Skip to content

build(deps): bump yaml and aws-cdk-lib in /cloudformation/scenarios/localgov-ims/cdk#245

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/cloudformation/scenarios/localgov-ims/cdk/multi-e3199e7f0d
Closed

build(deps): bump yaml and aws-cdk-lib in /cloudformation/scenarios/localgov-ims/cdk#245
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/cloudformation/scenarios/localgov-ims/cdk/multi-e3199e7f0d

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 18, 2026

Removes yaml. It's no longer used after updating ancestor dependency aws-cdk-lib. These dependencies need to be updated together.

Removes yaml

Updates aws-cdk-lib from 2.244.0 to 2.254.0

Release notes

Sourced from aws-cdk-lib's releases.

v2.254.0

⚠ BREAKING CHANGES

  • ** L1 resources are automatically generated from public CloudFormation Resource Schemas. They are built to closely reflect the real state of CloudFormation. Sometimes these updates can contain changes that are incompatible with previous types, but more accurately reflect reality. In this release we have changed:

aws-elasticache: AWS::ElastiCache::CacheCluster: Id attribute removed. aws-sagemaker: AWS::SageMaker::Model: Id attribute removed. aws-vpclattice: AWS::VpcLattice::AuthPolicy: State attribute enum values changed from ACTIVE|INACTIVE to Active|Inactive.

Features

Bug Fixes

  • file fingerprinting is now ~33% faster (#37802) (b871018)
  • core: "exports cannot be updated" for cross-region references (#37790) (af11f00)
  • rds: add lower bound validation for ClusterInstance promotionTier (#37519) (16c0a29), closes #37518
  • s3deploy: empty sources leads to deployment error (#37786) (d28ad30)
  • bundled jsonschema in @​aws-cdk/cloud-assembly-api causes ELSPROBLEMS (#37774) (64651d3), closes #37756

Alpha modules (2.254.0-alpha.0)

Features

  • bedrock-agentcore-alpha: add tags support to Evaluator and OnlineEvaluationConfig (#37804) (adbf88f)
  • bedrock-agentcore-alpha: add identity L2 constructs (#37610) (67c3af2)
  • mediapackagev2-alpha: add OAC integration between CloudFront and MediaPackageV2 (#37701) (654f59c)

Bug Fixes

  • bedrock-agentcore-alpha: fix cedar policy bug (#37782) (e678d5c), closes #37828
  • custom-resource-handlers: deployment fails when parameter already exists (#37852) (025c38c)

v2.253.1

Bug Fixes

  • core: "exports cannot be updated" for cross-region references (#37790) (b0c00e2)
  • s3deploy: empty sources leads to deployment error (#37786) (f61656a)

Alpha modules (2.253.1-alpha.0)

... (truncated)

Changelog

Sourced from aws-cdk-lib's changelog.

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

2.254.0-alpha.0 (2026-05-13)

Features

  • bedrock-agentcore-alpha: add tags support to Evaluator and OnlineEvaluationConfig (#37804) (adbf88f)
  • bedrock-agentcore-alpha: add identity L2 constructs (#37610) (67c3af2)
  • mediapackagev2-alpha: add OAC integration between CloudFront and MediaPackageV2 (#37701) (654f59c)

Bug Fixes

  • bedrock-agentcore-alpha: fix cedar policy bug (#37782) (e678d5c), closes #37828
  • custom-resource-handlers: deployment fails when parameter already exists (#37852) (025c38c)

2.253.1-alpha.0 (2026-05-08)

2.253.0-alpha.0 (2026-05-06)

Features

  • bedrock-agentcore-alpha: add OnlineEvaluationConfig and Evaluator L2 constructs (#37615) (c13de04), closes #37614
  • glue-alpha: add extraPythonFiles support to PythonShellJob (#37130) (c9c6f9c), closes #34448

Bug Fixes

  • bedrock-agentcore-alpha: self-managed memory strategy validation throws on unresolved tokens (#37691) (7956537), closes #37197

2.252.0-alpha.0 (2026-04-29)

2.251.0-alpha.0 (2026-04-24)

Features

  • bedrock-agentcore-alpha: add L2 constructs for policy and policy engine (#37238) (1e89e7e)
  • bedrock-agentcore-alpha: add observability configuration for Runtime (#36689) (34b43aa), closes #36596
  • bedrock-agentcore-alpha: support No Authorization for AgentCore Gateway (#36610) (f20bd8e)
  • dsql-alpha: initial L2 construct (#34599) (be1a458), closes #34593

2.250.0-alpha.0 (2026-04-14)

2.249.0-alpha.0 (2026-04-10)

... (truncated)

Commits
  • b1864c9 chore: update analytics metadata blueprints
  • c9faa87 chore(release): 2.254.0
  • fb4197e feat: update L1 CloudFormation resource definitions (#37826)
  • 086738b feat(lambda): add SQS provisionedPollerConfig support with validation and fix...
  • 69d6457 refactor(core): unify validation plugin execution into single loop (#37809)
  • 13a4924 feat(cloudwatch): add PromQL Alarm L2 construct (#37793)
  • 2fbe65a chore(docs): put feature flags in alphabetical order in cdk.json section of...
  • 701305d feat(core): PropertyMergeStrategy now supports array merge strategies (#37841)
  • 3a58641 feat(ses): auto email validation for configuration sets (#36679)
  • be82355 chore: remove dead code (#37830)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
build(deps): bump yaml and aws-cdk-lib
50e338d 
Removes [yaml](https://github.com/eemeli/yaml). It's no longer used after updating ancestor dependency [aws-cdk-lib](https://github.com/aws/aws-cdk/tree/HEAD/packages/aws-cdk-lib). These dependencies need to be updated together.


Removes `yaml`

Updates `aws-cdk-lib` from 2.244.0 to 2.254.0
- [Release notes](https://github.com/aws/aws-cdk/releases)
- [Changelog](https://github.com/aws/aws-cdk/blob/main/CHANGELOG.v2.alpha.md)
- [Commits](https://github.com/aws/aws-cdk/commits/v2.254.0/packages/aws-cdk-lib)

---
updated-dependencies:
- dependency-name: yaml
  dependency-version:
  dependency-type: indirect
- dependency-name: aws-cdk-lib
  dependency-version: 2.254.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 18, 2026
@dependabot dependabot Bot had a problem deploying to smoke-test-deploy May 18, 2026 15:27 Failure
@chrisns
Copy link
Copy Markdown
Member

chrisns commented May 22, 2026

Superseded by Renovate's grouping (per-scenario + npm-web + github-actions). Renovate has osvVulnerabilityAlerts: true enabled in #357, so any security update Dependabot would raise will now come through Renovate's security-priority group instead.

@chrisns chrisns closed this May 22, 2026
@chrisns chrisns deleted the dependabot/npm_and_yarn/cloudformation/scenarios/localgov-ims/cdk/multi-e3199e7f0d branch May 22, 2026 06:33
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 22, 2026

OK, I won't notify you again about this release, but will get in touch when a new version is available.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@chrisns