Bump the npm group with 4 updates

[dependabot]

Bumps the npm group with 4 updates: vinxi, aws-cdk-lib, baseline-browser-mapping and zod.

Updates vinxi from 0.5.9 to 0.5.10

Changelog

Sourced from vinxi's changelog.

vinxi

Commits

• See full diff in compare view

Updates aws-cdk-lib from 2.232.2 to 2.233.0

Release notes

Sourced from aws-cdk-lib's releases.

v2.233.0

⚠ BREAKING CHANGES

CHANGES TO L1 RESOURCES: L1 resources are automatically generated from public CloudFormation Resource Schemas. They are built to closely reflect the real state of CloudFormation. Sometimes these updates can contain changes that are incompatible with previous types, but more accurately reflect reality. In this release we have changed:

aws-ec2: AWS::EC2::EC2Fleet: DefaultTargetCapacityType property is now immutable.
aws-ec2: AWS::EC2::EC2Fleet: TargetCapacityUnitType property is now immutable.

Features

• update L1 CloudFormation resource definitions (#36390) (a6077a2)
• events-targets: support messageGroupId for standard SQS queues (#36068) (95d4ed5)
• update L1 CloudFormation resource definitions (#36367) (e551afe)
• codebuild: add support for macOS 15 runners (#35836) (1b8b4e3)
• route53-patterns: HttpsRedirect use Distribution as the default CloudFront distribution (under feature flag) (#34312) (e2987eb), closes #31546
• update L1 CloudFormation resource definitions (#36326) (cb82627)
• ec2: add Interface VPC Endpoints for ACM and ACM-PCA (#35890) (06e6b25)
• route53: support failover routing policy for record sets (#35909) (9395467), closes #35910

Bug Fixes

• aws-cdk-lib: make grants factory methods public (#36317) (7dde625)
• ci: checkout the pr head instead of the default main head (#36311) (a1cbcf9), closes /github.com/aws/aws-cdk/blob/main/.github/workflows/integration-test-deployment.yml#L39C11-L39C57
• cloudtrail: do not attach s3 bucket permission when orgId is not set for organization trail (#30778) (61ee074), closes #30490
• custom-resources: waiter state machine retry fails with ExecutionAlreadyExists (#35988) (36ea606), closes #35957
• ecs: removal of canContainersAccessInstanceRole instance role (#36362) (7395b41)
• pipelines: propagate CodeBuild fleet and certificate (#35673) (71cfd60), closes #35664
• region-info: standalone use of @aws-cdk/region-info throws an Cannot find module 'aws-cdk-lib/core/lib/errors' error (#36414) (01c7d2e), closes #36399
• ci fix for spec updater workflow (#36364) (a0b42cc)
• re-export of ResourceEnvironment is not an alias (#36370) (ba8e194)

---

Alpha modules (2.233.0-alpha.0)

⚠ BREAKING CHANGES

• bedrock-agentcore-alpha: Runtime constructs will no longer automatically include lifecycleConfiguration with default values when not explicitly specified by users.
• elasticache-alpha: The engine property in NoPasswordUserProps has been removed.

Bug Fixes

• bedrock-agentcore-alpha: runtime construct incorrectly forces default lifecycleConfiguration values (#36379) (7954354), closes #36376
• elasticache-alpha: the default engine for NoPasswordUser contradict in the docs (#35920) (495fa37), closes #35847
• mixins-preview: improving delivery source and delivery destination creation (#36314) (86092ab)

Changelog

Sourced from aws-cdk-lib's changelog.

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

2.233.0-alpha.0 (2025-12-18)

⚠ BREAKING CHANGES

• bedrock-agentcore-alpha: Runtime constructs will no longer automatically include lifecycleConfiguration with default values when not explicitly specified by users.
• elasticache-alpha: The engine property in NoPasswordUserProps has been removed.

Bug Fixes

• bedrock-agentcore-alpha: runtime construct incorrectly forces default lifecycleConfiguration values (#36379) (7954354), closes #36376
• elasticache-alpha: the default engine for NoPasswordUser contradict in the docs (#35920) (495fa37), closes #35847
• mixins-preview: improving delivery source and delivery destination creation (#36314) (86092ab)

2.232.2-alpha.0 (2025-12-12)

2.232.1-alpha.0 (2025-12-05)

2.232.0-alpha.0 (2025-12-04)

Bug Fixes

• bedrock-agentcore-alpha: use static construct ID for asset-based runtime artifacts (#36241) (e2bdddd), closes #35968
• mixins-preview: service exports are different then in aws-cdk-lib (#36201) (5858006), closes #36210
• mixins-preview: strongly-typed ConstructSelector interface (#36266) (1d2f473)

2.231.0-alpha.0 (2025-12-01)

Features

• glue-alpha: support Glue Version 5.1 (#36223) (b956492)
• imagebuilder-alpha: add support for Image Construct (#36154) (eee3ae6), closes aws/aws-cdk-rfcs#789 aws/aws-cdk-rfcs#789

2.230.0-alpha.0 (2025-11-26)

Features

• bedrock-agentcore-alpha: update resources on grantInvokeXXX for runtime (#35864) (5dad62f)
• imagebuilder-alpha: add support for Image Pipeline Construct (#36153) (d8c324a), closes aws/aws-cdk-rfcs#789 aws/aws-cdk-rfcs#789
• imagebuilder-alpha: add support for Lifecycle Policy Construct (#36152) (7e31eb6), closes aws/aws-cdk-rfcs#789 aws/aws-cdk-rfcs#789
• mixins-preview: adds LogDelivery Mixins for 47 resources (#36158) (6607ce9)
• mixins-preview: vended log deliveries (#36138) (69442a8)
• mixins-preview: helpers to generate EventBridge event patterns for 26 services (#36121) (073185d)

... (truncated)

Commits

• 1013a07 chore(release): 2.233.0
• 7395b41 fix(ecs): removal of canContainersAccessInstanceRole instance role (#36362)
• a6077a2 feat: update L1 CloudFormation resource definitions (#36390)
• 01c7d2e fix(region-info): standalone use of @aws-cdk/region-info throws an `Cannot ...
• a943b2f chore(ec2): add SES interface VPC endpoint (#36318)
• 95d4ed5 feat(events-targets): support messageGroupId for standard SQS queues (#36068)
• 54a4bc7 chore(appconfig): reference interfaces (#36392)
• 25fbdbc chore(lambda): add dotnet10 runtime to Lambda (#36366)
• e050e36 chore(apigateway): reference interfaces (#36373)
• 61ee074 fix(cloudtrail): do not attach s3 bucket permission when orgId is not set for...
• Additional commits viewable in compare view

Updates baseline-browser-mapping from 2.9.9 to 2.9.10

Release notes

Sourced from baseline-browser-mapping's releases.

v2.9.3 - remove process.loadEnvFile()

What's Changed

• Remove process.loadEnfFile() from main script by @​tonypconway in web-platform-dx/baseline-browser-mapping#112

Full Changelog: web-platform-dx/baseline-browser-mapping@v2.9.2...v2.9.3

Commits

• 6c61d6e Patch to 2.9.10 because browser or feature data changed
• 5a36884 Browser or feature data changed
• 11f6bf8 Updating static site
• See full diff in compare view

Updates zod from 3.25.76 to 4.2.1

Release notes

Sourced from zod's releases.

v4.2.1

Commits:

• 5b5b129315fbc94a3b0d6244185eaeefcbe438d1 4.2.1

v4.2.0

Features

Implement Standard JSON Schema

standard-schema/standard-schema#134

Implement z.fromJSONSchema()

const jsonSchema = {
  type: "object",
  properties: {
    name: { type: "string" },
    age: { type: "number" }
  },
  required: ["name"]
};
const schema = z.fromJSONSchema(jsonSchema);

Implement z.xor()

const schema = z.xor(
  z.object({ type: "user", name: z.string() }),
  z.object({ type: "admin", role: z.string() })
);
// Exactly one of the schemas must match

Implement z.looseRecord()

const schema = z.looseRecord(z.string(), z.number());
// Allows additional properties beyond those defined

Commits:

• af49c084f66339110d00e37ff71dc7b3b9f2b7ef Update docs for JSON Schema conversion of z.undefined() (#5504)
• 767f320318986e422f524b939f1a7174544fda2e Add .toJSONSchema() method (#5477)
• e17dcb63573397063e87d7c7fe10a5a78968181a Add z.fromJSONSchema(), z.looseRecord(), z.xor() (#5534)

... (truncated)

Commits

• 5b5b129 4.2.1
• dcef973 v4.2.0
• e17dcb6 Add z.fromJSONSchema(), z.looseRecord(), z.xor() (#5534)
• d632df3 Update next
• 767f320 Add .toJSONSchema() method (#5477)
• 325a701 Add pullfrog.yml workflow
• 4972727 Update Next.js and React Flight RCE advisory (#5515)
• af49c08 Update docs for JSON Schema conversion of z.undefined() (#5504)
• fb66ee1 fix(mini): export ZodMiniJSONSchema types to prevent TS4023 (#5511)
• 6e968a3 Add convex-helpers to the ecosystem docs (#5470)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions