Bump the npm group across 2 directories with 2 updates

[dependabot]

Bumps the npm group with 2 updates in the / directory: @aws-sdk/client-cloudformation and aws-cdk.
Bumps the npm group with 1 update in the /test directory: aws-cdk.

Updates @aws-sdk/client-cloudformation from 3.1054.0 to 3.1055.0

Release notes

Sourced from @​aws-sdk/client-cloudformation's releases.

v3.1055.0

3.1055.0(2026-05-27)

Chores

• deps-dev: bump turbo from 2.5.8 to 2.9.14 (#8035) (14d9224b)

Documentation Changes

• client-organizations: AWS Organizations now emits CloudTrail events (AccountJoinedOrganization, AccountDepartedOrganization) to the management account for membership changes, including join and departure method and timestamp. (fd08d346)

New Features

• client-payment-cryptography: Adding new BDD representation of endpoint ruleset (038b995d)
• client-voice-id: Adding new BDD representation of endpoint ruleset (4ea1f631)
• client-ssm-sap: Adding new BDD representation of endpoint ruleset (46f23a8b)
• client-imagebuilder: Adding new BDD representation of endpoint ruleset (4fccd91d)
• client-opensearch: OpenSearch will now support multi-segment paths in JWKS URLs. (19774e30)
• client-workspaces-web: Adding new BDD representation of endpoint ruleset (16accb93)
• client-inspector2: Adding new BDD representation of endpoint ruleset (871d4164)
• client-memorydb: Adding new BDD representation of endpoint ruleset (8e5e1e1c)
• client-partnercentral-benefits: Adding new BDD representation of endpoint ruleset (a51c0749)
• client-mpa: Adding new BDD representation of endpoint ruleset (c7d9e576)
• client-docdb-elastic: Adding new BDD representation of endpoint ruleset (f6604510)
• client-resource-explorer-2: Adding new BDD representation of endpoint ruleset (675b8b7d)
• client-bcm-dashboards: Adding new BDD representation of endpoint ruleset (7f65a570)
• client-iotfleetwise: Adding new BDD representation of endpoint ruleset (49c889bb)
• client-launch-wizard: Adding new BDD representation of endpoint ruleset (dbba8489)
• client-pca-connector-ad: Adding new BDD representation of endpoint ruleset (c922bfa5)
• client-devops-agent: Adding new BDD representation of endpoint ruleset (0bc6b6c5)
• client-compute-optimizer: Adding new BDD representation of endpoint ruleset (71f69111)
• client-elementalinference: Added support for smart subtitles in Elemental Inference, enabling automatic generation of subtitles for media content. Available in English, Spanish, French, German, Italian, and Portuguese. (a0c52b23)
• client-medialive: AWS Elemental MediaLive now supports Smart Subtitles, a new caption source that uses AWS Elemental Inference to automatically generate WebVTT and TTML captions from source audio. Available in English, Spanish, French, German, Italian, and Portuguese. (fea48017)
• client-rtbfabric: Adding new BDD representation of endpoint ruleset (d7495b1d)
• client-nova-act: Adding new BDD representation of endpoint ruleset (d20208ac)
• client-ssm-contacts: Adding new BDD representation of endpoint ruleset (3e8fa156)
• client-finspace: Adding new BDD representation of endpoint ruleset (72e5bc9e)
• client-rum: Adding new BDD representation of endpoint ruleset (56728db3)
• client-partnercentral-selling: Adding new BDD representation of endpoint ruleset (8fd0d9f1)
• client-bedrock-data-automation: Matcher Fallback extends the CustomOutputConfiguration for the Document modality in DataAutomationProjects, enabling a fallback blueprint when no match is found. A FALLBACK match status is returned, improving the matching experience and guaranteeing customers always receive CustomOutputResults. (91b76402)
• client-wellarchitected: Adding new BDD representation of endpoint ruleset (12c1733f)
• client-eventbridge: Adding new BDD representation of endpoint ruleset (7f75e100)
• client-mgn: Adding new BDD representation of endpoint ruleset (43df313f)
• client-dataexchange: Adding new BDD representation of endpoint ruleset (b1a544f0)
• client-sagemaker-featurestore-runtime: Adding new BDD representation of endpoint ruleset (55a9a5e5)
• client-connectcases: Adding new BDD representation of endpoint ruleset (9cd442f9)
• client-eks-auth: Adding new BDD representation of endpoint ruleset (0d567c95)
• client-fis: Adding new BDD representation of endpoint ruleset (bf27021c)
• client-iotthingsgraph: Adding new BDD representation of endpoint ruleset (8e449e0e)
• client-security-ir: Adding new BDD representation of endpoint ruleset (877b8394)

... (truncated)

Changelog

Sourced from @​aws-sdk/client-cloudformation's changelog.

3.1055.0 (2026-05-27)

Note: Version bump only for package @​aws-sdk/client-cloudformation

Commits

• 2981565 Publish v3.1055.0
• See full diff in compare view

Updates aws-cdk from 2.1124.1 to 2.1125.0

Release notes

Sourced from aws-cdk's releases.

aws-cdk@v2.1125.0

2.1125.0 (2026-05-27)

Features

• deps: upgrade aws-cdk-lib (#1538) (9197aee)
• deps: upgrade aws-cdk-lib (#1543) (62e217a)

Bug Fixes

• bootstrap fails if bucket, ECR repo already exist (#1544) (e1cd6bc)
• recognize VSCode Agent terminal (#1540) (bd58d4d)

Commits

• 76445b3 chore(deps): bump semver from 7.7.4 to 7.8.0 (#1548)
• 0aec629 chore(deps): upgrade dependencies (#1546)
• e1cd6bc fix: bootstrap fails if bucket, ECR repo already exist (#1544)
• 62e217a feat(deps): upgrade aws-cdk-lib (#1543)
• bd58d4d fix: recognize VSCode Agent terminal (#1540)
• 9197aee feat(deps): upgrade aws-cdk-lib (#1538)
• See full diff in compare view

Updates aws-cdk from 2.1124.1 to 2.1125.0

Release notes

Sourced from aws-cdk's releases.

aws-cdk@v2.1125.0

2.1125.0 (2026-05-27)

Features

• deps: upgrade aws-cdk-lib (#1538) (9197aee)
• deps: upgrade aws-cdk-lib (#1543) (62e217a)

Bug Fixes

• bootstrap fails if bucket, ECR repo already exist (#1544) (e1cd6bc)
• recognize VSCode Agent terminal (#1540) (bd58d4d)

Commits

• 76445b3 chore(deps): bump semver from 7.7.4 to 7.8.0 (#1548)
• 0aec629 chore(deps): upgrade dependencies (#1546)
• e1cd6bc fix: bootstrap fails if bucket, ECR repo already exist (#1544)
• 62e217a feat(deps): upgrade aws-cdk-lib (#1543)
• bd58d4d fix: recognize VSCode Agent terminal (#1540)
• 9197aee feat(deps): upgrade aws-cdk-lib (#1538)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
npm/@aws-sdk/client-cloudformation	3.1055.0	🟢 5.7	Details Check Score Reason Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Token-Permissions 🟢 5 detected GitHub workflow tokens with excessive permissions Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Security-Policy 🟢 10 security policy file detected Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 no SAST tool detected Binary-Artifacts 🟢 8 binaries present in source code Pinned-Dependencies 🟢 10 all dependencies are pinned Fuzzing ⚠️ 0 project is not fuzzed
npm/@aws-sdk/core	3.974.16	🟢 5.7	Details Check Score Reason Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Token-Permissions 🟢 5 detected GitHub workflow tokens with excessive permissions Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Security-Policy 🟢 10 security policy file detected Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 no SAST tool detected Binary-Artifacts 🟢 8 binaries present in source code Pinned-Dependencies 🟢 10 all dependencies are pinned Fuzzing ⚠️ 0 project is not fuzzed
npm/@aws-sdk/credential-provider-env	3.972.42	🟢 5.7	Details Check Score Reason Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Token-Permissions 🟢 5 detected GitHub workflow tokens with excessive permissions Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Security-Policy 🟢 10 security policy file detected Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 no SAST tool detected Binary-Artifacts 🟢 8 binaries present in source code Pinned-Dependencies 🟢 10 all dependencies are pinned Fuzzing ⚠️ 0 project is not fuzzed
npm/@aws-sdk/credential-provider-http	3.972.44	🟢 5.7	Details Check Score Reason Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Token-Permissions 🟢 5 detected GitHub workflow tokens with excessive permissions Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Security-Policy 🟢 10 security policy file detected Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 no SAST tool detected Binary-Artifacts 🟢 8 binaries present in source code Pinned-Dependencies 🟢 10 all dependencies are pinned Fuzzing ⚠️ 0 project is not fuzzed
npm/@aws-sdk/credential-provider-ini	3.972.47	🟢 5.7	Details Check Score Reason Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Token-Permissions 🟢 5 detected GitHub workflow tokens with excessive permissions Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Security-Policy 🟢 10 security policy file detected Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 no SAST tool detected Binary-Artifacts 🟢 8 binaries present in source code Pinned-Dependencies 🟢 10 all dependencies are pinned Fuzzing ⚠️ 0 project is not fuzzed
npm/@aws-sdk/credential-provider-login	3.972.46	🟢 5.7	Details Check Score Reason Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Token-Permissions 🟢 5 detected GitHub workflow tokens with excessive permissions Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Security-Policy 🟢 10 security policy file detected Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 no SAST tool detected Binary-Artifacts 🟢 8 binaries present in source code Pinned-Dependencies 🟢 10 all dependencies are pinned Fuzzing ⚠️ 0 project is not fuzzed
npm/@aws-sdk/credential-provider-node	3.972.49	🟢 5.7	Details Check Score Reason Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Token-Permissions 🟢 5 detected GitHub workflow tokens with excessive permissions Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Security-Policy 🟢 10 security policy file detected Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 no SAST tool detected Binary-Artifacts 🟢 8 binaries present in source code Pinned-Dependencies 🟢 10 all dependencies are pinned Fuzzing ⚠️ 0 project is not fuzzed
npm/@aws-sdk/credential-provider-process	3.972.42	🟢 5.7	Details Check Score Reason Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Token-Permissions 🟢 5 detected GitHub workflow tokens with excessive permissions Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Security-Policy 🟢 10 security policy file detected Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 no SAST tool detected Binary-Artifacts 🟢 8 binaries present in source code Pinned-Dependencies 🟢 10 all dependencies are pinned Fuzzing ⚠️ 0 project is not fuzzed
npm/@aws-sdk/credential-provider-sso	3.972.46	🟢 5.7	Details Check Score Reason Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Token-Permissions 🟢 5 detected GitHub workflow tokens with excessive permissions Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Security-Policy 🟢 10 security policy file detected Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 no SAST tool detected Binary-Artifacts 🟢 8 binaries present in source code Pinned-Dependencies 🟢 10 all dependencies are pinned Fuzzing ⚠️ 0 project is not fuzzed
npm/@aws-sdk/credential-provider-web-identity	3.972.46	🟢 5.7	Details Check Score Reason Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Token-Permissions 🟢 5 detected GitHub workflow tokens with excessive permissions Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Security-Policy 🟢 10 security policy file detected Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 no SAST tool detected Binary-Artifacts 🟢 8 binaries present in source code Pinned-Dependencies 🟢 10 all dependencies are pinned Fuzzing ⚠️ 0 project is not fuzzed
npm/@aws-sdk/nested-clients	3.997.14	🟢 5.7	Details Check Score Reason Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Token-Permissions 🟢 5 detected GitHub workflow tokens with excessive permissions Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Security-Policy 🟢 10 security policy file detected Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 no SAST tool detected Binary-Artifacts 🟢 8 binaries present in source code Pinned-Dependencies 🟢 10 all dependencies are pinned Fuzzing ⚠️ 0 project is not fuzzed
npm/@aws-sdk/signature-v4-multi-region	3.996.31	🟢 5.7	Details Check Score Reason Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Token-Permissions 🟢 5 detected GitHub workflow tokens with excessive permissions Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Security-Policy 🟢 10 security policy file detected Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 no SAST tool detected Binary-Artifacts 🟢 8 binaries present in source code Pinned-Dependencies 🟢 10 all dependencies are pinned Fuzzing ⚠️ 0 project is not fuzzed
npm/@aws-sdk/token-providers	3.1059.0	🟢 5.7	Details Check Score Reason Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Token-Permissions 🟢 5 detected GitHub workflow tokens with excessive permissions Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Security-Policy 🟢 10 security policy file detected Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 no SAST tool detected Binary-Artifacts 🟢 8 binaries present in source code Pinned-Dependencies 🟢 10 all dependencies are pinned Fuzzing ⚠️ 0 project is not fuzzed
npm/@aws-sdk/types	3.973.10	🟢 5.7	Details Check Score Reason Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Token-Permissions 🟢 5 detected GitHub workflow tokens with excessive permissions Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Security-Policy 🟢 10 security policy file detected Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 no SAST tool detected Binary-Artifacts 🟢 8 binaries present in source code Pinned-Dependencies 🟢 10 all dependencies are pinned Fuzzing ⚠️ 0 project is not fuzzed
npm/@aws-sdk/xml-builder	3.972.27	🟢 5.7	Details Check Score Reason Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 Maintained 🟢 10 30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Token-Permissions 🟢 5 detected GitHub workflow tokens with excessive permissions Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches Security-Policy 🟢 10 security policy file detected Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 no SAST tool detected Binary-Artifacts 🟢 8 binaries present in source code Pinned-Dependencies 🟢 10 all dependencies are pinned Fuzzing ⚠️ 0 project is not fuzzed
npm/aws-cdk	2.1125.0	Unknown	Unknown
npm/aws-cdk	^2.1125.0	Unknown	Unknown

Scanned Files

• pnpm-lock.yaml
• test/package.json