[Snyk] Upgrade aws-cdk from 1.128.0 to 2.160.0

[WontonSam]

Snyk has created this PR to upgrade aws-cdk from 1.128.0 to 2.160.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

• The recommended version is 348 versions ahead of your current version.

• The recommended version was released on a month ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Prototype Pollution SNYK-JS-ASYNC-2441827	159	Proof of Concept
	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	159	Proof of Concept
	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	159	Proof of Concept
	Sandbox Bypass SNYK-JS-VM2-2309905	159	Proof of Concept
	Arbitrary Code Execution SNYK-JS-VM2-2990237	159	Proof of Concept
	Sandbox Bypass SNYK-JS-VM2-3018201	159	Proof of Concept
	Denial of Service (DoS) SNYK-JS-WS-7266574	159	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	159	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	159	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	159	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	159	Proof of Concept
	Prototype Pollution SNYK-JS-XML2JS-5414874	159	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	159	No Known Exploit
	Denial of Service (DoS) SNYK-JS-NWSAPI-2841516	159	No Known Exploit
	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	159	Proof of Concept
	Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') SNYK-JS-VM2-5537079	159	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WORDWRAP-3149973	159	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-2429795	159	Proof of Concept
	Sandbox Escape SNYK-JS-VM2-5415299	159	Proof of Concept
	Sandbox Escape SNYK-JS-VM2-5422057	159	Proof of Concept
	Improper Handling of Exceptional Conditions SNYK-JS-VM2-5426093	159	No Known Exploit
	Sandbox Bypass SNYK-JS-VM2-5537100	159	Proof of Concept
	Remote Code Execution (RCE) SNYK-JS-VM2-5772823	159	Proof of Concept
	Remote Code Execution (RCE) SNYK-JS-VM2-5772825	159	Mature
	Server-Side Request Forgery (SSRF) SNYK-JS-IP-7148531	159	Proof of Concept
	Reverse Tabnabbing SNYK-JS-ISTANBULREPORTS-2328088	159	No Known Exploit
	Prototype Pollution SNYK-JS-JSON5-3182856	159	Proof of Concept

Release notes

Package name: aws-cdk

• 2.160.0 - 2024-09-24
  

  Features

  • allow all sts options for roles assumed by the cli (#31089) (5e95ba2), closes #26157 #22535
  • update L1 CloudFormation resource definitions (#31534) (cd17fed)
  • core: configure Stack SNS notification ARNs on the Stack construct (#31107) (1593500), closes #8581
  • stepfunctions: add support for EncryptionConfiguration (#30959) (b49032b)

  ---

  Alpha modules (2.160.0-alpha.0)

  Features

  • kinesisanalytics-flink: support Apache Flink 1.20 (#31349) (b3b9aa8)

  Bug Fixes

  • cognito-identitypool-alpha: cannot configure roleMappings with imported userPool and client (#30421) (0fdd6a9), closes #30304 /github.com/aws/aws-cdk/blob/c3003ab41f0efc763f39eb2cab490c8a005e146b/packages/aws-cdk-lib/aws-cognito/lib/user-pool.ts#L902
  • ec2: instance resourceSignalTimeout overwrites initOptions.timeout (#31446) (a29bf19), closes #30052
• 2.159.1 - 2024-09-19
  

  Reverts

  • fix(ec2): fixing vpc endpoint pattern for ecr and ecr docker (#31496) (f7e8452)

  ---

  Alpha modules (2.159.1-alpha.0)

• 2.159.0 - 2024-09-19
  

  Features

  • update L1 CloudFormation resource definitions (#31484) (60ce351), closes /docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html#cfn-ec2 /docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html#cfn-ec2 /docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html#cfn-ec2 /docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html#cfn-ec2
  • opensearch: support OpenSearch version 2.15 (#31398) (33eea3f)
  • update L1 CloudFormation resource definitions (#31460) (e220e90)
  • apigatewayv2: support for setting routeSelectionExpression for an HTTP API (#31373) (36baf51), closes #31104
  • elasticloadbalancingv2: alb dualstack without public ipv4 (#30248) (4068af3), closes #30256
  • events-target: support Dead Letter Queue for Kinesis Stream Event Target (#31435) (358f231), closes #31428 #13600
  • stepfunctions-tasks: support idle timeout for EmrCreateCluster (#31142) (432ffaf), closes #29926
  • vpcv2: implementation of add gateway method (#31224) (4b90bfc)

  Bug Fixes

  • cli: bootstrap respects qualifier from cdk.json (#31410) (44134ad), closes #28249
  • cli: hotswapping appsync functions fails when API does not return function on the first page (#31406) (0da4f43), closes /github.com/aws/aws-cdk/blob/1e203753519e10e19ef0db87e1382377b609bcaa/packages/aws-cdk/lib/api/evaluate-cloudformation-template.ts#L23-L36
  • cli: release outdir lock when synth fails (#30874) (b6ad97f), closes #27864
  • cognito: deprecate privateKey and add privateKeyValue as typed SecureValue (#31409) (7ee183d), closes /github.com/aws/aws-cdk/blob/1e203753519e10e19ef0db87e1382377b609bcaa/packages/aws-cdk-lib/aws-cognito/lib/user-pool-idps/google.ts#L28
  • ecs: reduce ecs service task role cloudwatch permissions when no log configured (under feature flag) (#31475) (de7ab7c)
  • eks: fargateCluster compatibility with AuthenticationMode.API (#31267) (4d12833)
  • eks: update private ecr repo url regex (#31394) (386fca3)
  • lambda: invalid Version object created from Version.fromVersionArn (#31433) (1726abd)
  • ssm: update ssm-context to prevent raising an error on missing parameter (#31415) (ff02cca), closes #7051 #22064 #7259
  • pipelines ties cli version with cdk-assets version (#31261) (4392ab4), closes #31253

  ---

  Alpha modules (2.159.0-alpha.0)

  ⚠ BREAKING CHANGES TO EXPERIMENTAL FEATURES

  • kinesisfirehose-alpha: encryptionKey property is removed and encryption property type has changed from the StreamEncryption enum to the StreamEncryption class.

  To pass in a KMS key for the customer managed key case, use StreamEncryption.customerManagedKey(key)

  Details

  Replaced encryption and encryptionKey properties with a single property encryption of type StreamEncryption and is used by calling one of the 3 methods:

  SreamEncryption.unencrypted()
  StreamEncryption.awsOwnedKey()
  StreamEncryption.customerManagedKey(key?: IKey)

  This makes it so it's not longer possible to pass in a key when the encryption type is AWS owned or unencrypted. The key is an optional parameter in StreamEncryption.customerManagedKey(key?: IKey) so following the previous behaviour, if a key is provided it will be used, otherwise a key will be created for the user.

  Description of how you validated changes

  Generated templates do not change so behaviour remains the same.

  Updated integ/unit tests.

  Checklist

  • My code adheres to the CONTRIBUTING GUIDE and DESIGN GUIDELINES

  Features

  • ivs: support RTMP ingest for IVS channel (#31380) (a907a7e)

  Bug Fixes

  • ec2: fixing vpc endpoint pattern for ecr and ecr docker (#31434) (95c49ab)

  Miscellaneous Chores

  • kinesisfirehose-alpha: refactor encryption property to combine encryptionKey (#31430) (8e92185)
• 2.158.0 - 2024-09-11
  

  Bug Fixes

  • cloudformation-include: can't use CFN intrinsics in Tags (#30515) (af9e6ba), closes #27594

  ---

  Alpha modules (2.158.0-alpha.0)

  Features

  • amplify: support cache configuration for app (#31381) (b7bd041)
  • iot: configure IoT Logging (#31352) (6348717), closes #31357
• 2.157.0 - 2024-09-10
  

  Features

  • update L1 CloudFormation resource definitions (#31361) (bc4dbfd)
  • appsync: support DEBUG and INFO logging levels for AppSync GraphQL APIs (#31326) (4b9643f)
  • lambda: added new property allowAllIpv6Outbound to FunctionOptions (#31013) (fa55194), closes #30994

  Bug Fixes

  • rds: proxy target group does not depend on database instances when using writer property for database cluster (#31354) (6542207), closes #31304 /github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/aws-rds/lib/proxy.ts#L535-L539

  ---

  Alpha modules (2.157.0-alpha.0)

• 2.156.0 - 2024-09-06
  

  Features

  • bedrock: add Stable Image Ultra, Stable Diffusion 3 Large, and Stable Image Core model identifiers (#31327) (586cb04)
  • cloudfront: s3 origin access control L2 construct (#31254) (30675f0), closes #21771
  • codebuild: support three arm-based compute types, Medium, X-Large and 2X-Large (#31214) (39492e9), closes #30869
  • docdb: i/o optimized storage type (#30163) (7ed221c), closes #30165
  • ecs-patterns: dualstack ALB (#30089) (98ea3db), closes #29039
  • eks: support alb controller versions 2.7.0-2.8.2 (#31264) (a3863a6)
  • events-targets: support for RedshiftDataParameters (#29462) (84c6442), closes #15712 #31017
  • synthetics: syn-nodejs-puppeteer-9.0 as supported runtime (#31272) (c1d7782), closes #31271
  • custom-resources: update python runtime for custom resources (#31166) (03ebca8), closes #31245

  Bug Fixes

  • custom-resources: remove presigned url from cloudwatch logs (#31322) (b5e4496)
  • eks: albController incompatibility with AuthenticationMode.API mode (#31258) (427cd61)
  • prlint: a review label doesn't appear when a PR is approved if there are too many comments (#31290) (1c63070), closes #31294 /github.com/aws/aws-cdk/pull/30920#issuecomment-2324932936 aws-cdk/prlint/lint.ts#L377 40aws-cdk/prlint/lint.ts#L376
  • stepfunctions-tasks: add back BedrockInvokeModel to use JsonPath (#31325) (5b059b9), closes aws/aws-cdk#31308
  • stepfunctions-tasks: fix bedrock input/output path in step-funct… (#31305) (a190935), closes #31302 PR#30298 #29229
  • stepfunctions-tasks: sageMakerCreateTrainingJob does not correctly support empty inputDataConfig (#31210) (6d43146), closes #31132

  ---

  Alpha modules (2.156.0-alpha.0)

  Features

  • location: support RouteCalculator (#30682) (574d383), closes #30681
  • neptune-alpha: specify port for the cluster (#31137) (130b62b), closes #31074
  • scheduler: validate schedule name length (#31200) (d0f9688)

  Bug Fixes

  • scheduler: the value of the description property is not reflected to the resource. (#31276) (a3332b6), closes #31269
• 2.155.0 - 2024-08-30
  

  Features

  • codebuild: macOS codebuild support (#31203) (823ff6e), closes #31170
  • eks: preserveOnDelete for EKS addon (#30776) (23fba1c)
  • kms: add multiRegion property to a Key (#31125) (3dc4c50)
  • stepfunctions-tasks: add cpu and memory parameters to EcsRunTask (#30140) (986e378), closes #30027
  • synthetics: add syn-python-selenium-4.0 runtime (#31101) (cc75ded), closes #30137 /docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch_Synthetics_Library_python_selenium.html#CloudWatch_Synthetics_runtimeversion-syn-python-selenium-4
  • update L1 CloudFormation resource definitions (#31193) (e942b67)
  • update L1 CloudFormation resource definitions (#31194) (5468983)
  • update L1 CloudFormation resource definitions (#31221) (b754353)

  Bug Fixes

  • cloudfront: requirement of domainNames prevents moving a domain name between distributions (#31001) (acdf7d3), closes #29960 #29329
  • eks: can't update authMode with the same mode (#31043) (64df08b)
  • lambda-event-source: allow dynamodb filtering on boolean value (#31011) (9946ab0), closes #30734
  • s3: bucket notifications in owning stack deletes bucket notifications from other stacks (#31091) (0b09e52)

  ---

  Alpha modules (2.155.0-alpha.0)

  Features

  • ec2: ipv6AddressCount property for an instance (#31076) (e3e5e1c), closes #31075
  • ec2: support throughput on LaunchTemplate EBS volumes (#30716) (6ed0bed), closes #24341 #22441
  • location: support GeofenceCollection (#30711) (04d73ac), closes #30710
• 2.154.1 - 2024-08-23
  

  Features

  • update L1 CloudFormation resource definitions (#31193) (aa97525)
  • update L1 CloudFormation resource definitions (#31194) (2191264)

  Bug Fixes

  • cloudfront: requirement of domainNames prevents moving a domain name between distributions (#31001) (1255ce3), closes #29960 #29329

  ---

  Alpha modules (2.154.1-alpha.0)

• 2.154.0 - 2024-08-22
  

  Features

  • update L1 CloudFormation resource definitions (#31145) (5387605)
  • batch: add ECS_AL2023 (#30928) (d45bf08)
  • CLI: synth displays "AssertDescription: CDK bootstrap stack version 6 required" (#31092) (751a922), closes #17942
  • core: configure SNS topics to receive stack events on the Stack construct (#30551) (0cdce20), closes #8581
  • dynamodb: adding on-demand-throughput to table (#30725) (d5a19bb), closes #30091
  • elasticloadbalancingv2: connection logs for ALB (#30599) (7c4f423)
  • elasticloadbalancingv2: support Mutual Authentication with TLS for Application Load Balancer (#30784) (7eae4d1), closes #28206
  • region-info: update Metadata regions (#31044) (ae7d181)
  • region-info: update Metadata regions (#31046) (6ec69b9)
  • region-info: update Metadata regions (#31047) (9025635)
  • s3: add skip destination validation property (#30916) (ffc40e5), closes #30914 #30914
  • ssm: support cross-account sharing (#30646) (1eb1ea6), closes #29292
  • set log retention of all CDK-vended custom resources with CustomResourceConfig (#31041) (f2babd9)
  • update L1 CloudFormation resource definitions (#31025) (5414932)
  • update L1 CloudFormation resource definitions (#31086) (62a641c)
  • update L1 CloudFormation resource definitions (#31120) (931ebba)
  • vpc: support custom route and subnet (#30538) (e17fdd7), closes RFC#507

  Bug Fixes

  • elasticloadbalancingv2-targets: add AlbListenerTarget for NLBs, deprecate AlbTarget due to ALB listener race conditions (#17208) (#30396) (1fca1e5), closes /github.com/aws/aws-cdk/issues/17208#issuecomment-1681475590
  • lambda: validate localMountPath format and length (#31019) (c159e77)
  • vpc-v2: fixing default scope id (#31102) (0007a29)

  Reverts

  • feat(core): configure SNS topics to receive stack events on the Stack construct (#31100) (5f30aa5), closes aws/aws-cdk#30551
  • feat(ec2): security group lookup via filters (#31065) (79b5cd2), closes aws/aws-cdk#30625
  • feat(ecs): add validation checks to memory cpu combinations of FARGATE compatible task definitions (#31110) (ffba5b1)

  ---

  Alpha modules (2.154.0-alpha.0)

  Features

  • amplify: support custom certificate (#30791) (8d76778), closes #30594
  • ec2: security group lookup via filters (#30625) (abc78bf), closes #30331
  • sagemaker: network isolation for a model (#30657) (f1af7fc)

  Bug Fixes

  • cli-lib-alpha: bootstrap fails with "bad argument name" error for trust and trustForLookup (#31159) (b11ca4a), closes #30404
  • cognito-identitypool-alpha: validation error if provided id is a token (#30882) (ad1b797), closes #29780 #28184
  • ec2: prevent deduplication of init command args (#30821) (1e7c690), closes #26221
• 2.153.0 - 2024-08-20
  

  Features

  • lambda: support Recursive Loop Protection property (572fe0a)

  ---

  Alpha modules (2.153.0-alpha.0)

• 2.152.0 - 2024-08-15
• 2.151.1 - 2024-08-14
• 2.151.0 - 2024-08-02
• 2.150.0 - 2024-07-23
• 2.149.0 - 2024-07-12
• 2.148.1 - 2024-07-11
• 2.148.0 - 2024-07-05
• 2.147.3 - 2024-07-02
• 2.147.2 - 2024-06-28
• 2.147.1 - 2024-06-24
• 2.147.0 - 2024-06-20
• 2.146.0 - 2024-06-13
• 2.145.0 - 2024-06-07
• 2.144.0 - 2024-05-31
• 2.143.1 - 2024-05-30
• 2.143.0 - 2024-05-24
• 2.142.1 - 2024-05-17
• 2.142.0 - 2024-05-15
• 2.141.0 - 2024-05-08
• 2.140.0 - 2024-05-02
• 2.139.1 - 2024-04-30
• 2.139.0 - 2024-04-24
• 2.138.0 - 2024-04-18
• 2.137.0 - 2024-04-11
• 2.136.1 - 2024-04-10
• 2.136.0 - 2024-04-06
• 2.135.0 - 2024-04-02
• 2.134.0 - 2024-03-26
• 2.133.0 - 2024-03-15
• 2.132.1 - 2024-03-12
• 2.132.0 - 2024-03-09
• 2.131.0 - 2024-03-01
• 2.130.0 - 2024-02-23
• 2.129.0 - 2024-02-21
• 2.128.0 - 2024-02-14
• 2.127.0 - 2024-02-10
• 2.126.0 - 2024-02-02
• 2.125.0 - 2024-02-01
• 2.124.0 - 2024-01-26
• 2.123.0 - 2024-01-24
• 2.122.0 - 2024-01-18
• 2.121.1 - 2024-01-13
• 2.121.0 - 2024-01-12
• 2.120.0 - 2024-01-12
• 2.119.0 - 2024-01-11
• 2.118.0 - 2024-01-03
• 2.117.0 - 2023-12-27
• 2.116.1 - 2023-12-22
• 2.116.0 - 2023-12-22
• 2.115.0 - 2023-12-14
• 2.114.1 - 2023-12-06
• 2.114.0 - 2023-12-05
• 2.113.0 - 2023-12-01
• 2.112.0 - 2023-12-01
• 2.111.0 - 2023-11-27
• 2.110.1 - 2023-11-22
• 2.110.0 - 2023-11-17
• 2.109.0 - 2023-11-16
• 2.108.1 - 2023-11-14
• 2.108.0 - 2023-11-14
• 2.107.0 - 2023-11-13
• 2.106.1 - 2023-11-11
• 2.106.0 - 2023-11-10
• 2.105.0 - 2023-11-08
• 2.104.0 - 2023-11-02
• 2.103.1 - 2023-10-27
• 2.103.0 - 2023-10-26
• 2.102.1 - 2023-10-25
• 2.102.0 - 2023-10-19
• 2.101.1 - 2023-10-16
• 2.101.0 - 2023-10-13
• 2.100.0 - 2023-10-06
• 2.99.1 - 2023-09-30
• ...

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

[sonarcloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud