Bump Amazon.CDK.Lib from 2.257.0 to 2.259.0

[dependabot]

Updated Amazon.CDK.Lib from 2.257.0 to 2.259.0.

Release notes

Sourced from Amazon.CDK.Lib's releases.

2.259.0

⚠ BREAKING CHANGES

• lambda: Runtime.NODEJS_LATEST now resolves to nodejs24.x in every region. Customers who pin to a concrete runtime (Runtime.NODEJS_22_X, useLatestRuntimeVersion: false in aws-lambda-nodejs.NodejsFunction) are unaffected. Existing AWS::Lambda::Function resources synthesized with NODEJS_LATEST will see Runtime: nodejs22.x → Runtime: nodejs24.x on next deploy. Lambda accepts runtime updates in place.

  Customer-code compatibility — IMPORTANT: Node.js 24 removes support for callback-style asynchronous handlers ((event, context, callback) => {...}) per the launch blog. Customers whose Lambda code still uses callback-based handlers will see runtime errors after the bump. Customers should migrate to async (event, context) => {...} or pin to Runtime.NODEJS_22_X explicitly.

Features

• core: recommend the use of weak references if no choice has been made (#​38070) (6e74e5e)
• ecs: add forceNewDeployment option for Fargate and EC2 services (#​36797) (3d9c4df), closes #​27762
• eks: use the recommended AL2023 instead of AL2 AMI type (under feature flag) (#​37850) (6a2dcb7), closes #​32211
• lambda: upgrade lambda and custom resource default runtime to nodejs24.x (#​38031) (36c84c6)

Bug Fixes

• spec2cdk: sanitize hyphens in EventBridge event namespace names (#​38088) (b8f41bf), closes 40aws-cdk/spec2cdk/lib/naming/conventions.ts#L195

Reverts

• "chore(bundling): check if docker image is cached before building" (#​38116) (359f2fb), closes aws/aws-cdk#​37951

---

Alpha modules (2.259.0-alpha.0)

2.258.1

Reverts

• "chore(bundling): check if docker image is cached before building" (#​38116) (8ec236c), closes aws/aws-cdk#​37951

---

Alpha modules (2.258.1-alpha.0)

2.258.0

⚠ BREAKING CHANGES

• ** L1 resources are automatically generated from public CloudFormation Resource Schemas. They are built to closely reflect the real state of CloudFormation. Sometimes these updates can contain changes that are incompatible with previous types, but more accurately reflect reality. In this release we have changed:

• aws-pcaconnectorad: AWS::PCAConnectorAD::ServicePrincipalName: ConnectorArn property is now required.
• aws-pcaconnectorad: AWS::PCAConnectorAD::ServicePrincipalName: DirectoryRegistrationArn property is now required.
• aws-pcaconnectorad: AWS::PCAConnectorAD::TemplateGroupAccessControlEntry: GroupSecurityIdentifier property is now required.
• aws-pcaconnectorad: AWS::PCAConnectorAD::TemplateGroupAccessControlEntry: TemplateArn property is now required.

Features

• core: trace property assignments in CfnResource.addPropertyOverride (#​38072) (a226372)
• update L1 CloudFormation resource definitions (#​37993) (664a878)
• aws-cdk-lib: emits performance counters if synthesis is slow (#​38004) (cb03794), closes #​37919 #​37843
• bedrockagentcore: expose default endpoint application log group on Runtime (#​37812) (8e25d78), closes #​37796
• core: add scope to IPolicyValidationContext (#​38006) (cae7456)
• core: allow validation plugins to create new files in cloud assembly (#​38007) (d9f38a9)
• core: fine-grained control over cross-stack reference strength (#​37840) (bddcd44)
• core: include suppressed violations in validation-report.json (#​38009) (f396892)
• core: new validation report schema (#​37970) (4e09b52), closes aws/aws-cdk-cli#​1515
• eks: add AlbControllerVersion support for v2.8.3 through v3.2.2 (#​37752) (20abc6a), closes #​37414
• eks: add deletionProtection property to Cluster construct (#​36474) (5b19ac5), closes #​36460
• elasticache: replace CacheEngine/UserEngine enums with enum-like classes (#​37816) (6ad84b3), closes #​37813

Bug Fixes

• autoscaling: use of ScheduledAction.endTime is dangerous (#​38014) (109fae7)
• aws-cdk-lib: make token resolution ~25% faster (#​37920) (87483dc)
• bedrockagentcore: relax allowlistedHeaders pattern to match CFN schema (#​37969) (e0d6c8a), closes #​37964
• cloudwatch: metric math validation reports quoted strings as unknown identifiers (#​37977) (59bae38)
• core: cross-region SSM writer orphans parameters when resource is replaced during stack update (#​38059) (f130388)
• core: handle string "false" for boolean context values in validation (#​37989) (a26ed73)
• integ-tests: responseURL logged in onTimeout (#​37972) (b9259dd)
• lambda-nodejs: bundling rejects entry paths containing ".." (#​38022) (a7cc53c), closes #​38017 #​37572 #​37572
• lambda-nodejs: perf counters e2e test uses incorrect filename (#​38033) (d88637f)

---

Alpha modules (2.258.0-alpha.0)

Features

• integ-tests-alpha: add option to set the provider log level (#​38005) (c634a79)

Bug Fixes

• custom-resource-handlers: deterministic asset hashes for generated lambdas (#​37634) (6c3d5bc), closes #​34307
• glue-alpha: deprecate Ray Jobs (#​38055) (3fa428b)
• glue-alpha: restore notifyDelayAfter to PySpark and Scala Spark ETL jobs (#​37815) (05be88a), closes #​33839
• integ-tests-alpha: assertion failures print too much unnecessary information (#​37974) (bc0de1d)
• mediapackagev2-alpha: cdnAuth on OriginEndpoint now generates the required policy (#​38013) (1d56b46)

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud