fix(lambda): bump the aws-powertools group in /lambdas with 4 updates

[dependabot]

Bumps the aws-powertools group in /lambdas with 4 updates: @aws-lambda-powertools/parameters, @aws-lambda-powertools/logger, @aws-lambda-powertools/metrics and @aws-lambda-powertools/tracer.

Updates @aws-lambda-powertools/parameters from 2.27.0 to 2.28.1

Release notes

Sourced from @​aws-lambda-powertools/parameters's releases.

v2.28.1

Summary

This patch release addresses an issue in the Commons package utility introduced in v2.28.0 that caused a runtime error.

This issue affects only those who have lambda code that depends directly or indirectly on the getXrayTraceDataFromEnv function in the Commons package and who are bundling that lambda with ESBuild to an ES module.

We recommend updating to the latest version to avoid the issue.

Changes

📜 Documentation updates

• chore(ci): bumped the layer verison from 39 to 40 (#4683) by @​svozza
• chore(deps): bump @​types/node from 24.8.1 to 24.9.1 (#4673) by @dependabot[bot]
• chore(ci): bumped the layer verison from 38 to 39 (#4671) by @​sdangol

🔧 Maintenance

• fix(logger): fix esbuild ESM bundler error (#4678) by @​svozza
• chore(deps): bump @​types/node from 24.8.1 to 24.9.1 (#4673) by @dependabot[bot]
• chore(deps-dev): bump lint-staged from 16.2.4 to 16.2.5 (#4672) by @dependabot[bot]

This release was made possible by the following contributors:

@​dependabot[bot], @​github-actions[bot], @​sdangol, @​svozza, dependabot[bot] and github-actions[bot]

v2.28.0

Summary

We are excited to announce that the REST API Event Handler now supports catch-all routes, allowing you to use regex patterns directly when defining route paths. We've also added the ability to split routers using includeRouter for both REST API and AppSync GraphQL Event Handlers.

We’ve also reverted the SQSRecordSchema change that caused failed parsing of records when md5OfMessageAttributes was null.

📜 Announcement: You can now find our documentation on the official AWS documentation domain at https://docs.aws.amazon.com/powertools/typescript/latest/

⭐ Congratulations @​mdesousa, @​thiagomeireless, @​alex-karo for their first PR merged in the project 🎉

Catch-all route

You can now use regex patterns in your routes to handle arbitrary or deeply nested paths.

import { Router } from '@aws-lambda-powertools/event-handler/experimental-rest';
const app = new Router();
// Instead of defining every possible path
app.get('/files/:folder/:subfolder/:filename');
</tr></table>

... (truncated)

Changelog

Sourced from @​aws-lambda-powertools/parameters's changelog.

2.28.1 (2025-10-23)

Bug Fixes

• logger fix esbuild ESM bundler error (#4678) (8a13e8e)

2.28.0 (2025-10-21)

Improvements

• commons Make X-rRay trace ID access more robust (#4658) (5199d3e)
• event-handler ended response stream when body is null (#4651) (a37a317)
• event-handler rename ServiceError class to HttpError (#4610) (33f7334)

Bug Fixes

• logger correct persistentLogAttributes warning behavior (#4627) (5cb6797)
• idempotency add null check for idempotencyHandler before calling handleMiddyOnError (#4643) (5dab224)
• parser updated the SQSRecordSchema to make the md5OfMessageAttributes nullable (#4632) (adc8f60)
• event-handler allow http handlers to return duplex streams (#4629) (f46ae7c)

Features

• metrics use async local storage for metrics (#4663) (3886af3)
• event-handler Add includeRouter support to AppSync GraphQL resolver (#4457) (ada48bb)
• event-handler added support for catch all route (#4582) (19786bf)
• event-handler add streaming functionality (#4586) (e321526)
• event-handler added includeRouter method to split routes (#4573) (38b6e82)

Maintenance

• tracer bump aws-xray-sdk-core from 3.10.3 to 3.11.0 (#4656) (f00f7ed)

Commits

• e2ce325 chore(ci): bump version to 2.28.1 (#4681)
• 8a13e8e fix(logger): fix esbuild ESM bundler error (#4678)
• 6c65c24 chore(deps): bump @​types/node from 24.8.1 to 24.9.1 (#4673)
• f3adc3e chore(deps-dev): bump lint-staged from 16.2.4 to 16.2.5 (#4672)
• cb58f38 chore(ci): bumped the layer verison from 38 to 39 (#4671)
• 5ea8799 chore(ci): bump version to 2.28.0 (#4670)
• 10511d9 chore(deps): bump aws-cdk-lib from 2.219.0 to 2.220.0 in the aws-cdk group ac...
• 8c664a3 chore(deps): bump github/codeql-action from 4.30.8 to 4.30.9 (#4666)
• 3886af3 feat(metrics): use async local storage for metrics (#4663)
• a0be142 chore(deps): bump the aws-sdk-v3 group across 1 directory with 88 updates (#4...
• Additional commits viewable in compare view

Updates @aws-lambda-powertools/logger from 2.27.0 to 2.28.1

Release notes

Sourced from @​aws-lambda-powertools/logger's releases.

v2.28.1

Summary

This patch release addresses an issue in the Commons package utility introduced in v2.28.0 that caused a runtime error.

This issue affects only those who have lambda code that depends directly or indirectly on the getXrayTraceDataFromEnv function in the Commons package and who are bundling that lambda with ESBuild to an ES module.

We recommend updating to the latest version to avoid the issue.

Changes

📜 Documentation updates

• chore(ci): bumped the layer verison from 39 to 40 (#4683) by @​svozza
• chore(deps): bump @​types/node from 24.8.1 to 24.9.1 (#4673) by @dependabot[bot]
• chore(ci): bumped the layer verison from 38 to 39 (#4671) by @​sdangol

🔧 Maintenance

• fix(logger): fix esbuild ESM bundler error (#4678) by @​svozza
• chore(deps): bump @​types/node from 24.8.1 to 24.9.1 (#4673) by @dependabot[bot]
• chore(deps-dev): bump lint-staged from 16.2.4 to 16.2.5 (#4672) by @dependabot[bot]

This release was made possible by the following contributors:

@​dependabot[bot], @​github-actions[bot], @​sdangol, @​svozza, dependabot[bot] and github-actions[bot]

v2.28.0

Summary

We are excited to announce that the REST API Event Handler now supports catch-all routes, allowing you to use regex patterns directly when defining route paths. We've also added the ability to split routers using includeRouter for both REST API and AppSync GraphQL Event Handlers.

We’ve also reverted the SQSRecordSchema change that caused failed parsing of records when md5OfMessageAttributes was null.

📜 Announcement: You can now find our documentation on the official AWS documentation domain at https://docs.aws.amazon.com/powertools/typescript/latest/

⭐ Congratulations @​mdesousa, @​thiagomeireless, @​alex-karo for their first PR merged in the project 🎉

Catch-all route

You can now use regex patterns in your routes to handle arbitrary or deeply nested paths.

import { Router } from '@aws-lambda-powertools/event-handler/experimental-rest';
const app = new Router();
// Instead of defining every possible path
app.get('/files/:folder/:subfolder/:filename');
</tr></table>

... (truncated)

Changelog

Sourced from @​aws-lambda-powertools/logger's changelog.

2.28.1 (2025-10-23)

Bug Fixes

• logger fix esbuild ESM bundler error (#4678) (8a13e8e)

2.28.0 (2025-10-21)

Improvements

• commons Make X-rRay trace ID access more robust (#4658) (5199d3e)
• event-handler ended response stream when body is null (#4651) (a37a317)
• event-handler rename ServiceError class to HttpError (#4610) (33f7334)

Bug Fixes

• logger correct persistentLogAttributes warning behavior (#4627) (5cb6797)
• idempotency add null check for idempotencyHandler before calling handleMiddyOnError (#4643) (5dab224)
• parser updated the SQSRecordSchema to make the md5OfMessageAttributes nullable (#4632) (adc8f60)
• event-handler allow http handlers to return duplex streams (#4629) (f46ae7c)

Features

• metrics use async local storage for metrics (#4663) (3886af3)
• event-handler Add includeRouter support to AppSync GraphQL resolver (#4457) (ada48bb)
• event-handler added support for catch all route (#4582) (19786bf)
• event-handler add streaming functionality (#4586) (e321526)
• event-handler added includeRouter method to split routes (#4573) (38b6e82)

Maintenance

• tracer bump aws-xray-sdk-core from 3.10.3 to 3.11.0 (#4656) (f00f7ed)

Commits

• e2ce325 chore(ci): bump version to 2.28.1 (#4681)
• 8a13e8e fix(logger): fix esbuild ESM bundler error (#4678)
• 6c65c24 chore(deps): bump @​types/node from 24.8.1 to 24.9.1 (#4673)
• f3adc3e chore(deps-dev): bump lint-staged from 16.2.4 to 16.2.5 (#4672)
• cb58f38 chore(ci): bumped the layer verison from 38 to 39 (#4671)
• 5ea8799 chore(ci): bump version to 2.28.0 (#4670)
• 10511d9 chore(deps): bump aws-cdk-lib from 2.219.0 to 2.220.0 in the aws-cdk group ac...
• 8c664a3 chore(deps): bump github/codeql-action from 4.30.8 to 4.30.9 (#4666)
• 3886af3 feat(metrics): use async local storage for metrics (#4663)
• a0be142 chore(deps): bump the aws-sdk-v3 group across 1 directory with 88 updates (#4...
• Additional commits viewable in compare view

Updates @aws-lambda-powertools/metrics from 2.27.0 to 2.28.1

Release notes

Sourced from @​aws-lambda-powertools/metrics's releases.

v2.28.1

Summary

This patch release addresses an issue in the Commons package utility introduced in v2.28.0 that caused a runtime error.

This issue affects only those who have lambda code that depends directly or indirectly on the getXrayTraceDataFromEnv function in the Commons package and who are bundling that lambda with ESBuild to an ES module.

We recommend updating to the latest version to avoid the issue.

Changes

📜 Documentation updates

• chore(ci): bumped the layer verison from 39 to 40 (#4683) by @​svozza
• chore(deps): bump @​types/node from 24.8.1 to 24.9.1 (#4673) by @dependabot[bot]
• chore(ci): bumped the layer verison from 38 to 39 (#4671) by @​sdangol

🔧 Maintenance

• fix(logger): fix esbuild ESM bundler error (#4678) by @​svozza
• chore(deps): bump @​types/node from 24.8.1 to 24.9.1 (#4673) by @dependabot[bot]
• chore(deps-dev): bump lint-staged from 16.2.4 to 16.2.5 (#4672) by @dependabot[bot]

This release was made possible by the following contributors:

@​dependabot[bot], @​github-actions[bot], @​sdangol, @​svozza, dependabot[bot] and github-actions[bot]

v2.28.0

Summary

We are excited to announce that the REST API Event Handler now supports catch-all routes, allowing you to use regex patterns directly when defining route paths. We've also added the ability to split routers using includeRouter for both REST API and AppSync GraphQL Event Handlers.

We’ve also reverted the SQSRecordSchema change that caused failed parsing of records when md5OfMessageAttributes was null.

📜 Announcement: You can now find our documentation on the official AWS documentation domain at https://docs.aws.amazon.com/powertools/typescript/latest/

⭐ Congratulations @​mdesousa, @​thiagomeireless, @​alex-karo for their first PR merged in the project 🎉

Catch-all route

You can now use regex patterns in your routes to handle arbitrary or deeply nested paths.

import { Router } from '@aws-lambda-powertools/event-handler/experimental-rest';
const app = new Router();
// Instead of defining every possible path
app.get('/files/:folder/:subfolder/:filename');
</tr></table>

... (truncated)

Changelog

Sourced from @​aws-lambda-powertools/metrics's changelog.

2.28.1 (2025-10-23)

Bug Fixes

• logger fix esbuild ESM bundler error (#4678) (8a13e8e)

2.28.0 (2025-10-21)

Improvements

• commons Make X-rRay trace ID access more robust (#4658) (5199d3e)
• event-handler ended response stream when body is null (#4651) (a37a317)
• event-handler rename ServiceError class to HttpError (#4610) (33f7334)

Bug Fixes

• logger correct persistentLogAttributes warning behavior (#4627) (5cb6797)
• idempotency add null check for idempotencyHandler before calling handleMiddyOnError (#4643) (5dab224)
• parser updated the SQSRecordSchema to make the md5OfMessageAttributes nullable (#4632) (adc8f60)
• event-handler allow http handlers to return duplex streams (#4629) (f46ae7c)

Features

• metrics use async local storage for metrics (#4663) (3886af3)
• event-handler Add includeRouter support to AppSync GraphQL resolver (#4457) (ada48bb)
• event-handler added support for catch all route (#4582) (19786bf)
• event-handler add streaming functionality (#4586) (e321526)
• event-handler added includeRouter method to split routes (#4573) (38b6e82)

Maintenance

• tracer bump aws-xray-sdk-core from 3.10.3 to 3.11.0 (#4656) (f00f7ed)

Commits

• e2ce325 chore(ci): bump version to 2.28.1 (#4681)
• 8a13e8e fix(logger): fix esbuild ESM bundler error (#4678)
• 6c65c24 chore(deps): bump @​types/node from 24.8.1 to 24.9.1 (#4673)
• f3adc3e chore(deps-dev): bump lint-staged from 16.2.4 to 16.2.5 (#4672)
• cb58f38 chore(ci): bumped the layer verison from 38 to 39 (#4671)
• 5ea8799 chore(ci): bump version to 2.28.0 (#4670)
• 10511d9 chore(deps): bump aws-cdk-lib from 2.219.0 to 2.220.0 in the aws-cdk group ac...
• 8c664a3 chore(deps): bump github/codeql-action from 4.30.8 to 4.30.9 (#4666)
• 3886af3 feat(metrics): use async local storage for metrics (#4663)
• a0be142 chore(deps): bump the aws-sdk-v3 group across 1 directory with 88 updates (#4...
• Additional commits viewable in compare view

Updates @aws-lambda-powertools/tracer from 2.27.0 to 2.28.1

Release notes

Sourced from @​aws-lambda-powertools/tracer's releases.

v2.28.1

Summary

This patch release addresses an issue in the Commons package utility introduced in v2.28.0 that caused a runtime error.

This issue affects only those who have lambda code that depends directly or indirectly on the getXrayTraceDataFromEnv function in the Commons package and who are bundling that lambda with ESBuild to an ES module.

We recommend updating to the latest version to avoid the issue.

Changes

📜 Documentation updates

• chore(ci): bumped the layer verison from 39 to 40 (#4683) by @​svozza
• chore(deps): bump @​types/node from 24.8.1 to 24.9.1 (#4673) by @dependabot[bot]
• chore(ci): bumped the layer verison from 38 to 39 (#4671) by @​sdangol

🔧 Maintenance

• fix(logger): fix esbuild ESM bundler error (#4678) by @​svozza
• chore(deps): bump @​types/node from 24.8.1 to 24.9.1 (#4673) by @dependabot[bot]
• chore(deps-dev): bump lint-staged from 16.2.4 to 16.2.5 (#4672) by @dependabot[bot]

This release was made possible by the following contributors:

@​dependabot[bot], @​github-actions[bot], @​sdangol, @​svozza, dependabot[bot] and github-actions[bot]

v2.28.0

Summary

We are excited to announce that the REST API Event Handler now supports catch-all routes, allowing you to use regex patterns directly when defining route paths. We've also added the ability to split routers using includeRouter for both REST API and AppSync GraphQL Event Handlers.

We’ve also reverted the SQSRecordSchema change that caused failed parsing of records when md5OfMessageAttributes was null.

📜 Announcement: You can now find our documentation on the official AWS documentation domain at https://docs.aws.amazon.com/powertools/typescript/latest/

⭐ Congratulations @​mdesousa, @​thiagomeireless, @​alex-karo for their first PR merged in the project 🎉

Catch-all route

You can now use regex patterns in your routes to handle arbitrary or deeply nested paths.

import { Router } from '@aws-lambda-powertools/event-handler/experimental-rest';
const app = new Router();
// Instead of defining every possible path
app.get('/files/:folder/:subfolder/:filename');
</tr></table>

... (truncated)

Changelog

Sourced from @​aws-lambda-powertools/tracer's changelog.

2.28.1 (2025-10-23)

Bug Fixes

• logger fix esbuild ESM bundler error (#4678) (8a13e8e)

2.28.0 (2025-10-21)

Improvements

• commons Make X-rRay trace ID access more robust (#4658) (5199d3e)
• event-handler ended response stream when body is null (#4651) (a37a317)
• event-handler rename ServiceError class to HttpError (#4610) (33f7334)

Bug Fixes

• logger correct persistentLogAttributes warning behavior (#4627) (5cb6797)
• idempotency add null check for idempotencyHandler before calling handleMiddyOnError (#4643) (5dab224)
• parser updated the SQSRecordSchema to make the md5OfMessageAttributes nullable (#4632) (adc8f60)
• event-handler allow http handlers to return duplex streams (#4629) (f46ae7c)

Features

• metrics use async local storage for metrics (#4663) (3886af3)
• event-handler Add includeRouter support to AppSync GraphQL resolver (#4457) (ada48bb)
• event-handler added support for catch all route (#4582) (19786bf)
• event-handler add streaming functionality (#4586) (e321526)
• event-handler added includeRouter method to split routes (#4573) (38b6e82)

Maintenance

• tracer bump aws-xray-sdk-core from 3.10.3 to 3.11.0 (#4656) (f00f7ed)

Commits

• e2ce325 chore(ci): bump version to 2.28.1 (#4681)
• 8a13e8e fix(logger): fix esbuild ESM bundler error (#4678)
• 6c65c24 chore(deps): bump @​types/node from 24.8.1 to 24.9.1 (#4673)
• f3adc3e chore(deps-dev): bump lint-staged from 16.2.4 to 16.2.5 (#4672)
• cb58f38 chore(ci): bumped the layer verison from 38 to 39 (#4671)
• 5ea8799 chore(ci): bump version to 2.28.0 (#4670)
• 10511d9 chore(deps): bump aws-cdk-lib from 2.219.0 to 2.220.0 in the aws-cdk group ac...
• 8c664a3 chore(deps): bump github/codeql-action from 4.30.8 to 4.30.9 (#4666)
• 3886af3 feat(metrics): use async local storage for metrics (#4663)
• a0be142 chore(deps): bump the aws-sdk-v3 group across 1 directory with 88 updates (#4...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
npm/@aws-lambda-powertools/parameters	^2.28.1	🟢 9.3	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Dependency-Update-Tool 🟢 10 update tool detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 10 all dependencies are pinned CII-Best-Practices 🟢 5 badge detected: Passing Signed-Releases ⚠️ -1 no releases found Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST 🟢 10 SAST tool is run on all commits License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Packaging 🟢 10 packaging workflow detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md CI-Tests 🟢 10 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 11 contributing companies or organizations
npm/@aws-lambda-powertools/logger	^2.28.1	🟢 9.3	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Dependency-Update-Tool 🟢 10 update tool detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 10 all dependencies are pinned CII-Best-Practices 🟢 5 badge detected: Passing Signed-Releases ⚠️ -1 no releases found Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST 🟢 10 SAST tool is run on all commits License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Packaging 🟢 10 packaging workflow detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md CI-Tests 🟢 10 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 11 contributing companies or organizations
npm/@aws-lambda-powertools/metrics	^2.28.1	🟢 9.3	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Dependency-Update-Tool 🟢 10 update tool detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 10 all dependencies are pinned CII-Best-Practices 🟢 5 badge detected: Passing Signed-Releases ⚠️ -1 no releases found Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST 🟢 10 SAST tool is run on all commits License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Packaging 🟢 10 packaging workflow detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md CI-Tests 🟢 10 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 11 contributing companies or organizations
npm/@aws-lambda-powertools/tracer	^2.28.1	🟢 9.3	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Dependency-Update-Tool 🟢 10 update tool detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 10 all dependencies are pinned CII-Best-Practices 🟢 5 badge detected: Passing Signed-Releases ⚠️ -1 no releases found Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST 🟢 10 SAST tool is run on all commits License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Packaging 🟢 10 packaging workflow detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md CI-Tests 🟢 10 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 11 contributing companies or organizations
npm/@aws-lambda-powertools/commons	2.28.1	🟢 9.3	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Dependency-Update-Tool 🟢 10 update tool detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 10 all dependencies are pinned CII-Best-Practices 🟢 5 badge detected: Passing Signed-Releases ⚠️ -1 no releases found Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST 🟢 10 SAST tool is run on all commits License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Packaging 🟢 10 packaging workflow detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md CI-Tests 🟢 10 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 11 contributing companies or organizations
npm/@aws-lambda-powertools/logger	2.28.1	🟢 9.3	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Dependency-Update-Tool 🟢 10 update tool detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 10 all dependencies are pinned CII-Best-Practices 🟢 5 badge detected: Passing Signed-Releases ⚠️ -1 no releases found Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST 🟢 10 SAST tool is run on all commits License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Packaging 🟢 10 packaging workflow detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md CI-Tests 🟢 10 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 11 contributing companies or organizations
npm/@aws-lambda-powertools/metrics	2.28.1	🟢 9.3	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Dependency-Update-Tool 🟢 10 update tool detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 10 all dependencies are pinned CII-Best-Practices 🟢 5 badge detected: Passing Signed-Releases ⚠️ -1 no releases found Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST 🟢 10 SAST tool is run on all commits License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Packaging 🟢 10 packaging workflow detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md CI-Tests 🟢 10 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 11 contributing companies or organizations
npm/@aws-lambda-powertools/parameters	2.28.1	🟢 9.3	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Dependency-Update-Tool 🟢 10 update tool detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 10 all dependencies are pinned CII-Best-Practices 🟢 5 badge detected: Passing Signed-Releases ⚠️ -1 no releases found Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST 🟢 10 SAST tool is run on all commits License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Packaging 🟢 10 packaging workflow detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md CI-Tests 🟢 10 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 11 contributing companies or organizations
npm/@aws-lambda-powertools/tracer	2.28.1	🟢 9.3	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Dependency-Update-Tool 🟢 10 update tool detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 10 all dependencies are pinned CII-Best-Practices 🟢 5 badge detected: Passing Signed-Releases ⚠️ -1 no releases found Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST 🟢 10 SAST tool is run on all commits License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Packaging 🟢 10 packaging workflow detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md CI-Tests 🟢 10 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 11 contributing companies or organizations
npm/@aws/lambda-invoke-store	0.0.1	Unknown	Unknown
npm/aws-xray-sdk-core	3.11.0	🟢 6	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 24 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 1 dependency not pinned by hash detected -- score normalized to 1 License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed Security-Policy 🟢 10 security policy file detected SAST 🟢 6 SAST tool is not run on all commits -- score normalized to 6 Vulnerabilities ⚠️ 0 16 existing vulnerabilities detected

Scanned Files

• lambdas/functions/control-plane/package.json
• lambdas/libs/aws-powertools-util/package.json
• lambdas/yarn.lock