…act (#19778)

When using helm to pull OCI artifacts, the helm pull command doesn't works well.

The [check_output](https://stackoverflow.com/questions/3172470/actual-meaning-of-shell-true-in-subprocess) uses shell=True. That means that all arguments of the commands being passed to the check_output are basically been passed to the shell and not to the helm pull command. Using shell is also discouraged from [security perspective](https://docs.python.org/3/library/subprocess.html#security-considerations)
References:
https://docs.python.org/3/library/subprocess.html

> On POSIX with shell=True, the shell defaults to /bin/sh. If args is a string, the string specifies the command to execute through the shell. This means that the string must be formatted exactly as it would be when typed at the shell prompt. This includes, for example, quoting or backslash escaping filenames with spaces in them. If args is a sequence, the first item specifies the command string, and any additional items will be treated as additional arguments to the shell itself. 

https://stackoverflow.com/questions/3172470/actual-meaning-of-shell-true-in-subprocess

The previous change that used the `Shell=True` was introduced in commit - #18547 (comment)

EDIT:
Adding commit for the following items:
- Adding integration test for helm OCI support in aws-eks
- Upgrading helm version to 3.8.1 in `aws-lambda-layer` because of issues with the current version of helm that is been used, for OCI chart supports
- update `integ.eks-helm-asset.expected.json` file

----

### All Submissions:

* [X] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies) - NO new unconventional dependencies 

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)? - NO
	* [ ] Did you use `cdk-integ` to deploy the infrastructure and generate the snapshot (i.e. `cdk-integ` without `--dry-run`)? - NO

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

This should have been a part of #19773. Ensures that old imports of `@aws-cdk/core/lib/cfn-parse` still work, so that it is not a breaking change. 

----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)?
	* [ ] Did you use `cdk-integ` to deploy the infrastructure and generate the snapshot (i.e. `cdk-integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

- Modified to allow selection of sslSupportMethod

closes #19476

----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)?
	* [ ] Did you use `cdk-integ` to deploy the infrastructure and generate the snapshot (i.e. `cdk-integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Prerequisite for Lambda URL feature #19798

cc @kaizen3031593 @ayush987goyal

```
# CloudFormation Resource Specification v66.0.0

## New Resource Types

* AWS::DataSync::LocationFSxOpenZFS
* AWS::Events::Endpoint
* AWS::Lambda::Url
* AWS::MediaTailor::PlaybackConfiguration

## Attribute Changes


## Property Changes

* AWS::Batch::ComputeEnvironment ReplaceComputeEnvironment (__added__)
* AWS::Batch::ComputeEnvironment UpdatePolicy (__added__)
* AWS::EC2::TrafficMirrorTarget GatewayLoadBalancerEndpointId (__added__)
* AWS::Lambda::Permission FunctionUrlAuthType (__added__)

## Property Type Changes

* AWS::Batch::ComputeEnvironment.UpdatePolicy (__added__)
* AWS::EC2::LaunchTemplate.MaintenanceOptions (__added__)
* AWS::Batch::ComputeEnvironment.ComputeResources UpdateToLatestImageVersion (__added__)
* AWS::Batch::ComputeEnvironment.ComputeResources AllocationStrategy.UpdateType (__changed__)
  * Old: Immutable
  * New: Mutable
* AWS::Batch::ComputeEnvironment.ComputeResources BidPercentage.UpdateType (__changed__)
  * Old: Immutable
  * New: Mutable
* AWS::Batch::ComputeEnvironment.ComputeResources Ec2Configuration.UpdateType (__changed__)
  * Old: Immutable
  * New: Mutable
* AWS::Batch::ComputeEnvironment.ComputeResources Ec2KeyPair.UpdateType (__changed__)
  * Old: Immutable
  * New: Mutable
* AWS::Batch::ComputeEnvironment.ComputeResources ImageId.UpdateType (__changed__)
  * Old: Immutable
  * New: Mutable
* AWS::Batch::ComputeEnvironment.ComputeResources InstanceRole.UpdateType (__changed__)
  * Old: Immutable
  * New: Mutable
* AWS::Batch::ComputeEnvironment.ComputeResources InstanceTypes.UpdateType (__changed__)
  * Old: Immutable
  * New: Mutable
* AWS::Batch::ComputeEnvironment.ComputeResources LaunchTemplate.UpdateType (__changed__)
  * Old: Immutable
  * New: Mutable
* AWS::Batch::ComputeEnvironment.ComputeResources PlacementGroup.UpdateType (__changed__)
  * Old: Immutable
  * New: Mutable
* AWS::Batch::ComputeEnvironment.ComputeResources Tags.UpdateType (__changed__)
  * Old: Immutable
  * New: Mutable
* AWS::Batch::ComputeEnvironment.ComputeResources Type.UpdateType (__changed__)
  * Old: Immutable
  * New: Mutable
* AWS::Batch::ComputeEnvironment.Ec2ConfigurationObject ImageIdOverride.UpdateType (__changed__)
  * Old: Immutable
  * New: Mutable
* AWS::Batch::ComputeEnvironment.Ec2ConfigurationObject ImageType.UpdateType (__changed__)
  * Old: Immutable
  * New: Mutable
* AWS::Batch::ComputeEnvironment.LaunchTemplateSpecification LaunchTemplateId.UpdateType (__changed__)
  * Old: Immutable
  * New: Mutable
* AWS::Batch::ComputeEnvironment.LaunchTemplateSpecification LaunchTemplateName.UpdateType (__changed__)
  * Old: Immutable
  * New: Mutable
* AWS::Batch::ComputeEnvironment.LaunchTemplateSpecification Version.UpdateType (__changed__)
  * Old: Immutable
  * New: Mutable
* AWS::DMS::Endpoint.DocDbSettings DocsToInvestigate (__added__)
* AWS::DMS::Endpoint.DocDbSettings ExtractDocId (__added__)
* AWS::DMS::Endpoint.DocDbSettings NestingLevel (__added__)
* AWS::DMS::Endpoint.IbmDb2Settings CurrentLsn (__added__)
* AWS::DMS::Endpoint.IbmDb2Settings MaxKBytesPerRead (__added__)
* AWS::DMS::Endpoint.IbmDb2Settings SetDataCaptureChanges (__added__)
* AWS::DMS::Endpoint.MicrosoftSqlServerSettings BcpPacketSize (__added__)
* AWS::DMS::Endpoint.MicrosoftSqlServerSettings ControlTablesFileGroup (__added__)
* AWS::DMS::Endpoint.MicrosoftSqlServerSettings QuerySingleAlwaysOnNode (__added__)
* AWS::DMS::Endpoint.MicrosoftSqlServerSettings ReadBackupOnly (__added__)
* AWS::DMS::Endpoint.MicrosoftSqlServerSettings SafeguardPolicy (__added__)
* AWS::DMS::Endpoint.MicrosoftSqlServerSettings UseBcpFullLoad (__added__)
* AWS::DMS::Endpoint.MicrosoftSqlServerSettings UseThirdPartyBackupDevice (__added__)
* AWS::DMS::Endpoint.RedshiftSettings AcceptAnyDate (__added__)
* AWS::DMS::Endpoint.RedshiftSettings AfterConnectScript (__added__)
* AWS::DMS::Endpoint.RedshiftSettings BucketFolder (__added__)
* AWS::DMS::Endpoint.RedshiftSettings BucketName (__added__)
* AWS::DMS::Endpoint.RedshiftSettings CaseSensitiveNames (__added__)
* AWS::DMS::Endpoint.RedshiftSettings CompUpdate (__added__)
* AWS::DMS::Endpoint.RedshiftSettings ConnectionTimeout (__added__)
* AWS::DMS::Endpoint.RedshiftSettings DateFormat (__added__)
* AWS::DMS::Endpoint.RedshiftSettings EmptyAsNull (__added__)
* AWS::DMS::Endpoint.RedshiftSettings EncryptionMode (__added__)
* AWS::DMS::Endpoint.RedshiftSettings ExplicitIds (__added__)
* AWS::DMS::Endpoint.RedshiftSettings FileTransferUploadStreams (__added__)
* AWS::DMS::Endpoint.RedshiftSettings LoadTimeout (__added__)
* AWS::DMS::Endpoint.RedshiftSettings MaxFileSize (__added__)
* AWS::DMS::Endpoint.RedshiftSettings RemoveQuotes (__added__)
* AWS::DMS::Endpoint.RedshiftSettings ReplaceChars (__added__)
* AWS::DMS::Endpoint.RedshiftSettings ReplaceInvalidChars (__added__)
* AWS::DMS::Endpoint.RedshiftSettings ServerSideEncryptionKmsKeyId (__added__)
* AWS::DMS::Endpoint.RedshiftSettings ServiceAccessRoleArn (__added__)
* AWS::DMS::Endpoint.RedshiftSettings TimeFormat (__added__)
* AWS::DMS::Endpoint.RedshiftSettings TrimBlanks (__added__)
* AWS::DMS::Endpoint.RedshiftSettings TruncateColumns (__added__)
* AWS::DMS::Endpoint.RedshiftSettings WriteBufferSize (__added__)
* AWS::EC2::LaunchTemplate.LaunchTemplateData MaintenanceOptions (__added__)
```

----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)?
	* [ ] Did you use `cdk-integ` to deploy the infrastructure and generate the snapshot (i.e. `cdk-integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

this is bigger than a typo but smaller than a feature

changed:
```
This is a blank project for <LANG> development with CDK.
```
to:
```
This is a blank project for CDK development with <LANG>.
```
----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md)

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

The bulk of this PR is adding the new style integration test snapshots
that the new `integ-runner` uses. These are snapshots of the cloud
assembly and have folder names like `${testName}.integ.snapshot`.

Some other minor updates were made as part of this change.

1. Updated `integ-runner` to use `synthFast` instead of `synth` to speed
   up performance.
2. Make sure the `integ-runner` throws an exit code if any tests fail
3. Updated the test names to include the directory if running from a
   parent directory (i.e. `packages/@aws-cdk`).
4. Added the ability to exempt from the update workflow (update workflow
   is not yet implemented). If a test is exempt then the snapshot will
   not contain any assets. For now this is used for tests that include
   very large assets that would drastically increase the size of the
   repo.
5. Updated some custom resources to exclude `*.ts` files from the asset
   bundle. `.ts` files are already excluded when we publish (`.d.ts`
   files are not), and `.js` files are the only thing needed by the
   Lambda function anyway. This was causing issues when running a build
   because those files in the snapshot would cause `tsc` to fail.
    - Updated:
    `aws-events-targets/lib/aws-api.ts`
    `aws-redshift/lib/private/database-query.ts`
    `aws-stepfunctions-tasks/lib/evaluate-expression.ts`
    `custom-resources/lib/aws-custom-resource/aws-custom-resource.ts`
    `custom-resources/lib/provider-framework/provider.ts`


----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)?
	* [x] Did you use `cdk-integ` to deploy the infrastructure and generate the snapshot (i.e. `cdk-integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Number attributes go through two levels of encoding:

- L1: because of lack of type information, all attributes are assumed to
  be `string`s, so we do `Token.asString(new CfnReference(...))`.
- L2: we recast select attributes to numbers by doing `Token.asNumber()`.

The end result is a Token that looks like:

```ts
asNumber(Intrinsic(asString(CfnReference({ 'Fn::GetAtt': [...] }))))
```

When we do `Tokenization.reverse()` on the number, we only reverse
the *first* encoding one layer, leaving us with an `Intrinsic` instead
of the original `CfnReference`. `exportValue()` then rejects the value
as not being the right type of token.

Solution: before encoding, try to decode the given value so we always
encode the innermost token, and not any of the inbetween ones.

Fixes #19537.


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Warning message grammar correction


----

### All Submissions:

* [X] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)?
	* [ ] Did you use `cdk-integ` to deploy the infrastructure and generate the snapshot (i.e. `cdk-integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Closes #19803

----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)?
	* [ ] Did you use `cdk-integ` to deploy the infrastructure and generate the snapshot (i.e. `cdk-integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

### Summary

This patch fixes the following bugs in `maxInstanceLifetime` validation by aligning with [CFN doc](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-group.html#cfn-as-group-maxinstancelifetime):

 - A lower bound of `maxInstanceLifetime` is 1 day, not 7-days.
 - `maxInstanceLifetime` can have 0 which is used to clear a previously set value.

### Test

- Run unit test.
```
PASS test/auto-scaling-group.test.js

=============================== Coverage summary ===============================
Statements   : 93.11% ( 419/450 )
Branches     : 86.93% ( 286/329 )
Functions    : 91.81% ( 101/110 )
Lines        : 92.84% ( 402/433 )
================================================================================
```
- Deploy CFN template having `maxInstanceLifetime` as 86,400 and 0.

### Notes

Originally, this issue was reported by #12588.

----

### All Submissions:

* [X] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)?
	* [ ] Did you use `cdk-integ` to deploy the infrastructure and generate the snapshot (i.e. `cdk-integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Small changes to make builds work in Windows Subsystem for Linux (WSL). Verified by **partial** building in Windows 10 + Ubuntu 18.04 WSL.

fixes #55
----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

This PR is a follow up to #19802 which added all of the new integ test
snapshots that are used by the new `integ-runner` tool. This PR switches
out the old `cdk-integ` tool for the new `integ-runner`.

Updates made:
1. Update all `package.json` files to install and use the `integ-runner`
2. Update `cdk-test` to use `integ-runner`
3. Updates snapshots for 2 tests that were changed since #19802 was merged.


----

### All Submissions:

* [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)?
	* [ ] Did you use `cdk-integ` to deploy the infrastructure and generate the snapshot (i.e. `cdk-integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

This PR includes to implement comparison operators.

- [x] integ test

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

In the newest version of the MySQL 8.0 Aurora engine,
the S3 import and export Roles need to be combined,
which is the first time this is needed for a Cluster
(previously, only Instances combined these two Roles).
Introduce this concept as a first-class property of a Cluster Engine,
making it `false` by default, and make it `true` in MySQL version 8.0.

Fixes #19735

----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)?
	* [x] Did you use `cdk-integ` to deploy the infrastructure and generate the snapshot (i.e. `cdk-integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

fixes #19626

added integ tests
let me know if change to readme is necessary

----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)?
	* [x] Did you use `cdk-integ` to deploy the infrastructure and generate the snapshot (i.e. `cdk-integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Some services still use the deprecated `trustedSigners` property, which is preventing teams which depend on those services from upgrading to V2. This change adds `trustedSigners` back into V2, but leaves it marked as `@deprecated`. 

Closes #19837

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Ran npm-check-updates and yarn upgrade to keep the `yarn.lock` file up-to-date.

----

### All Submissions:

* [X] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Introduces the following changes to secrets handling:

- Deprecate `SecretValue.plainText()` in favor of `SecretValue.unsafePlainText()` to highlight its issues
- Introduce `SecretValue.resourceAttribute()` for cases where we know we want to use a value produced at deployment time
- Introduce a new feature flag (`@aws-cdk/core:checkSecretUsage`) which, when enabled, will make it impossible to use secrets without explicitly unwrapping them first (`secretValue.unsafeUnwrap`). This prevents people from naively sticking secrets into vulnerable locations like environment variables.
- Deprecate `secretsmanager.SecretStringValueBeta1` in favor of just accepting a `SecretValue`.

Since this behavior would constitute a breaking change, it will only be enabled if the feature flag `@aws-cdk/core:checkSecretUsage` is turned on.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Bumps [hmarr/auto-approve-action](https://github.com/hmarr/auto-approve-action) from 2.2.0 to 2.2.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/hmarr/auto-approve-action/releases">hmarr/auto-approve-action's releases</a>.</em></p>
<blockquote>
<h2>v2.2.1</h2>
<ul>
<li>Switch back to using Node 12, as the Node 16 upgrade in v2.2.0 caused issues for people using self-hosted runners with GHES versions prior to 3.4</li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/hmarr/auto-approve-action/compare/v2.2.0...v2.2.1">https://github.com/hmarr/auto-approve-action/compare/v2.2.0...v2.2.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/hmarr/auto-approve-action/commit/24ec4c8cc344fe1cdde70ff37e55ace9e848a1d8"><code>24ec4c8</code></a> Switch back to node 12</li>
<li><a href="https://github.com/hmarr/auto-approve-action/commit/a4d339b7894ac76f7ae8c668cf4ec268052a6256"><code>a4d339b</code></a> Update documentation</li>
<li>See full diff in <a href="https://github.com/hmarr/auto-approve-action/compare/v2.2.0...v2.2.1">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=hmarr/auto-approve-action&package-manager=github_actions&previous-version=2.2.0&new-version=2.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>

Bumps [aws-actions/stale-issue-cleanup](https://github.com/aws-actions/stale-issue-cleanup) from 3 to 5.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/aws-actions/stale-issue-cleanup/releases">aws-actions/stale-issue-cleanup's releases</a>.</em></p>
<blockquote>
<h2>v5 release</h2>
<h2>What's Changed</h2>
<ul>
<li>Skip marking issue as stale if the stale message is empty. by <a href="https://github.com/ashishdhingra"><code>@​ashishdhingra</code></a> in <a href="https://github-redirect.dependabot.com/aws-actions/stale-issue-cleanup/pull/142">aws-actions/stale-issue-cleanup#142</a></li>
</ul>
<hr />
<ul>
<li>Update dependabot config, checks, and lints by <a href="https://github.com/kellertk"><code>@​kellertk</code></a> in <a href="https://github-redirect.dependabot.com/aws-actions/stale-issue-cleanup/pull/52">aws-actions/stale-issue-cleanup#52</a></li>
<li>build(deps): bump dateformat from 3.0.3 to 4.4.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://github-redirect.dependabot.com/aws-actions/stale-issue-cleanup/pull/53">aws-actions/stale-issue-cleanup#53</a></li>
<li>Update deps by <a href="https://github.com/kellertk"><code>@​kellertk</code></a> in <a href="https://github-redirect.dependabot.com/aws-actions/stale-issue-cleanup/pull/59">aws-actions/stale-issue-cleanup#59</a></li>
<li>build(deps): bump lodash from 4.17.20 to 4.17.21 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://github-redirect.dependabot.com/aws-actions/stale-issue-cleanup/pull/84">aws-actions/stale-issue-cleanup#84</a></li>
<li>build(deps): bump hosted-git-info from 2.8.8 to 2.8.9 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://github-redirect.dependabot.com/aws-actions/stale-issue-cleanup/pull/85">aws-actions/stale-issue-cleanup#85</a></li>
<li>build(deps-dev): bump eslint-plugin-prettier from 3.3.0 to 3.4.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://github-redirect.dependabot.com/aws-actions/stale-issue-cleanup/pull/80">aws-actions/stale-issue-cleanup#80</a></li>
<li>build(deps-dev): bump eslint-config-prettier from 6.15.0 to 8.3.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://github-redirect.dependabot.com/aws-actions/stale-issue-cleanup/pull/81">aws-actions/stale-issue-cleanup#81</a></li>
<li>build(deps): bump ws from 7.4.1 to 7.4.6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://github-redirect.dependabot.com/aws-actions/stale-issue-cleanup/pull/89">aws-actions/stale-issue-cleanup#89</a></li>
<li>build(deps): bump glob-parent from 5.1.1 to 5.1.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://github-redirect.dependabot.com/aws-actions/stale-issue-cleanup/pull/93">aws-actions/stale-issue-cleanup#93</a></li>
<li>build(deps-dev): bump eslint from 7.16.0 to 7.32.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://github-redirect.dependabot.com/aws-actions/stale-issue-cleanup/pull/102">aws-actions/stale-issue-cleanup#102</a></li>
<li>build(deps): bump path-parse from 1.0.6 to 1.0.7 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://github-redirect.dependabot.com/aws-actions/stale-issue-cleanup/pull/104">aws-actions/stale-issue-cleanup#104</a></li>
<li>Finish implementation of ancient PR message by <a href="https://github.com/Plabick"><code>@​Plabick</code></a> in <a href="https://github-redirect.dependabot.com/aws-actions/stale-issue-cleanup/pull/95">aws-actions/stale-issue-cleanup#95</a></li>
<li>build(deps): bump tmpl from 1.0.4 to 1.0.5 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://github-redirect.dependabot.com/aws-actions/stale-issue-cleanup/pull/112">aws-actions/stale-issue-cleanup#112</a></li>
<li>build(deps): bump ansi-regex from 5.0.0 to 5.0.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://github-redirect.dependabot.com/aws-actions/stale-issue-cleanup/pull/116">aws-actions/stale-issue-cleanup#116</a></li>
<li>build(deps-dev): bump jest from 26.6.3 to 27.3.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://github-redirect.dependabot.com/aws-actions/stale-issue-cleanup/pull/119">aws-actions/stale-issue-cleanup#119</a></li>
<li>build(deps-dev): bump nock from 13.0.5 to 13.1.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://github-redirect.dependabot.com/aws-actions/stale-issue-cleanup/pull/106">aws-actions/stale-issue-cleanup#106</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/Plabick"><code>@​Plabick</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/aws-actions/stale-issue-cleanup/pull/95">aws-actions/stale-issue-cleanup#95</a></li>
<li><a href="https://github.com/ashishdhingra"><code>@​ashishdhingra</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/aws-actions/stale-issue-cleanup/pull/142">aws-actions/stale-issue-cleanup#142</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/aws-actions/stale-issue-cleanup/compare/v4...v5">https://github.com/aws-actions/stale-issue-cleanup/compare/v4...v5</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/aws-actions/stale-issue-cleanup/commit/e1cf8a5d54b4ff316c76f5356079d3a8df84137e"><code>e1cf8a5</code></a> Skip marking issue as stale if the stale message is empty. (<a href="https://github-redirect.dependabot.com/aws-actions/stale-issue-cleanup/issues/142">#142</a>)</li>
<li><a href="https://github.com/aws-actions/stale-issue-cleanup/commit/cd68c8d094b50ca65e5644e0dcd2f0a46b5b64fb"><code>cd68c8d</code></a> build(deps-dev): bump nock from 13.0.5 to 13.1.3 (<a href="https://github-redirect.dependabot.com/aws-actions/stale-issue-cleanup/issues/106">#106</a>)</li>
<li><a href="https://github.com/aws-actions/stale-issue-cleanup/commit/7f39252a91aa943938c229c7743ba04d5cc53ad5"><code>7f39252</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/aws-actions/stale-issue-cleanup/issues/119">#119</a> from aws-actions/dependabot/npm_and_yarn/jest-27.3.0</li>
<li><a href="https://github.com/aws-actions/stale-issue-cleanup/commit/cd10ed370c5d14c4f3ce3bb273afcf4ae2a64b53"><code>cd10ed3</code></a> build(deps-dev): bump jest from 26.6.3 to 27.3.0</li>
<li><a href="https://github.com/aws-actions/stale-issue-cleanup/commit/555fd43e13844bc9e6e03e5e398f296fd46081dd"><code>555fd43</code></a> build(deps): bump ansi-regex from 5.0.0 to 5.0.1 (<a href="https://github-redirect.dependabot.com/aws-actions/stale-issue-cleanup/issues/116">#116</a>)</li>
<li><a href="https://github.com/aws-actions/stale-issue-cleanup/commit/e4df8b211428eb7da7fe772d802ee27a192939e6"><code>e4df8b2</code></a> build(deps): bump tmpl from 1.0.4 to 1.0.5 (<a href="https://github-redirect.dependabot.com/aws-actions/stale-issue-cleanup/issues/112">#112</a>)</li>
<li><a href="https://github.com/aws-actions/stale-issue-cleanup/commit/57e400abd8dc641670afb665fd2c2d5b83cba7de"><code>57e400a</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/aws-actions/stale-issue-cleanup/issues/95">#95</a> from Plabick/main</li>
<li><a href="https://github.com/aws-actions/stale-issue-cleanup/commit/de23c4f041dce66cc40c74eeefddcf6c9d52e100"><code>de23c4f</code></a> Merge branch 'main' into main</li>
<li><a href="https://github.com/aws-actions/stale-issue-cleanup/commit/3f7402a8d2f5d28bd8f0567f8c29a3105861297b"><code>3f7402a</code></a> build(deps-dev): bump eslint from 7.16.0 to 7.32.0</li>
<li><a href="https://github.com/aws-actions/stale-issue-cleanup/commit/f8f7a1390e0c8e65db4eb2270ab29d4b7abb0fec"><code>f8f7a13</code></a> Update README.md</li>
<li>Additional commits viewable in <a href="https://github.com/aws-actions/stale-issue-cleanup/compare/v3...v5">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=aws-actions/stale-issue-cleanup&package-manager=github_actions&previous-version=3&new-version=5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>

Implementation of one of the solutions I proposed in #19797 using glob-style expressions to match keys. Uses minimatch which already existed as a dependency to match stack names in the synth and deploy commands. 

Makes the --reset command throw on no-ops  i.e when trying to reset context defined in cdk.json or ~/.cdk.json

Adds tests and prints messages to clarify previously undocumented behavior.

----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*