build(deps-dev): bump the nodejs-other group across 2 directories with 7 updates

[dependabot]

Bumps the nodejs-other group with 7 updates in the /nodejs directory:

Package	From	To
@types/aws-lambda	8.10.161	8.10.162
eslint	10.4.1	10.5.0
typescript-eslint	8.60.1	8.61.1
ts-loader	9.6.0	9.6.2
@aws-sdk/client-sts	3.1058.0	3.1073.0
@types/node	25.9.1	26.0.0
aws-cdk-lib	2.257.0	2.260.0

Bumps the nodejs-other group with 1 update in the /nodejs/sample-apps/aws-sdk directory: @types/node.

Updates @types/aws-lambda from 8.10.161 to 8.10.162

Commits

• See full diff in compare view

Updates eslint from 10.4.1 to 10.5.0

Release notes

Sourced from eslint's releases.

v10.5.0

Features

• 5ca8c52 feat: correct stack tracking in max-nested-callbacks (#20973) (Pixel998)
• b565783 feat: report no-with violations at the with keyword (#20971) (Pixel998)
• 2ce032f feat: report max-lines-per-function violations at function head (#20966) (Pixel998)
• 732cb3e feat: report max-nested-callbacks violations at function head (#20967) (Pixel998)
• f9c138a feat: report max-depth violations on keywords (#20943) (Pixel998)
• bdb496c feat: correct max-depth handling for else-if chains (#20944) (Pixel998)
• c296873 feat: update error loc in max-statements to function header (#20907) (Taejin Kim)

Documentation

• 8ae1b5b docs: Update README (GitHub Actions Bot)
• ca7eb90 docs: update Node.js prerequisites to include ICU support (#20962) (Francesco Trotta)
• f99b47a docs: Update README (GitHub Actions Bot)
• acf03d4 docs: clarify precedence of parserOptions over languageOptions (#20926) (sethamus)

Chores

• b18bf58 chore: update ecosystem plugins (#20959) (ESLint Bot)
• c2d1444 refactor: replace areAllSegmentsUnreachable with !isAnySegmentReachable (#20951) (Taejin Kim)
• 243b8c5 chore: enhance config-rule to support oneOf, anyOf, and nested schemas (#20788) (kuldeep kumar)
• 217b2a9 test: add unit tests for ParserService (#20949) (Taejin Kim)
• 72003e7 test: add location information to error messages in max-statements (#20945) (lumir)
• 7797c26 refactor: deduplicate isAnySegmentReachable across rules (#20890) (Taejin Kim)
• 67c46fa chore: update ecosystem plugins (#20938) (ESLint Bot)
• 95d8c7a chore: update dependency @​eslint/json to v2 (#20934) (renovate[bot])
• cf9e496 chore: update @​arethetypeswrong/cli to 0.18.3 (#20933) (Pixel998)
• fb6d396 test: run type tests with TypeScript 7 (#20868) (sethamus)

Commits

• de3b672 10.5.0
• 362a518 Build: changelog update for 10.5.0
• 5ca8c52 feat: correct stack tracking in max-nested-callbacks (#20973)
• b565783 feat: report no-with violations at the with keyword (#20971)
• 2ce032f feat: report max-lines-per-function violations at function head (#20966)
• 732cb3e feat: report max-nested-callbacks violations at function head (#20967)
• f9c138a feat: report max-depth violations on keywords (#20943)
• 8ae1b5b docs: Update README
• ca7eb90 docs: update Node.js prerequisites to include ICU support (#20962)
• b18bf58 chore: update ecosystem plugins (#20959)
• Additional commits viewable in compare view

Updates typescript-eslint from 8.60.1 to 8.61.1

Release notes

Sourced from typescript-eslint's releases.

v8.61.1

8.61.1 (2026-06-15)

🩹 Fixes

• eslint-plugin: [consistent-indexed-object-style] do not remove comments when fixing (#12396, #10577)
• eslint-plugin: [no-unnecessary-type-assertion] avoid false positive for template literal expressions (#12281)
• eslint-plugin: [no-unnecessary-type-assertion] wrap object literal in parens when removing TSTypeAssertion in arrow body (#12394, #12393)
• eslint-plugin: [no-unnecessary-boolean-literal-compare] fix precedence bug in autofix (#12413)
• eslint-plugin: [no-unnecessary-template-expression] respect ECMAScript line terminators (#12388)

❤️ Thank You

• Anas @​anasm266
• Deftera @​Deftera186
• Kirk Waiblinger @​kirkwaiblinger
• lumir
• Sarath Francis @​sarathfrancis90

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.61.0

8.61.0 (2026-06-08)

🚀 Features

• ast-spec: change type of UnaryExpression.prefix to always true (#12372)
• ast-spec: tighten types of ArrowFunction, YieldExpression, TSTypePredicate (#12373)

🩹 Fixes

• rule-schema-to-typescript-types: respect ECMAScript line terminators (#12374)

❤️ Thank You

• Kirk Waiblinger @​kirkwaiblinger
• lumir

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from typescript-eslint's changelog.

8.61.1 (2026-06-15)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.61.0 (2026-06-08)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

• aaad718 chore(release): publish 8.61.1
• 16a5b24 chore(release): publish 8.61.0
• See full diff in compare view

Updates ts-loader from 9.6.0 to 9.6.2

Release notes

Sourced from ts-loader's releases.

v9.6.2

• chore: trim runtime dependencies — remove enhanced-resolve/semver, swap micromatch → picomatch - thanks @​johnnyreilly

Officially ts-loader has supported 3.6.3+ versions of TypeScript. This change means that certain scenarios with older versions of TS will now certainly fail. If anyone is actually using these versions it would be surprising.

v9.6.1

• fix: rspack support - thanks @​johnnyreilly and @​bhollis

Changelog

Sourced from ts-loader's changelog.

9.6.2

• chore: trim runtime dependencies — remove enhanced-resolve/semver, swap micromatch → picomatch - thanks @​johnnyreilly

Officially ts-loader has supported 3.6.3+ versions of TypeScript. This change means that certain scenarios with older versions of TS will now certainly fail. If anyone is actually using these versions it would be surprising.

9.6.1

• fix: rspack support - thanks @​johnnyreilly and @​bhollis

Commits

• b347bb7 chore: trim runtime dependencies — remove enhanced-resolve/semver, swap micro...
• 32d82e6 fix: rspack support (#1699)
• 6bd992e chore: Update GitHub Actions workflow for release
• See full diff in compare view

Updates @aws-sdk/client-sts from 3.1058.0 to 3.1073.0

Release notes

Sourced from @​aws-sdk/client-sts's releases.

v3.1073.0

3.1073.0(2026-06-19)

New Features

• client-glue: Adds the SearchAssets operation for discovering assets in the AWS Glue Data Catalog using full-text search and filters. Minor naming refinements across the Glossary Terms and Attachment APIs for consistency. (ef204650)
• client-connect: This is the release for point based scoring system and the evaluation form validation project (b19c162a)
• client-bedrock-agent: Add support for metadata-only retrieval on GetFlow, GetFlowVersion, and GetPrompt APIs. (c9d5fb33)
• client-appstream: Amazon WorkSpaces Agent Access now supports domain-joined fleets for enterprise identity integration, real-time agent observation with instant stop controls, and MCP tool forwarding for lower-latency, cost-effective desktop tool access. (d9c25f0b)
• client-opensearch: This release introduces data source attachment APIs, enabling users to attach and detach Amazon OpenSearch Service domains and Amazon OpenSearch Serverless collections to an OpenSearch application. (6cce3d69)

---

For list of updated packages, view updated-packages.md in assets-3.1073.0.zip

v3.1072.0

3.1072.0(2026-06-18)

Documentation Changes

• client-ec2: Documentation updates clarifying CancelCapacityReservation cancellable states (e3723ba7)

New Features

• client-compute-optimizer: This release surfaces two new metrics Volume IOPS Exceeded and Volume Throughput Exceeded into EBS volume rightsizing recommendations. (ded6618d)
• client-application-auto-scaling: Adds support for ECS high-resolution predefined scaling metrics (ECSServiceAverageCPUUtilizationHighResolution, ECSServiceAverageMemoryUtilizationHighResolution) enabling 20-second metric periods for faster scaling (95b3513a)
• client-cognito-identity-provider: In order to support the new TLS Self-Service feature, this change adds SecurityPolicyType to CustomDomainConfigType. During CreateUserPoolDomain and UpdateUserPoolDomain this is used to select a custom domain's TLS enforcement, and for DescribeUserPoolDomain it informs users about the current TLS. (e8937787)
• client-sagemaker: Adds support for automatic AMI patching on HyperPod clusters. Customers can configure patching strategies to automatically apply security patch with zero job termination. Customers can also specify an AMI version at instance group level and update cluster software to a certain AMI version. (fd33a5e4)
• client-ecs: Amazon ECS services now support high resolution (20 second) CloudWatch metrics for CPUUtilization and MemoryUtilization. Use these metrics for faster service auto scaling. (93055ac9)
• client-healthlake: Adding New Configurations to the FHIR Create Datastore. The new configurations include NLP Configuration, AnalyticsConfiguration, ProfileConfiguration (494fa59f)
• client-gamelift: Amazon GameLift Servers has launched support for customizing Linux capabilities in container fleets. You can now specify additional Linux capabilities for containers in a container group definition, giving you finer control over the default Docker capabilities available to your containers. (93cefd90)
• client-eks: Adds support for configurable control plane egress routing in Amazon EKS, allowing you to route control plane egress traffic through your VPC and control how the control plane reaches resources in your network such as webhook servers and OIDC providers. (693db629)
• client-lambda: Converging and fixing existing documentation gaps in Lambda SDK (6555a565)
• client-synthetics: CloudWatch Synthetics adds support for multi-location canaries. Customers can now monitor their endpoints from multiple locations with centralized management from a primary location. The SDK includes new parameters for configuring multiple locations and tracking their state. (f2c8b480)
• client-cloudwatch-logs: Added optional startFromHead parameter to FilterLogEvents enabling descending timestamp order (newest first) when set to false. Default true preserves existing ascending order. Reverse sorting requires a startTime on or after Jan 1, 2024. (1be63ed9)
• client-batch: Adds Support for ordered allocation strategies- BEST-FIT-PROGRESSIVE-ORDERED or SPOT-CAPACITY-OPTIMIZED-PRIORITIZED (0e57e53b)

---

For list of updated packages, view updated-packages.md in assets-3.1072.0.zip

v3.1071.0

3.1071.0(2026-06-17)

New Features

• client-partnercentral-selling: Cosell Resonate AND Prospecing API Launch with ARN correction (7e8c98ab)
• client-compute-optimizer-automation: This launch adds IfExists comparison operators to Compute Optimizer Automation rule criteria, so a rule can include recommended actions whose specified attribute isn't present. (ab2c616d)

... (truncated)

Changelog

Sourced from @​aws-sdk/client-sts's changelog.

3.1073.0 (2026-06-19)

Note: Version bump only for package @​aws-sdk/client-sts

3.1072.0 (2026-06-18)

Note: Version bump only for package @​aws-sdk/client-sts

3.1071.0 (2026-06-17)

Note: Version bump only for package @​aws-sdk/client-sts

3.1070.0 (2026-06-16)

Note: Version bump only for package @​aws-sdk/client-sts

3.1069.0 (2026-06-15)

Note: Version bump only for package @​aws-sdk/client-sts

3.1068.0 (2026-06-12)

Note: Version bump only for package @​aws-sdk/client-sts

3.1067.0 (2026-06-11)

... (truncated)

Commits

• ee71adc Publish v3.1073.0
• 501cd33 Publish v3.1072.0
• 3ce820a Publish v3.1071.0
• 4f2cfe1 Publish v3.1070.0
• 7058d13 Publish v3.1069.0
• 67981c5 chore(scripts): tuning the build graph (#8095)
• 0632f6d Publish v3.1068.0
• 0a3246f Publish v3.1067.0
• 4b11912 Publish v3.1066.0
• 62daf07 Publish v3.1065.0
• Additional commits viewable in compare view

Updates @types/node from 25.9.1 to 26.0.0

Commits

• See full diff in compare view

Updates aws-cdk-lib from 2.257.0 to 2.260.0

Release notes

Sourced from aws-cdk-lib's releases.

v2.260.0

Features

• update L1 CloudFormation resource definitions (#38151) (f266a47), closes /docs.aws.amazon.com/AmazonS3/latest/userguide/s3-files-prereq-policies.html#s3
• core: add external traces to ConstructError (#38131) (e360dd9)
• core: append external stack traces to metadata if available (#38124) (c77a08c)

Bug Fixes

• bundling: docker build can be skipped if already performed (#38134) (2f9ae95)
• core: stack traces contain decorator paths (#38130) (318f645)
• core: weak cross-stack references fail for list attributes (#37948) (6bb9d75), closes #37910
• lambda-nodejs: reuse posixShellEscape for Docker bundling file operations (#38133) (baa9e1d)

---

Alpha modules (2.260.0-alpha.0)

v2.259.0

⚠ BREAKING CHANGES

• lambda: Runtime.NODEJS_LATEST now resolves to nodejs24.x in every region. Customers who pin to a concrete runtime (Runtime.NODEJS_22_X, useLatestRuntimeVersion: false in aws-lambda-nodejs.NodejsFunction) are unaffected. Existing AWS::Lambda::Function resources synthesized with NODEJS_LATEST will see Runtime: nodejs22.x → Runtime: nodejs24.x on next deploy. Lambda accepts runtime updates in place.

  Customer-code compatibility — IMPORTANT: Node.js 24 removes support for callback-style asynchronous handlers ((event, context, callback) => {...}) per the launch blog. Customers whose Lambda code still uses callback-based handlers will see runtime errors after the bump. Customers should migrate to async (event, context) => {...} or pin to Runtime.NODEJS_22_X explicitly.

Features

• core: recommend the use of weak references if no choice has been made (#38070) (6e74e5e)
• ecs: add forceNewDeployment option for Fargate and EC2 services (#36797) (3d9c4df), closes #27762
• eks: use the recommended AL2023 instead of AL2 AMI type (under feature flag) (#37850) (6a2dcb7), closes #32211
• lambda: upgrade lambda and custom resource default runtime to nodejs24.x (#38031) (36c84c6)

Bug Fixes

• spec2cdk: sanitize hyphens in EventBridge event namespace names (#38088) (b8f41bf), closes 40aws-cdk/spec2cdk/lib/naming/conventions.ts#L195

Reverts

• "chore(bundling): check if docker image is cached before building" (#38116) (359f2fb), closes aws/aws-cdk#37951

---

Alpha modules (2.259.0-alpha.0)

v2.258.1

Reverts

• "chore(bundling): check if docker image is cached before building" (#38116) (8ec236c), closes aws/aws-cdk#37951

---

Alpha modules (2.258.1-alpha.0)

... (truncated)

Changelog

Sourced from aws-cdk-lib's changelog.

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

2.260.0-alpha.0 (2026-06-16)

2.259.0-alpha.0 (2026-06-11)

2.258.1-alpha.0 (2026-06-08)

2.258.0-alpha.0 (2026-06-04)

Features

• integ-tests-alpha: add option to set the provider log level (#38005) (c634a79)

Bug Fixes

• custom-resource-handlers: deterministic asset hashes for generated lambdas (#37634) (6c3d5bc), closes #34307
• glue-alpha: deprecate Ray Jobs (#38055) (3fa428b)
• glue-alpha: restore notifyDelayAfter to PySpark and Scala Spark ETL jobs (#37815) (05be88a), closes #33839
• integ-tests-alpha: assertion failures print too much unnecessary information (#37974) (bc0de1d)
• mediapackagev2-alpha: cdnAuth on OriginEndpoint now generates the required policy (#38013) (1d56b46)

2.257.0-alpha.0 (2026-05-21)

2.256.1-alpha.0 (2026-05-20)

2.256.0-alpha.0 (2026-05-19)

2.255.0-alpha.0 (2026-05-18)

Features

• bedrock-agentcore-alpha: Graduation of the library to stable. The Policy submodule is the only submodule that remains in alpha. All other constructs have graduated to stable in aws-cdk-lib/aws-bedrockagentcore and we recommend migrating to the stable versions (#37876) (00cf601)

2.254.0-alpha.0 (2026-05-13)

Features

• bedrock-agentcore-alpha: add tags support to Evaluator and OnlineEvaluationConfig (#37804) (adbf88f)
• bedrock-agentcore-alpha: add identity L2 constructs (#37610) (67c3af2)
• mediapackagev2-alpha: add OAC integration between CloudFront and MediaPackageV2 (#37701) (654f59c)

Bug Fixes

... (truncated)

Commits

• f266a47 feat: update L1 CloudFormation resource definitions (#38151)
• 318f645 fix(core): stack traces contain decorator paths (#38130)
• 2f9ae95 fix(bundling): docker build can be skipped if already performed (#38134)
• aeafa63 docs(pipelines): clarify format of DockerHub creds (#38132)
• baa9e1d fix(lambda-nodejs): reuse posixShellEscape for Docker bundling file operation...
• e360dd9 feat(core): add external traces to ConstructError (#38131)
• 5619d43 Merge branch 'main' into merge-back/2.259.0
• 6bb9d75 fix(core): weak cross-stack references fail for list attributes (#37948)
• c77a08c feat(core): append external stack traces to metadata if available (#38124)
• 772eeba chore: update analytics metadata blueprints
• Additional commits viewable in compare view

Updates @types/node from 25.9.1 to 26.0.0

Commits

• See full diff in compare view

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
@types/aws-lambda	[>= 8.10.155.a, < 8.10.156]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[thompson-tomo]

Let's merge #2370 & see if any gap exists afterwards.