@aws-amplify/cli-extensibility-helper low severity vulnerability with aws-cdk-lib dependency

[brianlenz]

Is this feature request related to a new or existing Amplify category?

No response

Is this related to another service?

No response

Describe the feature you'd like to request

@aws-amplify/cli-extensibility-helper has a dependency on aws-cdk-lib ~2.129.0 which has a low severity vulnerability that would be worth updating at some point:

GHSA-v4mq-x674-ff73

Describe the solution you'd like

Update the aws-cdk-lib dependency to allow for the patched 2.177.0 version.

Is there a reason the dependency on aws-cdk-lib needs to use a tilde range instead of a caret range (which would allow updates to the patched version)?

Describe alternatives you've considered

You'd have to override the resolution to update aws-cdk-lib to the patched version.

Additional context

No response

Is this something that you'd be interested in working on?

• 👋 I may be able to implement this feature request

Would this feature include a breaking change?

• ⚠️ This feature might incur a breaking change

[ykethan]

Hey @brianlenz, thank you for filing this issue. Marking this as feature request to update aws-cdk-lib.

[sobolk]

The change has been merged here #14086.

[brianlenz]

Thanks @ykethan @sobolk!

Sorry to do this as it's unrelated, but since I have you, do you think we can make any progress on getting #13858 merged? I'm still having to use a custom amplify-dev CLI build and would love to get that merged. I'm happy to make changes to the PR if necessary, too. Thanks for your consideration 🙏

[sobolk]

Version 3.0.36 of @aws-amplify/cli-extensibility-helper has been published to npm https://www.npmjs.com/package/@aws-amplify/cli-extensibility-helper/v/3.0.36

[github-actions]

This issue is now closed. Comments on closed issues are hard for our team to see.
If you need more assistance, please open a new issue that references this one.