[Snyk] Upgrade aws-cdk-lib from 2.172.0 to 2.230.0 by boyney123 · Pull Request #297 · event-catalog/generators

boyney123 · 2025-12-22T10:12:11Z

Snyk has created this PR to upgrade aws-cdk-lib from 2.172.0 to 2.230.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 77 versions ahead of your current version.
The recommended version was released a month ago.

Issues fixed by the recommended upgrade:

Issue	Score	Exploit Maturity
Insertion of Sensitive Information into Log File SNYK-JS-AWSCDKLIB-9576209	469	No Known Exploit
Incorrect Default Permissions SNYK-JS-AWSCDKLIB-9511702	469	No Known Exploit
Incorrect Execution-Assigned Permissions SNYK-JS-AWSCDKLIB-9712558	469	No Known Exploit
Improper Verification of Cryptographic Signature SNYK-JS-AWSCDKLIB-8647962	469	No Known Exploit

Release notes

Package name: aws-cdk-lib

2.230.0 - 2025-11-26
Features
- apigateway: support response streaming with response transfer mode (#36155) (f431021), closes #36156
- update L1 CloudFormation resource definitions (f203b8e)
- update L1 CloudFormation resource definitions (#36193) (d074024)
- events: the L2 EventPattern interfaces can be used with CfnRule (#36191) (efc135e)
- update L1 CloudFormation resource definitions (#36180) (5cddd7e)
Bug Fixes
- ecs: wrong ARN generated in Cluster.grantTaskProtection method (#36207) (9b337df)
- ecs-patterns: target group ID changes without setting feature flag (#36199) (b7ca082), closes #36149
- scheduler: wrong ARN generated in ScheduleGroup.grant* methods (#36175) (eae8838)
Alpha modules (2.230.0-alpha.0)

Features
- bedrock-agentcore-alpha: update resources on grantInvokeXXX for runtime (#35864) (5dad62f)
- imagebuilder-alpha: add support for Image Pipeline Construct (#36153) (d8c324a), closes aws/aws-cdk-rfcs#789 aws/aws-cdk-rfcs#789
- imagebuilder-alpha: add support for Lifecycle Policy Construct (#36152) (7e31eb6), closes aws/aws-cdk-rfcs#789 aws/aws-cdk-rfcs#789
- mixins-preview: adds LogDelivery Mixins for 47 resources (#36158) (6607ce9)
- mixins-preview: vended log deliveries (#36138) (69442a8)
- mixins-preview: helpers to generate EventBridge event patterns for 26 services (#36121) (073185d)
Bug Fixes
- mixins-preview: AutoDeleteObjects mixin fails with cannot find file error (#36188) (3ef337d), closes aws-cdk/mixins-preview/lib/custom-resource-handlers/aws-s3/auto-delete-objects-provider.ts#L21
- mixins-preview: ResourcePolicy with this name already exists error when setting up LogDelivery (#36195) (f9aa31d)
- mixins-preview: cannot use string literal types for S3LogsDeliveryProps.permissionsVersion (#36197) (cc491df)
2.229.1 - 2025-11-25
Bug Fixes
- scheduler: wrong ARN generated in ScheduleGroup.grant* methods (#36175) (ca9fbdd)
Alpha modules (2.229.1-alpha.0)
2.229.0 - 2025-11-24
Features
- agentcore: add new properties for runtime, browser (#36003) (439495f)
- route53: add HostedZoneGrants (#36109) (d24305c)
Bug Fixes
- stepfunctions: allow multiline jsonata strings (#35985) (8805e13), closes #35912 #35912
Alpha modules (2.229.0-alpha.0)

Features
- imagebuilder-alpha: add support for Container Recipe Construct (#36091) (875e0e7), closes aws/aws-cdk-rfcs#789 aws/aws-cdk-rfcs#789
- imagebuilder-alpha: add support for Image Recipe Construct (#36092) (4361f8b), closes aws/aws-cdk-rfcs#789 aws/aws-cdk-rfcs#789
- imagebuilder-alpha: add support for Workflow Construct (#36007) (616d32a), closes aws/aws-cdk-rfcs#789 aws/aws-cdk-rfcs#789
- mixins-preview: developer preview of CDK Mixins (#36136) (0c6ee1d)
Bug Fixes
- bedrock-agentcore-alpha: empty submodule accidentally exposed and runtime validation fix (#36148) (72d3e6f)
2.228.0 - 2025-11-24
Features
- lambda: add new lambda/kafka esm properties and on failure desitination (65f9c35)
Bug Fixes
- cloudformation-include: TypeError when including template with intrinsic functions (#36157) (f2a384b), closes #36140 #35838
Alpha modules (2.228.0-alpha.0)
2.227.0 - 2025-11-21
CHANGES TO L1 RESOURCES: L1 resources are automatically generated from public CloudFormation Resource Schemas. They are built to closely reflect the real state of CloudFormation. Sometimes these updates can contain changes that are incompatible with previous types, but more accurately reflect reality. In this release we have changed:
- aws-backup: AWS::Backup::LogicallyAirGappedBackupVault: EncryptionKeyArn attribute removed.
Features
- stepfunctions: add StateMachineGrants (#36094) (59ef00d)
- update L1 CloudFormation resource definitions (#36122) (51d805e)
- core: cfn constructs (L1s) can now accept constructs as parameters for known resource relationships (#35838) (6be7b4b)
- factory methods for Grants made public (#36123) (f9a894f)
- dynamodb: add TableGrants and StreamGrants (#36093) (d0b074a)
- rds: support instance and iam-db-auth-error CloudWatch log exports (#35058) (e71a8b1), closes #35018
- s3: add BucketGrants (#36102) (5891172)
- grants are now available through a separate class (#35782) (21fd959)
Alpha modules (2.227.0-alpha.0)

Features
- bedrock-agentcore-alpha: agentcore gateway L2 construct (#35771) (07c4a0d)
- imagebuilder-alpha: add support for Component Construct (#36107) (93a76e4), closes #36006 #36104
- imagebuilder-alpha: add support for Distribution Configuration Construct (#36108) (6051039), closes #36005
Bug Fixes
- bedrock-agentcore-alpha: fix unexpected validation error when properties are Token (#35978) (084b736)
2.226.0 - 2025-11-20
Features
- dynamodb: compound keys for global secondary indexes (046b06d)
- lambda: add multi-tenancy support with TenancyConfig (5f384db)
Alpha modules (2.226.0-alpha.0)
2.225.0 - 2025-11-17
⚠ BREAKING CHANGES
- ** L1 resources are automatically generated from public CloudFormation Resource Schemas. They are built to closely reflect the real state of CloudFormation. Sometimes these updates can contain changes that are incompatible with previous types, but more accurately reflect reality. In this release we have changed:
  - aws-dynamodb: AWS::DynamoDB::GlobalTable: ResourcePolicy property is now required.
Features
- update L1 CloudFormation resource definitions (#36082) (3df1d81)
- custom-resource: add External ID support for AwsCustomResource (#35252) (9f6c02b), closes #34018
- route53: support restricting delegated zone names when using grantDelegation (#35129) (d832aca)
Bug Fixes
- aws-cdk-lib: temporary Cloud Assemblies are not cleaned up (#36043) (1ace1ef), closes #802
- cognito: remove overly strict validation for threat protection on non-PLUS plans (#36027) (172c65f), closes #36023
- s3-deployment: Source.jsonData() fails with null JSON values (#36054) (67b85f2), closes #36052
Reverts
- (dynamodb) revert Table.table field to private to fix .NET naming (#36029) (d84fce8), closes #36025 #35554
Alpha modules (2.225.0-alpha.0)
2.224.0 - 2025-11-13
⚠ BREAKING CHANGES
- aws-cdk-lib: Reference interfaces (such as IBucketRef, IRoleRef, etc.) were moved to a new aws-cdk-lib.interfaces submodule to prevent cyclic dependencies between service modules. If you are importing reference interfaces, you have to update import statements accordingly. See #36060 for full details.
- Amazon.CDK.Lib (.NET): The .NET namespace for multiple submodules has changed. If you are using any of the renamed submodules, you have to update using statements for these submodules. See #36037 for full details.
- L1 resources are automatically generated from public CloudFormation Resource Schemas. They are built to closely reflect the real state of CloudFormation. Sometimes these updates can contain changes that are incompatible with previous types, but more accurately reflect reality. In this release we have changed:
aws-opensearchserverless: AWS::OpenSearchServerless::Collection: StandbyReplicas property is now immutable.
aws-servicecatalog: AWS::ServiceCatalog::PortfolioPrincipalAssociation: Id attribute removed.

Features
- apigateway: add option for consolidating lambda permissions for rest and http lambda integrations (#36021) (35f8e46), closes #9327 #19535 #35705
- update L1 CloudFormation resource definitions (#35994) (47a9a20)
- core: add methods to SecretValue and aws-secretsmanager Secret to obtain a literal (unresolved by CloudFormation) dynamic reference key (#34397) (#35105) (457aa99), closes /github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/core/lib/secret-value.ts#L98C17-L98C31 /github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/aws-secretsmanager/lib/secret.ts#L499
- eks: add support for Kubernetes version 1.34 (#36016) (60096ac), closes #35717
- lambda: add nodejs24.x runtime for Lambda (#36001) (404bf1a)
- sagemaker: add support for serverless inference endpoints (#35557) (3f5c5ac), closes #23148 #23148
- stepfunctions-tasks: add architecture support to EvaluateExpression (#35468) (771ea13), closes #34974
Bug Fixes
- aws-cdk-lib: move reference interfaces to their own submodules (#35971) (1e4dfe6)
- aws-cdk-lib: multiple submodules use an incorrect namespace for .NET (#36002) (e48e584)
- dynamodb: resolve circular dependency with AccountRootPrincipal grants (#35983) (24d2adf), closes #35967
- ecs: allow empty placementStrategies on EC2Service (#35580) (0d773b1), closes #30382 /github.com/aws/aws-cdk/pull/27572#issuecomment-1766287866
Alpha modules (2.224.0-alpha.0)

Features
- imagebuilder-alpha: add support for EC2 Image Builder L2 Constructs - Infrastructure Configuration (#35882) (db1d964), closes aws/aws-cdk-rfcs#789 aws/aws-cdk-rfcs#789
2.223.0 - 2025-11-10
⚠ BREAKING CHANGES

L1 resources are automatically generated from public CloudFormation Resource Schemas. They are built to closely reflect the real state of CloudFormation. Sometimes these updates can contain changes that are incompatible with previous types, but more accurately reflect reality. In this release we have changed:
- aws-dynamodb: AWS::DynamoDB::GlobalTable: GlobalTableSettingsReplicationMode property removed.
- aws-dynamodb: AWS::DynamoDB::GlobalTable: GlobalTableSourceArn property removed.
- aws-dynamodb: AWS::DynamoDB::Table: GlobalTableSettingsReplicationMode property removed.
- aws-events: AWS::Events::EventBusPolicy: Id attribute removed.
Features
- update L1 CloudFormation resource definitions (#35926) (3f4d585)
- ec2: support for Cloud Wan Core Network routes (#35008) (fba027b)
- s3-deployment: support securityGroups in BucketDeploymentProps (#33233) (f2a3166), closes #33229
Bug Fixes
- stepfunctions: DistributedMap ResultWriter correct query language selection (#35834) (75b8ead), closes #35403
- onEvent function to pass all the options to rule resource (#35829) (3d7023d)
Alpha modules (2.223.0-alpha.0)
2.222.0 - 2025-11-04
⚠ BREAKING CHANGES
- bedrock-agentcore: The signature of RuntimeAuthorizerConfiguration.usingCognito() has changed to accept IUserPool and IUserPoolClient constructs instead of string parameters, and now supports multiple clients.
Features
- apigateway: add binaryMediaTypes property to SpecRestApi (#35502) (bf10d94), closes #35498
- apigatewayv2: WebSocketStage support accessLogSettings (#34766) (dad112e), closes #21935
- bedrock-agentcore: use IUserPool and IUserPoolClient interfaces instead of string identifiers (#35860) (a38afc9), closes #35854
- core: IEnvironmentAware interface to retrieve a construct's environment (#35817) (8ee5d4b)
- elasticloadbalancingv2: create security group settings for NLB by default (under feature flag) (#34675) (ff83cfd), closes #34606 /github.com/aws/aws-cdk/issues/34606#issuecomment-2931313249
- events-targets: support Amazon Data Firehose target using Firehose's IDeliveryStream (#33798) (a374b6b), closes #33757 #33758
- kinesisfirehose: add built-in data processors to decompress CloudWatch logs and extract messages (#33749) (5dec21e), closes #33691 #20242 /github.com/aws/aws-cdk/issues/33691#issuecomment-2713012245
- lambda: add Java25 runtime for Lambda (#35867) (db71fac)
- lambda: add Python 3.14 runtime for Lambda (#35869) (ebef303)
- memory: add agentcore memory l2 construct (#35757) (6a2e17e)
- msk: support Express brokers (#34741) (0a69e5f), closes #32923
Bug Fixes
- agentcore: addToRolePolicy for runtime with imported role destroys and recreates policies on every deployment (#35842) (92525e4), closes #35844 40aws-cdk/aws-bedrock-agentcore-alpha/agentcore/runtime/runtime-base.ts#L253
- agentcore: custom execution role policy for runtime lacks proper permissions (#35849) (ee94b63), closes #35852 40aws-cdk/aws-bedrock-agentcore-alpha/agentcore/runtime/runtime-artifact.ts#L65 40aws-cdk/aws-bedrock-agentcore-alpha/agentcore/runtime/runtime.ts#L252-L259 /github.com/aws/aws-cdk/blob/v2.221.0/packages/aws-cdk-lib/aws-codepipeline/lib/pipeline.ts#L693 /github.com/aws/aws-cdk/blob/v2.221.0/packages/aws-cdk-lib/aws-lambda/lib/function.ts#L1468 /github.com/aws/aws-cdk/blob/v2.221.0/packages/aws-cdk-lib/aws-ecs/lib/base/base-service.ts#L1161
- dynamodb: addToResourcePolicy has no effect (#35554) (94d7e34), closes #35062
- ecs: remove empty CfnClusterCapacityProviderAssociations resource (#35783) (c8a131b), closes #35699 #35742
- iam: cannot grant lambda:InvokeFunction on ManagedPolicy or Policy via grantInvoke() method (#32984) (a07d75a), closes #32980 /github.com/aws/aws-cdk/pull/32984#pullrequestreview-2863553504
- compilation failure in Go (#35871) (5e4f603), closes aws/aws-cdk#35770 #35862
- ec2: remove PassRole policy emitted by cloudwatch vpc flow destination (#35762) (c4b80df), closes #35729
Alpha modules (2.222.0-alpha.0)

Features
- eks-v2-alpha: eks-v2-alpha is now in developer preview (#35801) (32afc0f)
Bug Fixes
- bedrock-alpha: apply permission dependency to existing and non-existing roles (#35123) (b39ccf3), closes #35120
- eks-v2-alpha: remove hyphen from Go package name (#35927) (2cdfc8a)
2.221.1 - 2025-10-29
2.221.0 - 2025-10-24
2.220.0 - 2025-10-14
2.219.0 - 2025-10-01
2.218.0 - 2025-09-29
2.217.0 - 2025-09-25
2.216.0 - 2025-09-22
2.215.0 - 2025-09-15
2.214.1 - 2025-10-03
2.214.0 - 2025-09-02
2.213.0 - 2025-08-28
2.212.0 - 2025-08-20
2.211.0 - 2025-08-13
2.210.0 - 2025-08-06
2.209.1 - 2025-08-06
2.209.0 - 2025-08-05
2.208.0 - 2025-07-29
2.207.0 - 2025-07-24
2.206.0 - 2025-07-16
2.205.0 - 2025-07-15
2.204.0 - 2025-07-04
2.203.1 - 2025-07-02
2.203.0 - 2025-07-01
2.202.0 - 2025-06-20
2.201.0 - 2025-06-13
2.200.2 - 2025-06-12
2.200.1 - 2025-06-03
2.200.0 - 2025-06-02
2.199.0 - 2025-05-27
2.198.0 - 2025-05-23
2.197.0 - 2025-05-21
2.196.1 - 2025-05-19
2.196.0 - 2025-05-16
2.195.0 - 2025-05-07
2.194.0 - 2025-05-02
2.193.0 - 2025-04-30
2.192.0 - 2025-04-25
2.191.0 - 2025-04-23
2.190.0 - 2025-04-17
2.189.1 - 2025-04-14
2.189.0 - 2025-04-09
2.188.0 - 2025-04-04
2.187.0 - 2025-03-31
2.186.0 - 2025-03-27
2.185.0 - 2025-03-19
2.184.1 - 2025-03-14
2.184.0 - 2025-03-13
2.183.0 - 2025-03-12
2.182.0 - 2025-03-05
2.181.1 - 2025-02-28
2.181.0 - 2025-02-26
2.180.0 - 2025-02-21
2.179.0 - 2025-02-18
2.178.2 - 2025-02-12
2.178.1 - 2025-02-07
2.178.0 - 2025-02-06
2.177.0 - 2025-01-25
2.176.0 - 2025-01-15
2.175.1 - 2025-01-11
2.175.0 - 2025-01-10
2.174.1 - 2025-01-07
2.174.0 - 2025-01-04
2.173.4 - 2024-12-27
2.173.3 - 2024-12-26
2.173.2 - 2024-12-18
2.173.1 - 2024-12-14
2.173.0 - 2024-12-12
2.172.0 - 2024-12-07

from aws-cdk-lib GitHub release notes

Important

Check the changes in this PR to ensure they won't cause issues with your project.
This PR was automatically created by Snyk using the credentials of a real user.
Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

📜 Customise PR templates

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade aws-cdk-lib from 2.172.0 to 2.230.0. See this package in npm: aws-cdk-lib See this project in Snyk: https://app.snyk.io/org/dave-HrjdrnUmb4ubEpgqRj5FZH/project/a99af506-7209-4fa0-80da-40aafd725a08?utm_source=github&utm_medium=referral&page=upgrade-pr

changeset-bot · 2025-12-22T10:12:16Z

⚠️ No Changeset found

Latest commit: 8a9c94a

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

CLAassistant · 2025-12-22T10:12:18Z

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

Uh oh!

Conversation

boyney123 commented Dec 22, 2025

Snyk has created this PR to upgrade aws-cdk-lib from 2.172.0 to 2.230.0.

Issues fixed by the recommended upgrade:

Features

Bug Fixes

Alpha modules (2.230.0-alpha.0)

Features

Bug Fixes

Bug Fixes

Alpha modules (2.229.1-alpha.0)

Features

Bug Fixes

Alpha modules (2.229.0-alpha.0)

Features

Bug Fixes

Features

Bug Fixes

Alpha modules (2.228.0-alpha.0)

Features

Alpha modules (2.227.0-alpha.0)

Features

Bug Fixes

Features

Alpha modules (2.226.0-alpha.0)

⚠ BREAKING CHANGES

Features

Bug Fixes

Reverts

Alpha modules (2.225.0-alpha.0)

⚠ BREAKING CHANGES

Features

Bug Fixes

Alpha modules (2.224.0-alpha.0)

Features

⚠ BREAKING CHANGES

Features

Bug Fixes

Alpha modules (2.223.0-alpha.0)

⚠ BREAKING CHANGES

Features

Bug Fixes

Alpha modules (2.222.0-alpha.0)

Features

Bug Fixes

Uh oh!

changeset-bot bot commented Dec 22, 2025

⚠️ No Changeset found

Uh oh!

CLAassistant commented Dec 22, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants