chore(release): 2.246.0 by aws-cdk-automation · Pull Request #37419 · aws/aws-cdk

aws-cdk-automation · 2026-03-31T07:05:40Z

- The section about Roles was not recommending reference interfaces yet; - The section about Imports was using outdated terminology (preferred terminology: "referenced resources") ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

### Issue N/A (self-discovered spelling errors) ### Reason for this change Several JSDoc comments contain spelling errors that could cause confusion when reading API documentation. ### Description of changes Fixed spelling errors in JSDoc comments across four modules: - `aws-apigateway/lib/integration.ts`: "acccount" → "account" - `aws-appsync/lib/schema.ts`: "defintion" → "definition" - `aws-events/lib/connection.ts`: "paramter" → "parameter" - `aws-lambda/lib/schema-registry.ts`: "recieve" → "receive" (3 occurrences) ### Description of how you validated changes Comment-only changes. No functional impact. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

### Issue # (if applicable) Closes #37347 ### Reason for this change The `FoundationModelIdentifier` class is missing identifiers for MiniMax and Zhipu AI (GLM) models that are available in Amazon Bedrock via `ListFoundationModels`. ### Description of changes Added all 6 missing model identifiers to `FoundationModelIdentifier`: | Model ID | Constant | |----------|----------| | `minimax.minimax-m2` | `MINIMAX_MINIMAX_M2` | | `minimax.minimax-m2.1` | `MINIMAX_MINIMAX_M2_1` | | `minimax.minimax-m2.5` | `MINIMAX_MINIMAX_M2_5` | | `zai.glm-4.7` | `ZAI_GLM_4_7` | | `zai.glm-4.7-flash` | `ZAI_GLM_4_7_FLASH` | | `zai.glm-5` | `ZAI_GLM_5` | ### Description of how you validated changes These are purely additive static readonly fields — no logic changes. Each identifier maps directly to a model ID returned by the Bedrock `ListFoundationModels` API. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

See [CHANGELOG](https://github.com/aws/aws-cdk/blob/merge-back/2.245.0/CHANGELOG.md)

### Reason for this change Changelog did not label s3tables commits as part of alpha packages ### Description of changes Correct labels for s3tables-alpha to include `s3tables` and `s3table`. ### Describe any new or updated permissions being added No new permissions added ### Description of how you validated changes Not validated locally, this is a CI change. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…cipal (#37335) ### Issue # (if applicable) Closes #37273. ### Reason for this change After v2.222.0, calling `table.grantReadWriteData(new ServicePrincipal(...))` started generating DynamoDB resource-based policies containing service principals. This is a regression caused by the combination of [#35554](#35554) (which fixed `addToResourcePolicy` to actually take effect) and [#35817](#35817) (which enabled the grant framework to automatically discover DynamoDB resource policies). Previously, `addToResourcePolicy` was a no-op, so the grant silently did nothing. For unsupported service principals (e.g. `myservice.amazonaws.com`), this produces an invalid resource policy that fails at CloudFormation deploy time with: *"Invalid policy document: Policy contains invalid service principal"*. However, DynamoDB does support [specific service principals](#37273 (comment)) in resource policies: - `redshift.amazonaws.com` — [Redshift zero-ETL integration](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/RedshiftforDynamoDB-zero-etl.html) - `replication.dynamodb.amazonaws.com` — [Multi-account global tables](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/globaltables_MA_security.html) - `glue.amazonaws.com` — [SageMaker Lakehouse zero-ETL via AWS Glue](https://docs.aws.amazon.com/glue/latest/dg/zero-etl-sources.html#zero-etl-config-source-dynamodb) ### Description of changes 1. **Throw `ValidationError` for unsupported service principals** — Grant methods (`grant`, `grantReadData`, `grantWriteData`, `grantReadWriteData`, `grantFullAccess`) on both `Table` and `TableV2` now detect `ServicePrincipal` grantees and throw a `ValidationError` at synth time, directing users to `table.addToResourcePolicy()` instead. This fails fast rather than producing an invalid template that fails at deploy time. 2. **Allowlist known-valid service principals** — Added `KNOWN_DYNAMODB_SERVICE_PRINCIPALS` allowlist in `private/principal-utils.ts` containing the three documented service principals. The new `isUnsupportedServicePrincipal()` function walks the principal wrapper chain (handling `PrincipalWithConditions`, `SessionTagsPrincipal`, etc.) to extract the service name and check it against the allowlist. Allowlisted principals pass through `grant*` methods normally. 3. **Integration test** — Added `integ.dynamodb.grant-service-principal` verifying the three allowlisted principals produce correct resource policies in the synthesized CloudFormation template. ### Describe any new or updated permissions being added No new or updated IAM permissions. This change prevents invalid IAM resource policy statements from being generated for unsupported service principals, while allowing valid ones through. ### Description of how you validated changes - Unit tests: `dynamodb.test.ts` (186 passing), `table-v2.test.ts` (135 passing) - Unsupported principals (`bedrock.amazonaws.com`, `lambda.amazonaws.com`) throw `ValidationError` - Allowlisted principals (`redshift`, `replication.dynamodb`, `glue`) succeed - Wrapped principals (via `.withConditions()`) handled correctly for both cases - Integration test: `integ.dynamodb.grant-service-principal` deployed successfully with snapshot containing resource policy statements for all three allowlisted principals ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

### Reason for this change Fix various misspellings in JSDoc comments and code comments. ### Description of changes - `Wether` → `Whether` (aws-servicecatalog) - `reqeust` → `request` (aws-elasticloadbalancingv2) - `notifyOnPullRequstCreated` → `notifyOnPullRequestCreated` (aws-codecommit) - `permisions` → `permissions` (aws-cloudtrail) - `guarentee` → `guarantee` (core) ### Description of how you validated changes Comment-only changes. No functional impact. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

### Reason for this change Several `@see` and `@link` annotations in alpha packages reference AWS documentation using `http://` instead of `https://`. ### Description of changes Replace `http://docs.aws.amazon.com` with `https://docs.aws.amazon.com` across 10 source files in the following alpha packages: - aws-bedrock-alpha - aws-ec2-alpha - aws-pipes-alpha - aws-pipes-sources-alpha - aws-pipes-targets-alpha - aws-s3tables-alpha ### Description of how you validated changes Comment/annotation-only changes. No functional impact. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

### Issue N/A (self-discovered) ### Reason for this change The abbreviation "e.g." (Latin: *exempli gratia*) should include periods. The codebase consistently uses "e.g." but has a few instances of "eg." without periods. ### Description of changes - `aws-cloudwatch/lib/dashboard.ts`: "eg." → "e.g." in JSDoc comment - `aws-cloudwatch/README.md`: "eg." → "e.g." ### Description of how you validated changes Comment and documentation-only changes. No functional impact. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

### Issue N/A (self-discovered spelling inconsistency) ### Reason for this change The CDK codebase consistently uses American English "dependent" (1000+ occurrences) but has 3 instances of British English "dependant". This PR aligns them. ### Description of changes - `triggers/lib/trigger.ts`: "dependants" → "dependents" - `aws-eks/README.md`: "dependant" → "dependent" - `aws-eks-v2/README.md`: "dependant" → "dependent" ### Description of how you validated changes Comment and documentation-only changes. No functional impact. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

### Issue N/A (self-discovered grammar errors) ### Reason for this change Several README files incorrectly use "it's" (contraction of "it is") where "its" (possessive form) is intended. ### Description of changes - `aws-chatbot/README.md`: "it's expiration" → "its expiration" - `aws-rds/README.md`: "it's utilization" → "its utilization" - `custom-resources/README.md`: "it's value" → "its value", "it's last state" → "its last state" ### Description of how you validated changes Documentation-only changes. No functional impact. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

### Issue N/A (self-discovered typos) ### Reason for this change Several README files contain spelling errors. ### Description of changes - `aws-eks-v2/README.md`: "serivceToken" → "serviceToken" - `aws-events/README.md`: "wether" → "whether" - `aws-route53-targets/README.md`: "avaiable" → "available" - `cx-api/README.md`: "unsecure connnections" → "insecure connections" ### Description of how you validated changes Documentation-only changes. No functional impact. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

### Issue N/A (self-discovered grammar errors) ### Reason for this change Several JSDoc comments incorrectly use "it's" (contraction of "it is") where "its" (possessive form) is intended. ### Description of changes Fixed "it's" → "its" in possessive contexts across 7 files: - `aws-apigateway`: "calculating it's hash" → "calculating its hash" (3 files) - `aws-s3`: "bucket and it's contents" → "bucket and its contents" (2 files, 6 occurrences) - `core/lib/stack.ts`: "reference to it's parent" → "reference to its parent" - `cx-api/lib/cxapi.ts`: "Despite it's name" → "Despite its name" ### Description of how you validated changes Comment-only changes. No functional impact. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

### Reason for this change Fix a duplicate word typo and replace `http://` with `https://` for AWS links in README files. ### Description of changes - `the the` → `the` (aws-ec2-alpha README) - `http://aws.amazon.com/iam/` → `https://` (aws-cognito-identitypool README) - `http://aws.amazon.com/cloudwatch/pricing/` → `https://` (aws-ec2 README) - `http://docs.aws.amazon.com/mediaconvert/` → `https://` (aws-stepfunctions-tasks README) ### Description of how you validated changes Documentation-only changes. No functional impact. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

### Reason for this change Fix repeated words in README files that serve as the official documentation landing pages. ### Description of changes - `a a` → `a` (aws-cognito-identitypool) - `the the` → `the` (aws-cognito, aws-ec2, aws-stepfunctions) - `of of` → `of` (aws-ec2) - `at at` → `at` (aws-ecr) ### Description of how you validated changes Documentation-only changes. No functional impact. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

### Issue N/A (self-discovered typos) ### Reason for this change Two typos in the cx-api README feature flag documentation. ### Description of changes - "aws-lambda-nodejse" → "aws-lambda-nodejs" - "environemnt" → "environment" ### Description of how you validated changes Documentation-only changes. No functional impact. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

### Reason for this change Fix various misspellings in JSDoc comments and code comments. ### Description of changes - `paramter` → `parameter` (aws-events) - `recieve` → `receive` (aws-lambda, 3 occurrences) - `distribtuion` → `distribution` (aws-s3-deployment) - `taskdefintion` → `task definition` (aws-ecs) - `defintion` → `definition` (aws-appsync) - `adresses` → `addresses` (aws-eks, aws-eks-v2, 4 occurrences) ### Description of how you validated changes Comment-only changes. No functional impact. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

… handlers (#37362) ### Reason for this change Fix repeated words (stuttering typos) in comments across alpha packages and custom resource handlers. ### Description of changes - `the the` → `the` (4 occurrences in app-staging-synthesizer-alpha, integ-tests-alpha, custom-resource-handlers) - `an an` → `an` (1 occurrence in custom-resource-handlers) ### Description of how you validated changes Comment-only changes. No functional impact. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

### Reason for this change TSLint has been replaced by ESLint in this project. A few leftover `tslint:disable` comments remain in the source code and serve no purpose. ### Description of changes Remove 3 obsolete tslint disable comments from: - `packages/aws-cdk-lib/aws-ec2/lib/vpc.ts` — `tslint:disable-next-line: max-line-length` - `packages/aws-cdk-lib/aws-ecs/lib/cluster.ts` — `tslint:disable-next-line: max-line-length` - `packages/@aws-cdk/aws-ec2-alpha/lib/util.ts` — `tslint:disable:no-bitwise` ### Description of how you validated changes Comment-only changes. No functional impact. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

### Reason for this change Fix repeated words (stuttering typos) in JSDoc comments and code comments across multiple packages. ### Description of changes - `the the` → `the` (6 occurrences) - `of of` → `of` - `be be` → `be` - `is is` → `is` - `to to` → `to` ### Description of how you validated changes Comment-only changes. No functional impact. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

### Reason for this change Several `@see` and `@link` annotations in source code reference AWS documentation using `http://` instead of `https://`. AWS documentation fully supports HTTPS and all HTTP requests are redirected anyway. ### Description of changes Replace `http://docs.aws.amazon.com` with `https://docs.aws.amazon.com` across 21 source files in the following packages: - aws-apigateway - aws-apigatewayv2 - aws-codebuild - aws-dynamodb - aws-ec2 - aws-efs - aws-eks - aws-events - aws-fsx - aws-iam - aws-kinesisfirehose - aws-ses - core ### Description of how you validated changes Comment/annotation-only changes. No functional impact. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

…update (#37411) Bumps the npm_and_yarn group with 1 update in the /packages/@aws-cdk-testing/framework-integ/test/aws-route53-targets/test/integ.elastic-beanstalk-environment-target-assets directory: [path-to-regexp](https://github.com/pillarjs/path-to-regexp). Bumps the npm_and_yarn group with 1 update in the /packages/@aws-cdk-testing/framework-integ/test/aws-route53-targets/test/integ.elastic-beanstalk-environment-target.js.snapshot/asset.fdbbabeab76a41188fbdf182a8c09848a1ea72525524d7bc2c373c6e1eb2c1c4.elastic-beanstalk-environment-target-assets directory: [path-to-regexp](https://github.com/pillarjs/path-to-regexp). Updates `path-to-regexp` from 0.1.12 to 0.1.13 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pillarjs/path-to-regexp/releases">path-to-regexp's releases</a>.</em></p> <blockquote> <h2>0.1.13</h2> <h2>Important</h2> <ul> <li>Fix <a href="https://www.cve.org/CVERecord?id=CVE-2026-4867">CVE-2026-4867</a> (<a href="https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-37ch-88jc-xwx2">GHSA-37ch-88jc-xwx2</a>)</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13">https://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pillarjs/path-to-regexp/blob/v.0.1.13/History.md">path-to-regexp's changelog</a>.</em></p> <blockquote> <h1>0.1.13 / 2026-03-26</h1> <ul> <li>Fix <a href="https://www.cve.org/CVERecord?id=CVE-2026-4867">CVE-2026-4867</a> (<a href="https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-37ch-88jc-xwx2">GHSA-37ch-88jc-xwx2</a>)</li> </ul> <h1>0.1.7 / 2015-07-28</h1> <ul> <li>Fixed regression with escaped round brackets and matching groups.</li> </ul> <h1>0.1.6 / 2015-06-19</h1> <ul> <li>Replace <code>index</code> feature by outputting all parameters, unnamed and named.</li> </ul> <h1>0.1.5 / 2015-05-08</h1> <ul> <li>Add an index property for position in match result.</li> </ul> <h1>0.1.4 / 2015-03-05</h1> <ul> <li>Add license information</li> </ul> <h1>0.1.3 / 2014-07-06</h1> <ul> <li>Better array support</li> <li>Improved support for trailing slash in non-ending mode</li> </ul> <h1>0.1.0 / 2014-03-06</h1> <ul> <li>add options.end</li> </ul> <h1>0.0.2 / 2013-02-10</h1> <ul> <li>Update to match current express</li> <li>add .license property to component.json</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pillarjs/path-to-regexp/commit/9fd0c879f232c2464591f56dd7c7edad7f45b4e0"><code>9fd0c87</code></a> 0.1.13 (<a href="https://redirect.github.com/pillarjs/path-to-regexp/issues/425">#425</a>)</li> <li><a href="https://github.com/pillarjs/path-to-regexp/commit/7ccf02cee33402f06ed2125085992ee9cd3a7c45"><code>7ccf02c</code></a> fix: CVE-2026-4867</li> <li>See full diff in <a href="https://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~ulisesgascon">ulisesgascon</a>, a new releaser for path-to-regexp since your current version.</p> </details> <br /> Updates `path-to-regexp` from 0.1.12 to 0.1.13 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pillarjs/path-to-regexp/releases">path-to-regexp's releases</a>.</em></p> <blockquote> <h2>0.1.13</h2> <h2>Important</h2> <ul> <li>Fix <a href="https://www.cve.org/CVERecord?id=CVE-2026-4867">CVE-2026-4867</a> (<a href="https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-37ch-88jc-xwx2">GHSA-37ch-88jc-xwx2</a>)</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13">https://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pillarjs/path-to-regexp/blob/v.0.1.13/History.md">path-to-regexp's changelog</a>.</em></p> <blockquote> <h1>0.1.13 / 2026-03-26</h1> <ul> <li>Fix <a href="https://www.cve.org/CVERecord?id=CVE-2026-4867">CVE-2026-4867</a> (<a href="https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-37ch-88jc-xwx2">GHSA-37ch-88jc-xwx2</a>)</li> </ul> <h1>0.1.7 / 2015-07-28</h1> <ul> <li>Fixed regression with escaped round brackets and matching groups.</li> </ul> <h1>0.1.6 / 2015-06-19</h1> <ul> <li>Replace <code>index</code> feature by outputting all parameters, unnamed and named.</li> </ul> <h1>0.1.5 / 2015-05-08</h1> <ul> <li>Add an index property for position in match result.</li> </ul> <h1>0.1.4 / 2015-03-05</h1> <ul> <li>Add license information</li> </ul> <h1>0.1.3 / 2014-07-06</h1> <ul> <li>Better array support</li> <li>Improved support for trailing slash in non-ending mode</li> </ul> <h1>0.1.0 / 2014-03-06</h1> <ul> <li>add options.end</li> </ul> <h1>0.0.2 / 2013-02-10</h1> <ul> <li>Update to match current express</li> <li>add .license property to component.json</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pillarjs/path-to-regexp/commit/9fd0c879f232c2464591f56dd7c7edad7f45b4e0"><code>9fd0c87</code></a> 0.1.13 (<a href="https://redirect.github.com/pillarjs/path-to-regexp/issues/425">#425</a>)</li> <li><a href="https://github.com/pillarjs/path-to-regexp/commit/7ccf02cee33402f06ed2125085992ee9cd3a7c45"><code>7ccf02c</code></a> fix: CVE-2026-4867</li> <li>See full diff in <a href="https://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~ulisesgascon">ulisesgascon</a>, a new releaser for path-to-regexp since your current version.</p> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/aws/aws-cdk/network/alerts). </details>

### Issue Closes #37387 ### Reason for this change CDK 2.245.0 introduced direct `spawnSync` for local bundling ([9bf4263](9bf4263)). On Windows with Node 22+, `spawnSync npx.cmd` fails with `EINVAL` because Node's spawn implementation on Windows cannot resolve `.cmd` shims through the direct spawn path. ### Description of changes For `spawn` steps on `win32`, route the command through `powershell.exe -NoProfile -Command` instead of calling the executable directly. Shell steps (`cmd /c`) remain unchanged. ### Description of how you validated changes - Reproduced the original EINVAL error on a Windows EC2 instance - Applied the fix and confirmed bundling succeeds as integ tests `aws-lambda-nodejs\test\integ.compilations.ts` and `aws-lambda-nodejs\test\integ.function.ts` - Added unit tests: - `Local bundling on Windows uses powershell for spawn steps` — verifies esbuild invocation goes through powershell with properly escaped args - `Local bundling on Windows uses cmd for shell steps` — verifies shell hooks still use `cmd` while spawn steps use powershell ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) - [x] Is this fix a breaking change? No --- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…37415) Reverts #37285 Closes #37407

Add noisy deprecation warning fix

mergify · 2026-03-31T07:59:43Z

Thank you for contributing! Your pull request will be automatically updated and merged without squashing (do not update manually, and be sure to allow changes to be pushed to your fork).

mergify · 2026-03-31T07:59:47Z

github-actions · 2026-03-31T08:00:06Z

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.

rix0rrr and others added 27 commits March 27, 2026 11:20

Merge branch 'main' into merge-back/2.245.0

bf7816f

chore(merge-back): 2.245.0 (#37382)

d2af60f

See [CHANGELOG](https://github.com/aws/aws-cdk/blob/merge-back/2.245.0/CHANGELOG.md)

revert(core): add source tracing for L1 construct property mutations (#…

4fd0002

…37415) Reverts #37285 Closes #37407

chore(release): 2.246.0

ae04658

aws-cdk-automation requested a review from a team as a code owner March 31, 2026 07:05

aws-cdk-automation added auto-approve pr/no-squash This PR should be merged instead of squash-merging it labels Mar 31, 2026

aws-cdk-automation temporarily deployed to automation March 31, 2026 07:05 — with GitHub Actions Inactive

github-actions bot added the p2 label Mar 31, 2026

aws-cdk-automation requested a review from a team March 31, 2026 07:05

github-actions bot approved these changes Mar 31, 2026

View reviewed changes

aws-cdk-automation temporarily deployed to automation March 31, 2026 07:05 — with GitHub Actions Inactive

aws-cdk-automation and others added 2 commits March 31, 2026 07:08

chore: update analytics metadata blueprints

2d5b667

Update CHANGELOG.v2.md

a1899f1

Add noisy deprecation warning fix

Abogical temporarily deployed to automation March 31, 2026 07:15 — with GitHub Actions Inactive

Abogical temporarily deployed to automation March 31, 2026 07:16 — with GitHub Actions Inactive

mergify bot merged commit 96da2a9 into v2-release Mar 31, 2026
19 of 20 checks passed

mergify bot deleted the bump/2.246.0 branch March 31, 2026 07:59

github-actions bot locked as resolved and limited conversation to collaborators Mar 31, 2026

aws-cdk-automation added the pr/needs-community-review This PR needs a review from a Trusted Community Member or Core Team Member. label Mar 31, 2026

aws-cdk-automation temporarily deployed to automation March 31, 2026 08:01 — with GitHub Actions Inactive

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(release): 2.246.0#37419

chore(release): 2.246.0#37419
mergify[bot] merged 29 commits intov2-releasefrom
bump/2.246.0

aws-cdk-automation commented Mar 31, 2026 •

edited

Loading

Uh oh!

mergify bot commented Mar 31, 2026

Uh oh!

mergify bot commented Mar 31, 2026 •

edited

Loading

Uh oh!

Uh oh!

github-actions bot commented Mar 31, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

7 participants

Conversation

aws-cdk-automation commented Mar 31, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

mergify bot commented Mar 31, 2026

Uh oh!

mergify bot commented Mar 31, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Merge Queue Status

Uh oh!

Uh oh!

github-actions bot commented Mar 31, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

7 participants

aws-cdk-automation commented Mar 31, 2026 •

edited

Loading

mergify bot commented Mar 31, 2026 •

edited

Loading