Bump the npm group across 2 directories with 4 updates

[dependabot]

Bumps the npm group with 4 updates in the / directory: @aws-sdk/client-cloudformation, eslint, aws-cdk-lib and aws-cdk.
Bumps the npm group with 2 updates in the /test directory: aws-cdk-lib and aws-cdk.

Updates @aws-sdk/client-cloudformation from 3.1011.0 to 3.1014.0

Release notes

Sourced from @​aws-sdk/client-cloudformation's releases.

v3.1014.0

3.1014.0(2026-03-20)

Chores

• xml-builder: bump fast-xml-parser to 5.5.8 (#7876) (80ef6014)
• bump smithy versions (414aa0d1)

Documentation Changes

• client-backup: Fix Typo for S3Backup Options ( S3BackupACLs to BackupACLs) (4d912214)

New Features

• clients: update client endpoints as of 2026-03-20 (6450a12d)
• client-verifiedpermissions: Adds support for Policy Store Aliases, Policy Names, and Policy Template Names. These are customizable identifiers that can be used in place of Policy Store ids, Policy ids, and Policy Template ids respectively in Amazon Verified Permissions APIs. (c8fe1858)
• client-opensearch: Added support for Amazon Managed Service for Prometheus (AMP) as a connected data source in OpenSearch UI. Now users can analyze Prometheus metrics in OpenSearch UI without data copy. (c9bdbb54)
• client-dynamodb: Adding ReplicaArn to ReplicaDescription of a global table replica (51c2c17a)

Tests

• snapshot-testing: fix structure of XML errors from mock service (#7874) (a17511fe)

---

For list of updated packages, view updated-packages.md in assets-3.1014.0.zip

v3.1013.0

3.1013.0(2026-03-19)

Chores

• xml-builder: single-pass XML escape for escapeElement and escapeAttribute (#7833) (97de5649)

New Features

• clients: update client endpoints as of 2026-03-19 (485aa086)
• client-batch: AWS Batch now supports quota management, enabling administrators to allocate shared compute resources across teams and projects through quota shares with capacity limits, resource-sharing strategies, and priority-based preemption - currently available for SageMaker Training job queues. (3e695b9a)
• client-bedrock-agentcore-control: Adds support for the following new features. 1. Enterprise Policies support for AgentCore Browser Tool. 2. Root CA Configuration support for AgentCore Browser Tool and Code Interpreter. (d286f51f)
• client-bedrock-agentcore: This release includes SDK support for the following new features on AgentCore Built In Tools. 1. Enterprise Policies for AgentCore Browser Tool. 2. Root CA Configuration Support for AgentCore Browser Tool and Code Interpreter. 3. API changes to AgentCore Browser Profile APIs (088f0580)
• client-polly: Added bi-directional streaming functionality through a new API, StartSpeechSynthesisStream. This API allows streaming input text through inbound events and receiving audio as part of an output stream simultaneously. (581bf849)
• client-ec2: Amazon EC2 Fleet instant mode now supports launching instances into Interruptible Capacity Reservations, enabling customers to use spare capacity shared by Capacity Reservation owners within their AWS Organization. (5ae4a552)
• client-observabilityadmin: Adding a new field in the CreateCentralizationRuleForOrganization, UpdateCentralizationRuleForOrganization API and updating the GetCentralizationRuleForOrganization API response to include the new field (f8dcb3a1)

Bug Fixes

• xml-builder: configure maxTotalExpansions on fast-xml-parser (#7868) (2ad14770)

... (truncated)

Changelog

Sourced from @​aws-sdk/client-cloudformation's changelog.

3.1014.0 (2026-03-20)

Note: Version bump only for package @​aws-sdk/client-cloudformation

3.1013.0 (2026-03-19)

Note: Version bump only for package @​aws-sdk/client-cloudformation

3.1012.0 (2026-03-18)

Note: Version bump only for package @​aws-sdk/client-cloudformation

Commits

• 577a874 Publish v3.1014.0
• 414aa0d chore: bump smithy versions
• 19ca473 Publish v3.1013.0
• 7f54759 Publish v3.1012.0
• 950b0c2 chore(codegen): smithy-aws-typescript-codegen 0.47.0 (#7854)
• See full diff in compare view

Updates eslint from 10.0.3 to 10.1.0

Release notes

Sourced from eslint's releases.

v10.1.0

Features

• ff4382b feat: apply fix for no-var in TSModuleBlock (#20638) (Tanuj Kanti)
• 0916995 feat: Implement api support for bulk-suppressions (#20565) (Blake Sager)

Bug Fixes

• 2b8824e fix: Prevent no-var autofix when a variable is used before declaration (#20464) (Amaresh S M)
• e58b4bf fix: update eslint (#20597) (renovate[bot])

Documentation

• b7b57fe docs: use correct JSDoc link in require-jsdoc.md (#20641) (mkemna-clb)
• 58e4cfc docs: add deprecation notice partial (#20639) (Milos Djermanovic)
• 7143dbf docs: update v9 migration guide for @eslint/js usage (#20540) (fnx)
• 035fc4f docs: note that globalReturn applies only with sourceType: "script" (#20630) (Milos Djermanovic)
• e972c88 docs: merge ESLint option descriptions into type definitions (#20608) (Francesco Trotta)
• 7f10d84 docs: Update README (GitHub Actions Bot)
• aeed007 docs: open playground link in new tab (#20602) (Tanuj Kanti)
• a0d1a37 docs: Add AI Usage Policy (#20510) (Nicholas C. Zakas)

Chores

• a9f9cce chore: update dependency eslint-plugin-unicorn to ^63.0.0 (#20584) (Milos Djermanovic)
• 1f42bd7 chore: update prettier to 3.8.1 (#20651) (루밀LuMir)
• c0a6f4a chore: update dependency @​eslint/json to ^1.2.0 (#20652) (renovate[bot])
• cc43f79 chore: update dependency c8 to v11 (#20650) (renovate[bot])
• 2ce4635 chore: update dependency @​eslint/json to v1 (#20649) (renovate[bot])
• f0406ee chore: update dependency markdownlint-cli2 to ^0.21.0 (#20646) (renovate[bot])
• dbb4c95 chore: remove trunk (#20478) (sethamus)
• c672a2a test: fix CLI test for empty output file (#20640) (kuldeep kumar)
• c7ada24 ci: bump pnpm/action-setup from 4.3.0 to 4.4.0 (#20636) (dependabot[bot])
• 07c4b8b test: fix RuleTester test without test runners (#20631) (Francesco Trotta)
• 079bba7 test: Add tests for isValidWithUnicodeFlag (#20601) (Manish chaudhary)
• 5885ae6 ci: unpin Node.js 25.x in CI (#20615) (Copilot)
• f65e5d3 chore: update pnpm/action-setup digest to b906aff (#20610) (renovate[bot])

Commits

• 8351ec7 10.1.0
• 3270bc1 Build: changelog update for 10.1.0
• a9f9cce chore: update dependency eslint-plugin-unicorn to ^63.0.0 (#20584)
• 1f42bd7 chore: update prettier to 3.8.1 (#20651)
• c0a6f4a chore: update dependency @​eslint/json to ^1.2.0 (#20652)
• cc43f79 chore: update dependency c8 to v11 (#20650)
• 2ce4635 chore: update dependency @​eslint/json to v1 (#20649)
• f0406ee chore: update dependency markdownlint-cli2 to ^0.21.0 (#20646)
• dbb4c95 chore: remove trunk (#20478)
• ff4382b feat: apply fix for no-var in TSModuleBlock (#20638)
• Additional commits viewable in compare view

Updates aws-cdk-lib from 2.243.0 to 2.244.0

Release notes

Sourced from aws-cdk-lib's releases.

v2.244.0

Features

• codebuild: add support for macOS 26 runners (#37240) (1b7b292), closes #37241 #35836
• update L1 CloudFormation resource definitions (#37260) (40a5142)
• rds: add standalone resource creation for ParameterGroup (#37165) (5441a51), closes #9741
• ecs: add forceNewDeployment feature for ecs service (#35726) (d16dc7e), closes #27762
• mixins: helpers to convert between Aspects and Mixins (#37235) (4537f69)
• spec2cdk: add actions() method to Grants classes (#36987) (bbeaf5d)

Bug Fixes

• aws-cdk-lib: error annotations now have error codes (#37270) (0b9629e)
• eks: clear OCI repo/version after local pull for Helm v4 compatibility (#37142) (e6a8804), closes /github.com/helm/helm/blob/v3.19.0/pkg/action/install.go#L753-L769 /github.com/helm/helm/blob/main/pkg/action/install.go#L893-L909
• all errors now have error codes (#36934) (408c12f)

---

Alpha modules (2.244.0-alpha.0)

Bug Fixes

• kinesisanalytics-flink-alpha: mark deprecated flink runtimes as deprecated (#37155) (0a89447)

Changelog

Sourced from aws-cdk-lib's changelog.

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

2.244.0-alpha.0 (2026-03-19)

Bug Fixes

• kinesisanalytics-flink-alpha: mark deprecated flink runtimes as deprecated (#37155) (0a89447)

2.243.0-alpha.0 (2026-03-11)

2.242.0-alpha.0 (2026-03-10)

Features

• mixins-preview: allow passing resource objects into properties in CFN Property mixins (#37148) (f238629)
• mixins-preview: generate EventBridge pattern for all events (#37081) (f30e836)
• mixins-preview: support custom merge strategies via IMergeStrategy (#37170) (0dec011)

2.241.0-alpha.0 (2026-03-02)

Features

• mixins-preview: add recordFields and outputFormat to Vended Logs Mixin (#37042) (dd94c31)
• mixins-preview: cross account delivery destinations (#36827) (a759eb6)

2.240.0-alpha.0 (2026-02-23)

2.239.0-alpha.0 (2026-02-19)

⚠ BREAKING CHANGES

redshift-alpha: update default node type from DC2_LARGE to RA3_LARGE

Features

• bedrock-agentcore-alpha: add fromCodeAsset method to create runtime artifact with local code assets (#36472) (c5a87e6), closes #36473
• bedrock-agentcore-alpha: added new target type (api gateway) in agentcore gateway target. (#36841) (0842754), closes #36817
• mixins-preview: add ECS ClusterSettingsMixin (#36796) (b8ab5be)
• mixins-preview: add s3 bucket mixin for publicAccessBlock (#36905) (feed4b2)
• mixins-preview: send Vended Logs to pre-created DeliveryDestination using toDestination() (#36896) (48f1fe6)

Bug Fixes

• redshift-alpha: update default node type from DC2_LARGE to RA3_LARGE (#36516) (ea19e5c), closes #36416

... (truncated)

Commits

• ce693ac chore: update analytics metadata blueprints
• 1b7b292 feat(codebuild): add support for macOS 26 runners (#37240)
• 40a5142 feat: update L1 CloudFormation resource definitions (#37260)
• ac4e2d4 chore(dynamodb): fix 5 failing integration tests (#36961)
• 5441a51 feat(rds): add standalone resource creation for ParameterGroup (#37165)
• 0b9629e fix(aws-cdk-lib): error annotations now have error codes (#37270)
• 2a21279 feat: bitrate utility function (#37244)
• a74b144 docs(s3): fix typo (#37267)
• 22b3ef6 docs(dynamodb): fix typo (#37056)
• 4f0d32e chore(mixins-preview): update Vended Logs to use Facades and Traits and add `...
• Additional commits viewable in compare view

Updates aws-cdk from 2.1111.0 to 2.1112.0

Release notes

Sourced from aws-cdk's releases.

aws-cdk@v2.1112.0

2.1112.0 (2026-03-18)

Features

• cli: add --concurrency flag to cdk destroy (#1221) (403fe8e)
• deps: upgrade aws-cdk-lib (#1220) (cf3cd7d)

Bug Fixes

• collect metrics to help analyze performance problems (#1124) (ae037f9)

Commits

• ae037f9 fix: collect metrics to help analyze performance problems (#1124)
• 403fe8e feat(cli): add --concurrency flag to cdk destroy (#1221)
• cf3cd7d feat(deps): upgrade aws-cdk-lib (#1220)
• See full diff in compare view

Updates aws-cdk-lib from 2.243.0 to 2.244.0

Release notes

Sourced from aws-cdk-lib's releases.

v2.244.0

Features

• codebuild: add support for macOS 26 runners (#37240) (1b7b292), closes #37241 #35836
• update L1 CloudFormation resource definitions (#37260) (40a5142)
• rds: add standalone resource creation for ParameterGroup (#37165) (5441a51), closes #9741
• ecs: add forceNewDeployment feature for ecs service (#35726) (d16dc7e), closes #27762
• mixins: helpers to convert between Aspects and Mixins (#37235) (4537f69)
• spec2cdk: add actions() method to Grants classes (#36987) (bbeaf5d)

Bug Fixes

• aws-cdk-lib: error annotations now have error codes (#37270) (0b9629e)
• eks: clear OCI repo/version after local pull for Helm v4 compatibility (#37142) (e6a8804), closes /github.com/helm/helm/blob/v3.19.0/pkg/action/install.go#L753-L769 /github.com/helm/helm/blob/main/pkg/action/install.go#L893-L909
• all errors now have error codes (#36934) (408c12f)

---

Alpha modules (2.244.0-alpha.0)

Bug Fixes

• kinesisanalytics-flink-alpha: mark deprecated flink runtimes as deprecated (#37155) (0a89447)

Changelog

Sourced from aws-cdk-lib's changelog.

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

2.244.0-alpha.0 (2026-03-19)

Bug Fixes

• kinesisanalytics-flink-alpha: mark deprecated flink runtimes as deprecated (#37155) (0a89447)

2.243.0-alpha.0 (2026-03-11)

2.242.0-alpha.0 (2026-03-10)

Features

• mixins-preview: allow passing resource objects into properties in CFN Property mixins (#37148) (f238629)
• mixins-preview: generate EventBridge pattern for all events (#37081) (f30e836)
• mixins-preview: support custom merge strategies via IMergeStrategy (#37170) (0dec011)

2.241.0-alpha.0 (2026-03-02)

Features

• mixins-preview: add recordFields and outputFormat to Vended Logs Mixin (#37042) (dd94c31)
• mixins-preview: cross account delivery destinations (#36827) (a759eb6)

2.240.0-alpha.0 (2026-02-23)

2.239.0-alpha.0 (2026-02-19)

⚠ BREAKING CHANGES

redshift-alpha: update default node type from DC2_LARGE to RA3_LARGE

Features

• bedrock-agentcore-alpha: add fromCodeAsset method to create runtime artifact with local code assets (#36472) (c5a87e6), closes #36473
• bedrock-agentcore-alpha: added new target type (api gateway) in agentcore gateway target. (#36841) (0842754), closes #36817
• mixins-preview: add ECS ClusterSettingsMixin (#36796) (b8ab5be)
• mixins-preview: add s3 bucket mixin for publicAccessBlock (#36905) (feed4b2)
• mixins-preview: send Vended Logs to pre-created DeliveryDestination using toDestination() (#36896) (48f1fe6)

Bug Fixes

• redshift-alpha: update default node type from DC2_LARGE to RA3_LARGE (#36516) (ea19e5c), closes #36416

... (truncated)

Commits

• ce693ac chore: update analytics metadata blueprints
• 1b7b292 feat(codebuild): add support for macOS 26 runners (#37240)
• 40a5142 feat: update L1 CloudFormation resource definitions (#37260)
• ac4e2d4 chore(dynamodb): fix 5 failing integration tests (#36961)
• 5441a51 feat(rds): add standalone resource creation for ParameterGroup (#37165)
• 0b9629e fix(aws-cdk-lib): error annotations now have error codes (#37270)
• 2a21279 feat: bitrate utility function (#37244)
• a74b144 docs(s3): fix typo (#37267)
• 22b3ef6 docs(dynamodb): fix typo (#37056)
• 4f0d32e chore(mixins-preview): update Vended Logs to use Facades and Traits and add `...
• Additional commits viewable in compare view

Updates aws-cdk from 2.1111.0 to 2.1112.0

Release notes

Sourced from aws-cdk's releases.

aws-cdk@v2.1112.0

2.1112.0 (2026-03-18)

Features

• cli: add --concurrency flag to cdk destroy (#1221) (403fe8e)
• deps: upgrade aws-cdk-lib (#1220) (cf3cd7d)

Bug Fixes

• collect metrics to help analyze performance problems (#1124) (ae037f9)

Commits

• ae037f9 fix: collect metrics to help analyze performance problems (#1124)
• 403fe8e feat(cli): add --concurrency flag to cdk destroy (#1221)
• cf3cd7d feat(deps): upgrade aws-cdk-lib (#1220)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 1 package(s) with unknown licenses.

See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA b175961.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

test/package.json

Package	Version	License	Issue Type
aws-cdk-lib	^2.244.0	Null	Unknown License

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
npm/@aws-sdk/client-cloudformation	3.1014.0	🟢 5.5	Details Check Score Reason CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Maintained 🟢 10 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 2 Found 7/30 approved changesets -- score normalized to 2 License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy 🟢 10 security policy file detected Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits Binary-Artifacts 🟢 8 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed
npm/@aws-sdk/core	3.973.23	🟢 5.5	Details Check Score Reason CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Maintained 🟢 10 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 2 Found 7/30 approved changesets -- score normalized to 2 License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy 🟢 10 security policy file detected Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits Binary-Artifacts 🟢 8 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed
npm/@aws-sdk/credential-provider-env	3.972.21	🟢 5.5	Details Check Score Reason CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Maintained 🟢 10 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 2 Found 7/30 approved changesets -- score normalized to 2 License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy 🟢 10 security policy file detected Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits Binary-Artifacts 🟢 8 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed
npm/@aws-sdk/credential-provider-http	3.972.23	🟢 5.5	Details Check Score Reason CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Maintained 🟢 10 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 2 Found 7/30 approved changesets -- score normalized to 2 License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy 🟢 10 security policy file detected Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits Binary-Artifacts 🟢 8 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed
npm/@aws-sdk/credential-provider-ini	3.972.23	🟢 5.5	Details Check Score Reason CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Maintained 🟢 10 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 2 Found 7/30 approved changesets -- score normalized to 2 License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy 🟢 10 security policy file detected Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits Binary-Artifacts 🟢 8 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed
npm/@aws-sdk/credential-provider-login	3.972.23	🟢 5.5	Details Check Score Reason CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Maintained 🟢 10 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 2 Found 7/30 approved changesets -- score normalized to 2 License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy 🟢 10 security policy file detected Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits Binary-Artifacts 🟢 8 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed
npm/@aws-sdk/credential-provider-node	3.972.24	🟢 5.5	Details Check Score Reason CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Maintained 🟢 10 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 2 Found 7/30 approved changesets -- score normalized to 2 License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy 🟢 10 security policy file detected Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits Binary-Artifacts 🟢 8 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed
npm/@aws-sdk/credential-provider-process	3.972.21	🟢 5.5	Details Check Score Reason CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Maintained 🟢 10 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 2 Found 7/30 approved changesets -- score normalized to 2 License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy 🟢 10 security policy file detected Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits Binary-Artifacts 🟢 8 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed
npm/@aws-sdk/credential-provider-sso	3.972.23	🟢 5.5	Details Check Score Reason CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Maintained 🟢 10 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 2 Found 7/30 approved changesets -- score normalized to 2 License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy 🟢 10 security policy file detected Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits Binary-Artifacts 🟢 8 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed
npm/@aws-sdk/credential-provider-web-identity	3.972.23	🟢 5.5	Details Check Score Reason CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Maintained 🟢 10 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 2 Found 7/30 approved changesets -- score normalized to 2 License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy 🟢 10 security policy file detected Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits Binary-Artifacts 🟢 8 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed
npm/@aws-sdk/middleware-user-agent	3.972.24	🟢 5.5	Details Check Score Reason CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Maintained 🟢 10 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 2 Found 7/30 approved changesets -- score normalized to 2 License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy 🟢 10 security policy file detected Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits Binary-Artifacts 🟢 8 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed
npm/@aws-sdk/nested-clients	3.996.13	🟢 5.5	Details Check Score Reason CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Maintained 🟢 10 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 2 Found 7/30 approved changesets -- score normalized to 2 License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy 🟢 10 security policy file detected Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits Binary-Artifacts 🟢 8 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed
npm/@aws-sdk/region-config-resolver	3.972.9	🟢 5.5	Details Check Score Reason CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Maintained 🟢 10 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 2 Found 7/30 approved changesets -- score normalized to 2 License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy 🟢 10 security policy file detected Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits Binary-Artifacts 🟢 8 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed
npm/@aws-sdk/token-providers	3.1014.0	🟢 5.5	Details Check Score Reason CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Maintained 🟢 10 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 2 Found 7/30 approved changesets -- score normalized to 2 License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy 🟢 10 security policy file detected Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits Binary-Artifacts 🟢 8 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed
npm/@aws-sdk/util-user-agent-node	3.973.10	🟢 5.5	Details Check Score Reason CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Maintained 🟢 10 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 2 Found 7/30 approved changesets -- score normalized to 2 License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy 🟢 10 security policy file detected Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits Binary-Artifacts 🟢 8 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed
npm/@aws-sdk/xml-builder	3.972.15	🟢 5.5	Details Check Score Reason CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Maintained 🟢 10 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 2 Found 7/30 approved changesets -- score normalized to 2 License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy 🟢 10 security policy file detected Packaging 🟢 10 packaging workflow detected SAST 🟢 10 SAST tool is run on all commits Binary-Artifacts 🟢 8 binaries present in source code Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed
npm/@smithy/config-resolver	4.4.13	Unknown	Unknown
npm/@smithy/middleware-endpoint	4.4.27	Unknown	Unknown
npm/@smithy/middleware-retry	4.4.44	Unknown	Unknown
npm/@smithy/smithy-client	4.12.7	Unknown	Unknown
npm/@smithy/util-defaults-mode-browser	4.3.43	Unknown	Unknown
npm/@smithy/util-defaults-mode-node	4.2.47	Unknown	Unknown
npm/aws-cdk	2.1112.0	Unknown	Unknown
npm/aws-cdk-lib	2.244.0	🟢 5.6	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ -1 internal error: internal error: invalid Dockerfile License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases 🟢 8 5 out of the last 5 releases have a total of 5 signed artifacts. Security-Policy 🟢 10 security policy file detected Binary-Artifacts ⚠️ 0 binaries present in source code SAST 🟢 9 SAST tool detected but not run on all commits Fuzzing 🟢 10 project is fuzzed
npm/eslint	10.1.0	🟢 6.5	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Code-Review 🟢 7 Found 18/24 approved changesets -- score normalized to 7 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Security-Policy 🟢 10 security policy file detected Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 10 SAST tool is run on all commits
npm/fast-xml-parser	5.5.8	🟢 5.8	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 30 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions SAST ⚠️ 0 no SAST tool detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo License 🟢 10 license file detected Fuzzing 🟢 10 project is fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
npm/path-expression-matcher	1.2.0	Unknown	Unknown
npm/strnum	2.2.1	Unknown	Unknown
npm/aws-cdk	^2.1112.0	Unknown	Unknown
npm/aws-cdk-lib	^2.244.0	Unknown	Unknown

Scanned Files

• pnpm-lock.yaml
• test/package.json