Bump the npm group across 1 directory with 4 updates

[dependabot]

Bumps the npm group with 3 updates in the / directory: aws-cdk-lib, @types/node and esbuild.

Updates aws-cdk-lib from 2.246.0 to 2.248.0

Release notes

Sourced from aws-cdk-lib's releases.

v2.248.0

Bug Fixes

• eks: downgrade isolated subnet validation from error to warning (#37500) (470856c), closes #37491

---

Alpha modules (2.248.0-alpha.0)

v2.247.0

⚠ BREAKING CHANGES

• ** L1 resources are automatically generated from public CloudFormation Resource Schemas. They are built to closely reflect the real state of CloudFormation. Sometimes these updates can contain changes that are incompatible with previous types, but more accurately reflect reality. In this release we have changed:

aws-bedrockagentcore: AWS::BedrockAgentCore::OnlineEvaluationConfig: ExecutionStatus attribute removed. aws-appstream: AWS::AppStream::ImageBuilder: Name property is now immutable. aws-eks: AWS::EKS::Capability: EKS_CAPABILITY_ACK_S3_LOGS vended log type removed.

Features

• update L1 CloudFormation resource definitions (#37410) (bd2c318)
• apigatewayv2: add role support for lambda authorizers (#35706) (2fb2f16), closes #35696
• batch: skip unregister job definition on update (#36011) (2fb2240)
• elasticloadbalancingv2: jwt verification for application load balancer (#36099) (aacd28a), closes #36096

Bug Fixes

• bump brace-expansion from 5.0.3 to 5.0.5 to address CVE-2026-33750 (#37379) (69cf4c9)
• prevent prototype pollution in 2 APIs (#37453) (1016537)
• aws-cdk-lib: condensed stack trace hides namespaced package name (#37413) (cb8e7fb)

---

Alpha modules (2.247.0-alpha.0)

Features

• mediapackagev2-alpha: new L2 construct (#37279) (7debfb9)

Changelog

Sourced from aws-cdk-lib's changelog.

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

2.248.0-alpha.0 (2026-04-02)

2.247.0-alpha.0 (2026-04-02)

Features

• mediapackagev2-alpha: new L2 construct (#37279) (7debfb9)

2.246.0-alpha.0 (2026-03-31)

2.245.0-alpha.0 (2026-03-27)

Features

• s3tables-alpha: add support for partition spec, sort order, and table properties (#36811) (2696cd1)
• s3tables-alpha: add metrics configuration support for TableBucket (#37275) (e8786f5)
• s3tables-alpha: implement ITaggableV2 on TableBucket and Table L2 constructs (#37277) (69c8944), closes #33054

2.244.0-alpha.0 (2026-03-19)

Bug Fixes

• kinesisanalytics-flink-alpha: mark deprecated flink runtimes as deprecated (#37155) (0a89447)

2.243.0-alpha.0 (2026-03-11)

2.242.0-alpha.0 (2026-03-10)

Features

• mixins-preview: allow passing resource objects into properties in CFN Property mixins (#37148) (f238629)
• mixins-preview: generate EventBridge pattern for all events (#37081) (f30e836)
• mixins-preview: support custom merge strategies via IMergeStrategy (#37170) (0dec011)

2.241.0-alpha.0 (2026-03-02)

Features

• mixins-preview: add recordFields and outputFormat to Vended Logs Mixin (#37042) (dd94c31)
• mixins-preview: cross account delivery destinations (#36827) (a759eb6)

... (truncated)

Commits

• 78536e6 Merge branch 'main' into merge-back/2.247.0
• 470856c fix(eks): downgrade isolated subnet validation from error to warning (#37500)
• 7b6c66f chore: update analytics metadata blueprints
• 6fc7add chore: yarn upgrade dependencies requiring intervention (#36806)
• bd2c318 feat: update L1 CloudFormation resource definitions (#37410)
• 2fb2f16 feat(apigatewayv2): add role support for lambda authorizers (#35706)
• aacd28a feat(elasticloadbalancingv2): jwt verification for application load balancer ...
• 1016537 fix: prevent prototype pollution in 2 APIs (#37453)
• 2fb2240 feat(batch): skip unregister job definition on update (#36011)
• 372571a Merge branch 'main' into merge-back/2.246.0
• Additional commits viewable in compare view

Updates @types/node from 24.12.0 to 25.5.1

Commits

• See full diff in compare view

Updates @aws-cdk/asset-awscli-v1 from 2.2.263 to 2.2.273

Commits

• df9a7a4 fix(deps): bump awscli from 1.44.63 to 1.44.68 (#1409)
• 45cd8e1 fix(deps): bump pyasn1 minimum to 0.6.3 for CVE-2026-30922 (#1407)
• 3693de7 chore(deps): upgrade dev dependencies (#1404)
• f11938b fix(deps): bump awscli from 1.44.58 to 1.44.63 (#1402)
• c28fec7 chore(deps): upgrade dev dependencies (#1397)
• c20a9ca fix(deps): bump awscli from 1.44.53 to 1.44.58 (#1395)
• ae3f807 chore(deps): upgrade dev dependencies (#1393)
• 3fe9c0e fix(deps): bump awscli from 1.44.49 to 1.44.53 (#1391)
• 7c3f608 chore(deps): upgrade dev dependencies (#1389)
• 3d28d70 fix(deps): bump awscli from 1.44.44 to 1.44.49 (#1387)
• Additional commits viewable in compare view

Updates esbuild from 0.27.5 to 0.27.7

Release notes

Sourced from esbuild's releases.

v0.27.7

• Fix lowering of define semantics for TypeScript parameter properties (#4421)

  The previous release incorrectly generated class fields for TypeScript parameter properties even when the configured target environment does not support class fields. With this release, the generated class fields will now be correctly lowered in this case:

  // Original code
  class Foo {
    constructor(public x = 1) {}
    y = 2
  }
  // Old output (with --loader=ts --target=es2021)
  class Foo {
  constructor(x = 1) {
  this.x = x;
  __publicField(this, "y", 2);
  }
  x;
  }
  // New output (with --loader=ts --target=es2021)
  class Foo {
  constructor(x = 1) {
  __publicField(this, "x", x);
  __publicField(this, "y", 2);
  }
  }

Changelog

Sourced from esbuild's changelog.

0.27.7

• Fix lowering of define semantics for TypeScript parameter properties (#4421)

  The previous release incorrectly generated class fields for TypeScript parameter properties even when the configured target environment does not support class fields. With this release, the generated class fields will now be correctly lowered in this case:

  // Original code
  class Foo {
    constructor(public x = 1) {}
    y = 2
  }
  // Old output (with --loader=ts --target=es2021)
  class Foo {
  constructor(x = 1) {
  this.x = x;
  __publicField(this, "y", 2);
  }
  x;
  }
  // New output (with --loader=ts --target=es2021)
  class Foo {
  constructor(x = 1) {
  __publicField(this, "x", x);
  __publicField(this, "y", 2);
  }
  }

Commits

• 2025c9f publish 0.27.7 to npm
• c6b586e fix typo in Makefile for @esbuild/win32-x64
• 9785e14 publish 0.27.6 to npm
• b169d8c Revert "update go 1.25.7 => 1.26.1"
• 7ac8762 run make update-compat-table
• 8b5ff53 remove an incorrect else
• e955268 fix #4421: lower generated class fields if needed
• a5a2500 ci: move make test-old-ts
• b71e7ac omit go's buildvcs for more reproducible builds
• 7406b09 organize make platform-all output in Makefile
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions