Bump uuid and @aws-sdk/client-dynamodb in /backend/src/mithrandir

[dependabot]

Removes uuid. It's no longer used after updating ancestor dependency @aws-sdk/client-dynamodb. These dependencies need to be updated together.

Removes uuid

Updates @aws-sdk/client-dynamodb from 3.758.0 to 3.1041.0

Release notes

Sourced from @​aws-sdk/client-dynamodb's releases.

v3.1041.0

3.1041.0(2026-05-01)

Chores

• core/client: emit warning for Node.js 20.x end-of-support (#7973) (00383767)
• workflows: migrate git-sync SSH key from GitHub secret to Secrets Manager via OIDC (#7978) (c056a2e3)
• codegen: smithy-aws-typescript-codegen 0.49.1 (#7980) (7bb42b39)

Documentation Changes

• client-iam: Added guidance for CreateOpenIDConnectProvider to include multiple thumbprints when OIDC discovery and JWKS endpoints use different hosts or certificates (b4bb6928)

New Features

• clients: update client endpoints as of 2026-05-01 (d48b40d5)
• client-iot: AWS IoT HTTP rule actions now support cross-topic batching, combining messages from different MQTT topics into single HTTP requests. (82edd29f)
• client-appstream: Amazon WorkSpaces Applications now enables AI agents to securely operate desktop applications. Administrators configure stacks to provide agents access to WorkSpaces. Agents can click, type, and take screenshots. Agents authenticate with AWS IAM credentials with activity logged in AWS CloudTrail. (5ca40b43)
• client-quicksight: Add IdentityProviderCACertificatesBundleS3Uri for private CA certs with OAuth datasources. 256-char limit for FontFamily in themes. ControlTitleFormatText on all 13 filters. ControlTitleFontConfiguration. ContextRegion for cross-region identity context. Story,scenario in CreateCustomCapability API. (a625879c)
• client-cloudwatch: This release adds tag support for CloudWatch Dashboards. The PutDashboard API now accepts a Tags parameter, allowing you to tag dashboards at creation time. Additionally, the TagResource, UntagResource, and ListTagsForResource APIs now support dashboard ARNs as resources. (e87c1479)
• client-entityresolution: Add support for transitive matching in AWS Entity Resolution rule-based matching workflows. When enabled, records that match through different rules are grouped together into the same match group, allowing related records to be connected across rule levels. (20487961)
• client-cloudwatch-logs: Adds support for filtering log groups by tags in the ListLogGroups API via the new logGroupTags parameter. (25dc6d23)
• client-qconnect: Added reasoning details, statusDescription, and timeToFirstTokenMs fields to the ListSpans response in Amazon Q in Connect to provide visibility into model thinking, error diagnostics, and inference latency metrics. (2c668c9d)

Bug Fixes

• lib-storage: use Math.ceil in default partSize calculation to prevent exceeding 10,000 parts (#7982) (8a58046b)

---

For list of updated packages, view updated-packages.md in assets-3.1041.0.zip

v3.1040.0

3.1040.0(2026-04-30)

New Features

• clients: update client endpoints as of 2026-04-30 (2620ccbd)
• client-bedrock-agentcore-control: AgentCore Identity now supports on-behalf-of token exchange OAuth2. AgentCore Memory now supports metadata for LongTerm Memory Records. (6b9d13e3)
• client-route53globalresolver: Adds support for regions in the UpdateGlobalResolver input. (84b15b2e)
• client-sagemaker: Add InstancePools support to Endpoint for flexible provisioning across a prioritized list of instance types. Add Specifications support to InferenceComponent for per-instance-type model configurations. (05c49aa9)
• client-sso-admin: Add InstanceArn and IdentityStoreArn in the response of CreateApplication API and IdentityStoreArn in the response of DescribeApplication API (d46aaf53)
• client-payment-cryptography: Adds support for resource-based policies on AWS Payment Cryptography keys, enabling cross-account key sharing. Also adds Multi-Party Approval (MPA) team association APIs for protecting sensitive import root public key operations. (4d7fdfa8)
• client-datazone: Adds support for asynchronous notebook runs (e562cc0f)
• client-kafka: Adds support for ZookeeperAccess field to control the Client-Zookeeper connectivity. (34de26bd)
• client-observabilityadmin: Observability Admin enablement launch for AWS Kafka, Bedrock Agent Core Workload Identity and OTel metric enablement. (8cea5eb6)
• client-eks: Vended logs update param for capability vended logs feature (7741c8f5)
• client-bedrock-agentcore: AgentCore Identity now supports on-behalf-of token exchange OAuth2. AgentCore Memory now supports metadata for LongTerm Memory Records. (948fd098)

... (truncated)

Changelog

Sourced from @​aws-sdk/client-dynamodb's changelog.

3.1041.0 (2026-05-01)

Note: Version bump only for package @​aws-sdk/client-dynamodb

3.1040.0 (2026-04-30)

Note: Version bump only for package @​aws-sdk/client-dynamodb

3.1039.0 (2026-04-29)

Note: Version bump only for package @​aws-sdk/client-dynamodb

3.1038.0 (2026-04-27)

Note: Version bump only for package @​aws-sdk/client-dynamodb

3.1037.0 (2026-04-24)

Note: Version bump only for package @​aws-sdk/client-dynamodb

3.1036.0 (2026-04-23)

Note: Version bump only for package @​aws-sdk/client-dynamodb

3.1035.0 (2026-04-22)

... (truncated)

Commits

• 5df4c01 Publish v3.1041.0
• 7736067 Publish v3.1040.0
• 856c9c0 test(client-dynamodb): fix table cleanup criteria (#7976)
• 51c8215 Publish v3.1039.0
• 97d9277 test(client-dynamodb): enable verbose e2e test mode (#7974)
• 8009782 test(client-dynamodb): e2e test table cleanup (#7971)
• 3dfb72b chore(codegen): sync for adaptive retry fixes (#7970)
• 3fbf6c5 Publish v3.1038.0
• e9f8d8a chore(codegen): sync for typed waiter-result values (#7965)
• 7babd8b Publish v3.1037.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[claude]

Routine Dependabot AWS SDK bump; mithrandir Lambda runs on nodejs22.x so the new >=20 engine requirement is satisfied, and the removed uuid package was already unused (codebase calls node:crypto randomUUID).

Extended reasoning...

Overview

Dependabot-only PR touching backend/src/mithrandir/package.json and package-lock.json. Bumps @aws-sdk/client-dynamodb from 3.758.0 to 3.1041.0 and drops the now-unused uuid package. No source code changes.

Security risks

None introduced by the diff itself. The mithrandir Lambda is the SailApps auth/token handler (security-sensitive), but this PR contains no logic changes — only transitive dep updates. The expanded transitive dependency surface (e.g. @nodable/entities, fast-xml-builder, @aws/lambda-invoke-store) is a normal consequence of staying current on the official AWS SDK.

Level of scrutiny

Low. This is the standard Dependabot pattern: package.json + lockfile, no behavioral code changes. The two compatibility checks both pass: (1) the new SDK requires Node >=20 and template.yaml line 147 sets Runtime: nodejs22.x; (2) @aws-sdk/lib-dynamodb@3.758.0 declares peer @aws-sdk/client-dynamodb: ^3.758.0, satisfied by 3.1041.0. The uuid removal is safe because index.ts:360 already uses randomUUID() from node:crypto.

Other factors

No prior reviewer comments. Bug hunters found no issues. The version jump spans many months of AWS SDK releases, but each release is a routine codegen/endpoint update, and lockfile updates of this kind are exactly what Dependabot is designed for.

[dependabot]

Superseded by #1110.