@hulumi/baseline < 1.4.0: GuardDuty and Security Hub reuse bugs fixed

In @hulumi/baseline < 1.4.0, AccountFoundation's reuse mode for GuardDuty and Security Hub had two bugs: (1) GuardDuty reuse did not verify the existing detector was enabled with 15-minute publishing frequency, so a suspended or misconfigured detector would be reported as active. (2) Security Hub reuse created StandardsSubscription resources with default delete behavior, so destroying the stack would disable CIS/NIST subscriptions even on pre-existing accounts. Fixed in 1.4.0 by adding assertions for GuardDuty posture and setting retainOnDelete: true for Security Hub subscriptions.

Users of @hulumi/baseline who use AccountFoundation's reuse mode to adopt pre-existing GuardDuty or Security Hub services.

Upgrade to @hulumi/[email protected]. If upgrade is not immediate, avoid reusing pre-existing detective services with AccountFoundation.