Bump the npm group across 2 directories with 9 updates

[dependabot]

Bumps the npm group with 9 updates in the / directory:

Package	From	To
@aws-sdk/client-cloudformation	3.899.0	3.902.0
@eslint/js	9.36.0	9.37.0
@types/node	24.6.0	24.6.2
eslint	9.36.0	9.37.0
jiti	2.6.0	2.6.1
pnpm	10.18.0	10.18.1
typescript	5.9.2	5.9.3
aws-cdk-lib	2.218.0	2.219.0
aws-cdk	2.1029.3	2.1029.4

Bumps the npm group with 4 updates in the /test directory: @types/node, typescript, aws-cdk-lib and aws-cdk.

Updates @aws-sdk/client-cloudformation from 3.899.0 to 3.902.0

Release notes

Sourced from @​aws-sdk/client-cloudformation's releases.

v3.902.0

3.902.0(2025-10-02)

Chores

• deps: bump yarn to 4.10.3 (#7399) (084f2889)
• keep vite build directory contents between builds (#7394) (b07c0575)
• codegen:
  • bump gradle to 9.1.0 (#7398) (ff45bcb9)
  • enable Gradle configuration cache (#7396) (e89f59d5)
• ci: use gradle/actions/setup-gradle for setting up gradle (#7397) (9986ee41)

Documentation Changes

• client-guardduty: Updated descriptions for the Location parameter in CreateTrustedEntitySet and CreateThreatEntitySet. (3d2d565a)

New Features

• client-dynamodb: Add support for dual-stack account endpoint generation (14f648bb)
• client-connectcases: New Search All Related Items API enables searching related items across cases (4535c435)
• client-cloudformation: Add new warning type 'EXCLUDED_RESOURCES' (228e3628)
• client-synthetics: Adds support to configure canaries with pre-configured blueprint code on supported runtime versions. This behavior can be controlled via the new BlueprintTypes property exposed in the CreateCanary and UpdateCanary APIs. (b9d0925c)

---

For list of updated packages, view updated-packages.md in assets-3.902.0.zip

v3.901.0

3.901.0(2025-10-01)

Chores

• codegen:
  • bump Gradle to 9.0.0 (#7390) (1e004195)
  • bump codegen version to 0.36.0 (#7393) (d0a9cd8b)
• add more bundle types to the benchmark (#7392) (97078ce6)
• bump '@smithy/*' versions (#7391) (0a418cc2)

Documentation Changes

• client-ecs: This is a documentation only Amazon ECS release that adds additional information for health checks. (a5652334)
• client-database-migration-service: This is a doc-only update, revising text for kms-key-arns. (629c6306)

New Features

• client-chime-sdk-meetings: Add support to receive dual stack MediaPlacement URLs in Chime Meetings SDK (c32ced42)
• client-cleanroomsml: This release introduces data access budgets to view how many times an input channel can be used for ML jobs in a collaboration. (a6cc054b)
• client-cleanrooms: This release introduces data access budgets to control how many times a table can be used for queries and jobs in a collaboration. (783dbc10)
• client-pcs: Added the UpdateCluster API action to modify cluster configurations, and Slurm custom settings for queues. (3b9d480e)

... (truncated)

Changelog

Sourced from @​aws-sdk/client-cloudformation's changelog.

3.902.0 (2025-10-02)

Features

• client-cloudformation: Add new warning type 'EXCLUDED_RESOURCES' (228e362)

3.901.0 (2025-10-01)

Note: Version bump only for package @​aws-sdk/client-cloudformation

Commits

• 1f6666e Publish v3.902.0
• 228e362 feat(client-cloudformation): Add new warning type 'EXCLUDED_RESOURCES'
• 5befda8 Publish v3.901.0
• 0a418cc chore: bump '@smithy/*' versions (#7391)
• See full diff in compare view

Updates @eslint/js from 9.36.0 to 9.37.0

Release notes

Sourced from @​eslint/js's releases.

v9.37.0

Features

• 39f7fb4 feat: preserve-caught-error should recognize all static "cause" keys (#20163) (Pixel998)
• f81eabc feat: support TS syntax in no-restricted-imports (#19562) (Nitin Kumar)

Bug Fixes

• a129cce fix: correct no-loss-of-precision false positives for leading zeros (#20164) (Francesco Trotta)
• 09e04fc fix: add missing AST token types (#20172) (Pixel998)
• 861c6da fix: correct ESLint typings (#20122) (Pixel998)

Documentation

• b950359 docs: fix typos across the docs (#20182) (루밀LuMir)
• 42498a2 docs: improve ToC accessibility by hiding non-semantic character (#20181) (Percy Ma)
• 29ea092 docs: Update README (GitHub Actions Bot)
• 5c97a04 docs: show availableUntil in deprecated rule banner (#20170) (Pixel998)
• 90a71bf docs: update README files to add badge and instructions (#20115) (루밀LuMir)
• 1603ae1 docs: update references from master to main (#20153) (루밀LuMir)

Chores

• afe8a13 chore: update @eslint/js dependency to version 9.37.0 (#20183) (Francesco Trotta)
• abee4ca chore: package.json update for @​eslint/js release (Jenkins)
• fc9381f chore: fix typos in comments (#20175) (overlookmotel)
• e1574a2 chore: unpin jiti (#20173) (renovate[bot])
• e1ac05e refactor: mark ESLint.findConfigFile() as async, add missing docs (#20157) (Pixel998)
• 347906d chore: update eslint (#20149) (renovate[bot])
• 0cb5897 test: remove tmp dir created for circular fixes in multithread mode test (#20146) (Milos Djermanovic)
• bb99566 ci: pin jiti to version 2.5.1 (#20151) (Pixel998)
• 177f669 perf: improve worker count calculation for "auto" concurrency (#20067) (Francesco Trotta)
• 448b57b chore: Mark deprecated formatting rules as available until v11.0.0 (#20144) (Milos Djermanovic)

Commits

• abee4ca chore: package.json update for @​eslint/js release
• 90a71bf docs: update README files to add badge and instructions (#20115)
• See full diff in compare view

Updates @types/node from 24.6.0 to 24.6.2

Commits

• See full diff in compare view

Updates eslint from 9.36.0 to 9.37.0

Release notes

Sourced from eslint's releases.

v9.37.0

Features

• 39f7fb4 feat: preserve-caught-error should recognize all static "cause" keys (#20163) (Pixel998)
• f81eabc feat: support TS syntax in no-restricted-imports (#19562) (Nitin Kumar)

Bug Fixes

• a129cce fix: correct no-loss-of-precision false positives for leading zeros (#20164) (Francesco Trotta)
• 09e04fc fix: add missing AST token types (#20172) (Pixel998)
• 861c6da fix: correct ESLint typings (#20122) (Pixel998)

Documentation

• b950359 docs: fix typos across the docs (#20182) (루밀LuMir)
• 42498a2 docs: improve ToC accessibility by hiding non-semantic character (#20181) (Percy Ma)
• 29ea092 docs: Update README (GitHub Actions Bot)
• 5c97a04 docs: show availableUntil in deprecated rule banner (#20170) (Pixel998)
• 90a71bf docs: update README files to add badge and instructions (#20115) (루밀LuMir)
• 1603ae1 docs: update references from master to main (#20153) (루밀LuMir)

Chores

• afe8a13 chore: update @eslint/js dependency to version 9.37.0 (#20183) (Francesco Trotta)
• abee4ca chore: package.json update for @​eslint/js release (Jenkins)
• fc9381f chore: fix typos in comments (#20175) (overlookmotel)
• e1574a2 chore: unpin jiti (#20173) (renovate[bot])
• e1ac05e refactor: mark ESLint.findConfigFile() as async, add missing docs (#20157) (Pixel998)
• 347906d chore: update eslint (#20149) (renovate[bot])
• 0cb5897 test: remove tmp dir created for circular fixes in multithread mode test (#20146) (Milos Djermanovic)
• bb99566 ci: pin jiti to version 2.5.1 (#20151) (Pixel998)
• 177f669 perf: improve worker count calculation for "auto" concurrency (#20067) (Francesco Trotta)
• 448b57b chore: Mark deprecated formatting rules as available until v11.0.0 (#20144) (Milos Djermanovic)

Commits

• d5d1bdf 9.37.0
• 94865ff Build: changelog update for 9.37.0
• afe8a13 chore: update @eslint/js dependency to version 9.37.0 (#20183)
• abee4ca chore: package.json update for @​eslint/js release
• b950359 docs: fix typos across the docs (#20182)
• 42498a2 docs: improve ToC accessibility by hiding non-semantic character (#20181)
• fc9381f chore: fix typos in comments (#20175)
• e1574a2 chore: unpin jiti (#20173)
• 29ea092 docs: Update README
• a129cce fix: correct no-loss-of-precision false positives for leading zeros (#20164)
• Additional commits viewable in compare view

Updates jiti from 2.6.0 to 2.6.1

Release notes

Sourced from jiti's releases.

v2.6.1

compare changes

🩹 Fixes

• interop: Only passthrough default if it is not a promise (#408)

📦 Build

• Revert to terser-webpack-plugin (#407)

❤️ Contributors

• Kricsleo (@​kricsleo)

Changelog

Sourced from jiti's changelog.

v2.6.1

compare changes

🩹 Fixes

• interop: Only passthrough default if it is not a promise (#408)

📦 Build

• Revert to terser-webpack-plugin (#407)

🏡 Chore

• Update bench (037c646)
• Update deps (974ca40)
• Remove unused code (8b41497)

❤️ Contributors

• Pooya Parsa (@​pi0)
• Kricsleo (@​kricsleo)

Commits

• aedcdee chore(release): v2.6.1
• 8b41497 chore: remove unused code
• 974ca40 chore: update deps
• e840692 build: revert to terser-webpack-plugin (#407)
• 092cdd9 fix(interop): only passthrough default if it is not a promise (#408)
• 037c646 chore: update bench
• See full diff in compare view

Updates pnpm from 10.18.0 to 10.18.1

Release notes

Sourced from pnpm's releases.

pnpm 10.18.1

Patch Changes

• Don't print a warning, when --lockfile-only is used #8320.
• pnpm setup creates a command shim to the pnpm executable. This is needed to be able to run pnpm self-update on Windows #5700.
• When using pnpm catalogs and running a normal pnpm install, pnpm produced false positive warnings for "skip adding to the default catalog because it already exists". This warning now only prints when using pnpm add --save-catalog as originally intended.

Platinum Sponsors

Gold Sponsors

... (truncated)

Changelog

Sourced from pnpm's changelog.

10.18.1

Patch Changes

• Don't print a warning, when --lockfile-only is used #8320.
• pnpm setup creates a command shim to the pnpm executable. This is needed to be able to run pnpm self-update on Windows #5700.
• When using pnpm catalogs and running a normal pnpm install, pnpm produced false positive warnings for "skip adding to the default catalog because it already exists". This warning now only prints when using pnpm add --save-catalog as originally intended.

Commits

• 651a27a chore(release): 10.18.1
• See full diff in compare view

Updates typescript from 5.9.2 to 5.9.3

Release notes

Sourced from typescript's releases.

TypeScript 5.9.3

Note: this tag was recreated to point at the correct commit. The npm package contained the correct content.

For release notes, check out the release announcement

• fixed issues query for Typescript 5.9.0 (Beta).
• fixed issues query for Typescript 5.9.1 (RC).
• No specific changes for TypeScript 5.9.2 (Stable)
• fixed issues query for Typescript 5.9.3 (Stable).

Downloads are available on:

• npm

Commits

• c63de15 Bump version to 5.9.3 and LKG
• 8428ca4 🤖 Pick PR #62438 (Fix incorrectly ignored dts file fr...) into release-5.9 (#...
• a131cac 🤖 Pick PR #62351 (Add missing Float16Array constructo...) into release-5.9 (#...
• 0424333 🤖 Pick PR #62423 (Revert PR 61928) into release-5.9 (#62425)
• bdb641a 🤖 Pick PR #62311 (Fix parenthesizer rules for manuall...) into release-5.9 (#...
• 0d9b9b9 🤖 Pick PR #61978 (Restructure CI to prepare for requi...) into release-5.9 (#...
• 2dce0c5 Intentionally regress one buggy declaration output to an older version (#62163)
• See full diff in compare view

Updates aws-cdk-lib from 2.218.0 to 2.219.0

Release notes

Sourced from aws-cdk-lib's releases.

v2.219.0

⚠ BREAKING CHANGES

• ** L1 resources are automatically generated from public CloudFormation Resource Schemas. They are built to closely reflect the real state of CloudFormation. Sometimes these updates can contain changes that are incompatible with previous types, but more accurately reflect reality. In this release we have changed:

aws-servicecatalog: AWS::ServiceCatalog::PortfolioPrincipalAssociation: PortfolioId property is now required. aws-servicecatalog: AWS::ServiceCatalog::PortfolioPrincipalAssociation: PrincipalARN property is now required. aws-servicecatalog: AWS::ServiceCatalog::PortfolioProductAssociation: Id attribute removed.

Co-authored-by: aws-cdk-automation aws-cdk-automation@users.noreply.github.com

Features

• ecs: new L2 construct for ManagedInstances CapacityProvider (#35648) (c72a09b)
• update L1 CloudFormation resource definitions (#35646) (860ce0d)
• codebuild: add custom instance type and VPC to Fleets (#34572) (5c2781b)
• codebuild: support overflow behavior of fleet (#35480) (e4113b0)
• update L1 CloudFormation resource definitions (#35614) (fb0a114)

Bug Fixes

• cloudfront: edgefunction does not propagate stack tags correctly (#35518) (63088e8)

---

Alpha modules (2.219.0-alpha.0)

Changelog

Sourced from aws-cdk-lib's changelog.

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

2.219.0-alpha.0 (2025-10-01)

2.218.0-alpha.0 (2025-09-29)

• elasticache-alpha: implement Serverless ElastiCache L2 Construct (#35424) (0e08c8c)

2.217.0-alpha.0 (2025-09-25)

2.216.0-alpha.0 (2025-09-22)

2.215.0-alpha.0 (2025-09-15)

Bug Fixes

• bedrock-alpha: added missing validation when prompt uses default variant (#35366) (cbd271e)

2.214.0-alpha.0 (2025-09-02)

Features

• bedrock-alpha: add guardrails l2 construct (#34765) (b4fdb2b)
• eks-v2-alpha: support eks with k8s 1.33 (#34713) (c24565e), closes #34520 #34911
• s3tables-alpha: add TablePolicy support to L2 construct library (#35223) (2741dfb), closes #33054

2.213.0-alpha.0 (2025-08-27)

Features

• s3tables-alpha: add TablePolicy support to L2 construct library (#35223) (a4aad78), closes #33054

2.212.0-alpha.0 (2025-08-20)

2.211.0-alpha.0 (2025-08-12)

2.210.0-alpha.0 (2025-08-06)

Features

• glue-alpha: add optional metrics control for cost optimization (#35154) (6e24133), closes #35149

2.209.1-alpha.0 (2025-08-06)

... (truncated)

Commits

• 731eb40 chore(release): 2.219.0 (#35650)
• See full diff in compare view

Updates aws-cdk from 2.1029.3 to 2.1029.4

Release notes

Sourced from aws-cdk's releases.

aws-cdk@v2.1029.4

2.1029.4 (2025-10-01)

Commits

• See full diff in compare view

Updates @types/node from 24.6.0 to 24.6.2

Commits

• See full diff in compare view

Updates typescript from 5.9.2 to 5.9.3

Release notes

Sourced from typescript's releases.

TypeScript 5.9.3

Note: this tag was recreated to point at the correct commit. The npm package contained the correct content.

For release notes, check out the release announcement

• fixed issues query for Typescript 5.9.0 (Beta).
• fixed issues query for Typescript 5.9.1 (RC).
• No specific changes for TypeScript 5.9.2 (Stable)
• fixed issues query for Typescript 5.9.3 (Stable).

Downloads are available on:

• npm

Commits

• c63de15 Bump version to 5.9.3 and LKG
• 8428ca4 🤖 Pick PR #62438 (Fix incorrectly ignored dts file fr...) into release-5.9 (#...
• a131cac 🤖 Pick PR #62351 (Add missing Float16Array constructo...) into release-5.9 (#...
• 0424333 🤖 Pick PR #62423 (Revert PR 61928) into release-5.9 (#62425)
• bdb641a 🤖 Pick PR #62311 (Fix parenthesizer rules for manuall...) into release-5.9 (#...
• 0d9b9b9 🤖 Pick PR #61978 (Restructure CI to prepare for requi...) into release-5.9 (#...
• 2dce0c5 Intentionally regress one buggy declaration output to an older version (#62163)
• See full diff in compare view

Updates aws-cdk-lib from 2.218.0 to 2.219.0

Release notes

Sourced from aws-cdk-lib's releases.

v2.219.0

⚠ BREAKING CHANGES

• ** L1 resources are automatically generated from public CloudFormation Resource Schemas. They are built to closely reflect the real state of CloudFormation. Sometimes these updates can contain changes that are incompatible with previous types, but more accurately reflect reality. In this release we have changed:

aws-servicecatalog: AWS::ServiceCatalog::PortfolioPrincipalAssociation: PortfolioId property is now required. aws-servicecatalog: AWS::ServiceCatalog::PortfolioPrincipalAssociation: PrincipalARN property is now required. aws-servicecatalog: AWS::ServiceCatalog::PortfolioProductAssociation: Id attribute removed.

Co-authored-by: aws-cdk-automation aws-cdk-automation@users.noreply.github.com

Features

• ecs: new L2 construct for ManagedInstances CapacityProvider (#35648) (c72a09b)
• update L1 CloudFormation resource definitions (#35646) (860ce0d)
• codebuild: add custom instance type and VPC to Fleets (#34572) (5c2781b)
• codebuild: support overflow behavior of fleet (#35480) (e4113b0)
• update L1 CloudFormation resource definitions (#35614) (fb0a114)

Bug Fixes

• cloudfront: edgefunction does not propagate stack tags correctly (#35518) (63088e8)

---

Alpha modules (2.219.0-alpha.0)

Changelog

Sourced from aws-cdk-lib's changelog.

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

2.219.0-alpha.0 (2025-10-01)

2.218.0-alpha.0 (2025-09-29)

• elasticache-alpha: implement Serverless ElastiCache L2 Construct (#35424) (0e08c8c)

2.217.0-alpha.0 (2025-09-25)

2.216.0-alpha.0 (2025-09-22)

2.215.0-alpha.0 (2025-09-15)

Bug Fixes

• bedrock-alpha: added missing validation when prompt uses default variant (#35366) (cbd271e)

2.214.0-alpha.0 (2025-09-02)

Features

• bedrock-alpha: add guardrails l2 construct (#34765) (b4fdb2b)
• eks-v2-alpha: support eks with k8s 1.33 (#34713) (c24565e), closes #34520 #34911
• s3tables-alpha: add TablePolicy support to L2 construct library (#35223) (2741dfb), closes #33054

2.213.0-alpha.0 (2025-08-27)

Features

• s3tables-alpha: add TablePolicy support to L2 construct library (#35223) (a4aad78), closes #33054

2.212.0-alpha.0 (2025-08-20)

2.211.0-alpha.0 (2025-08-12)

2.210.0-alpha.0 (2025-08-06)

Features

• glue-alpha: add optional metrics control for cost optimization (#35154) (6e24133), closes #35149

2.209.1-alpha.0 (2025-08-06)

... (truncated)

Commits

• 731eb40 chore(release): 2.219.0 (#35650)
• See full diff in compare view

Updates aws-cdk from 2.1029.3 to 2.1029.4

Release notes

Sourced from aws-cdk's releases.

aws-cdk@v2.1029.4

2.1029.4 (2025-10-01)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.