fix: bump @adobe/aio-cli-plugin-app to ^14.5.2 to fix identity.expiration.getTime error

[Copilot]

aio app deploy fails with identity.expiration.getTime is not a function because @adobe/aio-lib-web was forwarding TVM credentials to the AWS S3 client with expiration as a plain string. @smithy/core's isIdentityExpired calls .getTime() on it, blowing up.

The fix landed in aio-lib-web@7.0.3:

// lib/remote-storage.js
expiration: creds.expiration ? new Date(creds.expiration) : undefined

Changes

• package.json: Tightens @adobe/aio-cli-plugin-app from "^14" → "^14.5.2". Starting at 14.4.2, the plugin requires @adobe/aio-lib-web@^7.0.6, guaranteeing the new Date() fix is always resolved.
• package-lock.json: Updated to pin @adobe/aio-cli-plugin-app@14.5.2 and @adobe/aio-lib-web@7.1.1.

Note: CI may also surface TypeError: opts.getPluginsList is not a function — that is an unrelated regression being addressed in #778.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• scarf.sh
  • Triggering command: /home/REDACTED/work/_temp/ghcca-node/node/bin/node node ./report.js (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

Original prompt

---

This section details on the original issue you should resolve

<issue_title>aio app deploy fails with "identity.expiration.getTime is not a function" Error</issue_title>
<issue_description>### Expected Behaviour

Running aio app deploy should deploy both actions and web assets.

Actual Behaviour

aio app deploy fails with an identity.expiration.getTime error

rujohnso@Russs-MacBook-Pro:~/git/quicksilver/abdb-with-ims-auth$ aio app deploy
✔ Built 3 action(s) for 'application'
✔ Building web assets for 'application'
✔ Deployed 5 action(s) for 'application'
✖ Deploying web assets for 'application'
 ›  Error: identity.expiration.getTime is not a function

Possibly related to adobe/aio-lib-web#201

Reproduce Scenario (including but not limited to)

Steps to Reproduce

Environment Info

  System:
    OS: macOS 26.3.1
    CPU: (10) arm64 Apple M1 Max
    Memory: 409.19 MB / 32.00 GB
    Shell: 3.2.57 - /bin/bash
  Binaries:
    Node: 22.19.0 - /Users/rujohnso/.nvm/versions/node/v22.19.0/bin/node
    Yarn: 1.22.22 - /opt/homebrew/bin/yarn
    npm: 11.8.0 - /opt/homebrew/bin/npm
  Virtualization:
    Docker: 20.10.17 - /usr/local/bin/docker
  npmGlobalPackages:
    @adobe/aio-cli: 11.0.1

Sample Code that illustrates the problem

Logs taken while reproducing problem

</issue_description>

<agent_instructions>Example stack trace - from @adobe/aio-lib-web dependency @aws-sdk/client-s3@3.1005.0. Also see this fix adobe/aio-lib-web#201:

bundling C:\work\codebase\consulting\2025\exl\exl-academy-backend\web-src/**/*.html
⠏ Building web assets[baseline-browser-mapping] The data in this module is over two months old. To ensure accurate Baseline data, please update: npm i baseline-browser-mapping@latest -D
[baseline-browser-mapping] The data in this module is over two months old. To ensure accurate Baseline data, please update: npm i baseline-browser-mapping@latest -D
⠙ Building web assets[baseline-browser-mapping] The data in this module is over two months old. To ensure accurate Baseline data, please update: npm i baseline-browser-mapping@latest -D
⠹ Building web assets[baseline-browser-mapping] The data in this module is over two months old. To ensure accurate Baseline data, please update: npm i baseline-browser-mapping@latest -D
✔ Building web assets for 'application'
✖ Deploying web assets for 'application'
» Error: TypeError: identity.expiration.getTime is not a function
» at isIdentityExpired
» (C:\Users\namigupt\AppData\Local@adobe\aio-cli\node_modules@smithy\core\dist-cjs\index.js:270:72)
» at C:\Users\namigupt\AppData\Local@adobe\aio-cli\node_modules@smithy\core\dist-cjs\index.js:317:13
» at async resolvedCredentials
» (C:\Users\namigupt\AppData\Local@adobe\aio-cli\node_modules@aws-sdk\core\dist-cjs\index.js:231:35)
» at async C:\Users\namigupt\AppData\Local@adobe\aio-cli\node_modules@smithy\core\dist-cjs\index.js:62:23
» at async
» C:\Users\namigupt\AppData\Local@adobe\aio-cli\node_modules@aws-sdk\middleware-sdk-s3\dist-cjs\index.js:89:20
» at async
» C:\Users\namigupt\AppData\Local@adobe\aio-cli\node_modules@aws-sdk\middleware-logger\dist-cjs\index.js:5:26
» at async RemoteStorage.folderExists
» (C:\Users\namigupt\AppData\Local@adobe\aio-cli\node_modules@adobe\aio-lib-web\lib\remote-storage.js:91:27)
» at async Object.deployWeb
» (C:\Users\namigupt\AppData\Local@adobe\aio-cli\node_modules@adobe\aio-lib-web\src\deploy-web.js:36:18)
» at async Deploy.deploySingleConfig (C:\Users\namigupt\AppData\Local@adobe\aio-cli\node_modules@adobe\aio-cli-p
» lugin-app\src\commands\app\deploy.js:256:35)
» at async Deploy.run (C:\Users\namigupt\AppData\Local@adobe\aio-cli\node_modules@adobe\aio-cli-plugin-app\src\c
» ommands\app\deploy.js:136:9)
» at async Deploy._run (C:\Users\namigupt\AppData\Local@adobe\aio-cli\node_modules@adobe\aio-cli-plugin-app\node
» _modules@oclif\core\lib\command.js:117:22)
» at async Config.runCommand
» (C:\ProgramData\nvm\v24.11.1\node_modules@adobe\aio-cli\node_modules@oclif\core\lib\config\config.js:329:25)
» at async run
» (C:\ProgramData\nvm\v24.11.1\node_modules@adobe\aio-cli\node_modules@oclif\core\lib\main.js:89:16)
» at async AIOCommand.run (C:\ProgramData\nvm\v24.11.1\node_modules@adobe\aio-cli\src\index.js:38:12)</agent_instructions>

Comments on the Issue (you are @copilot in this section)

• Fixes aio app deploy fails with "identity.expiration.getTime is not a function" Error #779

---

🔒 GitHub Advanced Security automatically protects Copilot coding agent pull requests. You can protect all pull requests by enabling Advanced Security for your repositories. Learn more about Advanced Security.

[shazron]

The issue was the users were using a pre-release version of the app plugin, that had older dependencies that did not have the fix for this bug. Closing.