chore(deps): bump the npm group across 1 directory with 5 updates

[dependabot]

Bumps the npm group with 4 updates in the /source/image-handler directory: @aws-sdk/client-s3, @aws-lambda-powertools/logger, @types/aws-lambda and tsup.

Updates @aws-sdk/client-s3 from 3.921.0 to 3.937.0

Release notes

Sourced from @​aws-sdk/client-s3's releases.

v3.937.0

3.937.0(2025-11-20)

Chores

• api record update (#7514) (8109474f)

Documentation Changes

• client-kinesis: Kinesis Data Streams now supports up to 50 Enhance Fan-out consumers for On-demand Advantage Streams. On-demand Standard and Provisioned streams will continue with the existing limit of 20 consumers for Enhanced Fan-out. (dc1ec575)

New Features

• clients: update client endpoints as of 2025-11-20 (a15a5b22)
• client-dsql: Added clusterVpcEndpoint field to GetVpcEndpointServiceName API response, returning the VPC connection endpoint for the cluster (9fe2380d)
• client-bedrock-data-automation: Added support for Synchronous project type and PII Detection and Redaction (fe8bca9f)
• client-budgets: Add BillingViewHealthStatusException to DescribeBudgetPerformanceHistory and ServiceQuotaExceededException to UpdateBudget for improved error handling with Billing Views. (bdce2a67)
• client-s3: Enable / Disable ABAC on a general purpose bucket. (9816b260)
• client-networkmanager: This release adds support for Cloud WAN Routing Policy providing customers sophisticated routing controls to better manage their global networks (14daa70a)
• client-redshift-data: Increasing the length limit of Statement Name from 500 to 2048. (3091e42a)
• client-elastic-load-balancing-v2: This release adds the target optimizer feature in ALB, enabling strict concurrency enforcement on targets. (3da0b3fc)
• client-lakeformation: Added ServiceIntegrations as a request parameter for CreateLakeFormationIdentityCenterConfigurationRequest and UpdateLakeFormationIdentityCenterConfigurationRequest and response parameter for DescribeLakeFormationIdentityCenterConfigurationResponse (7615a8bc)
• client-braket: Add support for Braket spending limits. (13f6f508)
• client-sagemaker: Added training plan support for inference endpoints. Added HyperPod task governance with accelerator partition-based quota allocation. Added BatchRebootClusterNodes and BatchReplaceClusterNodes APIs. Updated ListClusterNodes to include privateDnsHostName. (859f793a)
• client-ec2: This release adds support for multiple features including: VPC Encryption Control for the status of traffic flow; S2S VPN BGP Logging; TGW Flexible Costs; IPAM allocation of static IPs from IPAM pools to CF Anycast IP lists used on CloudFront distribution; and EBS Volume Integration with Recycle Bin (6fdcb506)
• client-cloudtrail: AWS launches CloudTrail aggregated events to simplify monitoring of data events at scale. This feature delivers both granular and summarized data events for resources like S3/Lambda, helping security teams identify patterns without custom aggregation logic. (d7c651c8)
• client-emr: Add support for configuring S3 destination for step logs on a per-step basis. (b24d79f6)
• client-datasync: The partition value "aws-eusc" is now permitted for ARN (Amazon Resource Name) fields. (8a6adcf7)
• client-connect: Add optional ability to exclude users from send notification actions for Contact Lens Rules. (15d923a3)
• client-ecs: Launching Amazon ECS Express Mode - a new feature that enables developers to quickly launch highly available, scalable containerized applications with a single command. (f77f87ba)
• client-quicksight: Introducing comprehensive theme styling controls. New features include border customization (radius, width, color), flexible padding controls, background styling for cards and sheets, centralized typography management, and visual-level override support across layouts. (cd0d876d)
• client-rbin: Add support for EBS volume in Recycle Bin (7fdeb129)
• client-auto-scaling: This release adds support for three new features: 1) Image ID overrides in mixed instances policy, 2) Replace Root Volume - a new strategy for Instance Refresh, and 3) Instance Lifecycle Policy for enhanced instance lifecycle management. (fff870ea)
• client-imagebuilder: EC2 Image Builder now enables the distribution of existing AMIs, retry distribution, and define distribution workflows. It also supports automatic versioning for recipes and components, allowing automatic version increments and dynamic referencing in pipelines. (0d2985c2)
• client-bedrock-agentcore: Bedrock AgentCore Memory release for redriving memory extraction jobs (StartMemoryExtractionJob and ListMemoryExtractionJob) (e5cc06e3)
• client-rds: Add support for VPC Encryption Controls. (e91f3548)
• client-cloudfront: This release adds support for bring your own IP (BYOIP) to CloudFront's CreateAnycastIpList API through an optional IpamCidrConfigs field. (aa047c72)
• client-bedrock-data-automation-runtime: Bedrock Data Automation Runtime Sync API (f14c750f)
• client-license-manager: Added cross-account resource aggregation via license asset groups and expiry tracking for Self-Managed Licenses. Extended Org-Wide View to Self-Managed Licenses, added reporting for license asset groups, and removed Athena/Glue dependencies for cross-account resource discovery in commercial regions. (54276060)
• client-glue: Added FunctionType parameter to Glue GetuserDefinedFunctions. (db36a145)
• client-securityhub: Release Findings and Resources Trends APIs- GetFindingsTrendsV2 and GetResourcesTrendsV2. This supports time-series aggregated counts with composite filtering for 1-year of historical data analysis of Findings and Resources. (82511def)
• client-application-signals: Amazon CloudWatch Application Signals now supports un-instrumented services discovery, cross-account views, and change history, helping SRE and DevOps teams monitor and troubleshoot their large-scale distributed applications. (0da48ba7)
• client-database-migration-service: Added support for customer-managed KMS key (CMK) for encryption for import private key certificate. Additionally added Amazon SageMaker Lakehouse endpoint used for zero-ETL integrations with data warehouses. (7edb9744)
• client-device-farm: Add support for environment variables and an IAM execution role. (3476f4df)
• client-organizations: Added new APIs for Billing Transfer, new policy type INSPECTOR_POLICY, and allow an account to transfer between organizations (674519a3)

---

For list of updated packages, view updated-packages.md in assets-3.937.0.zip

... (truncated)

Changelog

Sourced from @​aws-sdk/client-s3's changelog.

3.937.0 (2025-11-20)

Features

• client-s3: Enable / Disable ABAC on a general purpose bucket. (9816b26)

3.936.0 (2025-11-19)

Note: Version bump only for package @​aws-sdk/client-s3

3.935.0 (2025-11-19)

Features

• client-s3: Adds support for blocking SSE-C writes to general purpose buckets. (cee2e72)

3.934.0 (2025-11-18)

Note: Version bump only for package @​aws-sdk/client-s3

3.933.0 (2025-11-17)

Note: Version bump only for package @​aws-sdk/client-s3

3.932.0 (2025-11-14)

Bug Fixes

... (truncated)

Commits

• 9981cbc Publish v3.937.0
• 9816b26 feat(client-s3): Enable / Disable ABAC on a general purpose bucket.
• a180cc7 Publish v3.936.0
• c31b14b Publish v3.935.0
• cee2e72 feat(client-s3): Adds support for blocking SSE-C writes to general purpose bu...
• ac2be51 chore(codegen): update for smithy/core serde fixes (#7511)
• 3b6a4d9 Publish v3.934.0
• 674fae6 Publish v3.933.0
• c28f46d Publish v3.932.0
• 6de803d fix(core/protocols): decorate service exceptions with unmodeled fields (#7504)
• Additional commits viewable in compare view

Updates sharp from 0.34.4 to 0.34.5

Release notes

Sourced from sharp's releases.

v0.34.5

• Upgrade to libvips v8.17.3 for upstream bug fixes.

• Add experimental support for prebuilt Linux RISC-V 64-bit binaries.

• Support building from source with npm v12+, deprecate --build-from-source flag. #4458

• Add support for BigTIFF output. #4459 @​throwbi

• Improve error messaging when only warnings issued. #4465

• Simplify ICC processing when retaining input profiles. #4468

v0.34.5-rc.1

• Upgrade to libvips v8.17.3 for upstream bug fixes.

• Add experimental support for prebuilt Linux RISC-V 64-bit binaries.

• Support building from source with npm v12+, deprecate --build-from-source flag. #4458

• Add support for BigTIFF output. #4459 @​throwbi

• Improve error messaging when only warnings issued. #4465

• Simplify ICC processing when retaining input profiles. #4468

v0.34.5-rc.0

• Upgrade to libvips v8.17.3 for upstream bug fixes.

• Add experimental support for prebuilt Linux RISC-V 64-bit binaries.

• Support building from source with npm v12+, deprecate --build-from-source flag. #4458

• Add support for BigTIFF output. #4459 @​throwbi

• Improve error messaging when only warnings issued. #4465

... (truncated)

Commits

• e062456 Release v0.34.5
• 6450c70 Prerelease v0.34.5-rc.1
• f7c95d1 TypeScript: consolidate a few enum-like properties
• ef86a75 Prerelease v0.34.5-rc.0
• 6c1e840 Use structured binding for tuples where possible
• e1628d8 Simplify ICC processing when retaining input profiles #4468
• 4f9f817 Linter: apply all recommended biome settings
• 09d5aa8 Docs: update internal and libvips doc links
• 040b73c Upgrade to libvips v8.17.3
• 1f2f33d Ensure licensing headers are retained by code bundlers
• Additional commits viewable in compare view

Updates @aws-lambda-powertools/logger from 2.28.1 to 2.29.0

Release notes

Sourced from @​aws-lambda-powertools/logger's releases.

v2.29.0

Summary

🎉 Powertools for AWS Lambda (Typescript) - Event Handler Utility is now Generally Available (GA)

Docs

We're excited to announce that the Event Handler utility is now production-ready! 🚀 Event Handler provides lightweight routing to reduce boilerplate for API Gateway REST/HTTP API, ALB and Lambda Function URLs.

⭐ Congratulations to @​yoshi-taka, @​iamgerg, @​fidelisojeah, and @​benthorner for their first PR merged in the project 🎉

Import path update

With Event Handler moving to GA, the import path has changed from the experimental namespace to a stable one.

// Before
import { Router } from '@aws-lambda-powertools/event-handler/experimental-rest';
// Now
import { Router } from '@​aws-lambda-powertools/event-handler/http';

Support for HTTP APIs, ALB, and Function URL

Event Handler now supports HTTP APIs (API Gateway v2), Application Load Balancers (ALB) and Lambda Function URL in addition to the existing REST API and support. This means you can use the same routing API across different AWS services, making it easier to build and migrate serverless applications regardless of your chosen architecture.

import { Router } from '@aws-lambda-powertools/event-handler/http';
import type {
  ALBEvent,
  APIGatewayProxyEvent,
  APIGatewayProxyEventV2,
  Context,
  LambdaFunctionURLEvent,
} from 'aws-lambda';
const app = new Router();
app.get('/hello', () => {
return {
message: 'Hello Event Handler!',
};
});
// Works across different services without any changes
export const restApiHandler = (event: APIGatewayProxyEvent, context: Context) =>
app.resolve(event, context);
export const httpApiHandler = (
</tr></table>

... (truncated)

Changelog

Sourced from @​aws-lambda-powertools/logger's changelog.

2.29.0 (2025-11-21)

Improvements

• commons Make trace ID access more robust (#4693) (b26cd2c)

Bug Fixes

• logger infinite loop on log buffer when item size is max bytes (#4741) (f0677d4)
• logger not passing persistent keys to children (#4740) (eafbe13)
• event-handler moved the response mutation logic to the composeMiddleware function (#4773) (2fe04e3)
• event-handler handle repeated queryString values (#4755) (5d3cf2d)
• event-handler allow event handler response to return array (#4725) (eef92ca)

Features

• logger use async local storage for logger (#4668) (4507fcc)
• metrics use async local storage for metrics (#4663) (#4694) (2e08f74)
• parser add type for values parsed by DynamoDBStreamRecord (#4793) (c2bd849)
• batch use async local storage for batch processing (#4700) (67a8de7)
• event-handler add support for ALB (#4759) (a470892)
• event-handler expose response streaming in public API (#4743) (be4e4e2)
• event-handler add first-class support for binary responses (#4723) (13dbcdc)
• event-handler Add support for HTTP APIs (API Gateway v2) (#4714) (2f70018)

Maintenance

• tracer bump aws-xray-sdk-core from 3.11.0 to 3.12.0 (#4792) (afb5678)
• event-handler unflag http handler from experimental (#4801) (a2deb8d)

Commits

• fa726e0 chore(ci): bump version to 2.29.0 (#4802)
• a2deb8d chore(event-handler): unflag http handler from experimental (#4801)
• c2bd849 feat(parser): add type for values parsed by DynamoDBStreamRecord (#4793)
• afb5678 chore(deps): bump aws-xray-sdk-core from 3.11.0 to 3.12.0 (#4792)
• 8806cad docs(event-handler): added documentation for support for HTTP API, ALB and FU...
• d2e0fcc chore(deps): upgrade InvokeStore to v0.2.1 (#4794)
• bccd0b1 docs(event-handler): add response streaming docs (#4786)
• 2279f9b chore(deps): bump mkdocs-llmstxt from 0.4.0 to 0.5.0 in /docs (#4789)
• 12c5e63 chore(deps): bump actions/checkout from 5.0.1 to 6.0.0 (#4788)
• 943bb4f docs(event-handler): update binary response docs (#4783)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​aws-lambda-powertools/logger since your current version.

Updates @types/aws-lambda from 8.10.157 to 8.10.159

Commits

• See full diff in compare view

Updates tsup from 8.5.0 to 8.5.1

Release notes

Sourced from tsup's releases.

v8.5.1

   🐞 Bug Fixes

• Add script tag validation  -  by @​benhoad in egoist/tsup#1314 (df736)
• Update esbuild to fix sourcemap source issue  -  by @​ArcherGu and @​sxzz in egoist/tsup#1316 (fb8ae)

    View changes on GitHub

Commits

• 1ecb6a5 chore: release v8.5.1
• e92ba64 chore: upgrade esbuild
• fb8ae7d fix: update esbuild to fix sourcemap source issue (#1316)
• db7cfaa chore: upgrade pnpm
• df7360b fix: add script tag validation (#1314)
• 65e8547 chore: bump source-map to 0.7.6 (#1358)
• f127e57 ci: switch to trusted publisher
• 8b6907d chore: add maintenance info in README (#1332)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for tsup since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.