chore(deps): update dependency smithy-lang/smithy to v1.67.0

[renovate]

This PR contains the following updates:

Package	Update	Change
smithy-lang/smithy	minor	1.66.0 → 1.67.0

---

Release Notes

smithy-lang/smithy (smithy-lang/smithy)

v1.67.0

Compare Source

Features

• Update supported httpChecksum algorithms
  (#​2943)
• Fix SSA transform for transitive dependencies
  (#​2946)
• Add support for negative GetAttr indexing
  (#​2937)

Bug Fixes

• Fix incorrect links for operation input / output members in docgen
  (#​2922)

Documentation

• Updated Sphinx to 9.1 and updated the tabs in the Smithy 1.0 docs to use the
  same tab library that 2.0 uses.
  (#​2942)
• Add Wire Protocol Selection guide
  (#​2938)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[claude]

Claude finished @renovate[bot]'s task in 1m 10s —— View job

---

PR Review: Dependency Update - smithy-lang/smithy v1.67.0

Review Summary

This PR updates the Smithy CLI dependency from v1.66.0 to v1.67.0. The change is a straightforward version bump in the configuration file that affects the download URL used during the CDK pipeline build process.

Core Quality

• Code follows conventions - ✅ Change follows existing Renovate comment pattern
• No commented-out code - ✅ N/A
• Proper error handling - ✅ N/A (configuration constant)
• DRY principle applied - ✅ Version defined once and reused in download URL

TypeScript & Development

• Code follows TypeScript standards - ✅ Proper constant export syntax
• Type hints used appropriately - ✅ TypeScript infers string literal type correctly
• Documentation strings present - ✅ Renovate comment documents the source
• Test coverage adequate - ℹ️ Configuration constants typically don't require unit tests

Security

• No hardcoded secrets - ✅ Only version number, no sensitive data
• Input validation present - ✅ N/A (static constant)
• Command/injection restrictions enforced - ✅ Version string is validated by Renovate and used in URL template
• Secure error handling - ✅ N/A

OWASP Top 10

• SQL Injection vulnerabilities - ✅ N/A
• Cross-Site Scripting (XSS) - ✅ N/A
• Broken Authentication - ✅ N/A
• Sensitive Data Exposure - ✅ No sensitive data
• XML External Entities (XXE) - ✅ N/A
• Broken Access Control - ✅ N/A
• Security Misconfiguration - ✅ Version update is appropriate for minor release
• Cross-Site Request Forgery (CSRF) - ✅ N/A
• Using Components with Known Vulnerabilities - ✅ UPDATE IMPROVES SECURITY - Updates to latest version
• Insufficient Logging & Monitoring - ✅ N/A

Documentation

• README/AGENTS.md updated - ✅ N/A (automated dependency update)
• Complex logic commented - ✅ N/A (simple constant)

Key Findings

✅ Approved - No Issues Found

Change Analysis:

• File Modified: lib/config.ts (line 13)
• Change: SMITHY_LANG_VER updated from "1.66.0" → "1.67.0"
• Impact: Updates the Smithy CLI download URL used in the CDK pipeline (lib/stacks/pipeline.ts:27)

Smithy v1.67.0 Release Notes:

• ✅ Features: Updated httpChecksum algorithms, SSA transform fixes, negative GetAttr indexing support
• ✅ Bug Fixes: Corrected docgen links for operation input/output members
• ✅ Documentation: Sphinx update, wire protocol selection guide

Security Rating: LOW RISK

This is a routine minor version update from a trusted source (smithy-lang/smithy) with no security vulnerabilities introduced. The version string is properly managed by Renovate and used safely in a template literal for constructing the download URL.

Recommendation

✅ APPROVE - This PR is safe to merge. The dependency update follows proper conventions and introduces beneficial features and bug fixes with no breaking changes or security concerns.

---