Bump the npm group across 2 directories with 2 updates by dependabot[bot] · Pull Request #713 · poad/aws-cloudformation-stack-status-checker

dependabot · 2025-11-10T21:33:41Z

Bumps the npm group with 2 updates in the / directory: constructs and aws-cdk.
Bumps the npm group with 2 updates in the /test directory: constructs and aws-cdk.

Updates constructs from 10.4.2 to 10.4.3

Release notes

Sourced from constructs's releases.

v10.4.3

10.4.3 (2025-11-06)

Bug Fixes

deps: upgrade to jsii & typescript 5.9 (#2823) (02796b2)

Commits

02796b2 fix(deps): upgrade to jsii & typescript 5.9 (#2823)
f62df72 chore(deps): upgrade dev dependencies (#2822)
56d6cbf chore(deps): upgrade dev dependencies (#2821)
a37b483 chore(deps): upgrade cdklabs-projen-project-types (#2819)
7826d73 chore(deps): upgrade dev dependencies (#2820)
bbbf608 chore(deps): upgrade dev dependencies (#2818)
7c1b1ad chore(deps): upgrade dev dependencies (#2817)
27ec512 chore(deps): upgrade dev dependencies (#2816)
6e7e0a2 chore(deps): upgrade dev dependencies (#2815)
e71d235 chore(deps): upgrade dev dependencies (#2814)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for constructs since your current version.

Updates aws-cdk from 2.1031.1 to 2.1031.2

Release notes

Sourced from aws-cdk's releases.

aws-cdk@v2.1031.2

2.1031.2 (2025-11-06)

Bug Fixes

cli: requests get throttled when there is a large number of stacks (#927) (c79e35e)

update python init templates dev dep on pytest to latest (#930) (779352d)

Commits

779352d fix: update python init templates dev dep on pytest to latest (#930)
c79e35e fix(cli): requests get throttled when there is a large number of stacks (#927)
d1b4113 chore: update typescript and jsii to 5.9 (#923)
See full diff in compare view

Updates constructs from 10.4.2 to 10.4.3

Release notes

Sourced from constructs's releases.

v10.4.3

10.4.3 (2025-11-06)

Bug Fixes

deps: upgrade to jsii & typescript 5.9 (#2823) (02796b2)

Commits

02796b2 fix(deps): upgrade to jsii & typescript 5.9 (#2823)
f62df72 chore(deps): upgrade dev dependencies (#2822)
56d6cbf chore(deps): upgrade dev dependencies (#2821)
a37b483 chore(deps): upgrade cdklabs-projen-project-types (#2819)
7826d73 chore(deps): upgrade dev dependencies (#2820)
bbbf608 chore(deps): upgrade dev dependencies (#2818)
7c1b1ad chore(deps): upgrade dev dependencies (#2817)
27ec512 chore(deps): upgrade dev dependencies (#2816)
6e7e0a2 chore(deps): upgrade dev dependencies (#2815)
e71d235 chore(deps): upgrade dev dependencies (#2814)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for constructs since your current version.

Updates aws-cdk from 2.1031.1 to 2.1031.2

Release notes

Sourced from aws-cdk's releases.

aws-cdk@v2.1031.2

2.1031.2 (2025-11-06)

Bug Fixes

cli: requests get throttled when there is a large number of stacks (#927) (c79e35e)

update python init templates dev dep on pytest to latest (#930) (779352d)

Commits

779352d fix: update python init templates dev dep on pytest to latest (#930)
c79e35e fix(cli): requests get throttled when there is a large number of stacks (#927)
d1b4113 chore: update typescript and jsii to 5.9 (#923)
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the npm group with 2 updates in the / directory: [constructs](https://github.com/aws/constructs) and [aws-cdk](https://github.com/aws/aws-cdk-cli/tree/HEAD/packages/aws-cdk). Bumps the npm group with 2 updates in the /test directory: [constructs](https://github.com/aws/constructs) and [aws-cdk](https://github.com/aws/aws-cdk-cli/tree/HEAD/packages/aws-cdk). Updates `constructs` from 10.4.2 to 10.4.3 - [Release notes](https://github.com/aws/constructs/releases) - [Commits](aws/constructs@v10.4.2...v10.4.3) Updates `aws-cdk` from 2.1031.1 to 2.1031.2 - [Release notes](https://github.com/aws/aws-cdk-cli/releases) - [Commits](https://github.com/aws/aws-cdk-cli/commits/aws-cdk@v2.1031.2/packages/aws-cdk) Updates `constructs` from 10.4.2 to 10.4.3 - [Release notes](https://github.com/aws/constructs/releases) - [Commits](aws/constructs@v10.4.2...v10.4.3) Updates `aws-cdk` from 2.1031.1 to 2.1031.2 - [Release notes](https://github.com/aws/aws-cdk-cli/releases) - [Commits](https://github.com/aws/aws-cdk-cli/commits/aws-cdk@v2.1031.2/packages/aws-cdk) --- updated-dependencies: - dependency-name: constructs dependency-version: 10.4.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm - dependency-name: aws-cdk dependency-version: 2.1031.2 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm - dependency-name: constructs dependency-version: 10.4.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm - dependency-name: aws-cdk dependency-version: 2.1031.2 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm ... Signed-off-by: dependabot[bot] <support@github.com>

github-actions · 2025-11-10T21:33:52Z

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package

Version

Score

Details

npm/aws-cdk

2.1031.2

Unknown

npm/constructs

10.4.3

🟢 7.3

Details

Check	Score	Reason
Maintained	🟢 10	15 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 10	all changesets reviewed
Binary-Artifacts	🟢 10	no binaries found in the repo
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	🟢 5	detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Signed-Releases	⚠️ -1	no releases found
Security-Policy	🟢 10	security policy file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
SAST	🟢 4	SAST tool is not run on all commits -- score normalized to 4

npm/aws-cdk

^2.1031.2

Unknown

npm/constructs

^10.4.3

🟢 7.3

Details

Check	Score	Reason
Maintained	🟢 10	15 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 10	all changesets reviewed
Binary-Artifacts	🟢 10	no binaries found in the repo
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
License	🟢 10	license file detected
Fuzzing	⚠️ 0	project is not fuzzed
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	🟢 5	detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Signed-Releases	⚠️ -1	no releases found
Security-Policy	🟢 10	security policy file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
SAST	🟢 4	SAST tool is not run on all commits -- score normalized to 4

Scanned Files

pnpm-lock.yaml
test/package.json

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Nov 10, 2025

github-actions Bot approved these changes Nov 10, 2025

View reviewed changes

github-actions Bot enabled auto-merge (squash) November 10, 2025 21:33

github-actions Bot merged commit cbadb9f into main Nov 10, 2025
7 checks passed

github-actions Bot deleted the dependabot/npm_and_yarn/npm-1fa38549a1 branch November 10, 2025 21:34

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the npm group across 2 directories with 2 updates#713

Bump the npm group across 2 directories with 2 updates#713
github-actions[bot] merged 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-1fa38549a1

dependabot Bot commented on behalf of github Nov 10, 2025

Uh oh!

github-actions Bot commented Nov 10, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Nov 10, 2025

v10.4.3

10.4.3 (2025-11-06)

Bug Fixes

aws-cdk@v2.1031.2

2.1031.2 (2025-11-06)

Bug Fixes

v10.4.3

10.4.3 (2025-11-06)

Bug Fixes

aws-cdk@v2.1031.2

2.1031.2 (2025-11-06)

Bug Fixes

Uh oh!

github-actions Bot commented Nov 10, 2025

Dependency Review

OpenSSF Scorecard

Scanned Files

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants