Skip to content

Bump the cdk group with 4 updates #15239

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump the cdk group with 4 updates #15239

dependabot wants to merge 1 commit into from
+1,378 −288

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 28, 2026
edited
Loading

Bumps the cdk group with 4 updates: @guardian/cdk, aws-cdk, aws-cdk-lib and constructs.

Updates @guardian/cdk from 62.0.1 to 62.3.1

Release notes

Sourced from @​guardian/cdk's releases.

v62.3.1

Patch Changes

  • 0bcd45c: Update aws-cdk to ^2.1100.3, aws-cdk-lib to ^2.234.1, constructs to ^10.4.4

v62.3.0

Minor Changes

  • 9d4a1d6: Move discoverability of GuJanusAssumableRole from tag to path

Patch Changes

  • 4ad1bc1: Adds an Owner tag for the auth-lambda, so that teams auditing their Lambda functions can more easily understand who is responsible for maintaining this Lambda.

    This Lambda is maintained by DevX as part of https://github.com/guardian/cognito-auth-lambdas.

    If your EC2 application uses the googleAuth feature then you will need to update your snapshots to accept this change.

v62.2.1

Patch Changes

  • 438089b: Update aws-cdk to ^2.1033.0, aws-cdk-lib to ^2.232.1, constructs to ^10.4.3

v62.2.0

Minor Changes

  • c49c7a0: Add GuJanusAssumableRole construct

v62.1.3

Patch Changes

  • 7c25920: Downgrade @guardian/eslint-config to v12.0.0 to remove react transitive dependency.

v62.1.2

Patch Changes

v62.1.1

... (truncated)

Changelog

Sourced from @​guardian/cdk's changelog.

62.3.1

Patch Changes

  • 0bcd45c: Update aws-cdk to ^2.1100.3, aws-cdk-lib to ^2.234.1, constructs to ^10.4.4

62.3.0

Minor Changes

  • 9d4a1d6: Move discoverability of GuJanusAssumableRole from tag to path

Patch Changes

  • 4ad1bc1: Adds an Owner tag for the auth-lambda, so that teams auditing their Lambda functions can more easily understand who is responsible for maintaining this Lambda.

    This Lambda is maintained by DevX as part of https://github.com/guardian/cognito-auth-lambdas.

    If your EC2 application uses the googleAuth feature then you will need to update your snapshots to accept this change.

62.2.1

Patch Changes

  • 438089b: Update aws-cdk to ^2.1033.0, aws-cdk-lib to ^2.232.1, constructs to ^10.4.3

62.2.0

Minor Changes

  • c49c7a0: Add GuJanusAssumableRole construct

62.1.3

Patch Changes

  • 7c25920: Downgrade @guardian/eslint-config to v12.0.0 to remove react transitive dependency.

62.1.2

Patch Changes

  • f1fd01b: The new deployment mechanism (GuEc2AppExperimental) now suspends some additional ASG processes:

    AZRebalance InstanceRefresh ReplaceUnhealthy ScheduledActions HealthCheck

... (truncated)

Commits
  • 3e4182a Merge pull request #2807 from guardian/changeset-release/main
  • 7dad7ce Bump package version
  • 706abb2 Merge pull request #2801 from guardian/dependabot/npm_and_yarn/code-quality-8...
  • 0dac682 chore: Apply prettier fixes
  • d441bbe chore(deps): bump the code-quality group across 1 directory with 3 updates
  • 054f2cd Merge pull request #2794 from guardian/dependabot/npm_and_yarn/npm-dependenci...
  • fcdecad chore(deps): bump the npm-dependencies group across 1 directory with 7 updates
  • 585d334 Merge pull request #2803 from guardian/update-aws-cdk-2.1100.3
  • 0bcd45c fix(deps): Update AWS CDK libraries to ^2.1100.3, and constructs to ^10.4.4
  • 3b10612 🦋 Release package updates (#2805)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​guardian/cdk since your current version.


Updates aws-cdk from 2.1030.0 to 2.1104.0

Release notes

Sourced from aws-cdk's releases.

aws-cdk@v2.1104.0

2.1104.0 (2026-01-28)

Features

aws-cdk@v2.1103.0

2.1103.0 (2026-01-25)

Features

Bug Fixes

  • chokidar and npm rely on outdated version of tar (#1059) (ba59816)

aws-cdk@v2.1102.0

2.1102.0 (2026-01-22)

Features

Bug Fixes

aws-cdk@v2.1101.0

2.1101.0 (2026-01-15)

Features

  • cli: cdk init supports custom project names with --project name, -n option (#1006) (29249ac)

... (truncated)

Commits
  • 203898c chore(deps-dev): bump eslint-plugin-jest and @​cdklabs/typewriter (#1096)
  • 0460def chore(deps): bump @​aws-sdk/client-ec2 from 3.953.0 to 3.977.0 (#1082)
  • ef9d2b4 chore(deps-dev): bump eslint-plugin-jsdoc from 50.8.0 to 62.4.1 (#1068)
  • 089d83c chore(deps): bump @​aws-sdk/client-lambda from 3.953.0 to 3.975.0 (#1081)
  • 706f37a feat(deps): upgrade aws-cdk-lib (#1060)
  • 2081080 chore(deps): bump @​aws-sdk/client-codebuild from 3.953.0 to 3.975.0 (#1061)
  • ba59816 fix: chokidar and npm rely on outdated version of tar (#1059)
  • 88e95b9 chore(deps): bump @​smithy/node-config-provider from 4.3.6 to 4.3.8 (#1037)
  • 4048c55 chore(deps): bump diff from 7.0.0 to 8.0.3 (#1026)
  • 892e7f2 chore(deps): bump lodash from 4.17.21 to 4.17.23 (#1054)
  • Additional commits viewable in compare view

Updates aws-cdk-lib from 2.220.0 to 2.236.0

Release notes

Sourced from aws-cdk-lib's releases.

v2.236.0

Features

Bug Fixes

  • apigatewayv2: use custom domain name instead of regional domain name when importing domain name via fromDomainNameAttributes (#36710) (fe6eb0b)
  • batch: undeprecate useOptimalInstanceClasses property (#36353) (3485d53), closes #36291 #36291
  • core: resources allocate unnecessary string tokens upon instantiation (#36692) (59d4928)
  • core: tree.json unintentionally includes telemetry metadata (#36748) (87fd86b)
  • scheduler: scheduleName returns undefined when imported from ARN (#36400) (752bd9b), closes #36361
  • recent change to IAlarmAction breaks too many implementors (#36695) (0c5b0db)

Alpha modules (2.236.0-alpha.0)

Features

  • bedrock-agentcore-alpha: added episodic memory strategy (#36591) (21dcfc6)
  • bedrock-agentcore-alpha: added gateway interceptors (#36604) (ba8aa48)
  • bedrock-agentcore-alpha: make physical name properties optional for AgentCore resources (#36354) (5137d81), closes #36341
  • mixins-preview: expose BucketPolicyStatementsMixin publicly (#36771) (458156d)
  • sagemaker: add containerStartupHealthCheckTimeoutInSeconds support for EndpointConfig (#35626) (47d707a), closes #35566

Bug Fixes

  • eks-v2-alpha: ensure kubectl provider access entry is depended upon by downstream resources (#36734) (e104f45), closes #34898 #34897

v2.235.1

Bug Fixes

  • apigatewayv2: use custom domain name instead of regional domain name when importing domain name via fromDomainNameAttributes (#36710) (29e5642)

Alpha modules (2.235.1-alpha.0)

v2.235.0

⚠ BREAKING CHANGES

  • ** L1 resources are automatically generated from public CloudFormation Resource Schemas. They are built to closely reflect the real state of CloudFormation. Sometimes these updates can contain changes that are incompatible with previous types, but more accurately reflect reality. In this release we have changed:
  • aws-ecs: AWS::ECS::CapacityProvider: ManagedInstancesNetworkConfiguration.SecurityGroups property is now required.
  • ecs: securityGroups is now required in ManagedInstancesCapacityProviderProps. CloudFormation has always required this field, so any code that omitted it would have failed at deployment time with a validation error. This change catches the error at compile time instead, improving the developer experience. If your code previously omitted securityGroups, you must now explicitly provide at least one security group.
  • aws-cdk-lib: JobQueue.computeEnvironments contains an computeEnvironment: IComputeEnvironment → IComputeEnvironmentRef. BackupPlanRule.props contains a backupVault: IBackupVault → IBackupVaultRef. ApiDestination.fromApiDestinationAttributes() return type ApiDestination → IApiDestination. This should never have returned a class but always an interface, as is the standard for referencing factories. EventDestination.bus changed IEventBus →IEventBusRef; FlowLogDestination.bind() now returns and ICluster.executeCommandConfiguration contains a member changing type ILogGroup → ILogGroupRef.
  • events: ApiDestination.fromApiDestinationAttributes() now returns an IApiDestination. It used to return an ApiDestination but this was a mistake, referencing methods always return a type by interface, not by class.EventDestination.bus used to be an IEventBus but is now an IEventBusRef; it needs to be type tested to assert it is actually an IEventBus if that is necessary.
  • logs: the return types of FlowLogDestination.bind() and ICluster.executeCommandConfiguration now contain an ILogGroupRef instead of an ILogGroup, which guarantees less. These fields are for communication between constructs, and their values should not be used by application builders. If they do, they will need to add a cast or a type check.
  • iot-actions: enableBatchConfig property is explicitly disabled by default. Even with this modification, the behavior of HttpAction remains unchanged from before, but only the Cfn template will be modified.

... (truncated)

Changelog

Sourced from aws-cdk-lib's changelog.

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

2.236.0-alpha.0 (2026-01-23)

Features

  • bedrock-agentcore-alpha: added episodic memory strategy (#36591) (21dcfc6)
  • bedrock-agentcore-alpha: added gateway interceptors (#36604) (ba8aa48)
  • bedrock-agentcore-alpha: make physical name properties optional for AgentCore resources (#36354) (5137d81), closes #36341
  • mixins-preview: expose BucketPolicyStatementsMixin publicly (#36771) (458156d)
  • sagemaker: add containerStartupHealthCheckTimeoutInSeconds support for EndpointConfig (#35626) (47d707a), closes #35566

Bug Fixes

  • eks-v2-alpha: ensure kubectl provider access entry is depended upon by downstream resources (#36734) (e104f45), closes #34898 #34897

2.235.1-alpha.0 (2026-01-19)

2.235.0-alpha.0 (2026-01-15)

⚠ BREAKING CHANGES

  • bedrock-agentcore-alpha: The User Pool Client will be replaced and new Resource Server and Domain resources will be added for existing Gateway stacks using the default Cognito authorizer.

Checklist

Bug Fixes

  • bedrock-agentcore-alpha: default Cognito User Pool for AgentCore Gateway is not set up for M2M authentication. (#36323) (5a5605a)

2.234.1-alpha.0 (2026-01-08)

2.234.0-alpha.0 (2026-01-08)

Features

  • msk-alpha: support express broker for Kafka v3.9 (#36450) (afcc953)

Bug Fixes

  • elasticache-alpha: deployment fails when serverlessCacheName or userGroupId is not specified (#36459) (b3f62f7), closes #36458
  • elasticache-alpha: security group for ServerlessCache does not use default endpoint port (#35738) (79d91ad)

... (truncated)

Commits
  • b2add3f chore: update analytics metadata blueprints
  • 867adc8 chore(deps): bump the npm_and_yarn group across 2 directories with 1 update (...
  • 9b4065c chore(mixins-preview): track mixin usage (#36743)
  • 87fd86b fix(core): tree.json unintentionally includes telemetry metadata (#36748)
  • 0fe7635 chore: yarn upgrade dependencies requiring intervention (#36747)
  • e8ad85b feat(ecs): add capacityOptionType (Spot support) to ManagedInstancesCapacityP...
  • 041cc0e chore: npm-check-updates && yarn upgrade (#36691)
  • 6380446 chore(rds): add new enum values for rds (#36730)
  • b3c858b chore(lambda): add new enum values for lambda (#36729)
  • d3b87fe chore(kms): add new enum values for kms (#36728)
  • Additional commits viewable in compare view

Updates constructs from 10.4.2 to 10.4.5

Release notes

Sourced from constructs's releases.

v10.4.5

10.4.5 (2026-01-16)

Bug Fixes

  • save memory by lazy initializing all fields (#2838) (28249f8)

v10.4.4

10.4.4 (2025-12-11)

Bug Fixes

v10.4.3

10.4.3 (2025-11-06)

Bug Fixes

Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for constructs since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot added Dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jan 28, 2026
@dependabot dependabot bot requested review from a team as code owners January 28, 2026 18:35
@dependabot dependabot bot added Dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jan 28, 2026
@github-actions
Copy link

github-actions bot commented Jan 28, 2026

Hello 👋! When you're ready to run Chromatic, please apply the run_chromatic label to this PR.

You will need to reapply the label each time you want to run Chromatic.

Click here to see the Chromatic project.

@github-actions
Copy link

github-actions bot commented Jan 28, 2026
edited
Loading

Deploy build 24359 of dotcom:rendering-all to CODE

All deployment options

From guardian/actions-riff-raff.

@dependabot
Bump the cdk group with 4 updates
c00dcae 
Bumps the cdk group with 4 updates: [@guardian/cdk](https://github.com/guardian/cdk), [aws-cdk](https://github.com/aws/aws-cdk-cli/tree/HEAD/packages/aws-cdk), [aws-cdk-lib](https://github.com/aws/aws-cdk/tree/HEAD/packages/aws-cdk-lib) and [constructs](https://github.com/aws/constructs).


Updates `@guardian/cdk` from 62.0.1 to 62.3.1
- [Release notes](https://github.com/guardian/cdk/releases)
- [Changelog](https://github.com/guardian/cdk/blob/main/CHANGELOG.md)
- [Commits](guardian/cdk@v62.0.1...v62.3.1)

Updates `aws-cdk` from 2.1030.0 to 2.1104.0
- [Release notes](https://github.com/aws/aws-cdk-cli/releases)
- [Commits](https://github.com/aws/aws-cdk-cli/commits/aws-cdk@v2.1104.0/packages/aws-cdk)

Updates `aws-cdk-lib` from 2.220.0 to 2.236.0
- [Release notes](https://github.com/aws/aws-cdk/releases)
- [Changelog](https://github.com/aws/aws-cdk/blob/main/CHANGELOG.v2.alpha.md)
- [Commits](https://github.com/aws/aws-cdk/commits/v2.236.0/packages/aws-cdk-lib)

Updates `constructs` from 10.4.2 to 10.4.5
- [Release notes](https://github.com/aws/constructs/releases)
- [Commits](aws/constructs@v10.4.2...v10.4.5)

---
updated-dependencies:
- dependency-name: "@guardian/cdk"
  dependency-version: 62.3.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: cdk
- dependency-name: aws-cdk
  dependency-version: 2.1104.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: cdk
- dependency-name: aws-cdk-lib
  dependency-version: 2.236.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: cdk
- dependency-name: constructs
  dependency-version: 10.4.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: cdk
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/cdk-b99c7aad35 branch from ff8f621 to c00dcae Compare January 29, 2026 18:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants