Automated Trivy vulnerability remediation

[yeshamavani]

Automated fix for HIGH and CRITICAL vulnerabilities detected by Trivy.

[sonarqubecloud]

SonarQube reviewer guide

Summary: This pull request updates AWS SDK and related dependencies to newer versions, including a major version bump from Node.js 18+ to Node.js 20+ runtime requirements.

Review Focus:

• AWS SDK v3 updated from 3.91x to 3.100x+ bringing breaking changes to Node engine requirements (18+ → 20+)
• Multiple @smithy packages updated with potentially breaking changes to APIs and type definitions
• LoopBack framework packages updated across the board with cascading dependency bumps
• npm package bundled version updated from 11.6.2 to 11.11.1
• Several package dependency trees have been flattened or reorganized, removing some transitive dependencies

Start review at: package-lock.json focusing on @aws-sdk/client-s3 and its dependency tree (lines ~305-370). This is critical because the AWS SDK is a core dependency and its engine requirement change from Node 18+ to Node 20+ may break deployments, and the version bump introduces numerous sub-dependency updates that cascade through the entire dependency graph. Pay special attention to version constraints that changed from fixed versions (e.g., 3.914.0) to caret ranges (e.g., ^3.972.7), which could introduce subtle compatibility issues.

💬 Please send your feedback

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud