aws · mergify · Aug 20, 2025 · Aug 12, 2025 · Aug 12, 2025 · Aug 12, 2025
diff --git a/.github/workflows/analytics-metadata-updater.yml b/.github/workflows/analytics-metadata-updater.yml
@@ -13,7 +13,7 @@ jobs:
       contents: write
       pull-requests: write
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
         with:
           ref: ${{ github.event.pull_request.head.sha }}
 

diff --git a/.github/workflows/check-lfs.yml b/.github/workflows/check-lfs.yml
@@ -7,7 +7,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           # We don't actually care about LFS file contents, just their integrity.
           lfs: false

diff --git a/.github/workflows/codebuild-pr-build.yml b/.github/workflows/codebuild-pr-build.yml
@@ -8,6 +8,13 @@ on:
       - main
       - v2-release
   pull_request: {}
+  pull_request_target:
+    branches:
+      - v2-release
+    types:
+      - opened
+      - synchronize
+      - reopened
 
 # For every PR, cancel any previous builds in progress
 # ... but for all other builds we keep them running
@@ -24,7 +31,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup Node.js
         uses: actions/setup-node@v4

diff --git a/.github/workflows/codecov-collect.yml b/.github/workflows/codecov-collect.yml
@@ -13,7 +13,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Set up Node
         uses: actions/setup-node@v4

diff --git a/.github/workflows/codecov-upload.yml b/.github/workflows/codecov-upload.yml
@@ -21,9 +21,9 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Download Artifacts
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
         with:
           name: coverage-artifacts
           path: ./packages/aws-cdk-lib/core/coverage

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -38,7 +38,7 @@ jobs:
           build-mode: none
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@v5
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL

diff --git a/.github/workflows/enum-auto-updater.yml b/.github/workflows/enum-auto-updater.yml
@@ -13,7 +13,7 @@ jobs:
       pull-requests: write
     steps:
       - name: Check Out
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Set up Node
         uses: actions/setup-node@v4

diff --git a/.github/workflows/enum-static-mapping-updater.yml b/.github/workflows/enum-static-mapping-updater.yml
@@ -13,7 +13,7 @@ jobs:
       pull-requests: write
     steps:
       - name: Check Out
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Set up Node
         uses: actions/setup-node@v4

diff --git a/.github/workflows/issue-sync.yml b/.github/workflows/issue-sync.yml
@@ -8,7 +8,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup Node.js
         uses: actions/setup-node@v4

diff --git a/.github/workflows/lambda-runtime-tests.yml b/.github/workflows/lambda-runtime-tests.yml
@@ -11,7 +11,7 @@ jobs:
     permissions:
       contents: write
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
         with:
           ref: ${{ github.event.pull_request.head.sha }}
 

diff --git a/.github/workflows/pr-build.yml b/.github/workflows/pr-build.yml
@@ -28,7 +28,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup Node.js
         uses: actions/setup-node@v4

diff --git a/.github/workflows/pr-linter.yml b/.github/workflows/pr-linter.yml
@@ -70,7 +70,7 @@ jobs:
     needs: download-if-workflow-run
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Install & Build prlint
         run: yarn install --frozen-lockfile && cd tools/@aws-cdk/prlint && yarn build+test

diff --git a/.github/workflows/project-prioritization-added-on.yml b/.github/workflows/project-prioritization-added-on.yml
@@ -10,7 +10,7 @@ jobs:
     if: github.repository == 'aws/aws-cdk'
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
       - name:  Update AddedOn field
         uses: actions/github-script@v7

diff --git a/.github/workflows/project-prioritization-assignment.yml b/.github/workflows/project-prioritization-assignment.yml
@@ -13,7 +13,7 @@ jobs:
     if: github.repository == 'aws/aws-cdk'
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: Add PR to Project & Set Priority
         uses: actions/github-script@v7
         with:

diff --git a/.github/workflows/project-prioritization-bug.yml b/.github/workflows/project-prioritization-bug.yml
@@ -9,7 +9,7 @@ jobs:
     if: github.repository == 'aws/aws-cdk' && contains(github.event.issue.labels.*.name, 'bug') && contains(github.event.issue.labels.*.name, 'p1')
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: Add P1 Bug to project
         uses: actions/github-script@v7
         with:

diff --git a/.github/workflows/project-prioritization-needs-attention.yml b/.github/workflows/project-prioritization-needs-attention.yml
@@ -9,7 +9,7 @@ jobs:
     if: github.repository == 'aws/aws-cdk'
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
       - name: Update Needs Attention Status
         uses: actions/github-script@v7

diff --git a/.github/workflows/project-prioritization-r2-assignment.yml b/.github/workflows/project-prioritization-r2-assignment.yml
@@ -9,7 +9,7 @@ jobs:
     if: github.repository == 'aws/aws-cdk'
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
       - name: Check and assign R2 Priority to PRs
         uses: actions/github-script@v7

diff --git a/.github/workflows/project-prioritization-r5-assignment.yml b/.github/workflows/project-prioritization-r5-assignment.yml
@@ -9,7 +9,7 @@ jobs:
     if: github.repository == 'aws/aws-cdk'
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: Check and Assign R5 Priority to PRs
         uses: actions/github-script@v7
         with:

diff --git a/.github/workflows/request-cli-integ-test.yml b/.github/workflows/request-cli-integ-test.yml
@@ -17,7 +17,7 @@ jobs:
       any-changed-files: ${{ steps.changed-cli-files.outputs.cli_any_changed }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           ref: ${{ github.event.pull_request.head.sha }}
           repository: ${{ github.event.pull_request.head.repo.full_name }}
@@ -38,7 +38,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           # Needs to run with PROJEN_GITHUB_TOKEN because we need permissions to force push the branch
           token: ${{ secrets.PROJEN_GITHUB_TOKEN }}

diff --git a/.github/workflows/security-guardian.yml b/.github/workflows/security-guardian.yml
@@ -17,7 +17,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:      
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0  
 

diff --git a/.github/workflows/spec-update.yml b/.github/workflows/spec-update.yml
@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check Out
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Set up Node
         uses: actions/setup-node@v4
@@ -85,12 +85,12 @@ jobs:
       CI: "true"
     steps:
       - name: Download base database
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
         with:
           name: db.base.json.gz
           path: base
       - name: Download head database
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
         with:
           name: db.head.json.gz
           path: head
@@ -125,10 +125,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check Out
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Download patch
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
         with:
           name: update-spec.patch
           path: ${{ runner.temp }}
@@ -137,7 +137,7 @@ jobs:
         run: '[ -s ${{ runner.temp }}/update-spec.patch ] && git apply ${{ runner.temp }}/update-spec.patch || echo "Empty patch. Skipping."'
 
       - name: Download PR body file
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
         with:
           name: PR.md
           path: ${{ runner.temp }}

diff --git a/.github/workflows/sync-from-upstream.yml b/.github/workflows/sync-from-upstream.yml
@@ -45,14 +45,14 @@ jobs:
     steps:
       - name: Checkout using User Token (+ download lfs dependencies)
         if: needs.check-secret.outputs.ok == 'true'
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           lfs: true
           token: ${{ secrets.PROJEN_GITHUB_TOKEN }}
 
       - name: Checkout using GitHub Actions permissions (+ download lfs dependencies)
         if: needs.check-secret.outputs.ok == 'false'
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           lfs: true
 

diff --git a/.github/workflows/update-contributors.yml b/.github/workflows/update-contributors.yml
@@ -10,7 +10,7 @@ jobs:
     if: github.repository == 'aws/aws-cdk'
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - uses: minicli/[email protected]
         name: "Update a projects CONTRIBUTORS file"
         env:

diff --git a/.github/workflows/update-metadata-regions.yml b/.github/workflows/update-metadata-regions.yml
@@ -19,7 +19,7 @@ jobs:
 
           status=$(curl -s -o /dev/null -w "%{http_code}" $URL)
           echo "STATUS=${status}" >> "$GITHUB_OUTPUT"
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - uses: actions/github-script@v7
         if: ${{ steps.download.outputs.STATUS == 200 }}
         env:
@@ -47,10 +47,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check Out
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Download patch
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
         with:
           name: update-spec.patch
           path: ${{ runner.temp }}

diff --git a/.github/workflows/yarn-upgrade-need-manual-work.yml b/.github/workflows/yarn-upgrade-need-manual-work.yml
@@ -22,7 +22,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check Out
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Set up Node
         uses: actions/setup-node@v4
@@ -80,10 +80,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check Out
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Download patch
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
         with:
           name: upgrade.patch
           path: ${{ runner.temp }}

diff --git a/.github/workflows/yarn-upgrade.yml b/.github/workflows/yarn-upgrade.yml
@@ -14,7 +14,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check Out
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Set up Node
         uses: actions/setup-node@v4
@@ -94,10 +94,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check Out
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Download patch
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
         with:
           name: upgrade.patch
           path: ${{ runner.temp }}

diff --git a/.mergify.yml b/.mergify.yml
@@ -22,7 +22,6 @@ queue_rules:
     commit_message_template: |-
       {{ title }} (#{{ number }})
       {{ body }}
-    branch_protection_injection_mode: none
 
   - name: priority-squash
     update_method: merge
@@ -43,7 +42,6 @@ queue_rules:
     commit_message_template: |-
       {{ title }} (#{{ number }})
       {{ body }}
-    branch_protection_injection_mode: none
 
   - name: default-squash
     update_method: merge
@@ -63,7 +61,6 @@ queue_rules:
     commit_message_template: |-
       {{ title }} (#{{ number }})
       {{ body }}
-    branch_protection_injection_mode: none
 
 pull_request_rules:
   - name: label core

diff --git a/CHANGELOG.v2.alpha.md b/CHANGELOG.v2.alpha.md
@@ -2,6 +2,8 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+## [2.212.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.211.0-alpha.0...v2.212.0-alpha.0) (2025-08-20)
+
 ## [2.211.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.210.0-alpha.0...v2.211.0-alpha.0) (2025-08-12)
 
 ## [2.210.0-alpha.0](https://github.com/aws/aws-cdk/compare/v2.209.1-alpha.0...v2.210.0-alpha.0) (2025-08-06)