[Snyk] Fix for 4 vulnerabilities

[gitafolabi]

Snyk has created this PR to fix 4 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

• cdk/package.json
• cdk/yarn.lock

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	696
	Improper Input Validation SNYK-JS-FOLLOWREDIRECTS-6141137	686
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	646
	Prototype Pollution SNYK-JS-XML2JS-5414874	586

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Improper Input Validation
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution

[dryrunsecurity]

DryRun Security Summary

The provided code changes focus on updating the dependencies in the AWS CDK project, including upgrading the aws-cdk-lib, cdk-assets, and axios libraries, to address potential security concerns and keep the project's dependencies up-to-date.

Expand for full summary

Summary:

The provided code changes focus on updating the dependencies in the cdk/package.json and cdk/yarn.lock files, which are part of the AWS CDK (Cloud Development Kit) project. The key updates include:

1. Upgrading the aws-cdk-lib and cdk-assets libraries from version ^2.66.1 to ^2.88.0.
2. Updating the axios library from version ^1.2.3 to ^1.6.8.
3. Updating several other AWS CDK-related packages to their latest versions.

From an application security perspective, the update to the axios library is particularly noteworthy, as it is a popular JavaScript library for making HTTP requests. Keeping this library up-to-date is important to address any known security vulnerabilities. Additionally, the updates to the aws-cdk-lib and cdk-assets libraries may also include security-related changes, as the AWS CDK is a critical part of the infrastructure-as-code (IaC) ecosystem.

Overall, these code changes appear to be a routine update to keep the project's dependencies up-to-date, with a focus on addressing potential security concerns through the axios library update and other AWS CDK-related package upgrades.

Files Changed:

1. cdk/package.json: This file has been updated to include the latest versions of the aws-cdk-lib, cdk-assets, and axios libraries.
2. cdk/yarn.lock: This file has been updated to include the latest versions of several AWS CDK-related packages, such as @aws-cdk/asset-awscli-v1, @aws-cdk/asset-kubectl-v20, @aws-cdk/asset-node-proxy-agent-v5, @aws-cdk/cloud-assembly-schema, and @aws-cdk/cx-api.

Code Analysis

We ran 9 analyzers against 2 files and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Sensitive Files Analyzer	1 finding

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.