feat: update L1 CloudFormation resource definitions (#29605)

Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec`

**L1 CloudFormation resource definition changes:**
```
├[~] service aws-appintegrations
│ └ resources
│    └[~] resource AWS::AppIntegrations::Application
│      └ attributes
│         ├ ApplicationArn: (documentation changed)
│         └ Id: (documentation changed)
├[~] service aws-codeartifact
│ └ resources
│    ├[~] resource AWS::CodeArtifact::PackageGroup
│    │ ├  - documentation: The resource schema to create a CodeArtifact package group.
│    │ │  + documentation: Creates a package group. For more information about creating package groups, including example CLI commands, see [Create a package group](https://docs.aws.amazon.com/codeartifact/latest/ug/create-package-group.html) in the *CodeArtifact User Guide* .
│    │ ├ properties
│    │ │  ├ ContactInfo: (documentation changed)
│    │ │  ├ Description: (documentation changed)
│    │ │  ├ DomainName: (documentation changed)
│    │ │  ├ DomainOwner: (documentation changed)
│    │ │  ├ OriginConfiguration: (documentation changed)
│    │ │  ├ Pattern: (documentation changed)
│    │ │  └ Tags: (documentation changed)
│    │ ├ attributes
│    │ │  └ Arn: (documentation changed)
│    │ └ types
│    │    ├[~] type OriginConfiguration
│    │    │ ├  - documentation: undefined
│    │    │ │  + documentation: The package group origin configuration that determines how package versions can enter repositories.
│    │    │ └ properties
│    │    │    └ Restrictions: (documentation changed)
│    │    ├[~] type Restrictions
│    │    │ ├  - documentation: undefined
│    │    │ │  + documentation: Contains information about the configured restrictions of the origin controls of a package group.
│    │    │ └ properties
│    │    │    ├ ExternalUpstream: (documentation changed)
│    │    │    ├ InternalUpstream: (documentation changed)
│    │    │    └ Publish: (documentation changed)
│    │    └[~] type RestrictionType
│    │      ├  - documentation: undefined
│    │      │  + documentation: The `RestrictionType` property type specifies the package group origin configuration restriction mode, and the repositories when the `RestrictionMode` is set to `ALLOW_SPECIFIC_REPOSITORIES` .
│    │      └ properties
│    │         ├ Repositories: (documentation changed)
│    │         └ RestrictionMode: (documentation changed)
│    └[~] resource AWS::CodeArtifact::Repository
│      └ properties
│         └ ExternalConnections: (documentation changed)
├[~] service aws-connect
│ └ resources
│    └[~] resource AWS::Connect::SecurityProfile
│      └ types
│         └[~] type Application
│           ├  - documentation: A third-party application's metadata.
│           │  + documentation: This API is in preview release for Amazon Connect and is subject to change.
│           │  A third-party application's metadata.
│           └ properties
│              └ ApplicationPermissions: (documentation changed)
├[~] service aws-dms
│ └ resources
│    └[~] resource AWS::DMS::DataProvider
│      └ types
│         └[~] type PostgreSqlSettings
│           ├  - documentation: undefined
│           │  + documentation: Provides information that defines a PostgreSQL endpoint.
│           └ properties
│              ├ DatabaseName: (documentation changed)
│              ├ Port: (documentation changed)
│              └ ServerName: (documentation changed)
├[~] service aws-glue
│ └ resources
│    └[~] resource AWS::Glue::Crawler
│      ├ properties
│      │  └[+] LakeFormationConfiguration: LakeFormationConfiguration
│      └ types
│         └[+] type LakeFormationConfiguration
│           ├  name: LakeFormationConfiguration
│           └ properties
│              ├UseLakeFormationCredentials: boolean
│              └AccountId: string
├[~] service aws-securityhub
│ └ resources
│    └[~] resource AWS::SecurityHub::Insight
│      ├  - documentation: The AWS::SecurityHub::Insight resource represents the AWS Security Hub Insight in your account. An AWS Security Hub insight is a collection of related findings.
│      │  + documentation: Creates a custom insight in Security Hub. An insight is a consolidation of findings that relate to a security issue that requires attention or remediation.
│      │  To group the related findings in the insight, use the `GroupByAttribute` .
│      ├ properties
│      │  ├ Filters: (documentation changed)
│      │  ├ GroupByAttribute: (documentation changed)
│      │  └ Name: (documentation changed)
│      ├ attributes
│      │  └ InsightArn: (documentation changed)
│      └ types
│         ├[~] type AwsSecurityFindingFilters
│         │ ├  - documentation: A collection of filters that are applied to all active findings aggregated by AWS Security Hub.
│         │ │  + documentation: A collection of filters that are applied to all active findings aggregated by AWS Security Hub .
│         │ │  You can filter by up to ten finding attributes. For each attribute, you can provide up to 20 filter values.
│         │ └ properties
│         │    ├ ComplianceAssociatedStandardsId: (documentation changed)
│         │    ├ ComplianceSecurityControlId: (documentation changed)
│         │    ├ ComplianceStatus: (documentation changed)
│         │    ├ FindingProviderFieldsTypes: (documentation changed)
│         │    ├ GeneratorId: (documentation changed)
│         │    ├ ProductFields: (documentation changed)
│         │    ├ Type: (documentation changed)
│         │    ├ UserDefinedFields: (documentation changed)
│         │    ├ VulnerabilitiesExploitAvailable: (documentation changed)
│         │    ├ VulnerabilitiesFixAvailable: (documentation changed)
│         │    ├ WorkflowState: (documentation changed)
│         │    └ WorkflowStatus: (documentation changed)
│         ├[~] type IpFilter
│         │ └ properties
│         │    └ Cidr: (documentation changed)
│         ├[~] type MapFilter
│         │ ├  - documentation: A map filter for filtering AWS Security Hub findings.
│         │ │  + documentation: A map filter for filtering AWS Security Hub findings. Each map filter provides the field to check for, the value to check for, and the comparison operator.
│         │ └ properties
│         │    ├ Comparison: (documentation changed)
│         │    ├ Key: (documentation changed)
│         │    └ Value: (documentation changed)
│         └[~] type StringFilter
│           └ properties
│              ├ Comparison: (documentation changed)
│              └ Value: (documentation changed)
└[~] service aws-wafv2
  └ resources
     ├[~] resource AWS::WAFv2::RuleGroup
     │ └ types
     │    ├[~] type Body
     │    │ └ properties
     │    │    └ OversizeHandling: (documentation changed)
     │    ├[~] type FieldToMatch
     │    │ └ properties
     │    │    ├ Body: (documentation changed)
     │    │    └ JsonBody: (documentation changed)
     │    └[~] type JsonBody
     │      └ properties
     │         └ OversizeHandling: (documentation changed)
     └[~] resource AWS::WAFv2::WebACL
       ├ properties
       │  └ AssociationConfig: (documentation changed)
       └ types
          ├[~] type AssociationConfig
          │ ├  - documentation: Specifies custom configurations for the associations between the web ACL and protected resources.
          │ │  Use this to customize the maximum size of the request body that your protected resources forward to AWS WAF for inspection. You can customize this setting for CloudFront. The default setting is 16 KB (16,384 bytes).
          │ │  > You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see [AWS WAF Pricing](https://docs.aws.amazon.com/waf/pricing/) . 
          │ │  For regional resources, the limit is fixed at 8 KB (8,192 bytes).
          │ │  + documentation: Specifies custom configurations for the associations between the web ACL and protected resources.
          │ │  Use this to customize the maximum size of the request body that your protected resources forward to AWS WAF for inspection. You can customize this setting for CloudFront, API Gateway, Amazon Cognito, App Runner, or Verified Access resources. The default setting is 16 KB (16,384 bytes).
          │ │  > You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see [AWS WAF Pricing](https://docs.aws.amazon.com/waf/pricing/) . 
          │ │  For Application Load Balancer and AWS AppSync , the limit is fixed at 8 KB (8,192 bytes).
          │ └ properties
          │    └ RequestBody: (documentation changed)
          ├[~] type Body
          │ └ properties
          │    └ OversizeHandling: (documentation changed)
          ├[~] type FieldToMatch
          │ └ properties
          │    ├ Body: (documentation changed)
          │    └ JsonBody: (documentation changed)
          ├[~] type JsonBody
          │ └ properties
          │    └ OversizeHandling: (documentation changed)
          └[~] type RequestBodyAssociatedResourceTypeConfig
            └  - documentation: Customizes the maximum size of the request body that your protected CloudFront resources forward to AWS WAF for inspection. The default size is 16 KB (16,384 bytes).
               > You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see [AWS WAF Pricing](https://docs.aws.amazon.com/waf/pricing/) . 
               Example JSON: `{ "API_GATEWAY": "KB_48", "APP_RUNNER_SERVICE": "KB_32" }`
               For regional resources, the limit is fixed at 8 KB (8,192 bytes).
               This is used in the `AssociationConfig` of the web ACL.
               + documentation: Customizes the maximum size of the request body that your protected CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access resources forward to AWS WAF for inspection. The default size is 16 KB (16,384 bytes). You can change the setting for any of the available resource types.
               > You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see [AWS WAF Pricing](https://docs.aws.amazon.com/waf/pricing/) . 
               Example JSON: `{ "API_GATEWAY": "KB_48", "APP_RUNNER_SERVICE": "KB_32" }`
               For Application Load Balancer and AWS AppSync , the limit is fixed at 8 KB (8,192 bytes).
               This is used in the `AssociationConfig` of the web ACL.
```

packages/@aws-cdk/cloudformation-diff/package.json

@@ -23,8 +23,8 @@
   },
   "license": "Apache-2.0",
   "dependencies": {
-    "@aws-cdk/aws-service-spec": "^0.0.56",
-    "@aws-cdk/service-spec-types": "^0.0.56",
+    "@aws-cdk/aws-service-spec": "^0.0.59",
+    "@aws-cdk/service-spec-types": "^0.0.59",
     "aws-sdk": "2.1583.0",
     "chalk": "^4",
     "diff": "^5.2.0",

packages/@aws-cdk/integ-runner/package.json

@@ -74,7 +74,7 @@
     "@aws-cdk/cloud-assembly-schema": "0.0.0",
     "@aws-cdk/cloudformation-diff": "0.0.0",
     "@aws-cdk/cx-api": "0.0.0",
-    "@aws-cdk/aws-service-spec": "^0.0.56",
+    "@aws-cdk/aws-service-spec": "^0.0.59",
     "cdk-assets": "0.0.0",
     "@aws-cdk/cdk-cli-wrapper": "0.0.0",
     "aws-cdk": "0.0.0",

packages/aws-cdk-lib/package.json

@@ -135,7 +135,7 @@
     "mime-types": "^2.1.35"
   },
   "devDependencies": {
-    "@aws-cdk/aws-service-spec": "^0.0.56",
+    "@aws-cdk/aws-service-spec": "^0.0.59",
     "@aws-cdk/cdk-build-tools": "0.0.0",
     "@aws-cdk/custom-resource-handlers": "0.0.0",
     "@aws-cdk/pkglint": "0.0.0",

tools/@aws-cdk/spec2cdk/package.json

@@ -32,9 +32,9 @@
   },
   "license": "Apache-2.0",
   "dependencies": {
-    "@aws-cdk/aws-service-spec": "^0.0.56",
-    "@aws-cdk/service-spec-importers": "^0.0.26",
-    "@aws-cdk/service-spec-types": "^0.0.56",
+    "@aws-cdk/aws-service-spec": "^0.0.59",
+    "@aws-cdk/service-spec-importers": "^0.0.27",
+    "@aws-cdk/service-spec-types": "^0.0.59",
     "@cdklabs/tskb": "^0.0.3",
     "@cdklabs/typewriter": "^0.0.3",
     "camelcase": "^6",

yarn.lock

@@ -56,25 +56,25 @@
   resolved "https://registry.npmjs.org/@aws-cdk/asset-node-proxy-agent-v6/-/asset-node-proxy-agent-v6-2.0.1.tgz#6dc9b7cdb22ff622a7176141197962360c33e9ac"
   integrity sha512-DDt4SLdLOwWCjGtltH4VCST7hpOI5DzieuhGZsBpZ+AgJdSI2GCjklCXm0GCTwJG/SolkL5dtQXyUKgg9luBDg==
 
-"@aws-cdk/aws-service-spec@^0.0.56":
-  version "0.0.56"
-  resolved "https://registry.npmjs.org/@aws-cdk/aws-service-spec/-/aws-service-spec-0.0.56.tgz#6b559681f2cb1a6fef053ce95befb0c9816368d6"
-  integrity sha512-fn243Q7nlDJ/H3Iu986ZSRsHVj3kpL/fzRNlajYPIN4HrxBd0FnSlTHm5JiTuOJpNHpaH6dMIRg/y1xZS/izAA==
+"@aws-cdk/aws-service-spec@^0.0.59":
+  version "0.0.59"
+  resolved "https://registry.npmjs.org/@aws-cdk/aws-service-spec/-/aws-service-spec-0.0.59.tgz#4d3f64e42b566fa75d8228e19c8e95feec1f225c"
+  integrity sha512-uIk+FmA/giiDs8gORSUa8dKfJvkMPi6wQHcnZw7a0B1hQ6hA8WVXv+yxCmz5xd1b2Y7Zd/ww36XHTu9CvGKEvg==
   dependencies:
-    "@aws-cdk/service-spec-types" "^0.0.56"
+    "@aws-cdk/service-spec-types" "^0.0.59"
     "@cdklabs/tskb" "^0.0.3"
 
 "@aws-cdk/lambda-layer-kubectl-v24@^2.0.242":
   version "2.0.242"
   resolved "https://registry.npmjs.org/@aws-cdk/lambda-layer-kubectl-v24/-/lambda-layer-kubectl-v24-2.0.242.tgz#4273a5ad7714f933a7eba155eb9280823086db71"
   integrity sha512-7/wIOo685tmrEe4hh6zqDELhBZh5OQGf3Hd2FU2Vnwy2ZubW8qTmEw5gqJCsCrGKeYDoa1BcVhDRZ/nzjkaqyA==
 
-"@aws-cdk/service-spec-importers@^0.0.26":
-  version "0.0.26"
-  resolved "https://registry.npmjs.org/@aws-cdk/service-spec-importers/-/service-spec-importers-0.0.26.tgz#1d986384b7201af28dfb6b6346b0344f617f5403"
-  integrity sha512-iTBedoJpAa+zON579CGECiKBLUj2BRXwv6o1efBC6fsfwTydZo2OYg3sRhE6dHnBajOQyTUzLoSY1F5ZR4MUsQ==
+"@aws-cdk/service-spec-importers@^0.0.27":
+  version "0.0.27"
+  resolved "https://registry.npmjs.org/@aws-cdk/service-spec-importers/-/service-spec-importers-0.0.27.tgz#a8ce7bb76eebf5027671bcecf03fa8739d01385e"
+  integrity sha512-YR5Fo/SJwJyG1i271GnJEvaq3mWw4Eg9PuKQkSIyACn1Jb/k4vVMxAz6Y3j50Wp9H3nq7Ux+cbezHcJTFVd7nw==
   dependencies:
-    "@aws-cdk/service-spec-types" "^0.0.55"
+    "@aws-cdk/service-spec-types" "^0.0.57"
     "@cdklabs/tskb" "^0.0.3"
     ajv "^6"
     canonicalize "^2.0.0"
@@ -85,17 +85,17 @@
     glob "^8"
     sort-json "^2.0.1"
 
-"@aws-cdk/service-spec-types@^0.0.55":
-  version "0.0.55"
-  resolved "https://registry.npmjs.org/@aws-cdk/service-spec-types/-/service-spec-types-0.0.55.tgz#5327b3850b6b9769f197c345f96dfb01fd49830d"
-  integrity sha512-VoAojxUaV8XE3ArOuOxVoJhZPFNWD08+OCE2DShR+f7syvmvKpdsB7YqKirH2m511SI0TLhUnQCOBxDxyu0Pbg==
+"@aws-cdk/service-spec-types@^0.0.57":
+  version "0.0.57"
+  resolved "https://registry.npmjs.org/@aws-cdk/service-spec-types/-/service-spec-types-0.0.57.tgz#b3d3e498a93957c57aa48b6edcd3d122e2145ad2"
+  integrity sha512-IPB4sgE+05DQXt6UqWSutEyeBCFPm6mSxBiw7/neXHSBLu/FcxXDy+C80nyTcuSW1WJbkNomjV4b3hkp47VPAg==
   dependencies:
     "@cdklabs/tskb" "^0.0.3"
 
-"@aws-cdk/service-spec-types@^0.0.56":
-  version "0.0.56"
-  resolved "https://registry.npmjs.org/@aws-cdk/service-spec-types/-/service-spec-types-0.0.56.tgz#962ff1144018c31ad8f788b000de17e9ded8a943"
-  integrity sha512-ggMwHnDy4KJSks1nKrMKoxipDj2xVBDk055KE5Ipl09Sxzmd6JU9Bopju7drJKKW1EOn/DJLTUbpyFrh1UqPlA==
+"@aws-cdk/service-spec-types@^0.0.59":
+  version "0.0.59"
+  resolved "https://registry.npmjs.org/@aws-cdk/service-spec-types/-/service-spec-types-0.0.59.tgz#79605be022b21dcda73c2422821c41ac7f104db7"
+  integrity sha512-uFTPHuQ3/qBZy+pusVvXcfbM5dCbeOiItxHv2se/nOzRlrCz024aEq334oIpE1QET9rY1XWR8ji8tPlSimXcIA==
   dependencies:
     "@cdklabs/tskb" "^0.0.3"