fix: update package version on orders tests

[jeastham1993]

What does this PR do?

Motivation

Testing Guidelines

Additional Notes

Types of Changes

• Bug fix
• New feature
• Breaking change
• Misc (docs, refactoring, dependency upgrade, etc.)

Check all that apply

• This PR's description is comprehensive
• This PR contains breaking changes that are documented in the description
• This PR introduces new APIs or parameters that are documented and unlikely to change in the foreseeable future
• This PR impacts documentation, and it has been updated (or a ticket has been logged)
• This PR's changes are covered by the automated tests
• This PR collects user input/sensitive content into Datadog

[Copilot]

Pull Request Overview

This PR updates package dependencies in two service areas to maintain security and compatibility. The main focus is updating AWS SDK versions and Python dependencies.

• Updates AWS SDK for .NET from version 4.0.2.5 to 4.0.3.1 in order service tests
• Adds comprehensive Python dependency requirements files for the activity service
• Introduces complete dependency specifications with locked versions and security hashes

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File	Description
src/order-service/src/Orders.IntegrationTests/Orders.IntegrationTests.csproj	Updates AWSSDK.SimpleSystemsManagement package version for integration tests
src/activity-service/lambda_requirements.txt	Adds complete lambda runtime dependencies with version locks and hash verification
src/activity-service/dev_requirements.txt	Adds comprehensive development dependencies including AWS CDK, testing tools, and code quality packages

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[claude]

Claude finished @jeastham1993's task —— View job

---

PR Review Complete

Reviewing PR #514 - "fix: update package version on orders tests"

Todo List:

• Read repository guidelines (CLAUDE.md)
• Analyze AWS SDK version update in C# project
• Review Python development requirements file
• Review Python lambda requirements file
• Assess security implications
• Evaluate dependency management practices
• Provide comprehensive feedback

Code Quality & Best Practices ✅

C# Project (Orders.IntegrationTests.csproj):

• Good: Clean project structure with modern .NET 9.0 targeting
• Good: Proper test framework setup with xUnit and Microsoft.NET.Test.Sdk
• Good: Uses appropriate package references for AWS integration testing

Python Dependencies:

• Excellent: Both files use pinned versions with SHA256 hashes for security
• Good: Proper separation between development and lambda runtime dependencies
• Good: Comprehensive dev tooling including AWS CDK, testing frameworks, and code quality tools

Potential Issues & Security Concerns 🔍

AWS SDK Update:

• Updated AWSSDK.SimpleSystemsManagement from implied older version to 4.0.3.1
• ✅ Security: This is likely a security/bug fix update - newer patch versions typically address vulnerabilities
• ✅ Compatibility: Minor version update should be backward compatible

Python Dependencies:

• ✅ Security: All dependencies include SHA256 hashes preventing supply chain attacks
• ✅ Version Management: Strict version pinning prevents unexpected updates
• ⚠️ Maintenance: 922 added lines of dependencies will require regular maintenance

Performance Considerations 💡

C# Project:

• No performance impact expected from AWS SDK update
• Test project scope limits runtime impact

Python Dependencies:

• Positive: Separation of dev vs lambda requirements optimizes lambda bundle size
• Good: Lambda requirements (~330 lines) are much smaller than dev requirements (~592 lines)
• Key runtime dependencies include:
  • boto3==1.40.21 (AWS SDK)
  • aws-lambda-powertools==3.21.0 (AWS Lambda utilities)
  • ddtrace==3.9.4 (Datadog tracing)

Test Coverage 📋

Missing Information:

• No test updates provided with the AWS SDK version change
• Would benefit from integration tests verifying the new SDK version works correctly
• Recommendation: Run existing integration tests to ensure compatibility

Recommendations 🎯

1. Testing: Ensure all existing integration tests pass with the new AWS SDK version
2. Documentation: Consider documenting why the specific SDK version was chosen
3. Monitoring: Watch for any runtime issues after deployment with the new dependencies
4. Dependency Management: Consider setting up automated dependency updates (like Dependabot) for future maintenance

Summary

This PR represents good dependency management practices with:

• ✅ Security-focused approach with hashed dependencies
• ✅ Proper separation of concerns (dev vs runtime deps)
• ✅ Following semantic versioning for updates
• ✅ Comprehensive tooling setup for Python development

The changes look safe and well-structured. The AWS SDK update is minimal and the Python dependency additions follow security best practices.

---