[Snyk] Upgrade aws-cdk-lib from 2.165.0 to 2.230.0 by ataibarkai · Pull Request #2906 · CopilotKit/CopilotKit

ataibarkai · 2025-12-20T10:27:29Z

Snyk has created this PR to upgrade aws-cdk-lib from 2.165.0 to 2.230.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 87 versions ahead of your current version.
The recommended version was released 24 days ago.

Issues fixed by the recommended upgrade:

Issue	Score	Exploit Maturity
Insertion of Sensitive Information into Log File SNYK-JS-AWSCDKLIB-9576209	314	No Known Exploit
Incorrect Default Permissions SNYK-JS-AWSCDKLIB-9511702	314	No Known Exploit
Improper Verification of Cryptographic Signature SNYK-JS-AWSCDKLIB-8647962	314	No Known Exploit

Release notes

Package name: aws-cdk-lib

2.230.0 - 2025-11-26
Features
- apigateway: support response streaming with response transfer mode (#36155) (f431021), closes #36156
- update L1 CloudFormation resource definitions (f203b8e)
- update L1 CloudFormation resource definitions (#36193) (d074024)
- events: the L2 EventPattern interfaces can be used with CfnRule (#36191) (efc135e)
- update L1 CloudFormation resource definitions (#36180) (5cddd7e)
Bug Fixes
- ecs: wrong ARN generated in Cluster.grantTaskProtection method (#36207) (9b337df)
- ecs-patterns: target group ID changes without setting feature flag (#36199) (b7ca082), closes #36149
- scheduler: wrong ARN generated in ScheduleGroup.grant* methods (#36175) (eae8838)
Alpha modules (2.230.0-alpha.0)

Features
- bedrock-agentcore-alpha: update resources on grantInvokeXXX for runtime (#35864) (5dad62f)
- imagebuilder-alpha: add support for Image Pipeline Construct (#36153) (d8c324a), closes aws/aws-cdk-rfcs#789 aws/aws-cdk-rfcs#789
- imagebuilder-alpha: add support for Lifecycle Policy Construct (#36152) (7e31eb6), closes aws/aws-cdk-rfcs#789 aws/aws-cdk-rfcs#789
- mixins-preview: adds LogDelivery Mixins for 47 resources (#36158) (6607ce9)
- mixins-preview: vended log deliveries (#36138) (69442a8)
- mixins-preview: helpers to generate EventBridge event patterns for 26 services (#36121) (073185d)
Bug Fixes
- mixins-preview: AutoDeleteObjects mixin fails with cannot find file error (#36188) (3ef337d), closes aws-cdk/mixins-preview/lib/custom-resource-handlers/aws-s3/auto-delete-objects-provider.ts#L21
- mixins-preview: ResourcePolicy with this name already exists error when setting up LogDelivery (#36195) (f9aa31d)
- mixins-preview: cannot use string literal types for S3LogsDeliveryProps.permissionsVersion (#36197) (cc491df)
2.229.1 - 2025-11-25
Bug Fixes
- scheduler: wrong ARN generated in ScheduleGroup.grant* methods (#36175) (ca9fbdd)
Alpha modules (2.229.1-alpha.0)
2.229.0 - 2025-11-24
Features
- agentcore: add new properties for runtime, browser (#36003) (439495f)
- route53: add HostedZoneGrants (#36109) (d24305c)
Bug Fixes
- stepfunctions: allow multiline jsonata strings (#35985) (8805e13), closes #35912 #35912
Alpha modules (2.229.0-alpha.0)

Features
- imagebuilder-alpha: add support for Container Recipe Construct (#36091) (875e0e7), closes aws/aws-cdk-rfcs#789 aws/aws-cdk-rfcs#789
- imagebuilder-alpha: add support for Image Recipe Construct (#36092) (4361f8b), closes aws/aws-cdk-rfcs#789 aws/aws-cdk-rfcs#789
- imagebuilder-alpha: add support for Workflow Construct (#36007) (616d32a), closes aws/aws-cdk-rfcs#789 aws/aws-cdk-rfcs#789
- mixins-preview: developer preview of CDK Mixins (#36136) (0c6ee1d)
Bug Fixes
- bedrock-agentcore-alpha: empty submodule accidentally exposed and runtime validation fix (#36148) (72d3e6f)
2.228.0 - 2025-11-24
Features
- lambda: add new lambda/kafka esm properties and on failure desitination (65f9c35)
Bug Fixes
- cloudformation-include: TypeError when including template with intrinsic functions (#36157) (f2a384b), closes #36140 #35838
Alpha modules (2.228.0-alpha.0)
2.227.0 - 2025-11-21
CHANGES TO L1 RESOURCES: L1 resources are automatically generated from public CloudFormation Resource Schemas. They are built to closely reflect the real state of CloudFormation. Sometimes these updates can contain changes that are incompatible with previous types, but more accurately reflect reality. In this release we have changed:
- aws-backup: AWS::Backup::LogicallyAirGappedBackupVault: EncryptionKeyArn attribute removed.
Features
- stepfunctions: add StateMachineGrants (#36094) (59ef00d)
- update L1 CloudFormation resource definitions (#36122) (51d805e)
- core: cfn constructs (L1s) can now accept constructs as parameters for known resource relationships (#35838) (6be7b4b)
- factory methods for Grants made public (#36123) (f9a894f)
- dynamodb: add TableGrants and StreamGrants (#36093) (d0b074a)
- rds: support instance and iam-db-auth-error CloudWatch log exports (#35058) (e71a8b1), closes #35018
- s3: add BucketGrants (#36102) (5891172)
- grants are now available through a separate class (#35782) (21fd959)
Alpha modules (2.227.0-alpha.0)

Features
- bedrock-agentcore-alpha: agentcore gateway L2 construct (#35771) (07c4a0d)
- imagebuilder-alpha: add support for Component Construct (#36107) (93a76e4), closes #36006 #36104
- imagebuilder-alpha: add support for Distribution Configuration Construct (#36108) (6051039), closes #36005
Bug Fixes
- bedrock-agentcore-alpha: fix unexpected validation error when properties are Token (#35978) (084b736)
2.226.0 - 2025-11-20
Features
- dynamodb: compound keys for global secondary indexes (046b06d)
- lambda: add multi-tenancy support with TenancyConfig (5f384db)
Alpha modules (2.226.0-alpha.0)
2.225.0 - 2025-11-17
⚠ BREAKING CHANGES
- ** L1 resources are automatically generated from public CloudFormation Resource Schemas. They are built to closely reflect the real state of CloudFormation. Sometimes these updates can contain changes that are incompatible with previous types, but more accurately reflect reality. In this release we have changed:
  - aws-dynamodb: AWS::DynamoDB::GlobalTable: ResourcePolicy property is now required.
Features
- update L1 CloudFormation resource definitions (#36082) (3df1d81)
- custom-resource: add External ID support for AwsCustomResource (#35252) (9f6c02b), closes #34018
- route53: support restricting delegated zone names when using grantDelegation (#35129) (d832aca)
Bug Fixes
- aws-cdk-lib: temporary Cloud Assemblies are not cleaned up (#36043) (1ace1ef), closes #802
- cognito: remove overly strict validation for threat protection on non-PLUS plans (#36027) (172c65f), closes #36023
- s3-deployment: Source.jsonData() fails with null JSON values (#36054) (67b85f2), closes #36052
Reverts
- (dynamodb) revert Table.table field to private to fix .NET naming (#36029) (d84fce8), closes #36025 #35554
Alpha modules (2.225.0-alpha.0)
2.224.0 - 2025-11-13
⚠ BREAKING CHANGES
- aws-cdk-lib: Reference interfaces (such as IBucketRef, IRoleRef, etc.) were moved to a new aws-cdk-lib.interfaces submodule to prevent cyclic dependencies between service modules. If you are importing reference interfaces, you have to update import statements accordingly. See #36060 for full details.
- Amazon.CDK.Lib (.NET): The .NET namespace for multiple submodules has changed. If you are using any of the renamed submodules, you have to update using statements for these submodules. See #36037 for full details.
- L1 resources are automatically generated from public CloudFormation Resource Schemas. They are built to closely reflect the real state of CloudFormation. Sometimes these updates can contain changes that are incompatible with previous types, but more accurately reflect reality. In this release we have changed:
aws-opensearchserverless: AWS::OpenSearchServerless::Collection: StandbyReplicas property is now immutable.
aws-servicecatalog: AWS::ServiceCatalog::PortfolioPrincipalAssociation: Id attribute removed.

Features
- apigateway: add option for consolidating lambda permissions for rest and http lambda integrations (#36021) (35f8e46), closes #9327 #19535 #35705
- update L1 CloudFormation resource definitions (#35994) (47a9a20)
- core: add methods to SecretValue and aws-secretsmanager Secret to obtain a literal (unresolved by CloudFormation) dynamic reference key (#34397) (#35105) (457aa99), closes /github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/core/lib/secret-value.ts#L98C17-L98C31 /github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/aws-secretsmanager/lib/secret.ts#L499
- eks: add support for Kubernetes version 1.34 (#36016) (60096ac), closes #35717
- lambda: add nodejs24.x runtime for Lambda (#36001) (404bf1a)
- sagemaker: add support for serverless inference endpoints (#35557) (3f5c5ac), closes #23148 #23148
- stepfunctions-tasks: add architecture support to EvaluateExpression (#35468) (771ea13), closes #34974
Bug Fixes
- aws-cdk-lib: move reference interfaces to their own submodules (#35971) (1e4dfe6)
- aws-cdk-lib: multiple submodules use an incorrect namespace for .NET (#36002) (e48e584)
- dynamodb: resolve circular dependency with AccountRootPrincipal grants (#35983) (24d2adf), closes #35967
- ecs: allow empty placementStrategies on EC2Service (#35580) (0d773b1), closes #30382 /github.com/aws/aws-cdk/pull/27572#issuecomment-1766287866
Alpha modules (2.224.0-alpha.0)

Features
- imagebuilder-alpha: add support for EC2 Image Builder L2 Constructs - Infrastructure Configuration (#35882) (db1d964), closes aws/aws-cdk-rfcs#789 aws/aws-cdk-rfcs#789
2.223.0 - 2025-11-10
⚠ BREAKING CHANGES

L1 resources are automatically generated from public CloudFormation Resource Schemas. They are built to closely reflect the real state of CloudFormation. Sometimes these updates can contain changes that are incompatible with previous types, but more accurately reflect reality. In this release we have changed:
- aws-dynamodb: AWS::DynamoDB::GlobalTable: GlobalTableSettingsReplicationMode property removed.
- aws-dynamodb: AWS::DynamoDB::GlobalTable: GlobalTableSourceArn property removed.
- aws-dynamodb: AWS::DynamoDB::Table: GlobalTableSettingsReplicationMode property removed.
- aws-events: AWS::Events::EventBusPolicy: Id attribute removed.
Features
- update L1 CloudFormation resource definitions (#35926) (3f4d585)
- ec2: support for Cloud Wan Core Network routes (#35008) (fba027b)
- s3-deployment: support securityGroups in BucketDeploymentProps (#33233) (f2a3166), closes #33229
Bug Fixes
- stepfunctions: DistributedMap ResultWriter correct query language selection (#35834) (75b8ead), closes #35403
- onEvent function to pass all the options to rule resource (#35829) (3d7023d)
Alpha modules (2.223.0-alpha.0)
2.222.0 - 2025-11-04
⚠ BREAKING CHANGES
- bedrock-agentcore: The signature of RuntimeAuthorizerConfiguration.usingCognito() has changed to accept IUserPool and IUserPoolClient constructs instead of string parameters, and now supports multiple clients.
Features
- apigateway: add binaryMediaTypes property to SpecRestApi (#35502) (bf10d94), closes #35498
- apigatewayv2: WebSocketStage support accessLogSettings (#34766) (dad112e), closes #21935
- bedrock-agentcore: use IUserPool and IUserPoolClient interfaces instead of string identifiers (#35860) (a38afc9), closes #35854
- core: IEnvironmentAware interface to retrieve a construct's environment (#35817) (8ee5d4b)
- elasticloadbalancingv2: create security group settings for NLB by default (under feature flag) (#34675) (ff83cfd), closes #34606 /github.com/aws/aws-cdk/issues/34606#issuecomment-2931313249
- events-targets: support Amazon Data Firehose target using Firehose's IDeliveryStream (#33798) (a374b6b), closes #33757 #33758
- kinesisfirehose: add built-in data processors to decompress CloudWatch logs and extract messages (#33749) (5dec21e), closes #33691 #20242 /github.com/aws/aws-cdk/issues/33691#issuecomment-2713012245
- lambda: add Java25 runtime for Lambda (#35867) (db71fac)
- lambda: add Python 3.14 runtime for Lambda (#35869) (ebef303)
- memory: add agentcore memory l2 construct (#35757) (6a2e17e)
- msk: support Express brokers (#34741) (0a69e5f), closes #32923
Bug Fixes
- agentcore: addToRolePolicy for runtime with imported role destroys and recreates policies on every deployment (#35842) (92525e4), closes #35844 40aws-cdk/aws-bedrock-agentcore-alpha/agentcore/runtime/runtime-base.ts#L253
- agentcore: custom execution role policy for runtime lacks proper permissions (#35849) (ee94b63), closes #35852 40aws-cdk/aws-bedrock-agentcore-alpha/agentcore/runtime/runtime-artifact.ts#L65 40aws-cdk/aws-bedrock-agentcore-alpha/agentcore/runtime/runtime.ts#L252-L259 /github.com/aws/aws-cdk/blob/v2.221.0/packages/aws-cdk-lib/aws-codepipeline/lib/pipeline.ts#L693 /github.com/aws/aws-cdk/blob/v2.221.0/packages/aws-cdk-lib/aws-lambda/lib/function.ts#L1468 /github.com/aws/aws-cdk/blob/v2.221.0/packages/aws-cdk-lib/aws-ecs/lib/base/base-service.ts#L1161
- dynamodb: addToResourcePolicy has no effect (#35554) (94d7e34), closes #35062
- ecs: remove empty CfnClusterCapacityProviderAssociations resource (#35783) (c8a131b), closes #35699 #35742
- iam: cannot grant lambda:InvokeFunction on ManagedPolicy or Policy via grantInvoke() method (#32984) (a07d75a), closes #32980 /github.com/aws/aws-cdk/pull/32984#pullrequestreview-2863553504
- compilation failure in Go (#35871) (5e4f603), closes aws/aws-cdk#35770 #35862
- ec2: remove PassRole policy emitted by cloudwatch vpc flow destination (#35762) (c4b80df), closes #35729
Alpha modules (2.222.0-alpha.0)

Features
- eks-v2-alpha: eks-v2-alpha is now in developer preview (#35801) (32afc0f)
Bug Fixes
- bedrock-alpha: apply permission dependency to existing and non-existing roles (#35123) (b39ccf3), closes #35120
- eks-v2-alpha: remove hyphen from Go package name (#35927) (2cdfc8a)
2.221.1 - 2025-10-29
2.221.0 - 2025-10-24
2.220.0 - 2025-10-14
2.219.0 - 2025-10-01
2.218.0 - 2025-09-29
2.217.0 - 2025-09-25
2.216.0 - 2025-09-22
2.215.0 - 2025-09-15
2.214.1 - 2025-10-03
2.214.0 - 2025-09-02
2.213.0 - 2025-08-28
2.212.0 - 2025-08-20
2.211.0 - 2025-08-13
2.210.0 - 2025-08-06
2.209.1 - 2025-08-06
2.209.0 - 2025-08-05
2.208.0 - 2025-07-29
2.207.0 - 2025-07-24
2.206.0 - 2025-07-16
2.205.0 - 2025-07-15
2.204.0 - 2025-07-04
2.203.1 - 2025-07-02
2.203.0 - 2025-07-01
2.202.0 - 2025-06-20
2.201.0 - 2025-06-13
2.200.2 - 2025-06-12
2.200.1 - 2025-06-03
2.200.0 - 2025-06-02
2.199.0 - 2025-05-27
2.198.0 - 2025-05-23
2.197.0 - 2025-05-21
2.196.1 - 2025-05-19
2.196.0 - 2025-05-16
2.195.0 - 2025-05-07
2.194.0 - 2025-05-02
2.193.0 - 2025-04-30
2.192.0 - 2025-04-25
2.191.0 - 2025-04-23
2.190.0 - 2025-04-17
2.189.1 - 2025-04-14
2.189.0 - 2025-04-09
2.188.0 - 2025-04-04
2.187.0 - 2025-03-31
2.186.0 - 2025-03-27
2.185.0 - 2025-03-19
2.184.1 - 2025-03-14
2.184.0 - 2025-03-13
2.183.0 - 2025-03-12
2.182.0 - 2025-03-05
2.181.1 - 2025-02-28
2.181.0 - 2025-02-26
2.180.0 - 2025-02-21
2.179.0 - 2025-02-18
2.178.2 - 2025-02-12
2.178.1 - 2025-02-07
2.178.0 - 2025-02-06
2.177.0 - 2025-01-25
2.176.0 - 2025-01-15
2.175.1 - 2025-01-11
2.175.0 - 2025-01-10
2.174.1 - 2025-01-07
2.174.0 - 2025-01-04
2.173.4 - 2024-12-27
2.173.3 - 2024-12-26
2.173.2 - 2024-12-18
2.173.1 - 2024-12-14
2.173.0 - 2024-12-12
2.172.0 - 2024-12-07
2.171.1 - 2024-11-27
2.171.0 - 2024-11-25
2.170.0 - 2024-11-22
2.169.0 - 2024-11-21
2.168.0 - 2024-11-20
2.167.2 - 2024-11-19
2.167.1 - 2024-11-15
2.167.0 - 2024-11-13
2.166.0 - 2024-11-07
2.165.0 - 2024-10-31

from aws-cdk-lib GitHub release notes

Important

Check the changes in this PR to ensure they won't cause issues with your project.
This PR was automatically created by Snyk using the credentials of a real user.
Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

📜 Customise PR templates

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade aws-cdk-lib from 2.165.0 to 2.230.0. See this package in npm: aws-cdk-lib See this project in Snyk: https://app.snyk.io/org/atai-AxqkZQG2azkivgzYnzo2Uq/project/94ab1d94-b966-48f6-ad42-84b1e878d3c9?utm_source=github&utm_medium=referral&page=upgrade-pr

changesets-bot-copilotkit · 2025-12-20T10:27:33Z

⏭️ Changeset Not Required

Latest commit: a9ca925

No changes in this PR affected the @copilitkit/* packages. Merging this PR will not cause a version bump for any packages.

Changeset is not required for this PR.

vercel · 2025-12-20T10:27:34Z

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
copilotkit-v2-storybook	Error		Dec 20, 2025 10:29am
docs	Ready	Preview, Comment	Dec 20, 2025 10:29am
examples-coagents-ai-travel-app	Ready	Preview, Comment	Dec 20, 2025 10:29am
examples-coagents-research-canvas-ui	Ready	Preview, Comment	Dec 20, 2025 10:29am

1 Skipped Deployment

Project	Deployment	Review	Updated (UTC)
examples-coagents-ai-researcher-ui	Ignored		Dec 20, 2025 10:29am

coderabbitai · 2025-12-20T10:27:34Z

Important

Review skipped

Ignore keyword(s) in the title.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

✨ Finishing touches

🧪 Generate unit tests (beta)

Create PR with unit tests
Post copyable unit tests in a comment
Commit unit tests in branch snyk-upgrade-4c445adab00be5508308c1b3b8146c74

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

ataibarkai requested review from mme, ranst91 and tylerslaton as code owners December 20, 2025 10:27

vercel bot had a problem deploying to Preview – copilotkit-v2-storybook December 20, 2025 10:28 Failure

vercel bot deployed to Preview – examples-coagents-ai-travel-app December 20, 2025 10:28 View deployment

vercel bot deployed to Preview – examples-coagents-research-canvas-ui December 20, 2025 10:29 View deployment

vercel bot deployed to Preview – docs December 20, 2025 10:29 View deployment

Conversation

ataibarkai commented Dec 20, 2025

Snyk has created this PR to upgrade aws-cdk-lib from 2.165.0 to 2.230.0.

Issues fixed by the recommended upgrade:

Features

Bug Fixes

Alpha modules (2.230.0-alpha.0)

Features

Bug Fixes

Bug Fixes

Alpha modules (2.229.1-alpha.0)

Features

Bug Fixes

Alpha modules (2.229.0-alpha.0)

Features

Bug Fixes

Features

Bug Fixes

Alpha modules (2.228.0-alpha.0)

Features

Alpha modules (2.227.0-alpha.0)

Features

Bug Fixes

Features

Alpha modules (2.226.0-alpha.0)

⚠ BREAKING CHANGES

Features

Bug Fixes

Reverts

Alpha modules (2.225.0-alpha.0)

⚠ BREAKING CHANGES

Features

Bug Fixes

Alpha modules (2.224.0-alpha.0)

Features

⚠ BREAKING CHANGES

Features

Bug Fixes

Alpha modules (2.223.0-alpha.0)

⚠ BREAKING CHANGES

Features

Bug Fixes

Alpha modules (2.222.0-alpha.0)

Features

Bug Fixes

Uh oh!

changesets-bot-copilotkit bot commented Dec 20, 2025

⏭️ Changeset Not Required

Uh oh!

vercel bot commented Dec 20, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

coderabbitai bot commented Dec 20, 2025

Review skipped

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

vercel bot commented Dec 20, 2025 •

edited

Loading