build(deps-dev): bump the nodejs-other group across 2 directories with 6 updates

[dependabot]

Bumps the nodejs-other group with 6 updates in the /nodejs directory:

Package	From	To
bestzip	2.2.3	2.2.5
eslint	10.3.0	10.4.0
typescript-eslint	8.59.2	8.59.4
@aws-sdk/client-sts	3.1045.0	3.1049.0
@types/node	25.6.2	25.9.0
aws-cdk-lib	2.253.0	2.254.0

Bumps the nodejs-other group with 2 updates in the /nodejs/sample-apps/aws-sdk directory: bestzip and @types/node.

Updates bestzip from 2.2.3 to 2.2.5

Commits

• cc15ebd 2.2.5
• 9442a74 Bump brace-expansion from 1.1.12 to 5.0.6 (#86)
• 26fbabd chore: remove unused regenerator-runtime dependency (#85)
• d3173f9 2.2.4
• 029514c feat!: update minimum Node.js version to v20 (#84)
• bfea21f Bump lodash from 4.17.23 to 4.18.1 (#81)
• b392427 Bump picomatch from 2.3.1 to 2.3.2 (#80)
• See full diff in compare view

Updates eslint from 10.3.0 to 10.4.0

Release notes

Sourced from eslint's releases.

v10.4.0

Features

• 1a45ec5 feat: check sequence expressions in for-direction (#20701) (kuldeep kumar)
• 450040b feat: add includeIgnoreFile() to eslint/config (#20735) (Kirk Waiblinger)

Bug Fixes

• 544c0c3 fix: escape code path DOT labels in debug output (#20866) (Pixel998)
• 6799431 fix: update dependency @​eslint/config-helpers to ^0.6.0 (#20850) (renovate[bot])
• f078fef fix: handle non-array deprecated rule replacements (#20825) (xbinaryx)

Documentation

• 7e52a71 docs: add mention of @eslint-react/eslint-plugin (#20869) (Pavel)
• db3468b docs: tweak wording around ambiguous CJS-vs-ESM config (#20865) (Kirk Waiblinger)
• 9084664 docs: Update README (GitHub Actions Bot)
• 9cc7387 docs: Update README (GitHub Actions Bot)
• 3d7b548 docs: Update README (GitHub Actions Bot)
• 191ec3c docs: Update README (GitHub Actions Bot)

Chores

• 6616856 chore: upgrade knip to v6 (#20875) (Pixel998)
• d13b084 ci: ensure auto-created PRs run CI (#20860) (lumir)
• e71c7af ci: bump pnpm/action-setup from 6.0.5 to 6.0.7 (#20862) (dependabot[bot])
• d84393d test: add unit tests for SuppressionsService.applySuppressions() (#20863) (kuldeep kumar)
• 24db8cb test: add tests for SuppressionsService.save() (#20802) (kuldeep kumar)
• 2ef0549 chore: update ecosystem plugins (#20857) (github-actions[bot])
• a429791 ci: remove eslint-webpack-plugin types integration test (#20668) (Milos Djermanovic)
• 9e37386 chore: replace recast with range approach in code-sample-minimizer (#20682) (Copilot)
• 0dd1f9f test: disable warning for vm.constants.USE_MAIN_CONTEXT_DEFAULT_LOADER (#20845) (Francesco Trotta)
• 9da3c7b refactor: remove deprecated meta.language and migrate meta.dialects (#20716) (Pixel998)
• 2099ed1 refactor: add meta.defaultOptions to more rules, enable linting (#20800) (xbinaryx)
• f1dfbc9 chore: update ecosystem plugins (#20836) (github-actions[bot])
• c759413 ci: bump pnpm/action-setup from 6.0.3 to 6.0.5 (#20843) (dependabot[bot])
• 5b817d6 test: add unit tests for lib/shared/ast-utils (#20838) (kuldeep kumar)
• 1c13ae3 test: add unit tests for lib/shared/severity (#20835) (kuldeep kumar)

Commits

• 452c401 10.4.0
• b6417e8 Build: changelog update for 10.4.0
• 6616856 chore: upgrade knip to v6 (#20875)
• d13b084 ci: ensure auto-created PRs run CI (#20860)
• 7e52a71 docs: add mention of @eslint-react/eslint-plugin (#20869)
• e71c7af ci: bump pnpm/action-setup from 6.0.5 to 6.0.7 (#20862)
• 544c0c3 fix: escape code path DOT labels in debug output (#20866)
• db3468b docs: tweak wording around ambiguous CJS-vs-ESM config (#20865)
• d84393d test: add unit tests for SuppressionsService.applySuppressions() (#20863)
• 9084664 docs: Update README
• Additional commits viewable in compare view

Updates typescript-eslint from 8.59.2 to 8.59.4

Release notes

Sourced from typescript-eslint's releases.

v8.59.4

8.59.4 (2026-05-18)

🩹 Fixes

• eslint-plugin: [no-floating-promises] stack overflow when using recursive types (#12294)
• project-service: throw error cause in getParsedConfigFileFromTSServer (#12321)
• typescript-eslint: export Compatible* types from typescript-eslint to resolve pnpm TS error (#12340)

❤️ Thank You

• Evyatar Daud @​StyleShit
• Kirk Waiblinger @​kirkwaiblinger
• lumir

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.59.3

8.59.3 (2026-05-11)

This was a version bump only, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from typescript-eslint's changelog.

8.59.4 (2026-05-18)

🩹 Fixes

• typescript-eslint: export Compatible* types from typescript-eslint to resolve pnpm TS error (#12340)

❤️ Thank You

• Kirk Waiblinger @​kirkwaiblinger

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.59.3 (2026-05-11)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

• ca6ca14 chore(release): publish 8.59.4
• 4b927c6 fix(typescript-eslint): export Compatible* types from typescript-eslint to re...
• 48e13c0 chore(release): publish 8.59.3
• 44f9625 chore(deps): update vitest monorepo to v4.1.5 (#12307)
• See full diff in compare view

Updates @aws-sdk/client-sts from 3.1045.0 to 3.1049.0

Release notes

Sourced from @​aws-sdk/client-sts's releases.

v3.1049.0

3.1049.0(2026-05-18)

Documentation Changes

• client-evs: Amazon EVS now supports up to 32 hosts per EVS environment, increasing the previous host limit to allow a larger scale of VMware workload deployments and reduce operational overhead. (34718dc5)

New Features

• clients: update client endpoints as of 2026-05-18 (a5f4e2a2)
• client-ec2: Amazon VPC IP Address Manager (IPAM) now supports tags on IPAM pool allocations, enabling all standard tagging features for allocations including tag-on-create. (0ac6d448)
• client-accessanalyzer: Services manage service-linked analyzers through dedicated APIs - CreateServiceLinkedAnalyzer and DeleteServiceLinkedAnalyzer that separate service-linked specific operations from customer-managed operations. It also shows up in ListAnalyzers and GetAnalyzer responses. (fdfcbe80)
• client-ecs: Amazon ECS now supports Pause lifecycle hooks for service deployments, allowing customers to automatically pause deployments at specified stages and use the new ContinueServiceDeployment API to continue or roll back with confidence. (8437bd6c)
• client-connect: Amazon Connect Cases now supports SLA durations of up to 2 years (1,051,200 minutes), increased from the previous maximum of 90 days (129,600 minutes). This enables you to track long-running service level agreements for cases that require extended resolution timelines. (045e1382)
• client-ivs: Adds support for up to 3 mediaTailorPlaybackConfiguration objects in an ad configuration resource (e7a59d85)
• client-quicksight: Support for dataset enrichment and geo spatial in new data preparation experience (c3036698)

Bug Fixes

• core/protocols: make error namespace removal unconditional in JSON RPC (#8031) (7cee4f27)
• client-sts: update imports to new module locations (#8025) (be183b6d)

---

For list of updated packages, view updated-packages.md in assets-3.1049.0.zip

v3.1048.0

3.1048.0(2026-05-15)

Chores

• packages: update import paths (#8024) (901b75a1)
• codegen:
  • updated import sources for aws-sdk core (#8015) (1af90474)
  • sync for browser bundle fixes (#8022) (eabae7d8)
• core/client: consolidate packages into core/client (#8010) (832d9e76)

New Features

• clients: update client endpoints as of 2026-05-15 (4aa76bd0)
• client-mediapackagev2: This release adds support for AvailabilityStartTimeConfiguration in MediaPackageV2 DASH manifests (6c8a84d4)
• client-partnercentral-selling: Enable TCV intake on Opportunity to improve Opportunities Hygiene and downstream revenue attribution. (d68a75c4)
• client-cloudwatch-logs: Updating the max limit for start query api parameter. (931876e1)

---

For list of updated packages, view updated-packages.md in assets-3.1048.0.zip

... (truncated)

Changelog

Sourced from @​aws-sdk/client-sts's changelog.

3.1049.0 (2026-05-18)

Bug Fixes

• client-sts: update imports to new module locations (#8025) (be183b6)

3.1048.0 (2026-05-15)

Note: Version bump only for package @​aws-sdk/client-sts

3.1047.0 (2026-05-14)

Note: Version bump only for package @​aws-sdk/client-sts

3.1046.0 (2026-05-14)

Note: Version bump only for package @​aws-sdk/client-sts

Commits

• 04d52f3 Publish v3.1049.0
• be183b6 fix(client-sts): update imports to new module locations (#8025)
• 313813d Publish v3.1048.0
• 1af9047 chore(codegen): updated import sources for aws-sdk core (#8015)
• eabae7d chore(codegen): sync for browser bundle fixes (#8022)
• 8edb907 Publish v3.1047.0
• a664335 Publish v3.1046.0
• 9ce20f6 chore(codegen): dependency version bump (#8008)
• 3361fb2 chore(scripts): add submodule variant api surface parity linting (#8006)
• acffbf9 chore: update smithy/core imports (#7979)
• See full diff in compare view

Updates @types/node from 25.6.2 to 25.9.0

Commits

• See full diff in compare view

Updates aws-cdk-lib from 2.253.0 to 2.254.0

Release notes

Sourced from aws-cdk-lib's releases.

v2.254.0

⚠ BREAKING CHANGES

• ** L1 resources are automatically generated from public CloudFormation Resource Schemas. They are built to closely reflect the real state of CloudFormation. Sometimes these updates can contain changes that are incompatible with previous types, but more accurately reflect reality. In this release we have changed:

aws-elasticache: AWS::ElastiCache::CacheCluster: Id attribute removed. aws-sagemaker: AWS::SageMaker::Model: Id attribute removed. aws-vpclattice: AWS::VpcLattice::AuthPolicy: State attribute enum values changed from ACTIVE|INACTIVE to Active|Inactive.

Features

• update L1 CloudFormation resource definitions (#37826) (fb4197e)
• cloudwatch: add PromQL Alarm L2 construct (#37793) (13a4924)
• core: PropertyMergeStrategy now supports array merge strategies (#37841) (701305d)
• core: plugin violations can be suppressed (#37808) (a47ad39), closes #37781
• core: weak cross environment references (#37800) (fe23dce)
• core: weak cross-stack references in the same environment (#37824) (167ff3c)
• dynamodb: resource policies for streams (#37254) (7e5679c)
• lambda: add SQS provisionedPollerConfig support with validation and fix type mismatch (#37550) (086738b), closes #37197 aws/aws-cdk#37197 #37197
• ses: auto email validation for configuration sets (#36679) (3a58641)

Bug Fixes

• file fingerprinting is now ~33% faster (#37802) (b871018)
• core: "exports cannot be updated" for cross-region references (#37790) (af11f00)
• rds: add lower bound validation for ClusterInstance promotionTier (#37519) (16c0a29), closes #37518
• s3deploy: empty sources leads to deployment error (#37786) (d28ad30)
• bundled jsonschema in @​aws-cdk/cloud-assembly-api causes ELSPROBLEMS (#37774) (64651d3), closes #37756

---

Alpha modules (2.254.0-alpha.0)

Features

• bedrock-agentcore-alpha: add tags support to Evaluator and OnlineEvaluationConfig (#37804) (adbf88f)
• bedrock-agentcore-alpha: add identity L2 constructs (#37610) (67c3af2)
• mediapackagev2-alpha: add OAC integration between CloudFront and MediaPackageV2 (#37701) (654f59c)

Bug Fixes

• bedrock-agentcore-alpha: fix cedar policy bug (#37782) (e678d5c), closes #37828
• custom-resource-handlers: deployment fails when parameter already exists (#37852) (025c38c)

v2.253.1

Bug Fixes

• core: "exports cannot be updated" for cross-region references (#37790) (b0c00e2)
• s3deploy: empty sources leads to deployment error (#37786) (f61656a)

---

Alpha modules (2.253.1-alpha.0)

Changelog

Sourced from aws-cdk-lib's changelog.

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

2.254.0-alpha.0 (2026-05-13)

Features

• bedrock-agentcore-alpha: add tags support to Evaluator and OnlineEvaluationConfig (#37804) (adbf88f)
• bedrock-agentcore-alpha: add identity L2 constructs (#37610) (67c3af2)
• mediapackagev2-alpha: add OAC integration between CloudFront and MediaPackageV2 (#37701) (654f59c)

Bug Fixes

• bedrock-agentcore-alpha: fix cedar policy bug (#37782) (e678d5c), closes #37828
• custom-resource-handlers: deployment fails when parameter already exists (#37852) (025c38c)

2.253.1-alpha.0 (2026-05-08)

2.253.0-alpha.0 (2026-05-06)

Features

• bedrock-agentcore-alpha: add OnlineEvaluationConfig and Evaluator L2 constructs (#37615) (c13de04), closes #37614
• glue-alpha: add extraPythonFiles support to PythonShellJob (#37130) (c9c6f9c), closes #34448

Bug Fixes

• bedrock-agentcore-alpha: self-managed memory strategy validation throws on unresolved tokens (#37691) (7956537), closes #37197

2.252.0-alpha.0 (2026-04-29)

2.251.0-alpha.0 (2026-04-24)

Features

• bedrock-agentcore-alpha: add L2 constructs for policy and policy engine (#37238) (1e89e7e)
• bedrock-agentcore-alpha: add observability configuration for Runtime (#36689) (34b43aa), closes #36596
• bedrock-agentcore-alpha: support No Authorization for AgentCore Gateway (#36610) (f20bd8e)
• dsql-alpha: initial L2 construct (#34599) (be1a458), closes #34593

2.250.0-alpha.0 (2026-04-14)

2.249.0-alpha.0 (2026-04-10)

... (truncated)

Commits

• b1864c9 chore: update analytics metadata blueprints
• c9faa87 chore(release): 2.254.0
• fb4197e feat: update L1 CloudFormation resource definitions (#37826)
• 086738b feat(lambda): add SQS provisionedPollerConfig support with validation and fix...
• 69d6457 refactor(core): unify validation plugin execution into single loop (#37809)
• 13a4924 feat(cloudwatch): add PromQL Alarm L2 construct (#37793)
• 2fbe65a chore(docs): put feature flags in alphabetical order in cdk.json section of...
• 701305d feat(core): PropertyMergeStrategy now supports array merge strategies (#37841)
• 3a58641 feat(ses): auto email validation for configuration sets (#36679)
• be82355 chore: remove dead code (#37830)
• Additional commits viewable in compare view

Updates bestzip from 2.2.3 to 2.2.5

Commits

• cc15ebd 2.2.5
• 9442a74 Bump brace-expansion from 1.1.12 to 5.0.6 (#86)
• 26fbabd chore: remove unused regenerator-runtime dependency (#85)
• d3173f9 2.2.4
• 029514c feat!: update minimum Node.js version to v20 (#84)
• bfea21f Bump lodash from 4.17.23 to 4.18.1 (#81)
• b392427 Bump picomatch from 2.3.1 to 2.3.2 (#80)
• See full diff in compare view

Updates @types/node from 25.6.2 to 25.9.0

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions