Bump the npm group across 2 directories with 2 updates

[dependabot]

Bumps the npm group with 2 updates in the / directory: aws-cdk-lib and aws-cdk.
Bumps the npm group with 2 updates in the /test directory: aws-cdk-lib and aws-cdk.

Updates aws-cdk-lib from 2.244.0 to 2.245.0

Release notes

Sourced from aws-cdk-lib's releases.

v2.245.0

Features

• update L1 CloudFormation resource definitions (#37332) (6cdf84a)
• autoscaling: add instanceLifecyclePolicy support to AutoScalingGroup Property (#36434) (b72ffcc)
• cloudfront: use JavaScript runtime 2.0 as the default for CloudFront Functions (under feature flag) (#35941) (cd0df14)
• core: add source tracing for L1 construct property mutations (#37285) (f0b6da8)
• ecr-assets: add support for docker build context (#36930) (c0849ea), closes #31598
• s3: add blockedEncryptionTypes field to s3.Bucket (#37047) (262e8a7), closes #36988
• synthetics: add enum value for Synthetics Canary NodeJS 3.1 runtime (#37282) (af1e89c), closes /docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch_Synthetics_Library_Nodejs.html#CloudWatch_Synthetics_runtimeversion-syn-nodejs-3

Bug Fixes

• aws-cdk-lib: toolkit is unaware of CDK app errors (#37294) (093de92)
• eks: throw error when kubectl subnets are isolated (#37217) (73e5006), closes #26613
• lambda: fix typo in addPermission() warning message (#37365) (fa21e62)
• lambda-nodejs: use direct spawn for local bundling (#37292) (9bf4263)
• mixin: use withMixin in Stack to set mixin metadata in its constructs (#37269) (293ce90), closes /github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/core/lib/mixins/private/mixin-metadata.ts#L30
• rds: enablePerformanceInsights false is ignored when other performance insight properties are set (#37287) (b4bca75), closes #37051
• construct errors are rendered in a messy way (#37290) (5104256)
• spec2cdk: throw on unrecognized uppercase prefix in event pattern (#37283) (c68f2f5)

---

Alpha modules (2.245.0-alpha.0)

Features

• s3tables-alpha: add support for partition spec, sort order, and table properties (#36811) (2696cd1)
• s3tables-alpha: add metrics configuration support for TableBucket (#37275) (e8786f5)
• s3tables-alpha: implement ITaggableV2 on TableBucket and Table L2 constructs (#37277) (69c8944), closes #33054

Changelog

Sourced from aws-cdk-lib's changelog.

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

2.245.0-alpha.0 (2026-03-27)

Features

• s3tables-alpha: add support for partition spec, sort order, and table properties (#36811) (2696cd1)
• s3tables-alpha: add metrics configuration support for TableBucket (#37275) (e8786f5)
• s3tables-alpha: implement ITaggableV2 on TableBucket and Table L2 constructs (#37277) (69c8944), closes #33054

2.244.0-alpha.0 (2026-03-19)

Bug Fixes

• kinesisanalytics-flink-alpha: mark deprecated flink runtimes as deprecated (#37155) (0a89447)

2.243.0-alpha.0 (2026-03-11)

2.242.0-alpha.0 (2026-03-10)

Features

• mixins-preview: allow passing resource objects into properties in CFN Property mixins (#37148) (f238629)
• mixins-preview: generate EventBridge pattern for all events (#37081) (f30e836)
• mixins-preview: support custom merge strategies via IMergeStrategy (#37170) (0dec011)

2.241.0-alpha.0 (2026-03-02)

Features

• mixins-preview: add recordFields and outputFormat to Vended Logs Mixin (#37042) (dd94c31)
• mixins-preview: cross account delivery destinations (#36827) (a759eb6)

2.240.0-alpha.0 (2026-02-23)

2.239.0-alpha.0 (2026-02-19)

⚠ BREAKING CHANGES

redshift-alpha: update default node type from DC2_LARGE to RA3_LARGE

Features

• bedrock-agentcore-alpha: add fromCodeAsset method to create runtime artifact with local code assets (#36472) (c5a87e6), closes #36473

... (truncated)

Commits

• eddb6b6 chore: update analytics metadata blueprints
• 25b61db chore(release): 2.245.0
• 6cdf84a feat: update L1 CloudFormation resource definitions (#37332)
• fa21e62 fix(lambda): fix typo in addPermission() warning message (#37365)
• fc59d21 chore(deps): bump the npm_and_yarn group across 3 directories with 1 update (...
• cd0df14 feat(cloudfront): use JavaScript runtime 2.0 as the default for CloudFront Fu...
• 55322ba chore(s3): use BucketReflection for L1-backed property access (#37210)
• 9bf4263 fix(lambda-nodejs): use direct spawn for local bundling (#37292)
• c0849ea feat(ecr-assets): add support for docker build context (#36930)
• ac3eadc chore(deps): update integ runner and cloud assembly versions to include docke...
• Additional commits viewable in compare view

Updates aws-cdk from 2.1113.0 to 2.1114.1

Release notes

Sourced from aws-cdk's releases.

aws-cdk@v2.1114.1

2.1114.1 (2026-03-26)

Bug Fixes

• cli: CLI fails with Package subpath './bin/cdk' is not defined by "exports" (#1265) (9fa6132), closes #1263

aws-cdk@v2.1114.0

2.1114.0 (2026-03-26)

Features

• aws-cdk: remove legacy exports (#1250) (37a8766), closes #310 #310

Bug Fixes

• CLI ignores root cause of CDK App termination (#1243) (a07449b)
• CloudFormation deployment errors are not classified (#1253) (d4448eb)
• error codes are not collected (#1244) (2f61ab4)
• new stacks cannot be deployed with hotswap (#1248) (5a7ac29)
• show diff when requesting approval for any-change (#1255) (cd31d30)

Commits

• 9fa6132 fix(cli): CLI fails with `Package subpath './bin/cdk' is not defined by "expo...
• 7c4304e chore(deps): upgrade dependencies (#1254)
• cd31d30 fix: show diff when requesting approval for any-change (#1255)
• d4448eb fix: CloudFormation deployment errors are not classified (#1253)
• 5d2e5d1 chore: add error codes to all CLI toolkit errors (#1252)
• 2f61ab4 fix: error codes are not collected (#1244)
• 37a8766 feat(aws-cdk): remove legacy exports (#1250)
• 815d959 chore: colocate requireApproval properties (#1247)
• 5a7ac29 fix: new stacks cannot be deployed with hotswap (#1248)
• a07449b fix: CLI ignores root cause of CDK App termination (#1243)
• See full diff in compare view

Updates aws-cdk-lib from 2.244.0 to 2.245.0

Release notes

Sourced from aws-cdk-lib's releases.

v2.245.0

Features

• update L1 CloudFormation resource definitions (#37332) (6cdf84a)
• autoscaling: add instanceLifecyclePolicy support to AutoScalingGroup Property (#36434) (b72ffcc)
• cloudfront: use JavaScript runtime 2.0 as the default for CloudFront Functions (under feature flag) (#35941) (cd0df14)
• core: add source tracing for L1 construct property mutations (#37285) (f0b6da8)
• ecr-assets: add support for docker build context (#36930) (c0849ea), closes #31598
• s3: add blockedEncryptionTypes field to s3.Bucket (#37047) (262e8a7), closes #36988
• synthetics: add enum value for Synthetics Canary NodeJS 3.1 runtime (#37282) (af1e89c), closes /docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch_Synthetics_Library_Nodejs.html#CloudWatch_Synthetics_runtimeversion-syn-nodejs-3

Bug Fixes

• aws-cdk-lib: toolkit is unaware of CDK app errors (#37294) (093de92)
• eks: throw error when kubectl subnets are isolated (#37217) (73e5006), closes #26613
• lambda: fix typo in addPermission() warning message (#37365) (fa21e62)
• lambda-nodejs: use direct spawn for local bundling (#37292) (9bf4263)
• mixin: use withMixin in Stack to set mixin metadata in its constructs (#37269) (293ce90), closes /github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/core/lib/mixins/private/mixin-metadata.ts#L30
• rds: enablePerformanceInsights false is ignored when other performance insight properties are set (#37287) (b4bca75), closes #37051
• construct errors are rendered in a messy way (#37290) (5104256)
• spec2cdk: throw on unrecognized uppercase prefix in event pattern (#37283) (c68f2f5)

---

Alpha modules (2.245.0-alpha.0)

Features

• s3tables-alpha: add support for partition spec, sort order, and table properties (#36811) (2696cd1)
• s3tables-alpha: add metrics configuration support for TableBucket (#37275) (e8786f5)
• s3tables-alpha: implement ITaggableV2 on TableBucket and Table L2 constructs (#37277) (69c8944), closes #33054

Changelog

Sourced from aws-cdk-lib's changelog.

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

2.245.0-alpha.0 (2026-03-27)

Features

• s3tables-alpha: add support for partition spec, sort order, and table properties (#36811) (2696cd1)
• s3tables-alpha: add metrics configuration support for TableBucket (#37275) (e8786f5)
• s3tables-alpha: implement ITaggableV2 on TableBucket and Table L2 constructs (#37277) (69c8944), closes #33054

2.244.0-alpha.0 (2026-03-19)

Bug Fixes

• kinesisanalytics-flink-alpha: mark deprecated flink runtimes as deprecated (#37155) (0a89447)

2.243.0-alpha.0 (2026-03-11)

2.242.0-alpha.0 (2026-03-10)

Features

• mixins-preview: allow passing resource objects into properties in CFN Property mixins (#37148) (f238629)
• mixins-preview: generate EventBridge pattern for all events (#37081) (f30e836)
• mixins-preview: support custom merge strategies via IMergeStrategy (#37170) (0dec011)

2.241.0-alpha.0 (2026-03-02)

Features

• mixins-preview: add recordFields and outputFormat to Vended Logs Mixin (#37042) (dd94c31)
• mixins-preview: cross account delivery destinations (#36827) (a759eb6)

2.240.0-alpha.0 (2026-02-23)

2.239.0-alpha.0 (2026-02-19)

⚠ BREAKING CHANGES

redshift-alpha: update default node type from DC2_LARGE to RA3_LARGE

Features

• bedrock-agentcore-alpha: add fromCodeAsset method to create runtime artifact with local code assets (#36472) (c5a87e6), closes #36473

... (truncated)

Commits

• eddb6b6 chore: update analytics metadata blueprints
• 25b61db chore(release): 2.245.0
• 6cdf84a feat: update L1 CloudFormation resource definitions (#37332)
• fa21e62 fix(lambda): fix typo in addPermission() warning message (#37365)
• fc59d21 chore(deps): bump the npm_and_yarn group across 3 directories with 1 update (...
• cd0df14 feat(cloudfront): use JavaScript runtime 2.0 as the default for CloudFront Fu...
• 55322ba chore(s3): use BucketReflection for L1-backed property access (#37210)
• 9bf4263 fix(lambda-nodejs): use direct spawn for local bundling (#37292)
• c0849ea feat(ecr-assets): add support for docker build context (#36930)
• ac3eadc chore(deps): update integ runner and cloud assembly versions to include docke...
• Additional commits viewable in compare view

Updates aws-cdk from 2.1113.0 to 2.1114.1

Release notes

Sourced from aws-cdk's releases.

aws-cdk@v2.1114.1

2.1114.1 (2026-03-26)

Bug Fixes

• cli: CLI fails with Package subpath './bin/cdk' is not defined by "exports" (#1265) (9fa6132), closes #1263

aws-cdk@v2.1114.0

2.1114.0 (2026-03-26)

Features

• aws-cdk: remove legacy exports (#1250) (37a8766), closes #310 #310

Bug Fixes

• CLI ignores root cause of CDK App termination (#1243) (a07449b)
• CloudFormation deployment errors are not classified (#1253) (d4448eb)
• error codes are not collected (#1244) (2f61ab4)
• new stacks cannot be deployed with hotswap (#1248) (5a7ac29)
• show diff when requesting approval for any-change (#1255) (cd31d30)

Commits

• 9fa6132 fix(cli): CLI fails with `Package subpath './bin/cdk' is not defined by "expo...
• 7c4304e chore(deps): upgrade dependencies (#1254)
• cd31d30 fix: show diff when requesting approval for any-change (#1255)
• d4448eb fix: CloudFormation deployment errors are not classified (#1253)
• 5d2e5d1 chore: add error codes to all CLI toolkit errors (#1252)
• 2f61ab4 fix: error codes are not collected (#1244)
• 37a8766 feat(aws-cdk): remove legacy exports (#1250)
• 815d959 chore: colocate requireApproval properties (#1247)
• 5a7ac29 fix: new stacks cannot be deployed with hotswap (#1248)
• a07449b fix: CLI ignores root cause of CDK App termination (#1243)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 1 package(s) with unknown licenses.

See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA eaf9351.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

test/package.json

Package	Version	License	Issue Type
aws-cdk-lib	^2.245.0	Null	Unknown License

OpenSSF Scorecard

Package	Version	Score	Details
npm/@aws-cdk/cloud-assembly-schema	53.9.0	Unknown	Unknown
npm/aws-cdk	2.1114.1	Unknown	Unknown
npm/aws-cdk-lib	2.245.0	🟢 5.6	Details Check Score Reason Code-Review 🟢 10 all changesets reviewed Maintained 🟢 10 30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow ⚠️ 0 dangerous workflow patterns detected Pinned-Dependencies ⚠️ -1 internal error: internal error: invalid Dockerfile License 🟢 10 license file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy 🟢 10 security policy file detected Signed-Releases 🟢 8 5 out of the last 5 releases have a total of 5 signed artifacts. Binary-Artifacts ⚠️ 0 binaries present in source code Fuzzing 🟢 10 project is fuzzed SAST 🟢 9 SAST tool detected but not run on all commits
npm/aws-cdk	^2.1114.1	Unknown	Unknown
npm/aws-cdk-lib	^2.245.0	Unknown	Unknown

Scanned Files

• pnpm-lock.yaml
• test/package.json