@aws-amplify/cli-extensibility-helper moderate severity vulnerability with aws-cdk-lib dependency

[brianlenz]

Is this feature request related to a new or existing Amplify category?

No response

Is this related to another service?

No response

Describe the feature you'd like to request

@aws-amplify/cli-extensibility-helper has a dependency on aws-cdk-lib ~2.177.0 which has moderate and low severity vulnerabilities that would be worth updating at some point:

GHSA-qq4x-c6h6-rfxh
GHSA-5pq3-h73f-66hr
GHSA-qc59-cxj2-c2w4

Describe the solution you'd like

The aws-cdk-lib dependency in @aws-amplify/cli-extensibility-helper should be updated to at least 2.189.1 to address both vulnerabilities.

Describe alternatives you've considered

The only work around is to use forced resolutions for the versions since the semver doesn't allow minor version updates (~2.177.0).

Additional context

No response

Is this something that you'd be interested in working on?

• 👋 I may be able to implement this feature request

Would this feature include a breaking change?

• ⚠️ This feature might incur a breaking change

[AnilMaktala]

Hey @brianlenz, Thank you for rasing this issue. Marking this as feature request for further evaluation.

[brianlenz]

I updated the body here to reflect a third vulnerability and the minimum version of 2.189.1 to address it.