports resource type exclusions
     * DMS: describe_replication_tasks() now returns TableMappings and ReplicationTaskSettings in the correct format
     * DynamoDB now supports ProjectionExpressions on (nested) lists
     * EC2: New availability zones have been added for ap-south-1, sa-east-1, ca-central-1, us-west-2
     * EC2: create_flow_logs() now allows different LogDestinations for a single ResourceId
     * EC2: replace_route() now returns the appropriate error when called with missing route
     * EC2: create_volume() now supports the Throughput-parameter
     * ECR: put_image() now correctly overwrites tags on images with multiple tags
     * IAM: add_role_to_instance_profile() now validates whether a role was already attached (only one is allowed)
     * Lambda: delete_layer_version() now also accepts function ARNs
     * MediaConnect: create_flow_payload() no longer requires the Entitlements-parameter
     * RDS: Further improve Global Cluster behaviour
     * S3: GET/PUT requests now return Access-Control headers, if a CORS configuration has been set
     * S3: put_bucket_lifecycle_configuration() now supports multiple Transitions
     * SESv2: create_contact_list() now correctly reads Topics with special characters
     * SESv2: send_email() now correctly reads raw emails

4.1.11

------
Docker Digest for 4.1.11: _sha256:0ac1ec726e428bd3134c10c32639d72f814bbe002b9d2010420850aab8bc2550_

 New Methods:

     * AppSync:
         * get_introspection_schema()

     * Comprehend:
         * detect_key_phrases()
         * detect_pii_entities()
         * detect_sentiment()

 Miscellaneous:
     * EC2: describe_key_pairs() now returns the CreateTime-attribute
     * EC2: describe_spot_fleet_requests() now returns the Tags-attribute
     * ECR: put_image(): now behaves correctly on duplicate images with duplicate tags
     * Organizations: create_policy() now supports the Tags-parameter
     * RDS: creation times of all objects are now in UTC
     * Redshift: creation times of all objects are now in UTC
     * S3: Bucket names are now global, meaning they have to be unique across accounts
     * S3: select_object_content() now supports None-values
     * S3: select_object_content() now supports nested FROM-clauses (from x.y as xy)
     * SecretsManager - update_secret() now supports the Description-parameter
     * SNS now returns the correct error message for non-existing topics
     * SNS: Topics are no longer accessible across regions (only across accounts)
     * SNS: delete_topic() is now idempotent and no longer throws an error for non-existent topics
     * SQS: Requests and responses in JSON-format are now supported
     * SSM: MaintenanceWindows now have tagging support

4.1.10

------
Docker Digest for 4.1.10: _sha256:095d1dfadc71b4c68f05240129a32acf6dd7ba722c78afd4f01d8c7c3af0ebb4_

 New Services:
     * Glue:
         * create_session()
         * delete_session()
         * get_session()
         * list_sessions()
         * stop_session()

     * Sagemaker:
         * create_transform_job()
         * describe_transform_job()
         * list_transform_jobs()

 Miscellaneous:
     * Core: The `date`-header is now returned for all operations (set to the current date)
     * AutoScaling: describe_policies() now returns the field `TargetTrackingConfiguration.CustomizedMetricSpecification.Metrics`
     * Cloudformation: delete_stack_instances() now behaves correctly when deleting multiple regions
     * EC2: create_route() now takes the `VpcEndpointId`-parameter into account
     * EC2: describe_instances() now throws an exception when both the InstanceIds and PaginationConfig parameters are supplied
     * IAM: get_group() now returns the fields `CreateDate` and `PasswordLastUsed`
     * RDS: start_export_task() now returns the field `SourceType`
     * S3: aligned checksum calculation with how AWS behaves
     * S3: now returns `Accept-Ranges`-headers, instead of `AcceptRanges`, in-line with AWS
     * S3: copy_object() now behaves correctly when copying objects in encrypted buckets
     * S3: put_object_legal_hold() now takes the VersionId-parameter into account
     * S3: put_object_retention() now takes the VersionId-parameter into account
     * SecretsManager: list_secrets now returns the fields `LastRotatedDate` and `NextRotationDate`
     * SNS: Topics can now be accessed across accounts
     * SNS: Fixed a bug so that topics without properties can now be deleted using CloudFormation

4.1.9

-----
Docker Digest for 4.1.9: _sha256:121a51dcf0e42e53a601803bdeb25324d18b2d45f08a79923c65034f4f14448a_

 New Services:
     * Glue:
         * batch_get_triggers
         * create_trigger
         * delete_trigger
         * get_trigger
         * get_triggers
         * list_triggers
         * start_trigger
         * stop_trigger

     * Glue:
         * create_contact
         * create_contact_list
         * delete_contact
         * delete_contact_list
         * get_contact
         * get_contact_list
         * list_contact_lists
         * list_contacts
         * send_email

 Miscellaneous:
     * Kinesis: Improve calculations on stream limits
     * EC2: Improve logic behind describe_image_attribute()
     * S3: Various improvements to the logic behind copy_object()
     * Scheduler: update_schedule() now supports the GroupName-parameter
     * SNS: Improve and enhance validation of numeric parameters
     * SNS: MessageDeduplicationId is now forwarded to SQS queues (Fixes a bug in 4.1.7)

4.1.8

-----
Docker Digest for 4.1.8: _sha256:e83d868df71b193d625d9fb031282f6632c6c80d0314cfca6780f9a3f37d1f61_

 New Methods:
     * DynamoDB:
         * batch_execute_statement()
         * execute_statement()
         * execute_transaction()

     * Glue:
         * batch_get_jobs()
         * delete_job()

     * KMS:
         * get_public_key()

 Miscellaneous:
     * Athena: Fixed a bug causing every call to `get_workgroup(WorkGroup="primary")` to fail
     * AWSLambda: Performance improvement: Docker images are no longer re-downloaded if they already exist
     * BatchSimple now uses the environment variable MOTO_SIMPLE_BATCH_FAIL_AFTER=0 to determine whether the job should fail, and after how many seconds
     * EC2: replace_route() now supports the NetworkInterfaceId-parameter
     * ECR: b