KmsKeyringNode dependency on aws-sdk resulting in Deprecation WARNings

[RalphBragg]

Problem:

This library is still dependent on the full aws-sdk despite numerous tickets and requests being raised for its removal by this community (mainly for lambda use cases). I believe it is now the cause of the WARN messages being raised in any package and service that is using the node crypto library. Please advise on what the intended solution is for this please and the timelines. Happy to migrate to another capability if there's a migration guide available

(node:92870) NOTE: We are formalizing our plans to enter AWS SDK for JavaScript (v2) into maintenance mode in 2023.
Please migrate your code to use AWS SDK for JavaScript (v3).
For more information, check the migration guide at https://a.co/7PzMCcy
at emitWarning (/Users/REDACTED/node_modules/aws-sdk/lib/maintenance_mode_message.js:21:13)
at Timeout._onTimeout (/Users/REDACTED/node_modules/aws-sdk/lib/maintenance_mode_message.js:29:5)

Solution:

Use something other than the full aws-sdk library

Out of scope:

Is there anything the solution will intentionally NOT address?

[JohnBrown0126]

Can we get some eyes on this

[defy93]

+1 this issue as well

[texastony]

@RalphBragg (+ @JohnBrown0126 , @defy93 , and others),

We are aware that the AWS SDK for JavaScript V2 is going into maintenance.
Recently, we released a new minor version of the AWS Encryption SDK for JavaScript (ESDK-JS),
3.2.0, which featured support for the AWS SDK for JavaScript V3.

We did not remove the AWS SDK V2 dependency, as we did not want break any current customers,
who may have relied on the V2 SDK existing in the ESDK-JS.

We will release the ESDK-JS that only relies on the AWS SDK V3 in a new major version.

(Leaving this issue open, pending the new Major Version release described above)

Much Obliged,
AWS Crypto Tools

[revmischa]

Will be very nice to get rid of the v2 dependency because it adds a considerable amount of JS to my lambda bundle on node 18.

[RalphBragg]

@RalphBragg (+ @JohnBrown0126 , @defy93 , and others),

We are aware that the AWS SDK for JavaScript V2 is going into maintenance. Recently, we released a new minor version of the AWS Encryption SDK for JavaScript (ESDK-JS), 3.2.0, which featured support for the AWS SDK for JavaScript V3.

We did not remove the AWS SDK V2 dependency, as we did not want break any current customers, who may have relied on the V2 SDK existing in the ESDK-JS.

We will release the ESDK-JS that only relies on the AWS SDK V3 in a new major version.

(Leaving this issue open, pending the new Major Version release described above)

Much Obliged, AWS Crypto Tools

Is there are ETA on this?

[texastony]

@RalphBragg,
This release is on our roadmap.
But, as a rule, we do not publish dates.

[frsechet]

Now that #1180 was merged, which fixes that, any chance to get a new version published, or an approximate ETA for that (days, weeks, months, years)?

[NimmLor]

@frsechet
Version 4.0.0 just got released.

[josecorella]

Hello @RalphBragg,

Major Version 4.0.0 of the AWS ESDK for JS has been released. This major version should address the problems you outline on this issue. Please let us know if you have any questions.

AWS Crypto Tools