aws-solutions
diff --git a/‎CHANGELOG.md‎
Lines changed: 7 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎NOTICE‎
Lines changed: 90 additions & 0 deletions b/‎NOTICE‎
Lines changed: 90 additions & 0 deletions
diff --git a/‎default_architecture.png‎
-135 KB b/‎default_architecture.png‎
-135 KB
diff --git a/‎deployment/cdk-solution-helper/package-lock.json‎
Lines changed: 10 additions & 3 deletions b/‎deployment/cdk-solution-helper/package-lock.json‎
Lines changed: 10 additions & 3 deletions
diff --git a/‎source/Dockerfile‎
Lines changed: 3 additions & 3 deletions b/‎source/Dockerfile‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎source/admin-ui/package-lock.json‎
Lines changed: 6 additions & 6 deletions b/‎source/admin-ui/package-lock.json‎
Lines changed: 6 additions & 6 deletions
diff --git a/‎source/constructs/package-lock.json‎
Lines changed: 3 additions & 3 deletions b/‎source/constructs/package-lock.json‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎source/container/Dockerfile.dynamodb-local‎
Lines changed: 22 additions & 0 deletions b/‎source/container/Dockerfile.dynamodb-local‎
Lines changed: 22 additions & 0 deletions
diff --git a/‎source/container/docker-compose.test.yml‎
Lines changed: 1 addition & 1 deletion b/‎source/container/docker-compose.test.yml‎
Lines changed: 1 addition & 1 deletion
@@ -10,12 +10,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Added
 
 #### Admin UI and Configuration Management
+
 - Admin UI built with React and TypeScript for configuration management
 - CRUD operations for Origins, Transformation Policies, and Mappings
 - Authentication integration with Amazon Cognito User Pools
 - Real-time form validation and AWS Cloudscape Design System components
 
 #### Management API and Backend Services
+
 - RESTful management API using Amazon API Gateway
 - DynamoDB integration with single-table design for configuration storage
 - Lambda-based management functions with AWS SDK v3 integration
@@ -24,6 +26,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Pagination support on list APIs
 
 #### ECS-Based Container Architecture for Image Processing Engine
+
 - Amazon ECS Fargate-based image processing engine
 - Express.js-based REST API server with Docker containerization
 - Auto-scaling capabilities and t-shirt sizing deployment options (Small, Medium, Large, X-Large)
@@ -33,24 +36,28 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Caching policy with DIT specific custom cache keys (`dit-host`, `dit-accept`, `dit-dpr`, `dit-viewport-width`)
 
 #### Origin
+
 - Support for S3 and external HTTPS image sources
 - S3 URL helper utilities for secure access
 - Connection management for external origin sources
 - Origin validation and error handling
 
 #### Transformation Policy
+
 - Declarative transformation policy system with schema validation
 - Support for **one** default transformation policy as fallback
 - Auto-optimization based on client hints (`Sec-ch-viewport-width`, `Sec-ch-dpr`, `Accept` headers)
 - Conditional transformations based on request headers and query parameters
 - Policy and transformation override capabilities via query string in request
 
 #### Mapping (Routing Rules)
+
 - Path-based mapping to route based on request path
 - Host header-based mapping for multi-tenant support and routing on host-header
 - Support for configuring policy with the mappings/routing rules
 
 #### Data Models and Validation
+
 - Comprehensive TypeScript data models using Zod for runtime validation
 - Strict type safety across all configuration entities
 - Request validation and sanitization
 
@@ -1285,12 +1285,101 @@ xstate under the MIT license.
 yoctocolors-cjs under the MIT license.
 zod under the MIT license.
 amazonlinux/amazonlinux under the GPLv2 license.
+@aws-sdk/client-lambda under the Apache-2.0 license.
+@cypress/request under the Apache-2.0 license.
+@cypress/xvfb under the MIT license.
+@img/sharp-libvips-linux-riscv64 under the LGPL-3.0-or-later license.
+@img/sharp-linux-riscv64 under the Apache-2.0 license.
+@types/sizzle under the MIT license.
+@types/tmp under the MIT license.
+@types/yauzl under the MIT license.
+@vitest/coverage-v8 under the MIT license.
+aggregate-error under the MIT license.
+ansi-colors under the MIT license.
+arch under the MIT license.
+asn1 under the MIT license.
+assert-plus under the MIT license.
+ast-v8-to-istanbul under the MIT license.
+at-least-node under the ISC license.
+aws-sign2 under the Apache-2.0 license.
+aws4 under the MIT license.
+aws4-axios under the MIT license.
+bcrypt-pbkdf under the BSD-3-Clause license.
+blob-util under the Apache-2.0 license.
+bluebird under the MIT license.
+buffer-crc32 under the MIT license.
+cachedir under the MIT license.
+caseless under the Apache-2.0 license.
+clean-stack under the MIT license.
+cli-cursor under the MIT license.
+cli-table3 under the MIT license.
+cli-truncate under the MIT license.
+colorette under the MIT license.
+colors under the MIT license.
+commander under the MIT license.
+common-tags under the MIT license.
+cypress under the MIT license.
+dashdash under the MIT license.
+ecc-jsbn under the MIT license.
+end-of-stream under the MIT license.
+enquirer under the MIT license.
+eventemitter2 under the MIT license.
+executable under the MIT license.
+extend under the MIT license.
+extract-zip under the BSD-2-Clause license.
+extsprintf under the MIT license.
+fd-slicer under the MIT license.
+figures under the MIT license.
+forever-agent under the Apache-2.0 license.
+generator-function under the MIT license.
+getpass under the MIT license.
+global-dirs under the MIT license.
+hasha under the MIT license.
+http-signature under the MIT license.
+ini under the ISC license.
+is-installed-globally under the MIT license.
+is-typedarray under the MIT license.
+is-unicode-supported under the MIT license.
+isstream under the MIT license.
+jsbn under the MIT license.
+json-schema under the (AFL-2.1 OR BSD-3-Clause) license.
+json-stringify-safe under the ISC license.
+jsprim under the MIT license.
+listr2 under the MIT license.
+lodash.once under the MIT license.
+log-symbols under the MIT license.
+log-update under the MIT license.
+magicast under the MIT license.
+ospath under the MIT license.
+p-map under the MIT license.
+pend under the MIT license.
+performance-now under the MIT license.
+pify under the MIT license.
+pretty-bytes under the MIT license.
+pump under the MIT license.
+regextras under the MIT license.
+request-progress under the MIT license.
+restore-cursor under the MIT license.
+rfdc under the MIT license.
+sshpk under the MIT license.
+systeminformation under the MIT license.
+throttleit under the MIT license.
+through under the MIT license.
+tmp under the MIT license.
+tree-kill under the MIT license.
+tsx under the MIT license.
+tunnel-agent under the Apache-2.0 license.
+tweetnacl under the Unlicense license.
+untildify under the MIT license.
+verror under the MIT license.
+yauzl under the MIT license.
 
 ********************
 OPEN SOURCE LICENSES
 ********************
 
 0BSD - http://landley.net/toybox/license.html
+AFL-2.1 - https://opensource.org/licenses/AFL-2.1
 Apache-2.0 - https://www.apache.org/licenses/LICENSE-2.0
 BSD-2-Clause - https://opensource.org/licenses/BSD-2-Clause
 BSD-3-Clause - https://opensource.org/licenses/BSD-3-Clause
@@ -1305,5 +1394,6 @@ DynamoDB Local License - https://aws.amazon.com/dynamodb/dynamodblocallicense/
 GNU-2.0 - https://www.gnu.org/licenses/old-licenses/gpl-2.0.en.html
 MIT-0 - https://opensource.org/licenses/MIT-0
 BlueOak-1.0.0 - https://opensource.org/licenses/BlueOak-1.0.0
+Unlicense - https://unlicense.org/
 
 
@@ -11,8 +11,8 @@ RUN dnf update -y && \
 
 # Copy workspace configuration
 COPY package.json package-lock.json* ./
-COPY container/package.json container/package-lock.json ./container/
-COPY data-models/package.json data-models/package-lock.json* ./data-models/
+COPY container/package.json ./container/
+COPY data-models/package.json ./data-models/
 
 
 # Install all workspace dependencies
@@ -40,7 +40,7 @@ RUN dnf update -y && \
 
 # Install production dependencies with workspace structure
 COPY package.json package-lock.json* ./
-COPY container/package.json container/package-lock.json ./container/
+COPY container/package.json ./container/
 COPY data-models/ ./data-models/
 RUN npm ci --workspaces --omit=dev --no-audit --no-fund && \
     npm rebuild sharp && \
 
@@ -0,0 +1,22 @@
+FROM amazon/dynamodb-local:latest
+
+USER root
+
+# Fix setuptools CVEs (2022-40897, 2024-6345, 2025-47273)
+# Requires setuptools >= 75.6.0
+RUN pip3 install --upgrade "setuptools>=75.6.0" || \
+    python3 -m pip install --upgrade "setuptools>=75.6.0" || \
+    echo "No pip available, setuptools may not be patchable"
+
+# Fix Netty CVEs (2025-55163, 2025-59419)
+# Requires netty 4.2.7.Final
+WORKDIR /home/dynamodblocal
+RUN rm -f DynamoDBLocal_lib/netty-codec-http2-*.jar && \
+    curl -L -o DynamoDBLocal_lib/netty-codec-http2-4.2.7.Final.jar \
+    https://repo1.maven.org/maven2/io/netty/netty-codec-http2/4.2.7.Final/netty-codec-http2-4.2.7.Final.jar && \
+    rm -f DynamoDBLocal_lib/netty-codec-smtp-*.jar && \
+    curl -L -o DynamoDBLocal_lib/netty-codec-smtp-4.2.7.Final.jar \
+    https://repo1.maven.org/maven2/io/netty/netty-codec-smtp/4.2.7.Final/netty-codec-smtp-4.2.7.Final.jar
+
+USER dynamodblocal
+WORKDIR /home/dynamodblocal
@@ -1,7 +1,7 @@
 version: '3.8'
 services:
   dynamodb-local:
-    image: amazon/dynamodb-local:latest
+    image: dynamodb-local-patched:latest
     ports:
       - "8000:8000"
     command: ["-jar", "DynamoDBLocal.jar", "-sharedDb", "-inMemory"]