Repeating question about security enhancement even after confirmation

[cowjen01]

Before opening, please confirm:

• I have installed the latest version of the Amplify CLI (see above), and confirmed that the issue still persists.
• I have searched for duplicate or closed issues.
• I have read the guide for submitting bug reports.
• I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.

How did you install the Amplify CLI?

curl

If applicable, what version of Node.js are you using?

v16.8.0

Amplify CLI Version

7.6.13

What operating system are you using?

Mac

Did you make any manual changes to the cloud resources managed by Amplify? Please describe the changes made.

No manual changes made

Amplify Categories

api

Amplify Commands

push

Describe the bug

The client asks me every time about a security enhancement question, even I have already confirmed that. I think the updated flag was not written. I found out that after I confirmed the enhancement, the client adds an empty character at the end of the schema.graphql file, so now, every time I update some resource (e.g., function), there is also a change of the API resource and I have to push the API updates too.

Expected behavior

The security enhancement question should not show up after the confirmation, and the client should not further modify the GraphQL schema.

Reproduction steps

1. I pulled an environment of an existing backend (with an old version of the client, can't remember which one)
2. Made some changes to the API
3. Made migration to the transformer v2
4. Upgraded the client to v7.6.13
5. Pushed the changes (confirmed security enhancements)
6. Made some modifications to a function's source code
7. Pushed the changes again (again the same question)

GraphQL schema(s)

# Put schemas below this line

Log output

# Put your logs below this line

Additional information

My amplify/cli.json file:

{
  "features": {
    "graphqltransformer": {
      "addmissingownerfields": true,
      "improvepluralization": true,
      "validatetypenamereservedwords": true,
      "useexperimentalpipelinedtransformer": true,
      "enableiterativegsiupdates": true,
      "secondarykeyasgsi": true,
      "skipoverridemutationinputtypes": true,
      "transformerversion": 2,
      "suppressschemamigrationprompt": true
    },
    "frontend-ios": {
      "enablexcodeintegration": true
    },
    "auth": {
      "enablecaseinsensitivity": true,
      "useinclusiveterminology": true,
      "breakcirculardependency": true
    },
    "codegen": {
      "useappsyncmodelgenplugin": true,
      "usedocsgeneratorplugin": true,
      "usetypesgeneratorplugin": true,
      "cleangeneratedmodelsdirectory": true,
      "retaincasestyle": true,
      "addtimestampfields": true,
      "handlelistnullabilitytransparently": true,
      "emitauthprovider": true,
      "generateindexrules": true,
      "enabledartnullsafety": true
    },
    "appsync": {
      "generategraphqlpermissions": true
    },
    "project": {
      "overrides": true
    }
  }
}

[lazpavel]

Hi @cowjen01, thank you for reporting this, as a workaround while we're investigating can you add this flag to the graphqltransformer section: securityEnhancementNotification: false.

Let us know if this stops the prompt

[cowjen01]

Hello @lazpavel, I tried it just now and it helped. But I had to also set a specific version for the build image to 7.6.13 (as referred here: https://github.com/aws-amplify/amplify-cli/issues/9615) because the latest version could not recognize this flag and the CloudFormation update failed.

[debragail]

Hi @cowjen01, thank you for reporting this, as a workaround while we're investigating can you add this flag to the graphqltransformer section: securityEnhancementNotification: false.

Let us know if this stops the prompt

This did not help me

[jeffstahlin]

This has been happening, roughly, for the last 3 weeks for me (it has come and gone before, usually within a few days). I've upgraded the CLI to the latest version every time there was a prompt recently to see if it may help to resolve the problem to no avail. Currently using version 10.3.1 of the Amplify CLI.
This issue slows down productivity when working back-end functionality since every push takes a substantial amount of time since graphql resources are rebuilt on every amplify push. Is there any progress on fixing this issue permanently, or is there at least some workaround that can be used for the time being?