Bump the all-npm group with 6 updates

[dependabot]

Bumps the all-npm group with 6 updates:

Package	From	To
@aws-sdk/client-cloudwatch	3.946.0	3.949.0
@aws-sdk/client-eventbridge	3.946.0	3.948.0
@aws-sdk/client-sns	3.946.0	3.948.0
@aws-sdk/client-sts	3.946.0	3.948.0
@biomejs/biome	2.3.8	2.3.9
@types/node	24.10.1	25.0.2

Updates @aws-sdk/client-cloudwatch from 3.946.0 to 3.949.0

Release notes

Sourced from @​aws-sdk/client-cloudwatch's releases.

v3.949.0

3.949.0(2025-12-10)

Chores

• codegen: release v0.39.1 (#7563) (889945d9)

New Features

• client-bedrock: Automated Reasoning checks in Amazon Bedrock Guardrails is capable of generating policy scenarios to validate policies. The GetAutomatedReasoningPolicyBuildWorkflowResultAssets API now adds POLICY SCENARIO asset type, allowing customers to retrieve scenarios generated by the build workflow. (8effad7b)
• client-opensearch: The CreateApplication API now supports an optional kms key arn parameter to allow customers to specify a CMK for application encryption. (2bd525c2)
• client-partnercentral-selling: Adds support for the new Project.AwsPartition field on Opportunity and AWS Opportunity Summary. Use this field to specify the AWS partition where the opportunity will be deployed. (885fb630)
• client-cloudwatch: This release introduces two additional protocols AWS JSON 1.1 and Smithy RPC v2 CBOR, replacing the currently utilized one, AWSQuery. AWS SDKs will prioritize the protocol that is the most performant for each language. (82cfae7d)
• client-billingconductor: Launch itemized custom line item and service line item filter (a4ba672c)
• client-odb: The following APIs now return CloudExadataInfrastructureArn and OdbNetworkArn fields for improved resource identification and AWS service integration - GetCloudVmCluster, ListCloudVmClusters, GetCloudAutonomousVmCluster, and ListCloudAutonomousVmClusters. (0cfa1d42)
• client-signer: Adds support for Signer GetRevocationStatus with updated endpoints (12376a15)

---

For list of updated packages, view updated-packages.md in assets-3.949.0.zip

v3.948.0

3.948.0(2025-12-09)

Chores

• middleware-recursion-detection: upgrade lambda-invoke-store dependency (#7559) (dbc65195)

New Features

• clients: update client endpoints as of 2025-12-09 (012e1f9a)
• client-mgn: Added parameters encryption, IPv4/IPv6 protocol configuration, and enhanced tagging support for replication operations. (a0a347c6)
• client-guardduty: Adding support for Ec2LaunchTemplate Version field (4903763d)
• client-appsync: Update Event API to require EventConfig parameter in creation and update requests. (6298ec44)
• client-route-53: Amazon Route 53 now supports the EU (Germany) Region (eusc-de-east-1) for latency records, geoproximity records, and private DNS for Amazon VPCs in that region (c21e90bc)
• client-account: This release adds a new API (GetGovCloudAccountInformation) used to retrieve information about a linked GovCloud account from the standard AWS partition. (ae9e6fce)
• client-ivs-realtime: Token Exchange introduces seamless token exchange capabilities for IVS RTX, enabling customers to upgrade or downgrade token capabilities and update token attributes within the IVS client SDK without forcing clients to disconnect and reconnect. (db225910)

---

For list of updated packages, view updated-packages.md in assets-3.948.0.zip

v3.947.0

3.947.0(2025-12-08)

Chores

• codegen: service closure knowledge index (#7554) (731dbfef)

... (truncated)

Changelog

Sourced from @​aws-sdk/client-cloudwatch's changelog.

3.949.0 (2025-12-10)

Features

• client-cloudwatch: This release introduces two additional protocols AWS JSON 1.1 and Smithy RPC v2 CBOR, replacing the currently utilized one, AWSQuery. AWS SDKs will prioritize the protocol that is the most performant for each language. (82cfae7)

3.948.0 (2025-12-09)

Note: Version bump only for package @​aws-sdk/client-cloudwatch

3.947.0 (2025-12-08)

Note: Version bump only for package @​aws-sdk/client-cloudwatch

Commits

• c7e71e8 Publish v3.949.0
• 82cfae7 feat(client-cloudwatch): This release introduces two additional protocols AWS...
• c6e71bf Publish v3.948.0
• 656bd00 Publish v3.947.0
• 731dbfe chore(codegen): service closure knowledge index (#7554)
• See full diff in compare view

Updates @aws-sdk/client-eventbridge from 3.946.0 to 3.948.0

Release notes

Sourced from @​aws-sdk/client-eventbridge's releases.

v3.948.0

3.948.0(2025-12-09)

Chores

• middleware-recursion-detection: upgrade lambda-invoke-store dependency (#7559) (dbc65195)

New Features

• clients: update client endpoints as of 2025-12-09 (012e1f9a)
• client-mgn: Added parameters encryption, IPv4/IPv6 protocol configuration, and enhanced tagging support for replication operations. (a0a347c6)
• client-guardduty: Adding support for Ec2LaunchTemplate Version field (4903763d)
• client-appsync: Update Event API to require EventConfig parameter in creation and update requests. (6298ec44)
• client-route-53: Amazon Route 53 now supports the EU (Germany) Region (eusc-de-east-1) for latency records, geoproximity records, and private DNS for Amazon VPCs in that region (c21e90bc)
• client-account: This release adds a new API (GetGovCloudAccountInformation) used to retrieve information about a linked GovCloud account from the standard AWS partition. (ae9e6fce)
• client-ivs-realtime: Token Exchange introduces seamless token exchange capabilities for IVS RTX, enabling customers to upgrade or downgrade token capabilities and update token attributes within the IVS client SDK without forcing clients to disconnect and reconnect. (db225910)

---

For list of updated packages, view updated-packages.md in assets-3.948.0.zip

v3.947.0

3.947.0(2025-12-08)

Chores

• codegen: service closure knowledge index (#7554) (731dbfef)
• core/client: emit warning for Node.js 18.x end-of-support (#7540) (fee7ba1d)

Documentation Changes

• add support policy section for Node.js/ECMAScript versions (#7556) (bf1f6e0b)

New Features

• clients: update client endpoints as of 2025-12-08 (7e0d61b2)
• client-cost-explorer: Add support for Cost Category resource associations including filtering by resource type on ListCostCategoryDefinitions and new ListCostCategoryResourceAssociations API. (011b4f65)
• client-sesv2: Update Mail Manager Archive ARN validation (18c203b2)
• client-redshift-serverless: Added GetIdentityCenterAuthToken API to retrieve encrypted authentication tokens for Identity Center integrated serverless workgroups. This API enables programmatic access to secure Identity Center tokens with proper error handling and parameter validation across supported SDK languages. (c3d27769)
• client-identitystore: Updating AWS Identity Store APIs to support Attribute Extensions capability, with the first release adding Enterprise Attributes. This launch aligns Identity Store APIs with SCIM for enterprise attributes, reducing cases when customers are forced to use SCIM due to lack of SigV4 API support. (14887fde)
• client-rds: Adding support for tagging RDS Instance/Cluster Automated Backups (41b9a139)
• client-partnercentral-selling: Deal Sizing Service for AI-based deal size estimation with AWS service-level breakdown, supporting Expansion and Migration deals across Technology, and Reseller partner cohorts, including Pricing Calculator AddOn for MAP deals and funding incentives. (867598e2)
• client-rolesanywhere: Increases certificate string length for trust anchor source data to support ML-DSA certificates. (481b863e)
• client-ec2: Amazon EC2 P6-B300 instances provide 8x NVIDIA Blackwell Ultra GPUs with 2.1 TB high bandwidth GPU memory, 6.4 Tbps EFA networking, 300 Gbps dedicated ENA throughput, and 4 TB of system memory. Amazon EC2 C8a instances are powered by 5th Gen AMD EPYC processors with a maximum frequency of 4.5 GHz. (229ff011)

Tests

• core/protocols: add test and additional condition for xml declaration (#7552) (c83c986a)

... (truncated)

Changelog

Sourced from @​aws-sdk/client-eventbridge's changelog.

3.948.0 (2025-12-09)

Note: Version bump only for package @​aws-sdk/client-eventbridge

3.947.0 (2025-12-08)

Note: Version bump only for package @​aws-sdk/client-eventbridge

Commits

• c6e71bf Publish v3.948.0
• 656bd00 Publish v3.947.0
• 731dbfe chore(codegen): service closure knowledge index (#7554)
• See full diff in compare view

Updates @aws-sdk/client-sns from 3.946.0 to 3.948.0

Release notes

Sourced from @​aws-sdk/client-sns's releases.

v3.948.0

3.948.0(2025-12-09)

Chores

• middleware-recursion-detection: upgrade lambda-invoke-store dependency (#7559) (dbc65195)

New Features

• clients: update client endpoints as of 2025-12-09 (012e1f9a)
• client-mgn: Added parameters encryption, IPv4/IPv6 protocol configuration, and enhanced tagging support for replication operations. (a0a347c6)
• client-guardduty: Adding support for Ec2LaunchTemplate Version field (4903763d)
• client-appsync: Update Event API to require EventConfig parameter in creation and update requests. (6298ec44)
• client-route-53: Amazon Route 53 now supports the EU (Germany) Region (eusc-de-east-1) for latency records, geoproximity records, and private DNS for Amazon VPCs in that region (c21e90bc)
• client-account: This release adds a new API (GetGovCloudAccountInformation) used to retrieve information about a linked GovCloud account from the standard AWS partition. (ae9e6fce)
• client-ivs-realtime: Token Exchange introduces seamless token exchange capabilities for IVS RTX, enabling customers to upgrade or downgrade token capabilities and update token attributes within the IVS client SDK without forcing clients to disconnect and reconnect. (db225910)

---

For list of updated packages, view updated-packages.md in assets-3.948.0.zip

v3.947.0

3.947.0(2025-12-08)

Chores

• codegen: service closure knowledge index (#7554) (731dbfef)
• core/client: emit warning for Node.js 18.x end-of-support (#7540) (fee7ba1d)

Documentation Changes

• add support policy section for Node.js/ECMAScript versions (#7556) (bf1f6e0b)

New Features

• clients: update client endpoints as of 2025-12-08 (7e0d61b2)
• client-cost-explorer: Add support for Cost Category resource associations including filtering by resource type on ListCostCategoryDefinitions and new ListCostCategoryResourceAssociations API. (011b4f65)
• client-sesv2: Update Mail Manager Archive ARN validation (18c203b2)
• client-redshift-serverless: Added GetIdentityCenterAuthToken API to retrieve encrypted authentication tokens for Identity Center integrated serverless workgroups. This API enables programmatic access to secure Identity Center tokens with proper error handling and parameter validation across supported SDK languages. (c3d27769)
• client-identitystore: Updating AWS Identity Store APIs to support Attribute Extensions capability, with the first release adding Enterprise Attributes. This launch aligns Identity Store APIs with SCIM for enterprise attributes, reducing cases when customers are forced to use SCIM due to lack of SigV4 API support. (14887fde)
• client-rds: Adding support for tagging RDS Instance/Cluster Automated Backups (41b9a139)
• client-partnercentral-selling: Deal Sizing Service for AI-based deal size estimation with AWS service-level breakdown, supporting Expansion and Migration deals across Technology, and Reseller partner cohorts, including Pricing Calculator AddOn for MAP deals and funding incentives. (867598e2)
• client-rolesanywhere: Increases certificate string length for trust anchor source data to support ML-DSA certificates. (481b863e)
• client-ec2: Amazon EC2 P6-B300 instances provide 8x NVIDIA Blackwell Ultra GPUs with 2.1 TB high bandwidth GPU memory, 6.4 Tbps EFA networking, 300 Gbps dedicated ENA throughput, and 4 TB of system memory. Amazon EC2 C8a instances are powered by 5th Gen AMD EPYC processors with a maximum frequency of 4.5 GHz. (229ff011)

Tests

• core/protocols: add test and additional condition for xml declaration (#7552) (c83c986a)

... (truncated)

Changelog

Sourced from @​aws-sdk/client-sns's changelog.

3.948.0 (2025-12-09)

Note: Version bump only for package @​aws-sdk/client-sns

3.947.0 (2025-12-08)

Note: Version bump only for package @​aws-sdk/client-sns

Commits

• c6e71bf Publish v3.948.0
• 656bd00 Publish v3.947.0
• 731dbfe chore(codegen): service closure knowledge index (#7554)
• See full diff in compare view

Updates @aws-sdk/client-sts from 3.946.0 to 3.948.0

Release notes

Sourced from @​aws-sdk/client-sts's releases.

v3.948.0

3.948.0(2025-12-09)

Chores

• middleware-recursion-detection: upgrade lambda-invoke-store dependency (#7559) (dbc65195)

New Features

• clients: update client endpoints as of 2025-12-09 (012e1f9a)
• client-mgn: Added parameters encryption, IPv4/IPv6 protocol configuration, and enhanced tagging support for replication operations. (a0a347c6)
• client-guardduty: Adding support for Ec2LaunchTemplate Version field (4903763d)
• client-appsync: Update Event API to require EventConfig parameter in creation and update requests. (6298ec44)
• client-route-53: Amazon Route 53 now supports the EU (Germany) Region (eusc-de-east-1) for latency records, geoproximity records, and private DNS for Amazon VPCs in that region (c21e90bc)
• client-account: This release adds a new API (GetGovCloudAccountInformation) used to retrieve information about a linked GovCloud account from the standard AWS partition. (ae9e6fce)
• client-ivs-realtime: Token Exchange introduces seamless token exchange capabilities for IVS RTX, enabling customers to upgrade or downgrade token capabilities and update token attributes within the IVS client SDK without forcing clients to disconnect and reconnect. (db225910)

---

For list of updated packages, view updated-packages.md in assets-3.948.0.zip

v3.947.0

3.947.0(2025-12-08)

Chores

• codegen: service closure knowledge index (#7554) (731dbfef)
• core/client: emit warning for Node.js 18.x end-of-support (#7540) (fee7ba1d)

Documentation Changes

• add support policy section for Node.js/ECMAScript versions (#7556) (bf1f6e0b)

New Features

• clients: update client endpoints as of 2025-12-08 (7e0d61b2)
• client-cost-explorer: Add support for Cost Category resource associations including filtering by resource type on ListCostCategoryDefinitions and new ListCostCategoryResourceAssociations API. (011b4f65)
• client-sesv2: Update Mail Manager Archive ARN validation (18c203b2)
• client-redshift-serverless: Added GetIdentityCenterAuthToken API to retrieve encrypted authentication tokens for Identity Center integrated serverless workgroups. This API enables programmatic access to secure Identity Center tokens with proper error handling and parameter validation across supported SDK languages. (c3d27769)
• client-identitystore: Updating AWS Identity Store APIs to support Attribute Extensions capability, with the first release adding Enterprise Attributes. This launch aligns Identity Store APIs with SCIM for enterprise attributes, reducing cases when customers are forced to use SCIM due to lack of SigV4 API support. (14887fde)
• client-rds: Adding support for tagging RDS Instance/Cluster Automated Backups (41b9a139)
• client-partnercentral-selling: Deal Sizing Service for AI-based deal size estimation with AWS service-level breakdown, supporting Expansion and Migration deals across Technology, and Reseller partner cohorts, including Pricing Calculator AddOn for MAP deals and funding incentives. (867598e2)
• client-rolesanywhere: Increases certificate string length for trust anchor source data to support ML-DSA certificates. (481b863e)
• client-ec2: Amazon EC2 P6-B300 instances provide 8x NVIDIA Blackwell Ultra GPUs with 2.1 TB high bandwidth GPU memory, 6.4 Tbps EFA networking, 300 Gbps dedicated ENA throughput, and 4 TB of system memory. Amazon EC2 C8a instances are powered by 5th Gen AMD EPYC processors with a maximum frequency of 4.5 GHz. (229ff011)

Tests

• core/protocols: add test and additional condition for xml declaration (#7552) (c83c986a)

... (truncated)

Changelog

Sourced from @​aws-sdk/client-sts's changelog.

3.948.0 (2025-12-09)

Note: Version bump only for package @​aws-sdk/client-sts

3.947.0 (2025-12-08)

Note: Version bump only for package @​aws-sdk/client-sts

Commits

• c6e71bf Publish v3.948.0
• 656bd00 Publish v3.947.0
• 731dbfe chore(codegen): service closure knowledge index (#7554)
• See full diff in compare view

Updates @biomejs/biome from 2.3.8 to 2.3.9

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.3.9

2.3.9

Patch Changes

• #8232 84c9e08 Thanks @​ruidosujeira! - Added the nursery rule noScriptUrl.

  This rule disallows the use of javascript: URLs, which are considered a form of eval and can pose security risks such as XSS vulnerabilities.

  <a href="javascript:alert('XSS')">Click me</a>

• #8341 343dc4d Thanks @​arendjr! - Added the nursery rule useAwaitThenable, which enforces that await is only used on Promise values.

  Invalid

  await "value";
  const createValue = () => "value";
  await createValue();

  Caution

  This is a first iteration of the rule, and does not yet detect generic "thenable" values.

• #8034 e7e0f6c Thanks @​Netail! - Added the nursery rule useRegexpExec. Enforce RegExp#exec over String#match if no global flag is provided.

• #8137 d407efb Thanks @​denbezrukov! - Reduced the internal memory used by the Biome formatter.

• #8281 30b046f Thanks @​tylersayshi! - Added the rule useRequiredScripts, which enforces presence of configurable entries in the scripts section of package.json files.

• #8290 d74c8bd Thanks @​dyc3! - The HTML formatter has been updated to match Prettier 3.7's behavior for handling <iframe>'s allow attribute.

  - <iframe allow="layout-animations 'none'; unoptimized-images 'none'; oversized-images 'none'; sync-script 'none'; sync-xhr 'none'; unsized-media 'none';"></iframe>
  + <iframe
  + 	allow="
  + 		layout-animations 'none';
  + 		unoptimized-images 'none';
  + 		oversized-images 'none';
  + 		sync-script 'none';
  + 		sync-xhr 'none';
  + 		unsized-media 'none';
  + 	"
  + ></iframe>

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.3.9

Patch Changes

• #8232 84c9e08 Thanks @​ruidosujeira! - Added the nursery rule noScriptUrl.

  This rule disallows the use of javascript: URLs, which are considered a form of eval and can pose security risks such as XSS vulnerabilities.

  <a href="javascript:alert('XSS')">Click me</a>

• #8341 343dc4d Thanks @​arendjr! - Added the nursery rule useAwaitThenable, which enforces that await is only used on Promise values.

  Invalid

  await "value";
  const createValue = () => "value";
  await createValue();

  Caution

  This is a first iteration of the rule, and does not yet detect generic "thenable" values.

• #8034 e7e0f6c Thanks @​Netail! - Added the nursery rule useRegexpExec. Enforce RegExp#exec over String#match if no global flag is provided.

• #8137 d407efb Thanks @​denbezrukov! - Reduced the internal memory used by the Biome formatter.

• #8281 30b046f Thanks @​tylersayshi! - Added the rule useRequiredScripts, which enforces presence of configurable entries in the scripts section of package.json files.

• #8290 d74c8bd Thanks @​dyc3! - The HTML formatter has been updated to match Prettier 3.7's behavior for handling <iframe>'s allow attribute.

  - <iframe allow="layout-animations 'none'; unoptimized-images 'none'; oversized-images 'none'; sync-script 'none'; sync-xhr 'none'; unsized-media 'none';"></iframe>
  + <iframe
  + 	allow="
  + 		layout-animations 'none';
  + 		unoptimized-images 'none';
  + 		oversized-images 'none';
  + 		sync-script 'none';
  + 		sync-xhr 'none';
  + 		unsized-media 'none';
  + 	"
  + ></iframe>

• #8302 d1d5014 Thanks @​mlafeldt! - Fixed #8109: return statements in Astro frontmatter no longer trigger "Illegal return statement" errors when using experimentalFullSupportEnabled.

... (truncated)

Commits

• ec43141 ci: release (#8469)
• 382786b fix(lint): remove useExhaustiveDependencies spurious errors on dependency-f...
• fc32352 fix: improve rustdoc for IndentStyle (#8425)
• 09acf2a feat(lint): update docs & diagnostic for lint/nursery/noProto (#8414)
• 84c9e08 feat: implement noScriptUrl rule (#8232)
• d407efb refactor(formatter): reduce best fitting allocations (#8137)
• 3710702 feat(lint): implement useDestructuring (#8335)
• 111ff34 chore: move depot to platinum sponsor (#8337)
• 343dc4d feat(linter): implement useAwaitThenable (#8341)
• 153e3c6 fix(lint): improve noBiomeFirstException (#8326)
• Additional commits viewable in compare view

Updates @types/node from 24.10.1 to 25.0.2

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions