build(deps-dev): bump the nodejs-other group across 1 directory with 7 updates

[dependabot]

Bumps the nodejs-other group with 7 updates in the /nodejs directory:

Package	From	To
eslint	10.2.1	10.3.0
globals	17.5.0	17.6.0
typescript-eslint	8.59.0	8.59.2
sinon	21.1.2	22.0.0
@aws-sdk/client-sts	3.1037.0	3.1045.0
@types/node	25.6.0	25.6.2
aws-cdk-lib	2.251.0	2.253.0

Updates eslint from 10.2.1 to 10.3.0

Release notes

Sourced from eslint's releases.

v10.3.0

Features

• 379571a feat: add suggestions for no-unused-private-class-members (#20773) (sethamus)

Bug Fixes

• b6ae5cf fix: handle unavailable require cache (#20812) (Simon Podlipsky)
• 6fb3685 fix: rule suggestions cause continuation in class body (#20787) (Milos Djermanovic)

Documentation

• 32cc7ab docs: fix typos in docs and comments (#20809) (Tanuj Kanti)
• 7f47937 docs: Update README (GitHub Actions Bot)

Chores

• d32235e ci: use pnpm in eslint-flat-config-utils type integration test (#20826) (Francesco Trotta)
• 3ffb14e chore: clean up typos in comments and JSDoc (#20821) (Pixel998)
• 22eb58a chore: add missing continue-on-error to ecosystem-tests.yml (#20818) (Josh Goldberg ✨)
• 88bf002 ci: bump pnpm/action-setup from 6.0.1 to 6.0.3 (#20815) (dependabot[bot])
• 97c8c33 chore: update ilshidur/action-discord action to v0.4.0 (#20811) (renovate[bot])
• 2f58136 chore: pin peter-evans/create-pull-request action to 5f6978f (#20810) (renovate[bot])
• 77add7f chore: add initial ecosystem plugin tests workflow (#19643) (Josh Goldberg ✨)
• 4023b55 test: Add unit tests for SuppressionsService.prune() (#20797) (kuldeep kumar)
• 54080da test: add unit tests for ForkContext (#20778) (kuldeep kumar)
• f0e2bcc test: add unit tests for SuppressionsService.suppress() method (#20765) (kuldeep kumar)
• a7f0b94 chore: update dependency prettier to v3.8.3 (#20782) (renovate[bot])
• 7bf93d9 chore: update TypeScript to v6 (#20677) (sethamus)
• b42dd72 ci: bump pnpm/action-setup from 6.0.0 to 6.0.1 (#20781) (dependabot[bot])
• 2b252be test: add unit tests for IdGenerator (#20775) (kuldeep kumar)

Commits

• 7889204 10.3.0
• 5b69b4f Build: changelog update for 10.3.0
• d32235e ci: use pnpm in eslint-flat-config-utils type integration test (#20826)
• b6ae5cf fix: handle unavailable require cache (#20812)
• 3ffb14e chore: clean up typos in comments and JSDoc (#20821)
• 6fb3685 fix: rule suggestions cause continuation in class body (#20787)
• 22eb58a chore: add missing continue-on-error to ecosystem-tests.yml (#20818)
• 88bf002 ci: bump pnpm/action-setup from 6.0.1 to 6.0.3 (#20815)
• 379571a feat: add suggestions for no-unused-private-class-members (#20773)
• 97c8c33 chore: update ilshidur/action-discord action to v0.4.0 (#20811)
• Additional commits viewable in compare view

Updates globals from 17.5.0 to 17.6.0

Release notes

Sourced from globals's releases.

v17.6.0

• Update globals (2026-05-01) (#343) 00a4dd9

---

sindresorhus/globals@v17.5.0...v17.6.0

Commits

• 6b15870 17.6.0
• 00a4dd9 Update globals (2026-05-01) (#343)
• See full diff in compare view

Updates typescript-eslint from 8.59.0 to 8.59.2

Release notes

Sourced from typescript-eslint's releases.

v8.59.2

8.59.2 (2026-05-04)

🩹 Fixes

• eslint-plugin: [no-unsafe-type-assertion] handle crash on recursive template literal types (#12150)
• eslint-plugin: [no-deprecated] object destructuring values should be treated as declarations (#12292)
• rule-tester: add TypeScript as a peer dependency (#12288)

❤️ Thank You

• Dariusz Czajkowski
• Dima Barabash
• Kirk Waiblinger @​kirkwaiblinger

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.59.1

8.59.1 (2026-04-27)

🩹 Fixes

• eslint-plugin: [no-unnecessary-type-assertion] fix crash "TypeError: checker.getTypeArguments is not a function" (#12246)
• eslint-plugin: [no-unnecessary-type-assertion] preserve index signatures in undefined unions (#12257)
• eslint-plugin: [no-unnecessary-type-assertion] preserve phantom type arguments in generic inference (#12269)
• eslint-plugin: [no-unnecessary-type-assertion] avoid false positive in logical assignment assertions (#12278)
• eslint-plugin: [no-unnecessary-type-arguments] handle instantiation expressions (#12220)
• eslint-plugin: [no-unnecessary-condition] treat void as nullish in no-unnecessary-condition (#12241)

❤️ Thank You

• anasm266 @​anasm266
• Anshika Jain @​Anshikakalpana
• Ulrich Stark
• yugo innami @​nami8824

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from typescript-eslint's changelog.

8.59.2 (2026-05-04)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.59.1 (2026-04-27)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

• 2ec35f1 chore(release): publish 8.59.2
• 5245793 chore(release): publish 8.59.1
• See full diff in compare view

Updates sinon from 21.1.2 to 22.0.0

Changelog

Sourced from sinon's changelog.

22.0.0

• ed911df5 Update Ruby gems (Carl-Erik Kopseng)
• 75a1e5b8 Update to Node 26 (Carl-Erik Kopseng)
• 197d6608 Update documentation on faking timers to reflect the current state of fake-timers (Carl-Erik Kopseng)
• c5ddf80b Update fake-timers@15.4: includes new Temporal API (Carl-Erik Kopseng)
• f4ab02f6 Update updatable packages (Carl-Erik Kopseng)
• 0536afc8 Quality: Global mutable call id can grow unbounded across long-lived processes (#2691) (tuanaiseo)

  • refactor: global mutable call id can grow unbounded across l

  callId is module-scoped and incremented on every invocation. In long-running test runners or embedded usage, this can grow indefinitely and eventually lose integer precision semantics for strict ordering comparisons.

  Affected files: proxy-invoke.js

  Signed-off-by: tuanaiseo 221258316+tuanaiseo@users.noreply.github.com

  • Wrap around for all values that are too high

  ---

  Signed-off-by: tuanaiseo 221258316+tuanaiseo@users.noreply.github.com Co-authored-by: Carl-Erik Kopseng carlerik@gmail.com

• f4f7d93b Perform additional cleanup when calling callThrough() (#2670) (Cyrille)
• 6199e9e4 improve GitHubworkflows by introducing zizmor for monitoring (#2686) (Till!)

  • fix(workflows): fetch-depth is for actions/checkout
  • chore(workflows): update

  • pin all actions to precise commits
  • avoid credential leakage from actions/checkout
  • group action updates going forward
  • add zimor config to ignore "secrets outside env"
  • add job to keep validating workflows

• f7476b59 Use path.normalize() for path normalization (Carl-Erik Kopseng)
• 2c975393 fix: make build and node test scripts cross-platform (laplace young)
• a7692917 fix: isolate walk state from Object prototype (laplace young)
• 66df977a Fix sinon.restore() cascade-restoring sub-sandboxes (#2704) (Charlie Leitheiser)

  The ESM port of createApi (#2683, shipped in 21.1.0) replaced createSandbox: createSandbox with a wrapper that pushes every newly-created sandbox into the root sandbox's fake collection:

... (truncated)

Commits

• 52555af 22.0.0
• ed911df Update Ruby gems
• 75a1e5b Update to Node 26
• 197d660 Update documentation on faking timers to reflect the current state of fake-ti...
• c5ddf80 Update fake-timers@15.4: includes new Temporal API
• f4ab02f Update updatable packages
• 0536afc Quality: Global mutable call id can grow unbounded across long-lived processe...
• f4f7d93 Perform additional cleanup when calling callThrough() (#2670)
• 6199e9e improve GitHubworkflows by introducing zizmor for monitoring (#2686)
• 1519009 Merge #2703: isolate walk state from Object prototype
• Additional commits viewable in compare view

Updates @aws-sdk/client-sts from 3.1037.0 to 3.1045.0

Release notes

Sourced from @​aws-sdk/client-sts's releases.

v3.1045.0

3.1045.0(2026-05-07)

Documentation Changes

• client-guardduty: This is a documentation update (1484574c)

New Features

• clients: update client endpoints as of 2026-05-07 (81310767)
• client-bcm-data-exports: With this release, customers can configure their data exports to generate additional integration artifacts for Athena and Redshift. (238da2c1)
• client-invoicing: Updated ListInvoiceSummaries API to add new ReceiverRole filter in Request and Response (60a448cb)
• client-bedrock-agentcore: Launching AgentCore payments - a capability that provides secure, instant microtransaction payments for AI agents to access paid APIs, MCP servers, and content. It handles payment processing for x402 protocol, payment limits, and 3P wallet integrations with Coinbase CDP and Stripe (Privy). (1e1031a7)
• client-ec2: DescribeInstanceTypes now accepts an IncludeUnsupportedInRegion parameter. When set, the response also lists instance types that are not available in the current Region. Each instance type includes a SupportedInRegion field indicating its regional availability. (70262433)
• client-bedrock-agentcore-control: Launching AgentCore payments - a capability that provides secure, instant microtransaction payments for AI agents to access paid APIs, MCP servers, and content. It handles payment processing for x402 protocol, payment limits, and 3P wallet integrations with Coinbase CDP and Stripe (Privy). (fe5861ae)
• client-route53resolver: Adds supports for DNS64 on inbound endpoints and IPv6 forwarding through the internet gateway (IGW) on outbound endpoints, making it easier to manage hybrid DNS across IPv4 and IPv6 networks. (8e6e18c6)

---

For list of updated packages, view updated-packages.md in assets-3.1045.0.zip

v3.1044.0

3.1044.0(2026-05-06)

New Features

• client-securityhub: Release GenerateRecommendedPolicyV2 and GetRecommendedPolicyV2 APIs. This supports generating and retrieving policy recommendations to remediate unused permissions findings that are now being supported on Security Hub. (772b8629)
• client-sagemaker: Amazon SageMaker HyperPod now returns ImageVersionStatus in DescribeCluster, DescribeClusterNode, and ListClusterNodes responses, indicating whether cluster instances are running the latest available image version. (2be7e6b4)
• client-glue: Adds support for a CustomLogGroupPrefix parameter in StartDataQualityRulesetEvaluationRun to specify custom CloudWatch log group paths, and a RulesetName filter in ListDataQualityRulesetEvaluationRuns to filter evaluation runs by ruleset name. (b95d850b)
• client-lex-models-v2: Amazon Lex V2 introduces audio filler support for speech-to-speech bots. Configure melody or typing sounds that play during backend processing to reduce perceived latency and maintain a natural conversational experience for callers. (01426f8e)
• client-bedrock-agentcore-control: Adds support for bring-your-own file system in AgentCore Runtime. Developers can mount Amazon S3 Files and Amazon EFS access points directly into agent sessions using filesystemConfigurations. (e20f24d9)
• client-s3: Validate outpost access point resource name (bee88a56)
• client-mwaa: Amazon MWAA now supports a PublicAndPrivate webserver access mode. The Airflow web server is accessible over both public and private endpoints, enabling workers in VPCs without internet access to reach the Task API privately while retaining public access to the Airflow UI. (3a6054ef)
• client-imagebuilder: The ImportDiskImage API now enforces a maximum character limit of 128 characters on the image name field. (7fc2565c)

Tests

• scripts: include type symbols in api snapshot test (#7985) (02f86176)

---

For list of updated packages, view updated-packages.md in assets-3.1044.0.zip

v3.1043.0

3.1043.0(2026-05-05)

New Features

... (truncated)

Changelog

Sourced from @​aws-sdk/client-sts's changelog.

3.1045.0 (2026-05-07)

Note: Version bump only for package @​aws-sdk/client-sts

3.1044.0 (2026-05-06)

Note: Version bump only for package @​aws-sdk/client-sts

3.1043.0 (2026-05-05)

Note: Version bump only for package @​aws-sdk/client-sts

3.1042.0 (2026-05-04)

Note: Version bump only for package @​aws-sdk/client-sts

3.1041.0 (2026-05-01)

Note: Version bump only for package @​aws-sdk/client-sts

3.1040.0 (2026-04-30)

Note: Version bump only for package @​aws-sdk/client-sts

3.1039.0 (2026-04-29)

... (truncated)

Commits

• b329def Publish v3.1045.0
• 1ccd438 Publish v3.1044.0
• 96baad9 Publish v3.1043.0
• d942e31 Publish v3.1042.0
• 5df4c01 Publish v3.1041.0
• 7736067 Publish v3.1040.0
• 51c8215 Publish v3.1039.0
• 3dfb72b chore(codegen): sync for adaptive retry fixes (#7970)
• 3fbf6c5 Publish v3.1038.0
• e9f8d8a chore(codegen): sync for typed waiter-result values (#7965)
• See full diff in compare view

Updates @types/node from 25.6.0 to 25.6.2

Commits

• See full diff in compare view

Updates aws-cdk-lib from 2.251.0 to 2.253.0

Release notes

Sourced from aws-cdk-lib's releases.

v2.253.0

Features

• update L1 CloudFormation resource definitions (#37753) (a661c2d)
• apigatewayv2-integrations: auto-include EventBusName in HttpEventBridgeIntegration default parameter mapping (#36780) (9734bb4), closes #36775
• core: add Fn::GetStackOutput for cross-region references (#37724) (ffae861)
• core: integrate construct annotations into validation report (#37712) (438bd0b)
• synthetics: add Playwright 5.1 and 6.0 runtimes (#37665) (c1afb43)
• emr instance fleet priority allocation (#35731) (db1188a), closes #35710 /github.com/aws/aws-cdk/blob/3ec6d06c7c58e4f14b3fb114d7c35dc6d01794d9/packages/aws-cdk-lib/aws-stepfunctions-tasks/lib/emr/private/cluster-utils.ts#L91

Bug Fixes

• cloudfront: skip cachePolicyName length validation for unresolved tokens (#37751) (3b96e97), closes #23567 #34102
• cloudwatch: remove false positive warning for CDK tokens in MathExpression (#36882) (c29dc17), closes #34977
• codebuild: correct S3 log encryption boolean inversion (#37761) (4031918)
• ecs: enabling the circuitBreaker is not recommended loudly enough (#37755) (a52af7d)
• eks: add dependency from HelmChart custom resource to s3 chartAsset IAM policy (#37731) (99d0a5b), closes #19880

---

Alpha modules (2.253.0-alpha.0)

Features

• bedrock-agentcore-alpha: add OnlineEvaluationConfig and Evaluator L2 constructs (#37615) (c13de04), closes #37614
• glue-alpha: add extraPythonFiles support to PythonShellJob (#37130) (c9c6f9c), closes #34448

Bug Fixes

• bedrock-agentcore-alpha: self-managed memory strategy validation throws on unresolved tokens (#37691) (7956537), closes #37197

v2.252.0

Features

• core: Validations class now supports addWarning, addError, and acknowledge (#37668) (5e8083c), closes aws/aws-cdk-rfcs#899
• core: add Box API for deferred values with accurate stack traces (#37604) (d592a96)

Bug Fixes

• aws-cdk-lib: cannot be used as a bundledDependency (#37726) (6ba0598), closes #37717
• s3: resolve S3 notification removal race condition (#37708) (dc5be98), closes #37667

---

Alpha modules (2.252.0-alpha.0)

Changelog

Sourced from aws-cdk-lib's changelog.

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

2.253.0-alpha.0 (2026-05-06)

Features

• bedrock-agentcore-alpha: add OnlineEvaluationConfig and Evaluator L2 constructs (#37615) (c13de04), closes #37614
• glue-alpha: add extraPythonFiles support to PythonShellJob (#37130) (c9c6f9c), closes #34448

Bug Fixes

• bedrock-agentcore-alpha: self-managed memory strategy validation throws on unresolved tokens (#37691) (7956537), closes #37197

2.252.0-alpha.0 (2026-04-29)

2.251.0-alpha.0 (2026-04-24)

Features

• bedrock-agentcore-alpha: add L2 constructs for policy and policy engine (#37238) (1e89e7e)
• bedrock-agentcore-alpha: add observability configuration for Runtime (#36689) (34b43aa), closes #36596
• bedrock-agentcore-alpha: support No Authorization for AgentCore Gateway (#36610) (f20bd8e)
• dsql-alpha: initial L2 construct (#34599) (be1a458), closes #34593

2.250.0-alpha.0 (2026-04-14)

2.249.0-alpha.0 (2026-04-10)

2.248.0-alpha.0 (2026-04-02)

2.247.0-alpha.0 (2026-04-02)

Features

• mediapackagev2-alpha: new L2 construct (#37279) (7debfb9)

2.246.0-alpha.0 (2026-03-31)

2.245.0-alpha.0 (2026-03-27)

Features

• s3tables-alpha: add support for partition spec, sort order, and table properties (#36811) (2696cd1)

... (truncated)

Commits

• 55a4299 chore: update analytics metadata blueprints
• e9c0b5a chore(release): 2.253.0
• a52af7d fix(ecs): enabling the circuitBreaker is not recommended loudly enough (#37755)
• a661c2d feat: update L1 CloudFormation resource definitions (#37753)
• c29dc17 fix(cloudwatch): remove false positive warning for CDK tokens in MathExpressi...
• dedf99b chore: replace Lazy with IBox (#37739)
• 4031918 fix(codebuild): correct S3 log encryption boolean inversion (#37761)
• 99d0a5b fix(eks): add dependency from HelmChart custom resource to s3 chartAsset IAM ...
• 438bd0b feat(core): integrate construct annotations into validation report (#37712)
• 278daf0 chore(rds): add PostgreSQL instance engine versions 14.22, 15.17, 17.9, 18.3 ...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions