Skip to content

chore: bump aws-cdk-lib from 2.245.0 to 2.261.0#270

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/aws-cdk-lib-2.261.0
Closed

chore: bump aws-cdk-lib from 2.245.0 to 2.261.0#270
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/aws-cdk-lib-2.261.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor

Bumps aws-cdk-lib from 2.245.0 to 2.261.0.

Release notes

Sourced from aws-cdk-lib's releases.

v2.261.0

⚠ BREAKING CHANGES

  • ** L1 resources are automatically generated from public CloudFormation Resource Schemas. They are built to closely reflect the real state of CloudFormation. Sometimes these updates can contain changes that are incompatible with previous types, but more accurately reflect reality. In this release we have changed:
  • aws-cloudwatch: AWS::CloudWatch::LogAlarm: QueryLanguage property has been removed from the ScheduledQueryConfiguration type.
  • aws-elasticloadbalancing: AWS::ElasticLoadBalancing::LoadBalancer: Id attribute has been removed and the primary identifier is now LoadBalancerName.

Features

  • update L1 CloudFormation resource definitions (#38189) (5aabd32)
  • core: add git source metadata to CloudFormation templates (#37368) (765271b)
  • rds: support native Secrets Manager integration for RDS Cluster and Instance (#35734) (07d5623), closes #29239

Bug Fixes


Alpha modules (2.261.0-alpha.0)

Features

  • metrics-facade-alpha: generate metrics facades (#37334) (aa9beb0)

v2.260.0

Features

Bug Fixes

  • bundling: docker build can be skipped if already performed (#38134) (2f9ae95)
  • core: stack traces contain decorator paths (#38130) (318f645)
  • core: weak cross-stack references fail for list attributes (#37948) (6bb9d75), closes #37910
  • lambda-nodejs: reuse posixShellEscape for Docker bundling file operations (#38133) (baa9e1d)

Alpha modules (2.260.0-alpha.0)

v2.259.0

⚠ BREAKING CHANGES

  • lambda: Runtime.NODEJS_LATEST now resolves to nodejs24.x in every region. Customers who pin to a concrete runtime (Runtime.NODEJS_22_X, useLatestRuntimeVersion: false in aws-lambda-nodejs.NodejsFunction) are unaffected. Existing AWS::Lambda::Function resources synthesized with NODEJS_LATEST will see Runtime: nodejs22.xRuntime: nodejs24.x on next deploy. Lambda accepts runtime updates in place.

    Customer-code compatibility — IMPORTANT: Node.js 24 removes support for callback-style asynchronous handlers ((event, context, callback) => {...}) per the launch blog. Customers whose Lambda code still uses callback-based handlers will see runtime errors after the bump. Customers should migrate to async (event, context) => {...} or pin to Runtime.NODEJS_22_X explicitly.

... (truncated)

Changelog

Sourced from aws-cdk-lib's changelog.

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

2.261.0-alpha.0 (2026-07-02)

Features

  • metrics-facade-alpha: generate metrics facades (#37334) (aa9beb0)

2.260.0-alpha.0 (2026-06-16)

2.259.0-alpha.0 (2026-06-11)

2.258.1-alpha.0 (2026-06-08)

2.258.0-alpha.0 (2026-06-04)

Features

  • integ-tests-alpha: add option to set the provider log level (#38005) (c634a79)

Bug Fixes

  • custom-resource-handlers: deterministic asset hashes for generated lambdas (#37634) (6c3d5bc), closes #34307
  • glue-alpha: deprecate Ray Jobs (#38055) (3fa428b)
  • glue-alpha: restore notifyDelayAfter to PySpark and Scala Spark ETL jobs (#37815) (05be88a), closes #33839
  • integ-tests-alpha: assertion failures print too much unnecessary information (#37974) (bc0de1d)
  • mediapackagev2-alpha: cdnAuth on OriginEndpoint now generates the required policy (#38013) (1d56b46)

2.257.0-alpha.0 (2026-05-21)

2.256.1-alpha.0 (2026-05-20)

2.256.0-alpha.0 (2026-05-19)

2.255.0-alpha.0 (2026-05-18)

Features

  • bedrock-agentcore-alpha: Graduation of the library to stable. The Policy submodule is the only submodule that remains in alpha. All other constructs have graduated to stable in aws-cdk-lib/aws-bedrockagentcore and we recommend migrating to the stable versions (#37876) (00cf601)

2.254.0-alpha.0 (2026-05-13)

Features

... (truncated)

Commits
  • 1be62ae chore: update analytics metadata blueprints
  • a5da749 chore(aws-cdk-lib): remove unused table dependency (CVE-2026-13676) (#38235)
  • 5aabd32 feat: update L1 CloudFormation resource definitions (#38189)
  • 2c6988d chore(ec2): add g7e instance class (NVIDIA Blackwell B200) (#37971)
  • 6a1934d fix: improve internal path detection (#38205)
  • 45c9d5e docs: fix grammar errors and typos in source comments (#37577)
  • 07d5623 feat(rds): support native Secrets Manager integration for RDS Cluster and Ins...
  • bad8a3a fix(ecr-assets): tarball asset build command not escaped (#38171)
  • 031aba8 fix: print validation errors according to new style (#38166)
  • 1a342e0 chore(core): use cloud-assembly-schema types for validation (#38168)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [aws-cdk-lib](https://github.com/aws/aws-cdk/tree/HEAD/packages/aws-cdk-lib) from 2.245.0 to 2.261.0.
- [Release notes](https://github.com/aws/aws-cdk/releases)
- [Changelog](https://github.com/aws/aws-cdk/blob/main/CHANGELOG.v2.alpha.md)
- [Commits](https://github.com/aws/aws-cdk/commits/v2.261.0/packages/aws-cdk-lib)

---
updated-dependencies:
- dependency-name: aws-cdk-lib
  dependency-version: 2.261.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: npm. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jul 6, 2026
@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details
PackageVersionScoreDetails
npm/@aws-cdk/asset-awscli-v1 2.2.282 UnknownUnknown
npm/@aws-cdk/asset-node-proxy-agent-v6 2.1.2 UnknownUnknown
npm/@aws-cdk/cloud-assembly-api 2.2.5 UnknownUnknown
npm/@aws-cdk/cloud-assembly-schema 54.8.0 UnknownUnknown
npm/aws-cdk-lib 2.261.0 🟢 5.9
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow⚠️ 0dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ -1internal error: internal error: invalid Dockerfile
License🟢 10license file detected
Branch-Protection🟢 8branch protection is not maximal on development and all release branches
Security-Policy🟢 10security policy file detected
Signed-Releases🟢 85 out of the last 5 releases have a total of 5 signed artifacts.
Binary-Artifacts⚠️ 0binaries present in source code
SAST🟢 9SAST tool detected but not run on all commits
Fuzzing🟢 10project is fuzzed
npm/brace-expansion 5.0.6 🟢 7.2
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1010 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 3Found 8/21 approved changesets -- score normalized to 3
Binary-Artifacts🟢 10no binaries found in the repo
Security-Policy🟢 10security policy file detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies🟢 10all dependencies are pinned
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 9license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/fs-extra 11.3.5 🟢 5.4
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review🟢 6Found 20/29 approved changesets -- score normalized to 6
Packaging⚠️ -1packaging workflow not detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Maintained🟢 1010 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/jsonfile 6.2.1 🟢 3.5
Details
CheckScoreReason
Code-Review🟢 3Found 9/24 approved changesets -- score normalized to 3
Maintained🟢 44 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 4
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/minimatch 10.2.5 🟢 5.2
Details
CheckScoreReason
Code-Review⚠️ 0Found 1/28 approved changesets -- score normalized to 0
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained⚠️ 20 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 2
Packaging⚠️ -1packaging workflow not detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 10security policy file detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/semver 7.8.4 🟢 6.6
Details
CheckScoreReason
Maintained🟢 1018 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Code-Review🟢 8Found 14/17 approved changesets -- score normalized to 8
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST🟢 9SAST tool detected but not run on all commits
npm/semver 7.8.1 🟢 6.6
Details
CheckScoreReason
Maintained🟢 1018 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Code-Review🟢 8Found 14/17 approved changesets -- score normalized to 8
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST🟢 9SAST tool detected but not run on all commits

Scanned Files

  • package-lock.json

@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown

Scan for commit: 63f7de2 | Updated: 2026-07-06 02:45:46 UTC

🔒 Security Scan Results

Scanned files: 2

⚠️ Security findings detected. Please review and address before merging.

@dependabot @github

dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor Author

Looks like aws-cdk-lib is up-to-date now, so this is no longer needed.

@dependabot dependabot Bot closed this Jul 6, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/aws-cdk-lib-2.261.0 branch July 6, 2026 03:03
@frbrkoala

Copy link
Copy Markdown
Contributor

Already updated to ^2.1129.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant