chore(deps): bump the aws-cdk group across 1 directory with 3 updates

[dependabot]

Bumps the aws-cdk group with 3 updates in the / directory: @aws-cdk/cdk-assets-lib, @aws-cdk/toolkit-lib and aws-cdk-lib.

Updates @aws-cdk/cdk-assets-lib from 1.4.10 to 1.4.11

Release notes

Sourced from @​aws-cdk/cdk-assets-lib's releases.

@​aws-cdk/cdk-assets-lib@​v1.4.11

1.4.11 (2026-06-15)

Bug Fixes

• cdk-assets: re-tag docker image for multi-destination publishes (#1591) (3ec7934)

Commits

• 995a457 chore(deps): upgrade dependencies (#1626)
• 16d8bc4 refactor: extract zip utilities into shared @aws-cdk/tools package (#1512)
• 3ec7934 fix(cdk-assets): re-tag docker image for multi-destination publishes (#1591)
• 1b92d2c chore(deps): upgrade dependencies (#1599)
• See full diff in compare view

Updates @aws-cdk/toolkit-lib from 1.28.0 to 1.29.0

Release notes

Sourced from @​aws-cdk/toolkit-lib's releases.

@​aws-cdk/toolkit-lib@​v1.29.0

1.29.0 (2026-06-15)

Features

• --debug-app enables jsii stack traces (#1623) (aafc3c8)
• cli: cdk validate command (behind --unstable flag) (#1527) (c03ef3e)
• cli: add --debug-app and --debug-cli flags (#1604) (a0e68fb)
• cli: cdk validate --online (#1539) (a731ce8), closes #1527

Bug Fixes

• total deploy time is not well-accounted for (#1596) (c5db51a)

Commits

• 995a457 chore(deps): upgrade dependencies (#1626)
• aafc3c8 feat: --debug-app enables jsii stack traces (#1623)
• 16d8bc4 refactor: extract zip utilities into shared @aws-cdk/tools package (#1512)
• a0e68fb feat(cli): add --debug-app and --debug-cli flags (#1604)
• a731ce8 feat(cli): cdk validate --online (#1539)
• a058877 refactor(cli): use the list action from toolkit-lib in the CLI (#1603)
• 7104791 chore(deps): upgrade dependencies (#1607)
• c03ef3e feat(cli): cdk validate command (behind --unstable flag) (#1527)
• c5db51a fix: total deploy time is not well-accounted for (#1596)
• 1b92d2c chore(deps): upgrade dependencies (#1599)
• See full diff in compare view

Updates aws-cdk-lib from 2.258.0 to 2.260.0

Release notes

Sourced from aws-cdk-lib's releases.

v2.260.0

Features

• update L1 CloudFormation resource definitions (#38151) (f266a47), closes /docs.aws.amazon.com/AmazonS3/latest/userguide/s3-files-prereq-policies.html#s3
• core: add external traces to ConstructError (#38131) (e360dd9)
• core: append external stack traces to metadata if available (#38124) (c77a08c)

Bug Fixes

• bundling: docker build can be skipped if already performed (#38134) (2f9ae95)
• core: stack traces contain decorator paths (#38130) (318f645)
• core: weak cross-stack references fail for list attributes (#37948) (6bb9d75), closes #37910
• lambda-nodejs: reuse posixShellEscape for Docker bundling file operations (#38133) (baa9e1d)

---

Alpha modules (2.260.0-alpha.0)

v2.259.0

⚠ BREAKING CHANGES

• lambda: Runtime.NODEJS_LATEST now resolves to nodejs24.x in every region. Customers who pin to a concrete runtime (Runtime.NODEJS_22_X, useLatestRuntimeVersion: false in aws-lambda-nodejs.NodejsFunction) are unaffected. Existing AWS::Lambda::Function resources synthesized with NODEJS_LATEST will see Runtime: nodejs22.x → Runtime: nodejs24.x on next deploy. Lambda accepts runtime updates in place.

  Customer-code compatibility — IMPORTANT: Node.js 24 removes support for callback-style asynchronous handlers ((event, context, callback) => {...}) per the launch blog. Customers whose Lambda code still uses callback-based handlers will see runtime errors after the bump. Customers should migrate to async (event, context) => {...} or pin to Runtime.NODEJS_22_X explicitly.

Features

• core: recommend the use of weak references if no choice has been made (#38070) (6e74e5e)
• ecs: add forceNewDeployment option for Fargate and EC2 services (#36797) (3d9c4df), closes #27762
• eks: use the recommended AL2023 instead of AL2 AMI type (under feature flag) (#37850) (6a2dcb7), closes #32211
• lambda: upgrade lambda and custom resource default runtime to nodejs24.x (#38031) (36c84c6)

Bug Fixes

• spec2cdk: sanitize hyphens in EventBridge event namespace names (#38088) (b8f41bf), closes 40aws-cdk/spec2cdk/lib/naming/conventions.ts#L195

Reverts

• "chore(bundling): check if docker image is cached before building" (#38116) (359f2fb), closes aws/aws-cdk#37951

---

Alpha modules (2.259.0-alpha.0)

v2.258.1

Reverts

• "chore(bundling): check if docker image is cached before building" (#38116) (8ec236c), closes aws/aws-cdk#37951

---

Alpha modules (2.258.1-alpha.0)

Changelog

Sourced from aws-cdk-lib's changelog.

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

2.260.0-alpha.0 (2026-06-16)

2.259.0-alpha.0 (2026-06-11)

2.258.1-alpha.0 (2026-06-08)

2.258.0-alpha.0 (2026-06-04)

Features

• integ-tests-alpha: add option to set the provider log level (#38005) (c634a79)

Bug Fixes

• custom-resource-handlers: deterministic asset hashes for generated lambdas (#37634) (6c3d5bc), closes #34307
• glue-alpha: deprecate Ray Jobs (#38055) (3fa428b)
• glue-alpha: restore notifyDelayAfter to PySpark and Scala Spark ETL jobs (#37815) (05be88a), closes #33839
• integ-tests-alpha: assertion failures print too much unnecessary information (#37974) (bc0de1d)
• mediapackagev2-alpha: cdnAuth on OriginEndpoint now generates the required policy (#38013) (1d56b46)

2.257.0-alpha.0 (2026-05-21)

2.256.1-alpha.0 (2026-05-20)

2.256.0-alpha.0 (2026-05-19)

2.255.0-alpha.0 (2026-05-18)

Features

• bedrock-agentcore-alpha: Graduation of the library to stable. The Policy submodule is the only submodule that remains in alpha. All other constructs have graduated to stable in aws-cdk-lib/aws-bedrockagentcore and we recommend migrating to the stable versions (#37876) (00cf601)

2.254.0-alpha.0 (2026-05-13)

Features

• bedrock-agentcore-alpha: add tags support to Evaluator and OnlineEvaluationConfig (#37804) (adbf88f)
• bedrock-agentcore-alpha: add identity L2 constructs (#37610) (67c3af2)
• mediapackagev2-alpha: add OAC integration between CloudFront and MediaPackageV2 (#37701) (654f59c)

Bug Fixes

... (truncated)

Commits

• f266a47 feat: update L1 CloudFormation resource definitions (#38151)
• 318f645 fix(core): stack traces contain decorator paths (#38130)
• 2f9ae95 fix(bundling): docker build can be skipped if already performed (#38134)
• aeafa63 docs(pipelines): clarify format of DockerHub creds (#38132)
• baa9e1d fix(lambda-nodejs): reuse posixShellEscape for Docker bundling file operation...
• e360dd9 feat(core): add external traces to ConstructError (#38131)
• 5619d43 Merge branch 'main' into merge-back/2.259.0
• 6bb9d75 fix(core): weak cross-stack references fail for list attributes (#37948)
• c77a08c feat(core): append external stack traces to metadata if available (#38124)
• 772eeba chore: update analytics metadata blueprints
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Coverage Report

Status	Category	Percentage	Covered / Total
🔵	Lines	36.77%	13434 / 36533
🔵	Statements	36.07%	14287 / 39609
🔵	Functions	31.2%	2285 / 7322
🔵	Branches	30.53%	8865 / 29037

Generated in workflow #3667 for commit 4486047 by the Vitest Coverage Report Action