fix: lint issue fix on build failure

Jay Kim · Jay Kim · commit f8252a2f7fcc · 2025-05-20T15:12:17.000-07:00
diff --git a/packages/aws-cdk-lib/aws-stepfunctions-tasks/lib/lambda/invoke.ts b/packages/aws-cdk-lib/aws-stepfunctions-tasks/lib/lambda/invoke.ts
@@ -3,8 +3,8 @@ import * as iam from '../../../aws-iam';
 import * as lambda from '../../../aws-lambda';
 import * as sfn from '../../../aws-stepfunctions';
 import * as cdk from '../../../core';
-import * as cxapi from '../../../cx-api';
 import { ValidationError } from '../../../core';
+import * as cxapi from '../../../cx-api';
 import { integrationResourceArn, validatePatternSupported } from '../private/task-utils';
 
 interface LambdaInvokeBaseProps {
diff --git a/packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md b/packages/aws-cdk-lib/cx-api/FEATURE_FLAGS.md
@@ -100,9 +100,9 @@ Flags come in three types:
 | [@aws-cdk/pipelines:reduceCrossAccountActionRoleTrustScope](#aws-cdkpipelinesreducecrossaccountactionroletrustscope) | When enabled, scopes down the trust policy for the cross-account action role | 2.189.0 | new default |
 | [@aws-cdk/core:aspectPrioritiesMutating](#aws-cdkcoreaspectprioritiesmutating) | When set to true, Aspects added by the construct library on your behalf will be given a priority of MUTATING. | 2.189.1 | new default |
 | [@aws-cdk/s3-notifications:addS3TrustKeyPolicyForSnsSubscriptions](#aws-cdks3-notificationsadds3trustkeypolicyforsnssubscriptions) | Add an S3 trust policy to a KMS key resource policy for SNS subscriptions. | 2.195.0 | fix |
-| [@aws-cdk/aws-stepfunctions-tasks:lambdaInvokeGrantAllVersions](#aws-cdkaws-stepfunctions-taskslambdainvokegrantallversions) | When enabled, LambdaInvoke grants permissions to all versions of a Lambda function by default | V2NEXT | fix |
 | [@aws-cdk/aws-ec2:requirePrivateSubnetsForEgressOnlyInternetGateway](#aws-cdkaws-ec2requireprivatesubnetsforegressonlyinternetgateway) | When enabled, the EgressOnlyGateway resource is only created if private subnets are defined in the dual-stack VPC. | 2.196.0 | fix |
 | [@aws-cdk/aws-s3:publicAccessBlockedByDefault](#aws-cdkaws-s3publicaccessblockedbydefault) | When enabled, setting any combination of options for BlockPublicAccess will automatically set true for any options not defined. | 2.196.0 | fix |
+| [@aws-cdk/aws-stepfunctions-tasks:lambdaInvokeGrantAllVersions](#aws-cdkaws-stepfunctions-taskslambdainvokegrantallversions) | When enabled, LambdaInvoke grants permissions to all versions of a Lambda function by default | V2NEXT | fix |
 
 <!-- END table -->
 
@@ -2111,39 +2111,31 @@ When this feature flag is enabled, a S3 trust policy will be added to the KMS ke
 | 2.195.0 | `false` | `true` |
 
 
-### @aws-cdk/aws-stepfunctions-tasks:lambdaInvokeGrantAllVersions
+### @aws-cdk/aws-ec2:requirePrivateSubnetsForEgressOnlyInternetGateway
 
-*When enabled, LambdaInvoke grants permissions to all versions of a Lambda function by default*
+*When enabled, the EgressOnlyGateway resource is only created if private subnets are defined in the dual-stack VPC.*
 
 Flag type: Backwards incompatible bugfix
 
-When a Step Function invokes a Lambda function version, it requires IAM permissions specifically for that version. 
-Currently, the AWS CDK's `LambdaInvoke` construct automatically creates IAM permissions for the specific Lambda 
-version referenced, but these permissions are updated during redeployment to only include the new version, removing
-access to previous versions.
-
-This can cause in-flight Step Function executions to fail when new Lambda versions are deployed.
-
-When this feature flag is enabled, the `LambdaInvoke` construct will automatically grant permissions to both:
-- The specific Lambda version referenced
-- All versions of the Lambda function (using a wildcard)
-
-This ensures that in-flight executions continue to work even after deploying updates to Lambda functions.
+When this feature flag is enabled, EgressOnlyGateway resource will not be created when you create a vpc with only public subnets.
 
 
 | Since | Default | Recommended |
 | ----- | ----- | ----- |
 | (not in v1) |  |  |
-| V2NEXT | `false` | `true` |
+| 2.196.0 | `false` | `true` |
 
 
-### @aws-cdk/aws-ec2:requirePrivateSubnetsForEgressOnlyInternetGateway
+### @aws-cdk/aws-s3:publicAccessBlockedByDefault
 
-*When enabled, the EgressOnlyGateway resource is only created if private subnets are defined in the dual-stack VPC.*
+*When enabled, setting any combination of options for BlockPublicAccess will automatically set true for any options not defined.*
 
 Flag type: Backwards incompatible bugfix
 
-When this feature flag is enabled, EgressOnlyGateway resource will not be created when you create a vpc with only public subnets.
+When BlockPublicAccess is not set at all, s3's default behavior will be to set all options to true in aws console. 
+The previous behavior in cdk before this feature was; if only some of the BlockPublicAccessOptions were set (not all 4), then the ones undefined would default to false.
+This is counter intuitive to the console behavior where the options would start in true state and a user would uncheck the boxes as needed.
+The new behavior from this feature will allow a user, for example, to set 1 of the 4 BlockPublicAccessOpsions to false, and on deployment the other 3 will remain true.
 
 
 | Since | Default | Recommended |
@@ -2152,22 +2144,30 @@ When this feature flag is enabled, EgressOnlyGateway resource will not be create
 | 2.196.0 | `false` | `true` |
 
 
-### @aws-cdk/aws-s3:publicAccessBlockedByDefault
+### @aws-cdk/aws-stepfunctions-tasks:lambdaInvokeGrantAllVersions
 
-*When enabled, setting any combination of options for BlockPublicAccess will automatically set true for any options not defined.*
+*When enabled, LambdaInvoke grants permissions to all versions of a Lambda function by default*
 
 Flag type: Backwards incompatible bugfix
 
-When BlockPublicAccess is not set at all, s3's default behavior will be to set all options to true in aws console. 
-The previous behavior in cdk before this feature was; if only some of the BlockPublicAccessOptions were set (not all 4), then the ones undefined would default to false.
-This is counter intuitive to the console behavior where the options would start in true state and a user would uncheck the boxes as needed.
-The new behavior from this feature will allow a user, for example, to set 1 of the 4 BlockPublicAccessOpsions to false, and on deployment the other 3 will remain true.
+When a Step Function invokes a Lambda function version, it requires IAM permissions specifically for that version. 
+Currently, the AWS CDK's `LambdaInvoke` construct automatically creates IAM permissions for the specific Lambda 
+version referenced, but these permissions are updated during redeployment to only include the new version, removing
+access to previous versions.
+
+This can cause in-flight Step Function executions to fail when new Lambda versions are deployed.
+
+When this feature flag is enabled, the `LambdaInvoke` construct will automatically grant permissions to both:
+- The specific Lambda version referenced
+- All versions of the Lambda function (using a wildcard)
+
+This ensures that in-flight executions continue to work even after deploying updates to Lambda functions.
 
 
 | Since | Default | Recommended |
 | ----- | ----- | ----- |
 | (not in v1) |  |  |
-| 2.196.0 | `false` | `true` |
+| V2NEXT | `false` | `true` |
 
 
 <!-- END details -->
