[Snyk] Upgrade cdk-assets from 2.66.1 to 2.150.0

[gitafolabi]

Snyk has created this PR to upgrade cdk-assets from 2.66.1 to 2.150.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 111 versions ahead of your current version.

• The recommended version was released on 24 days ago.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[dryrunsecurity]

DryRun Security Summary

The provided code changes update the cdk/package.json and cdk/yarn.lock files of an AWS CDK project, including updates to the cdk-assets dependency and several other dependencies, which are generally positive from an application security perspective but require review of release notes and thorough testing to ensure no regressions or unexpected behavior changes.

Expand for full summary

Summary:

The provided code changes are updates to the cdk/package.json and cdk/yarn.lock files, which are part of the AWS CDK (Cloud Development Kit) project. The key changes include updating the cdk-assets dependency to a newer version, as well as updating several other dependencies such as @aws-cdk/cloud-assembly-schema, @aws-cdk/cx-api, archiver, and aws-sdk.

From an application security perspective, these updates are generally positive as they likely include bug fixes and security improvements. However, it's important to review the release notes for the new versions to understand any potential security implications or breaking changes that may impact the project. Additionally, thorough testing of the application after such updates is recommended to ensure there are no regressions or unexpected behavior changes.

The project also demonstrates good practices in terms of dependency management, with a centralized package.json file and the use of semantic versioning to allow for minor and patch-level updates. Additionally, the inclusion of testing tools and a continuous integration (CI) pipeline helps ensure code quality and catch potential security issues during the development process.

Files Changed:

1. cdk/package.json: This file has been updated to include a newer version of the cdk-assets dependency, from ^2.66.1 to ^2.150.0. This is a common practice to address security vulnerabilities, bug fixes, or to access new features. The use of semantic versioning helps ensure that the project can take advantage of bug fixes and security patches without introducing potentially breaking changes.

2. cdk/yarn.lock: This file has been updated to include newer versions of several dependencies, including @aws-cdk/cloud-assembly-schema, @aws-cdk/cx-api, archiver, and aws-sdk. These updates are generally positive as they likely include bug fixes and security improvements, but it's important to review the release notes to understand any potential security implications or breaking changes.

Code Analysis

We ran 9 analyzers against 2 files and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Sensitive Files Analyzer	1 finding

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.