chore(ci): automate jsii & typescript updates

.github/MAINTENANCE.md

@@ -15,6 +15,8 @@ Dependency upgrades (for security purposes as well as a best practice) can be di
 
 The following Actions exist to automate various dependency upgrades:
 
+- [upgrade-jsii-typescript](https://github.com/cdktf/cdktf-tf-module-stack/actions/workflows/upgrade-jsii-typescript.yml): This is a custom workflow (source [here](https://github.com/cdktf/cdktf-tf-module-stack/blob/main/projenrc/upgrade-jsii-typescript.ts)) that checks the [JSII support timeline](https://github.com/aws/jsii-compiler/blob/main/README.md#gear-maintenance--support) daily via [this](https://github.com/cdktf/cdktf-tf-module-stack/blob/main/scripts/check-jsii-versions.js) script to see if the current version is less than 30 days away from EOS, and if so, creates a PR upgrading to the next supported version. The code for the upgrade itself lives in [this](https://github.com/cdktf/cdktf-tf-module-stack/blob/main/scripts/update-jsii-typescript.sh) script. This process is 100% automated; as long as the build succeeds and any tests pass, the PR will be automatically merged without any human intervention.
+  - This workflow can also be manually triggered, optionally taking a hard-coded JSII/TypeScript version as input in case we ever want to upgrade to a newer version without waiting until the old one is less than 30 days away from EOS.
 - [upgrade-main](https://github.com/cdktf/cdktf-tf-module-stack/actions/workflows/upgrade-main.yml): This is a Projen built-in/default workflow that handles automated dependency updates. It currently runs on a weekly basis, which can be configured [here](https://github.com/cdktf/cdktf-tf-module-stack/blob/b9939ad9f3bc6bc5bd7a4f348c953d776778506d/.projenrc.ts#L49). Projen will upgrade itself as part of this process. This process is 100% automated; as long as the build succeeds and any tests pass, the PR that is generated will be automatically merged without any human intervention.
 
 Dependabot is also [configured](https://github.com/cdktf/cdktf-tf-module-stack/blob/main/.github/dependabot.yml) to check for new security updates daily and, if found, make changes to the lockfile only. This is because Dependabot can sometimes address security issues in dependencies more quickly than Projen due to its atomic nature. While you could tweak the Dependabot settings, note that Projen and Dependabot do not generally play nicely together; in particular, Dependabot cannot make changes to `package.json` because Projen would just override these changes (hence the reason why Dependabot is currently limited to lockfile-only). If you wanted to fully automate dependency management using Dependabot, you would want to disable Projen's [automatic updates](https://projen.io/docs/api/typescript#projen.typescript.TypeScriptProjectOptions.property.depsUpgrade).
@@ -24,7 +26,6 @@ Dependabot is also [configured](https://github.com/cdktf/cdktf-tf-module-stack/b
 The following Actions either need to be manually triggered or require significant manual effort as part of the upgrade process:
 
 - [upgrade-cdktf](https://github.com/cdktf/cdktf-tf-module-stack/actions/workflows/upgrade-cdktf.yml): This is a custom workflow (source [here](https://github.com/cdktf/cdktf-tf-module-stack/blob/main/projenrc/upgrade-cdktf.ts)) that runs four times a day and checks whether there is a new minor version of CDKTF itself (e.g. `0.19`, `0.20`, `0.21`, etc.), using the latest version published to npm as the source of truth. If a new version is found, it runs [this](https://github.com/cdktf/cdktf-tf-module-stack/blob/main/scripts/update-cdktf.sh) script to update the CDKTF version in all the right places, and then it creates a draft PR. The reason for the draft status is because a few steps related to the upgrade cannot be automated and must be done manually by an engineer; these are outlined step-by-step in the PR body. Once the steps are completed, the PR can be marked as ready for review & approved in order to complete the upgrade.
-- [upgrade-jsii-typescript](https://github.com/cdktf/cdktf-tf-module-stack/actions/workflows/upgrade-jsii-typescript.yml): This is a custom workflow (source [here](https://github.com/cdktf/cdktf-tf-module-stack/blob/main/projenrc/upgrade-jsii-typescript.ts)) that must be manually triggered because there currently is no programmatic way to determine when a JSII version is no longer supported. This means that somebody should be monitoring the [JSII support timeline](https://github.com/aws/jsii-compiler/blob/main/README.md#gear-maintenance--support) to determine when it's time to upgrade. The script takes as input the desired new version, and all the steps afterwards are fully automated. The code for the upgrade itself lives in [this](https://github.com/cdktf/cdktf-tf-module-stack/blob/main/scripts/update-jsii-typescript.sh) script.
 
 ### Not Automated
 

.projenrc.ts

@@ -91,8 +91,6 @@ new UpgradeJSIIAndTypeScript(project, typescriptVersion);
 
 project.addPeerDeps("cdktf@>=0.20.0", `constructs@^${constructsVersion}`);
 project.addDevDeps(
-  "semver",
-  "@types/semver",
   "@cdktf/provider-null@>=10.0.0",
   "@cdktf/provider-random@>=11.0.0"
 );