chore(deps): bump the aws-cdk group with 2 updates

[dependabot]

Bumps the aws-cdk group with 2 updates: @aws-cdk/toolkit-lib and aws-cdk-lib.

Updates @aws-cdk/toolkit-lib from 1.24.0 to 1.25.0

Release notes

Sourced from @​aws-cdk/toolkit-lib's releases.

@​aws-cdk/toolkit-lib@​v1.25.0

1.25.0 (2026-04-29)

Features

• cdk diagnose displays the root cause of a past stack deployment failure (#1378) (acefbf8)
• cli: cdk orphan command detaches resources from a stack, allowing resource type upgrades (behind --unstable) (#1399) (1d0866e)
• cli: add cdk deploy --method=execute-change-set for two-step deployment workflows (#1271) (5770c26)
• cli: add hotswap support for QuickSight resources via CCAPI (#1457) (0900f26), closes #1310 #1055 #1310

Bug Fixes

• duplicate logical ids in nested stacks showing as incorrect paths in cdk diff (#1415) (cdd0195), closes #952
• empty diff with only hidden CDK metadata changes requests approval from user without explanation (#1419) (37b646d)
• toolkit-lib: hotswap deployments swap all changes since first template of session (#1400) (3fd2f72), closes #885 #885

Commits

• acefbf8 feat: cdk diagnose displays the root cause of a past stack deployment failu...
• 0900f26 feat(cli): add hotswap support for QuickSight resources via CCAPI (#1457)
• 37b646d fix: empty diff with only hidden CDK metadata changes requests approval from ...
• 5770c26 feat(cli): add cdk deploy --method=execute-change-set for two-step deployme...
• 8f7f8df chore(deps): upgrade dependencies (#1417)
• cdd0195 fix: duplicate logical ids in nested stacks showing as incorrect paths in `cd...
• 1d0866e feat(cli): cdk orphan command detaches resources from a stack, allowing res...
• cd9585b chore(deps): upgrade dependencies (#1413)
• 3fd2f72 fix(toolkit-lib): hotswap deployments swap all changes since first template o...
• 226bf10 chore: fix upgrade workflow by adding ts-node dependency (#1408)
• See full diff in compare view

Updates aws-cdk-lib from 2.250.0 to 2.251.0

Release notes

Sourced from aws-cdk-lib's releases.

v2.251.0

⚠ BREAKING CHANGES

• ** L1 resources are automatically generated from public CloudFormation Resource Schemas. They are built to closely reflect the real state of CloudFormation. Sometimes these updates can contain changes that are incompatible with previous types, but more accurately reflect reality. In this release we have changed:

aws-elasticloadbalancing: AWS::ElasticLoadBalancing::LoadBalancer: SourceSecurityGroup attribute removed. aws-elasticloadbalancing: AWS::ElasticLoadBalancing::LoadBalancer: PolicyItem type removed. aws-elasticloadbalancing: AWS::ElasticLoadBalancing::LoadBalancer: SourceSecurityGroup type removed.

Features

• update L1 CloudFormation resource definitions (#37684) (9e6c2ef)
• lambda: add ruby 4.0 runtime (#37650) (04d4337)
• update L1 CloudFormation resource definitions (#37644) (e64f943)
• core: Validations class is the new way to add validation plugins to CDK Apps (#37611) (95696b4), closes #37613
• core: graduate policyValidationBeta1 interfaces to policyValidation (#37613) (8c613cf)
• ecs: support for service connect access log configuration (#36067) (5ad1c06)
• route53: accelerated recovery for public hosted zone (#36358) (f1b7b03)
• synthetics: support canary group (#35689) (20ccd31), closes #34043

Bug Fixes

• core: Stage.policyValidationBeta1 is mutable (#37612) (3c1faf1)
• core: construct creation stack traces are implicit (#37643) (5635c20)
• core: synth output is not valid YAML when using policy validation (#37597) (927dd60), closes #25331
• core: token stack traces expensively clutter --debug mode (#37642) (498c546)
• core: tree metadata does not contain logical ID (#37630) (284ab23)
• ec2: fixing vpc endpoint for eu-isoe-west-1 region (#37596) (555c930), closes #31690
• events-targets: make LogGroupTargetInput extend RuleTargetInput for JSII compatibility (#37451) (46dbc7a), closes #36733
• lambda: add Token.isUnresolved checks to provisioned poller config validation (#37197) (667ed30)
• stepfunctions-tasks: warn when CallAwsServiceCrossRegion endpoint is resolved from state input (#37646) (9fdf590)

---

Alpha modules (2.251.0-alpha.0)

Features

• bedrock-agentcore-alpha: add L2 constructs for policy and policy engine (#37238) (1e89e7e)
• bedrock-agentcore-alpha: add observability configuration for Runtime (#36689) (34b43aa), closes #36596
• bedrock-agentcore-alpha: support No Authorization for AgentCore Gateway (#36610) (f20bd8e)
• dsql-alpha: initial L2 construct (#34599) (be1a458), closes #34593

Changelog

Sourced from aws-cdk-lib's changelog.

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

2.251.0-alpha.0 (2026-04-24)

Features

• bedrock-agentcore-alpha: add L2 constructs for policy and policy engine (#37238) (1e89e7e)
• bedrock-agentcore-alpha: add observability configuration for Runtime (#36689) (34b43aa), closes #36596
• bedrock-agentcore-alpha: support No Authorization for AgentCore Gateway (#36610) (f20bd8e)
• dsql-alpha: initial L2 construct (#34599) (be1a458), closes #34593

2.250.0-alpha.0 (2026-04-14)

2.249.0-alpha.0 (2026-04-10)

2.248.0-alpha.0 (2026-04-02)

2.247.0-alpha.0 (2026-04-02)

Features

• mediapackagev2-alpha: new L2 construct (#37279) (7debfb9)

2.246.0-alpha.0 (2026-03-31)

2.245.0-alpha.0 (2026-03-27)

Features

• s3tables-alpha: add support for partition spec, sort order, and table properties (#36811) (2696cd1)
• s3tables-alpha: add metrics configuration support for TableBucket (#37275) (e8786f5)
• s3tables-alpha: implement ITaggableV2 on TableBucket and Table L2 constructs (#37277) (69c8944), closes #33054

2.244.0-alpha.0 (2026-03-19)

Bug Fixes

• kinesisanalytics-flink-alpha: mark deprecated flink runtimes as deprecated (#37155) (0a89447)

2.243.0-alpha.0 (2026-03-11)

2.242.0-alpha.0 (2026-03-10)

... (truncated)

Commits

• 9e6c2ef feat: update L1 CloudFormation resource definitions (#37684)
• 9fdf590 fix(stepfunctions-tasks): warn when CallAwsServiceCrossRegion endpoint is res...
• 04d4337 feat(lambda): add ruby 4.0 runtime (#37650)
• 9fba04d chore: upgrade cloud-assembly-schema packages to fix build (#37677)
• e64f943 feat: update L1 CloudFormation resource definitions (#37644)
• 78fbcb3 chore(ec2): remove obsolete tslint directive from vpc.ts (#37532)
• 56656e8 chore(rds): add PostgreSQL 16.13 engine version (#37654)
• 20ccd31 feat(synthetics): support canary group (#35689)
• 95696b4 feat(core): Validations class is the new way to add validation plugins to C...
• 5635c20 fix(core): construct creation stack traces are implicit (#37643)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Coverage Report

Status	Category	Percentage	Covered / Total
🔵	Lines	Unknown%	0 / 0
🔵	Statements	Unknown%	0 / 0
🔵	Functions	Unknown%	0 / 0
🔵	Branches	Unknown%	0 / 0

Generated in workflow #2107 for commit a7e8e4b by the Vitest Coverage Report Action