Update aws-lambda-powertools requirement from ~=3.20.0 to ~=3.28.0 in /application

[dependabot]

Updates the requirements on aws-lambda-powertools to permit the latest version.

Release notes

Sourced from aws-lambda-powertools's releases.

v3.28.0

Summary

This release brings dependency injection, an enriched Request object, OpenAPI improvements, and internal refactoring to the Event Handler.

• Dependency injection: type-safe Depends() with nested resolution, caching, and test overrides
• Enriched Request: resolved_event and context properties bridge middleware and dependencies
• OpenAPI status_code: set default response status code on route decorators
• Query string fix: parameters no longer dropped when both single and multi-value query strings are present

A huge thanks to @​JustinBerger, @​Iamrodos, and @​ran-isenberg for their contributions!

Dependency injection with Depends()

Docs

You can now use Depends() to declare typed dependencies directly in route handler signatures: no decorators, no global state. Dependencies are resolved automatically, cached per invocation, and support nested dependency trees.

import os
from typing import Any
import boto3
from typing_extensions import Annotated
from aws_lambda_powertools.event_handler import APIGatewayHttpResolver
from aws_lambda_powertools.event_handler.depends import Depends
from aws_lambda_powertools.utilities.typing import LambdaContext
app = APIGatewayHttpResolver()
def get_dynamodb_table():
dynamodb = boto3.resource("dynamodb")
return dynamodb.Table(os.environ["TABLE_NAME"])
@​app.get("/orders")
def list_orders(table: Annotated[Any, Depends(get_dynamodb_table)]):
return table.scan()["Items"]

For testing, swap any dependency without monkeypatching:

app.dependency_overrides[get_dynamodb_table] = lambda: mock_table

Enriched Request object

... (truncated)

Changelog

Sourced from aws-lambda-powertools's changelog.

[v3.28.0] - 2026-04-14

Bug Fixes

• data_class: merge querystring parameters in ALB/APIGW classes (#8154)

Maintenance

• version bump

[v3.27.0] - 2026-04-06

Bug Fixes

• data_classes: support {proxy+} and path parameters in authorizer response (#8092)
• event_handler: sync middleware receives real response in async ASGI context (#8089)
• event_handler: support finding type annotated resolver when merging schemas (#8074)
• event_handler: normalize Union and RootModel sequences in body validation (#8067)
• idempotency: serialize Pydantic models with mode='json' for UUID/date support (#8075)

Documentation

• adding docs to Request object (#8105)
• fix ranthebuilder link in Update we_made_this.md (#8084)

Features

• event_handler: add File parameter support for multipart/form-data uploads (#8093)
• event_handler: add Cookie parameter support for OpenAPI utility (#8095)
• event_handler: add Request object for middleware access to resolved route and args (#8036)

Maintenance

• version bump
• deps: bump valkey-glide from 2.2.7 to 2.3.0 (#8080)
• deps: bump protobuf from 6.33.5 to 7.34.0 (#8046)
• deps: bump mkdocs-material from 9.7.1 to 9.7.5 (#8045)
• deps: bump requests from 2.32.4 to 2.33.0 in /docs (#8070)
• deps: bump cryptography from 46.0.5 to 46.0.6 (#8072)
• deps: bump squidfunk/mkdocs-material from 8f41b60 to 868ad4d in /docs (#8083)
• deps: bump the github-actions group across 1 directory with 10 updates (#8081)
• deps: bump mkdocs-material from 9.7.5 to 9.7.6 (#8079)
• deps-dev: bump aws-cdk from 2.1111.0 to 2.1113.0 in the aws-cdk group (#8058)
• deps-dev: bump sentry-sdk from 2.54.0 to 2.56.0 (#8082)
• deps-dev: bump aws-cdk-aws-lambda-python-alpha from 2.243.0a0 to 2.248.0a0 (#8103)
• deps-dev: bump the dev-dependencies group across 1 directory with 4 updates (#8086)
• deps-dev: bump pygments from 2.19.2 to 2.20.0 (#8077)
• deps-dev: bump requests from 2.32.5 to 2.33.0 (#8069)
• deps-dev: bump ty from 0.0.23 to 0.0.26 (#8078)
• deps-dev: bump cdklabs-generative-ai-cdk-constructs from 0.1.315 to 0.1.316 (#8061)

... (truncated)

Commits

• 9f2c57d chore: version bump
• 7fc9efb fix(data_class): merge querystring parameters in ALB/APIGW classes (#8154)
• cd8829b feat(event_handler): enrich request object (#8153)
• 6bcb8a3 chore: bump dependabot dependencies. (#8152)
• f06db0a chore(deps-dev): bump aws-cdk from 2.1117.0 to 2.1118.0 in the aws-cdk group ...
• 8673ede chore(deps): bump cryptography from 46.0.6 to 46.0.7 (#8132)
• 45d25e9 feat(event_handler): adding status_code OpenAPI field (#8130)
• d488548 docs: adding new Lambda features (#7917)
• 4cb9997 feat(event_handler): add Dependency injection with Depends() (#8128)
• f1d07ab fix(event_handler): read swagger files with UTF-8 encoding (#8131)
• Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
aws-lambda-powertools	[>= 2.0.a, < 2.1]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)