[Snyk] Security upgrade aws-cdk-lib from 2.66.1 to 2.177.0

[gitafolabi]

Snyk has created this PR to fix 1 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

• cdk/package.json
• cdk/yarn.lock

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Improper Verification of Cryptographic Signature SNYK-JS-AWSCDKLIB-8647962	376

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[dryrunsecurity]

DryRun Security Summary

The pull request updates the AWS CDK library dependencies, primarily upgrading aws-cdk-lib from version 2.66.1 to 2.177.0, along with related dependencies in package.json and yarn.lock files, which enhances security and functionality while requiring careful review of potential breaking changes.

Expand for full summary

Summary:

The changes in this pull request primarily involve updating the dependencies of the aws-cdk-lib package, which is a key component of the AWS CDK (Cloud Development Kit) framework used for defining cloud infrastructure as code. The update includes upgrading the aws-cdk-lib dependency from version 2.66.1 to 2.177.0, as well as updating several other related dependencies to their latest versions.

From an application security perspective, this dependency update is generally a positive change, as it can bring bug fixes, security improvements, and new features. However, it's important to carefully review the changelog and release notes of the new versions to understand any breaking changes or security-related updates. Additionally, it's recommended to regularly audit the project's dependencies for known security vulnerabilities, perform thorough testing, and implement a robust Continuous Integration (CI) and Continuous Deployment (CD) pipeline to ensure the application's security posture is maintained throughout the upgrade process.

Files Changed:

1. cdk/package.json: This file has been updated to reflect the change in the aws-cdk-lib dependency version, from 2.66.1 to 2.177.0. It's important to ensure that dependencies are pinned to specific versions to reduce the risk of unexpected changes or compatibility issues.

2. cdk/yarn.lock: This file has been updated to reflect the changes in the dependencies, including the update of @aws-cdk/asset-awscli-v1, @aws-cdk/asset-kubectl-v20, and @aws-cdk/asset-node-proxy-agent-v6 to newer versions, as well as the addition of a new dependency, @aws-cdk/cloud-assembly-schema.

Code Analysis

We ran 9 analyzers against 2 files and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Sensitive Files Analyzer	1 finding

View PR in the DryRun Dashboard.