Gets rid of the two Dependabot vulnerability notifications reported on this repository (neither is actually exploit-able in the context of this repository).

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…of 10 and 1 in `Fn.conditionOr()` (#25708)

Closes #25696

>The problem I'm running into is for a list of 11 elements. CDK generates two Fn::Or expressions: One with 10 elements and one with 1 element. When deployment this stack, CloudFormation complains that an Fn::Or must contain at least 2 elements.

reproduce code: #25696 (comment)
approach: #25696 (comment)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…eleteMarker specified with ExpirationInDays, ExpirationDate, or TagFilters. (#25841)

Closes #25824.


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

As mentioned in [the issue](#22801), some of the details of the argument types for the CloudWatch Alarm and CompositeAlarm methods are wrong.

Closes #22801

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

This change to AWS CDK will allow for the easier design of workflows by using the workflow studio. The visual representation of workflows is more attractive and easier to understand for developers and business people. Additionally, this change will address related issues in the CDK, improving the overall functionality and user experience. Adding the definitionBody and definitionSubstitutions props and the union-like class DefinitionBody will make it easier to define workflows using this tool by allowing users to define workflows in different ways, such as from an external file or a string.

Closes #8146
Refs #18880

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

As described in the related issue, `GrpcRouteMatch` L2 construct was missing `port` property which is already present in the L1 construct `CfnRoute`.

This PR adds the missing `port` property to `GrpcRouteMatch` L2 construct and also adds `port` property to `GrpcGatewayRouteMatch` and `HttpRouteMatch` L2 constructs that were also missing it.

The PR includes unit and integration tests expansion to cover this new property plus a reference to the property in the appmesh README file.

Closes #25810.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…25920)

Closes #25795.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

The docs weren't appropriately changed after #25580

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

See [CHANGELOG](https://github.com/aws/aws-cdk/blob/merge-back/2.84.0/CHANGELOG.md)

Bump the version of this package to obtain the following fix: cdklabs/cdk-generate-synthetic-examples#272


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

[LaunchTemplateProps](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2.LaunchTemplateProps.html) is able to process a single securityGroup.
Currently we are required to use connections when we wanted to use multiple security groups. #18712 (comment)
I implemented addSecurityGroup method to make this easier.

Closes #18712

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

I am reopening this from #25525

and following up on my comments here:
#24557 (comment)
#24557 (comment)
#25008 (comment)
#25008 (comment)
#25008 (comment)
#25008 (comment)
#25008 (comment)
#25008 (comment)
#25525 (comment)
#25525 (comment)
🫠 #25525 (comment) 🫠

---

Fixes #25309
Fixes #22203
Fixes #20212
Fixes #13634
Fixes #10523
Fixes #10219
See also: aws-cloudformation/cloudformation-coverage-roadmap#1220
See also: aws-cloudformation/cloudformation-coverage-roadmap#814

---

👻 I have retitled this PR as a `chore` instead of a `fix` because @aws-cdk-automation keeps closing my PRs as abandoned even though they are clearly not abandoned.

> This PR has been deemed to be abandoned, and will be automatically closed. Please create a new PR for these changes if you think this decision has been made in error.

---

@otaviomacedo @rix0rrr @TheRealAmazonKendra - I'm happy to adjust the approach, add more tests, or do what else needs to be done. I'm not getting any feedback from the team so I'm not sure how to proceed. The diff noise with non-ASCII information in cdk diff makes it difficult to find meaningful changes to our stacks.

🗿🗞️📬 **Crucially, this change only affects the CLI output and therefore an integration test isn't possible.**

---

CloudFormation's `GetStackTemplate` irrecoverably mangles any character not in the 7-bit ASCII range. This causes noisy output from `cdk diff` when a template contains non-English languages or emoji. We can detect this case and consider these strings equal.

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Many AWS services accept non-ASCII input, eg many "description" fields. CloudFormation will correctly dispatch these templates but when invoking `GetStackTemplate` the result is mangled. This causes annoying noise in the output of `cdk diff`:

```
Resources
[~] AWS::Lambda::Function Lambda/Resource
 └─ [~] Description
     ├─ [-] ?????
     └─ [+] 🤦🏻‍♂️
```

This change modifies the diff algorithm to consider the string equal if the lvalue is a mangled version of the rvalue.

Of course this runs the risk of hiding changesets which modify only a single non-ASCII character to another non-ASCII character, but these fields already tend to be informative in nature.

When setting `autoDeleteImages: true` for multiple repositories in the same stack, permissions to do the actual deleting only get added to the first one. This is because the policy statement is added inside of the `getOrCreateProvider` method, and that method ensures that the provider is only created once.

Instead, this adds the policy statement on the provider itself, regardless of whether it was created or referenced.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Fixes #18694, #8712 

This change adds an option to suppress indentation in CloudFormation template files. Suppressing indentation will reduce the file size of templates.

Indentation can be set by enabling for specific Stacks using the new `suppressTemplateIndentation` property in `StackProps`, or globally using the new `@aws-cdk/core:suppressTemplateIndentation` context key.

This PR provides additional template size reduction beyond the indentation change in  #19656.

@rix0rrr @mackalex @PatMyron 

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

When I do Vpc.fromLookup in a VPC that has subnets with a default route to a TransitGateway the subnet is detected as `PRIVATE_ISOLATED` instead of `PRIVATE_WITH_EGRESS`
This PR adds the detection of subnets with TGW routes as `PRIVATE_WITH_EGRESS` instead of `PRIVATE_ISOLATED`.

This is potentially a breaking change depending on what is the expected behaviour. To me it seemed rather missed accidentally given that this [previous PR](#21699) mentions that `PRIVATE_WITH_EGRESS` was introduced also for Transit Gateways.

Closes #25626

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

And adjust the configuration accordingly.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

The `securityGroups` is passed down to create a new `ec2.Connections`, where this property is already optional. Making it optional in `fromClusterAttributes` as well.


Closes #11146 

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

```ts
//  !!! IMPORTANT !!!
//
//  When you introduce a new flag, set its 'introducedIn.v2' value to the literal string
// 'V2·NEXT', without the dot.
//
//  DO NOT USE A VARIABLE. DO NOT DEFINE A CONSTANT. The actual value will be string-replaced at
//  version bump time.
```

Well, this proved to be difficult. Some places we supplied `V2·NEXT`, _with_ the dot. This PR manually updates everything back to when they were released, because we've missed the boat on the magic V2NEXT updates.

cc @corymhall for visibility, since you and I were the culprits and I was copying you :)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Fixes error in issue-label-assign JSON

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…titutions in file (#25876)

Closes #1461 

The `DeployTimeSubstitutedFile` construct allows you to upload a file and specify substitutions to be made in it, which will be resolved during deployment.

For example, if you wanted to create a REST API from a Swagger file spec but want to reference other CDK resources in your API spec, you can now do so in-line:

```ts
const bucket: Bucket;
const myLambdaFunction: lambda.Function;

const deployment = new s3deploy.DeployTimeSubstitutedFile(this, 'MyApiFile', {
  source: 'my-swagger-spec.yaml',
  destinationBucket: bucket,
  substitutions: {
    xxxx: myLambdaFunction.functionArn,
    yyyy: 'mySubstitution',
  },
});

const api = new apigateway.SpecRestApi(this, 'books-api', {
  apiDefinition: apigateway.ApiDefinition.fromBucket(deployment.bucket, deployment.objectKey),
});
```

Where 'xxxx' and 'yyyy' are the examples of placeholder text you can add in your local file spec to be substituted by surrounding the placeholder with double curly braces, for example writing: `{{ xxxx }}` in your file where you want a substitution.

----
*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…rets extension (#26016)

This PR corrects a bug where environment variable keys being generated as part of the lambda parameters and secrets extension were being generated at 'PARAMETERS_AND_SECRETS_...' instead of 'PARAMETERS_SECRETS_...'.

Note: existing unit tests were updated to reflect changes to environment variable keys.

Closes #26011

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…th check attribute (#26017)

This PR fixes a small formatting issue where the docstring describing a health check in the TargetGroupBase class was out of place.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

#25802 changed imports in alpha modules from `aws-cdk-lib` to `aws-cdk-lib/core`.

Not sure how that got past the linter in the first place, but my linter is choking on this because `aws-cdk-lib/core` does not have a `package.json`.

```bash
Error: ENOENT: no such file or directory, open '<path>/aws-cdk/packages/aws-cdk-lib/core/package.json'
```

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

This PR adds New ADOT Lambda Layers v0.30.0 in the CDK library

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Update the links about feature flags in the contribution guide under "Feature Flags" section because these is  missing link.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Remove some leftover usage of NODE_14_X in custom resources vended in
aws-cdk-lib. Changed to using the default runtime for the region.


Closes #25940

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

These two regions were uncommented by mistake.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

The AppRunner `Service` L2 construct returns `serviceArn` attribute as the `serviceName`. As Cloudformation does not return serivceName attribute(see [return values](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apprunner-service.html#aws-resource-apprunner-service-return-values)). This PR splits the serviceArn to extract the serviceName instead.

Closes #26002 

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Closes #25393.

Adds missing `ephemeralStorage` property to `EcsFargateContainerDefinition` and `EcsFargateContainerDefinitionProps` along with a unit test.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…k template by 5KB (#26024)

Since `DefaultStagingStack` is a stack that creates staging resources, it is bound to the CloudFormation [limit](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cloudformation-limits.html) of 51KB. This means that there is an upper limit on how many ECR repositories (and in turn, unique images) are allowed in the CDK App. In an effort to increase this limit, this PR does the following:

- Remove path metadata to save ~2KB
- Remove `AWS::CDK::Metadata` construct to save ~3KB
- Insert a dummy `UsingDefaultStagingStack` construct to the stacks that _use_ the `DefaultStagingStack` for analytics purposes.

In all, this should decrease the size of the DefaultStagingStack template by ~5KB, or ~10% of the overall size allowed.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…#25906)

closes #25722

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…#26060)

Fixes #26048, fixes #25827.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*