chore(deps): bump aws-cdk-lib from 2.171.1 to 2.246.0 in /compatibility-tests/compat-cdk

[dependabot]

Bumps aws-cdk-lib from 2.171.1 to 2.246.0.

Release notes

Sourced from aws-cdk-lib's releases.

v2.246.0

Features

• bedrock: add MiniMax and GLM foundation model identifiers (#37348) (2015344), closes #37347

Bug Fixes

• dynamodb: throw error when grantee is an unsupported ServicePrincipal (#37335) (d12754f), closes #35817 aws/aws-cdk#37273
• lambda-nodejs: use powershell for spawn steps on Windows (#37412) (a92105c), closes #37387
• core: noisy property deprecation warnings (#37415) (4fd0002), closes #37407

Reverts

• core: add source tracing for L1 construct property mutations (#37415) (4fd0002), closes aws/aws-cdk#37285

---

Alpha modules (2.246.0-alpha.0)

v2.245.0

Features

• update L1 CloudFormation resource definitions (#37332) (6cdf84a)
• autoscaling: add instanceLifecyclePolicy support to AutoScalingGroup Property (#36434) (b72ffcc)
• cloudfront: use JavaScript runtime 2.0 as the default for CloudFront Functions (under feature flag) (#35941) (cd0df14)
• core: add source tracing for L1 construct property mutations (#37285) (f0b6da8)
• ecr-assets: add support for docker build context (#36930) (c0849ea), closes #31598
• s3: add blockedEncryptionTypes field to s3.Bucket (#37047) (262e8a7), closes #36988
• synthetics: add enum value for Synthetics Canary NodeJS 3.1 runtime (#37282) (af1e89c), closes /docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch_Synthetics_Library_Nodejs.html#CloudWatch_Synthetics_runtimeversion-syn-nodejs-3

Bug Fixes

• aws-cdk-lib: toolkit is unaware of CDK app errors (#37294) (093de92)
• eks: throw error when kubectl subnets are isolated (#37217) (73e5006), closes #26613
• lambda: fix typo in addPermission() warning message (#37365) (fa21e62)
• lambda-nodejs: use direct spawn for local bundling (#37292) (9bf4263)
• mixin: use withMixin in Stack to set mixin metadata in its constructs (#37269) (293ce90), closes /github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/core/lib/mixins/private/mixin-metadata.ts#L30
• rds: enablePerformanceInsights false is ignored when other performance insight properties are set (#37287) (b4bca75), closes #37051
• construct errors are rendered in a messy way (#37290) (5104256)
• spec2cdk: throw on unrecognized uppercase prefix in event pattern (#37283) (c68f2f5)

---

Alpha modules (2.245.0-alpha.0)

Features

• s3tables-alpha: add support for partition spec, sort order, and table properties (#36811) (2696cd1)
• s3tables-alpha: add metrics configuration support for TableBucket (#37275) (e8786f5)
• s3tables-alpha: implement ITaggableV2 on TableBucket and Table L2 constructs (#37277) (69c8944), closes #33054

v2.244.0

... (truncated)

Changelog

Sourced from aws-cdk-lib's changelog.

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

2.260.0-alpha.0 (2026-06-16)

2.259.0-alpha.0 (2026-06-11)

2.258.1-alpha.0 (2026-06-08)

2.258.0-alpha.0 (2026-06-04)

Features

• integ-tests-alpha: add option to set the provider log level (#38005) (c634a79)

Bug Fixes

• custom-resource-handlers: deterministic asset hashes for generated lambdas (#37634) (6c3d5bc), closes #34307
• glue-alpha: deprecate Ray Jobs (#38055) (3fa428b)
• glue-alpha: restore notifyDelayAfter to PySpark and Scala Spark ETL jobs (#37815) (05be88a), closes #33839
• integ-tests-alpha: assertion failures print too much unnecessary information (#37974) (bc0de1d)
• mediapackagev2-alpha: cdnAuth on OriginEndpoint now generates the required policy (#38013) (1d56b46)

2.257.0-alpha.0 (2026-05-21)

2.256.1-alpha.0 (2026-05-20)

2.256.0-alpha.0 (2026-05-19)

2.255.0-alpha.0 (2026-05-18)

Features

• bedrock-agentcore-alpha: Graduation of the library to stable. The Policy submodule is the only submodule that remains in alpha. All other constructs have graduated to stable in aws-cdk-lib/aws-bedrockagentcore and we recommend migrating to the stable versions (#37876) (00cf601)

2.254.0-alpha.0 (2026-05-13)

Features

• bedrock-agentcore-alpha: add tags support to Evaluator and OnlineEvaluationConfig (#37804) (adbf88f)
• bedrock-agentcore-alpha: add identity L2 constructs (#37610) (67c3af2)
• mediapackagev2-alpha: add OAC integration between CloudFront and MediaPackageV2 (#37701) (654f59c)

Bug Fixes

... (truncated)

Commits

• 2d5b667 chore: update analytics metadata blueprints
• 4fd0002 revert(core): add source tracing for L1 construct property mutations (#37415)
• a92105c fix(lambda-nodejs): use powershell for spawn steps on Windows (#37412)
• 819f632 chore: use HTTPS for AWS documentation links (#37359)
• 9d46d2f chore: fix duplicate word typos in documentation comments (#37357)
• 5a3f2ea chore: remove obsolete tslint disable comments (#37358)
• 87416f8 chore: fix spelling errors in documentation comments (#37360)
• 698ae90 docs(cx-api): fix typos in README (#37406)
• 3b3a09d docs: fix duplicate word typos in README files (#37370)
• 0f62b21 docs: fix typo and use HTTPS for AWS links in README files (#37371)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​aws-cdk-lib@​2.171.1 ⏵ 2.246.0	-20	+19	+1	+2

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm aws-cdk-lib is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: compatibility-tests/compat-cdk/package.json → npm/aws-cdk-lib@2.246.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/aws-cdk-lib@2.246.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm aws-cdk-lib is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: compatibility-tests/compat-cdk/package.json → npm/aws-cdk-lib@2.246.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/aws-cdk-lib@2.246.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm aws-cdk-lib is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: compatibility-tests/compat-cdk/package.json → npm/aws-cdk-lib@2.246.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/aws-cdk-lib@2.246.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm aws-cdk-lib is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: compatibility-tests/compat-cdk/package.json → npm/aws-cdk-lib@2.246.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/aws-cdk-lib@2.246.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report